hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2025-07-04 17:16:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hoellen:version-24
Branches Tags
hoellen:master hoellen:version-30 hoellen:version-29 hoellen:version-28 hoellen:version-27 hoellen:version-26 hoellen:version-25 hoellen:version-24 hoellen:version-23 hoellen:version-22
...
compare: hoellen:06d89226c50d7ba48636e463344ffab596ce3881
Branches Tags
hoellen:master hoellen:version-30 hoellen:version-29 hoellen:version-28 hoellen:version-27 hoellen:version-26 hoellen:version-25 hoellen:version-24 hoellen:version-23 hoellen:version-22

2 Commits
version-24 ... 06d89226c5

Author SHA1 Message Date
hoellen
06d89226c5 Whitelist PHP functions for Nextcloud 25 2022-10-19 13:06:53 +02:00
hoellen
d009280681 Update Nextcloud to 25.0.0 2022-10-19 13:05:57 +02:00
2 changed files with 7 additions and 5 deletions
Expand all files Collapse all files

6
Dockerfile
View File

@ -1,5 +1,5 @@
# -------------- Build-time variables --------------
ARG NEXTCLOUD_VERSION=24.0.6
ARG NEXTCLOUD_VERSION=25.0.0
ARG PHP_VERSION=8.1
ARG NGINX_VERSION=1.22
@ -10,8 +10,8 @@ ARG SNUFFLEUPAGUS_VERSION=0.8.3
ARG UID=1000
ARG GID=1000
# nextcloud-24.0.6.tar.bz2
ARG SHA256_SUM="b26dff9980a47e7e722805fdbbf87e07f59a3817b03ecc32698e028e9baf0301"
# nextcloud-25.0.0.tar.bz2
ARG SHA256_SUM="2c05ac9d7b72b44ef8b3d2ae03ff0fd6121e254b8054556f5163bd8760dd8f49"
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"

6
rootfs/usr/local/etc/php/snuffleupagus/nextcloud-php8.rules
View File

@ -34,16 +34,18 @@ sp.sloppy_comparison.enable();
# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
sp.cookie.name("PHPSESSID").samesite("lax");
# Nextcloud whitelist (tested with Nextcloud 24.0.0)
# Nextcloud whitelist (tested with Nextcloud 25.0.0)
sp.disable_function.function("function_exists").param("function").value("proc_open").filename("/nextcloud/3rdparty/symfony/console/Terminal.php").allow();
sp.disable_function.function("function_exists").param("function").value("exec").filename("/nextcloud/lib/private/legacy/OC_Helper.php").allow();
sp.disable_function.function("function_exists").param("function").value("exec").filename("/nextcloud/lib/public/Util.php").allow();
sp.disable_function.function("proc_open").filename("/nextcloud/3rdparty/symfony/console/Terminal.php").allow();
sp.disable_function.function("ini_set").param("option").value_r("display_errors").filename("/nextcloud/lib/base.php").allow();
sp.disable_function.function("ini_get").param("option").value("open_basedir").filename("/nextcloud/3rdparty/bantu/ini-get-wrapper/src/IniGetWrapper.php").allow();
sp.disable_function.function("function_exists").param("function").value("exec").filename("/nextcloud/lib/private/legacy/OC_Helper.php").allow();
sp.disable_function.function("ini_get").param("option").value_r("suhosin").filename("/nextcloud/3rdparty/bantu/ini-get-wrapper/src/IniGetWrapper.php").allow();
sp.disable_function.function("ini_get").param("option").value("open_basedir").filename("/nextcloud/apps2/twofactor_webauthn/vendor/symfony/process/ExecutableFinder.php").allow();
sp.disable_function.function("ini_get").param("option").value("open_basedir").filename("/nextcloud/3rdparty/symfony/process/ExecutableFinder.php").allow();
sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").filename("/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php").allow();
sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow();
# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
sp.disable_function.function("chmod").param("permissions").value("438").drop();