diff options
Diffstat (limited to 'lib')
4 files changed, 50 insertions, 36 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index bb3083c835c..7eb730ac2a3 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -1,4 +1,5 @@ <?php +declare(strict_types=1); /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -39,6 +40,7 @@ use OC\AppFramework\Utility\ControllerMethodReflector; use OC\Security\CSP\ContentSecurityPolicyManager; use OC\Security\CSP\ContentSecurityPolicyNonceManager; use OC\Security\CSRF\CsrfTokenManager; +use OCP\App\AppPathNotFoundException; use OCP\App\IAppManager; use OCP\AppFramework\Http\ContentSecurityPolicy; use OCP\AppFramework\Http\EmptyContentSecurityPolicy; @@ -91,29 +93,14 @@ class SecurityMiddleware extends Middleware { /** @var IL10N */ private $l10n; - /** - * @param IRequest $request - * @param ControllerMethodReflector $reflector - * @param INavigationManager $navigationManager - * @param IURLGenerator $urlGenerator - * @param ILogger $logger - * @param string $appName - * @param bool $isLoggedIn - * @param bool $isAdminUser - * @param ContentSecurityPolicyManager $contentSecurityPolicyManager - * @param CSRFTokenManager $csrfTokenManager - * @param ContentSecurityPolicyNonceManager $cspNonceManager - * @param IAppManager $appManager - * @param IL10N $l10n - */ public function __construct(IRequest $request, ControllerMethodReflector $reflector, INavigationManager $navigationManager, IURLGenerator $urlGenerator, ILogger $logger, - $appName, - $isLoggedIn, - $isAdminUser, + string $appName, + bool $isLoggedIn, + bool $isAdminUser, ContentSecurityPolicyManager $contentSecurityPolicyManager, CsrfTokenManager $csrfTokenManager, ContentSecurityPolicyNonceManager $cspNonceManager, @@ -156,10 +143,8 @@ class SecurityMiddleware extends Middleware { throw new NotLoggedInException(); } - if(!$this->reflector->hasAnnotation('NoAdminRequired')) { - if(!$this->isAdminUser) { - throw new NotAdminException($this->l10n->t('Logged in user must be an admin')); - } + if(!$this->reflector->hasAnnotation('NoAdminRequired') && !$this->isAdminUser) { + throw new NotAdminException($this->l10n->t('Logged in user must be an admin')); } } @@ -191,15 +176,20 @@ class SecurityMiddleware extends Middleware { } /** - * FIXME: Use DI once available * Checks if app is enabled (also includes a check whether user is allowed to access the resource) * The getAppPath() check is here since components such as settings also use the AppFramework and * therefore won't pass this check. + * If page is public, app does not need to be enabled for current user/visitor */ - if(\OC_App::getAppPath($this->appName) !== false && !$this->appManager->isEnabledForUser($this->appName)) { - throw new AppNotEnabledException(); + try { + $appPath = $this->appManager->getAppPath($this->appName); + } catch (AppPathNotFoundException $e) { + $appPath = false; } + if ($appPath !== false && !$isPublicPage && !$this->appManager->isEnabledForUser($this->appName)) { + throw new AppNotEnabledException(); + } } /** @@ -211,7 +201,7 @@ class SecurityMiddleware extends Middleware { * @param Response $response * @return Response */ - public function afterController($controller, $methodName, Response $response) { + public function afterController($controller, $methodName, Response $response): Response { $policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy(); if (get_class($policy) === EmptyContentSecurityPolicy::class) { @@ -240,14 +230,14 @@ class SecurityMiddleware extends Middleware { * @throws \Exception the passed in exception if it can't handle it * @return Response a Response object or null in case that the exception could not be handled */ - public function afterException($controller, $methodName, \Exception $exception) { + public function afterException($controller, $methodName, \Exception $exception): Response { if($exception