Update 2.1.0 on 27.1.6 makes all office files unusable...

[Dennis1993]

Describe the bug I'm using NextCloud 27.1.6 and in the app store an update for this app was offered. After the update I can't open a document. All files are shown this error:

To Reproduce Steps to reproduce the behavior:

1. Update the App to the latest version
2. Open an office file (xlsx, docx...)
3. Nothing is working anymore

Expected behavior Opens the document to edit it

Screenshots

Client details:

• OS: Windows 10
• Browser: Microsoft Edge
• Version: 121.0.2277.112

Server details

Operating system: Ubuntu 20.04

Web server: Apache 2.4.58

Database: MariaDB 10

PHP version: PHP 8.2

Nextcloud version: 27.1.6

Version of the officeonline app 2.1.0

Version of Office Online server latest

Logs

#### Nextcloud log (data/nextcloud.log) ``` {"reqId":"2cp28s7Nyin0S1XzLGLM","level":3,"time":"2024-02-16T14:02:42+00:00","remoteAddr":"XX.XX.XX.XX","user":"--","app":"PHP","method":"GET","url":"/index.php/apps/officeonline/public?shareToken=kjddET7BcZn2Lds&fileName=test.docx","message":"Undefined array key \"urlsrc\" at /var/www/html/apps/officeonline/templates/documents.php#6","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0","version":"27.1.6.2","data":{"app":"PHP"},"id":"65cfc4ewb7614"} {"reqId":"2cp28s7Nyin0S1XzLGLM","level":3,"time":"2024-02-16T14:02:42+00:00","remoteAddr":"XX.XX.XX.XX","user":"--","app":"PHP","method":"GET","url":"/index.php/apps/officeonline/public?shareToken=kjddET7BcZn2Lds&fileName=test.docx","message":"Undefined array key \"token\" at /var/www/html/apps/officeonline/templates/documents.php#5","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0","version":"27.1.6.2","data":{"app":"PHP"},"id":"65cfc4ewb7614"} ``` #### Browser log ``` Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob:". Either the 'unsafe-inline' keyword, a hash ('sha256-PB66qjjzQ+aHxDwre34rw49qQh7Nms3AfvueD2Z2Y='), or a nonce ('nonce-...') is required to enable inline execution. Proxying an event bus of version 3.1.0 with 1.1.4 POST /index.php/apps/officeonline/undefinedWOPISrc=https%3A%2F%2Fcloud.mydomain.de%2Findex.php%2Fapps%2Fofficeonline%2Fwopi%2Ffiles%2Fundefined&title=undefined&lang=de&closebutton=1&revisionhistory=1 404 (Not Found) ```

[irfancyp]

Same here

[truetonepb]

Same here! App is broken after the update 🙉

[juliushaertl]

I cannot reproduce that. Could you check your configured office server url and try to save it again to see if that makes a difference?

[irfancyp]

I already tried that. Even removed the app and reinstalled it

On Mon, Feb 19, 2024, 13:20 Julius Härtl @.***> wrote:

I cannot reproduce that. Could you check your configured office server url and try to save it again to see if that makes a difference?

— Reply to this email directly, view it on GitHub https://github.com/nextcloud/officeonline/issues/521#issuecomment-1952238518, or unsubscribe https://github.com/notifications/unsubscribe-auth/A4IOFPTHNNIN4OZ6ZVDKLLTYUMYQNAVCNFSM6AAAAABDMTUE32VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJSGIZTQNJRHA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[Dennis1993]

Same problem. The config has a green check and says all is ok. But if I try to open a file the 404 is there. I downgraded the app and now it is working. After updating again the error appears again.

in the browser log I see the undefined again: POST /index.php/apps/officeonline/undefinedWOPISrc=https%3A%2F%

[Phaere]

Same problem here Docs cannot be opened if shared by public link Docs shared to user internally opens with no problem

Downgrade to 2.0.3 resolved issue for us

[irfancyp]

