diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-02-10 13:02:48 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-16 22:13:00 +0100 |
| commit | 886bda5f81d52ba4443094e4c2fffac33c27bc4b (patch) | |
| tree | 7915861a5d11f8f45d7a279c51e6bcc827c37367 /lib/base.php | |
| parent | 7f624188a77534856ecd53ac1d303ce5358e681e (diff) | |
| download | nextcloud-server-886bda5f81d52ba4443094e4c2fffac33c27bc4b.tar.gz nextcloud-server-886bda5f81d52ba4443094e4c2fffac33c27bc4b.zip | |
Refactor OC_Request into TrustedDomainHelper and IRequest
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.
This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.
Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.
Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/lib/base.php b/lib/base.php index db758958577..51d59d130aa 100644 --- a/lib/base.php +++ b/lib/base.php @@ -100,7 +100,11 @@ class OC { OC_Config::$object = new \OC\Config(self::$configDir); OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT))); - $scriptName = OC_Request::scriptName(); + /** + * FIXME: The following line is required because of a cyclic dependency + * on IRequest. + */ + $scriptName = $_SERVER['SCRIPT_NAME']; if (substr($scriptName, -1) == '/') { $scriptName .= 'index.php'; //make sure suburi follows the same rules as scriptName @@ -230,6 +234,8 @@ class OC { } public static function checkSSL() { + $request = \OC::$server->getRequest(); + // redirect to https site if configured if (\OC::$server->getSystemConfig()->getValue('forcessl', false)) { // Default HSTS policy @@ -241,14 +247,15 @@ class OC { } header($header); ini_set('session.cookie_secure', 'on'); - if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) { - $url = 'https://' . OC_Request::serverHost() . OC_Request::requestUri(); + + if ($request->getServerProtocol() <> 'https' && !OC::$CLI) { + $url = 'https://' . $request->getServerHost() . $request->getRequestUri(); header("Location: $url"); exit(); } } else { // Invalidate HSTS headers - if (OC_Request::serverProtocol() === 'https') { + if ($request->getServerProtocol() === 'https') { header('Strict-Transport-Security: max-age=0'); } } @@ -612,18 +619,24 @@ class OC { return; } - $host = OC_Request::insecureServerHost(); - // if the host passed in headers isn't trusted + $trustedDomainHelper = new \OC\Security\TrustedDomainHelper(\OC::$server->getConfig()); + $request = \OC::$server->getRequest(); + $host = $request->getInsecureServerHost(); + /** + * if the host passed in headers isn't trusted + * FIXME: Should not be in here at all :see_no_evil: + */ if (!OC::$CLI - // overwritehost is always trusted - && OC_Request::getOverwriteHost() === null - && !OC_Request::isTrustedDomain($host) + // overwritehost is always trusted, workaround to not have to make + // \OC\AppFramework\Http\Request::getOverwriteHost public + && self::$server->getConfig()->getSystemValue('overwritehost') === '' + && !$trustedDomainHelper->isTrustedDomain($host) ) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); - $tmpl->assign('domain', $_SERVER['SERVER_NAME']); + $tmpl->assign('domain', $request->server['SERVER_NAME']); $tmpl->printPage(); exit(); @@ -720,6 +733,7 @@ class OC { * Handle the request */ public static function handleRequest() { + \OC::$server->getEventLogger()->start('handle_request', 'Handle request'); $systemConfig = \OC::$server->getSystemConfig(); // load all the classpaths from the enabled apps so they are available @@ -734,7 +748,7 @@ class OC { exit(); } - $request = OC_Request::getPathInfo(); + $request = \OC::$server->getRequest()->getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); self::checkUpgrade(); @@ -764,7 +778,7 @@ class OC { } self::checkSingleUserMode(); OC_Util::setupFS(); - OC::$server->getRouter()->match(OC_Request::getRawPathInfo()); + OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); @@ -895,7 +909,7 @@ class OC { // if return is true we are logged in -> redirect to the default page if ($return === true) { - $_REQUEST['redirect_url'] = \OC_Request::requestUri(); + $_REQUEST['redirect_url'] = \OC::$server->getRequest()->getRequestUri(); OC_Util::redirectToDefaultPage(); exit; } |