diff options
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/app.php | 11 | ||||
| -rw-r--r-- | lib/private/db/mdb2schemamanager.php | 3 | ||||
| -rw-r--r-- | lib/private/defaults.php | 7 | ||||
| -rw-r--r-- | lib/private/files.php | 213 | ||||
| -rw-r--r-- | lib/private/files/cache/cache.php | 10 | ||||
| -rw-r--r-- | lib/private/files/filesystem.php | 5 | ||||
| -rw-r--r-- | lib/private/files/storage/common.php | 37 | ||||
| -rw-r--r-- | lib/private/files/storage/wrapper/quota.php | 8 | ||||
| -rw-r--r-- | lib/private/files/view.php | 9 | ||||
| -rw-r--r-- | lib/private/helper.php | 2 | ||||
| -rw-r--r-- | lib/private/image.php | 33 | ||||
| -rw-r--r-- | lib/private/mimetypes.list.php | 1 | ||||
| -rw-r--r-- | lib/private/minimizer.php | 64 | ||||
| -rw-r--r-- | lib/private/minimizer/css.php | 38 | ||||
| -rw-r--r-- | lib/private/minimizer/js.php | 21 | ||||
| -rwxr-xr-x | lib/private/request.php | 75 | ||||
| -rw-r--r-- | lib/private/setup.php | 5 | ||||
| -rw-r--r-- | lib/private/template/cssresourcelocator.php | 2 | ||||
| -rw-r--r-- | lib/private/templatelayout.php | 113 | ||||
| -rw-r--r-- | lib/private/updater.php | 15 | ||||
| -rw-r--r-- | lib/private/user.php | 1 | ||||
| -rw-r--r-- | lib/private/user/session.php | 1 | ||||
| -rwxr-xr-x | lib/private/util.php | 4 |
23 files changed, 288 insertions, 390 deletions
diff --git a/lib/private/app.php b/lib/private/app.php index 47f983cce35..048d4d4aeb1 100644 --- a/lib/private/app.php +++ b/lib/private/app.php @@ -69,17 +69,6 @@ class OC_App{ } ob_end_clean(); - if (!defined('DEBUG') || !DEBUG) { - if (is_null($types) - && empty(OC_Util::$coreScripts) - && empty(OC_Util::$coreStyles)) { - OC_Util::$coreScripts = OC_Util::$scripts; - OC_Util::$scripts = array(); - OC_Util::$coreStyles = OC_Util::$styles; - OC_Util::$styles = array(); - } - } - // return return true; } diff --git a/lib/private/db/mdb2schemamanager.php b/lib/private/db/mdb2schemamanager.php index c050d47b499..aaf2ea543b9 100644 --- a/lib/private/db/mdb2schemamanager.php +++ b/lib/private/db/mdb2schemamanager.php @@ -82,6 +82,9 @@ class MDB2SchemaManager { $platform = $this->conn->getDatabasePlatform(); foreach($schemaDiff->changedTables as $tableDiff) { $tableDiff->name = $platform->quoteIdentifier($tableDiff->name); + foreach($tableDiff->changedColumns as $column) { + $column->oldColumnName = $platform->quoteIdentifier($column->oldColumnName); + } } if ($generateSql) { diff --git a/lib/private/defaults.php b/lib/private/defaults.php index 0b97497baa1..59630cda5c0 100644 --- a/lib/private/defaults.php +++ b/lib/private/defaults.php @@ -174,4 +174,11 @@ class OC_Defaults { return $footer; } + public function buildDocLinkToKey($key) { + if ($this->themeExist('buildDocLinkToKey')) { + return $this->theme->buildDocLinkToKey($key); + } + return $this->getDocBaseUrl() . '/server/6.0/go.php?to=' . $key; + } + } diff --git a/lib/private/files.php b/lib/private/files.php index 656d6f044ca..7e7a27f48dc 100644 --- a/lib/private/files.php +++ b/lib/private/files.php @@ -21,22 +21,39 @@ * */ +// TODO: get rid of this using proper composer packages +require_once 'mcnetic/phpzipstreamer/ZipStreamer.php'; + +class GET_TYPE { + const FILE = 1; + const ZIP_FILES = 2; + const ZIP_DIR = 3; +} + /** - * Class for fileserver access + * Class for file server access * */ class OC_Files { - static $tmpFiles = array(); - - static public function getFileInfo($path, $includeMountPoints = true){ - return \OC\Files\Filesystem::getFileInfo($path, $includeMountPoints); - } /** - * @param string $path + * @param string $filename + * @param string $name + * @param bool $zip */ - static public function getDirectoryContent($path){ - return \OC\Files\Filesystem::getDirectoryContent($path); + private static function sendHeaders($filename, $name, $zip = false) { + OC_Response::setContentDispositionHeader($name, 'attachment'); + header('Content-Transfer-Encoding: binary'); + OC_Response::disableCaching(); + if ($zip) { + header('Content-Type: application/zip'); + } else { + $filesize = \OC\Files\Filesystem::filesize($filename); + header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename)); + if ($filesize > -1) { + header("Content-Length: ".$filesize); + } + } } /** @@ -54,97 +71,50 @@ class OC_Files { $xsendfile = true; } - if (is_array($files) && count($files) == 1) { + if (is_array($files) && count($files) === 1) { $files = $files[0]; } if (is_array($files)) { - self::validateZipDownload($dir, $files); - $executionTime = intval(ini_get('max_execution_time')); - set_time_limit(0); - $zip = new ZipArchive(); - $filename = OC_Helper::tmpFile('.zip'); - if ($zip->open($filename, ZIPARCHIVE::CREATE | ZIPARCHIVE::OVERWRITE)!