diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api.php | 7 | ||||
| -rw-r--r-- | lib/app.php | 2 | ||||
| -rw-r--r-- | lib/base.php | 140 | ||||
| -rw-r--r-- | lib/connector/sabre/directory.php | 4 | ||||
| -rw-r--r-- | lib/connector/sabre/node.php | 4 | ||||
| -rw-r--r-- | lib/connector/sabre/request.php | 50 | ||||
| -rw-r--r-- | lib/files/cache/cache.php | 8 | ||||
| -rw-r--r-- | lib/files/cache/scanner.php | 2 | ||||
| -rw-r--r-- | lib/files/filesystem.php | 12 | ||||
| -rw-r--r-- | lib/files/view.php | 16 | ||||
| -rw-r--r-- | lib/l10n.php | 2 | ||||
| -rw-r--r-- | lib/l10n/fa.php | 13 | ||||
| -rw-r--r-- | lib/l10n/sr.php | 8 | ||||
| -rw-r--r-- | lib/public/util.php | 22 | ||||
| -rwxr-xr-x | lib/request.php | 45 | ||||
| -rw-r--r-- | lib/search.php | 16 | ||||
| -rw-r--r-- | lib/template.php | 2 | ||||
| -rwxr-xr-x | lib/util.php | 60 |
18 files changed, 287 insertions, 126 deletions
diff --git a/lib/api.php b/lib/api.php index 545b55757ff..abf1c3b0036 100644 --- a/lib/api.php +++ b/lib/api.php @@ -188,10 +188,13 @@ class OC_API { private static function toXML($array, $writer) { foreach($array as $k => $v) { - if (is_numeric($k)) { + if ($k[0] === '@') { + $writer->writeAttribute(substr($k, 1), $v); + continue; + } else if (is_numeric($k)) { $k = 'element'; } - if (is_array($v)) { + if(is_array($v)) { $writer->startElement($k); self::toXML($v, $writer); $writer->endElement(); diff --git a/lib/app.php b/lib/app.php index 7aafeb36295..fa3e14ce4d2 100644 --- a/lib/app.php +++ b/lib/app.php @@ -506,7 +506,7 @@ class OC_App{ * @return string */ public static function getCurrentApp() { - $script=substr($_SERVER["SCRIPT_NAME"], strlen(OC::$WEBROOT)+1); + $script=substr(OC_Request::scriptName(), strlen(OC::$WEBROOT)+1); $topFolder=substr($script, 0, strpos($script, '/')); if (empty($topFolder)) { $path_info = OC_Request::getPathInfo(); diff --git a/lib/base.php b/lib/base.php index ea5c939cd80..90e64f13af6 100644 --- a/lib/base.php +++ b/lib/base.php @@ -27,8 +27,7 @@ require_once 'public/constants.php'; * No, we can not put this class in its own file because it is used by * OC_autoload! */ -class OC -{ +class OC { /** * Associative array for autoloading. classname => filename */ @@ -78,13 +77,12 @@ class OC /** * SPL autoload */ - public static function autoload($className) - { + public static function autoload($className) { if (array_key_exists($className, OC::$CLASSPATH)) { $path = OC::$CLASSPATH[$className]; /** @TODO: Remove this when necessary - Remove "apps/" from inclusion path for smooth migration to mutli app dir - */ + Remove "apps/" from inclusion path for smooth migration to mutli app dir + */ if (strpos($path, 'apps/') === 0) { OC_Log::write('core', 'include path for class "' . $className . '" starts with "apps/"', OC_Log::DEBUG); $path = str_replace('apps/', '', $path); @@ -96,7 +94,7 @@ class OC } elseif (strpos($className, 'OCP\\') === 0) { $path = 'public/' . strtolower(str_replace('\\', '/', substr($className, 3)) . '.php'); } elseif (strpos($className, 'OCA\\') === 0) { - foreach(self::$APPSROOTS as $appDir) { + foreach (self::$APPSROOTS as $appDir) { $path = $appDir['path'] . '/' . strtolower(str_replace('\\', '/', substr($className, 3)) . '.php'); $fullPath = stream_resolve_include_path($path); if (file_exists($fullPath)) { @@ -124,12 +122,18 @@ class OC return false; } - public static function initPaths() - { + public static function initPaths() { // calculate the root directories OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4)); + + // ensure we can find OC_Config + set_include_path( + OC::$SERVERROOT . '/lib' . PATH_SEPARATOR . + get_include_path() + ); + OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT))); - $scriptName = $_SERVER["SCRIPT_NAME"]; + $scriptName = OC_Request::scriptName(); if (substr($scriptName, -1) == '/') { $scriptName .