Open the updater via a POST form submit instead of eval the JS code directly#12677
Merged
MorrisJobke merged 1 commit intomasterfrom Nov 28, 2018
Merged
Open the updater via a POST form submit instead of eval the JS code directly#12677MorrisJobke merged 1 commit intomasterfrom
MorrisJobke merged 1 commit intomasterfrom
Conversation
MorrisJobke
force-pushed
the
bugfix/12601/fix-csp-issue-updater
branch
from
04d0538 to
0f2a389
Compare
MorrisJobke
changed the title
…irectly Signed-off-by: Morris Jobke <hey@morrisjobke.de>
MorrisJobke
force-pushed
the
bugfix/12601/fix-csp-issue-updater
branch
from
0f2a389 to
7b90e05
Compare
Member
Author
|
/backport to stable15 |
kesselb
approved these changes
Nov 28, 2018
Contributor
kesselb
left a comment
kesselb
left a comment
There was a problem hiding this comment.
Makes sense 👍 but can't test it (dont know howto fake the updater response)
Member
Author
I used this here: diff --git a/apps/updatenotification/lib/UpdateChecker.php b/apps/updatenotification/lib/UpdateChecker.php
index 6375e21b08..3e127c3055 100644
--- a/apps/updatenotification/lib/UpdateChecker.php
+++ b/apps/updatenotification/lib/UpdateChecker.php
@@ -49,6 +49,41 @@ class UpdateChecker {
$data = $this->updater->check();
$result = [];
+ $result['updateAvailable'] = true;
+ $result['updateVersion'] = '15.0.1.3';
+ $result['updateVersionString'] = '15.0.1';
+ $result['updaterEnabled'] = true;
+ $result['versionIsEol'] = false;
+ $result['changes'] =
+ [
+ 'changelogURL' => 'https://nextcloud.com/changelog/#13-0-0',
+ 'whatsNew' => [
+ 'en' => [
+ 'regular' => [
+ 'Refined user interface',
+ 'End-to-end Encryption',
+ 'Video and Text Chat'
+ ],
+ 'admin' => [
+ 'Changes to the Nginx configuration',
+ 'Theming: CSS files were consolidated'
+ ],
+ ],
+ 'de' => [
+ 'regular' => [
+ 'Überarbeitete Benutzerschnittstelle',
+ 'Ende-zu-Ende Verschlüsselung',
+ 'Video- und Text-Chat'
+ ],
+ 'admin' => [
+ 'Änderungen an der Nginx Konfiguration',
+ 'Theming: CSS Dateien wurden konsolidiert'
+ ],
+ ],
+ ],
+ ];
+ return $result;
+
if (isset($data['version']) && $data['version'] !== '' && $data['version'] !== []) {
$result['updateAvailable'] = true;
$result['updateVersion'] = $data['version']; |
|
The backport to stable15 failed. Please do this backport manually. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As discussed with @rullzer.
Fixes #12601
This needs also an update in the updater itself and maybe we should cleanup the token in a repair step to avoid leakage of the token.