summaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2014-09-03 11:04:49 +0200
committerLukas Reschke <lukas@owncloud.com>2014-09-03 11:04:49 +0200
commit77c0adb520adcb100d2ef4fd0562330b209ee9ea (patch)
tree9bae923fa05f312c033722ad2c711cec01758ab0 /lib/private
parent50b430ee7cadd6be1520d63acdac27bc06581e09 (diff)
parentfe74b397a53b8a568c15d1ccf779bc8b0425b3c5 (diff)
downloadnextcloud-server-77c0adb520adcb100d2ef4fd0562330b209ee9ea.tar.gz
nextcloud-server-77c0adb520adcb100d2ef4fd0562330b209ee9ea.zip
Merge branch 'securityutils' of https://github.com/owncloud/core into securityutils
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/allconfig.php2
-rw-r--r--lib/private/app.php4
-rw-r--r--lib/private/appframework/dependencyinjection/dicontainer.php2
-rw-r--r--lib/private/avatar.php4
-rw-r--r--lib/private/connector/sabre/auth.php2
-rw-r--r--lib/private/defaults.php2
-rw-r--r--lib/private/group/database.php4
-rw-r--r--lib/private/installer.php6
-rw-r--r--lib/private/json.php12
-rw-r--r--lib/private/l10n/factory.php7
-rw-r--r--lib/private/ocsclient.php29
-rwxr-xr-xlib/private/request.php28
-rw-r--r--lib/private/server.php49
-rw-r--r--lib/private/setup.php2
-rw-r--r--lib/private/setup/oci.php14
-rw-r--r--lib/private/share/mailnotifications.php2
-rw-r--r--lib/private/share/share.php27
-rw-r--r--lib/private/tags.php2
-rw-r--r--lib/private/template.php29
-rw-r--r--lib/private/template/functions.php2
-rw-r--r--lib/private/templatelayout.php4
-rw-r--r--lib/private/user.php8
-rw-r--r--lib/private/user/database.php4
-rw-r--r--lib/private/user/manager.php2
-rw-r--r--lib/private/user/session.php44
-rwxr-xr-xlib/private/util.php26
26 files changed, 210 insertions, 107 deletions
diff --git a/lib/private/allconfig.php b/lib/private/allconfig.php
index eb114546010..ef8673af231 100644
--- a/lib/private/allconfig.php
+++ b/lib/private/allconfig.php
@@ -28,7 +28,7 @@ class AllConfig implements \OCP\IConfig {
*
* @param string $key the key of the value, under which it was saved
* @param mixed $default the default value to be returned if the value isn't set
- * @return string the saved value
+ * @return mixed the value or $default
*/
public function getSystemValue($key, $default = '') {
return \OCP\Config::getSystemValue($key, $default);
diff --git a/lib/private/app.php b/lib/private/app.php
index 70f8980d2c1..d10d352b432 100644
--- a/lib/private/app.php
+++ b/lib/private/app.php
@@ -359,7 +359,7 @@ class OC_App {
* entries are sorted by the key 'order' ascending.
*/
public static function getSettingsNavigation() {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
$settings = array();
// by default, settings only contain the help menu
@@ -1094,7 +1094,7 @@ class OC_App {
* @throws Exception if no app-name was specified
*/
public static function installApp($app) {
- $l = OC_L10N::get('core');
+ $l = \OC::$server->getL10N('core');
$appData=OC_OCSClient::getApplication($app);
// check if app is a shipped app or not. OCS apps have an integer as id, shipped apps use a string
diff --git a/lib/private/appframework/dependencyinjection/dicontainer.php b/lib/private/appframework/dependencyinjection/dicontainer.php
index 61a2333ecee..e7efa3fa219 100644
--- a/lib/private/appframework/dependencyinjection/dicontainer.php
+++ b/lib/private/appframework/dependencyinjection/dicontainer.php
@@ -191,7 +191,7 @@ class DIContainer extends SimpleContainer implements IAppContainer{
}
private function getUserId() {
- return \OC::$session->get('user_id');
+ return \OC::$server->getSession()->get('user_id');
}
/**
diff --git a/lib/private/avatar.php b/lib/private/avatar.php
index 2286b896878..a9d9346d50a 100644
--- a/lib/private/avatar.php
+++ b/lib/private/avatar.php
@@ -62,12 +62,12 @@ class OC_Avatar implements \OCP\IAvatar {
$type = 'jpg';
}
if ($type !== 'jpg' && $type !== 'png') {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
throw new \Exception($l->t("Unknown filetype"));
}
if (!$img->valid()) {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
throw new \Exception($l->t("Invalid image"));
}
diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php
index b1ef698583d..6e1baca9332 100644
--- a/lib/private/connector/sabre/auth.php
+++ b/lib/private/connector/sabre/auth.php
@@ -78,7 +78,7 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
$result = $this->auth($server, $realm);
// close the session - right after authentication there is not need to write to the session any more
- \OC::$session->close();
+ \OC::$server->getSession()->close();
return $result;
}
diff --git a/lib/private/defaults.php b/lib/private/defaults.php
index dfd114cd2fe..3996cc081ed 100644
--- a/lib/private/defaults.php
+++ b/lib/private/defaults.php
@@ -27,7 +27,7 @@ class OC_Defaults {
private $defaultMailHeaderColor;
function __construct() {
- $this->l = OC_L10N::get('lib');
+ $this->l = \OC::$server->getL10N('lib');
$version = OC_Util::getVersion();
