aboutsummaryrefslogtreecommitdiffstats
path: root/lib/util.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/util.php')
-rwxr-xr-xlib/util.php105
1 files changed, 38 insertions, 67 deletions
diff --git a/lib/util.php b/lib/util.php
index 789c75f4154..40b44bf9d6e 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -95,7 +95,7 @@ class OC_Util {
*/
public static function getVersion() {
// hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4.90.0. This is not visible to the user
- return array(4,91,00);
+ return array(4, 91, 00);
}
/**
@@ -157,7 +157,7 @@ class OC_Util {
* @param string $text the text content for the element
*/
public static function addHeader( $tag, $attributes, $text='') {
- self::$headers[]=array('tag'=>$tag,'attributes'=>$attributes,'text'=>$text);
+ self::$headers[]=array('tag'=>$tag,'attributes'=>$attributes, 'text'=>$text);
}
/**
@@ -166,7 +166,7 @@ class OC_Util {
* @param int timestamp $timestamp
* @param bool dateOnly option to ommit time from the result
*/
- public static function formatDate( $timestamp,$dateOnly=false) {
+ public static function formatDate( $timestamp, $dateOnly=false) {
if(isset($_SESSION['timezone'])) {//adjust to clients timezone if we know it
$systemTimeZone = intval(date('O'));
$systemTimeZone=(round($systemTimeZone/100, 0)*60)+($systemTimeZone%100);
@@ -186,7 +186,7 @@ class OC_Util {
* @param string $url
* @return OC_Template
*/
- public static function getPageNavi($pagecount,$page,$url) {
+ public static function getPageNavi($pagecount, $page, $url) {
$pagelinkcount=8;
if ($pagecount>1) {
@@ -217,7 +217,7 @@ class OC_Util {
$web_server_restart= false;
//check for database drivers
if(!(is_callable('sqlite_open') or class_exists('SQLite3')) and !is_callable('mysql_connect') and !is_callable('pg_connect')) {
- $errors[]=array('error'=>'No database drivers (sqlite, mysql, or postgresql) installed.<br/>','hint'=>'');//TODO: sane hint
+ $errors[]=array('error'=>'No database drivers (sqlite, mysql, or postgresql) installed.<br/>', 'hint'=>'');//TODO: sane hint
$web_server_restart= true;
}
@@ -226,13 +226,13 @@ class OC_Util {
// Check if config folder is writable.
if(!is_writable(OC::$SERVERROOT."/config/") or !is_readable(OC::$SERVERROOT."/config/")) {
- $errors[]=array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
+ $errors[]=array('error'=>"Can't write into config directory 'config'", 'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
}
// Check if there is a writable install folder.
if(OC_Config::getValue('appstoreenabled', true)) {
if( OC_App::getInstallPath() === null || !is_writable(OC_App::getInstallPath()) || !is_readable(OC_App::getInstallPath()) ) {
- $errors[]=array('error'=>"Can't write into apps directory",'hint'=>"You can usually fix this by giving the webserver user write access to the apps directory
+ $errors[]=array('error'=>"Can't write into apps directory", 'hint'=>"You can usually fix this by giving the webserver user write access to the apps directory
in owncloud or disabling the appstore in the config file.");
}
}
@@ -269,57 +269,57 @@ class OC_Util {
if(!is_dir($CONFIG_DATADIRECTORY)) {
$success=@mkdir($CONFIG_DATADIRECTORY);
if(!$success) {
- $errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")",'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ");
+ $errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")", 'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ");
}
} else if(!is_writable($CONFIG_DATADIRECTORY) or !is_readable($CONFIG_DATADIRECTORY)) {
- $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud<br/>','hint'=>$permissionsHint);
+ $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud<br/>', 'hint'=>$permissionsHint);
}
// check if all required php modules are present
if(!class_exists('ZipArchive')) {
- $errors[]=array('error'=>'PHP module zip not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP module zip not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if(!function_exists('mb_detect_encoding')) {
- $errors[]=array('error'=>'PHP module mb multibyte not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP module mb multibyte not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if(!function_exists('ctype_digit')) {
- $errors[]=array('error'=>'PHP module ctype is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP module ctype is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if(!function_exists('json_encode')) {
- $errors[]=array('error'=>'PHP module JSON is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP module JSON is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if(!function_exists('imagepng')) {
- $errors[]=array('error'=>'PHP module GD is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP module GD is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if(!function_exists('gzencode')) {
