diff options
Diffstat (limited to 'lib/base.php')
-rw-r--r-- | lib/base.php | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/lib/base.php b/lib/base.php index 11c5167786d..d365a4a306f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -229,11 +229,18 @@ class OC { public static function checkSSL() { // redirect to https site if configured - if (OC_Config::getValue("forcessl", false)) { - header('Strict-Transport-Security: max-age=31536000'); - ini_set("session.cookie_secure", "on"); + if (\OC::$server->getConfig()->getSystemValue('forcessl', false)) { + // Default HSTS policy + $header = 'Strict-Transport-Security: max-age=31536000'; + + // If SSL for subdomains is enabled add "; includeSubDomains" to the header + if(\OC::$server->getConfig()->getSystemValue('forceSSLforSubdomains', false)) { + $header .= '; includeSubDomains'; + } + header($header); + ini_set('session.cookie_secure', 'on'); if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) { - $url = "https://" . OC_Request::serverHost() . OC_Request::requestUri(); + $url = 'https://' . OC_Request::serverHost() . OC_Request::requestUri(); header("Location: $url"); exit(); } @@ -327,14 +334,14 @@ class OC { public static function initTemplateEngine() { // Add the stuff we need always // TODO: read from core/js/core.json - OC_Util::addScript("jquery-1.10.0.min"); - OC_Util::addScript("jquery-migrate-1.2.1.min"); + OC_Util::addVendorScript('jquery/jquery.min'); + OC_Util::addVendorScript('jquery/jquery-migrate.min'); OC_Util::addScript("jquery-ui-1.10.0.custom"); OC_Util::addScript("jquery-showpassword"); OC_Util::addScript("placeholders"); OC_Util::addScript("jquery-tipsy"); OC_Util::addScript("compatibility"); - OC_Util::addScript("underscore"); + OC_Util::addVendorScript("underscore/underscore"); OC_Util::addScript("jquery.ocdialog"); OC_Util::addScript("oc-dialogs"); OC_Util::addScript("js"); @@ -347,13 +354,13 @@ class OC { OC_Util::addScript('search', 'result'); OC_Util::addScript("oc-requesttoken"); OC_Util::addScript("apps"); - OC_Util::addScript("snap"); + OC_Util::addVendorScript('snapjs/dist/latest/snap'); OC_Util::addVendorScript('moment/min/moment-with-locales'); // avatars if (\OC_Config::getValue('enable_avatars', true) === true) { \OC_Util::addScript('placeholder'); - \OC_Util::addScript('3rdparty', 'md5/md5.min'); + \OC_Util::addVendorScript('blueimp-md5/js/md5'); \OC_Util::addScript('jquery.avatar'); \OC_Util::addScript('avatar'); } @@ -457,7 +464,8 @@ class OC { // setup 3rdparty autoloader $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; if (file_exists($vendorAutoLoad)) { - require_once $vendorAutoLoad; + $loader = require_once $vendorAutoLoad; + $loader->add('PasswordHash', OC::$THIRDPARTYROOT . '/3rdparty/phpass'); } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printErrorPage('Composer autoloader not found, unable to continue.'); @@ -713,7 +721,8 @@ class OC { OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode - if (!OC_Config::getValue('installed', false)) { + if (!\OC::$server->getConfig()->getSystemValue('installed', false)) { + \OC::$server->getSession()->clear(); $controller = new OC\Core\Setup\Controller(\OC::$server->getConfig()); $controller->run($_POST); exit(); |