aboutsummaryrefslogtreecommitdiffstats
path: root/public.php
diff options
context:
space:
mode:
Diffstat (limited to 'public.php')
-rw-r--r--public.php60
1 files changed, 39 insertions, 21 deletions
diff --git a/public.php b/public.php
index 2956d7f79dd..5954da7e3a0 100644
--- a/public.php
+++ b/public.php
@@ -32,33 +32,53 @@
*/
require_once __DIR__ . '/lib/versioncheck.php';
+/**
+ * @param $service
+ * @return string
+ */
+function resolveService($service) {
+ $services = [
+ 'webdav' => 'dav/appinfo/v1/publicwebdav.php',
+ 'dav' => 'dav/appinfo/v2/publicremote.php',
+ ];
+ if (isset($services[$service])) {
+ return $services[$service];
+ }
+
+ return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
+}
+
try {
require_once __DIR__ . '/lib/base.php';
+
+ // All resources served via the DAV endpoint should have the strictest possible
+ // policy. Exempted from this is the SabreDAV browser plugin which overwrites
+ // this policy with a softer one if debug mode is enabled.
+ header("Content-Security-Policy: default-src 'none';");
+
if (\OCP\Util::needUpgrade()) {
// since the behavior of apps or remotes are unpredictable during
// an upgrade, return a 503 directly
- OC_Template::printErrorPage('Service unavailable', '', 503);
- exit;
+ throw new RemoteException('Service unavailable', 503);
}
- OC::checkMaintenanceMode(\OC::$server->get(\OC\SystemConfig::class));
$request = \OC::$server->getRequest();
$pathInfo = $request->getPathInfo();
-
- if (!$pathInfo && $request->getParam('service', '') === '') {
- http_response_code(404);
- exit;
- } elseif ($request->getParam('service', '')) {
- $service = $request->getParam('service', '');
- } else {
- $pathInfo = trim($pathInfo, '/');
- [$service] = explode('/', $pathInfo);
+ if ($pathInfo === false || $pathInfo === '') {
+ throw new RemoteException('Path not found', 404);
}
- $file = \OC::$server->getConfig()->getAppValue('core', 'public_' . strip_tags($service));
- if ($file === '') {
- http_response_code(404);
- exit;
+ if (!$pos = strpos($pathInfo, '/', 1)) {
+ $pos = strlen($pathInfo);
}
+ $service = substr($pathInfo, 1, $pos - 1);
+
+ $file = resolveService($service);
+
+ if (is_null($file)) {
+ throw new RemoteException('Path not found', 404);
+ }
+
+ $file = ltrim($file, '/');
$parts = explode('/', $file, 2);
$app = $parts[0];
@@ -70,15 +90,13 @@ try {
OC_App::loadApps(['filesystem', 'logging']);
if (!\OC::$server->getAppManager()->isInstalled($app)) {
- http_response_code(404);
- exit;
+ throw new RemoteException('App not installed: ' . $app);
}
OC_App::loadApp($app);
OC_User::setIncognitoMode(true);
- $baseuri = OC::$WEBROOT . '/public.php/' . $service . '/';
-
- require_once OC_App::getAppPath($app) . '/' . $parts[1];
+ $baseuri = OC::$WEBROOT . '/public.php/'.$service.'/';
+ require_once $file;
} catch (Exception $ex) {
$status = 500;
if ($ex instanceof \OC\ServiceUnavailableException) {