$this->defaultEntity = 'ownCloud'; /* e.g. company name, used for footers and copyright notices */
diff --git a/lib/private/group/database.php b/lib/private/group/database.php
index 8d6ea1f50a5..e6a5565b20e 100644
--- a/lib/private/group/database.php
+++ b/lib/private/group/database.php
@@ -168,7 +168,7 @@ class OC_Group_Database extends OC_Group_Backend {
* Returns a list with all groups
*/
public function getGroups($search = '', $limit = null, $offset = null) {
- $stmt = OC_DB::prepare('SELECT `gid` FROM `*PREFIX*groups` WHERE `gid` LIKE ?', $limit, $offset);
+ $stmt = OC_DB::prepare('SELECT `gid` FROM `*PREFIX*groups` WHERE `gid` LIKE ? ORDER BY `gid` ASC', $limit, $offset);
$result = $stmt->execute(array('%' . $search . '%'));
$groups = array();
while ($row = $result->fetchRow()) {
@@ -200,7 +200,7 @@ class OC_Group_Database extends OC_Group_Backend {
* @return array an array of user ids
*/
public function usersInGroup($gid, $search = '', $limit = null, $offset = null) {
- $stmt = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*group_user` WHERE `gid` = ? AND `uid` LIKE ?',
+ $stmt = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*group_user` WHERE `gid` = ? AND `uid` LIKE ? ORDER BY `uid` ASC',
$limit,
$offset);
$result = $stmt->execute(array($gid, '%'.$search.'%'));
diff --git a/lib/private/installer.php b/lib/private/installer.php
index dc9a3558b75..02e2190aaf2 100644
--- a/lib/private/installer.php
+++ b/lib/private/installer.php
@@ -62,7 +62,7 @@ class OC_Installer{
* @return integer
*/
public static function installApp( $data = array()) {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
list($extractDir, $path) = self::downloadApp($data);
$info = self::checkAppsIntegrity($data, $extractDir, $path);
@@ -229,7 +229,7 @@ class OC_Installer{
* @throws Exception
*/
public static function downloadApp($data = array()) {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
if(!isset($data['source'])) {
throw new \Exception($l->t("No source specified when installing app"));
@@ -285,7 +285,7 @@ class OC_Installer{
* @throws \Exception
*/
public static function checkAppsIntegrity($data = array(), $extractDir, $path, $isShipped=false) {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
//load the info.xml file of the app
if(!is_file($extractDir.'/appinfo/info.xml')) {
//try to find it in a subdir
diff --git a/lib/private/json.php b/lib/private/json.php
index da38654997f..f2719dd2bc7 100644
--- a/lib/private/json.php
+++ b/lib/private/json.php
@@ -25,7 +25,7 @@ class OC_JSON{
*/
public static function checkAppEnabled($app) {
if( !OC_App::isEnabled($app)) {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' )));
exit();
}
@@ -36,7 +36,7 @@ class OC_JSON{
*/
public static function checkLoggedIn() {
if( !OC_User::isLoggedIn()) {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
exit();
}
@@ -47,7 +47,7 @@ class OC_JSON{
*/
public static function callCheck() {
if( !OC_Util::isCallRegistered()) {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' )));
exit();
}
@@ -58,7 +58,7 @@ class OC_JSON{
*/
public static function checkAdminUser() {
if( !OC_User::isAdminUser(OC_User::getUser())) {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
exit();
}
@@ -70,7 +70,7 @@ class OC_JSON{
*/
public static function checkUserExists($user) {
if (!OCP\User::userExists($user)) {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
OCP\JSON::error(array('data' => array('message' => $l->t('Unknown user'), 'error' => 'unknown_user' )));
exit;
}
@@ -83,7 +83,7 @@ class OC_JSON{
*/
public static function checkSubAdminUser() {
if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
exit();
}
diff --git a/lib/private/l10n/factory.php b/lib/private/l10n/factory.php
index d0c3799b9c2..fcc3f3e3394 100644
--- a/lib/private/l10n/factory.php
+++ b/lib/private/l10n/factory.php
@@ -20,12 +20,15 @@ class Factory {
/**
* get an L10N instance
+ *
* @param string $app
* @param string|null $lang
* @return \OC_L10N
*/
- public function get($app) {
- if (!isset($this->instances[$app])) {
+ public function get($app, $lang = null) {
+ if (!is_null($lang)) {
+ return new \OC_L10N($app, $lang);
+ } else if (!isset($this->instances[$app])) {
$this->instances[$app] = new \OC_L10N($app);
}
return $this->instances[$app];
diff --git a/lib/private/ocsclient.php b/lib/private/ocsclient.php
index e4cce6b2260..dc147dea0c9 100644
--- a/lib/private/ocsclient.php
+++ b/lib/private/ocsclient.php
@@ -29,6 +29,18 @@
class OC_OCSClient{
/**
+ * Returns whether the AppStore is enabled (i.e. because the AppStore is disabled for EE)
+ * @return bool
+ */
+ protected static function isAppstoreEnabled() {
+ if(OC::$server->getConfig()->getSystemValue('appstoreenabled', true) === false OR OC_Util::getEditionString() !== '') {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Get the url of the OCS AppStore server.
