aboutsummaryrefslogtreecommitdiffstats
path: root/lib/base.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/base.php')
-rw-r--r--lib/base.php90
1 files changed, 44 insertions, 46 deletions
diff --git a/lib/base.php b/lib/base.php
index ad80df357c5..7028c61d826 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -12,6 +12,7 @@ use OC\Share20\GroupDeletedListener;
use OC\Share20\Hooks;
use OC\Share20\UserDeletedListener;
use OC\Share20\UserRemovedListener;
+use OC\User\DisabledUserException;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\Files\Events\BeforeFileSystemSetupEvent;
use OCP\Group\Events\GroupDeletedEvent;
@@ -40,10 +41,6 @@ require_once 'public/Constants.php';
*/
class OC {
/**
- * Associative array for autoloading. classname => filename
- */
- public static array $CLASSPATH = [];
- /**
* The installation path for Nextcloud on the server (e.g. /srv/http/nextcloud)
*/
public static string $SERVERROOT = '';
@@ -73,8 +70,6 @@ class OC {
*/
public static bool $CLI = false;
- public static \OC\Autoloader $loader;
-
public static \Composer\Autoload\ClassLoader $composerAutoloader;
public static \OC\Server $server;
@@ -147,8 +142,8 @@ class OC {
// Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing
// slash which is required by URL generation.
- if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT &&
- substr($_SERVER['REQUEST_URI'], -1) !== '/') {
+ if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT
+ && substr($_SERVER['REQUEST_URI'], -1) !== '/') {
header('Location: ' . \OC::$WEBROOT . '/');
exit();
}
@@ -291,8 +286,8 @@ class OC {
$tooBig = ($totalUsers > 50);
}
}
- $ignoreTooBigWarning = isset($_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup']) &&
- $_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'] === 'IAmSuperSureToDoThis';
+ $ignoreTooBigWarning = isset($_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'])
+ && $_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'] === 'IAmSuperSureToDoThis';
if ($disableWebUpdater || ($tooBig && !$ignoreTooBigWarning)) {
// send http status 503
@@ -399,6 +394,12 @@ class OC {
$cookie_path = OC::$WEBROOT ? : '/';
ini_set('session.cookie_path', $cookie_path);
+ // set the cookie domain to the Nextcloud domain
+ $cookie_domain = self::$config->getValue('cookie_domain', '');
+ if ($cookie_domain) {
+ ini_set('session.cookie_domain', $cookie_domain);
+ }
+
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util::getInstanceId();
@@ -551,10 +552,10 @@ class OC {
$processingScript = explode('/', $requestUri);
$processingScript = $processingScript[count($processingScript) - 1];
- // index.php routes are handled in the middleware
- // and cron.php does not need any authentication at all
- if ($processingScript === 'index.php'
- || $processingScript === 'cron.php') {
+ if ($processingScript === 'index.php' // index.php routes are handled in the middleware
+ || $processingScript === 'cron.php' // and cron.php does not need any authentication at all
+ || $processingScript === 'public.php' // For public.php, auth for password protected shares is done in the PublicAuth plugin
+ ) {
return;
}
@@ -597,15 +598,6 @@ class OC {
// register autoloader
$loaderStart = microtime(true);
- require_once __DIR__ . '/autoloader.php';
- self::$loader = new \OC\Autoloader([
- OC::$SERVERROOT . '/lib/private/legacy',
- ]);
- if (defined('PHPUNIT_RUN')) {
- self::$loader->addValidRoot(OC::$SERVERROOT . '/tests');
- }
- spl_autoload_register([self::$loader, 'load']);
- $loaderEnd = microtime(true);
self::$CLI = (php_sapi_name() == 'cli');
@@ -631,6 +623,10 @@ class OC {
print($e->getMessage());
exit();
}
+ $loaderEnd = microtime(true);
+
