summaryrefslogtreecommitdiffstats
path: root/lib/base.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/base.php')
-rw-r--r--lib/base.php31
1 files changed, 20 insertions, 11 deletions
diff --git a/lib/base.php b/lib/base.php
index 11c5167786d..d365a4a306f 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -229,11 +229,18 @@ class OC {
public static function checkSSL() {
// redirect to https site if configured
- if (OC_Config::getValue("forcessl", false)) {
- header('Strict-Transport-Security: max-age=31536000');
- ini_set("session.cookie_secure", "on");
+ if (\OC::$server->getConfig()->getSystemValue('forcessl', false)) {
+ // Default HSTS policy
+ $header = 'Strict-Transport-Security: max-age=31536000';
+
+ // If SSL for subdomains is enabled add "; includeSubDomains" to the header
+ if(\OC::$server->getConfig()->getSystemValue('forceSSLforSubdomains', false)) {
+ $header .= '; includeSubDomains';
+ }
+ header($header);
+ ini_set('session.cookie_secure', 'on');
if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) {
- $url = "https://" . OC_Request::serverHost() . OC_Request::requestUri();
+ $url = 'https://' . OC_Request::serverHost() . OC_Request::requestUri();
header("Location: $url");
exit();
}
@@ -327,14 +334,14 @@ class OC {
public static function initTemplateEngine() {
// Add the stuff we need always
// TODO: read from core/js/core.json
- OC_Util::addScript("jquery-1.10.0.min");
- OC_Util::addScript("jquery-migrate-1.2.1.min");
+ OC_Util::addVendorScript('jquery/jquery.min');
+ OC_Util::addVendorScript('jquery/jquery-migrate.min');
OC_Util::addScript("jquery-ui-1.10.0.custom");
OC_Util::addScript("jquery-showpassword");
OC_Util::addScript("placeholders");
OC_Util::addScript("jquery-tipsy");
OC_Util::addScript("compatibility");
- OC_Util::addScript("underscore");
+ OC_Util::addVendorScript("underscore/underscore");
OC_Util::addScript("jquery.ocdialog");
OC_Util::addScript("oc-dialogs");
OC_Util::addScript("js");
@@ -347,13 +354,13 @@ class OC {
OC_Util::addScript('search', 'result');
OC_Util::addScript("oc-requesttoken");
OC_Util::addScript("apps");
- OC_Util::addScript("snap");
+ OC_Util::addVendorScript('snapjs/dist/latest/snap');
OC_Util::addVendorScript('moment/min/moment-with-locales');
// avatars
if (\OC_Config::getValue('enable_avatars', true) === true) {
\OC_Util::addScript('placeholder');
- \OC_Util::addScript('3rdparty', 'md5/md5.min');
+ \OC_Util::addVendorScript('blueimp-md5/js/md5');
\OC_Util::addScript('jquery.avatar');
\OC_Util::addScript('avatar');
}
@@ -457,7 +464,8 @@ class OC {
// setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (file_exists($vendorAutoLoad)) {
- require_once $vendorAutoLoad;
+ $loader = require_once $vendorAutoLoad;
+ $loader->add('PasswordHash', OC::$THIRDPARTYROOT . '/3rdparty/phpass');
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printErrorPage('Composer autoloader not found, unable to continue.');
@@ -713,7 +721,8 @@ class OC {
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
- if (!OC_Config::getValue('installed', false)) {
+ if (!\OC::$server->getConfig()->getSystemValue('installed', false)) {
+ \OC::$server->getSession()->clear();
$controller = new OC\Core\Setup\Controller(\OC::$server->getConfig());
$controller->run($_POST);
exit();