==true) { - $l = OC_L10N::get('lib'); - throw new Exception($l->t('cannot open "%s"', array($filename))); - } - foreach ($files as $file) { - $file = $dir . '/' . $file; - if (\OC\Files\Filesystem::is_file($file)) { - $tmpFile = \OC\Files\Filesystem::toTmpFile($file); - self::$tmpFiles[] = $tmpFile; - $zip->addFile($tmpFile, basename($file)); - } elseif (\OC\Files\Filesystem::is_dir($file)) { - self::zipAddDir($file, $zip); - } - } - $zip->close(); - if ($xsendfile) { - $filename = OC_Helper::moveToNoClean($filename); - } + $get_type = GET_TYPE::ZIP_FILES; $basename = basename($dir); if ($basename) { $name = $basename . '.zip'; } else { $name = 'download.zip'; } - - set_time_limit($executionTime); - } elseif (\OC\Files\Filesystem::is_dir($dir . '/' . $files)) { - self::validateZipDownload($dir, $files); - $executionTime = intval(ini_get('max_execution_time')); - set_time_limit(0); - $zip = new ZipArchive(); - $filename = OC_Helper::tmpFile('.zip'); - if ($zip->open($filename, ZIPARCHIVE::CREATE | ZIPARCHIVE::OVERWRITE)!==true) { - $l = OC_L10N::get('lib'); - throw new Exception($l->t('cannot open "%s"', array($filename))); - } - $file = $dir . '/' . $files; - self::zipAddDir($file, $zip); - $zip->close(); - if ($xsendfile) { - $filename = OC_Helper::moveToNoClean($filename); - } - // downloading root ? - if ($files === '') { - $name = 'download.zip'; + + $filename = $dir . '/' . $name; + } else { + $filename = $dir . '/' . $files; + if (\OC\Files\Filesystem::is_dir($dir . '/' . $files)) { + $get_type = GET_TYPE::ZIP_DIR; + // downloading root ? + if ($files === '') { + $name = 'download.zip'; + } else { + $name = $files . '.zip'; + } + } else { - $name = $files . '.zip'; + $get_type = GET_TYPE::FILE; + $name = $files; } - set_time_limit($executionTime); - } else { + } + + if ($get_type === GET_TYPE::FILE) { $zip = false; - $filename = $dir . '/' . $files; - $name = $files; if ($xsendfile && OC_App::isEnabled('files_encryption')) { $xsendfile = false; } + } else { + self::validateZipDownload($dir, $files); + $zip = new ZipStreamer(false); } OC_Util::obEnd(); if ($zip or \OC\Files\Filesystem::isReadable($filename)) { - OC_Response::setContentDispositionHeader($name, 'attachment'); - header('Content-Transfer-Encoding: binary'); - OC_Response::disableCaching(); - if ($zip) { - ini_set('zlib.output_compression', 'off'); - header('Content-Type: application/zip'); - header('Content-Length: ' . filesize($filename)); - self::addSendfileHeader($filename); - }else{ - $filesize = \OC\Files\Filesystem::filesize($filename); - header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename)); - if ($filesize > -1) { - header("Content-Length: ".$filesize); - } - if ($xsendfile) { - list($storage) = \OC\Files\Filesystem::resolvePath(\OC\Files\Filesystem::getView()->getAbsolutePath($filename)); - if ($storage->isLocal()) { - self::addSendfileHeader(\OC\Files\Filesystem::getLocalFile($filename)); - } - } - } - } elseif ($zip or !\OC\Files\Filesystem::file_exists($filename)) { + self::sendHeaders($filename, $name, $zip); + } elseif (!\OC\Files\Filesystem::file_exists($filename)) { header("HTTP/1.0 404 Not Found"); $tmpl = new OC_Template('', '404', 'guest'); $tmpl->assign('file', $name); @@ -157,23 +127,36 @@ class OC_Files { return ; } if ($zip) { - $handle = fopen($filename, 'r'); - if ($handle) { - $chunkSize = 8 * 1024; // 1 MB chunks - while (!feof($handle)) { - echo fread($handle, $chunkSize); - flush(); + $executionTime = intval(ini_get('max_execution_time')); + set_time_limit(0); + if ($get_type === GET_TYPE::ZIP_FILES) { + foreach ($files as $file) { + $file = $dir . '/' . $file; + if (\OC\Files\Filesystem::is_file($file)) { + $fh = \OC\Files\Filesystem::fopen($file, 'r'); + $zip->addFileFromStream($fh, basename($file)); + fclose($fh); + } elseif (\OC\Files\Filesystem::is_dir($file)) { + self::zipAddDir($file, $zip); + } } + } elseif ($get_type === GET_TYPE::ZIP_DIR) { + $file = $dir . '/' . $files; + self::zipAddDir($file, $zip); } - if (!$xsendfile) { - unlink($filename); - } - }else{ - \OC\Files\Filesystem::readfile($filename); - } - foreach (self::$tmpFiles as $tmpFile) { - if (file_exists($tmpFile) and is_file($tmpFile)) { - unlink($tmpFile); + $zip->finalize(); + set_time_limit($executionTime); + } else { + if ($xsendfile) { + /** @var $storage \OC\Files\Storage\Storage */ + list($storage) = \OC\Files\Filesystem::resolvePath($filename); + if ($storage->isLocal()) { + self::addSendfileHeader(\OC\Files\Filesystem::getLocalFile($filename)); + } else { + \OC\Files\Filesystem::readfile($filename); + } + } else { + \OC\Files\Filesystem::readfile($filename); } } } @@ -186,10 +169,10 @@ class OC_Files { header("X-Sendfile: " . $filename); } if (isset($_SERVER['MOD_X_SENDFILE2_ENABLED'])) { - if (isset($_SERVER['HTTP_RANGE']) && + if (isset($_SERVER['HTTP_RANGE']) && preg_match("/^bytes=([0-9]+)-([0-9]*)$/", $_SERVER['HTTP_RANGE'], $range)) { $filelength = filesize($filename); - if ($range[2] == "") { + if ($range[2] === "") { $range[2] = $filelength - 1; } header("Content-Range: bytes $range[1]-$range[2]/" . $filelength); @@ -199,7 +182,7 @@ class OC_Files { header("X-Sendfile: " . $filename); } } - + if (isset($_SERVER['MOD_X_ACCEL_REDIRECT_ENABLED'])) { header("X-Accel-Redirect: " . $filename); } @@ -207,22 +190,27 @@ class OC_Files { /** * @param string $dir - * @param ZipArchive $zip + * @param ZipStreamer $zip + * @param string $internalDir */ public static function zipAddDir($dir, $zip, $internalDir='') { $dirname=basename($dir); - $zip->addEmptyDir($internalDir.