Do not automatically try to enable index.php-less URLs (#24539)

The current logic for mod_rewrite relies on the fact that people have properly configured ownCloud, basically it reads from the `overwrite.cli.ur l` entry and then derives the `RewriteBase` from it. This usually works. However, since the ownCloud packages seem to install themselves at `/owncloud` (because subfolders are cool or so…) _a lot_ of people have just created a new Virtual Host for it or have simply symlinked the path etc. This means that `overwrite.cli.url` is wrong, which fails hard if it is used as RewriteBase since Apache does not know where it should serve files from. In the end the ownCloud instance will not be accessible anymore and users will be frustrated. Also some shared hosters like 1&1 (because using shared hosters is so awesome… ;-)) have somewhat dubious Apache configurations or use versions of mod_rewrite from the mediveal age. (because updating is money or so…) Anyhow. This makes this explicitly an opt-in configuration flag. If `htaccess.RewriteBase` is set then it will configure index.php-less URLs, if admins set that after installation and don't want to wait until the next ownCloud version they can run `occ maintenance:update:htaccess`. For ownCloud 9.0 we also have to add a repair step to make sure that instances that already have a RewriteBase configured continue to use it by copying it into the config file. That way all existing URLs stay valid. That one is not in this PR since this is unneccessary in master. Effectively this reduces another risk of breakage when updating from ownCloud 8 to ownCloud 9. Fixes https://github.com/owncloud/core/issues/24525, https://github.com/owncloud/core/issues/24426 and probably some more.
author: Lukas Reschke <lukas@statuscode.ch> 2016-05-12 09:43:26 +0200
committer: Thomas Müller <DeepDiver1975@users.noreply.github.com> 2016-05-12 09:43:26 +0200
commit: 52add798d4d814b5276e324c2e98404ff0abe020 (patch)
tree: 55af97e8245ba7584ae626d8f258697b9d99d049 /lib/private/Setup.php
parent: dd9ee10bc0699e5dcc17c3ef2181dcda01d9a69b (diff)
download: nextcloud-server-52add798d4d814b5276e324c2e98404ff0abe020.tar.gz
nextcloud-server-52add798d4d814b5276e324c2e98404ff0abe020.zip
1 files changed, 30 insertions, 20 deletions
diff --git a/lib/private/Setup.php b/lib/private/Setup.php
index 67d714188ac..d60c4663fb0 100644
--- a/lib/private/Setup.php
+++ b/lib/private/Setup.php
@@ -433,37 +433,47 @@ class Setup {
 
 		$htaccessContent = file_get_contents($setupHelper->pathToHtaccess());
 		$content = "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####\n";
-		if(strpos($htaccessContent, $content) === false) {
-			//custom 403 error page
-			$content.= "\nErrorDocument 403 ".$webRoot."/core/templates/403.php";
+		$htaccessContent = explode($content, $htaccessContent, 2)[0];
 
-			//custom 404 error page
-			$content.= "\nErrorDocument 404 ".$webRoot."/core/templates/404.php";
+		//custom 403 error page
+		$content.= "\nErrorDocument 403 ".$webRoot."/core/templates/403.php";
 
-			// ownCloud may be configured to live at the root folder without a
-			// trailing slash being specified. In this case manually set the
-			// rewrite base to `/`
-			$rewriteBase = $webRoot;
-			if($webRoot === '') {
-				$rewriteBase = '/';
-			}
+		//custom 404 error page
+		$content.= "\nErrorDocument 404 ".$webRoot."/core/templates/404.php";
 
-			// Add rewrite base
+		// Add rewrite rules if the RewriteBase is configured
+		$rewriteBase = $config->getSystemValue('htaccess.RewriteBase', '');
+		if($rewriteBase !== '') {
 			$content .= "\n<IfModule mod_rewrite.c>";
+			$content .= "\n  Options -MultiViews";
+			$content .= "\n  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]";
+			$content .= "\n  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !\\.(css|js|svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/remote.php";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/public.php";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/cron.php";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/status.php";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/updater/";
+			$content .= "\n  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/";
+			$content .= "\n  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*";
 			$content .= "\n  RewriteRule . index.php [PT,E=PATH_INFO:$1]";
-			$content .= "\n  RewriteBase ".$rewriteBase;
+			$content .= "\n  RewriteBase " . $rewriteBase;
 			$content .= "\n  <IfModule mod_env.c>";
 			$content .= "\n    SetEnv front_controller_active true";
 			$content .= "\n    <IfModule mod_dir.c>";
 			$content .= "\n      DirectorySlash off";
 			$content .= "\n    </IfModule>";
-			$content.="\n  </IfModule>";
-			$content.="\n</IfModule>";
+			$content .= "\n  </IfModule>";
+			$content .= "\n</IfModule>";
+		}
 
-			if ($content !== '') {
-				//suppress errors in case we don't have permissions for it
-				@file_put_contents($setupHelper->pathToHtaccess(), $content . "\n", FILE_APPEND);
-			}
+		if ($content !== '') {
+			//suppress errors in case we don't have permissions for it
+			@file_put_contents($setupHelper->pathToHtaccess(), $htaccessContent.$content . "\n");
 		}
 
 	}
author	Lukas Reschke <lukas@statuscode.ch>	2016-05-12 09:43:26 +0200
committer	Thomas Müller <DeepDiver1975@users.noreply.github.com>	2016-05-12 09:43:26 +0200
commit	52add798d4d814b5276e324c2e98404ff0abe020 (patch)
tree	55af97e8245ba7584ae626d8f258697b9d99d049 /lib/private/Setup.php
parent	dd9ee10bc0699e5dcc17c3ef2181dcda01d9a69b (diff)
download	nextcloud-server-52add798d4d814b5276e324c2e98404ff0abe020.tar.gz nextcloud-server-52add798d4d814b5276e324c2e98404ff0abe020.zip