diff options
author | Lukas Reschke <lukas@owncloud.com> | 2014-09-03 11:04:49 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2014-09-03 11:04:49 +0200 |
commit | 77c0adb520adcb100d2ef4fd0562330b209ee9ea (patch) | |
tree | 9bae923fa05f312c033722ad2c711cec01758ab0 /lib/private | |
parent | 50b430ee7cadd6be1520d63acdac27bc06581e09 (diff) | |
parent | fe74b397a53b8a568c15d1ccf779bc8b0425b3c5 (diff) | |
download | nextcloud-server-77c0adb520adcb100d2ef4fd0562330b209ee9ea.tar.gz nextcloud-server-77c0adb520adcb100d2ef4fd0562330b209ee9ea.zip |
Merge branch 'securityutils' of https://github.com/owncloud/core into securityutils
Diffstat (limited to 'lib/private')
26 files changed, 210 insertions, 107 deletions
diff --git a/lib/private/allconfig.php b/lib/private/allconfig.php index eb114546010..ef8673af231 100644 --- a/lib/private/allconfig.php +++ b/lib/private/allconfig.php @@ -28,7 +28,7 @@ class AllConfig implements \OCP\IConfig { * * @param string $key the key of the value, under which it was saved * @param mixed $default the default value to be returned if the value isn't set - * @return string the saved value + * @return mixed the value or $default */ public function getSystemValue($key, $default = '') { return \OCP\Config::getSystemValue($key, $default); diff --git a/lib/private/app.php b/lib/private/app.php index 70f8980d2c1..d10d352b432 100644 --- a/lib/private/app.php +++ b/lib/private/app.php @@ -359,7 +359,7 @@ class OC_App { * entries are sorted by the key 'order' ascending. */ public static function getSettingsNavigation() { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); $settings = array(); // by default, settings only contain the help menu @@ -1094,7 +1094,7 @@ class OC_App { * @throws Exception if no app-name was specified */ public static function installApp($app) { - $l = OC_L10N::get('core'); + $l = \OC::$server->getL10N('core'); $appData=OC_OCSClient::getApplication($app); // check if app is a shipped app or not. OCS apps have an integer as id, shipped apps use a string diff --git a/lib/private/appframework/dependencyinjection/dicontainer.php b/lib/private/appframework/dependencyinjection/dicontainer.php index 61a2333ecee..e7efa3fa219 100644 --- a/lib/private/appframework/dependencyinjection/dicontainer.php +++ b/lib/private/appframework/dependencyinjection/dicontainer.php @@ -191,7 +191,7 @@ class DIContainer extends SimpleContainer implements IAppContainer{ } private function getUserId() { - return \OC::$session->get('user_id'); + return \OC::$server->getSession()->get('user_id'); } /** diff --git a/lib/private/avatar.php b/lib/private/avatar.php index 2286b896878..a9d9346d50a 100644 --- a/lib/private/avatar.php +++ b/lib/private/avatar.php @@ -62,12 +62,12 @@ class OC_Avatar implements \OCP\IAvatar { $type = 'jpg'; } if ($type !== 'jpg' && $type !== 'png') { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); throw new \Exception($l->t("Unknown filetype")); } if (!$img->valid()) { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); throw new \Exception($l->t("Invalid image")); } diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php index b1ef698583d..6e1baca9332 100644 --- a/lib/private/connector/sabre/auth.php +++ b/lib/private/connector/sabre/auth.php @@ -78,7 +78,7 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { $result = $this->auth($server, $realm); // close the session - right after authentication there is not need to write to the session any more - \OC::$session->close(); + \OC::$server->getSession()->close(); return $result; } diff --git a/lib/private/defaults.php b/lib/private/defaults.php index dfd114cd2fe..3996cc081ed 100644 --- a/lib/private/defaults.php +++ b/lib/private/defaults.php @@ -27,7 +27,7 @@ class OC_Defaults { private $defaultMailHeaderColor; function __construct() { - $this->l = OC_L10N::get('lib'); + $this->l = \OC::$server->getL10N('lib'); $version = OC_Util::getVersion(); $this->defaultEntity = 'ownCloud'; /* e.g. company name, used for footers and copyright notices */ diff --git a/lib/private/group/database.php b/lib/private/group/database.php index 8d6ea1f50a5..e6a5565b20e 100644 --- a/lib/private/group/database.php +++ b/lib/private/group/database.php @@ -168,7 +168,7 @@ class