* @return string of the AppStore server
*
@@ -36,16 +48,9 @@ class OC_OCSClient{
* to set it in the config file or it will fallback to the default
*/
private static function getAppStoreURL() {
- if(OC_Util::getEditionString()===''){
- $default='https://api.owncloud.com/v1';
- }else{
- $default='';
- }
- $url = OC_Config::getValue('appstoreurl', $default);
- return($url);
+ return OC::$server->getConfig()->getSystemValue('appstoreurl', 'https://api.owncloud.com/v1');
}
-
/**
* Get the content of an OCS url call.
* @return string of the response
@@ -64,7 +69,7 @@ class OC_OCSClient{
* This function returns a list of all the application categories on the OCS server
*/
public static function getCategories() {
- if(OC_Config::getValue('appstoreenabled', true)==false) {
+ if(!self::isAppstoreEnabled()) {
return null;
}
$url=OC_OCSClient::getAppStoreURL().'/content/categories';
@@ -100,7 +105,7 @@ class OC_OCSClient{
* @param string $filter
*/
public static function getApplications($categories, $page, $filter) {
- if(OC_Config::getValue('appstoreenabled', true)==false) {
+ if(!self::isAppstoreEnabled()) {
return(array());
}
@@ -155,7 +160,7 @@ class OC_OCSClient{
* This function returns an applications from the OCS server
*/
public static function getApplication($id) {
- if(OC_Config::getValue('appstoreenabled', true)==false) {
+ if(!self::isAppstoreEnabled()) {
return null;
}
$url=OC_OCSClient::getAppStoreURL().'/content/data/'.urlencode($id);
@@ -203,7 +208,7 @@ class OC_OCSClient{
* @param integer $item
*/
public static function getApplicationDownload($id, $item) {
- if(OC_Config::getValue('appstoreenabled', true)==false) {
+ if(!self::isAppstoreEnabled()) {
return null;
}
$url=OC_OCSClient::getAppStoreURL().'/content/download/'.urlencode($id).'/'.urlencode($item);
diff --git a/lib/private/request.php b/lib/private/request.php
index 5fd5b3a7197..b063c1f5967 100755
--- a/lib/private/request.php
+++ b/lib/private/request.php
@@ -16,6 +16,34 @@ class OC_Request {
const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/';
/**
+ * Returns the remote address, if the connection came from a trusted proxy and `forwarded_for_headers` has been configured
+ * then the IP address specified in this header will be returned instead.
