diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api.php | 5 | ||||
| -rw-r--r-- | lib/app.php | 4 | ||||
| -rw-r--r-- | lib/connector/sabre/ServiceUnavailable.php | 22 | ||||
| -rw-r--r-- | lib/connector/sabre/client.php | 173 | ||||
| -rw-r--r-- | lib/connector/sabre/maintenanceplugin.php | 56 | ||||
| -rw-r--r-- | lib/helper.php | 28 | ||||
| -rw-r--r-- | lib/json.php | 21 | ||||
| -rw-r--r-- | lib/l10n/bg_BG.php | 34 | ||||
| -rw-r--r-- | lib/l10n/bn_BD.php | 23 | ||||
| -rw-r--r-- | lib/l10n/id.php | 8 | ||||
| -rw-r--r-- | lib/migrate.php | 2 | ||||
| -rw-r--r-- | lib/ocs/cloud.php | 4 | ||||
| -rw-r--r-- | lib/router.php | 22 | ||||
| -rw-r--r-- | lib/subadmin.php | 7 | ||||
| -rw-r--r-- | lib/user.php | 13 | ||||
| -rwxr-xr-x | lib/util.php | 52 |
16 files changed, 177 insertions, 297 deletions
diff --git a/lib/api.php b/lib/api.php index cb67e0c2a89..c464cd04913 100644 --- a/lib/api.php +++ b/lib/api.php @@ -127,8 +127,7 @@ class OC_API { return false; } else { $subAdmin = OC_SubAdmin::isSubAdmin($user); - $admin = OC_Group::inGroup($user, 'admin'); - if($subAdmin || $admin) { + if($subAdmin) { return true; } else { return false; @@ -141,7 +140,7 @@ class OC_API { if(!$user) { return false; } else { - return OC_Group::inGroup($user, 'admin'); + return OC_User::isAdminUser($user); } break; default: diff --git a/lib/app.php b/lib/app.php index 2926b794857..05d1c818c70 100644 --- a/lib/app.php +++ b/lib/app.php @@ -313,14 +313,14 @@ class OC_App{ $settings[]=array( "id" => "settings", "order" => 1000, "href" => OC_Helper::linkToRoute( "settings_settings" ), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath( "settings", "settings.svg" )); //SubAdmins are also allowed to access user management - if(OC_SubAdmin::isSubAdmin($_SESSION["user_id"]) || OC_Group::inGroup( $_SESSION["user_id"], "admin" )) { + if(OC_SubAdmin::isSubAdmin(OC_User::getUser())) { // admin users menu $settings[] = array( "id" => "core_users", "order" => 2, "href" => OC_Helper::linkToRoute( "settings_users" ), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath( "settings", "users.svg" )); } // if the user is an admin - if(OC_Group::inGroup( $_SESSION["user_id"], "admin" )) { + if(OC_User::isAdminUser(OC_User::getUser())) { // admin apps menu $settings[] = array( "id" => "core_apps", "order" => 3, "href" => OC_Helper::linkToRoute( "settings_apps" ).'?installed', "name" => $l->t("Apps"), "icon" => OC_Helper::imagePath( "settings", "apps.svg" )); diff --git a/lib/connector/sabre/ServiceUnavailable.php b/lib/connector/sabre/ServiceUnavailable.php new file mode 100644 index 00000000000..c1cc815c989 --- /dev/null +++ b/lib/connector/sabre/ServiceUnavailable.php @@ -0,0 +1,22 @@ +<?php +/** + * ownCloud + * + * @author Thomas Müller + * @copyright 2013 Thomas Müller <thomas.mueller@tmit.eu> + * + * @license AGPL3 + */ + +class Sabre_DAV_Exception_ServiceUnavailable extends Sabre_DAV_Exception { + + /** + * Returns the HTTP statuscode for this exception + * + * @return int + */ + public function getHTTPCode() { + + return 503; + } +} diff --git a/lib/connector/sabre/client.php b/lib/connector/sabre/client.php deleted file mode 100644 index 8df5fb9a9ad..00000000000 --- a/lib/connector/sabre/client.php +++ /dev/null @@ -1,173 +0,0 @@ -<?php - -/** - * ownCloud - * - * @author Bjoern Schiessle - * @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * - */ - -class OC_Connector_Sabre_Client extends Sabre_DAV_Client { - - protected $trustedCertificates; - - /** - * Add trusted root certificates to the webdav client. - * - * The parameter certificates should be a absulute path to a file which contains - * all trusted certificates - * - * @param string $certificates - */ - public function addTrustedCertificates($certificates) { - $this->trustedCertificates = $certificates; - } - - /** - * Copied from SabreDAV with some modification to use user defined curlSettings - * Performs an actual HTTP request, and returns the result. - * - * If the specified url is relative, it will be expanded based on the base - * url. - * - * The returned array contains 3 keys: - * * body - the response body - * * httpCode - a HTTP code (200, 404, etc) - * * headers - a list of response http headers. The header names have - * been lowercased. - * - * @param string $method - * @param string $url - * @param string $body - * @param array $headers - * @return array - */ - public function request($method, $url = '', $body = null, $headers = array()) { - - $url = $this->getAbsoluteUrl($url); - - $curlSettings = array( - CURLOPT_RETURNTRANSFER => true, - // Return headers as part of the response - CURLOPT_HEADER => true, - CURLOPT_POSTFIELDS => $body, - // Automatically follow redirects - CURLOPT_FOLLOWLOCATION => true, - CURLOPT_MAXREDIRS => 5, - ); - - if($this->trustedCertificates) { - $curlSettings[CURLOPT_CAINFO] = $this->trustedCertificates; - } - - switch ($method) { - case 'HEAD' : - - // do not read body with HEAD requests (this is neccessary because cURL does not ignore the body with HEAD - // requests when the Content-Length header is given - which in turn is perfectly valid according to HTTP - // specs...) cURL does unfortunately return an error in this case ("transfer closed transfer closed with - // ... bytes remaining to read") this can be circumvented by explicitly telling cURL to ignore the - // response body - $curlSettings[CURLOPT_NOBODY] = true; - $curlSettings[CURLOPT_CUSTOMREQUEST] = 'HEAD'; - break; - - default: - $curlSettings[CURLOPT_CUSTOMREQUEST] = $method; - break; - - } - - // Adding HTTP headers - $nHeaders = array(); - foreach($headers as $key=>$value) { - - $nHeaders[] = $key . ': ' . $value; - - } - $curlSettings[CURLOPT_HTTPHEADER] = $nHeaders; - - if ($this->proxy) { - $curlSettings[CURLOPT_PROXY] = $this->proxy; - } - - if ($this->userName && $this->authType) { - $curlType = 0; - if ($this->authType & self::AUTH_BASIC) { - $curlType |= CURLAUTH_BASIC; - } - if ($this->authType & self::AUTH_DIGEST) { - $curlType |= CURLAUTH_DIGEST; - } - $curlSettings[CURLOPT_HTTPAUTH] = $curlType; - $curlSettings[CURLOPT_USERPWD] = $this->userName . ':' . $this->password; - } - - list( - $response, - $curlInfo, - $curlErrNo, - $curlError - ) = $this->curlRequest($url, $curlSettings); - - $headerBlob = substr($response, 0, $curlInfo['header_size']); - $response = substr($response, $curlInfo['header_size']); - - // In the case of 100 Continue, or redirects we'll have multiple lists - // of headers for each separate HTTP response. We can easily split this - // because they are separated by \r\n\r\n - $headerBlob = explode("\r\n\r\n", trim($headerBlob, "\r\n")); - - // We only care about the last set of headers - $headerBlob = $headerBlob[count($headerBlob)-1]; - - // Splitting headers - $headerBlob = explode("\r\n", $headerBlob); - - $headers = array(); - foreach($headerBlob as $header) { - $parts = explode(':', $header, 2); - if (count($parts)==2) { - $headers[strtolower(trim($parts[0]))] = trim($parts[1]); - } - } - - $response = array( - 'body' => $response, - 'statusCode' => $curlInfo['http_code'], - 'headers' => $headers - ); - - if ($curlErrNo) { - throw new Sabre_DAV_Exception('[CURL] Error while making request: ' . $curlError . ' (error code: ' . $curlErrNo . ')'); - } - - if ($response['statusCode']>=400) { - switch ($response['statusCode']) { - case 404: - throw new Sabre_DAV_Exception_NotFound('Resource ' . $url . ' not found.'); - break; - - default: - throw new Sabre_DAV_Exception('HTTP error response. (errorcode ' . $response['statusCode'] . ')'); - } - } - - return $response; - - } -}