OC_Group_Database extends OC_Group_Backend { * Returns a list with all groups */ public function getGroups($search = '', $limit = null, $offset = null) { - $stmt = OC_DB::prepare('SELECT `gid` FROM `*PREFIX*groups` WHERE `gid` LIKE ?', $limit, $offset); + $stmt = OC_DB::prepare('SELECT `gid` FROM `*PREFIX*groups` WHERE `gid` LIKE ? ORDER BY `gid` ASC', $limit, $offset); $result = $stmt->execute(array('%' . $search . '%')); $groups = array(); while ($row = $result->fetchRow()) { @@ -200,7 +200,7 @@ class OC_Group_Database extends OC_Group_Backend { * @return array an array of user ids */ public function usersInGroup($gid, $search = '', $limit = null, $offset = null) { - $stmt = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*group_user` WHERE `gid` = ? AND `uid` LIKE ?', + $stmt = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*group_user` WHERE `gid` = ? AND `uid` LIKE ? ORDER BY `uid` ASC', $limit, $offset); $result = $stmt->execute(array($gid, '%'.$search.'%')); diff --git a/lib/private/installer.php b/lib/private/installer.php index dc9a3558b75..02e2190aaf2 100644 --- a/lib/private/installer.php +++ b/lib/private/installer.php @@ -62,7 +62,7 @@ class OC_Installer{ * @return integer */ public static function installApp( $data = array()) { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); list($extractDir, $path) = self::downloadApp($data); $info = self::checkAppsIntegrity($data, $extractDir, $path); @@ -229,7 +229,7 @@ class OC_Installer{ * @throws Exception */ public static function downloadApp($data = array()) { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); if(!isset($data['source'])) { throw new \Exception($l->t("No source specified when installing app")); @@ -285,7 +285,7 @@ class OC_Installer{ * @throws \Exception */ public static function checkAppsIntegrity($data = array(), $extractDir, $path, $isShipped=false) { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); //load the info.xml file of the app if(!is_file($extractDir.'/appinfo/info.xml')) { //try to find it in a subdir diff --git a/lib/private/json.php b/lib/private/json.php index da38654997f..f2719dd2bc7 100644 --- a/lib/private/json.php +++ b/lib/private/json.php @@ -25,7 +25,7 @@ class OC_JSON{ */ public static function checkAppEnabled($app) { if( !OC_App::isEnabled($app)) { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' ))); exit(); } @@ -36,7 +36,7 @@ class OC_JSON{ */ public static function checkLoggedIn() { if( !OC_User::isLoggedIn()) { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); exit(); } @@ -47,7 +47,7 @@ class OC_JSON{ */ public static function callCheck() { if( !OC_Util::isCallRegistered()) { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' ))); exit(); } @@ -58,7 +58,7 @@ class OC_JSON{ */ public static function checkAdminUser() { if( !OC_User::isAdminUser(OC_User::getUser())) { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); exit(); } @@ -70,7 +70,7 @@ class OC_JSON{ */ public static function checkUserExists($user) { if (!OCP\User::userExists($user)) { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); OCP\JSON::error(array('data' => array('message' => $l->t('Unknown user'), 'error' => 'unknown_user' ))); exit; } @@ -83,7 +83,7 @@ class OC_JSON{ */ public static function checkSubAdminUser() { if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); exit(); } diff --git a/lib/private/l10n/factory.php b/lib/private/l10n/factory.php index d0c3799b9c2..fcc3f3e3394 100644 --- a/lib/private/l10n/factory.php +++ b/lib/private/l10n/factory.php @@ -20,12 +20,15 @@ class Factory { /** * get an L10N instance + * * @param string $app * @param string|null $lang * @return \OC_L10N */ - public function get($app) { - if (!isset($this->instances[$app])) { + public function get($app, $lang = null) { + if (!is_null($lang)) { + return new \OC_L10N($app, $lang); + } else if (!isset($this->instances[$app])) { $this->instances[$app] = new \OC_L10N($app); } return $this->instances[$app]; diff --git a/lib/private/ocsclient.php b/lib/private/ocsclient.php index e4cce6b2260..dc147dea0c9 100644 --- a/lib/private/ocsclient.php +++ b/lib/private/ocsclient.php @@ -29,6 +29,18 @@ class OC_OCSClient{ /** + * Returns whether the AppStore is enabled (i.e. because the AppStore is disabled for EE) + * @return bool + */ + protected static function isAppstoreEnabled() { + if(OC::$server->getConfig()->getSystemValue('appstoreenabled', true) === false OR OC_Util::getEditionString() !