147 scan on update via events #160
Conversation
with this option set to true, you always got all the available php core functions as suggestion when doing -> on an object
|
In my test, this catched both, the client upload and the ui upload |
|
Did a test with compose ---
services:
nextcloud:
image: nextcloud:30.0
container_name: nextcloud
restart: unless-stopped
networks:
- cloud
depends_on:
- nextclouddb
- redis
ports:
- 8081:80
volumes:
- ./custom_apps:/var/www/html/custom_apps
- ./apps:/var/www/html/apps
- ./html:/var/www/html
- ./config:/var/www/html/config
- ./data:/var/www/html/data
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=dbpassword
- MYSQL_HOST=nextclouddb
- REDIS_HOST=redis
nextclouddb:
image: mariadb
container_name: nextcloud-db
restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
networks:
- cloud
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- MYSQL_RANDOM_ROOT_PASSWORD=true
- MYSQL_PASSWORD=dbpassword
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
collabora:
image: collabora/code
container_name: collabora
restart: unless-stopped
networks:
- cloud
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- password=password
- username=nextcloud
- domain=example.com
- extra_params=--o:ssl.enable=true
ports:
- 9980:9980
redis:
image: redis:alpine
container_name: redis
volumes:
- ./redis:/data
networks:
- cloud
nginx-proxy:
image: 'jc21/nginx-proxy-manager:latest'
container_name: nginx-proxy
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
cloud:
name: cloud
driver: bridgeresulting in this when uploading
|
|
The HintException is used because that one of two ecxeptions that are not catched by the hook/event-system. Instead they get rethrown and cause the upload to fail. |
|
It also blocks for sync-clients
|
|
I will start implementing the virus scan tomorrow. |
|
The order of the relevant events is
But the behavior is still a bit weird from the users perspective because the UI upload (and the client too) do retries. So when you throw the exception there it will not immediately stop the upload. In the UI it just looks, like the upload takes forever before it is actually declined. This is basically the code-part where the events are emitted: |
|
It retries 4 times. |
|
This might be a better method. It hooks into the WebDav-Server. But will have to test if this also affects the inline editor/creator. https://github.com/nextcloud/files_downloadlimit/blob/master/lib/AppInfo/Application.php#L34C1-L35C1 |
|
The BeforeNodeCreateEvent will also not be emitted, when you update an existing file, like reupload the same file, so we have to listen on the BeforeNodeWrittenEvent. |
|
With the Sabre Plugin we can also return a proper error message.
|
|
Also shown in sync clients.
|
…error message is shown #TODO implement the virus check #TODO remove the FileEventsListener
|
This solution also does not work for files created with the inline editor. But it does work for overwriting a file. |
#TODO: remove the Sabre Server-Plugin stuff.
|
Ok. Last update for today. You can basically do the same thing without a plugin within the eventlistener. And with that you can also block editor files from beeing created. But without a specific error message, at least without any further investigation about that. I guess it would be better to not scan the file on beforeCreation beacuse its completely empty there.
@lennartdohmann I would like to work that out together with you on monday. On our dev-machine, there is already a version which deletes the Server-Plugin stuff and the AvirWrapper. |
|
@unglaublicherdude With the |
|
So still WIP |
…istener and dont sendErrorResponse on upload fail
…ed on app configuration
This reverts commit aa5a7c7d50eb503342b387616e757e2b6d807019.
|
The "add some more files to ignore" commit with ID 523a58e has broken the settings page but only the UI. Changing settings via CLI tools still works so the app also still functions and behaves normal. iterator_to_array(
Finder::create()->files()->in(__DIR__.'/templates'),
false,
),Not ignoring the templates folder leads to an insertion of a namespace like this:
I will fix this with an auxiliary revert and try to keep as much as I can from the ignored files. |
This reverts commit 0e00803.
| if ($this->acceptHtml()) { | ||
| $templateName = 'exception'; | ||
| $renderAs = 'guest'; | ||
| $templateName = '425'; |
There was a problem hiding this comment.
Magic number? Also overrides previously set $templateName
| if (str_ends_with($subparts[0], '/html')) { | ||
| return true; |
There was a problem hiding this comment.
Please match text/html exactly, there's no other MIME type ending with /html and even if there is one in the future, it would probably be something else entirely.
|
|
||
| private function sendErrorResponse(Exception $ex): void { | ||
| $this->server->httpResponse->setBody($this->generateBody($ex)); | ||
| $this->server->httpResponse->setStatus(415); |
There was a problem hiding this comment.
IIRC, we had to use this response code for client compatibility reasons, right?
weird because I tested that. The code you mention there is the one that should lead to ignoring the templates (all of them) , because it basically generates an array with all the files of the templates folder. Better solution, than to ignore the templates file by file. |
No description provided.