diff options
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 88 |
1 files changed, 42 insertions, 46 deletions
diff --git a/lib/base.php b/lib/base.php index ad80df357c5..a603f67d78e 100644 --- a/lib/base.php +++ b/lib/base.php @@ -12,6 +12,7 @@ use OC\Share20\GroupDeletedListener; use OC\Share20\Hooks; use OC\Share20\UserDeletedListener; use OC\Share20\UserRemovedListener; +use OC\User\DisabledUserException; use OCP\EventDispatcher\IEventDispatcher; use OCP\Files\Events\BeforeFileSystemSetupEvent; use OCP\Group\Events\GroupDeletedEvent; @@ -40,10 +41,6 @@ require_once 'public/Constants.php'; */ class OC { /** - * Associative array for autoloading. classname => filename - */ - public static array $CLASSPATH = []; - /** * The installation path for Nextcloud on the server (e.g. /srv/http/nextcloud) */ public static string $SERVERROOT = ''; @@ -73,8 +70,6 @@ class OC { */ public static bool $CLI = false; - public static \OC\Autoloader $loader; - public static \Composer\Autoload\ClassLoader $composerAutoloader; public static \OC\Server $server; @@ -147,8 +142,8 @@ class OC { // Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing // slash which is required by URL generation. - if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT && - substr($_SERVER['REQUEST_URI'], -1) !== '/') { + if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT + && substr($_SERVER['REQUEST_URI'], -1) !== '/') { header('Location: ' . \OC::$WEBROOT . '/'); exit(); } @@ -291,8 +286,8 @@ class OC { $tooBig = ($totalUsers > 50); } } - $ignoreTooBigWarning = isset($_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup']) && - $_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'] === 'IAmSuperSureToDoThis'; + $ignoreTooBigWarning = isset($_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup']) + && $_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'] === 'IAmSuperSureToDoThis'; if ($disableWebUpdater || ($tooBig && !$ignoreTooBigWarning)) { // send http status 503 @@ -399,6 +394,12 @@ class OC { $cookie_path = OC::$WEBROOT ? : '/'; ini_set('session.cookie_path', $cookie_path); + // set the cookie domain to the Nextcloud domain + $cookie_domain = self::$config->getValue('cookie_domain', ''); + if ($cookie_domain) { + ini_set('session.cookie_domain', $cookie_domain); + } + // Let the session name be changed in the initSession Hook $sessionName = OC_Util::getInstanceId(); @@ -551,10 +552,10 @@ class OC { $processingScript = explode('/', $requestUri); $processingScript = $processingScript[count($processingScript) - 1]; - // index.php routes are handled in the middleware - // and cron.php does not need any authentication at all - if ($processingScript === 'index.php' - || $processingScript === 'cron.php') { + if ($processingScript === 'index.php' // index.php routes are handled in the middleware + || $processingScript === 'cron.php' // and cron.php does not need any authentication at all + || $processingScript === 'public.php' // For public.php, auth for password protected shares is done in the PublicAuth plugin + ) { return; } @@ -597,15 +598,6 @@ class OC { // register autoloader $loaderStart = microtime(true); - require_once __DIR__ . '/autoloader.php'; - self::$loader = new \OC\Autoloader([ - OC::$SERVERROOT . '/lib/private/legacy', - ]); - if (defined('PHPUNIT_RUN')) { - self::$loader->addValidRoot(OC::$SERVERROOT . '/tests'); - } - spl_autoload_register([self::$loader, 'load']); - $loaderEnd = microtime(true); self::$CLI = (php_sapi_name() == 'cli'); @@ -631,6 +623,10 @@ class OC { print($e->getMessage()); exit(); } + $loaderEnd = microtime(true); + + // Enable lazy loading if activated + \OC\AppFramework\Utility\SimpleContainer::$useLazyObjects = (bool)self::$config->getValue('enable_lazy_objects', true); // setup the basic server self::$server = new \OC\Server(\OC::$WEBROOT, self::$config); @@ -659,9 +655,6 @@ class OC { error_reporting(E_ALL); } - $systemConfig = Server::get(\OC\SystemConfig::class); - self::registerAutoloaderCache($systemConfig); - // initialize intl fallback if necessary OC_Util::isSetLocaleWorking(); @@ -695,6 +688,7 @@ class OC { throw new \OCP\HintException('The PHP SimpleXML/PHP-XML extension is not installed.', 'Install the extension or make sure it is enabled.'); } + $systemConfig = Server::get(\OC\SystemConfig::class); $appManager = Server::get(\OCP\App\IAppManager::class); if ($systemConfig->getValue('installed', false)) { $appManager->loadApps(['session']); @@ -787,8 +781,6 @@ class OC { // Make sure that the application class is not loaded before the database is setup if ($systemConfig->getValue('installed', false)) { $appManager->loadApp('settings'); - /* Build core application to make sure that listeners are registered */ - Server::get(\OC\Core\Application::class); } //make sure temporary files are cleaned up @@ -978,23 +970,6 @@ class OC { } } - protected static function registerAutoloaderCache(\OC\SystemConfig $systemConfig): void { - // The class loader takes an optional low-latency cache, which MUST be - // namespaced. The instanceid is used for namespacing, but might be - // unavailable at this point. Furthermore, it might not be possible to - // generate an instanceid via \OC_Util::getInstanceId() because the - // config file may not be writable. As such, we only register a class - // loader cache if instanceid is available without trying to create one. - $instanceId = $systemConfig->getValue('instanceid', null); - if ($instanceId) { - try { - $memcacheFactory = Server::get(\OCP\ICacheFactory::class); - self::$loader->setMemoryCache($memcacheFactory->createLocal('Autoloader')); - } catch (\Exception $ex) { - } - } - } - /** * Handle the request */ @@ -1011,6 +986,7 @@ class OC { } $request = Server::get(IRequest::class); + $request->throwDecodingExceptionIfAny(); $requestPath = $request->getRawPathInfo(); if ($requestPath === '/heartbeat') { return; @@ -1049,7 +1025,27 @@ class OC { // OAuth needs to support basic auth too, so the login is not valid // inside Nextcloud and the Login exception would ruin it. if ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') { - self::handleLogin($request); + try { + self::handleLogin($request); + } catch (DisabledUserException $e) { + // Disabled users would not be seen as logged in and + // trying to log them in would fail, so the login + // exception is ignored for the themed stylesheets and + // images. + if ($request->getRawPathInfo() !== '/apps/theming/theme/default.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/light.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/dark.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/light-highcontrast.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/dark-highcontrast.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/opendyslexic.css' + && $request->getRawPathInfo() !== '/apps/theming/image/background' + && $request->getRawPathInfo() !== '/apps/theming/image/logo' + && $request->getRawPathInfo() !== '/apps/theming/image/logoheader' + && !str_starts_with($request->getRawPathInfo(), '/apps/theming/favicon') + && !str_starts_with($request->getRawPathInfo(), '/apps/theming/icon')) { + throw $e; + } + } } } } |