summaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2016-07-07 12:03:34 +0200
committerMorris Jobke <hey@morrisjobke.de>2016-07-07 12:03:34 +0200
commit11e834ea74243518b4057f0f5f7cafe6f2761530 (patch)
treef500a6e459a61e9fcaa33114948803a61b4da7b2 /lib/private
parent64a15191e4397da9712d4d17675993a9acdab31e (diff)
parente5645a94ecf6a9e037c8475cb085f14b656b71ac (diff)
downloadnextcloud-server-11e834ea74243518b4057f0f5f7cafe6f2761530.tar.gz
nextcloud-server-11e834ea74243518b4057f0f5f7cafe6f2761530.zip
Merge branch 'stable9' into sync-stable9
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/app.php2
-rw-r--r--lib/private/appframework/http/request.php42
-rw-r--r--lib/private/appframework/middleware/security/exceptions/strictcookiemissingexception.php36
-rw-r--r--lib/private/appframework/middleware/security/securitymiddleware.php11
-rw-r--r--lib/private/console/application.php6
-rw-r--r--lib/private/defaults.php22
-rw-r--r--lib/private/encryption/exceptions/encryptionheaderkeyexistsexception.php2
-rw-r--r--lib/private/eventsource.php4
-rw-r--r--lib/private/http/client/client.php2
-rw-r--r--lib/private/httphelper.php2
-rw-r--r--lib/private/installer.php2
-rw-r--r--lib/private/integritycheck/checker.php11
-rw-r--r--lib/private/json.php5
-rw-r--r--lib/private/ocsclient.php2
-rw-r--r--lib/private/repair.php3
-rw-r--r--lib/private/repair/dropoldtables.php1
-rw-r--r--lib/private/repair/movechanneltosystemconfig.php51
-rw-r--r--lib/private/server.php24
-rw-r--r--lib/private/setup.php2
-rw-r--r--lib/private/share20/manager.php40
-rw-r--r--lib/private/systemtag/systemtagmanager.php5
-rw-r--r--lib/private/template.php2
-rw-r--r--lib/private/updater.php2
-rw-r--r--lib/private/user/database.php9
-rw-r--r--lib/private/util.php11
25 files changed, 248 insertions, 51 deletions
diff --git a/lib/private/app.php b/lib/private/app.php
index 5d0909de2a5..76f650a146b 100644
--- a/lib/private/app.php
+++ b/lib/private/app.php
@@ -1104,7 +1104,7 @@ class OC_App {
$version = \OCP\Util::getVersion();
if (!self::isAppCompatible($version, $info)) {
throw new \Exception(
- $l->t('App "%s" cannot be installed because it is not compatible with this version of ownCloud.',
+ $l->t('App "%s" cannot be installed because it is not compatible with this version of Nextcloud.',
array($info['name'])
)
);
diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index bdd40ef1573..1ab52fb3ca1 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -448,6 +448,10 @@ class Request implements \ArrayAccess, \Countable, IRequest {
return false;
}
+ if(!$this->passesStrictCookieCheck()) {
+ return false;
+ }
+
if (isset($this->items['get']['requesttoken'])) {
$token = $this->items['get']['requesttoken'];
} elseif (isset($this->items['post']['requesttoken'])) {
@@ -464,6 +468,44 @@ class Request implements \ArrayAccess, \Countable, IRequest {
}
/**
+ * Checks if the strict cookie has been sent with the request if the request
+ * is including any cookies.
+ *
+ * @return bool
+ * @since 9.1.0
+ */
+ public function passesStrictCookieCheck() {
+ if(count($this->cookies) === 0) {
+ return true;
+ }
+ if($this->getCookie('nc_sameSiteCookiestrict') === 'true'
+ && $this->passesLaxCookieCheck()) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Checks if the lax cookie has been sent with the request if the request
+ * is including any cookies.
+ *
+ * @return bool
+ * @since 9.1.0
+ */
+ public function passesLaxCookieCheck() {
+ if(count($this->cookies) === 0) {
+ return true;
+ }
+
+ if($this->getCookie('nc_sameSiteCookielax') === 'true') {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
* Returns an ID for the request, value is not guaranteed to be unique and is mostly meant for logging
* If `mod_unique_id` is installed this value will be taken.