+ * Do always use this instead of $_SERVER['REMOTE_ADDR']
+ * @return string IP address
+ */
+ public static function getRemoteAddress() {
+ $remoteAddress = $_SERVER['REMOTE_ADDR'];
+ $trustedProxies = \OC::$server->getConfig()->getSystemValue('trusted_proxies', array());
+
+ if(is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) {
+ $forwardedForHeaders = \OC::$server->getConfig()->getSystemValue('forwarded_for_headers', array());
+
+ foreach($forwardedForHeaders as $header) {
+ if (array_key_exists($header, $_SERVER) === true) {
+ foreach (explode(',', $_SERVER[$header]) as $IP) {
+ $IP = trim($IP);
+ if (filter_var($IP, FILTER_VALIDATE_IP) !== false) {
+ return $IP;
+ }
+ }
+ }
+ }
+ }
+
+ return $remoteAddress;
+ }
+
+ /**
* Check overwrite condition
* @param string $type
* @return bool
diff --git a/lib/private/server.php b/lib/private/server.php
index d67517f13e2..f533d270a95 100644
--- a/lib/private/server.php
+++ b/lib/private/server.php
@@ -12,6 +12,7 @@ use OC\Files\View;
use OC\Security\Crypto;
use OC\Security\SecureRandom;
use OCP\IServerContainer;
+use OCP\ISession;
/**
* Class Server
@@ -33,8 +34,8 @@ class Server extends SimpleContainer implements IServerContainer {
$urlParams = array();
}
- if (\OC::$session->exists('requesttoken')) {
- $requestToken = \OC::$session->get('requesttoken');
+ if (\OC::$server->getSession()->exists('requesttoken')) {
+ $requestToken = \OC::$server->getSession()->get('requesttoken');
} else {
$requestToken = false;
}
@@ -102,7 +103,7 @@ class Server extends SimpleContainer implements IServerContainer {
* @var \OC\User\Manager $manager
*/
$manager = $c->query('UserManager');
- $userSession = new \OC\User\Session($manager, \OC::$session);
+ $userSession = new \OC\User\Session($manager, new \OC\Session\Memory(''));
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
});
@@ -270,14 +271,18 @@ class Server extends SimpleContainer implements IServerContainer {
/**
* Returns a view to ownCloud's files folder
*
+ * @param string $userId user ID
* @return \OCP\Files\Folder
*/
- function getUserFolder() {
- $user = $this->getUserSession()->getUser();
- if (!$user) {
- return null;
+ function getUserFolder($userId = null) {
+ if($userId === null) {
+ $user = $this->getUserSession()->getUser();
+ if (!$user) {
+ return null;
+ }
+ $userId = $user->getUID();
}
- $dir = '/' . $user->getUID();
+ $dir = '/' . $userId;
$root = $this->getRootFolder();
$folder = null;
@@ -336,6 +341,20 @@ class Server extends SimpleContainer implements IServerContainer {
}
/**
+ * @return \OCP\ISession
+ */
+ function getSession() {
+ return $this->query('UserSession')->getSession();
+ }
+
+ /**
+ * @param \OCP\ISession $session
+ */
+ function setSession(\OCP\ISession $session) {
+ return $this->query('UserSession')->setSession($session);
+ }
+
+ /**
* @return \OC\NavigationManager
*/
function getNavigationManager() {
@@ -362,10 +381,11 @@ class Server extends SimpleContainer implements IServerContainer {
* get an L10N instance
*
* @param string $app appid
+ * @param string $lang
* @return \OC_L10N
*/
- function getL10N($app) {
- return $this->query('L10NFactory')->get($app);
+ function getL10N($app, $lang = null) {
+ return $this->query('L10NFactory')->get($app, $lang);
}
/**
@@ -403,15 +423,6 @@ class Server extends SimpleContainer implements IServerContainer {
/**
* Returns the current session
*
- * @return \OCP\ISession
- */
- function getSession() {
- return \OC::$session;
- }
-
- /**
- * Returns the current session
- *
* @return \OCP\IDBConnection
*/
function getDatabaseConnection() {
diff --git a/lib/private/setup.php b/lib/private/setup.php
index 9ea1690b6d9..7ea4c1bcd26 100644
--- a/lib/private/setup.php
+++ b/lib/private/setup.php
@@ -15,7 +15,7 @@ class OC_Setup {
);
public static function getTrans(){
- return OC_L10N::get('lib');
+ return \OC::$server->getL10N('lib');
}
public static function install($options) {
diff --git a/lib/private/setup/oci.php b/lib/private/setup/oci.php
index 24863b9e38a..23b5232438a 100644
--- a/lib/private/setup/oci.php
+++ b/lib/private/setup/oci.php
@@ -14,9 +14,23 @@ class OCI extends AbstractDatabase {
} else {
$this->dbtablespace = 'USERS';
}
+ // allow empty hostname for oracle
+ $this->dbhost = $config['dbhost'];
+ \OC_Config::setValue('dbhost', $this->dbhost);
\OC_Config::setValue('dbtablespace', $this->dbtablespace);
}
+ public function validate($config) {
+ $errors = array();
+ if(empty($config['dbuser'])) {
+ $errors[] = $this->trans->t("%s enter the database username.", array($this->dbprettyname));
+ }
+ if(empty($config['dbname'])) {
+ $errors[] = $this->trans->t("%s enter the database name.", array($this->dbprettyname));
+ }
+ return $errors;
+ }
+
public function setupDatabase($username) {
$e_host = addslashes($this->dbhost);
$e_dbname = addslashes($this->dbname);
diff --git a/lib/private/share/mailnotifications.php b/lib/private/share/mailnotifications.php
index 1f4645eed9f..4a92503bdd3 100644
--- a/lib/private/share/mailnotifications.php
+++ b/lib/private/share/mailnotifications.php
@@ -52,7 +52,7 @@ class MailNotifications {
* @param string $sender user id (if nothing is set we use the currently logged-in user)