Our system is

PHP

Version: 8.1.23

Memory limit: 1 GB

Max execution time: 3600

Upload max size: 10 GB

Extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, Reflection, SPL, session, standard, sodium, cgi-fcgi, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, intl, ldap, exif, mysqli, pdo_mysql, Phar, posix, readline, redis, shmop, SimpleXML, smbclient, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache

Database

Type: mysql

Version: 10.11.1

Size: 3 GB

Operating System:

Linux 5.15.0-94-generic x86_64

may be this helps you to replicate problem

and here ih. config.php

<?php

$CONFIG = array (

'passwordsalt' => 'XXX',

'secret' => 'XXX',

'trusted_domains' =>

array (

0 => 'XXX',

1 => 'XXX',

),

'datadirectory' => '/home/data',

'dbtype' => 'mysql',

'version' => '27.1.6.2',

'overwrite.cli.url' => 'https://XXX',

'dbname' => 'XXX',

'dbhost' => 'localhost',

'dbport' => '',

'dbtableprefix' => 'oc_',

'mysql.utf8mb4' => true,

'dbuser' => 'XXX',

'dbpassword' => 'XXX',

'installed' => true,

'instanceid' => 'XXX',

'activity_expire_days' => 14,

'auth.bruteforce.protection.enabled' => true,

'blacklisted_files' =>

array (

0 => '.htaccess',

1 => 'Thumbs.db',

2 => 'thumbs.db',

),

'cron_log' => true,

'default_phone_region' => 'TR',

'enable_previews' => true,

'enabledPreviewProviders' =>

array (

0 => 'OC\\Preview\\PNG',

1 => 'OC\\Preview\\JPEG',

2 => 'OC\\Preview\\GIF',

3 => 'OC\\Preview\\BMP',

4 => 'OC\\Preview\\XBitmap',

5 => 'OC\\Preview\\Movie',

6 => 'OC\\Preview\\PDF',

7 => 'OC\\Preview\\MP3',

8 => 'OC\\Preview\\TXT',

9 => 'OC\\Preview\\MarkDown',

10 => 'OC\\Preview\\Image',

11 => 'OC\Preview\HEIC',

12 => 'OC\\Preview\\TIFF',

),

'filesystem_check_changes' => 1,

'filelocking.enabled' => 'true',

'htaccess.RewriteBase' => '/',

'integrity.check.disabled' => false,

'knowledgebaseenabled' => false,

'log_rotate_size' => 104857600,

'logfile' => '/var/log/nextcloud/nextcloud.log',

'loglevel' => 2,

'logtimezone' => 'Europe/Helsinki',

'memcache.local' => '\OC\Memcache\APCu',

'memcache.locking' => '\OC\Memcache\Redis',

'overwriteprotocol' => 'https',

'preview_max_x' => 1024,

'preview_max_y' => 768,

'preview_max_scale_factor' => 1,

'redis' =>

array (

'host' => '/var/run/redis/redis-server.sock',

'port' => 0,

'timeout' => 0.0,

),

'quota_include_external_storage' => false,

'share_folder' => '/Releases',

'skeletondirectory' => '',

'trashbin_retention_obligation' => 'auto, 7',

'mail_from_address' => 'dr',

'mail_smtpdebug' => false,

'mail_smtpmode' => 'smtp',

'mail_sendmailmode' => 'smtp',

'mail_domain' => 'XXX',

'mail_smtphost' => 'XXX',

'mail_smtpport' => 'XXX',

'maintenance' => false,

'theme' => '',

'updater.release.channel' => 'stable',

'app_install_overwrite' =>

array (

0 => 'scanner',

1 => 'impersonate',    6 => 'cms_pico',

7 => 'files_downloadactivity',

),

'mail_smtpauth' => 1,

'mail_smtpname' => 'XXX',

'mail_smtppassword' => 'XXX',

'ldapProviderFactory' => 'OCA\User_LDAP\LDAPProviderFactory',

'memories.exiftool' => '/var/www/nextcloud/apps/memories/bin-ext/exiftool-amd64-glibc',