\ No newline at end of file diff --git a/lib/connector/sabre/maintenanceplugin.php b/lib/connector/sabre/maintenanceplugin.php new file mode 100644 index 00000000000..329fa4443ad --- /dev/null +++ b/lib/connector/sabre/maintenanceplugin.php @@ -0,0 +1,56 @@ +<?php + +/** + * ownCloud + * + * @author Thomas Müller + * @copyright 2013 Thomas Müller <thomas.mueller@tmit.eu> + * + * @license AGPL3 + */ + +require 'ServiceUnavailable.php'; + +class OC_Connector_Sabre_MaintenancePlugin extends Sabre_DAV_ServerPlugin +{ + + /** + * Reference to main server object + * + * @var Sabre_DAV_Server + */ + private $server; + + /** + * This initializes the plugin. + * + * This function is called by Sabre_DAV_Server, after + * addPlugin is called. + * + * This method should set up the required event subscriptions. + * + * @param Sabre_DAV_Server $server + * @return void + */ + public function initialize(Sabre_DAV_Server $server) { + + $this->server = $server; + $this->server->subscribeEvent('beforeMethod', array($this, 'checkMaintenanceMode'), 10); + } + + /** + * This method is called before any HTTP method and returns http status code 503 + * in case the system is in maintenance mode. + * + * @throws Sabre_DAV_Exception_ServiceUnavailable + * @internal param string $method + * @return bool + */ + public function checkMaintenanceMode() { + if (OC_Config::getValue('maintenance', false)) { + throw new Sabre_DAV_Exception_ServiceUnavailable(); + } + + return true; + } +} diff --git a/lib/helper.php b/lib/helper.php index b25ec01036a..7aede047974 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -625,37 +625,17 @@ class OC_Helper { return $newpath; } - /* - * checks if $sub is a subdirectory of $parent + /** + * @brief Checks if $sub is a subdirectory of $parent * * @param string $sub * @param string $parent * @return bool */ public static function issubdirectory($sub, $parent) { - if($sub == null || $sub == '' || $parent == null || $parent == '') { - return false; - } - $realpath_sub = realpath($sub); - $realpath_parent = realpath($parent); - if(($realpath_sub == false && substr_count($realpath_sub, './') != 0) || ($realpath_parent == false && substr_count($realpath_parent, './') != 0)) { //it checks for both ./ and ../ - return false; - } - if($realpath_sub && $realpath_sub != '' && $realpath_parent && $realpath_parent != '') { - if(substr($realpath_sub, 0, strlen($realpath_parent)) == $realpath_parent) { - return true; - } - }else{ - if(substr($sub, 0, strlen($parent)) == $parent) { - return true; - } + if (strpos(realpath($sub), realpath($parent)) === 0) { + return true; } - /*echo 'SUB: ' . $sub . "\n"; - echo 'PAR: ' . $parent . "\n"; - echo 'REALSUB: ' . $realpath_sub . "\n"; - echo 'REALPAR: ' . $realpath_parent . "\n"; - echo substr($realpath_sub, 0, strlen($realpath_parent)); - exit;*/ return false; } diff --git a/lib/json.php b/lib/json.php index 204430411c0..c87de3e200b 100644 --- a/lib/json.php +++ b/lib/json.php @@ -57,9 +57,7 @@ class OC_JSON{ * Check if the user is a admin, send json error msg if not */ public static function checkAdminUser() { - self::checkLoggedIn(); - self::verifyUser(); - if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) { + if( !OC_User::isAdminUser(OC_User::getUser())) { $l = OC_L10N::get('lib'); self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); exit(); @@ -70,27 +68,12 @@ class OC_JSON{ * Check if the user is a subadmin, send json error msg if not */ public static function checkSubAdminUser() { - self::checkLoggedIn(); - self::verifyUser(); - if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) { + if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) { $l = OC_L10N::get('lib'); self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); exit(); } } - - /** - * Check if the user verified