$dirname); + $rootDir = $internalDir.$dirname; + if (!empty($rootDir)) { + $zip->addEmptyDir($rootDir); + } $internalDir.=$dirname.='/'; // prevent absolute dirs $internalDir = ltrim($internalDir, '/'); - $files=OC_Files::getDirectoryContent($dir); + + $files=\OC\Files\Filesystem::getDirectoryContent($dir); foreach($files as $file) { $filename=$file['name']; $file=$dir.'/'.$filename; if(\OC\Files\Filesystem::is_file($file)) { - $tmpFile=\OC\Files\Filesystem::toTmpFile($file); - OC_Files::$tmpFiles[]=$tmpFile; - $zip->addFile($tmpFile, $internalDir.$filename); + $fh = \OC\Files\Filesystem::fopen($file, 'r'); + $zip->addFileFromStream($fh, $internalDir.$filename); + fclose($fh); }elseif(\OC\Files\Filesystem::is_dir($file)) { self::zipAddDir($file, $zip, $internalDir); } @@ -232,8 +220,8 @@ class OC_Files { /** * checks if the selected files are within the size constraint. If not, outputs an error page. * - * @param string $dir - * @param files $files + * @param string $dir + * @param array | string $files */ static function validateZipDownload($dir, $files) { if (!OC_Config::getValue('allowZipDownload', true)) { @@ -280,8 +268,8 @@ class OC_Files { /** * set the maximum upload size limit for apache hosts using .htaccess * - * @param int size filesisze in bytes - * @return false on failure, size on success + * @param int $size file size in bytes + * @return bool false on failure, size on success */ static function setUploadLimit($size) { //don't allow user to break his config -- upper boundary @@ -297,11 +285,12 @@ class OC_Files { } //don't allow user to break his config -- broken or malicious size input - if (intval($size) == 0) { + if (intval($size) === 0) { return false; } - $htaccess = @file_get_contents(OC::$SERVERROOT . '/.htaccess'); //supress errors in case we don't have permissions for + //suppress errors in case we don't have permissions for + $htaccess = @file_get_contents(OC::$SERVERROOT . '/.htaccess'); if (!$htaccess) { return false; } @@ -319,7 +308,7 @@ class OC_Files { if ($content !== null) { $htaccess = $content; } - if ($hasReplaced == 0) { + if ($hasReplaced === 0) { $htaccess .= "\n" . $setting; } } diff --git a/lib/private/files/cache/cache.php b/lib/private/files/cache/cache.php index 4cab4619149..9b18257088c 100644 --- a/lib/private/files/cache/cache.php +++ b/lib/private/files/cache/cache.php @@ -166,6 +166,16 @@ class Cache { */ public function getFolderContents($folder) { $fileId = $this->getId($folder); + return $this->getFolderContentsById($fileId); + } + + /** + * get the metadata of all files stored in $folder + * + * @param int $fileId the file id of the folder + * @return array + */ + public function getFolderContentsById($fileId) { if ($fileId > -1) { $sql = 'SELECT `fileid`, `storage`, `path`, `parent`, `name`, `mimetype`, `mimepart`, `size`, `mtime`, `storage_mtime`, `encrypted`, `unencrypted_size`, `etag` diff --git a/lib/private/files/filesystem.php b/lib/private/files/filesystem.php index 952f9f9febf..6478854eae8 100644 --- a/lib/private/files/filesystem.php +++ b/lib/private/files/filesystem.php @@ -320,7 +320,8 @@ class Filesystem { else { self::mount('\OC\Files\Storage\Local', array('datadir' => $root), $user); } - $mount_file = \OC_Config::getValue("mount_file", \OC::$SERVERROOT . "/data/mount.json"); + $datadir = \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data"); + $mount_file = \OC_Config::getValue("mount_file", $datadir . "/mount.json"); //move config file to it's new position if (is_file(\OC::$SERVERROOT . '/config/mount.json')) { @@ -760,7 +761,7 @@ class Filesystem { * * @param string $directory path under datadirectory * @param string $mimetype_filter limit returned content to this mimetype or mimepart - * @return array + * @return \OC\Files\FileInfo[] */ public static function getDirectoryContent($directory, $mimetype_filter = '') { return self::$defaultInstance->getDirectoryContent($directory, $mimetype_filter); diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php index d4dca780ff3..9e826dd6192 100644 --- a/lib/private/files/storage/common.php +++ b/lib/private/files/storage/common.php @@ -140,43 +140,6 @@ abstract class Common implements \OC\Files\Storage\Storage { return $result; } - /** - * @brief Deletes all files and folders recursively within a directory - * @param string $directory The directory whose contents will be deleted - * @param bool $empty Flag indicating whether directory will be emptied - * @returns bool - * - * @note By default the directory specified by $directory will be - * deleted together with its contents. To avoid this set $empty to true - */ - public function deleteAll($directory, $empty = false) { - $directory = trim($directory, '/'); - if (!