*/
public function __construct($sender = null) {
- $this->l = \OC_L10N::get('core');
+ $this->l = \OC::$server->getL10N('core');
$this->senderId = $sender;
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 4bf6622c561..e2e9b94125e 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -479,7 +479,7 @@ class Share extends \OC\Share\Constants {
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) {
$uidOwner = \OC_User::getUser();
$shareWithinGroupOnly = self::shareWithGroupMembersOnly();
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
if (is_null($itemSourceName)) {
$itemSourceName = $itemSource;
@@ -719,23 +719,24 @@ class Share extends \OC\Share\Constants {
/**
* Unshare an item shared with the current user
* @param string $itemType
- * @param string $itemTarget
+ * @param string $itemOrigin Item target or source
+ * @param boolean $originIsSource true if $itemOrigin is the source, false if $itemOrigin is the target (optional)
* @return boolean true on success or false on failure
*
* Unsharing from self is not allowed for items inside collections
*/
- public static function unshareFromSelf($itemType, $itemTarget) {
-
+ public static function unshareFromSelf($itemType, $itemOrigin, $originIsSource = false) {
+ $originType = ($originIsSource) ? 'source' : 'target';
$uid = \OCP\User::getUser();
if ($itemType === 'file' || $itemType === 'folder') {
- $statement = 'SELECT * FROM `*PREFIX*share` WHERE `item_type` = ? and `file_target` = ?';
+ $statement = 'SELECT * FROM `*PREFIX*share` WHERE `item_type` = ? and `file_' . $originType . '` = ?';
} else {
- $statement = 'SELECT * FROM `*PREFIX*share` WHERE `item_type` = ? and `item_target` = ?';
+ $statement = 'SELECT * FROM `*PREFIX*share` WHERE `item_type` = ? and `item_' . $originType . '` = ?';
}
$query = \OCP\DB::prepare($statement);
- $result = $query->execute(array($itemType, $itemTarget));
+ $result = $query->execute(array($itemType, $itemOrigin));
$shares = $result->fetchAll();
@@ -848,7 +849,7 @@ class Share extends \OC\Share\Constants {
* @return boolean true on success or false on failure
*/
public static function setPermissions($itemType, $itemSource, $shareType, $shareWith, $permissions) {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
if ($item = self::getItems($itemType, $itemSource, $shareType, $shareWith,
\OC_User::getUser(), self::FORMAT_NONE, null, 1, false)) {
// Check if this item is a reshare and verify that the permissions
@@ -937,7 +938,7 @@ class Share extends \OC\Share\Constants {
* @throws \Exception
*/
private static function validateExpireDate($expireDate, $shareTime, $itemType, $itemSource) {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
$date = new \DateTime($expireDate);
$today = new \DateTime('now');
@@ -1082,7 +1083,7 @@ class Share extends \OC\Share\Constants {
* @return \OCP\Share_Backend
*/
public static function getBackend($itemType) {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
if (isset(self::$backends[$itemType])) {
return self::$backends[$itemType];
} else if (isset(self::$backendTypes[$itemType]['class'])) {
@@ -1515,7 +1516,7 @@ class Share extends \OC\Share\Constants {
private static function put($itemType, $itemSource, $shareType, $shareWith, $uidOwner,
$permissions, $parentFolder = null, $token = null, $itemSourceName = null, \DateTime $expirationDate = null) {
$backend = self::getBackend($itemType);
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
// Check if this is a reshare
if ($checkReshare = self::getItemSharedWithBySource($itemType, $itemSource, self::FORMAT_NONE, null, true)) {
@@ -1854,8 +1855,8 @@ class Share extends \OC\Share\Constants {
return true;
}
- if ( \OC::$session->exists('public_link_authenticated')
- && \OC::$session->get('public_link_authenticated') === $linkItem['id'] ) {
+ if ( \OC::$server->getSession()->exists('public_link_authenticated')
+ && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id'] ) {
return true;
}
diff --git a/lib/private/tags.php b/lib/private/tags.php
index 0b62caf2dd8..0e58789ecd5 100644
--- a/lib/private/tags.php
+++ b/lib/private/tags.php
@@ -178,7 +178,7 @@ class Tags implements \OCP\ITags {
}
if($tagId === false) {
- $l10n = \OC_L10N::get('core');
+ $l10n = \OC::$server->getL10N('core');
throw new \Exception(
$l10n->t('Could not find category "%s"', $tag)
);
diff --git a/lib/private/template.php b/lib/private/template.php
index eaa58b769d7..d95943a714c 100644
--- a/lib/private/template.php
+++ b/lib/private/template.php
@@ -29,7 +29,7 @@ require_once __DIR__.'/template/functions.php';
class OC_Template extends \OC\Template\Base {
private $renderas; // Create a full page?
private $path; // The path to the template
- private $headers=array(); //custom headers
+ private $headers = array(); //custom headers
protected $app; // app id
/**
@@ -37,6 +37,7 @@ class OC_Template extends \OC\Template\Base {
* @param string $app app providing the template
* @param string $name of the template file (without suffix)
* @param string $renderas = ""; produce a full page
+ * @param bool $registerCall = true
* @return OC_Template object
*
* This function creates an OC_Template object.