== '') { + return false; + } + + return true; + } + + /** * Get the url of the OCS AppStore server. * @return string of the AppStore server * @@ -36,16 +48,9 @@ class OC_OCSClient{ * to set it in the config file or it will fallback to the default */ private static function getAppStoreURL() { - if(OC_Util::getEditionString()===''){ - $default='https://api.owncloud.com/v1'; - }else{ - $default=''; - } - $url = OC_Config::getValue('appstoreurl', $default); - return($url); + return OC::$server->getConfig()->getSystemValue('appstoreurl', 'https://api.owncloud.com/v1'); } - /** * Get the content of an OCS url call. * @return string of the response @@ -64,7 +69,7 @@ class OC_OCSClient{ * This function returns a list of all the application categories on the OCS server */ public static function getCategories() { - if(OC_Config::getValue('appstoreenabled', true)==false) { + if(!self::isAppstoreEnabled()) { return null; } $url=OC_OCSClient::getAppStoreURL().'/content/categories'; @@ -100,7 +105,7 @@ class OC_OCSClient{ * @param string $filter */ public static function getApplications($categories, $page, $filter) { - if(OC_Config::getValue('appstoreenabled', true)==false) { + if(!self::isAppstoreEnabled()) { return(array()); } @@ -155,7 +160,7 @@ class OC_OCSClient{ * This function returns an applications from the OCS server */ public static function getApplication($id) { - if(OC_Config::getValue('appstoreenabled', true)==false) { + if(!self::isAppstoreEnabled()) { return null; } $url=OC_OCSClient::getAppStoreURL().'/content/data/'.urlencode($id); @@ -203,7 +208,7 @@ class OC_OCSClient{ * @param integer $item */ public static function getApplicationDownload($id, $item) { - if(OC_Config::getValue('appstoreenabled', true)==false) { + if(!self::isAppstoreEnabled()) { return null; } $url=OC_OCSClient::getAppStoreURL().'/content/download/'.urlencode($id).'/'.urlencode($item); diff --git a/lib/private/request.php b/lib/private/request.php index 5fd5b3a7197..b063c1f5967 100755 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -16,6 +16,34 @@ class OC_Request { const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/'; /** + * Returns the remote address, if the connection came from a trusted proxy and `forwarded_for_headers` has been configured + * then the IP address specified in this header will be returned instead. + * Do always use this instead of $_SERVER['REMOTE_ADDR'] + * @return string IP address + */ + public static function getRemoteAddress() { + $remoteAddress = $_SERVER['REMOTE_ADDR']; + $trustedProxies = \OC::$server->getConfig()->getSystemValue('trusted_proxies', array()); + + if(is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) { + $forwardedForHeaders = \OC::$server->getConfig()->getSystemValue('forwarded_for_headers', array()); + + foreach($forwardedForHeaders as $header) { + if (array_key_exists($header, $_SERVER) === true) { + foreach (explode(',', $_SERVER[$header]) as $IP) { + $IP = trim($IP); + if (filter_var($IP, FILTER_VALIDATE_IP) !== false) { + return $IP; + } + } + } + } + } + + return $remoteAddress; + } + + /** * Check overwrite condition * @param string $type * @return bool diff --git a/lib/private/server.php b/lib/private/server.php index d67517f13e2..f533d270a95 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -12,6 +12,7 @@ use OC\Files\View; use OC\Security\Crypto; use OC\Security\SecureRandom; use OCP\IServerContainer; +use OCP\ISession; /** * Class Server @@ -33,8 +34,8 @@ class Server extends SimpleContainer implements IServerContainer { $urlParams = array(); } - if (\OC::$session->exists('requesttoken')) { - $requestToken = \OC::$session->get('requesttoken'); + if (\OC::$server->getSession()->exists('requesttoken')) { + $requestToken = \OC::$server->getSession()->get('requesttoken'); } else { $requestToken = false; } @@ -102,7 +103,7 @@ class Server extends SimpleContainer implements IServerContainer { * @var \OC\User\Manager $manager */ $manager = $c->query('UserManager'); - $userSession = new \OC\User\Session($manager, \OC::$session); + $userSession = new \OC\User\Session($manager, new \OC\Session\Memory('')); $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password)); }); @@ -270,14 +271,18 @@ class Server extends SimpleContainer implements IServerContainer { /** * Returns a view to ownCloud's files folder * + * @param string $userId user ID * @return \OCP\Files\Folder */ - function getUserFolder() { - $user = $this->getUserSession()->getUser(); - if (!