diff options
author | Frank Karlitschek <frank@owncloud.org> | 2012-06-21 14:07:04 +0200 |
---|---|---|
committer | Frank Karlitschek <frank@owncloud.org> | 2012-06-21 14:07:04 +0200 |
commit | e95055b2bdcd70568c4b4e21424800cab47a582b (patch) | |
tree | a7e8ffd6ff780e898da1d8c7445991016d681ab9 /lib/util.php | |
parent | 09d2f767276f6054148425966fda89e189d621f0 (diff) | |
download | nextcloud-server-e95055b2bdcd70568c4b4e21424800cab47a582b.tar.gz nextcloud-server-e95055b2bdcd70568c4b4e21424800cab47a582b.zip |
check if the data directory is accessible via http. Show a big security warning if yes
Diffstat (limited to 'lib/util.php')
-rwxr-xr-x | lib/util.php | 53 |
1 files changed, 46 insertions, 7 deletions
diff --git a/lib/util.php b/lib/util.php index 7792f96d445..8a2d913109d 100755 --- a/lib/util.php +++ b/lib/util.php @@ -420,18 +420,57 @@ class OC_Util { } } - /**
- * @brief Public function to sanitize HTML
- *
+ /** + * @brief Public function to sanitize HTML + * * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page. * * @param string or array of strings - * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+ * @return array with sanitized strings or a single sinitized string, depends on the input parameter. */ - public static function sanitizeHTML( &$value ){
- if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
- else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
+ public static function sanitizeHTML( &$value ){ + if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML'); + else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4 return $value; } + + /** + * Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http + */ + public static function ishtaccessworking() { + + // testdata + $filename='/htaccesstest.txt'; + $testcontent='testcontent'; + + // creating a test file + $testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename; + $fp = @fopen($testfile, 'w'); + @fwrite($fp, $testcontent); + @fclose($fp); + + // accessing the file via http + $url = OC_Helper::serverProtocol(). '://' . OC_Helper::serverHost() . OC::$WEBROOT.'/data'.$filename; + $fp = @fopen($url, 'r'); + $content=@fread($fp, 2048); + @fclose($fp); + + // cleanup + @unlink($testfile); + + // does it work ? + if($content==$testcontent) { + return(false); + }else{ + return(true); + + } + + } + + + + + } |