@@ -45,17 +46,17 @@ class OC_Template extends \OC\Template\Base {
* according layout. For now, renderas can be set to "guest", "user" or
* "admin".
*/
- public function __construct( $app, $name, $renderas = "" ) {
+ public function __construct( $app, $name, $renderas = "", $registerCall = true ) {
// Read the selected theme from the config file
$theme = OC_Util::getTheme();
// Read the detected formfactor and use the right file name.
$fext = self::getFormFactorExtension();
- $requesttoken = OC::$session ? OC_Util::callRegister() : '';
+ $requesttoken = (OC::$server->getSession() and $registerCall) ? OC_Util::callRegister() : '';
$parts = explode('/', $app); // fix translation when app is something like core/lostpassword
- $l10n = OC_L10N::get($parts[0]);
+ $l10n = \OC::$server->getL10N($parts[0]);
$themeDefaults = new OC_Defaults();
list($path, $template) = $this->findTemplate($theme, $app, $name, $fext);
@@ -101,20 +102,20 @@ class OC_Template extends \OC\Template\Base {
*/
static public function getFormFactorExtension()
{
- if (!\OC::$session) {
+ if (!\OC::$server->getSession()) {
return '';
}
// if the formfactor is not yet autodetected do the
// autodetection now. For possible formfactors check the
// detectFormfactor documentation
- if (!\OC::$session->exists('formfactor')) {
- \OC::$session->set('formfactor', self::detectFormfactor());
+ if (!\OC::$server->getSession()->exists('formfactor')) {
+ \OC::$server->getSession()->set('formfactor', self::detectFormfactor());
}
// allow manual override via GET parameter
if(isset($_GET['formfactor'])) {
- \OC::$session->set('formfactor', $_GET['formfactor']);
+ \OC::$server->getSession()->set('formfactor', $_GET['formfactor']);
}
- $formfactor = \OC::$session->get('formfactor');
+ $formfactor = \OC::$server->getSession()->get('formfactor');
if($formfactor==='default') {
$fext='';
}elseif($formfactor==='mobile') {
@@ -253,7 +254,7 @@ class OC_Template extends \OC\Template\Base {
* Warning: All data passed to $hint needs to get sanitized using OC_Util::sanitizeHTML
*/
public static function printErrorPage( $error_msg, $hint = '' ) {
- $content = new OC_Template( '', 'error', 'error' );
+ $content = new \OC_Template( '', 'error', 'error', false );
$errors = array(array('error' => $error_msg, 'hint' => $hint));
$content->assign( 'errors', $errors );
$content->printPage();
@@ -272,19 +273,19 @@ class OC_Template extends \OC\Template\Base {
if (defined('DEBUG') and DEBUG) {
$hint = $exception->getTraceAsString();
if (!empty($hint)) {
- $hint = '<pre>'.$hint.'</pre>';
+ $hint = '<pre>'.OC_Util::sanitizeHTML($hint).'</pre>';
}
while (method_exists($exception, 'previous') && $exception = $exception->previous()) {
$error_msg .= '<br/>Caused by:' . ' ';
if ($exception->getCode()) {
- $error_msg .= '['.$exception->getCode().'] ';
+ $error_msg .= '['.OC_Util::sanitizeHTML($exception->getCode()).'] ';
}
- $error_msg .= $exception->getMessage();
+ $error_msg .= OC_Util::sanitizeHTML($exception->getMessage());
};
} else {
$hint = '';
if ($exception instanceof \OC\HintException) {
- $hint = $exception->getHint();
+ $hint = OC_Util::sanitizeHTML($exception->getHint());
}
}
self::printErrorPage($error_msg, $hint);
diff --git a/lib/private/template/functions.php b/lib/private/template/functions.php
index 46e48274001..3cbf0d9748f 100644
--- a/lib/private/template/functions.php
+++ b/lib/private/template/functions.php
@@ -117,7 +117,7 @@ function strip_time($timestamp){
* @return OC_L10N_String timestamp
*/
function relative_modified_date($timestamp, $fromTime = null, $dateOnly = false) {
- $l=OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
if (!isset($fromTime) || $fromTime === null){
$fromTime = time();
}
diff --git a/lib/private/templatelayout.php b/lib/private/templatelayout.php
index a5dd9a0c614..b9a97186945 100644
--- a/lib/private/templatelayout.php
+++ b/lib/private/templatelayout.php
@@ -59,7 +59,9 @@ class OC_TemplateLayout extends OC_Template {
$this->assign( 'user_uid', OC_User::getUser() );
$this->assign( 'appsmanagement_active', strpos(OC_Request::requestUri(), OC_Helper::linkToRoute('settings_apps')) === 0 );
$this->assign('enableAvatars', \OC_Config::getValue('enable_avatars', true));
