diff options
Diffstat (limited to 'lib/util.php')
| -rwxr-xr-x | lib/util.php | 69 |
1 files changed, 26 insertions, 43 deletions
diff --git a/lib/util.php b/lib/util.php index de89e339d99..d16424ce4e1 100755 --- a/lib/util.php +++ b/lib/util.php @@ -95,7 +95,7 @@ class OC_Util { */ public static function getVersion() { // hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4.90.0. This is not visible to the user - return array(4,91,00); + return array(4, 91, 00); } /** @@ -157,7 +157,7 @@ class OC_Util { * @param string $text the text content for the element */ public static function addHeader( $tag, $attributes, $text='') { - self::$headers[]=array('tag'=>$tag,'attributes'=>$attributes,'text'=>$text); + self::$headers[]=array('tag'=>$tag,'attributes'=>$attributes, 'text'=>$text); } /** @@ -166,7 +166,7 @@ class OC_Util { * @param int timestamp $timestamp * @param bool dateOnly option to ommit time from the result */ - public static function formatDate( $timestamp,$dateOnly=false) { + public static function formatDate( $timestamp, $dateOnly=false) { if(isset($_SESSION['timezone'])) {//adjust to clients timezone if we know it $systemTimeZone = intval(date('O')); $systemTimeZone=(round($systemTimeZone/100, 0)*60)+($systemTimeZone%100); @@ -186,7 +186,7 @@ class OC_Util { * @param string $url * @return OC_Template */ - public static function getPageNavi($pagecount,$page,$url) { + public static function getPageNavi($pagecount, $page, $url) { $pagelinkcount=8; if ($pagecount>1) { @@ -217,7 +217,7 @@ class OC_Util { $web_server_restart= false; //check for database drivers if(!(is_callable('sqlite_open') or class_exists('SQLite3')) and !is_callable('mysql_connect') and !is_callable('pg_connect')) { - $errors[]=array('error'=>'No database drivers (sqlite, mysql, or postgresql) installed.<br/>','hint'=>'');//TODO: sane hint + $errors[]=array('error'=>'No database drivers (sqlite, mysql, or postgresql) installed.<br/>', 'hint'=>'');//TODO: sane hint $web_server_restart= true; } @@ -226,13 +226,13 @@ class OC_Util { // Check if config folder is writable. if(!is_writable(OC::$SERVERROOT."/config/") or !is_readable(OC::$SERVERROOT."/config/")) { - $errors[]=array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud"); + $errors[]=array('error'=>"Can't write into config directory 'config'", 'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud"); } // Check if there is a writable install folder. if(OC_Config::getValue('appstoreenabled', true)) { if( OC_App::getInstallPath() === null || !is_writable(OC_App::getInstallPath()) || !is_readable(OC_App::getInstallPath()) ) { - $errors[]=array('error'=>"Can't write into apps directory",'hint'=>"You can usually fix this by giving the webserver user write access to the apps directory + $errors[]=array('error'=>"Can't write into apps directory", 'hint'=>"You can usually fix this by giving the webserver user write access to the apps directory in owncloud or disabling the appstore in the config file."); } } @@ -269,57 +269,57 @@ class OC_Util { if(!is_dir($CONFIG_DATADIRECTORY)) { $success=@mkdir($CONFIG_DATADIRECTORY); if(!$success) { - $errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")",'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' "); + $errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")", 'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' "); } } else if(!is_writable($CONFIG_DATADIRECTORY) or !is_readable($CONFIG_DATADIRECTORY)) { - $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud<br/>','hint'=>$permissionsHint); + $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud<br/>', 'hint'=>$permissionsHint); } // check if all required php modules are present if(!class_exists('ZipArchive')) { - $errors[]=array('error'=>'PHP module zip not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP module zip not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if(!function_exists('mb_detect_encoding')) { - $errors[]=array('error'=>'PHP module mb multibyte not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP module mb multibyte not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if(!function_exists('ctype_digit')) { - $errors[]=array('error'=>'PHP module ctype is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP module ctype is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if(!function_exists('json_encode')) { - $errors[]=array('error'=>'PHP