}
}
- /**\r
- * @brief Public function to sanitize HTML\r
- *\r
+ /**
+ * @brief Public function to sanitize HTML
+ *
* This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
*
* @param string or array of strings
- * @return array with sanitized strings or a single sinitized string, depends on the input parameter.\r
+ * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
*/
- public static function sanitizeHTML( &$value ){\r
- if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');\r
- else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4\r
+ public static function sanitizeHTML( &$value ){
+ if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
+ else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
return $value;
}
+
+ /**
+ * Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http
+ */
+ public static function ishtaccessworking() {
+
+ // testdata
+ $filename='/htaccesstest.txt';
+ $testcontent='testcontent';
+
+ // creating a test file
+ $testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename;
+ $fp = @fopen($testfile, 'w');
+ @fwrite($fp, $testcontent);
+ @fclose($fp);
+
+ // accessing the file via http
+ $url = OC_Helper::serverProtocol(). '://' . OC_Helper::serverHost() . OC::$WEBROOT.'/data'.$filename;
+ $fp = @fopen($url, 'r');
+ $content=@fread($fp, 2048);
+ @fclose($fp);
+
+ // cleanup
+ @unlink($testfile);
+
+ // does it work ?
+ if($content==$testcontent) {
+ return(false);
+ }else{
+ return(true);
+
+ }
+
+ }
+
+
+
+
+
}
$tmpl = new OC_Template( 'settings', 'admin', 'user');
$forms=OC_App::getForms('admin');
+$htaccessworking=OC_Util::ishtaccessworking();
$entries=OC_Log_Owncloud::getEntries(3);
function compareEntries($a,$b){
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
$tmpl->assign('entries',$entries);
+$tmpl->assign('htaccessworking',$htaccessworking);
$tmpl->assign('forms',array());
foreach($forms as $form){
$tmpl->append('forms',$form);
$levels=array('Debug','Info','Warning','Error','Fatal');
?>
+<?php
+
+if(!$_['htaccessworking']) {
+?>
+<fieldset class="personalblock">
+ <legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+
+ <span class="securitywarning">Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.</span>
+
+</fieldset>
+<?php
+}
+?>
+
+
<?php foreach($_['forms'] as $form){
echo $form;
};?>
projects / nextcloud-server.git / commitdiff