$user) { - return null; + function getUserFolder($userId = null) { + if($userId === null) { + $user = $this->getUserSession()->getUser(); + if (!$user) { + return null; + } + $userId = $user->getUID(); } - $dir = '/' . $user->getUID(); + $dir = '/' . $userId; $root = $this->getRootFolder(); $folder = null; @@ -336,6 +341,20 @@ class Server extends SimpleContainer implements IServerContainer { } /** + * @return \OCP\ISession + */ + function getSession() { + return $this->query('UserSession')->getSession(); + } + + /** + * @param \OCP\ISession $session + */ + function setSession(\OCP\ISession $session) { + return $this->query('UserSession')->setSession($session); + } + + /** * @return \OC\NavigationManager */ function getNavigationManager() { @@ -362,10 +381,11 @@ class Server extends SimpleContainer implements IServerContainer { * get an L10N instance * * @param string $app appid + * @param string $lang * @return \OC_L10N */ - function getL10N($app) { - return $this->query('L10NFactory')->get($app); + function getL10N($app, $lang = null) { + return $this->query('L10NFactory')->get($app, $lang); } /** @@ -403,15 +423,6 @@ class Server extends SimpleContainer implements IServerContainer { /** * Returns the current session * - * @return \OCP\ISession - */ - function getSession() { - return \OC::$session; - } - - /** - * Returns the current session - * * @return \OCP\IDBConnection */ function getDatabaseConnection() { diff --git a/lib/private/setup.php b/lib/private/setup.php index 9ea1690b6d9..7ea4c1bcd26 100644 --- a/lib/private/setup.php +++ b/lib/private/setup.php @@ -15,7 +15,7 @@ class OC_Setup { ); public static function getTrans(){ - return OC_L10N::get('lib'); + return \OC::$server->getL10N('lib'); } public static function install($options) { diff --git a/lib/private/setup/oci.php b/lib/private/setup/oci.php index 24863b9e38a..23b5232438a 100644 --- a/lib/private/setup/oci.php +++ b/lib/private/setup/oci.php @@ -14,9 +14,23 @@ class OCI extends AbstractDatabase { } else { $this->dbtablespace = 'USERS'; } + // allow empty hostname for oracle + $this->dbhost = $config['dbhost']; + \OC_Config::setValue('dbhost', $this->dbhost); \OC_Config::setValue('dbtablespace', $this->dbtablespace); } + public function validate($config) { + $errors = array(); + if(empty($config['dbuser'])) { + $errors[] = $this->trans->t("%s enter the database username.", array($this->dbprettyname)); + } + if(empty($config['dbname'])) { + $errors[] = $this->trans->t("%s enter the database name.", array($this->dbprettyname)); + } + return $errors; + } + public function setupDatabase($username) { $e_host = addslashes($this->dbhost); $e_dbname = addslashes($this->dbname); diff --git a/lib/private/share/mailnotifications.php b/lib/private/share/mailnotifications.php index 1f4645eed9f..4a92503bdd3 100644 --- a/lib/private/share/mailnotifications.php +++ b/lib/private/share/mailnotifications.php @@ -52,7 +52,7 @@ class MailNotifications { * @param string $sender user id (if nothing is set we use the currently logged-in user) */ public function __construct($sender = null) { - $this->l = \OC_L10N::get('core'); + $this->l = \OC::$server->getL10N('core'); $this->senderId = $sender; diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 4bf6622c561..e2e9b94125e 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -479,7 +479,7 @@ class Share extends \OC\Share\Constants { public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) { $uidOwner = \OC_User::getUser(); $shareWithinGroupOnly = self::shareWithGroupMembersOnly(); - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); if (is_null($itemSourceName)) { $itemSourceName = $itemSource; @@ -719,23 +719,24 @@ class Share extends \OC\Share\Constants { /** * Unshare an item shared with the current user * @param string $itemType - * @param string $itemTarget + * @param string $itemOrigin Item target or source + * @param boolean $originIsSource true if $itemOrigin is the source, false if $itemOrigin is the target (optional) * @return boolean true on success or false on failure * * Unsharing from self is not allowed for items inside collections */ - public static function unshareFromSelf($itemType, $itemTarget) { - + public static function unshareFromSelf($itemType, $itemOrigin, $originIsSource = false) { + $originType = ($originIsSource) ? 