= 'index.php'; //make sure suburi follows the same rules as scriptName @@ -147,12 +151,6 @@ class OC OC::$WEBROOT = '/' . OC::$WEBROOT; } - // ensure we can find OC_Config - set_include_path( - OC::$SERVERROOT . '/lib' . PATH_SEPARATOR . - get_include_path() - ); - // search the 3rdparty folder if (OC_Config::getValue('3rdpartyroot', '') <> '' and OC_Config::getValue('3rdpartyurl', '') <> '') { OC::$THIRDPARTYROOT = OC_Config::getValue('3rdpartyroot', ''); @@ -188,17 +186,18 @@ class OC exit; } $paths = array(); - foreach (OC::$APPSROOTS as $path) + foreach (OC::$APPSROOTS as $path) { $paths[] = $path['path']; + } // set the right include path set_include_path( OC::$SERVERROOT . '/lib' . PATH_SEPARATOR . - OC::$SERVERROOT . '/config' . PATH_SEPARATOR . - OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR . - implode($paths, PATH_SEPARATOR) . PATH_SEPARATOR . - get_include_path() . PATH_SEPARATOR . - OC::$SERVERROOT + OC::$SERVERROOT . '/config' . PATH_SEPARATOR . + OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR . + implode($paths, PATH_SEPARATOR) . PATH_SEPARATOR . + get_include_path() . PATH_SEPARATOR . + OC::$SERVERROOT ); } @@ -211,8 +210,7 @@ class OC } } - public static function checkInstalled() - { + public static function checkInstalled() { // Redirect to installer if not installed if (!OC_Config::getValue('installed', false) && OC::$SUBURI != '/index.php') { if (!OC::$CLI) { @@ -223,14 +221,13 @@ class OC } } - public static function checkSSL() - { + public static function checkSSL() { // redirect to https site if configured if (OC_Config::getValue("forcessl", false)) { header('Strict-Transport-Security: max-age=31536000'); ini_set("session.cookie_secure", "on"); if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) { - $url = "https://" . OC_Request::serverHost() . $_SERVER['REQUEST_URI']; + $url = "https://" . OC_Request::serverHost() . OC_Request::requestUri(); header("Location: $url"); exit(); } @@ -274,8 +271,7 @@ class OC } } - public static function initTemplateEngine() - { + public static function initTemplateEngine() { // Add the stuff we need always OC_Util::addScript("jquery-1.7.2.min"); OC_Util::addScript("jquery-ui-1.10.0.custom"); @@ -297,8 +293,7 @@ class OC OC_Util::addScript("oc-requesttoken"); } - public static function initSession() - { + public static function initSession() { // prevents javascript from accessing php session cookies ini_set('session.cookie_httponly', '1;'); @@ -328,8 +323,7 @@ class OC $_SESSION['LAST_ACTIVITY'] = time(); } - public static function getRouter() - { + public static function getRouter() { if (!isset(OC::$router)) { OC::$router = new OC_Router(); OC::$router->loadRoutes(); @@ -339,19 +333,17 @@ class OC } - public static function loadAppClassPaths() - { - foreach(OC_APP::getEnabledApps() as $app) { - $file = OC_App::getAppPath($app).'/appinfo/classpath.php'; - if(file_exists($file)) { + public static function loadAppClassPaths() { + foreach (OC_APP::getEnabledApps() as $app) { + $file = OC_App::getAppPath($app) . '/appinfo/classpath.php'; + if (file_exists($file)) { require_once $file; } } } - public static function init() - { + public static function init() { // register autoloader spl_autoload_register(array('OC', 'autoload')); setlocale(LC_ALL, 'en_US.UTF-8'); @@ -516,8 +508,7 @@ class OC /** * register hooks for the cache */ - public static function registerCacheHooks() - { + public static function registerCacheHooks() { // register cache cleanup jobs OC_BackgroundJob_RegularTask::register('OC_Cache_FileGlobal', 'gc'); OC_Hook::connect('OC_User', 'post_login', 'OC_Cache_File', 'loginListener'); @@ -526,8 +517,7 @@ class OC /** * register hooks for the filesystem */ - public static function registerFilesystemHooks() - { + public static function registerFilesystemHooks() { // Check for blacklisted files OC_Hook::connect('OC_Filesystem', 'write', 'OC_Filesystem', 'isBlacklisted'); OC_Hook::connect('OC_Filesystem', 'rename', 'OC_Filesystem', 'isBlacklisted'); @@ -536,8 +526,7 @@ class OC /** * register hooks for sharing */ - public static function registerShareHooks() - { + public static function