* @return string
diff --git a/lib/private/appframework/middleware/security/exceptions/strictcookiemissingexception.php b/lib/private/appframework/middleware/security/exceptions/strictcookiemissingexception.php
new file mode 100644
index 00000000000..c45cc400d72
--- /dev/null
+++ b/lib/private/appframework/middleware/security/exceptions/strictcookiemissingexception.php
@@ -0,0 +1,36 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Appframework\Middleware\Security\Exceptions;
+
+use OCP\AppFramework\Http;
+
+/**
+ * Class StrictCookieMissingException is thrown when the strict cookie has not
+ * been sent with the request but is required.
+ *
+ * @package OC\Appframework\Middleware\Security\Exceptions
+ */
+class StrictCookieMissingException extends SecurityException {
+ public function __construct() {
+ parent::__construct('Strict Cookie has not been found in request.', Http::STATUS_PRECONDITION_FAILED);
+ }
+}
diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php
index f3bc06217cd..fe67aca9b2b 100644
--- a/lib/private/appframework/middleware/security/securitymiddleware.php
+++ b/lib/private/appframework/middleware/security/securitymiddleware.php
@@ -30,6 +30,7 @@ use OC\Appframework\Middleware\Security\Exceptions\AppNotEnabledException;
use OC\Appframework\Middleware\Security\Exceptions\CrossSiteRequestForgeryException;
use OC\Appframework\Middleware\Security\Exceptions\NotAdminException;
use OC\Appframework\Middleware\Security\Exceptions\NotLoggedInException;
+use OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\CSP\ContentSecurityPolicyManager;
use OCP\AppFramework\Http\ContentSecurityPolicy;
@@ -132,6 +133,13 @@ class SecurityMiddleware extends Middleware {
}
}
+ // Check for strict cookie requirement
+ if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
+ if(!$this->request->passesStrictCookieCheck()) {
+ throw new StrictCookieMissingException();
+ }
+ }
+
// CSRF check - also registers the CSRF token since the session may be closed later
Util::callRegister();
if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
@@ -184,6 +192,9 @@ class SecurityMiddleware extends Middleware {
*/
public function afterException($controller, $methodName, \Exception $exception) {
if($exception instanceof SecurityException) {
+ if($exception instanceof StrictCookieMissingException) {
+ return new RedirectResponse(\OC::$WEBROOT);
+ }
if (stripos($this->request->getHeader('Accept'),'html') === false) {
$response = new JSONResponse(
diff --git a/lib/private/console/application.php b/lib/private/console/application.php
index 7a8ec49c65b..ffb0224bdc7 100644
--- a/lib/private/console/application.php
+++ b/lib/private/console/application.php
@@ -87,10 +87,10 @@ class Application {
require_once __DIR__ . '/../../../core/register_command.php';
if ($this->config->getSystemValue('installed', false)) {
if (\OCP\Util::needUpgrade()) {
- $output->writeln("ownCloud or one of the apps require upgrade - only a limited number of commands are available");
+ $output->writeln("Nextcloud or one of the apps require upgrade - only a limited number of commands are available");
$output->writeln("You may use your browser or the occ upgrade command to do the upgrade");
} elseif ($this->config->getSystemValue('maintenance', false)) {
- $output->writeln("ownCloud is in maintenance mode - no app have been loaded");
+ $output->writeln("Nextcloud is in maintenance mode - no app have been loaded");
} else {
OC_App::loadApps();
foreach (\OC::$server->getAppManager()->getInstalledApps() as $app) {
@@ -106,7 +106,7 @@ class Application {
}
}
} else {
- $output->writeln("ownCloud is not installed - only a limited number of commands are available");
+ $output->writeln("Nextcloud is not installed - only a limited number of commands are available");
}
$input = new ArgvInput();
if ($input->getFirstArgument() !== 'check') {
diff --git a/lib/private/defaults.php b/lib/private/defaults.php
index 43e8c8082cc..fae2a44152d 100644
--- a/lib/private/defaults.php
+++ b/lib/private/defaults.php
@@ -51,19 +51,19 @@ class OC_Defaults {
$this->l = \OC::$server->getL10N('lib');
$version = \OCP\Util::getVersion();
- $this->defaultEntity = 'ownCloud'; /* e.g. company name, used for footers and copyright notices */
- $this->defaultName = 'ownCloud'; /* short name, used when referring to the software */
