exit(); | exit(); | ||||
} | } | ||||
// Legacy sharing links via public.php have the token in $GET['t'] | |||||
if (isset($_GET['t'])) { | if (isset($_GET['t'])) { | ||||
$token = $_GET['t']; | $token = $_GET['t']; | ||||
} | |||||
if (isset($token)) { | |||||
$linkItem = OCP\Share::getShareByToken($token, false); | $linkItem = OCP\Share::getShareByToken($token, false); | ||||
if (is_array($linkItem) && isset($linkItem['uid_owner'])) { | if (is_array($linkItem) && isset($linkItem['uid_owner'])) { | ||||
// seems to be a valid share | // seems to be a valid share |
/* Whether ownCloud should log the last successfull cron exec */ | /* Whether ownCloud should log the last successfull cron exec */ | ||||
"cron_log" => true, | "cron_log" => true, | ||||
/* | |||||
* Length of sharing tokens and the resulting links. | |||||
* This value defines how many possible sharing links there are, choosing a low value like 1 will make it easy to guess | |||||
* sharing links and will also limit the maximum number of shares. Behaviour after all tokens are used is undefined and | |||||
* may result in breakage. | |||||
* 1: Length of 4. Maximum of 65536 tokens. Links may look like this: example.com/s/1ekf | |||||
* 2: Length of 8. Maximum of 2^32 tokens. Links may look like this: example.com/s/1z141z3 | |||||
* 3: (Default) Length of 16. Maximum of 2^64 tokens. Links may look like this: example.com/s/3w5e11264sgsf | |||||
* 4: (Old default, but base36) Length of 32. Maximum of 2^128 tokens. Links may look like this: example.com/s/f5lxx1zz5pnorynqglhzmsp33 | |||||
*/ | |||||
"sharing_token_length" => 3, | |||||
/* | /* | ||||
* Configure the size in bytes log rotation should happen, 0 or false disables the rotation. | * Configure the size in bytes log rotation should happen, 0 or false disables the rotation. | ||||
* This rotates the current owncloud logfile to a new name, this way the total log usage | * This rotates the current owncloud logfile to a new name, this way the total log usage |
(!empty($_POST['expirationDate']) ? new \DateTime($_POST['expirationDate']) : null) | (!empty($_POST['expirationDate']) ? new \DateTime($_POST['expirationDate']) : null) | ||||
); | ); | ||||
$token = base_convert($token, 16, 36); | |||||
if (is_string($token)) { | if (is_string($token)) { | ||||
OC_JSON::success(array('data' => array('token' => $token))); | OC_JSON::success(array('data' => array('token' => $token))); | ||||
} else { | } else { |
url = '/' + url; | url = '/' + url; | ||||
} | } | ||||
// TODO save somewhere whether the webserver is able to skip the index.php to have shorter links (e.g. for sharing) | |||||
return OC.webroot + '/index.php' + _build(url, params); | return OC.webroot + '/index.php' + _build(url, params); | ||||
}, | }, | ||||
// TODO: use oc webroot ? | // TODO: use oc webroot ? | ||||
var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service=files&'+type+'='+encodeURIComponent(file); | var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service=files&'+type+'='+encodeURIComponent(file); | ||||
} else { | } else { | ||||
// convert the token to base36 | |||||
//token = parseInt(token, 16).toString(36); | |||||
//TODO add path param when showing a link to file in a subfolder of a public link share | //TODO add path param when showing a link to file in a subfolder of a public link share | ||||
var service=''; | var service=''; | ||||
if(linkSharetype === 'folder' || linkSharetype === 'file'){ | if(linkSharetype === 'folder' || linkSharetype === 'file'){ | ||||
if (service !== 'files') { | if (service !== 'files') { | ||||