registerShareHooks() { OC_Hook::connect('OC_User', 'post_deleteUser', 'OCP\Share', 'post_deleteUser'); OC_Hook::connect('OC_User', 'post_addToGroup', 'OCP\Share', 'post_addToGroup'); OC_Hook::connect('OC_User', 'post_removeFromGroup', 'OCP\Share', 'post_removeFromGroup'); @@ -547,12 +536,22 @@ class OC /** * @brief Handle the request */ - public static function handleRequest() - { + public static function handleRequest() { // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); + // Check if ownCloud is installed or in maintenance (update) mode + if (!OC_Config::getValue('installed', false)) { + require_once 'core/setup.php'; + exit(); + } + $request = OC_Request::getPathInfo(); + if(substr($request, -3) !== '.js'){// we need these files during the upgrade + self::checkMaintenanceMode(); + self::checkUpgrade(); + } + try { OC::getRouter()->match(OC_Request::getPathInfo()); return; @@ -562,6 +561,7 @@ class OC OC_Response::setStatus(405); return; } + $app = OC::$REQUESTEDAPP; $file = OC::$REQUESTEDFILE; $param = array('app' => $app, 'file' => $file); @@ -571,14 +571,6 @@ class OC return; } - // Check if ownCloud is installed or in maintenance (update) mode - if (!OC_Config::getValue('installed', false)) { - require_once 'core/setup.php'; - exit(); - } - self::checkMaintenanceMode(); - self::checkUpgrade(); - // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); @@ -608,7 +600,7 @@ class OC $file_ext = substr($param['file'], -3); if ($file_ext != 'php' || !self::loadAppScriptFile($param) - ) { + ) { header('HTTP/1.0 404 Not Found'); } } @@ -618,8 +610,7 @@ class OC self::handleLogin(); } - public static function loadAppScriptFile($param) - { + public static function loadAppScriptFile($param) { OC_App::loadApps(); $app = $param['app']; $file = $param['file']; @@ -633,8 +624,7 @@ class OC return false; } - public static function loadCSSFile($param) - { + public static function loadCSSFile($param) { $app = $param['app']; $file = $param['file']; $app_path = OC_App::getAppPath($app); @@ -647,27 +637,25 @@ class OC } } - protected static function handleLogin() - { + protected static function handleLogin() { OC_App::loadApps(array('prelogin')); $error = array(); // remember was checked after last login if (OC::tryRememberLogin()) { $error[] = 'invalidcookie'; - // Someone wants to log in : + // Someone wants to log in : } elseif (OC::tryFormLogin()) { $error[] = 'invalidpassword'; - // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP + // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP } elseif (OC::tryBasicAuthLogin()) { $error[] = 'invalidpassword'; } OC_Util::displayLoginPage(array_unique($error)); } - protected static function cleanupLoginTokens($user) - { + protected static function cleanupLoginTokens($user) { $cutoff = time() - OC_Config::getValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); $tokens = OC_Preferences::getKeys($user, 'login_token'); foreach ($tokens as $token) { @@ -678,13 +666,12 @@ class OC } } - protected static function tryRememberLogin() - { + protected static function tryRememberLogin() { if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) || !$_COOKIE["oc_remember_login"] - ) { + ) { return false; } OC_App::loadApps(array('authentication')); @@ -719,8 +706,7 @@ class OC return true; } - protected static function tryFormLogin() - { + protected static function tryFormLogin() { if (!isset($_POST["user"]) || !isset($_POST['password'])) { return false; } @@ -753,18 +739,17 @@ class OC return true; } - protected static function tryBasicAuthLogin() - { + protected static function tryBasicAuthLogin() { if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"]) - ) { + ) { return false; } OC_App::loadApps(array('authentication')); if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG); OC_User::unsetMagicInCookie(); - $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''); + $_REQUEST['redirect_url'] = OC_Request::requestUri(); OC_Util::redirectToDefaultPage(); } return true; @@ -778,8 +763,7 @@ if (!isset($RUNTIME_NOAPPS)) { } if (!function_exists('get_temp_dir')) { - function get_temp_dir() - { + function get_temp_dir() { if ($temp = ini_get('upload_tmp_dir')) return $temp; if ($temp = getenv('TMP')) return $temp; if ($temp = getenv('TEMP')) return $temp; diff --git a/lib/connector/sabre/directory.php b/lib/connector/sabre/directory.php index a7201579366..b210602bbf4 100644 --- a/lib/connector/sabre/directory.php +++ b/lib/connector/sabre/directory.php @@ -138,7 +138,9 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa $propertypath = $row['propertypath']; $propertyname = $row['propertyname']; $propertyvalue = $row['propertyvalue']; - $properties[$propertypath][$propertyname] = $propertyvalue; + if($propertyname !== self::GETETAG_PROPERTYNAME) { + $properties[$propertypath][$propertyname] = $propertyvalue; + } } } } diff --git a/lib/connector/sabre/node.php b/lib/connector/sabre/node.php index b48d3b41f24..52995630211 100644 --- a/lib/connector/sabre/node.php +++ b/lib/connector/sabre/node.php @@ -154,7 +154,9 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr } } else { - if( strcmp( $propertyName, self::LASTMODIFIED_PROPERTYNAME) === 0 ) { + if( strcmp( $propertyName, self::GETETAG_PROPERTYNAME) === 0 ) { + \OC\Files\Filesystem::putFileInfo($this->path, array('etag'=> $propertyValue)); + } elseif( strcmp( $propertyName, self::LASTMODIFIED_PROPERTYNAME) === 0 ) { $this->touch($propertyValue); } else { if(!array_key_exists( $propertyName, $existing )) { diff --git a/lib/connector/sabre/request.php b/lib/connector/sabre/request.php new file mode 100644 index 00000000000..97a27996bf3 --- /dev/null +++ b/lib/connector/sabre/request.php @@ -0,0 +1,50 @@ +<?php + +/** + * ownCloud + * + * @author Stefan Herbrechtsmeier + * @copyright 2012 Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +class OC_Connector_Sabre_Request extends Sabre_HTTP_Request { + /** + * Returns the requested uri + * + * @return string + */ + public function getUri() { + return OC_Request::requestUri(); + } + + /** + * Returns a specific item from the _SERVER array. + * + * Do not rely on this feature, it is for internal use only. + * + * @param string $field + * @return string + */ + public function getRawServerValue($field) { + if($field == 'REQUEST_URI'){ + return $this->getUri(); + } + else{ + return isset($this->_SERVER[$field])?$this->_SERVER[$field]:null; + } + } +} diff --git a/lib/files/cache/cache.php b/lib/files/cache/cache.php index 69cbaea8516..dcb6e8fd39a 100644 --- a/lib/files/cache/cache.php +++ b/lib/files/cache/cache.php @@ -410,7 +410,13 @@ class Cache { ); $mimetype = $this->getMimetypeId($mimetype); $result = $query->execute(array($mimetype, $this->numericId)); - return $result->fetchAll(); + $files = array(); + while ($row = $result->fetchRow()) { + $row['mimetype'] = $this->getMimetype($row['mimetype']); + $row['mimepart'] = $this->getMimetype($row['mimepart']); + $files[] = $row; + } + return $files; } /** diff --git a/lib/files/cache/scanner.php b/lib/files/cache/scanner.php index bf0ef01d6b3..8d504af6163 100644 --- a/lib/files/cache/scanner.php +++ b/lib/files/cache/scanner.php @@ -94,7 +94,7 @@ class Scanner { } $size = 0; - if ($dh = $this->storage->opendir($path)) { + if ($this->storage->is_dir($path) && ($dh = $this->storage->opendir($path))) { \OC_DB::beginTransaction(); while ($file = readdir($dh)) { if ($file !== '.' and $file !