aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Files/Utils/Scanner.php12
-rw-r--r--lib/private/Template/CSSResourceLocator.php50
-rwxr-xr-xlib/private/Template/ResourceLocator.php33
-rw-r--r--lib/private/Template/SCSSCacher.php15
-rw-r--r--lib/private/TemplateLayout.php3
-rw-r--r--lib/private/User/Database.php6
-rw-r--r--lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php1
7 files changed, 110 insertions, 10 deletions
diff --git a/lib/private/Files/Utils/Scanner.php b/lib/private/Files/Utils/Scanner.php
index 98e2c3c8ca2..e76f3225c3c 100644
--- a/lib/private/Files/Utils/Scanner.php
+++ b/lib/private/Files/Utils/Scanner.php
@@ -123,6 +123,12 @@ class Scanner extends PublicEmitter {
if (is_null($storage)) {
continue;
}
+
+ // don't bother scanning failed storages (shortcut for same result)
+ if ($storage->instanceOfStorage('OC\Files\Storage\FailedStorage')) {
+ continue;
+ }
+
// don't scan the root storage
if ($storage->instanceOfStorage('\OC\Files\Storage\Local') && $mount->getMountPoint() === '/') {
continue;
@@ -166,6 +172,12 @@ class Scanner extends PublicEmitter {
if (is_null($storage)) {
continue;
}
+
+ // don't bother scanning failed storages (shortcut for same result)
+ if ($storage->instanceOfStorage('OC\Files\Storage\FailedStorage')) {
+ continue;
+ }
+
// if the home storage isn't writable then the scanner is run as the wrong user
if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
(!$storage->isCreatable('') or !$storage->isCreatable('files'))
diff --git a/lib/private/Template/CSSResourceLocator.php b/lib/private/Template/CSSResourceLocator.php
index 3a474a1ecfd..5f210ef307a 100644
--- a/lib/private/Template/CSSResourceLocator.php
+++ b/lib/private/Template/CSSResourceLocator.php
@@ -88,7 +88,8 @@ class CSSResourceLocator extends ResourceLocator {
if (is_file($root.'/'.$file)) {
if($this->scssCacher !== null) {
if($this->scssCacher->process($root, $file, $app)) {
- $this->append($root, $this->scssCacher->getCachedSCSS($app, $file), false);
+
+ $this->append($root, $this->scssCacher->getCachedSCSS($app, $file), false, true, true);
return true;
} else {
$this->logger->warning('Failed to compile and/or save '.$root.'/'.$file, ['app' => 'core']);
@@ -101,4 +102,51 @@ class CSSResourceLocator extends ResourceLocator {
}
return false;
}
+
+ public function append($root, $file, $webRoot = null, $throw = true, $scss = false) {
+ if (!$scss) {
+ parent::append($root, $file, $webRoot, $throw);
+ } else {
+ if (!$webRoot) {
+ $tmpRoot = $root;
+ /*
+ * traverse the potential web roots upwards in the path
+ *
+ * example:
+ * - root: /srv/www/apps/myapp
+ * - available mappings: ['/srv/www']
+ *
+ * First we check if a mapping for /srv/www/apps/myapp is available,
+ * then /srv/www/apps, /srv/www/apps, /srv/www, ... until we find a
+ * valid web root
+ */
+ do {
+ if (isset($this->mapping[$tmpRoot])) {
+ $webRoot = $this->mapping[$tmpRoot];
+ break;
+ }
+
+ if ($tmpRoot === '/') {
+ $webRoot = '';
+ $this->logger->error('ResourceLocator can not find a web root (root: {root}, file: {file}, webRoot: {webRoot}, throw: {throw})', [
+ 'app' => 'lib',
+ 'root' => $root,
+ 'file' => $file,
+ 'webRoot' => $webRoot,
+ 'throw' => $throw ? 'true' : 'false'
+ ]);
+ break;
+ }
+ $tmpRoot = dirname($tmpRoot);
+ } while(true);
+
+ }
+
+ if ($throw && $tmpRoot === '/') {
+ throw new ResourceNotFoundException($file, $webRoot);
+ }
+
+ $this->resources[] = array($tmpRoot, $webRoot, $file);
+ }
+ }
}
diff --git a/lib/private/Template/ResourceLocator.php b/lib/private/Template/ResourceLocator.php
index e22ebdcab7d..9015bf5d97c 100755
--- a/lib/private/Template/ResourceLocator.php
+++ b/lib/private/Template/ResourceLocator.php
@@ -117,7 +117,38 @@ abstract class ResourceLocator {
*/
protected function append($root, $file, $webRoot = null, $throw = true) {
if (!$webRoot) {