$this->is_dir($directory) || !$this->isReadable($directory)) { - return false; - } else { - $directoryHandle = $this->opendir($directory); - if (is_resource($directoryHandle)) { - while (($contents = readdir($directoryHandle)) !== false) { - if (!\OC\Files\Filesystem::isIgnoredDir($contents)) { - $path = $directory . '/' . $contents; - if ($this->is_dir($path)) { - $this->deleteAll($path); - } else { - $this->unlink($path); - } - } - } - } - if ($empty === false) { - if (!$this->rmdir($directory)) { - return false; - } - } - return true; - } - - } - public function getMimeType($path) { if ($this->is_dir($path)) { return 'httpd/unix-directory'; diff --git a/lib/private/files/storage/wrapper/quota.php b/lib/private/files/storage/wrapper/quota.php index 1bcdca7f47a..26c952e694a 100644 --- a/lib/private/files/storage/wrapper/quota.php +++ b/lib/private/files/storage/wrapper/quota.php @@ -16,11 +16,17 @@ class Quota extends Wrapper { protected $quota; /** + * @var string $sizeRoot + */ + protected $sizeRoot; + + /** * @param array $parameters */ public function __construct($parameters) { $this->storage = $parameters['storage']; $this->quota = $parameters['quota']; + $this->sizeRoot = isset($parameters['root']) ? $parameters['root'] : ''; } /** @@ -46,7 +52,7 @@ class Quota extends Wrapper { if ($this->quota < 0) { return $this->storage->free_space($path); } else { - $used = $this->getSize(''); + $used = $this->getSize($this->sizeRoot); if ($used < 0) { return \OC\Files\SPACE_NOT_COMPUTED; } else { diff --git a/lib/private/files/view.php b/lib/private/files/view.php index 530aa8f7514..2dbbf5b88c9 100644 --- a/lib/private/files/view.php +++ b/lib/private/files/view.php @@ -413,7 +413,7 @@ class View { $result = $this->copy($path1, $path2); if ($result === true) { list($storage1, $internalPath1) = Filesystem::resolvePath($absolutePath1 . $postFix1); - $result = $storage1->deleteAll($internalPath1); + $result = $storage1->unlink($internalPath1); } } else { $source = $this->fopen($path1 . $postFix1, 'r'); @@ -534,6 +534,8 @@ class View { $source = $this->fopen($path1 . $postFix1, 'r'); $target = $this->fopen($path2 . $postFix2, 'w'); list($count, $result) = \OC_Helper::streamCopy($source, $target); + fclose($source); + fclose($target); } } if ($this->shouldEmitHooks() && $result !== false) { @@ -880,12 +882,13 @@ class View { $watcher->checkUpdate($internalPath); } + $folderId = $cache->getId($internalPath); $files = array(); - $contents = $cache->getFolderContents($internalPath); //TODO: mimetype_filter + $contents = $cache->getFolderContents($internalPath, $folderId); //TODO: mimetype_filter foreach ($contents as $content) { $files[] = new FileInfo($path . '/' . $content['name'], $storage, $content['path'], $content); } - $permissions = $permissionsCache->getDirectoryPermissions($cache->getId($internalPath), $user); + $permissions = $permissionsCache->getDirectoryPermissions($folderId, $user); $ids = array(); foreach ($files as $i => $file) { diff --git a/lib/private/helper.php b/lib/private/helper.php index 1aab2f296e1..d8c4650f666 100644 --- a/lib/private/helper.php +++ b/lib/private/helper.php @@ -64,7 +64,7 @@ class OC_Helper { */ public static function linkToDocs($key) { $theme = new OC_Defaults(); - return $theme->getDocBaseUrl() . '/server/6.0/go.php?to=' . $key; + return $theme->buildDocLinkToKey($key); } /** diff --git a/lib/private/image.php b/lib/private/image.php index 42685ddab5c..da32aa4760f 100644 --- a/lib/private/image.php +++ b/lib/private/image.php @@ -41,8 +41,7 @@ class OC_Image { // exif_imagetype throws "read error!" if file is less than 12 byte if (filesize($filePath) > 11) { $imageType = exif_imagetype($filePath); - } - else { + } else { $imageType = false; } return $imageType ? image_type_to_mime_type($imageType) : ''; @@ -50,7 +49,7 @@ class OC_Image { /** * @brief Constructor. - * @param $imageref The path to a local file, a base64 encoded string or a resource created by an imagecreate* function. + * @param string|resource $imageref The path to a local file, a base64 encoded string or a resource created by an imagecreate* function. * @returns bool False on error */ public function __construct($imageRef = null) { @@ -115,13 +114,11 @@ class OC_Image { case 3: case 4: // Not tested return $this->width(); - break; case 5: // Not tested case 6: case 7: // Not tested case 8: return $this->height(); - break; } return $this->width(); } @@ -140,13 +137,11 @@ class OC_Image { case 3: case 4: // Not tested return $this->height(); - break; case 5: // Not tested case 6: case 7: // Not tested case 8: return $this->width(); - break; } return $this->height(); } @@ -197,7 +192,6 @@ class OC_Image { return false; } - $retVal = false; switch($this->imageType) { case IMAGETYPE_GIF: $retVal = imagegif($this->resource, $filePath); @@ -231,7 +225,7 @@ class OC_Image { } /** - * @returns Returns the image resource in any. + * @returns resource Returns the image resource in any. */ public function resource() { return $this->resource; @@ -264,8 +258,8 @@ class OC_Image { } /** - * @returns Returns a base64 encoded string suitable for embedding in a VCard. - */ + * @return string - base64 encoded, which is suitable for embedding in a VCard. + */ function __toString() { return base64_encode($this->data()); } @@ -307,43 +301,33 @@ class OC_Image { $o = $this->getOrientation(); OC_Log::write('core', 'OC_Image->fixOrientation() Orientation: '.$o, OC_Log::DEBUG); $rotate = 0; - $flip = false; switch($o) { case -1: return false; //Nothing to fix - break; case 1: $rotate = 0; - $flip = false; break; case 2: // Not tested $rotate = 0; - $flip = true; break; case 3: $rotate = 180; - $flip = false; break; case 4: // Not tested $rotate = 180; - $flip = true; break; case 5: // Not tested $rotate = 90; - $flip = true; break; case 6: //$rotate = 90; $rotate = 270; - $flip = false; break; case 7: // Not tested $rotate = 270; - $flip = true; break; case 8: $rotate = 90; - $flip = false; break; } if($rotate) { @@ -367,6 +351,7 @@ class OC_Image { return false; } } + return false; } /** @@ -599,9 +584,9 @@ class OC_Image { $meta['imagesize'] = $meta['filesize'] - $meta['offset']; // in rare cases filesize is equal to offset so we need to read physical size if ($meta['imagesize'] < 1) { - $meta['imagesize'] = @filesize($filename) - $meta['offset']; + $meta['imagesize'] = @filesize($fileName) - $meta['offset']; if ($meta['imagesize'] < 1) { - trigger_error('imagecreatefrombmp: Can not obtain filesize of ' . $filename . '!', E_USER_WARNING); + trigger_error('imagecreatefrombmp: Can not obtain filesize of ' . $fileName . '!', E_USER_WARNING); return false; } } @@ -947,7 +932,7 @@ if ( ! function_exists( 'imagebmp') ) { $index = imagecolorat($im, $i, $j); if ($index !== $lastIndex || $sameNum > 255) { if ($sameNum != 0) { - $bmpData .= chr($same_num) . chr($lastIndex); + $bmpData .= chr($sameNum) . chr($lastIndex); } $lastIndex = $index; $sameNum = 1; diff --git a/lib/private/mimetypes.list.php b/lib/private/mimetypes.list.php index 9bd07b89023..a216414c9dd 100644 --- a/lib/private/mimetypes.list.php +++ b/lib/private/mimetypes.list.php @@ -31,6 +31,7 @@ return array( 'bash' => 'text/x-shellscript', 'blend' => 'application/x-blender', 'bin' => 'application/x-bin', + 'bmp' => 'image/bmp', 'cb7' => 'application/x-cbr', 'cba' => 'application/x-cbr', 'cbr' => 'application/x-cbr', diff --git a/lib/private/minimizer.php b/lib/private/minimizer.php deleted file mode 100644 index db522de74dc..00000000000 --- a/lib/private/minimizer.php +++ /dev/null @@ -1,64 +0,0 @@ -<?php - -abstract class OC_Minimizer { - public function generateETag($files) { - $fullpath_files = array(); - foreach($files as $file_info) { - $fullpath_files[] = $file_info[0] . '/' . $file_info[2]; - } - return OC_Cache::generateCacheKeyFromFiles($fullpath_files); - } - - abstract public function minimizeFiles($files); - - public function output($files, $cache_key) { - header('Content-Type: '.$this->contentType); - OC_Response::enableCaching(); - $etag = $this->generateETag($files); - $cache_key .= '-'.$etag; - - $gzout = false; - $cache = OC_Cache::getGlobalCache(); - if (!OC_Request::isNoCache() && (!defined('DEBUG') || !DEBUG)) { - OC_Response::setETagHeader($etag); - $gzout = $cache->get($cache_key.'.gz'); - } - - if (!$gzout) { - $out = $this->minimizeFiles($files); - $gzout = gzencode($out); - $cache->set($cache_key.'.gz', $gzout); - OC_Response::setETagHeader($etag); - } - // on some systems (e.g. SLES 11, but not Ubuntu) mod_deflate and zlib compression will compress the output twice. - // This results in broken core.css and core.js. To avoid it, we switch off zlib compression. - // Since mod_deflate is still active, Apache will compress what needs to be compressed, i.e. no disadvantage. - if(function_exists('apache_get_modules') && ini_get('zlib.output_compression') && in_array('mod_deflate', apache_get_modules())) { - ini_set('zlib.output_compression', 'Off'); - } - if ($encoding = OC_Request::acceptGZip()) { - header('Content-Encoding: '.