the login with his password - */ - public static function verifyUser() { - if(OC_Config::getValue('enhancedauth', false) === true) { - if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { - $l = OC_L10N::get('lib'); - self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); - exit(); - } - } - } /** * Send json error msg diff --git a/lib/l10n/bg_BG.php b/lib/l10n/bg_BG.php index 3eb0660d944..31f37458b81 100644 --- a/lib/l10n/bg_BG.php +++ b/lib/l10n/bg_BG.php @@ -1,4 +1,34 @@ <?php $TRANSLATIONS = array( -"Personal" => "Лично", -"Authentication error" => "Проблем с идентификацията" +"Help" => "Помощ", +"Personal" => "Лични", +"Settings" => "Настройки", +"Users" => "Потребители", +"Apps" => "Приложения", +"Admin" => "Админ", +"ZIP download is turned off." => "Изтеглянето като ZIP е изключено.", +"Files need to be downloaded one by one." => "Файловете трябва да се изтеглят един по един.", +"Back to Files" => "Назад към файловете", +"Selected files too large to generate zip file." => "Избраните файлове са прекалено големи за генерирането на ZIP архив.", +"Application is not enabled" => "Приложението не е включено.", +"Authentication error" => "Възникна проблем с идентификацията", +"Token expired. Please reload page." => "Ключът е изтекъл, моля презаредете страницата", +"Files" => "Файлове", +"Text" => "Текст", +"Images" => "Снимки", +"seconds ago" => "преди секунди", +"1 minute ago" => "преди 1 минута", +"%d minutes ago" => "преди %d минути", +"1 hour ago" => "преди 1 час", +"%d hours ago" => "преди %d часа", +"today" => "днес", +"yesterday" => "вчера", +"%d days ago" => "преди %d дни", +"last month" => "последният месец", +"%d months ago" => "преди %d месеца", +"last year" => "последната година", +"years ago" => "последните години", +"%s is available. Get <a href=\"%s\">more information</a>" => "%s е налична. Получете <a href=\"%s\">повече информация</a>", +"up to date" => "е актуална", +"updates check is disabled" => "проверката за обновления е изключена", +"Could not find category \"%s\"" => "Невъзможно откриване на категорията \"%s\"" ); diff --git a/lib/l10n/bn_BD.php b/lib/l10n/bn_BD.php index 275d3c0f05c..cb6ff4455a9 100644 --- a/lib/l10n/bn_BD.php +++ b/lib/l10n/bn_BD.php @@ -2,17 +2,28 @@ "Help" => "সহায়িকা", "Personal" => "ব্যক্তিগত", "Settings" => "নিয়ামকসমূহ", -"Users" => "ব্যবহারকারিবৃন্দ", -"Apps" => "অ্যাপস", +"Users" => "ব্যভহারকারী", +"Apps" => "অ্যাপ", "Admin" => "প্রশাসক", -"Authentication error" => "নিশ্চিতকরণে সমস্যা দেখা দিয়েছে", +"ZIP download is turned off." => "ZIP ডাউনলোড বন্ধ করা আছে।", +"Files need to be downloaded one by one." => "ফাইলগুলো একে একে ডাউনলোড করা আবশ্যক।", +"Back to Files" => "ফাইলে ফিরে চল", +"Selected files too large to generate zip file." => "নির্বাচিত ফাইলগুলো এতই বৃহৎ যে জিপ ফাইল তৈরী করা সম্ভব নয়।", +"Application is not enabled" => "অ্যাপ্লিকেসনটি সক্রিয় নয়", +"Authentication error" => "অনুমোদন ঘটিত সমস্যা", +"Token expired. Please reload page." => "টোকেন মেয়াদোত্তীর্ণ। দয়া করে পৃষ্ঠাটি পূনরায় লোড করুন।", "Files" => "ফাইল", "seconds ago" => "সেকেন্ড পূর্বে", -"1 minute ago" => "1 মিনিট পূর্বে", +"1 minute ago" => "১ মিনিট পূর্বে", +"%d minutes ago" => "%d মিনিট পূর্বে", "1 hour ago" => "1 ঘন্টা পূর্বে", "today" => "আজ", "yesterday" => "গতকাল", -"last month" => "গতমাস", +"%d days ago" => "%d দিন পূর্বে", +"last month" => "গত মাস", "last year" => "গত বছর", -"years ago" => "বছর পূর্বে" +"years ago" => "বছর পূর্বে", +"%s is available. Get <a href=\"%s\">more information</a>" => "%s এখন সুলভ। <a href=\"%s\">আরও জানুন</a>", +"up to date" => "সর্বশেষ", +"updates check is disabled" => "পরিবর্ধন পরীক্ষণ করা বন্ধ রাখা হয়েছে" ); diff --git a/lib/l10n/id.php b/lib/l10n/id.php index e31b4caf4f5..8f0e38123b6 100644 --- a/lib/l10n/id.php +++ b/lib/l10n/id.php @@ -12,17 +12,23 @@ "Application