instanceof SecurityException) { if($exception instanceof StrictCookieMissingException) { return new RedirectResponse(\OC::$WEBROOT); } if (stripos($this->request->getHeader('Accept'),'html') === false) { $response = new JSONResponse( - array('message' => $exception->getMessage()), + ['message' => $exception->getMessage()], $exception->getCode() ); } else { diff --git a/lib/private/AppFramework/Utility/SimpleContainer.php b/lib/private/AppFramework/Utility/SimpleContainer.php index b86d3339264..e96f24ed284 100644 --- a/lib/private/AppFramework/Utility/SimpleContainer.php +++ b/lib/private/AppFramework/Utility/SimpleContainer.php @@ -46,6 +46,7 @@ class SimpleContainer extends Container implements IContainer { /** * @param ReflectionClass $class the class to instantiate * @return \stdClass the created class + * @suppress PhanUndeclaredClassInstanceof */ private function buildClass(ReflectionClass $class) { $constructor = $class->getConstructor(); @@ -66,6 +67,12 @@ class SimpleContainer extends Container implements IContainer { try { $parameters[] = $this->query($resolveName); } catch (\Exception $e) { + if (class_exists('PHPUnit_Framework_AssertionFailedError', false) && + $e instanceof \PHPUnit_Framework_AssertionFailedError) { + // Easier debugging of "Your test case is not allowed to access the database." + throw $e; + } + // Service not found, use the default value when available if ($parameter->isDefaultValueAvailable()) { $parameters[] = $parameter->getDefaultValue(); diff --git a/lib/private/Files/ObjectStore/ObjectStoreStorage.php b/lib/private/Files/ObjectStore/ObjectStoreStorage.php index 45c22a81a7b..3ce919a4cbe 100644 --- a/lib/private/Files/ObjectStore/ObjectStoreStorage.php +++ b/lib/private/Files/ObjectStore/ObjectStoreStorage.php @@ -261,6 +261,12 @@ class ObjectStoreStorage extends \OC\Files\Storage\Common { public function fopen($path, $mode) { $path = $this->normalizePath($path); + if (strrpos($path, '.') !== false) { + $ext = substr($path, strrpos($path, '.')); + } else { + $ext = ''; + } + switch ($mode) { case 'r': case 'rb': @@ -280,21 +286,21 @@ class ObjectStoreStorage extends \OC\Files\Storage\Common { } case 'w': case 'wb': + case 'w+': + case 'wb+': + $tmpFile = \OC::$server->getTempManager()->getTemporaryFile($ext); + $handle = fopen($tmpFile, $mode); + return CallbackWrapper::wrap($handle, null, null, function () use ($path, $tmpFile) { + $this->writeBack($tmpFile, $path); + }); case 'a': case 'ab': case 'r+': - case 'w+': - case 'wb+': case 'a+': case 'x': case 'x+': case 'c': case 'c+': - if (strrpos($path, '.') !== false) { - $ext = substr($path, strrpos($path, '.')); - } else { - $ext = ''; - } $tmpFile = \OC::$server->getTempManager()->getTemporaryFile($ext); if ($this->file_exists($path)) { $source = $this->fopen($path, 'r'); @@ -423,4 +429,8 @@ class ObjectStoreStorage extends \OC\Files\Storage\Common { public function hasUpdated($path, $time) { return false; } + + public function needsPartFile() { + return false; + } } diff --git a/lib/private/Template/JSCombiner.php b/lib/private/Template/JSCombiner.php index c5adcee6854..bc548c22fd0 100644 --- a/lib/private/Template/JSCombiner.php +++ b/lib/private/Template/JSCombiner.php @@ -104,13 +104,20 @@ class JSCombiner { * @return bool */ protected function isCached($fileName, ISimpleFolder $folder) { - $fileName = str_replace('.json', '.js', $fileName) . '.deps'; + $fileName = str_replace('.json', '.js', $fileName); + + if (!$folder->fileExists($fileName)) { + return false; + } + + $fileName = $fileName . '.deps'; try { $deps = $this->depsCache->get($folder->getName() . '-' . $fileName); if ($deps === null || $deps === '') { $depFile = $folder->getFile($fileName); $deps = $depFile->getContent(); } + // check again if ($deps === null || $deps === '') { $this->logger->info('JSCombiner: deps file empty: ' . $fileName); |