module JSON is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP module JSON is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if(!function_exists('imagepng')) { - $errors[]=array('error'=>'PHP module GD is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP module GD is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if(!function_exists('gzencode')) { - $errors[]=array('error'=>'PHP module zlib is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP module zlib is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if(!function_exists('iconv')) { - $errors[]=array('error'=>'PHP module iconv is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP module iconv is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if(!function_exists('simplexml_load_string')) { - $errors[]=array('error'=>'PHP module SimpleXML is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP module SimpleXML is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if(floatval(phpversion())<5.3) { - $errors[]=array('error'=>'PHP 5.3 is required.<br/>','hint'=>'Please ask your server administrator to update PHP to version 5.3 or higher. PHP 5.2 is no longer supported by ownCloud and the PHP community.'); + $errors[]=array('error'=>'PHP 5.3 is required.<br/>', 'hint'=>'Please ask your server administrator to update PHP to version 5.3 or higher. PHP 5.2 is no longer supported by ownCloud and the PHP community.'); $web_server_restart= false; } if(!defined('PDO::ATTR_DRIVER_NAME')) { - $errors[]=array('error'=>'PHP PDO module is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.'); + $errors[]=array('error'=>'PHP PDO module is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); $web_server_restart= false; } if($web_server_restart) { - $errors[]=array('error'=>'PHP modules have been installed, but they are still listed as missing?<br/>','hint'=>'Please ask your server administrator to restart the web server.'); + $errors[]=array('error'=>'PHP modules have been installed, but they are still listed as missing?<br/>', 'hint'=>'Please ask your server administrator to restart the web server.'); } return $errors; @@ -473,17 +473,6 @@ class OC_Util { } /** - * @brief Static lifespan (in seconds) when a request token expires. - * @see OC_Util::callRegister() - * @see OC_Util::isCallRegistered() - * @description - * Also required for the client side to compute the piont in time when to - * request a fresh token. The client will do so when nearly 97% of the - * timespan coded here has expired. - */ - public static $callLifespan = 3600; // 3600 secs = 1 hour - - /** * @brief Register an get/post call. Important to prevent CSRF attacks. * @todo Write howto: CSRF protection guide * @return $token Generated token. @@ -491,30 +480,24 @@ class OC_Util { * Creates a 'request token' (random) and stores it inside the session. * Ever subsequent (ajax) request must use such a valid token to succeed, * otherwise the request will be denied as a protection against CSRF. - * The tokens expire after a fixed lifespan. - * @see OC_Util::$callLifespan * @see OC_Util::isCallRegistered() */ public static function callRegister() { // Check if a token exists - if(!isset($_SESSION['requesttoken']) || time() >$_SESSION['requesttoken']['time']) { + if(!isset($_SESSION['requesttoken'])) { // No valid token found, generate a new one. - $requestTokenArray = array( - "requesttoken" => self::generate_random_bytes(20), - "time" => time()+self::$callLifespan, - ); - $_SESSION['requesttoken']=$requestTokenArray; + $requestToken = self::generate_random_bytes(20); + $_SESSION['requesttoken']=$requestToken; } else { // Valid token already exists, send it - $requestTokenArray = $_SESSION['requesttoken']; + $requestToken = $_SESSION['requesttoken']; } - return($requestTokenArray['requesttoken']); + return($requestToken); } /** * @brief Check an ajax get/post call if the request token is valid. * @return boolean False if request token is not set or is invalid. - * @see OC_Util::$callLifespan * @see OC_Util::callRegister() */ public static function isCallRegistered() { @@ -530,7 +513,7 @@ class OC_Util { } // Check if the token is valid - if(!isset($_SESSION['requesttoken']) || time() > $_SESSION['requesttoken']["time"]) { + if($token !== $_SESSION['requesttoken']) { // Not valid return false; } else { |