is not enabled" => "aplikasi tidak diaktifkan", "Authentication error" => "autentikasi bermasalah", "Token expired. Please reload page." => "token kadaluarsa.mohon perbaharui laman.", +"Files" => "Berkas", "Text" => "teks", +"Images" => "Gambar", "seconds ago" => "beberapa detik yang lalu", "1 minute ago" => "1 menit lalu", "%d minutes ago" => "%d menit lalu", +"1 hour ago" => "1 jam yang lalu", +"%d hours ago" => "%d jam yang lalu", "today" => "hari ini", "yesterday" => "kemarin", "%d days ago" => "%d hari lalu", "last month" => "bulan kemarin", +"%d months ago" => "%d bulan yang lalu", "last year" => "tahun kemarin", "years ago" => "beberapa tahun lalu", "%s is available. Get <a href=\"%s\">more information</a>" => "%s tersedia. dapatkan <a href=\"%s\"> info lebih lanjut</a>", "up to date" => "terbaru", -"updates check is disabled" => "pengecekan pembaharuan sedang non-aktifkan" +"updates check is disabled" => "pengecekan pembaharuan sedang non-aktifkan", +"Could not find category \"%s\"" => "Tidak dapat menemukan kategori \"%s\"" ); diff --git a/lib/migrate.php b/lib/migrate.php index 5ff8e338a44..62ab00bc332 100644 --- a/lib/migrate.php +++ b/lib/migrate.php @@ -219,7 +219,7 @@ class OC_Migrate{ // We need to be an admin if we are not importing our own data if(($type == 'user' && self::$uid != $currentuser) || $type != 'user' ) { - if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) { + if( !OC_User::isAdminUser($currentuser)) { // Naughty. OC_Log::write( 'migration', 'Import not permitted.', OC_Log::ERROR ); return json_encode( array( 'success' => false ) ); diff --git a/lib/ocs/cloud.php b/lib/ocs/cloud.php index 58c906d7256..7c29061c324 100644 --- a/lib/ocs/cloud.php +++ b/lib/ocs/cloud.php @@ -40,7 +40,7 @@ class OC_OCS_Cloud { public static function getUserQuota($parameters) { $user = OC_User::getUser(); - if(OC_Group::inGroup($user, 'admin') or ($user==$parameters['user'])) { + if(OC_User::isAdminUser($user) or ($user==$parameters['user'])) { if(OC_User::userExists($parameters['user'])) { // calculate the disc space @@ -82,7 +82,7 @@ class OC_OCS_Cloud { public static function getUserPrivatekey($parameters) { $user = OC_User::getUser(); - if(OC_Group::inGroup($user, 'admin') or ($user==$parameters['user'])) { + if(OC_User::isAdminUser($user) or ($user==$parameters['user'])) { if(OC_User::userExists($user)) { // calculate the disc space diff --git a/lib/router.php b/lib/router.php index 27e14c38abf..746b68c2c0c 100644 --- a/lib/router.php +++ b/lib/router.php @@ -49,6 +49,7 @@ class OC_Router { $files = $this->getRoutingFiles(); $files[] = 'settings/routes.php'; $files[] = 'core/routes.php'; + $files[] = 'ocs/routes.php'; $this->cache_key = OC_Cache::generateCacheKeyFromFiles($files); } return $this->cache_key; @@ -58,23 +59,6 @@ class OC_Router { * loads the api routes */ public function loadRoutes() { - - // TODO cache - $this->root = $this->getCollection('root'); - foreach(OC_APP::getEnabledApps() as $app){ - $file = OC_App::getAppPath($app).'/appinfo/routes.php'; - if(file_exists($file)){ - $this->useCollection($app); - require_once($file); - $collection = $this->getCollection($app); - $this->root->addCollection($collection, '/apps/'.$app); - } - } - // include ocs routes - require_once(OC::$SERVERROOT.'