1 files changed, 76 insertions, 59 deletions
diff --git a/public.php b/public.php
index 65257f1a46e..8ae6deff203 100644
--- a/public.php
+++ b/public.php
@@ -1,86 +1,103 @@
 <?php
+
+declare(strict_types=1);
+
+use OC\ServiceUnavailableException;
+
 /**
- * @author Björn Schießle <schiessle@owncloud.com>
- * @author Christopher Schäpers <kondou@ts.unde.re>
- * @author Jörn Friedrich Dreyer <jfd@butonic.de>
- * @author Lukas Reschke <lukas@owncloud.com>
- * @author Robin Appelman <icewind@owncloud.com>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- * @author Vincent Petry <pvince81@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
  */
+
+require_once __DIR__ . '/lib/versioncheck.php';
+
+use OCP\App\IAppManager;
+use OCP\IConfig;
+use OCP\IRequest;
+use OCP\Server;
+use OCP\Template\ITemplateManager;
+use OCP\Util;
+use Psr\Log\LoggerInterface;
+
+function resolveService(string $service): string {
+	$services = [
+		'webdav' => 'dav/appinfo/v1/publicwebdav.php',
+		'dav' => 'dav/appinfo/v2/publicremote.php',
+	];
+	if (isset($services[$service])) {
+		return $services[$service];
+	}
+
+	return Server::get(IConfig::class)->getAppValue('core', 'remote_' . $service);
+}
+
 try {
+	require_once __DIR__ . '/lib/base.php';
 
-	require_once 'lib/base.php';
-	if (\OCP\Util::needUpgrade()) {
+	// All resources served via the DAV endpoint should have the strictest possible
+	// policy. Exempted from this is the SabreDAV browser plugin which overwrites
+	// this policy with a softer one if debug mode is enabled.
+	header("Content-Security-Policy: default-src 'none';");
+
+	// Check if Nextcloud is in maintenance mode
+	if (Util::needUpgrade()) {
 		// since the behavior of apps or remotes are unpredictable during
 		// an upgrade, return a 503 directly
-		OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
-		OC_Template::printErrorPage('Service unavailable');
-		exit;
+		throw new \Exception('Service unavailable', 503);
 	}
 
-	OC::checkMaintenanceMode();
-	OC::checkSingleUserMode(true);
-	$request = \OC::$server->getRequest();
+	$request = Server::get(IRequest::class);
 	$pathInfo = $request->getPathInfo();
+	if ($pathInfo === false || $pathInfo === '') {
+		throw new \Exception('Path not found', 404);
+	}
 
-	if (!$pathInfo && $request->getParam('service', '') === '') {
-		header('HTTP/1.0 404 Not Found');
-		exit;
-	} elseif ($request->getParam('service', '')) {
-		$service = $request->getParam('service', '');
-	} else {
-		$pathInfo = trim($pathInfo, '/');
-		list($service) = explode('/', $pathInfo);
+	// Extract the service from the path
+	if (!$pos = strpos($pathInfo, '/', 1)) {
+		$pos = strlen($pathInfo);
 	}
-	$file = OCP\CONFIG::getAppValue('core', 'public_' . strip_tags($service));
-	if (is_null($file)) {
-		header('HTTP/1.0 404 Not Found');
-		exit;
+	$service = substr($pathInfo, 1, $pos - 1);
+
+	// Resolve the service to a file
+	$file = resolveService($service);
+	if (!$file) {
+		throw new \Exception('Path not found', 404);
 	}
 
+	// Extract the app from the service file
+	$file = ltrim($file, '/');
 	$parts = explode('/', $file, 2);
 	$app = $parts[0];
 
 	// Load all required applications
+	$appManager = Server::get(IAppManager::class);
 	\OC::$REQUESTEDAPP = $app;
-	OC_App::loadApps(array('authentication'));
-	OC_App::loadApps(array('filesystem', 'logging'));
+	$appManager->loadApps(['authentication']);
+	$appManager->loadApps(['extended_authentication']);
+	$appManager->loadApps(['filesystem', 'logging']);
 
-	if (!\OC::$server->getAppManager()->isInstalled($app)) {
-		throw new Exception('App not installed: ' . $app);
+	// Check if the app is enabled
+	if (!$appManager->isEnabledForUser($app)) {
+		throw new \Exception('App not installed: ' . $app);
 	}
-	OC_App::loadApp($app);
+
+	// Load the app
+	$appManager->loadApp($app);
 	OC_User::setIncognitoMode(true);
 
 	$baseuri = OC::$WEBROOT . '/public.php/' . $service . '/';
-
-	require_once OC_App::getAppPath($app) . '/' . $parts[1];
-
-} catch (\OC\ServiceUnavailableException $ex) {
-	//show the user a detailed error page
-	OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
-	\OCP\Util::writeLog('remote', $ex->getMessage(), \OCP\Util::FATAL);
-	OC_Template::printExceptionErrorPage($ex);
+	require_once $file;
 } catch (Exception $ex) {
+	$status = 500;
+	if ($ex instanceof ServiceUnavailableException) {
+		$status = 503;
+	}
+	//show the user a detailed error page
+	Server::get(LoggerInterface::class)->error($ex->getMessage(), ['app' => 'public', 'exception' => $ex]);
+	Server::get(ITemplateManager::class)->printExceptionErrorPage($ex, $status);
+} catch (Error $ex) {
 	//show the user a detailed error page
-	OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
-	\OCP\Util::writeLog('remote', $ex->getMessage(), \OCP\Util::FATAL);
-	OC_Template::printExceptionErrorPage($ex);
+	Server::get(LoggerInterface::class)->error($ex->getMessage(), ['app' => 'public', 'exception' => $ex]);
+	Server::get(ITemplateManager::class)->printExceptionErrorPage($ex, 500);
 }