'memories.vod.path' => '/var/www/nextcloud/apps/memories/bin-ext/go-vod-amd64',

'memories.vod.ffmpeg' => '/usr/bin/ffmpeg',

'memories.vod.ffprobe' => '/usr/bin/ffprobe',

'memories.gis_type' => 1,

);

2 => 'files_archive',

3 => 'transfer',

4 => 'files_fulltextsearch',

5 => 'talk_matterbridge',

On Mon, Feb 19, 2024 at 1:53 PM Phaere @.***> wrote:

Same problem here Docs cannot be opened if shared by public link Docs shared to user internally opens with no problem

Downgrade to 2.0.3 resolved issue for us

— Reply to this email directly, view it on GitHub https://github.com/nextcloud/officeonline/issues/521#issuecomment-1952291669, or unsubscribe https://github.com/notifications/unsubscribe-auth/A4IOFPS44C4YR5VW2UEGQBTYUM4M7AVCNFSM6AAAAABDMTUE32VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJSGI4TCNRWHE . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[numenos]

Same problem, but only in edge. In firefox & chrome works great.

In edge i see this in "inspect" - "console" tab: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

[kvmalakhov]

Some problem with Edge,Opera Please fix it faster!

[Dennis1993]

You can downgrade to the old version. Uninstall and delete the app (via web interface) and manually put the old version in the apps folder. Then simply activate it via the web interface. In my 27.1.6 it’s working with this trick. Now I wait for an update.

Are you also using v27.1.6? :)

[muhyal]

It seems that the issue persists in Nextcloud version 28.0.2, and you are unable to downgrade the version of the 'officeonline' app. The problem specifically occurs with external public shares, while internal links & shares are functioning correctly.

[Orchal]

Hi,

It seems that commenting line 384 in lib/Controller/DocumentController.php, which is allowInlineScripts(true) (all by memory, sorry) concerning the "public" function removes the error. The method does not exists anymore. I did not need to comment the other similar lines but this one "helps" for the public issue.

[muhyal]

Hi,

It seems that commenting line 384 in lib/Controller/DocumentController.php, which is allowInlineScripts(true) (all by memory, sorry) concerning the "public" function removes the error. The method does not exists anymore. I did not need to comment the other similar lines but this one "helps" for the public issue.

Thank you for your support. I completely removed this part on line 384 and the problem with public links was solved 👏

$policy->allowInlineScript(true);

[Dennis1993]

@juliushaertl is that a quick and good solution for us to publish a new version quickly? :) At the moment we have a blocker and broken release

[juliushaertl]

Thanks all for reporting and providing this additional insight. I will need to check this in further depth as for Nextcloud 28 the method was actually dropped and then there seems to be an issue with edge. I have an idea how to resolve that, just needs some more testing. For now, everyone on 27 and below can just add that line back which is a reasonable fix.

For people on 28, I'll drop a message here when I have a testable patch.

Follow up release will then happen as soon as possible of course as well.

[Orchal]

Thank you very much @juliushaertl for your great work!

[juliushaertl]

I pushed a fix for this in https://github.com/nextcloud/server/pull/43778 but also a workaround for officeonline at https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba

If anyone can help testing this, that would be highly appreciated.

You can apply the patch on top of the 2.1.0 release with the following commands:

cd apps/officeonline
wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
patch -p1 < 0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch

[small1]

Tried the patch. It still doesnt work as it should.

In edge i get a 404 not found from the nextcloud instance.

[small1]

I can try some more later this afternoon. I can only reach this system by teamviewer.

[small1]

For me it is on both internal documents as well as external links

[small1]

I pushed a fix for this in nextcloud/server#43778 but also a workaround for officeonline at 0e80d36

If anyone can help testing this, that would be highly appreciated.

You can apply the patch on top of the 2.1.0 release with the following commands:

cd apps/officeonline
wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
patch -p1 < 0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch

@juliushaertl The patch and the workaround did not work on its own. But with the patch to nextcloud core it does work.