- } else if ($renderas == 'guest' || $renderas == 'error') {
+ } else if ($renderas == 'error') {
+ parent::__construct('core', 'layout.guest', '', false);
+ } else if ($renderas == 'guest') {
parent::__construct('core', 'layout.guest');
} else {
parent::__construct('core', 'layout.base');
diff --git a/lib/private/user.php b/lib/private/user.php
index cdef4d8fe65..c9b1522f85a 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -300,7 +300,7 @@ class OC_User {
* Sets user id for session and triggers emit
*/
public static function setUserId($uid) {
- OC::$session->set('user_id', $uid);
+ \OC::$server->getSession()->set('user_id', $uid);
}
/**
@@ -337,8 +337,8 @@ class OC_User {
* Checks if the user is logged in
*/
public static function isLoggedIn() {
- if (\OC::$session->get('user_id') !== null && self::$incognitoMode === false) {
- return self::userExists(\OC::$session->get('user_id'));
+ if (\OC::$server->getSession()->get('user_id') !== null && self::$incognitoMode === false) {
+ return self::userExists(\OC::$server->getSession()->get('user_id'));
}
return false;
}
@@ -386,7 +386,7 @@ class OC_User {
* @return string uid or false
*/
public static function getUser() {
- $uid = OC::$session ? OC::$session->get('user_id') : null;
+ $uid = \OC::$server->getSession() ? \OC::$server->getSession()->get('user_id') : null;
if (!is_null($uid) && self::$incognitoMode === false) {
return $uid;
} else {
diff --git a/lib/private/user/database.php b/lib/private/user/database.php
index e9844f0f79c..3a76adbe763 100644
--- a/lib/private/user/database.php
+++ b/lib/private/user/database.php
@@ -157,7 +157,7 @@ class OC_User_Database extends OC_User_Backend {
$displayNames = array();
$query = OC_DB::prepare('SELECT `uid`, `displayname` FROM `*PREFIX*users`'
. ' WHERE LOWER(`displayname`) LIKE LOWER(?) OR '
- . 'LOWER(`uid`) LIKE LOWER(?)', $limit, $offset);
+ . 'LOWER(`uid`) LIKE LOWER(?) ORDER BY `uid` ASC', $limit, $offset);
$result = $query->execute(array('%' . $search . '%', '%' . $search . '%'));
$users = array();
while ($row = $result->fetchRow()) {
@@ -231,7 +231,7 @@ class OC_User_Database extends OC_User_Backend {
* Get a list of all users.
*/
public function getUsers($search = '', $limit = null, $offset = null) {
- $query = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*users` WHERE LOWER(`uid`) LIKE LOWER(?)', $limit, $offset);
+ $query = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*users` WHERE LOWER(`uid`) LIKE LOWER(?) ORDER BY `uid` ASC', $limit, $offset);
$result = $query->execute(array('%' . $search . '%'));
$users = array();
while ($row = $result->fetchRow()) {
diff --git a/lib/private/user/manager.php b/lib/private/user/manager.php
index a54755e71c5..5c155c27aba 100644
--- a/lib/private/user/manager.php
+++ b/lib/private/user/manager.php
@@ -237,7 +237,7 @@ class Manager extends PublicEmitter implements IUserManager {
* @return bool|\OC\User\User the created user of false
*/
public function createUser($uid, $password) {
- $l = \OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
// Check the name for bad characters
// Allowed are: "a-z", "A-Z", "0-9" and "_.@-"
if (preg_match('/[^a-zA-Z0-9 _\.@\-]/', $uid)) {
diff --git a/lib/private/user/session.php b/lib/private/user/session.php
index 6abf8fb80d2..11938db5076 100644
--- a/lib/private/user/session.php
+++ b/lib/private/user/session.php
@@ -47,10 +47,10 @@ class Session implements IUserSession, Emitter {
protected $activeUser;
/**
- * @param \OC\User\Manager $manager
- * @param \OC\Session\Session $session
+ * @param \OCP\IUserManager $manager
+ * @param \OCP\ISession $session
*/
- public function __construct($manager, $session) {
+ public function __construct(\OCP\IUserManager $manager, \OCP\ISession $session) {
$this->manager = $manager;
$this->session = $session;
}
@@ -83,6 +83,44 @@ class Session implements IUserSession, Emitter {
}
/**
+ * get the session object
+ *
+ * @return \OCP\ISession
+ */
+ public function getSession() {
+ // fetch the deprecated \OC::$session if it changed for backwards compatibility
+ if (isset(\OC::$session) && \OC::$session !== $this->session) {
+ \OC::$server->getLogger()->warning(
+ 'One of your installed apps still seems to use the deprecated '.