'source' : 'target'; $uid = \OCP\User::getUser(); if ($itemType === 'file' || $itemType === 'folder') { - $statement = 'SELECT * FROM `*PREFIX*share` WHERE `item_type` = ? and `file_target` = ?'; + $statement = 'SELECT * FROM `*PREFIX*share` WHERE `item_type` = ? and `file_' . $originType . '` = ?'; } else { - $statement = 'SELECT * FROM `*PREFIX*share` WHERE `item_type` = ? and `item_target` = ?'; + $statement = 'SELECT * FROM `*PREFIX*share` WHERE `item_type` = ? and `item_' . $originType . '` = ?'; } $query = \OCP\DB::prepare($statement); - $result = $query->execute(array($itemType, $itemTarget)); + $result = $query->execute(array($itemType, $itemOrigin)); $shares = $result->fetchAll(); @@ -848,7 +849,7 @@ class Share extends \OC\Share\Constants { * @return boolean true on success or false on failure */ public static function setPermissions($itemType, $itemSource, $shareType, $shareWith, $permissions) { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); if ($item = self::getItems($itemType, $itemSource, $shareType, $shareWith, \OC_User::getUser(), self::FORMAT_NONE, null, 1, false)) { // Check if this item is a reshare and verify that the permissions @@ -937,7 +938,7 @@ class Share extends \OC\Share\Constants { * @throws \Exception */ private static function validateExpireDate($expireDate, $shareTime, $itemType, $itemSource) { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); $date = new \DateTime($expireDate); $today = new \DateTime('now'); @@ -1082,7 +1083,7 @@ class Share extends \OC\Share\Constants { * @return \OCP\Share_Backend */ public static function getBackend($itemType) { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); if (isset(self::$backends[$itemType])) { return self::$backends[$itemType]; } else if (isset(self::$backendTypes[$itemType]['class'])) { @@ -1515,7 +1516,7 @@ class Share extends \OC\Share\Constants { private static function put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, $parentFolder = null, $token = null, $itemSourceName = null, \DateTime $expirationDate = null) { $backend = self::getBackend($itemType); - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); // Check if this is a reshare if ($checkReshare = self::getItemSharedWithBySource($itemType, $itemSource, self::FORMAT_NONE, null, true)) { @@ -1854,8 +1855,8 @@ class Share extends \OC\Share\Constants { return true; } - if ( \OC::$session->exists('public_link_authenticated') - && \OC::$session->get('public_link_authenticated') === $linkItem['id'] ) { + if ( \OC::$server->getSession()->exists('public_link_authenticated') + && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id'] ) { return true; } diff --git a/lib/private/tags.php b/lib/private/tags.php index 0b62caf2dd8..0e58789ecd5 100644 --- a/lib/private/tags.php +++ b/lib/private/tags.php @@ -178,7 +178,7 @@ class Tags implements \OCP\ITags { } if($tagId === false) { - $l10n = \OC_L10N::get('core'); + $l10n = \OC::$server->getL10N('core'); throw new \Exception( $l10n->t('Could not find category "%s"', $tag) ); diff --git a/lib/private/template.php b/lib/private/template.php index eaa58b769d7..d95943a714c 100644 --- a/lib/private/template.php +++ b/lib/private/template.php @@ -29,7 +29,7 @@ require_once __DIR__.'