$encoding); - $out = $gzout; - } else { - $out = gzdecode($gzout); - } - header('Content-Length: '.strlen($out)); - echo $out; - } - - public function clearCache() { - $cache = OC_Cache::getGlobalCache(); - $cache->clear('core.css'); - $cache->clear('core.js'); - } -} - -if (!function_exists('gzdecode')) { - function gzdecode($data, $maxlength=null, &$filename='', &$error='') - { - if (strcmp(substr($data, 0, 9),"\x1f\x8b\x8\0\0\0\0\0\0")) { - return null; // Not the GZIP format we expect (See RFC 1952) - } - return gzinflate(substr($data, 10, -8)); - } -} diff --git a/lib/private/minimizer/css.php b/lib/private/minimizer/css.php deleted file mode 100644 index 8d130572e2b..00000000000 --- a/lib/private/minimizer/css.php +++ /dev/null @@ -1,38 +0,0 @@ -<?php - -require_once 'mediawiki/CSSMin.php'; - -class OC_Minimizer_CSS extends OC_Minimizer -{ - protected $contentType = 'text/css'; - - public function minimizeFiles($files) { - $css_out = ''; - $webroot = (string) OC::$WEBROOT; - foreach($files as $file_info) { - $file = $file_info[0] . '/' . $file_info[2]; - $css_out .= '/* ' . $file . ' */' . "\n"; - $css = file_get_contents($file); - - $in_root = false; - foreach(OC::$APPSROOTS as $app_root) { - if(strpos($file, $app_root['path'].'/') === 0) { - $in_root = rtrim($webroot.$app_root['url'], '/'); - break; - } - } - if ($in_root !== false) { - $css = str_replace('%appswebroot%', $in_root, $css); - $css = str_replace('%webroot%', $webroot, $css); - } - $remote = $file_info[1]; - $remote .= '/'; - $remote .= dirname($file_info[2]); - $css_out .= CSSMin::remap($css, dirname($file), $remote, true); - } - if (!defined('DEBUG') || !DEBUG) { - $css_out = CSSMin::minify($css_out); - } - return $css_out; - } -} diff --git a/lib/private/minimizer/js.php b/lib/private/minimizer/js.php deleted file mode 100644 index bd2d836deb0..00000000000 --- a/lib/private/minimizer/js.php +++ /dev/null @@ -1,21 +0,0 @@ -<?php - -require_once 'mediawiki/JavaScriptMinifier.php'; - -class OC_Minimizer_JS extends OC_Minimizer -{ - protected $contentType = 'application/javascript'; - - public function minimizeFiles($files) { - $js_out = ''; - foreach($files as $file_info) { - $file = $file_info[0] . '/' . $file_info[2]; - $js_out .= '/* ' . $file . ' */' . "\n"; - $js_out .= file_get_contents($file); - } - if (!defined('DEBUG') || !DEBUG) { - $js_out = JavaScriptMinifier::minify($js_out); - } - return $js_out; - } -} diff --git a/lib/private/request.php b/lib/private/request.php index 0fd20b3cc1f..afd3fda4f2d 100755 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -25,6 +25,16 @@ class OC_Request { } /** + * @brief Checks whether a domain is considered as trusted. This is used to prevent Host Header Poisoning. + * @param string $host + * @return bool + */ + public static function isTrustedDomain($domain) { + $trustedList = \OC_Config::getValue('trusted_domains', array('')); + return in_array($domain, $trustedList); + } + + /** * @brief Returns the server host * @returns string the server host * @@ -43,21 +53,27 @@ class OC_Request { $host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST']))); } else{ - $host=$_SERVER['HTTP_X_FORWARDED_HOST']; + $host = $_SERVER['HTTP_X_FORWARDED_HOST']; } - } - else{ + } else { if (isset($_SERVER['HTTP_HOST'])) { - return $_SERVER['HTTP_HOST']; + $host = $_SERVER['HTTP_HOST']; } - if (isset($_SERVER['SERVER_NAME'])) { - return $_SERVER['SERVER_NAME']; + else if (isset($_SERVER['SERVER_NAME'])) { + $host = $_SERVER['SERVER_NAME']; } - return 'localhost'; } - return $host; - } + // Verify that the host is a trusted domain if the trusted domains + // are defined + // If no trusted domain is provided the first trusted domain is returned + if(self::isTrustedDomain($host) || \OC_Config::getValue('trusted_domains', "") === "") { + return $host; + } else { + $trustedList = \OC_Config::getValue('trusted_domains', array('')); + return $trustedList[0]; + } + } /** * @brief Returns the server protocol @@ -71,14 +87,14 @@ class OC_Request { } if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']); - }else{ - if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) { - $proto = 'https'; - }else{ - $proto = 'http'; - } + // Verify that the protocol is always HTTP or HTTPS + // default to http if an invalid value is provided + return $proto === 'https' ? 'https' : 'http'; + } + if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { + return 'https'; } - return $proto; + return 'http'; } /** @@ -180,33 +196,6 @@ class OC_Request { } /** - * @brief Check if this is a no-cache request - * @return boolean true for no-cache - */ - static public function isNoCache() { - if (!isset($_SERVER['HTTP_CACHE_CONTROL'])) { - return false; - } - return $_SERVER['HTTP_CACHE_CONTROL'] == 'no-cache'; - } - - /** - * @brief Check if the requestor understands gzip - * @return false|string true for gzip encoding supported - */ - static public function acceptGZip() { - if (!isset($_SERVER['HTTP_ACCEPT_ENCODING'])) { - return false; - } - $HTTP_ACCEPT_ENCODING = $_SERVER["HTTP_ACCEPT_ENCODING"]; - if( strpos($HTTP_ACCEPT_ENCODING, 'x-gzip') !