== '..') { diff --git a/lib/files/filesystem.php b/lib/files/filesystem.php index 262fde320a1..65d9ffab485 100644 --- a/lib/files/filesystem.php +++ b/lib/files/filesystem.php @@ -374,7 +374,7 @@ class Filesystem { * @param array $data from hook */ static public function isBlacklisted($data) { - $blacklist = array('.htaccess'); + $blacklist = \OC_Config::getValue('blacklisted_files', array('.htaccess')); if (isset($data['path'])) { $path = $data['path']; } else if (isset($data['newpath'])) { @@ -611,6 +611,16 @@ class Filesystem { } /** + * Get the owner for a file or folder + * + * @param string $path + * @return string + */ + public static function getOwner($path) { + return self::$defaultInstance->getOwner($path); + } + + /** * get the ETag for a file or folder * * @param string $path diff --git a/lib/files/view.php b/lib/files/view.php index 302232b5134..dfcb770328b 100644 --- a/lib/files/view.php +++ b/lib/files/view.php @@ -670,6 +670,9 @@ class View { */ public function getFileInfo($path) { $data = array(); + if (!Filesystem::isValidPath($path)) { + return $data; + } $path = Filesystem::normalizePath($this->fakeRoot . '/' . $path); /** * @var \OC\Files\Storage\Storage $storage @@ -724,6 +727,9 @@ class View { */ public function getDirectoryContent($directory, $mimetype_filter = '') { $result = array(); + if (!Filesystem::isValidPath($directory)) { + return $result; + } $path = Filesystem::normalizePath($this->fakeRoot . '/' . $directory); /** * @var \OC\Files\Storage\Storage $storage @@ -915,6 +921,16 @@ class View { } /** + * Get the owner for a file or folder + * + * @param string $path + * @return string + */ + public function getOwner($path) { + return $this->basicOperation('getOwner', $path); + } + + /** * get the ETag for a file or folder * * @param string $path diff --git a/lib/l10n.php b/lib/l10n.php index ca53b3cf65c..ee879009265 100644 --- a/lib/l10n.php +++ b/lib/l10n.php @@ -287,7 +287,7 @@ class OC_L10N{ } if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { - $accepted_languages = preg_split('/,\s*/', $_SERVER['HTTP_ACCEPT_LANGUAGE']); + $accepted_languages = preg_split('/,\s*/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE'])); if(is_array($app)) { $available = $app; } diff --git a/lib/l10n/fa.php b/lib/l10n/fa.php index 8cbdcb03b3b..bbb04290a5c 100644 --- a/lib/l10n/fa.php +++ b/lib/l10n/fa.php @@ -3,17 +3,28 @@ "Personal" => "شخصی", "Settings" => "تنظیمات", "Users" => "کاربران", +"Apps" => " برنامه ها", "Admin" => "مدیر", +"ZIP download is turned off." => "دانلود به صورت فشرده غیر فعال است", +"Files need to be downloaded one by one." => "فایل ها باید به صورت یکی یکی دانلود شوند", +"Back to Files" => "بازگشت به فایل ها", +"Selected files too large to generate zip file." => "فایل های انتخاب شده بزرگتر از آن هستند که بتوان یک فایل فشرده تولید کرد", +"Application is not enabled" => "برنامه فعال نشده است", "Authentication error" => "خطا در اعتبار سنجی", "Files" => "پروندهها", "Text" => "متن", +"Images" => "تصاویر", "seconds ago" => "ثانیهها پیش", "1 minute ago" => "1 دقیقه پیش", "%d minutes ago" => "%d دقیقه پیش", "1 hour ago" => "1 ساعت پیش", +"%d hours ago" => "%d ساعت پیش", "today" => "امروز", "yesterday" => "دیروز", +"%d days ago" => "%d روز پیش", "last month" => "ماه قبل", +"%d months ago" => "%dماه پیش", "last year" => "سال قبل", -"years ago" => "سالهای قبل" +"years ago" => "سالهای قبل", +"Could not find category \"%s\"" => "دسته بندی %s یافت نشد" ); diff --git a/lib/l10n/sr.php b/lib/l10n/sr.php index 34ae89a6219..1161b0a44b7 100644 --- a/lib/l10n/sr.php +++ b/lib/l10n/sr.php @@ -1,10 +1,10 @@ <?php $TRANSLATIONS = array( "Help" => "Помоћ", "Personal" => "Лично", -"Settings" => "Подешавања", +"Settings" => "Поставке", "Users" => "Корисници", "Apps" => "Апликације", -"Admin" => "Администрација", +"Admin" => "Администратор", "ZIP download is turned off." => "Преузимање ZIP-а је искључено.", "Files need to be downloaded one by one." => "Датотеке морате преузимати једну по једну.", "Back to Files" => "Назад на датотеке", @@ -29,7 +29,7 @@ "last year" => "прошле године", "years ago" => "година раније", "%s is available. Get <a href=\"%s\">more information</a>" => "%s је доступна. Погледајте <a href=\"%s\">више информација</a>.", -"up to date" => "је ажурна.", -"updates check is disabled" => "провера ажурирања је онемогућена.", +"up to date" => "је ажурна", +"updates check is disabled" => "провера ажурирања је онемогућена", "Could not find category \"%s\"" => "Не могу да пронађем категорију „%s“." ); diff --git a/lib/public/util.php b/lib/public/util.php index 413dbcccd28..a78a52f326e 