Do you think it can be added to 28.0.3 ?

[Orchal]

I pushed a fix for this in nextcloud/server#43778 but also a workaround for officeonline at 0e80d36

If anyone can help testing this, that would be highly appreciated.

You can apply the patch on top of the 2.1.0 release with the following commands:

cd apps/officeonline
wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
patch -p1 < 0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch

Hi Julius, I made the changes (but by hand, I had some fails with the patch) and hope I didn't miss anything. Here what I can tell:

• public view/edition works
• Edge view/edition works as well
• Empty docx and pptx at least cannot be edited (which was possible with just the line commented). This bug started with NC28 and might be related

It looks like pretty promising!

I also want to mention that there is another "old" allowInlineScript in lib/DirectEditing/DirectEditor.php. I used the new line but I don't know if it's a good idea and it does not solve the empy docs issue.

[small1]

@Orchal the officeonline patch should apply cleanly. The server part should work. The workaround for officeonline 0e80d36 contains a fix that deletes DirectEditor.php file.

[Orchal]

Thanks ! That might be just because DocumentController.php was not the original because I commented lines.

[Orchal]

And I don't have any issue anymore on empty docs... So as far I can tell, everything seems to work concerning this issue for me.

Edit : at least on NC 28.0.2 with officeonline 2.1.0

[irfancyp]

I have updated our system to 28.0.3 to see if problem will be resolved but still the same problem "Error 404 The page could not be found on the server."

then I have noticed that system overview says "Some files have not passed the integrity check. [List of invalid files] which returns below

[officeonline] => Array ( [INVALID_HASH] => Array ( [lib/Controller/DocumentController.php] => Array ( [expected] => aeb04d44bd8c1b37cc3fbd8f9cc2dc643f49097b8aabb20ae8cbbd4211fff62926431e7704b658306a5d5c8f9871d4af65ad6639c356c29d8e3f667faae7f356 [current] => 7cbd181a30bc3a0b78abccdfff2ff94c34cb838b7555dc85497caa7293c9b63c4b351ceea96f8d7aed83c3f2275440cfc53cc1aa59d860c2899efa429cdad315

and below one (but I am not sure if it is related with office online integration or not)

"Your webserver does not serve .mjs files using the JavaScript MIME type. This will break some apps by preventing browsers from executing the JavaScript files. You should configure your webserver to serve .mjs files with either the text/javascript or application/javascript MIME type."

Now I had to switch back to 27.1.6 where everything is working fine.

note. I have tried the office patched but nothing changed.

[Dennis1993]

I patched this file https://github.com/nextcloud/officeonline/commit/0e80d3664660c7a7e1adb5c345082bc3307bdaba in my 27.1.7 install but nothing changed. Error 404 again. :( Now I updated to 28.0.3 but the same error appears with this fix. Downgrade to 27.0.1 and old version of OfficeOnline.

[small1]

Seems like you still need the nextcloud server patch AND you need the patch for office online. There is no possibility to patch just one part. I have not tested with 28.0.3 and after checking the patch for nextcloud server itself is not in 28.0.3. So to get 28.0.3 apply the server patch and the office online patch.

[irfancyp]

how do you patch the nextcloud core? here is what I have done

cd /var/www/nextcloud/apps/officeonline wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch patch -p1 < 0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch

[Misu4]

Unfortunately, we have the same problem with our 27.1.7. Patch or downgrade to version 2.0.3 does not work. An upgrade of nextcloud to 28 is not possible, because of incompatible apps. At this time we can only use Google Chrome. (We install the nextcloud update from 27.1.5 to 27.1.7 on saturday with already installed 2.1.0. At this time it works. Unfortunately, we only noticed the bug today. Reverting to an old backup is now only possible with data loss)

[small1]

Unfortunately, we have the same problem with our 27.1.7. Patch or downgrade to version 2.0.3 does not work. An upgrade of nextcloud to 28 is not possible, because of incompatible apps. At this time we can only use Google Chrome. (We install the nextcloud update from 27.1.5 to 27.1.7 on saturday with already installed 2.1.0. At this time it works. Unfortunately, we only noticed the bug today. Reverting to an old backup is now only possible with data loss)

There might be a possibilty to check whats needed to get it to work in 27.1.7. @Misu4 What apps are keeping you from going to 28.0.3?

