diff options
Diffstat (limited to 'public.php')
-rw-r--r-- | public.php | 60 |
1 files changed, 39 insertions, 21 deletions
diff --git a/public.php b/public.php index 2956d7f79dd..5954da7e3a0 100644 --- a/public.php +++ b/public.php @@ -32,33 +32,53 @@ */ require_once __DIR__ . '/lib/versioncheck.php'; +/** + * @param $service + * @return string + */ +function resolveService($service) { + $services = [ + 'webdav' => 'dav/appinfo/v1/publicwebdav.php', + 'dav' => 'dav/appinfo/v2/publicremote.php', + ]; + if (isset($services[$service])) { + return $services[$service]; + } + + return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service); +} + try { require_once __DIR__ . '/lib/base.php'; + + // All resources served via the DAV endpoint should have the strictest possible + // policy. Exempted from this is the SabreDAV browser plugin which overwrites + // this policy with a softer one if debug mode is enabled. + header("Content-Security-Policy: default-src 'none';"); + if (\OCP\Util::needUpgrade()) { // since the behavior of apps or remotes are unpredictable during // an upgrade, return a 503 directly - OC_Template::printErrorPage('Service unavailable', '', 503); - exit; + throw new RemoteException('Service unavailable', 503); } - OC::checkMaintenanceMode(\OC::$server->get(\OC\SystemConfig::class)); $request = \OC::$server->getRequest(); $pathInfo = $request->getPathInfo(); - - if (!$pathInfo && $request->getParam('service', '') === '') { - http_response_code(404); - exit; - } elseif ($request->getParam('service', '')) { - $service = $request->getParam('service', ''); - } else { - $pathInfo = trim($pathInfo, '/'); - [$service] = explode('/', $pathInfo); + if ($pathInfo === false || $pathInfo === '') { + throw new RemoteException('Path not found', 404); } - $file = \OC::$server->getConfig()->getAppValue('core', 'public_' . strip_tags($service)); - if ($file === '') { - http_response_code(404); - exit; + if (!$pos = strpos($pathInfo, '/', 1)) { + $pos = strlen($pathInfo); } + $service = substr($pathInfo, 1, $pos - 1); + + $file = resolveService($service); + + if (is_null($file)) { + throw new RemoteException('Path not found', 404); + } + + $file = ltrim($file, '/'); $parts = explode('/', $file, 2); $app = $parts[0]; @@ -70,15 +90,13 @@ try { OC_App::loadApps(['filesystem', 'logging']); if (!\OC::$server->getAppManager()->isInstalled($app)) { - http_response_code(404); - exit; + throw new RemoteException('App not installed: ' . $app); } OC_App::loadApp($app); OC_User::setIncognitoMode(true); - $baseuri = OC::$WEBROOT . '/public.php/' . $service . '/'; - - require_once OC_App::getAppPath($app) . '/' . $parts[1]; + $baseuri = OC::$WEBROOT . '/public.php/'.$service.'/'; + require_once $file; } catch (Exception $ex) { $status = 500; if ($ex instanceof \OC\ServiceUnavailableException) { |