Merge branch '12.0'

frontend/package-lock.json

@@ -23,7 +23,7 @@
         "@uiw/codemirror-extensions-langs": "^4.19.4",
         "@uiw/codemirror-themes": "^4.23.5",
         "@uiw/react-codemirror": "^4.19.4",
-        "axios": "^1.7.4",
+        "axios": "^1.8.2",
         "chart.js": "4.4.7",
         "classnames": "^2.2.6",
         "codemirror": "^6.0.1",

frontend/package.json

@@ -18,7 +18,7 @@
     "@uiw/codemirror-extensions-langs": "^4.19.4",
     "@uiw/codemirror-themes": "^4.23.5",
     "@uiw/react-codemirror": "^4.19.4",
-    "axios": "^1.7.4",
+    "axios": "^1.8.2",
     "chart.js": "4.4.7",
     "classnames": "^2.2.6",
     "codemirror": "^6.0.1",

frontend/src/components/common/notice-item.js

@@ -42,13 +42,13 @@ class NoticeItem extends React.Component {
       let avatar_url = detail.group_staff_avatar_url;
       let groupStaff = detail.group_staff_name;
       // group name does not support special characters
-      let userHref = siteRoot + 'profile/' + detail.group_staff_email + '/';
+      let userHref = siteRoot + 'profile/' + encodeURIComponent(detail.group_staff_email) + '/';
       let groupHref = siteRoot + 'group/' + detail.group_id + '/';
       let groupName = detail.group_name;
       let username = detail.group_staff_name;
       let notice = gettext('User {user_link} has added you to {group_link}');
-      let userLink = '<a href=' + userHref + '>' + groupStaff + '</a>';
-      let groupLink = '<a href=' + groupHref + '>' + groupName + '</a>';
+      let userLink = '<a href=' + userHref + '>' + Utils.HTMLescape(groupStaff) + '</a>';
+      let groupLink = '<a href=' + groupHref + '>' + Utils.HTMLescape(groupName) + '</a>';
       notice = notice.replace('{user_link}', userLink);
       notice = notice.replace('{group_link}', groupLink);
       return { avatar_url, notice, username };

frontend/src/pages/dashboard/activity-item.js

@@ -90,7 +90,7 @@ class ActivityItem extends Component {
       }
     } else if (item.obj_type == 'files') {
       let fileURL = `${siteRoot}lib/${item.repo_id}/file${Utils.encodePath(item.path)}`;
-      let fileLink = `<a href=${fileURL} target="_blank">${item.name}</a>`;
+      let fileLink = `<a href=${fileURL} target="_blank">${Utils.HTMLescape(item.name)}</a>`;
       let fileCount = item.createdFilesCount - 1;
       let firstLine = gettext('{file} and {n} other files')
         .replace('{file}', fileLink)

frontend/src/pages/share-admin/folders.js

@@ -54,9 +54,10 @@ class Content extends Component {
         className={classnames('table-hover', { 'table-thead-hidden': !isDesktop })}
         headers={isDesktop ? [
           { isFixed: true, width: 40 }, // icon
-          { isFixed: false, width: 0.35, children: (<a className="d-block table-sort-op" href="#" onClick={this.sortByName}>{gettext('Name')} {sortByName && sortIcon}</a>) },
-          { isFixed: false, width: 0.3, children: gettext('Share To') },
-          { isFixed: false, width: 0.25, children: gettext('Permission') },
+          { isFixed: false, width: 0.25, children: (<a className="d-block table-sort-op" href="#" onClick={this.sortByName}>{gettext('Name')} {sortByName && sortIcon}</a>) },
+          { isFixed: false, width: 0.25, children: gettext('Library') },
+          { isFixed: false, width: 0.2, children: gettext('Share To') },
+          { isFixed: false, width: 0.2, children: gettext('Permission') },
           { isFixed: false, width: 0.1 },
         ] : [
           { isFixed: false, width: 0.12 },
@@ -196,6 +197,7 @@ class Item extends Component {
       'permission': share_permission
     });
     let folderUrl = `${siteRoot}library/${item.repo_id}/${encodeURIComponent(item.repo_name)}${Utils.encodePath(item.path)}`;
+    let repoUrl = `${siteRoot}library/${item.repo_id}/${encodeURIComponent(item.repo_name)}/`;
 
     // custom defined permission
     if (share_permission.startsWith('custom-')) {
@@ -207,6 +209,7 @@ class Item extends Component {
         <tr onMouseEnter={this.onMouseEnter} onMouseLeave={this.onMouseLeave} onFocus={this.onMouseEnter}>
           <td className="pl10 pr-2"><img src={iconUrl} title={iconTitle} alt={iconTitle} width="24" /></td>
           <td><Link to={folderUrl}>{item.folder_name}</Link></td>
+          <td><Link to={repoUrl}>{item.repo_name}</Link></td>
           <td>
             {item.share_type == 'personal' ?
               <span title={item.contact_email}>{item.user_name}</span> : item.group_name}

frontend/src/pages/sys-admin/admin-logs/operation-logs.js

@@ -138,15 +138,15 @@ class Item extends Component {
         detailText = gettext('Created library {library_name} with {owner} as its owner')
           .replace('{owner}', '<a href="' + ownerPageUrl + '">' + detail.owner + '</a>');
         if (isPro && enableSysAdminViewRepo) {
-          detailText = detailText.replace('{library_name}', '<a href="' + repoPageUrl + '">' + detail.name + '</a>');
+          detailText = detailText.replace('{library_name}', '<a href="' + repoPageUrl + '">' + Utils.HTMLescape(detail.name) + '</a>');
         } else {
-          detailText = detailText.replace('{library_name}', '<span class="font-weight-bold">' + detail.name + '</span>');
+          detailText = detailText.replace('{library_name}', '<span class="font-weight-bold">' + Utils.HTMLescape(detail.name) + '</span>');
         }
         return detailText;
 
