summaryrefslogtreecommitdiffstats
path: root/lib/util.php
diff options
context:
space:
mode:
authorFrank Karlitschek <frank@owncloud.org>2012-06-21 14:07:04 +0200
committerFrank Karlitschek <frank@owncloud.org>2012-06-21 14:07:04 +0200
commite95055b2bdcd70568c4b4e21424800cab47a582b (patch)
treea7e8ffd6ff780e898da1d8c7445991016d681ab9 /lib/util.php
parent09d2f767276f6054148425966fda89e189d621f0 (diff)
downloadnextcloud-server-e95055b2bdcd70568c4b4e21424800cab47a582b.tar.gz
nextcloud-server-e95055b2bdcd70568c4b4e21424800cab47a582b.zip
check if the data directory is accessible via http. Show a big security warning if yes
Diffstat (limited to 'lib/util.php')
-rwxr-xr-xlib/util.php53
1 files changed, 46 insertions, 7 deletions
diff --git a/lib/util.php b/lib/util.php
index 7792f96d445..8a2d913109d 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -420,18 +420,57 @@ class OC_Util {
}
}
- /**
- * @brief Public function to sanitize HTML
- *
+ /**
+ * @brief Public function to sanitize HTML
+ *
* This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
*
* @param string or array of strings
- * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+ * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
*/
- public static function sanitizeHTML( &$value ){
- if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
- else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
+ public static function sanitizeHTML( &$value ){
+ if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
+ else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
return $value;
}
+
+ /**
+ * Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http
+ */
+ public static function ishtaccessworking() {
+
+ // testdata
+ $filename='/htaccesstest.txt';
+ $testcontent='testcontent';
+
+ // creating a test file
+ $testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename;
+ $fp = @fopen($testfile, 'w');
+ @fwrite($fp, $testcontent);
+ @fclose($fp);
+
+ // accessing the file via http
+ $url = OC_Helper::serverProtocol(). '://' . OC_Helper::serverHost() . OC::$WEBROOT.'/data'.$filename;
+ $fp = @fopen($url, 'r');
+ $content=@fread($fp, 2048);
+ @fclose($fp);
+
+ // cleanup
+ @unlink($testfile);
+
+ // does it work ?
+ if($content==$testcontent) {
+ return(false);
+ }else{
+ return(true);
+
+ }
+
+ }
+
+
+
+
+
}