- $this->defaultTitle = 'ownCloud'; /* can be a longer name, for titles */
- $this->defaultBaseUrl = 'https://owncloud.org';
- $this->defaultSyncClientUrl = 'https://owncloud.org/sync-clients/';
- $this->defaultiOSClientUrl = 'https://itunes.apple.com/us/app/owncloud/id543672169?mt=8';
- $this->defaultiTunesAppId = '543672169';
- $this->defaultAndroidClientUrl = 'https://play.google.com/store/apps/details?id=com.owncloud.android';
- $this->defaultDocBaseUrl = 'https://doc.owncloud.org';
+ $this->defaultEntity = 'Nextcloud'; /* e.g. company name, used for footers and copyright notices */
+ $this->defaultName = 'Nextcloud'; /* short name, used when referring to the software */
+ $this->defaultTitle = 'Nextcloud'; /* can be a longer name, for titles */
+ $this->defaultBaseUrl = 'https://nextcloud.com';
+ $this->defaultSyncClientUrl = 'https://nextcloud.com/install';
+ $this->defaultiOSClientUrl = 'https://itunes.apple.com/us/app/nextcloud/id1125420102?mt=8';
+ $this->defaultiTunesAppId = '1125420102';
+ $this->defaultAndroidClientUrl = 'https://play.google.com/store/apps/details?id=com.nextcloud.client';
+ $this->defaultDocBaseUrl = 'https://docs.nextcloud.org';
$this->defaultDocVersion = $version[0] . '.' . $version[1]; // used to generate doc links
- $this->defaultSlogan = $this->l->t('web services under your control');
+ $this->defaultSlogan = $this->l->t('a safe home for all your data');
$this->defaultLogoClaim = '';
- $this->defaultMailHeaderColor = '#1d2d44'; /* header color of mail notifications */
+ $this->defaultMailHeaderColor = '#0082c9'; /* header color of mail notifications */
$themePath = OC::$SERVERROOT . '/themes/' . OC_Util::getTheme() . '/defaults.php';
if (file_exists($themePath)) {
diff --git a/lib/private/encryption/exceptions/encryptionheaderkeyexistsexception.php b/lib/private/encryption/exceptions/encryptionheaderkeyexistsexception.php
index ab1a166018c..b3875cdd1a9 100644
--- a/lib/private/encryption/exceptions/encryptionheaderkeyexistsexception.php
+++ b/lib/private/encryption/exceptions/encryptionheaderkeyexistsexception.php
@@ -30,6 +30,6 @@ class EncryptionHeaderKeyExistsException extends GenericEncryptionException {
* @param string $key
*/
public function __construct($key) {
- parent::__construct('header key "'. $key . '" already reserved by ownCloud');
+ parent::__construct('header key "'. $key . '" already reserved by Nextcloud');
}
}
diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php
index f567d1e6ca5..d38ca0faa75 100644
--- a/lib/private/eventsource.php
+++ b/lib/private/eventsource.php
@@ -76,6 +76,10 @@ class OC_EventSource implements \OCP\IEventSource {
} else {
header("Content-Type: text/event-stream");
}
+ if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
+ header('Location: '.\OC::$WEBROOT);
+ exit();
+ }
if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
$this->send('error', 'Possible CSRF attack. Connection will be closed.');
$this->close();
diff --git a/lib/private/http/client/client.php b/lib/private/http/client/client.php
index bd9e82ddae7..f3824b8ce11 100644
--- a/lib/private/http/client/client.php
+++ b/lib/private/http/client/client.php
@@ -72,7 +72,7 @@ class Client implements IClient {
}
}
- $this->client->setDefaultOption('headers/User-Agent', 'ownCloud Server Crawler');
+ $this->client->setDefaultOption('headers/User-Agent', 'Nextcloud Server Crawler');
if($this->getProxyUri() !== '') {
$this->client->setDefaultOption('proxy', $this->getProxyUri());
}
diff --git a/lib/private/httphelper.php b/lib/private/httphelper.php
index f33d4a51745..aa8c5dd6360 100644
--- a/lib/private/httphelper.php
+++ b/lib/private/httphelper.php
@@ -33,7 +33,7 @@ use OCP\IConfig;
* @deprecated Use \OCP\Http\Client\IClientService
*/
class HTTPHelper {
- const USER_AGENT = 'ownCloud Server Crawler';
+ const USER_AGENT = 'Nextcloud Server Crawler';
/** @var \OCP\IConfig */
private $config;
diff --git a/lib/private/installer.php b/lib/private/installer.php
index f1d4d551786..51f23e9e8ad 100644
--- a/lib/private/installer.php
+++ b/lib/private/installer.php
@@ -383,7 +383,7 @@ class OC_Installer{
// check if the app is compatible with this version of ownCloud
if(!OC_App::isAppCompatible(\OCP\Util::getVersion(), $info)) {
OC_Helper::rmdirr($extractDir);
- throw new \Exception($l->t("App can't be installed because it is not compatible with this version of ownCloud"));