       case 'repo_delete':
         detailText = gettext('Deleted library {library_name}')
-          .replace('{library_name}', '<span class="font-weight-bold">' + detail.name + '</span>');
+          .replace('{library_name}', '<span class="font-weight-bold">' + Utils.HTMLescape(detail.name) + '</span>');
         return detailText;
 
       case 'repo_transfer':
@@ -154,9 +154,9 @@ class Item extends Component {
           .replace('{user_from}', '<span class="font-weight-bold">' + detail.from + '</span>')
           .replace('{user_to}', '<span class="font-weight-bold">' + detail.to + '</span>');
         if (isPro && enableSysAdminViewRepo) {
-          detailText = detailText.replace('{library_name}', '<a href="' + repoPageUrl + '">' + detail.name + '</a>');
+          detailText = detailText.replace('{library_name}', '<a href="' + repoPageUrl + '">' + Utils.HTMLescape(detail.name) + '</a>');
         } else {
-          detailText = detailText.replace('{library_name}', '<span class="font-weight-bold">' + detail.name + '</span>');
+          detailText = detailText.replace('{library_name}', '<span class="font-weight-bold">' + Utils.HTMLescape(detail.name) + '</span>');
         }
         return detailText;
 

seahub/api2/views.py

@@ -41,7 +41,7 @@ from seahub.wopi.utils import get_wopi_dict
 from seahub.api2.base import APIView
 from seahub.api2.models import TokenV2, DESKTOP_PLATFORMS
 from seahub.api2.endpoints.group_owned_libraries import get_group_id_by_repo_owner
-from seahub.api2.utils import get_search_repos
+from seahub.api2.utils import get_search_repos, is_wiki_repo
 from seahub.avatar.templatetags.avatar_tags import api_avatar_url, avatar
 from seahub.avatar.templatetags.group_avatar_tags import api_grp_avatar_url, \
         grp_avatar
@@ -858,6 +858,9 @@ class Repos(APIView):
                 if r.is_virtual:
                     continue
 
+                if is_wiki_repo(r):
+                    continue
+
                 if q and q.lower() not in r.name.lower():
                     continue
 
@@ -914,6 +917,10 @@ class Repos(APIView):
 
             shared_repos.sort(key=lambda x: x.last_modify, reverse=True)
             for r in shared_repos:
+
+                if is_wiki_repo(r):
+                    continue
+
                 if q and q.lower() not in r.name.lower():
                     continue
 
@@ -979,6 +986,10 @@ class Repos(APIView):
                     nickname_dict[e] = email2nickname(e)
 
             for r in group_repos:
+
+                if is_wiki_repo(r):
+                    continue
+
                 if q and q.lower() not in r.name.lower():
                     continue
 
@@ -1024,6 +1035,10 @@ class Repos(APIView):
                     nickname_dict[e] = email2nickname(e)
 
             for r in public_repos:
+
+                if is_wiki_repo(r):
+                    continue
+
                 if q and q.lower() not in r.name.lower():
                     continue
 

seahub/views/file.py

@@ -172,7 +172,10 @@ def get_office_feature_by_repo(repo):
         repo_feature = _check_feature(repo.repo_id)
 
     if not repo_feature and '@seafile_group' not in repo_owner:
-        user = User.objects.get(email=repo_owner)
+        try:
+            user = User.objects.get(email=repo_owner)
+        except User.DoesNotExist:
+            return ENABLE_ONLYOFFICE, ENABLE_OFFICE_WEB_APP
         role = get_user_role(user)
         repo_feature = ROLES_DEFAULT_OFFCICE_SUITE.get(role)
 

thirdpart/shibboleth/backends.py

@@ -12,6 +12,8 @@ from registration.models import (
 logger = logging.getLogger(__name__)
 
 SHIBBOLETH_PROVIDER_IDENTIFIER = getattr(settings, 'SHIBBOLETH_PROVIDER_IDENTIFIER', 'shibboleth')
+LDAP_PROVIDER = getattr(settings, 'LDAP_PROVIDER', 'ldap')
+SSO_LDAP_USE_SAME_UID = getattr(settings, 'SSO_LDAP_USE_SAME_UID', False)
 
 
 class ShibbolethRemoteUserBackend(RemoteUserBackend):
@@ -52,6 +54,11 @@ class ShibbolethRemoteUserBackend(RemoteUserBackend):
 
         remote_user = self.clean_username(remote_user)
         shib_user = SocialAuthUser.objects.get_by_provider_and_uid(SHIBBOLETH_PROVIDER_IDENTIFIER, remote_user)
+        if not shib_user and SSO_LDAP_USE_SAME_UID:
+            shib_user = SocialAuthUser.objects.get_by_provider_and_uid(LDAP_PROVIDER, remote_user)
+            if shib_user:
+                SocialAuthUser.objects.add(shib_user.username, SHIBBOLETH_PROVIDER_IDENTIFIER, remote_user)
+
         if shib_user:
             try:
                 user = User.objects.get(email=shib_user.username)