- $webRoot = $this->mapping[$root];
+ $tmpRoot = $root;
+ /*
+ * traverse the potential web roots upwards in the path
+ *
+ * example:
+ * - root: /srv/www/apps/myapp
+ * - available mappings: ['/srv/www']
+ *
+ * First we check if a mapping for /srv/www/apps/myapp is available,
+ * then /srv/www/apps, /srv/www/apps, /srv/www, ... until we find a
+ * valid web root
+ */
+ do {
+ if (isset($this->mapping[$tmpRoot])) {
+ $webRoot = $this->mapping[$tmpRoot];
+ break;
+ }
+
+ if ($tmpRoot === '/') {
+ $webRoot = '';
+ $this->logger->error('ResourceLocator can not find a web root (root: {root}, file: {file}, webRoot: {webRoot}, throw: {throw})', [
+ 'app' => 'lib',
+ 'root' => $root,
+ 'file' => $file,
+ 'webRoot' => $webRoot,
+ 'throw' => $throw ? 'true' : 'false'
+ ]);
+ break;
+ }
+ $tmpRoot = dirname($tmpRoot);
+ } while(true);
+
}
$this->resources[] = array($root, $webRoot, $file);
diff --git a/lib/private/Template/SCSSCacher.php b/lib/private/Template/SCSSCacher.php
index 744ea80761e..b55cd0b93b0 100644
--- a/lib/private/Template/SCSSCacher.php
+++ b/lib/private/Template/SCSSCacher.php
@@ -46,17 +46,26 @@ class SCSSCacher {
/** @var SystemConfig */
protected $systemConfig;
+ /** @var string */
+ protected $serverRoot;
+
/**
* @param ILogger $logger
* @param IAppData $appData
* @param IURLGenerator $urlGenerator
* @param SystemConfig $systemConfig
+ * @param string $serverRoot
*/
- public function __construct(ILogger $logger, IAppData $appData, IURLGenerator $urlGenerator, SystemConfig $systemConfig) {
+ public function __construct(ILogger $logger,
+ IAppData $appData,
+ IURLGenerator $urlGenerator,
+ SystemConfig $systemConfig,
+ $serverRoot) {
$this->logger = $logger;
$this->appData = $appData;
$this->urlGenerator = $urlGenerator;
$this->systemConfig = $systemConfig;
+ $this->serverRoot = $serverRoot;
}
/**
@@ -74,9 +83,7 @@ class SCSSCacher {
$path = implode('/', $path);
- $webDir = explode('/', $file);
- array_pop($webDir);
- $webDir = implode('/', $webDir);
+ $webDir = substr($path, strlen($this->serverRoot)+1);
try {
$folder = $this->appData->getFolder($app);
diff --git a/lib/private/TemplateLayout.php b/lib/private/TemplateLayout.php
index 3f8c75adc84..6d2c3b2674f 100644
--- a/lib/private/TemplateLayout.php
+++ b/lib/private/TemplateLayout.php
@@ -218,7 +218,8 @@ class TemplateLayout extends \OC_Template {
\OC::$server->getLogger(),
\OC::$server->getAppDataDir('css'),
\OC::$server->getURLGenerator(),
- \OC::$server->getSystemConfig()
+ \OC::$server->getSystemConfig(),
+ \OC::$SERVERROOT
);
} else {
$SCSSCacher = null;
diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index a281572ad55..060953c3009 100644
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -185,8 +185,8 @@ class Database extends Backend implements IUserBackend {
$parameters = [];
$searchLike = '';
if ($search !== '') {
- $parameters[] = '%' . $search . '%';
- $parameters[] = '%' . $search . '%';
+ $parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
+ $parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
$searchLike = ' WHERE LOWER(`displayname`) LIKE LOWER(?) OR '
. 'LOWER(`uid`) LIKE LOWER(?)';
}
@@ -275,7 +275,7 @@ class Database extends Backend implements IUserBackend {
$parameters = [];
$searchLike = '';
if ($search !== '') {
- $parameters[] = '%' . $search . '%';
+ $parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
$searchLike = ' WHERE LOWER(`uid`) LIKE LOWER(?)';
}
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 90ba47a2f3f..c53b5b2146c 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -335,6 +335,7 @@ class EmptyContentSecurityPolicy {
*/
public function buildPolicy() {
$policy = "default-src 'none';";
+ $policy .= "base-uri 'none';";
if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
$policy .= 'script-src ';
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-25 07:55:19 +0000