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -219,6 +219,28 @@ class Util { } /** + * @brief Returns the request uri + * @returns the request uri + * + * Returns the request uri, even if the website uses one or more + * reverse proxies + */ + public static function getRequestUri() { + return(\OC_Request::requestUri()); + } + + /** + * @brief Returns the script name + * @returns the script name + * + * Returns the script name, even if the website uses one or more + * reverse proxies + */ + public static function getScriptName() { + return(\OC_Request::scriptName()); + } + + /** * @brief Creates path to an image * @param string $app app * @param string $image image name diff --git a/lib/request.php b/lib/request.php index f2f15c21103..1661a1406ca 100755 --- a/lib/request.php +++ b/lib/request.php @@ -8,6 +8,15 @@ class OC_Request { /** + * @brief Check overwrite condition + * @returns true/false + */ + private static function isOverwriteCondition() { + $regex = '/' . OC_Config::getValue('overwritecondaddr', '') . '/'; + return $regex === '//' or preg_match($regex, $_SERVER['REMOTE_ADDR']) === 1; + } + + /** * @brief Returns the server host * @returns the server host * @@ -18,7 +27,7 @@ class OC_Request { if(OC::$CLI) { return 'localhost'; } - if(OC_Config::getValue('overwritehost', '')<>'') { + if(OC_Config::getValue('overwritehost', '')<>'' and self::isOverwriteCondition()) { return OC_Config::getValue('overwritehost'); } if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { @@ -43,7 +52,7 @@ class OC_Request { * Returns the server protocol. It respects reverse proxy servers and load balancers */ public static function serverProtocol() { - if(OC_Config::getValue('overwriteprotocol', '')<>'') { + if(OC_Config::getValue('overwriteprotocol', '')<>'' and self::isOverwriteCondition()) { return OC_Config::getValue('overwriteprotocol'); } if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { @@ -59,6 +68,38 @@ class OC_Request { } /** + * @brief Returns the request uri + * @returns the request uri + * + * Returns the request uri, even if the website uses one or more + * reverse proxies + */ + public static function requestUri() { + $uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; + if (OC_Config::getValue('overwritewebroot', '') <> '' and self::isOverwriteCondition()) { + $uri = self::scriptName() . substr($uri, strlen($_SERVER['SCRIPT_NAME'])); + } + return $uri; + } + + /** + * @brief Returns the script name + * @returns the script name + * + * Returns the script name, even if the website uses one or more + * reverse proxies + */ + public static function scriptName() { + $name = $_SERVER['SCRIPT_NAME']; + if (OC_Config::getValue('overwritewebroot', '') <> '' and self::isOverwriteCondition()) { + $serverroot = str_replace("\\", '/', substr(__DIR__, 0, -4)); + $suburi = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen($serverroot))); + $name = OC_Config::getValue('overwritewebroot', '') . $suburi; + } + return $name; + } + + /** * @brief get Path info from request * @returns string Path info or false when not found */ diff --git a/lib/search.php b/lib/search.php index 3c3378ad13c..e5a65f7157d 100644 --- a/lib/search.php +++ b/lib/search.php @@ -57,6 +57,22 @@ class OC_Search{ } return $results; } + + /** + * remove an existing search provider + * @param string $provider class name of a OC_Search_Provider + */ + public static function removeProvider($provider) { + self::$registeredProviders = array_filter( + self::$registeredProviders, + function ($element) use ($provider) { + return ($element['class'] != $provider); + } + ); + // force regeneration of providers on next search + self::$providers=array(); + } + /** * create instances of all the registered search providers diff --git a/lib/template.php b/lib/template.php index 238d8a8ad0f..fb9f7ad62d9 100644 --- a/lib/template.php +++ b/lib/template.php @@ -192,7 +192,7 @@ class OC_Template{ // Content Security Policy // If you change the standard policy, please also change it in config.sample.php - $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *'); + $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src \'self\' data:'); header('Content-Security-Policy:'.