var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service='+service+'&t='+token; | var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service='+service+'&t='+token; | ||||
} else { | } else { | ||||
var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 's.php')+'?t='+token; | |||||
var link = parent.location.protocol+'//'+location.host+OC.generateUrl('/s/')+token; | |||||
} | } | ||||
} | } | ||||
$('#linkText').val(link); | $('#linkText').val(link); |
expect($('#dropdown #linkCheckbox').prop('checked')).toEqual(true); | expect($('#dropdown #linkCheckbox').prop('checked')).toEqual(true); | ||||
// this is how the OC.Share class does it... | // this is how the OC.Share class does it... | ||||
var link = parent.location.protocol + '//' + location.host + | var link = parent.location.protocol + '//' + location.host + | ||||
OC.linkTo('', 'public.php')+'?service=files&t=tehtoken'; | |||||
OC.generateUrl('/s/') + 'tehtoken'; | |||||
expect($('#dropdown #linkText').val()).toEqual(link); | expect($('#dropdown #linkText').val()).toEqual(link); | ||||
}); | }); | ||||
it('does not show populated link share when a link share exists for a different file', function() { | it('does not show populated link share when a link share exists for a different file', function() { | ||||
expect($('#dropdown #linkCheckbox').prop('checked')).toEqual(true); | expect($('#dropdown #linkCheckbox').prop('checked')).toEqual(true); | ||||
// this is how the OC.Share class does it... | // this is how the OC.Share class does it... | ||||
var link = parent.location.protocol + '//' + location.host + | var link = parent.location.protocol + '//' + location.host + | ||||
OC.linkTo('', 'public.php')+'?service=files&t=tehtoken'; | |||||
OC.generateUrl('/s/') + 'tehtoken'; | |||||
expect($('#dropdown #linkText').val()).toEqual(link); | expect($('#dropdown #linkText').val()).toEqual(link); | ||||
// nested one | // nested one | ||||
expect($('#dropdown #linkCheckbox').prop('checked')).toEqual(true); | expect($('#dropdown #linkCheckbox').prop('checked')).toEqual(true); | ||||
// this is how the OC.Share class does it... | // this is how the OC.Share class does it... | ||||
link = parent.location.protocol + '//' + location.host + | link = parent.location.protocol + '//' + location.host + | ||||
OC.linkTo('', 'public.php')+'?service=files&t=anothertoken'; | |||||
OC.generateUrl('/s/') + 'anothertoken'; | |||||
expect($('#dropdown #linkText').val()).toEqual(link); | expect($('#dropdown #linkText').val()).toEqual(link); | ||||
}); | }); | ||||
describe('expiration date', function() { | describe('expiration date', function() { |
->post() | ->post() | ||||
->action('OC\Core\Avatar\Controller', 'postCroppedAvatar'); | ->action('OC\Core\Avatar\Controller', 'postCroppedAvatar'); | ||||
// Sharing routes | |||||
$this->create('core_share_show_share', '/s/{token}') | |||||
->get() | |||||
->action('OC\Core\Share\Controller', 'showShare'); | |||||
// used for heartbeat | // used for heartbeat | ||||
$this->create('heartbeat', '/heartbeat')->action(function(){ | $this->create('heartbeat', '/heartbeat')->action(function(){ | ||||
// do nothing | // do nothing |
<?php | |||||
/** | |||||
* Copyright (c) 2014 Christopher Schäpers <christopher@schaepers.it> | |||||
* This file is licensed under the Affero General Public License version 3 or | |||||
* later. | |||||
* See the COPYING-README file. | |||||
*/ | |||||
namespace OC\Core\Share; | |||||
class Controller { | |||||
public static function showShare($args) { | |||||
\OC_Util::checkAppEnabled('files_sharing'); | |||||
$token = $args['token']; | |||||