== false ) - return 'x-gzip'; - else if( strpos($HTTP_ACCEPT_ENCODING, 'gzip') !== false ) - return 'gzip'; - return false; - } - - /** * @brief Check if the requester sent along an mtime * @return false or an mtime */ diff --git a/lib/private/setup.php b/lib/private/setup.php index 17ef75bc7b5..0d5bf424b33 100644 --- a/lib/private/setup.php +++ b/lib/private/setup.php @@ -65,6 +65,7 @@ class OC_Setup { OC_Config::setValue('passwordsalt', $salt); //write the config file + OC_Config::setValue('trusted_domains', array(OC_Request::serverHost())); OC_Config::setValue('datadirectory', $datadir); OC_Config::setValue('dbtype', $dbtype); OC_Config::setValue('version', implode('.', OC_Util::getVersion())); @@ -97,8 +98,6 @@ class OC_Setup { $appConfig = \OC::$server->getAppConfig(); $appConfig->setValue('core', 'installedat', microtime(true)); $appConfig->setValue('core', 'lastupdatedat', microtime(true)); - $appConfig->setValue('core', 'remote_core.css', '/core/minimizer.php'); - $appConfig->setValue('core', 'remote_core.js', '/core/minimizer.php'); OC_Group::createGroup('admin'); OC_Group::addToGroup($username, 'admin'); @@ -148,7 +147,7 @@ class OC_Setup { $content.= "RewriteRule ^.well-known/host-meta /public.php?service=host-meta [QSA,L]\n"; $content.= "RewriteRule ^.well-known/carddav /remote.php/carddav/ [R]\n"; $content.= "RewriteRule ^.well-known/caldav /remote.php/caldav/ [R]\n"; - $content.= "RewriteRule ^apps/([^/]*)/(.*\.(css|php))$ index.php?app=$1&getfile=$2 [QSA,L]\n"; + $content.= "RewriteRule ^apps/([^/]*)/(.*\.(php))$ index.php?app=$1&getfile=$2 [QSA,L]\n"; $content.= "RewriteRule ^remote/(.*) remote.php [QSA,L]\n"; $content.= "</IfModule>\n"; $content.= "<IfModule mod_mime.c>\n"; diff --git a/lib/private/template/cssresourcelocator.php b/lib/private/template/cssresourcelocator.php index 8e7831ca549..e26daa25827 100644 --- a/lib/private/template/cssresourcelocator.php +++ b/lib/private/template/cssresourcelocator.php @@ -22,7 +22,7 @@ class CSSResourceLocator extends ResourceLocator { $app = substr($style, 0, strpos($style, '/')); $style = substr($style, strpos($style, '/')+1); $app_path = \OC_App::getAppPath($app); - $app_url = $this->webroot . '/index.php/apps/' . $app; + $app_url = \OC_App::getAppWebPath($app); if ($this->appendIfExist($app_path, $style.$this->form_factor.'.css', $app_url) || $this->appendIfExist($app_path, $style.'.css', $app_url) ) { diff --git a/lib/private/templatelayout.php b/lib/private/templatelayout.php index 7bca5bc4836..af17adb11c6 100644 --- a/lib/private/templatelayout.php +++ b/lib/private/templatelayout.php @@ -1,4 +1,11 @@ <?php +use Assetic\Asset\AssetCollection; +use Assetic\Asset\FileAsset; +use Assetic\Asset\GlobAsset; +use Assetic\AssetManager; +use Assetic\AssetWriter; +use Assetic\Filter\CssRewriteFilter; + /** * Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl> * This file is licensed under the Affero General Public License version 3 or @@ -57,35 +64,38 @@ class OC_TemplateLayout extends OC_Template { } else { parent::__construct('core', 'layout.base'); } + $versionParameter = '?v=' . md5(implode(OC_Util::getVersion())); - // Add the js files - $jsfiles = self::findJavascriptFiles(OC_Util::$scripts); - $this->assign('jsfiles', array(), false); - if (OC_Config::getValue('installed', false) && $renderas!='error') { + $useAssetPipeline = OC_Config::getValue('asset-pipeline.enabled', false); + if ($useAssetPipeline) { + $this->append( 'jsfiles', OC_Helper::linkToRoute('js_config') . $versionParameter); - } - if (!empty(OC_Util::$coreScripts)) { - $this->append( 'jsfiles', OC_Helper::linkToRemoteBase('core.js', false) . $versionParameter); - } - foreach($jsfiles as $info) { - $root = $info[0]; - $web = $info[1]; - $file = $info[2]; - $this->append( 'jsfiles', $web.'/'.$file . $versionParameter); - } - // Add the css files - $cssfiles = self::findStylesheetFiles(OC_Util::$styles); - $this->assign('cssfiles', array()); - if (!empty(OC_Util::$coreStyles)) { - $this->append( 'cssfiles', OC_Helper::linkToRemoteBase('core.css', false) . $versionParameter); - } - foreach($cssfiles as $info) { - $root = $info[0]; - $web = $info[1]; - $file = $info[2]; + $this->generateAssets(); - $this->append( 'cssfiles', $web.'/'.$file . $versionParameter); + } else { + + // Add the js files + $jsfiles = self::findJavascriptFiles(OC_Util::$scripts); + $this->assign('jsfiles', array(), false); + if (OC_Config::getValue('installed', false) && $renderas!