+ throw new \Exception($l->t("App can't be installed because it is not compatible with this version of Nextcloud"));
}
// check if shipped tag is set which is only allowed for apps that are shipped with ownCloud
diff --git a/lib/private/integritycheck/checker.php b/lib/private/integritycheck/checker.php
index b991f66e22e..3669c50ed30 100644
--- a/lib/private/integritycheck/checker.php
+++ b/lib/private/integritycheck/checker.php
@@ -318,13 +318,20 @@ class Checker {
$signature = base64_decode($signatureData['signature']);
$certificate = $signatureData['certificate'];
- // Check if certificate is signed by ownCloud Root Authority
+ // Check if certificate is signed by Nextcloud Root Authority
$x509 = new \phpseclib\File\X509();
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
$x509->loadCA($rootCertificatePublicKey);
$x509->loadX509($certificate);
if(!$x509->validateSignature()) {
- throw new InvalidSignatureException('Certificate is not valid.');
+ // FIXME: Once Nextcloud has it's own appstore we should remove the ownCloud Root Authority from here
+ $x509 = new \phpseclib\File\X509();
+ $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/owncloud.crt');
+ $x509->loadCA($rootCertificatePublicKey);
+ $x509->loadX509($certificate);
+ if(!$x509->validateSignature()) {
+ throw new InvalidSignatureException('Certificate is not valid.');
+ }
}
// Verify if certificate has proper CN. "core" CN is always trusted.
if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
diff --git a/lib/private/json.php b/lib/private/json.php
index 74aebd476fb..0272fcf15f5 100644
--- a/lib/private/json.php
+++ b/lib/private/json.php
@@ -77,6 +77,11 @@ class OC_JSON{
* @deprecated Use annotation based CSRF checks from the AppFramework instead
*/
public static function callCheck() {
+ if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
+ header('Location: '.\OC::$WEBROOT);
+ exit();
+ }
+
if( !(\OC::$server->getRequest()->passesCSRFCheck())) {
$l = \OC::$server->getL10N('lib');
self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' )));
diff --git a/lib/private/ocsclient.php b/lib/private/ocsclient.php
index a783a1f8425..52056f4d5e2 100644
--- a/lib/private/ocsclient.php
+++ b/lib/private/ocsclient.php
@@ -279,7 +279,7 @@ class OCSClient {
$tmp = $data->data->content;
if (is_null($tmp)) {
- \OCP\Util::writeLog('core', 'No update found at the ownCloud appstore for app ' . $id, \OCP\Util::DEBUG);
+ \OCP\Util::writeLog('core', 'No update found at the Nextcloud appstore for app ' . $id, \OCP\Util::DEBUG);
return null;
}
diff --git a/lib/private/repair.php b/lib/private/repair.php
index 0cbb43293e8..152123bb057 100644
--- a/lib/private/repair.php
+++ b/lib/private/repair.php
@@ -38,6 +38,7 @@ use OC\Repair\Collation;
use OC\Repair\CopyRewriteBaseToConfig;
use OC\Repair\DropOldJobs;
use OC\Repair\EncryptionCompatibility;
+use OC\Repair\MoveChannelToSystemConfig;
use OC\Repair\OldGroupMembershipShares;
use OC\Repair\RemoveGetETagEntries;
use OC\Repair\SqliteAutoincrement;
@@ -119,7 +120,7 @@ class Repair extends BasicEmitter {
new UpdateOutdatedOcsIds(\OC::$server->getConfig()),
new RepairInvalidShares(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()),
new AvatarPermissions(\OC::$server->getDatabaseConnection()),
- new BrokenUpdaterRepair(),
+ new MoveChannelToSystemConfig(\OC::$server->getConfig()),
];
}
diff --git a/lib/private/repair/dropoldtables.php b/lib/private/repair/dropoldtables.php
index abd3bd49b0a..e4b07aab2ba 100644
--- a/lib/private/repair/dropoldtables.php
+++ b/lib/private/repair/dropoldtables.php
@@ -71,6 +71,7 @@ class DropOldTables extends BasicEmitter implements RepairStep {
*/
protected function oldDatabaseTables() {
return [
+ 'authtoken',
'calendar_calendars',
'calendar_objects',
'calendar_share_calendar',
diff --git a/lib/private/repair/movechanneltosystemconfig.php b/lib/private/repair/movechanneltosystemconfig.php
new file mode 100644
index 00000000000..edc5748a6e7
--- /dev/null
+++ b/lib/private/repair/movechanneltosystemconfig.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Repair;
+
+use OC\Hooks\BasicEmitter;
+use OCP\IConfig;
+
+/**
+ * Class MoveChannelToSystemConfig moves the defined OC_Channel in the app config
+ * to the system config to be compatible with the Nextcloud updater.