$policy); // Standard header('X-WebKit-CSP:'.$policy); // Older webkit browsers diff --git a/lib/util.php b/lib/util.php index 45e594afd6b..363e3f105c0 100755 --- a/lib/util.php +++ b/lib/util.php @@ -186,45 +186,20 @@ class OC_Util { in owncloud or disabling the appstore in the config file."); } } - $CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ); - //check for correct file permissions - if(!stristr(PHP_OS, 'WIN')) { - $permissionsModHint="Please change the permissions to 0770 so that the directory cannot be listed by other users."; - $prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)), -3); - if(substr($prems, -1)!='0') { - OC_Helper::chmodr($CONFIG_DATADIRECTORY, 0770); - clearstatcache(); - $prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)), -3); - if(substr($prems, 2, 1)!='0') { - $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') is readable for other users<br/>', 'hint'=>$permissionsModHint); - } - } - if( OC_Config::getValue( "enablebackup", false )) { - $CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" ); - $prems=substr(decoct(@fileperms($CONFIG_BACKUPDIRECTORY)), -3); - if(substr($prems, -1)!='0') { - OC_Helper::chmodr($CONFIG_BACKUPDIRECTORY, 0770); - clearstatcache(); - $prems=substr(decoct(@fileperms($CONFIG_BACKUPDIRECTORY)), -3); - if(substr($prems, 2, 1)!='0') { - $errors[]=array('error'=>'Data directory ('.$CONFIG_BACKUPDIRECTORY.') is readable for other users<br/>', 'hint'=>$permissionsModHint); - } - } - } - }else{ - //TODO: permissions checks for windows hosts - } // Create root dir. if(!is_dir($CONFIG_DATADIRECTORY)) { $success=@mkdir($CONFIG_DATADIRECTORY); - if(!$success) { + if ($success) { + $errors = array_merge($errors, self::checkDataDirectoryPermissions($CONFIG_DATADIRECTORY)); + } else { $errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")", 'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' "); } } else if(!is_writable($CONFIG_DATADIRECTORY) or !is_readable($CONFIG_DATADIRECTORY)) { $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud<br/>', 'hint'=>$permissionsHint); + } else { + $errors = array_merge($errors, self::checkDataDirectoryPermissions($CONFIG_DATADIRECTORY)); } - // check if all required php modules are present if(!class_exists('ZipArchive')) { $errors[]=array('error'=>'PHP module zip not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.'); @@ -286,6 +261,29 @@ class OC_Util { return $errors; } + /** + * Check for correct file permissions of data directory + * @return array arrays with error messages and hints + */ + public static function checkDataDirectoryPermissions($dataDirectory) { + $errors = array(); + if (stristr(PHP_OS, 'WIN')) { + //TODO: permissions checks for windows hosts + } else { + $permissionsModHint = 'Please change the permissions to 0770 so that the directory cannot be listed by other users.'; + $prems = substr(decoct(@fileperms($dataDirectory)), -3); + if (substr($prems, -1) != '0') { + OC_Helper::chmodr($dataDirectory, 0770); + clearstatcache(); + $prems = substr(decoct(@fileperms($dataDirectory)), -3); + if (substr($prems, 2, 1) != '0') { + $errors[] = array('error' => 'Data directory ('.$dataDirectory.') is readable for other users<br/>', 'hint' => $permissionsModHint); + } + } + } + return $errors; + } + public static function displayLoginPage($errors = array()) { $parameters = array(); foreach( $errors as $key => $value ) { @@ -323,7 +321,7 @@ class OC_Util { public static function checkLoggedIn() { // Check if we are a user if( !OC_User::isLoggedIn()) { - header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php', array('redirect_url' => $_SERVER["REQUEST_URI"]))); + header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php', array('redirect_url' => OC_Request::requestUri()))); exit(); } } |