\OC_App::loadApp('files_sharing'); | |||||
\OC_User::setIncognitoMode(true); | |||||
require_once \OC_App::getAppPath('files_sharing') .'/public.php'; | |||||
} | |||||
} | |||||
?> |
const FORMAT_STATUSES = -2; | const FORMAT_STATUSES = -2; | ||||
const FORMAT_SOURCES = -3; // ToDo Check if it is still in use otherwise remove it | const FORMAT_SOURCES = -3; // ToDo Check if it is still in use otherwise remove it | ||||
const TOKEN_LENGTH = 16; // old length is 32, thus 32 in db_structure.xml | |||||
protected static $shareTypeUserAndGroups = -1; | protected static $shareTypeUserAndGroups = -1; | ||||
protected static $shareTypeGroupUserUnique = 2; | protected static $shareTypeGroupUserUnique = 2; | ||||
protected static $backends = array(); | protected static $backends = array(); |
if (isset($oldToken)) { | if (isset($oldToken)) { | ||||
$token = $oldToken; | $token = $oldToken; | ||||
} else { | } else { | ||||
$token = \OC_Util::generateRandomBytes(self::TOKEN_LENGTH); | |||||
// Determine how long the token should be | |||||
switch (\OC_Config::getValue("sharing_token_length", 3)) { | |||||
case 1: | |||||
$tokenLength = 4; | |||||
break; | |||||
case 2: | |||||
$tokenLength = 8; | |||||
break; | |||||
// Default is 3, so skip the 3 block | |||||
case 4: | |||||
$tokenLength = 32; | |||||
break; | |||||
// Anything other than 1-4 should be default 3 | |||||
default: | |||||
$tokenLength = 16; | |||||
break; | |||||
} | |||||
$token = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate($tokenLength, | |||||
\OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_DIGITS | |||||
); | |||||
} | } | ||||
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, | $result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, | ||||
null, $token, $itemSourceName, $expirationDate); | null, $token, $itemSourceName, $expirationDate); |
\OC::$REQUESTEDAPP = $app; | \OC::$REQUESTEDAPP = $app; | ||||
OC_App::loadApps(array('authentication')); | OC_App::loadApps(array('authentication')); | ||||
OC_App::loadApps(array('filesystem', 'logging')); | OC_App::loadApps(array('filesystem', 'logging')); | ||||
print_r($_GET); | |||||
print_r($parts); | |||||
OC_Util::checkAppEnabled($app); | OC_Util::checkAppEnabled($app); | ||||
OC_App::loadApp($app); | OC_App::loadApp($app); |
<?php | |||||
try { | |||||
require_once 'lib/base.php'; | |||||
OC::checkMaintenanceMode(); | |||||
OC::checkSingleUserMode(); | |||||
$file = OCP\CONFIG::getAppValue('core', 'public_files'); | |||||
if(is_null($file)) { | |||||
header('HTTP/1.0 404 Not Found'); | |||||
exit; | |||||
} | |||||
// convert the token to hex, if it's base36 | |||||
if (strlen((string)$_GET['t']) != 16 && strlen((string)$_GET['t']) != 32) { | |||||
$_GET['t'] = base_convert($_GET['t'], 36, 16); | |||||
// the token should have leading zeroes and needs to be padded | |||||
if (strlen((string)$_GET['t']) != 16) { | |||||
$padding = ''; | |||||
for ($i = 0; $i < (16 - strlen((string)$_GET['t'])); $i++) { | |||||
$padding .= '0'; | |||||
} | |||||
$_GET['t'] = $padding . $_GET['t']; | |||||
} | |||||
} | |||||
print($_GET['t']); | |||||
OC_Util::checkAppEnabled('files_sharing'); | |||||
OC_App::loadApp('files_sharing'); | |||||
OC_User::setIncognitoMode(true); | |||||
require_once OC_App::getAppPath('files_sharing') .'/public.php'; | |||||
} catch (Exception $ex) { | |||||
//show the user a detailed error page | |||||
OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); | |||||
\OCP\Util::writeLog('remote', $ex->getMessage(), \OCP\Util::FATAL); | |||||
OC_Template::printExceptionErrorPage($ex); | |||||
} |