/template/functions.php'; class OC_Template extends \OC\Template\Base { private $renderas; // Create a full page? private $path; // The path to the template - private $headers=array(); //custom headers + private $headers = array(); //custom headers protected $app; // app id /** @@ -37,6 +37,7 @@ class OC_Template extends \OC\Template\Base { * @param string $app app providing the template * @param string $name of the template file (without suffix) * @param string $renderas = ""; produce a full page + * @param bool $registerCall = true * @return OC_Template object * * This function creates an OC_Template object. @@ -45,17 +46,17 @@ class OC_Template extends \OC\Template\Base { * according layout. For now, renderas can be set to "guest", "user" or * "admin". */ - public function __construct( $app, $name, $renderas = "" ) { + public function __construct( $app, $name, $renderas = "", $registerCall = true ) { // Read the selected theme from the config file $theme = OC_Util::getTheme(); // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); - $requesttoken = OC::$session ? OC_Util::callRegister() : ''; + $requesttoken = (OC::$server->getSession() and $registerCall) ? OC_Util::callRegister() : ''; $parts = explode('/', $app); // fix translation when app is something like core/lostpassword - $l10n = OC_L10N::get($parts[0]); + $l10n = \OC::$server->getL10N($parts[0]); $themeDefaults = new OC_Defaults(); list($path, $template) = $this->findTemplate($theme, $app, $name, $fext); @@ -101,20 +102,20 @@ class OC_Template extends \OC\Template\Base { */ static public function getFormFactorExtension() { - if (!\OC::$session) { + if (!\OC::$server->getSession()) { return ''; } // if the formfactor is not yet autodetected do the // autodetection now. For possible formfactors check the // detectFormfactor documentation - if (!\OC::$session->exists('formfactor')) { - \OC::$session->set('formfactor', self::detectFormfactor()); + if (!\OC::$server->getSession()->exists('formfactor')) { + \OC::$server->getSession()->set('formfactor', self::detectFormfactor()); } // allow manual override via GET parameter if(isset($_GET['formfactor'])) { - \OC::$session->set('formfactor', $_GET['formfactor']); + \OC::$server->getSession()->set('formfactor', $_GET['formfactor']); } - $formfactor = \OC::$session->get('formfactor'); + $formfactor = \OC::$server->getSession()->get('formfactor'); if($formfactor==='default') { $fext=''; }elseif($formfactor==='mobile') { @@ -253,7 +254,7 @@ class OC_Template extends \OC\Template\Base { * Warning: All data passed to $hint needs to get sanitized using OC_Util::sanitizeHTML */ public static function printErrorPage( $error_msg, $hint = '' ) { - $content = new OC_Template( '', 'error', 'error' ); + $content = new \OC_Template( '', 'error', 'error', false ); $errors = array(array('error' => $error_msg, 'hint' => $hint)); $content->assign( 'errors', $errors ); $content->printPage(); @@ -272,19 +273,19 @@ class OC_Template extends \OC\Template\Base { if (defined('DEBUG') and DEBUG) { $hint = $exception->getTraceAsString(); if (!empty($hint)) { - $hint = '<pre>'.$hint.'</pre>'; + $hint = '<pre>'.OC_Util::sanitizeHTML($hint).'</pre>'; } while (method_exists($exception, 'previous') && $exception = $exception->previous()) { $error_msg .= '<br/>Caused by:' . ' '; if ($exception->getCode()) { - $error_msg .= '['.$exception->getCode().'] '; + $error_msg .= '['.OC_Util::sanitizeHTML($exception->getCode()).'] '; } - $error_msg .= $exception->getMessage(); + $error_msg .= OC_Util::sanitizeHTML($exception->getMessage()); }; } else { $hint = ''; if ($exception instanceof \OC\HintException) { - $hint = $exception->getHint(); + $hint = OC_Util::sanitizeHTML($exception->getHint()); } } self::printErrorPage($error_msg, $hint); diff --git a/lib/private/template/functions.php b/lib/private/template/functions.php index 46e48274001..3cbf0d9748f 100644 --- a/lib/private/template/functions.php +++ b/lib/private/template/functions.php @@ -117,7 +117,7 @@ function strip_time($timestamp){ * @return OC_L10N_String timestamp */ function relative_modified_date($timestamp, $fromTime = null, $dateOnly = false) { - $l=OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); if (!isset($fromTime) || $fromTime === null){ $fromTime = time(); } diff --git a/lib/private/templatelayout.php b/lib/private/templatelayout.php index a5dd9a0c614..b9a97186945 100644 --- a/lib/private/templatelayout.php +++ b/lib/private/templatelayout.php @@ -59,7 +59,9 @@ class OC_TemplateLayout extends OC_Template { $this->assign( 'user_uid', OC_User::getUser() ); $this->assign( 'appsmanagement_active', strpos(OC_Request::requestUri(), OC_Helper::linkToRoute('settings_apps')) === 