+ *
+ * @package OC\Repair
+ */
+class MoveChannelToSystemConfig extends BasicEmitter implements \OC\RepairStep {
+ /** @var IConfig */
+ private $config;
+
+ public function __construct(IConfig $config) {
+ $this->config = $config;
+ }
+
+ public function getName() {
+ return 'Moves the stored release channel to the config file';
+ }
+
+ public function run() {
+ $channel = $this->config->getAppValue('core', 'OC_Channel', '');
+ if($channel !== '') {
+ $this->config->setSystemValue('updater.release.channel', $channel);
+ $this->config->deleteAppValue('core', 'OC_Channel');
+ }
+ }
+}
diff --git a/lib/private/server.php b/lib/private/server.php
index 581a2b44cea..0731239e884 100644
--- a/lib/private/server.php
+++ b/lib/private/server.php
@@ -73,6 +73,8 @@ use OC\Security\SecureRandom;
use OC\Security\TrustedDomainHelper;
use OC\Session\CryptoWrapper;
use OC\Tagging\TagMapper;
+use OCA\Theming\Template;
+use OCP\IL10N;
use OCP\IServerContainer;
use OCP\Security\IContentSecurityPolicyManager;
use Symfony\Component\EventDispatcher\EventDispatcher;
@@ -562,6 +564,17 @@ class Server extends ServerContainer implements IServerContainer {
$factory = new $factoryClass($this);
return $factory->getManager();
});
+ $this->registerService('ThemingDefaults', function(Server $c) {
+ if($this->getConfig()->getSystemValue('installed', false) && $this->getAppManager()->isInstalled('theming')) {
+ return new Template(
+ $this->getConfig(),
+ $this->getL10N('theming'),
+ $this->getURLGenerator(),
+ new \OC_Defaults()
+ );
+ }
+ return new \OC_Defaults();
+ });
$this->registerService('EventDispatcher', function () {
return new EventDispatcher();
});
@@ -618,7 +631,8 @@ class Server extends ServerContainer implements IServerContainer {
$c->getL10N('core'),
$factory,
$c->getUserManager(),
- $c->getRootFolder()
+ $c->getRootFolder(),
+ $c->getEventDispatcher()
);
return $manager;
@@ -1206,6 +1220,14 @@ class Server extends ServerContainer implements IServerContainer {
}
/**
+ * @internal Not public by intention.
+ * @return \OC_Defaults
+ */
+ public function getThemingDefaults() {
+ return $this->query('ThemingDefaults');
+ }
+
+ /**
* @return \OC\IntegrityCheck\Checker
*/
public function getIntegrityCodeChecker() {
diff --git a/lib/private/setup.php b/lib/private/setup.php
index a38f594ff7f..b74e34309dc 100644
--- a/lib/private/setup.php
+++ b/lib/private/setup.php
@@ -468,7 +468,7 @@ class Setup {
public static function protectDataDirectory() {
//Require all denied
$now = date('Y-m-d H:i:s');
- $content = "# Generated by ownCloud on $now\n";
+ $content = "# Generated by Nextcloud on $now\n";
$content.= "# line below if for Apache 2.4\n";
$content.= "<ifModule mod_authz_core.c>\n";
$content.= "Require all denied\n";
diff --git a/lib/private/share20/manager.php b/lib/private/share20/manager.php
index b00f7ccd5b6..482dcbec0c6 100644
--- a/lib/private/share20/manager.php
+++ b/lib/private/share20/manager.php
@@ -24,6 +24,7 @@
namespace OC\Share20;
use OC\Files\Mount\MoveableMount;
+use OC\HintException;
use OCP\Files\IRootFolder;
use OCP\Files\NotFoundException;
use OCP\IUserManager;
@@ -42,6 +43,8 @@ use OCP\Files\Folder;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\Exceptions\GenericShareException;
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use Symfony\Component\EventDispatcher\GenericEvent;
/**
* This class is the communication hub for all sharing related operations.