[Misu4]

Unfortunately, we have the same problem with our 27.1.7. Patch or downgrade to version 2.0.3 does not work. An upgrade of nextcloud to 28 is not possible, because of incompatible apps. At this time we can only use Google Chrome. (We install the nextcloud update from 27.1.5 to 27.1.7 on saturday with already installed 2.1.0. At this time it works. Unfortunately, we only noticed the bug today. Reverting to an old backup is now only possible with data loss)

There might be a possibilty to check whats needed to get it to work in 27.1.7. @Misu4 What apps are keeping you from going to 28.0.3?

We use the markdown editor, the metadata addon and the heic image converter. Important is the markdown editor.

[Dennis1993]

Is there a solution for the next NextCloud update to 28.0.4 that we can finally use again?

Unfortunately, I don't know what we're waiting for at the moment.

Thanks

[irfancyp]

I assume we are waiting for developers to have some spare time to fix the issue for the benefit of affected community =)

[robake1]

Any info on the Nextcloud core patch mentioned above ? , I want to try the fix while waiting for Nextcloud 28.0.4 to be released , also any news if the fix will be in next version of Office Online app and when that will be ?

[small1]

Any info on the Nextcloud core patch mentioned above ? , I want to try the fix while waiting for Nextcloud 28.0.4 to be released , also any news if the fix will be in next version of Office Online app and when that will be ?

https://github.com/nextcloud/server/pull/43778

https://github.com/nextcloud/officeonline/commit/0e80d3664660c7a7e1adb5c345082bc3307bdaba

cd apps/officeonline wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch patch -p1 < 0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch

You need those three @robake1

[robake1]

Any info on the Nextcloud core patch mentioned above ? , I want to try the fix while waiting for Nextcloud 28.0.4 to be released , also any news if the fix will be in next version of Office Online app and when that will be ?

nextcloud/server#43778

0e80d36

cd apps/officeonline wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch patch -p1 < 0e80d36.patch

You need those three @robake1

Thanks for the answer @small1 , will look at those . A bit new on Github to find the files for each but will try it :)

[Dennis1993]

Anyone tested this version in 28.0.4? Is it working now? Or is it needed to change the file https://github.com/nextcloud/officeonline/commit/0e80d3664660c7a7e1adb5c345082bc3307bdaba ?

[irfancyp]

I havent tried it yet but changelog says that nextcloud/server#43778 is fixed

So i assume if you do 0e80d36 by sudo nano /var/www/nextcloud/apps/officeonline/lib/Controller/DocumentController.php

and office online patch it should work by cd /var/www/nextcloud/apps/officeonline wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch patch -p1 < https://github.com/nextcloud/officeonline/commit/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch

let us know if any of you give it a try

[Dennis1993]

Short feedback: I updated my instance to 28.0.4 and without touching a file it is working. I can open and create new files 👍

[irfancyp]

Using .\update.sh to update version 28.0.4 solved our issue

[Dennis1993]

Without change any files it is working but my Log is spammed:

Exception
Call to undefined method OCP\AppFramework\Http\ContentSecurityPolicy::allowInlineScript() in file
'/var/www/nextcloud/apps/officeonline/lib/Controller/DocumentController.php' line 384

[Dennis1993]

Ok I patched the file https://github.com/nextcloud/officeonline/commit/0e80d3664660c7a7e1adb5c345082bc3307bdaba because shares not working. Now it works fine! 😍

@juliushaertl can you create a new version of this app, please? With 28.0.4 and the patched file it works fine. Thank you very much