0 ); $this->assign('enableAvatars', \OC_Config::getValue('enable_avatars', true)); - } else if ($renderas == 'guest' || $renderas == 'error') { + } else if ($renderas == 'error') { + parent::__construct('core', 'layout.guest', '', false); + } else if ($renderas == 'guest') { parent::__construct('core', 'layout.guest'); } else { parent::__construct('core', 'layout.base'); diff --git a/lib/private/user.php b/lib/private/user.php index cdef4d8fe65..c9b1522f85a 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -300,7 +300,7 @@ class OC_User { * Sets user id for session and triggers emit */ public static function setUserId($uid) { - OC::$session->set('user_id', $uid); + \OC::$server->getSession()->set('user_id', $uid); } /** @@ -337,8 +337,8 @@ class OC_User { * Checks if the user is logged in */ public static function isLoggedIn() { - if (\OC::$session->get('user_id') !== null && self::$incognitoMode === false) { - return self::userExists(\OC::$session->get('user_id')); + if (\OC::$server->getSession()->get('user_id') !== null && self::$incognitoMode === false) { + return self::userExists(\OC::$server->getSession()->get('user_id')); } return false; } @@ -386,7 +386,7 @@ class OC_User { * @return string uid or false */ public static function getUser() { - $uid = OC::$session ? OC::$session->get('user_id') : null; + $uid = \OC::$server->getSession() ? \OC::$server->getSession()->get('user_id') : null; if (!is_null($uid) && self::$incognitoMode === false) { return $uid; } else { diff --git a/lib/private/user/database.php b/lib/private/user/database.php index e9844f0f79c..3a76adbe763 100644 --- a/lib/private/user/database.php +++ b/lib/private/user/database.php @@ -157,7 +157,7 @@ class OC_User_Database extends OC_User_Backend { $displayNames = array(); $query = OC_DB::prepare('SELECT `uid`, `displayname` FROM `*PREFIX*users`' . ' WHERE LOWER(`displayname`) LIKE LOWER(?) OR ' - . 'LOWER(`uid`) LIKE LOWER(?)', $limit, $offset); + . 'LOWER(`uid`) LIKE LOWER(?) ORDER BY `uid` ASC', $limit, $offset); $result = $query->execute(array('%' . $search . '%', '%' . $search . '%')); $users = array(); while ($row = $result->fetchRow()) { @@ -231,7 +231,7 @@ class OC_User_Database extends OC_User_Backend { * Get a list of all users. */ public function getUsers($search = '', $limit = null, $offset = null) { - $query = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*users` WHERE LOWER(`uid`) LIKE LOWER(?)', $limit, $offset); + $query = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*users` WHERE LOWER(`uid`) LIKE LOWER(?) ORDER BY `uid` ASC', $limit, $offset); $result = $query->execute(array('%' . $search . '%')); $users = array(); while ($row = $result->fetchRow()) { diff --git a/lib/private/user/manager.php b/lib/private/user/manager.php index a54755e71c5..5c155c27aba 100644 --- a/lib/private/user/manager.php +++ b/lib/private/user/manager.php @@ -237,7 +237,7 @@ class Manager extends PublicEmitter implements IUserManager { * @return bool|\OC\User\User the created user of false */ public function createUser($uid, $password) { - $l = \OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); // Check the name for bad characters // Allowed are: "a-z", "A-Z", "0-9" and "_.@-" if (preg_match('/[^a-zA-Z0-9 _\.@\-]/', $uid)) { diff --git a/lib/private/user/session.php b/lib/private/user/session.php index 6abf8fb80d2..11938db5076 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -47,10 +47,10 @@ class Session implements IUserSession, Emitter { protected $activeUser; /** - * @param \OC\User\Manager $manager - * @param \OC\Session\Session $session + * @param \OCP\IUserManager $manager + * @param \OCP\ISession $session */ - public function __construct($manager, $session) { + public function __construct(\OCP\IUserManager $manager, \OCP\ISession $session) { $this->manager = $manager; $this->session = $session; } @@ -83,6 +83,44 @@ class Session implements IUserSession, Emitter { } /** + * get the session object + * + * @return \OCP\ISession + */ + public function getSession() { + // fetch the deprecated \OC::$session if it changed for backwards compatibility + if (isset(\OC::$session) && \OC::$session !