+ // Enable lazy loading if activated
+ \OC\AppFramework\Utility\SimpleContainer::$useLazyObjects = (bool)self::$config->getValue('enable_lazy_objects', true);
// setup the basic server
self::$server = new \OC\Server(\OC::$WEBROOT, self::$config);
@@ -659,9 +655,6 @@ class OC {
error_reporting(E_ALL);
}
- $systemConfig = Server::get(\OC\SystemConfig::class);
- self::registerAutoloaderCache($systemConfig);
-
// initialize intl fallback if necessary
OC_Util::isSetLocaleWorking();
@@ -695,6 +688,7 @@ class OC {
throw new \OCP\HintException('The PHP SimpleXML/PHP-XML extension is not installed.', 'Install the extension or make sure it is enabled.');
}
+ $systemConfig = Server::get(\OC\SystemConfig::class);
$appManager = Server::get(\OCP\App\IAppManager::class);
if ($systemConfig->getValue('installed', false)) {
$appManager->loadApps(['session']);
@@ -787,8 +781,8 @@ class OC {
// Make sure that the application class is not loaded before the database is setup
if ($systemConfig->getValue('installed', false)) {
$appManager->loadApp('settings');
- /* Build core application to make sure that listeners are registered */
- Server::get(\OC\Core\Application::class);
+ /* Run core application registration */
+ $bootstrapCoordinator->runLazyRegistration('core');
}
//make sure temporary files are cleaned up
@@ -978,23 +972,6 @@ class OC {
}
}
- protected static function registerAutoloaderCache(\OC\SystemConfig $systemConfig): void {
- // The class loader takes an optional low-latency cache, which MUST be
- // namespaced. The instanceid is used for namespacing, but might be
- // unavailable at this point. Furthermore, it might not be possible to
- // generate an instanceid via \OC_Util::getInstanceId() because the
- // config file may not be writable. As such, we only register a class
- // loader cache if instanceid is available without trying to create one.
- $instanceId = $systemConfig->getValue('instanceid', null);
- if ($instanceId) {
- try {
- $memcacheFactory = Server::get(\OCP\ICacheFactory::class);
- self::$loader->setMemoryCache($memcacheFactory->createLocal('Autoloader'));
- } catch (\Exception $ex) {
- }
- }
- }
-
/**
* Handle the request
*/
@@ -1011,6 +988,7 @@ class OC {
}
$request = Server::get(IRequest::class);
+ $request->throwDecodingExceptionIfAny();
$requestPath = $request->getRawPathInfo();
if ($requestPath === '/heartbeat') {
return;
@@ -1049,7 +1027,27 @@ class OC {
// OAuth needs to support basic auth too, so the login is not valid
// inside Nextcloud and the Login exception would ruin it.
if ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') {
- self::handleLogin($request);
+ try {
+ self::handleLogin($request);
+ } catch (DisabledUserException $e) {
+ // Disabled users would not be seen as logged in and
+ // trying to log them in would fail, so the login
+ // exception is ignored for the themed stylesheets and
+ // images.
+ if ($request->getRawPathInfo() !== '/apps/theming/theme/default.css'
+ && $request->getRawPathInfo() !== '/apps/theming/theme/light.css'
+ && $request->getRawPathInfo() !== '/apps/theming/theme/dark.css'
+ && $request->getRawPathInfo() !== '/apps/theming/theme/light-highcontrast.css'
+ && $request->getRawPathInfo() !== '/apps/theming/theme/dark-highcontrast.css'
+ && $request->getRawPathInfo() !== '/apps/theming/theme/opendyslexic.css'
+ && $request->getRawPathInfo() !== '/apps/theming/image/background'
+ && $request->getRawPathInfo() !== '/apps/theming/image/logo'
+ && $request->getRawPathInfo() !== '/apps/theming/image/logoheader'
+ && !str_starts_with($request->getRawPathInfo(), '/apps/theming/favicon')
+ && !str_starts_with($request->getRawPathInfo(), '/apps/theming/icon')) {
+ throw $e;
+ }
+ }
}
}
}