='error') { + $this->append( 'jsfiles', OC_Helper::linkToRoute('js_config') . $versionParameter); + } + foreach($jsfiles as $info) { + $web = $info[1]; + $file = $info[2]; + $this->append( 'jsfiles', $web.'/'.$file . $versionParameter); + } + + // Add the css files + $cssfiles = self::findStylesheetFiles(OC_Util::$styles); + $this->assign('cssfiles', array()); + foreach($cssfiles as $info) { + $web = $info[1]; + $file = $info[2]; + + $this->append( 'cssfiles', $web.'/'.$file . $versionParameter); + } } } @@ -116,4 +126,57 @@ class OC_TemplateLayout extends OC_Template { $locator->find($scripts); return $locator->getResources(); } + + public function generateAssets() + { + $jsFiles = self::findJavascriptFiles(OC_Util::$scripts); + $jsHash = self::hashScriptNames($jsFiles); + + if (!file_exists("assets/$jsHash.js")) { + $jsFiles = array_map(function ($item) { + $root = $item[0]; + $file = $item[2]; + return new FileAsset($root . '/' . $file, array(), $root, $file); + }, $jsFiles); + $jsCollection = new AssetCollection($jsFiles); + $jsCollection->setTargetPath("assets/$jsHash.js"); + + $writer = new AssetWriter(\OC::$SERVERROOT); + $writer->writeAsset($jsCollection); + } + + $cssFiles = self::findStylesheetFiles(OC_Util::$styles); + $cssHash = self::hashScriptNames($cssFiles); + + if (!file_exists("assets/$cssHash.css")) { + $cssFiles = array_map(function ($item) { + $root = $item[0]; + $file = $item[2]; + $assetPath = $root . '/' . $file; + $sourceRoot = \OC::$SERVERROOT; + $sourcePath = substr($assetPath, strlen(\OC::$SERVERROOT)); + return new FileAsset($assetPath, array(new CssRewriteFilter()), $sourceRoot, $sourcePath); + }, $cssFiles); + $cssCollection = new AssetCollection($cssFiles); + $cssCollection->setTargetPath("assets/$cssHash.css"); + + $writer = new AssetWriter(\OC::$SERVERROOT); + $writer->writeAsset($cssCollection); + } + + $this->append('jsfiles', OC_Helper::linkTo('assets', "$jsHash.js")); + $this->append('cssfiles', OC_Helper::linkTo('assets', "$cssHash.css")); + } + + private static function hashScriptNames($files) + { + $files = array_map(function ($item) { + $root = $item[0]; + $file = $item[2]; + return $root . '/' . $file; + }, $files); + + sort($files); + return hash('md5', implode('', $files)); + } } diff --git a/lib/private/updater.php b/lib/private/updater.php index 764a0f14120..f05d5038b76 100644 --- a/lib/private/updater.php +++ b/lib/private/updater.php @@ -102,6 +102,20 @@ class Updater extends BasicEmitter { $this->log->debug('starting upgrade from ' . $installedVersion . ' to ' . $currentVersion, array('app' => 'core')); } $this->emit('\OC\Updater', 'maintenanceStart'); + + /* + * START CONFIG CHANGES FOR OLDER VERSIONS + */ + if (version_compare($currentVersion, '6.90.1', '<')) { + // Add the overwriteHost config if it is not existant + // This is added to prevent host header poisoning + \OC_Config::setValue('trusted_domains', \OC_Config::getValue('trusted_domains', array(\OC_Request::serverHost()))); + } + /* + * STOP CONFIG CHANGES FOR OLDER VERSIONS + */ + + try { \OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml'); $this->emit('\OC\Updater', 'dbUpgrade'); @@ -162,3 +176,4 @@ class Updater extends BasicEmitter { $this->emit('\OC\Updater', 'filecacheDone'); } } + diff --git a/lib/private/user.php b/lib/private/user.php index 08ead712028..a89b7286c10 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -227,6 +227,7 @@ class OC_User { * Log in a user and regenerate a new session - if the password is ok */ public static function login($uid, $password) { + session_regenerate_id(true); return self::getUserSession()->login($uid, $password); } diff --git a/lib/private/user/session.php b/lib/private/user/session.php index cd03b30205f..1740bad5abe 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -157,7 +157,6 @@ class Session implements Emitter, \OCP\IUserSession { if($user !== false) { if (!is_null($user)) { if ($user->isEnabled()) { - session_regenerate_id(true); $this->setUser($user); $this->setLoginName($uid); $this->manager->emit('\OC\User', 'postLogin', array($user, $password)); diff --git a/lib/private/util.php b/lib/private/util.php index b7856436527..920161949ae 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -11,8 +11,6 @@ class OC_Util { public static $headers=array(); private static $rootMounted=false; private static $fsSetup=false; - public static $coreStyles=array(); - public static $coreScripts=array(); /** * @brief Can be set up @@ -65,7 +63,7 @@ class OC_Util { $user = $storage->getUser()->getUID(); $quota = OC_Util::getUserQuota($user); if ($quota !== \OC\Files\SPACE_UNLIMITED) { - return new \OC\Files\Storage\Wrapper\Quota(array('storage' => $storage, 'quota' => $quota)); + return new \OC\Files\Storage\Wrapper\Quota(array('storage' => $storage, 'quota' => $quota, 'root' => 'files')); } } |