== $this->session) { + \OC::$server->getLogger()->warning( + 'One of your installed apps still seems to use the deprecated '. + '\OC::$session and has replaced it with a new instance. Please file a bug against it.'. + 'Closing and replacing session in UserSession instance.' + ); + $this->setSession(\OC::$session); + } + return $this->session; + } + + /** + * set the session object + * + * @param \OCP\ISession $session + */ + public function setSession(\OCP\ISession $session) { + if ($this->session instanceof \OCP\ISession) { + $this->session->close(); + } + $this->session = $session; + + // maintain deprecated \OC::$session + if (\OC::$session !== $this->session) { + if (\OC::$session instanceof \OCP\ISession) { + \OC::$session->close(); + } + \OC::$session = $session; + } + } + + /** * set the currently active user * * @param \OC\User\User|null $user diff --git a/lib/private/util.php b/lib/private/util.php index b2a9aecb5d0..8fae5189ca2 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -384,15 +384,15 @@ class OC_Util { * @return string timestamp * @description adjust to clients timezone if we know it */ - public static function formatDate($timestamp, $dateOnly = false) { - if (\OC::$session->exists('timezone')) { + public static function formatDate( $timestamp, $dateOnly = false) { + if(\OC::$server->getSession()->exists('timezone')) { $systemTimeZone = intval(date('O')); $systemTimeZone = (round($systemTimeZone / 100, 0) * 60) + ($systemTimeZone % 100); - $clientTimeZone = \OC::$session->get('timezone') * 60; + $clientTimeZone = \OC::$server->getSession()->get('timezone') * 60; $offset = $clientTimeZone - $systemTimeZone; $timestamp = $timestamp + $offset * 60; } - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); return $l->l($dateOnly ? 'date' : 'datetime', $timestamp); } @@ -402,7 +402,7 @@ class OC_Util { * @return array arrays with error messages and hints */ public static function checkServer() { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); $errors = array(); $CONFIG_DATADIRECTORY = OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data'); @@ -412,7 +412,7 @@ class OC_Util { } // Assume that if checkServer() succeeded before in this session, then all is fine. - if (\OC::$session->exists('checkServer_succeeded') && \OC::$session->get('checkServer_succeeded')) { + if (\OC::$server->getSession()->exists('checkServer_succeeded') && \OC::$server->getSession()->get('checkServer_succeeded')) { return $errors; } @@ -615,7 +615,7 @@ class OC_Util { $errors = array_merge($errors, self::checkDatabaseVersion()); // Cache the result of this function - \OC::$session->set('checkServer_succeeded', count($errors) == 0); + \OC::$server->getSession()->set('checkServer_succeeded', count($errors) == 0); return $errors; } @@ -626,7 +626,7 @@ class OC_Util { * @return array errors array */ public static function checkDatabaseVersion() { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); $errors = array(); $dbType = \OC_Config::getValue('dbtype', 'sqlite'); if ($dbType === 'pgsql') { @@ -707,7 +707,7 @@ class OC_Util { * @return array arrays with error messages and hints */ public static function checkDataDirectoryPermissions($dataDirectory) { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); $errors = array(); if (self::runningOnWindows()) { //TODO: permissions checks for windows hosts @@ -738,7 +738,7 @@ class OC_Util { * @return bool true if the data directory is valid, false otherwise */ public static function checkDataDirectoryValidity($dataDirectory) { - $l = OC_L10N::get('lib'); + $l = \OC::$server->getL10N('lib'); $errors = array(); if (!file_exists($dataDirectory . '/.ocdata')) { $errors[] = array( @@ -938,13 +938,13 @@ class OC_Util { */ public static function callRegister() { // Check if a token exists - if (!\OC::$session->exists('requesttoken')) { + if (!\OC::$server->getSession()->exists('requesttoken')) { // No valid token found, generate a new one. $requestToken = self::generateRandomBytes(20); - \OC::$session->set('requesttoken', $requestToken); + \OC::$server->getSession()->set('requesttoken', $requestToken); } else { // Valid token already exists, send it - $requestToken = \OC::$session->get('requesttoken'); + $requestToken = \OC::$server->getSession()->get('requesttoken'); } return ($requestToken); } |