This also fixes a couple of warnings at places (out of order init for
instance) and a potential bug in the webflow credentials / qtkeychain
integration.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
The E2E application allows creating unencrypted subdirectories
in an encrypted parent. This is a big privacy problem.
This patch shows a red broken lock icon for these subdirectories
in the NC client UI.
Signed-off-by: Ivan Čukić <ivan.cukic@kde.org>
Due to usage of early-returns, combined with malloc/free,
several buffers that get allocated are leaked when an error
occurs.
Several functions had potential leaks:
- `encryptStringSymmetric` leaked `ctext`
- `EncryptionHelper::fileDecryption` leaked `out`
- `EncryptionHelper::fileEncryption` leaked `out`
Most of the functions had leaks of the cypher context.
This patch uses `QByteArray` as the handler for the dynamically
allocated buffers for openssl to operate on. This also removes
the need for conversions from malloc'd buffers to `QByteArray`
variables previously present in the code.
It also introduces a `CypherCtx` thin wrapper class to provide
a leak-free handling of `EVP_CIPHER_CTX`.
In owncloudsetupnocredspage.ui, the URL input field leUrl has a
placeholder text saying "https://..." which is a very useful hint
for the user. However, in the OwncloudSetupPage constructor, the
placeholer text is overwritten by the return string of the theme's
wizardUrlHint() method. The NextcloudTheme class does not override
this virtual method, so an empty string is used.
To make available the "https://..." hint, it is moved from the
UI file to NextcloudTheme::wizardUrlHint(). Note that, if a
theme is used which does not allow a custom server URL, the
placeholder text is now empty. This makes sense because the
input field is disabled in that case.
Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
In case of denormalized paths in the dav href (presence of . or .. in
the path) simple string startsWith comparison wasn't enough to know if
said href ended up in the right namespace. That's why we're now using
QUrl (pretending local file since we don't have a full URL in the href)
to normalize the path before comparison.
This could happen with broken proxies for instance where we would
wrongly validate the dav information resulting in potentially surprising
syncing and name collisions.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
The message handler globally installed by the logger silently drop
messages if the logger is not logging. On top of it, it doesn't log
debug messages by default.
Anything not logged is currently silently discarded. This can come as a
surprise to a developer trying to contribute for the first time and
adding some debug message for some reason.
We're thus trying to strike a middle ground which is that debug messages
get a regular output if the logger isn't interested in them.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
- Application name, version number, OS
Example: Nextcloud Desktop Client
Version 2.6.4 (macOS)
- Keep previous version info in new method Theme::aboutDetails()
Signed-off-by: Michael Schuster <michael@schuster.ms>
So that user may continue to use http2 on their webpage
Signed-off-by: XNG <Milokita@users.noreply.github.com>
(cherry picked from commit dad95d4e46)
Signed-off-by: Michael Schuster <michael@schuster.ms>
- Fetch in ConnectionValidator::slotCapabilitiesRecieved
- Add editors to a list made of the new DirectEditor class
TODO:
- Add support for re-fetch and continously check for changes (ETag)
Signed-off-by: Michael Schuster <michael@schuster.ms>