- $errors[]=array('error'=>'PHP module zlib is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP module zlib is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if(!function_exists('iconv')) {
- $errors[]=array('error'=>'PHP module iconv is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP module iconv is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if(!function_exists('simplexml_load_string')) {
- $errors[]=array('error'=>'PHP module SimpleXML is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP module SimpleXML is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if(floatval(phpversion())<5.3) {
- $errors[]=array('error'=>'PHP 5.3 is required.<br/>','hint'=>'Please ask your server administrator to update PHP to version 5.3 or higher. PHP 5.2 is no longer supported by ownCloud and the PHP community.');
+ $errors[]=array('error'=>'PHP 5.3 is required.<br/>', 'hint'=>'Please ask your server administrator to update PHP to version 5.3 or higher. PHP 5.2 is no longer supported by ownCloud and the PHP community.');
$web_server_restart= false;
}
if(!defined('PDO::ATTR_DRIVER_NAME')) {
- $errors[]=array('error'=>'PHP PDO module is not installed.<br/>','hint'=>'Please ask your server administrator to install the module.');
+ $errors[]=array('error'=>'PHP PDO module is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if($web_server_restart) {
- $errors[]=array('error'=>'PHP modules have been installed, but they are still listed as missing?<br/>','hint'=>'Please ask your server administrator to restart the web server.');
+ $errors[]=array('error'=>'PHP modules have been installed, but they are still listed as missing?<br/>', 'hint'=>'Please ask your server administrator to restart the web server.');
}
return $errors;
@@ -473,17 +473,6 @@ class OC_Util {
}
/**
- * @brief Static lifespan (in seconds) when a request token expires.
- * @see OC_Util::callRegister()
- * @see OC_Util::isCallRegistered()
- * @description
- * Also required for the client side to compute the piont in time when to
- * request a fresh token. The client will do so when nearly 97% of the
- * timespan coded here has expired.
- */
- public static $callLifespan = 3600; // 3600 secs = 1 hour
-
- /**
* @brief Register an get/post call. Important to prevent CSRF attacks.
* @todo Write howto: CSRF protection guide
* @return $token Generated token.
@@ -491,40 +480,25 @@ class OC_Util {
* Creates a 'request token' (random) and stores it inside the session.
* Ever subsequent (ajax) request must use such a valid token to succeed,
* otherwise the request will be denied as a protection against CSRF.
- * The tokens expire after a fixed lifespan.
- * @see OC_Util::$callLifespan
* @see OC_Util::isCallRegistered()
*/
public static function callRegister() {
- // generate a random token.
- $token = self::generate_random_bytes(20);
-
- // store the token together with a timestamp in the session.
- $_SESSION['requesttoken-'.$token]=time();
-
- // cleanup old tokens garbage collector
- // only run every 20th time so we don't waste cpu cycles
- if(rand(0, 20)==0) {
- foreach($_SESSION as $key=>$value) {
- // search all tokens in the session
- if(substr($key, 0, 12)=='requesttoken') {
- // check if static lifespan has expired
- if($value+self::$callLifespan<time()) {
- // remove outdated tokens
- unset($_SESSION[$key]);
- }
- }
- }
+ // Check if a token exists
+ if(!isset($_SESSION['requesttoken'])) {
+ // No valid token found, generate a new one.
+ $requestToken = self::generate_random_bytes(20);
+ $_SESSION['requesttoken']=$requestToken;
+ } else {
+ // Valid token already exists, send it
+ $requestToken = $_SESSION['requesttoken'];
}
- // return the token
- return($token);
+ return($requestToken);
}
/**
* @brief Check an ajax get/post call if the request token is valid.
* @return boolean False if request token is not set or is invalid.
- * @see OC_Util::$callLifespan
- * @see OC_Util::calLRegister()
+ * @see OC_Util::callRegister()
*/
public static function isCallRegistered() {
if(isset($_GET['requesttoken'])) {
@@ -537,17 +511,14 @@ class OC_Util {
//no token found.
return false;
}
- if(isset($_SESSION['requesttoken-'.$token])) {
- $timestamp=$_SESSION['requesttoken-'.$token];
- // check if static lifespan has expired
- if($timestamp+self::$callLifespan<time()) {
- return false;
- }else{
- //token valid
- return true;
- }
- }else{
+
+ // Check if the token is valid
+ if($token !== $_SESSION['requesttoken']) {
+ // Not valid
return false;
+ } else {
+ // Valid token
+ return true;
}
}
@@ -588,7 +559,7 @@ class OC_Util {
// creating a test file
$testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename;
- if(file_exists($testfile)){// already running this test, possible recursive call
+ if(file_exists($testfile)) {// already running this test, possible recursive call
return false;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-04 12:23:44 +0000