@@ -82,6 +85,7 @@ class Manager implements IManager {
* @param IProviderFactory $factory
* @param IUserManager $userManager
* @param IRootFolder $rootFolder
+ * @param EventDispatcher $eventDispatcher
*/
public function __construct(
ILogger $logger,
@@ -93,7 +97,8 @@ class Manager implements IManager {
IL10N $l,
IProviderFactory $factory,
IUserManager $userManager,
- IRootFolder $rootFolder
+ IRootFolder $rootFolder,
+ EventDispatcher $eventDispatcher
) {
$this->logger = $logger;
$this->config = $config;
@@ -105,6 +110,7 @@ class Manager implements IManager {
$this->factory = $factory;
$this->userManager = $userManager;
$this->rootFolder = $rootFolder;
+ $this->eventDispatcher = $eventDispatcher;
}
/**
@@ -134,16 +140,11 @@ class Manager implements IManager {
}
// Let others verify the password
- $accepted = true;
- $message = '';
- \OCP\Util::emitHook('\OC\Share', 'verifyPassword', [
- 'password' => $password,
- 'accepted' => &$accepted,
- 'message' => &$message
- ]);
-
- if (!$accepted) {
- throw new \Exception($message);
+ try {
+ $event = new GenericEvent($password);
+ $this->eventDispatcher->dispatch('OCP\PasswordPolicy::validate', $event);
+ } catch (HintException $e) {
+ throw new \Exception($e->getHint());
}
}
@@ -233,8 +234,9 @@ class Manager implements IManager {
throw new GenericShareException($message_t, $message_t, 404);
}
- // Check that read permissions are always set
- if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
+ // Link shares are allowed to have no read permissions to allow upload to hidden folders
+ if ($share->getShareType() !== \OCP\Share::SHARE_TYPE_LINK &&
+ ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
throw new \InvalidArgumentException('Shares need at least read permissions');
}
}
@@ -984,7 +986,17 @@ class Manager implements IManager {
public function getShareByToken($token) {
$provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_LINK);
- $share = $provider->getShareByToken($token);
+ try {
+ $share = $provider->getShareByToken($token);
+ } catch (ShareNotFound $e) {
+ //Ignore
+ }
+
+ // If it is not a link share try to fetch a federated share by token
+ if ($share === null) {
+ $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_REMOTE);
+ $share = $provider->getShareByToken($token);
+ }
if ($share->getExpirationDate() !== null &&
$share->getExpirationDate() <= new \DateTime()) {
diff --git a/lib/private/systemtag/systemtagmanager.php b/lib/private/systemtag/systemtagmanager.php
index 76a60a91328..51e605cc2fb 100644
--- a/lib/private/systemtag/systemtagmanager.php
+++ b/lib/private/systemtag/systemtagmanager.php
@@ -124,10 +124,7 @@ class SystemTagManager implements ISystemTagManager {
if (!empty($nameSearchPattern)) {
$query->andWhere(
- $query->expr()->like(
- 'name',
- $query->expr()->literal('%' . $this->connection->escapeLikeParameter($nameSearchPattern). '%')
- )
+ $query->expr()->like('name', $query->createNamedParameter('%' . $this->connection->escapeLikeParameter($nameSearchPattern) . '%'))
);
}
diff --git a/lib/private/template.php b/lib/private/template.php
index 2653ae6086a..ec35a1d9ba8 100644
--- a/lib/private/template.php
+++ b/lib/private/template.php
@@ -76,7 +76,7 @@ class OC_Template extends \OC\Template\Base {
$parts = explode('/', $app); // fix translation when app is something like core/lostpassword
$l10n = \OC::$server->getL10N($parts[0]);
- $themeDefaults = new OC_Defaults();
+ $themeDefaults = \OC::$server->getThemingDefaults();
list($path, $template) = $this->findTemplate($theme, $app, $name);
diff --git a/lib/private/updater.php b/lib/private/updater.php
index fc852991a13..f854afa20c3 100644
--- a/lib/private/updater.php
+++ b/lib/private/updater.php
@@ -143,7 +143,7 @@ class Updater extends BasicEmitter {
return json_decode($this->config->getAppValue('core', 'lastupdateResult'), true);
}
- $updaterUrl = $this->config->getSystemValue('updater.server.url', 'https://updates.owncloud.com/server/');
+ $updaterUrl = $this->config->getSystemValue('updater.server.url', 'https://updates.nextcloud.org/server/');
$this->config->setAppValue('core', 'lastupdatedat', time());
diff --git a/lib/private/user/database.php b/lib/private/user/database.php
index fd273055ae1..4622be1657d 100644
--- a/lib/private/user/database.php
+++ b/lib/private/user/database.php
@@ -49,6 +49,8 @@
*/
use OC\Cache\CappedMemoryCache;
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use Symfony\Component\EventDispatcher\GenericEvent;
/**
* Class for user management in a SQL Database (e.g. MySQL, SQLite)
@@ -59,9 +61,12 @@ class OC_User_Database extends OC_User_Backend implements \OCP\IUserBackend {
/**
* OC_User_Database constructor.