/ocs/routes.php'); - $collection = $this->getCollection('ocs'); - $this->root->addCollection($collection, '/ocs'); - foreach($this->getRoutingFiles() as $app => $file) { $this->useCollection($app); require_once $file; @@ -85,6 +69,10 @@ class OC_Router { require_once 'settings/routes.php'; require_once 'core/routes.php'; + // include ocs routes + require_once 'ocs/routes.php'; + $collection = $this->getCollection('ocs'); + $this->root->addCollection($collection, '/ocs'); } protected function getCollection($name) { diff --git a/lib/subadmin.php b/lib/subadmin.php index 9e83e6da430..8cda7240ac9 100644 --- a/lib/subadmin.php +++ b/lib/subadmin.php @@ -122,6 +122,11 @@ class OC_SubAdmin{ * @return bool */ public static function isSubAdmin($uid) { + // Check if the user is already an admin + if(OC_Group::inGroup($uid, 'admin' )) { + return true; + } + $stmt = OC_DB::prepare('SELECT COUNT(*) AS `count` FROM `*PREFIX*group_admin` WHERE `uid` = ?'); $result = $stmt->execute(array($uid)); $result = $result->fetchRow(); @@ -141,7 +146,7 @@ class OC_SubAdmin{ if(!self::isSubAdmin($subadmin)) { return false; } - if(OC_Group::inGroup($user, 'admin')) { + if(OC_User::isAdminUser($user)) { return false; } $accessiblegroups = self::getSubAdminsGroups($subadmin); diff --git a/lib/user.php b/lib/user.php index 80f88ca7052..8d4eb7aec4d 100644 --- a/lib/user.php +++ b/lib/user.php @@ -300,6 +300,19 @@ class OC_User { } /** + * @brief Check if the user is an admin user + * @param $uid uid of the admin + * @returns bool + */ + public static function isAdminUser($uid) { + if(OC_Group::inGroup($uid, 'admin' )) { + return true; + } + return false; + } + + + /** * @brief get the user id of the user currently logged in. * @return string uid or false */ diff --git a/lib/util.php b/lib/util.php index faae962859a..59566c9f4fb 100755 --- a/lib/util.php +++ b/lib/util.php @@ -321,10 +321,7 @@ class OC_Util { * Check if the user is a admin, redirects to home if not */ public static function checkAdminUser() { - // Check if we are a user - self::checkLoggedIn(); - self::verifyUser(); - if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) { + if( !OC_User::isAdminUser(OC_User::getUser())) { header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' )); exit(); } @@ -335,12 +332,6 @@ class OC_Util { * @return array $groups where the current user is subadmin */ public static function checkSubAdminUser() { - // Check if we are a user - self::checkLoggedIn(); - self::verifyUser(); - if(OC_Group::inGroup(OC_User::getUser(), 'admin')) { - return true; - } if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) { header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' )); exit(); @@ -349,40 +340,6 @@ class OC_Util { } /** - * Check if the user verified the login with his password in the last 15 minutes - * If not, the user will be shown a password verification page - */ - public static function verifyUser() { - if(OC_Config::getValue('enhancedauth', false) === true) { - // Check password to set session - if(isset($_POST['password'])) { - if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) { - $_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60); - } - } - - // Check if the user verified his password - if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { - OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser())); - exit(); - } - } - } - - /** - * Check if the user verified the login with his password - * @return bool - */ - public static function isUserVerified() { - if(OC_Config::getValue('enhancedauth', false) === true) { - if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { - return false; - } - } - return true; - } - - /** * Redirect to the user default page */ public static function redirectToDefaultPage() { @@ -503,8 +460,11 @@ class OC_Util { * @return array with sanitized strings or a single sanitized string, depends on the input parameter. */ public static function sanitizeHTML( &$value ) { - if (is_array($value) || is_object($value)) array_walk_recursive($value, 'OC_Util::sanitizeHTML'); - else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4 + if (is_array($value) || is_object($value)) { + array_walk_recursive($value, 'OC_Util::sanitizeHTML'); + } else { + $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4 + } return $value; } |