+ '\OC::$session and has replaced it with a new instance. Please file a bug against it.'.
+ 'Closing and replacing session in UserSession instance.'
+ );
+ $this->setSession(\OC::$session);
+ }
+ return $this->session;
+ }
+
+ /**
+ * set the session object
+ *
+ * @param \OCP\ISession $session
+ */
+ public function setSession(\OCP\ISession $session) {
+ if ($this->session instanceof \OCP\ISession) {
+ $this->session->close();
+ }
+ $this->session = $session;
+
+ // maintain deprecated \OC::$session
+ if (\OC::$session !== $this->session) {
+ if (\OC::$session instanceof \OCP\ISession) {
+ \OC::$session->close();
+ }
+ \OC::$session = $session;
+ }
+ }
+
+ /**
* set the currently active user
*
* @param \OC\User\User|null $user
diff --git a/lib/private/util.php b/lib/private/util.php
index b2a9aecb5d0..8fae5189ca2 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -384,15 +384,15 @@ class OC_Util {
* @return string timestamp
* @description adjust to clients timezone if we know it
*/
- public static function formatDate($timestamp, $dateOnly = false) {
- if (\OC::$session->exists('timezone')) {
+ public static function formatDate( $timestamp, $dateOnly = false) {
+ if(\OC::$server->getSession()->exists('timezone')) {
$systemTimeZone = intval(date('O'));
$systemTimeZone = (round($systemTimeZone / 100, 0) * 60) + ($systemTimeZone % 100);
- $clientTimeZone = \OC::$session->get('timezone') * 60;
+ $clientTimeZone = \OC::$server->getSession()->get('timezone') * 60;
$offset = $clientTimeZone - $systemTimeZone;
$timestamp = $timestamp + $offset * 60;
}
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
return $l->l($dateOnly ? 'date' : 'datetime', $timestamp);
}
@@ -402,7 +402,7 @@ class OC_Util {
* @return array arrays with error messages and hints
*/
public static function checkServer() {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
$errors = array();
$CONFIG_DATADIRECTORY = OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data');
@@ -412,7 +412,7 @@ class OC_Util {
}
// Assume that if checkServer() succeeded before in this session, then all is fine.
- if (\OC::$session->exists('checkServer_succeeded') && \OC::$session->get('checkServer_succeeded')) {
+ if (\OC::$server->getSession()->exists('checkServer_succeeded') && \OC::$server->getSession()->get('checkServer_succeeded')) {
return $errors;
}
@@ -615,7 +615,7 @@ class OC_Util {
$errors = array_merge($errors, self::checkDatabaseVersion());
// Cache the result of this function
- \OC::$session->set('checkServer_succeeded', count($errors) == 0);
+ \OC::$server->getSession()->set('checkServer_succeeded', count($errors) == 0);
return $errors;
}
@@ -626,7 +626,7 @@ class OC_Util {
* @return array errors array
*/
public static function checkDatabaseVersion() {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
$errors = array();
$dbType = \OC_Config::getValue('dbtype', 'sqlite');
if ($dbType === 'pgsql') {
@@ -707,7 +707,7 @@ class OC_Util {
* @return array arrays with error messages and hints
*/
public static function checkDataDirectoryPermissions($dataDirectory) {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
$errors = array();
if (self::runningOnWindows()) {
//TODO: permissions checks for windows hosts
@@ -738,7 +738,7 @@ class OC_Util {
* @return bool true if the data directory is valid, false otherwise
*/
public static function checkDataDirectoryValidity($dataDirectory) {
- $l = OC_L10N::get('lib');
+ $l = \OC::$server->getL10N('lib');
$errors = array();
if (!file_exists($dataDirectory . '/.ocdata')) {
$errors[] = array(
@@ -938,13 +938,13 @@ class OC_Util {
*/
public static function callRegister() {
// Check if a token exists
- if (!\OC::$session->exists('requesttoken')) {
+ if (!\OC::$server->getSession()->exists('requesttoken')) {
// No valid token found, generate a new one.
$requestToken = self::generateRandomBytes(20);
- \OC::$session->set('requesttoken', $requestToken);
+ \OC::$server->getSession()->set('requesttoken', $requestToken);
} else {
// Valid token already exists, send it
- $requestToken = \OC::$session->get('requesttoken');
+ $requestToken = \OC::$server->getSession()->get('requesttoken');
}
return ($requestToken);
}