+ *
+ * @param EventDispatcher $eventDispatcher
*/
- public function __construct() {
+ public function __construct(EventDispatcher $eventDispatcher = null) {
$this->cache = new CappedMemoryCache();
+ $this->eventDispatcher = $eventDispatcher ? $eventDispatcher : \OC::$server->getEventDispatcher();
}
/**
@@ -113,6 +118,8 @@ class OC_User_Database extends OC_User_Backend implements \OCP\IUserBackend {
*/
public function setPassword($uid, $password) {
if ($this->userExists($uid)) {
+ $event = new GenericEvent($password);
+ $this->eventDispatcher->dispatch('OCP\PasswordPolicy::validate', $event);
$query = OC_DB::prepare('UPDATE `*PREFIX*users` SET `password` = ? WHERE `uid` = ?');
$result = $query->execute(array(\OC::$server->getHasher()->hash($password), $uid));
diff --git a/lib/private/util.php b/lib/private/util.php
index e4d1ebabc7b..74a944e0850 100644
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -384,7 +384,8 @@ class OC_Util {
}
/**
- * @description get the update channel of the current installed of ownCloud.
+ * Get the currently configured release channel
+ *
* @return string
*/
public static function getChannel() {
@@ -421,7 +422,7 @@ class OC_Util {
// Allow overriding update channel
if (\OC::$server->getSystemConfig()->getValue('installed', false)) {
- $channel = \OC::$server->getAppConfig()->getValue('core', 'OC_Channel');
+ $channel = \OC::$server->getConfig()->getSystemValue('updater.release.channel', null);
} else {
/** @var $OC_Channel string */
$channel = $OC_Channel;
@@ -641,7 +642,7 @@ class OC_Util {
if(OC_Util::runningOnWindows()) {
$errors[] = [
'error' => $l->t('Microsoft Windows Platform is not supported'),
- 'hint' => $l->t('Running ownCloud Server on the Microsoft Windows platform is not supported. We suggest you ' .
+ 'hint' => $l->t('Running Nextcloud Server on the Microsoft Windows platform is not supported. We suggest you ' .
'use a Linux server in a virtual machine if you have no option for migrating the server itself. ' .
'Find Linux packages as well as easy to deploy virtual machine images on <a href="%s">%s</a>. ' .
'For migrating existing installations to Linux you can find some tips and a migration script ' .
@@ -697,7 +698,7 @@ class OC_Util {
. '%sgiving the webserver write access to the root directory%s.',
array('<a href="' . $urlGenerator->linkToDocs('admin-dir_permissions') . '" target="_blank">', '</a>'));
$errors[] = array(
- 'error' => 'Data directory (' . $CONFIG_DATADIRECTORY . ') not writable by ownCloud',
+ 'error' => 'Data directory (' . $CONFIG_DATADIRECTORY . ') not writable by Nextcloud',
'hint' => $permissionsHint
);
} else {
@@ -807,7 +808,7 @@ class OC_Util {
}
$errors[] = [
'error' => $l->t('PHP setting "%s" is not set to "%s".', [$setting[0], var_export($setting[1], true)]),
- 'hint' => $l->t('Adjusting this setting in php.ini will make ownCloud run again')
+ 'hint' => $l->t('Adjusting this setting in php.ini will make Nextcloud run again')
];
$webServerRestart = true;
}