From 6d0390dccaa02af0c5144733bf9c3e254e77fa9a Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Mon, 6 Aug 2012 21:45:02 +0200 Subject: Fix rewriting GET parameters with ? in REQUESTEDAPP --- lib/base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index 888dc265d64..8f7544de1f6 100644 --- a/lib/base.php +++ b/lib/base.php @@ -373,7 +373,7 @@ class OC{ self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app'])?str_replace(array('\0', '/', '\\', '..'), '', strip_tags($_GET['app'])):OC_Config::getValue('defaultapp', 'files')); if(substr_count(self::$REQUESTEDAPP, '?') != 0){ $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); - $param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1); + $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; -- cgit v1.2.3 From 99ce7ba1df52334f11c6b97c3f24d0ed31c8f6d0 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Mon, 6 Aug 2012 22:16:45 +0200 Subject: Move serverHost and serverProtocol functions to OC_Request --- lib/base.php | 4 ++-- lib/helper.php | 48 +----------------------------------------------- lib/public/util.php | 4 ++-- lib/request.php | 45 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 50 insertions(+), 51 deletions(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index 8f7544de1f6..c3887dec2f8 100644 --- a/lib/base.php +++ b/lib/base.php @@ -185,8 +185,8 @@ class OC{ // redirect to https site if configured if( OC_Config::getValue( "forcessl", false )){ ini_set("session.cookie_secure", "on"); - if(OC_Helper::serverProtocol()<>'https' and !OC::$CLI) { - $url = "https://". OC_Helper::serverHost() . $_SERVER['REQUEST_URI']; + if(OC_Request::serverProtocol()<>'https' and !OC::$CLI) { + $url = "https://". OC_Request::serverHost() . $_SERVER['REQUEST_URI']; header("Location: $url"); exit(); } diff --git a/lib/helper.php b/lib/helper.php index c404f6e5440..8c362747a27 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -64,52 +64,6 @@ class OC_Helper { return $urlLinkTo; } - /** - * @brief Returns the server host - * @returns the server host - * - * Returns the server host, even if the website uses one or more - * reverse proxies - */ - public static function serverHost() { - if(OC::$CLI){ - return 'localhost'; - } - if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { - if (strpos($_SERVER['HTTP_X_FORWARDED_HOST'], ",") !== false) { - $host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST']))); - } - else{ - $host=$_SERVER['HTTP_X_FORWARDED_HOST']; - } - } - else{ - $host = $_SERVER['HTTP_HOST']; - } - return $host; - } - - - /** - * @brief Returns the server protocol - * @returns the server protocol - * - * Returns the server protocol. It respects reverse proxy servers and load balancers - */ - public static function serverProtocol() { - if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { - $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']); - }else{ - if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) { - $proto = 'https'; - }else{ - $proto = 'http'; - } - } - return($proto); - } - - /** * @brief Creates an absolute url * @param $app app @@ -132,7 +86,7 @@ class OC_Helper { */ public static function makeURLAbsolute( $url ) { - return self::serverProtocol(). '://' . self::serverHost() . $url; + return OC_Request::serverProtocol(). '://' . OC_Request::serverHost() . $url; } /** diff --git a/lib/public/util.php b/lib/public/util.php index 75ca29f7129..9f6f6f32e1e 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -165,7 +165,7 @@ class Util { * reverse proxies */ public static function getServerHost() { - return(\OC_Helper::serverHost()); + return(\OC_Request::serverHost()); } /** @@ -175,7 +175,7 @@ class Util { * Returns the server protocol. It respects reverse proxy servers and load balancers */ public static function getServerProtocol() { - return(\OC_Helper::serverProtocol()); + return(\OC_Request::serverProtocol()); } /** diff --git a/lib/request.php b/lib/request.php index 0b5aaf8ef30..cb93a088172 100644 --- a/lib/request.php +++ b/lib/request.php @@ -7,6 +7,51 @@ */ class OC_Request { + /** + * @brief Returns the server host + * @returns the server host + * + * Returns the server host, even if the website uses one or more + * reverse proxies + */ + public static function serverHost() { + if(OC::$CLI){ + return 'localhost'; + } + if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { + if (strpos($_SERVER['HTTP_X_FORWARDED_HOST'], ",") !== false) { + $host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST']))); + } + else{ + $host=$_SERVER['HTTP_X_FORWARDED_HOST']; + } + } + else{ + $host = $_SERVER['HTTP_HOST']; + } + return $host; + } + + + /** + * @brief Returns the server protocol + * @returns the server protocol + * + * Returns the server protocol. It respects reverse proxy servers and load balancers + */ + public static function serverProtocol() { + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']); + }else{ + if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) { + $proto = 'https'; + }else{ + $proto = 'http'; + } + } + return($proto); + } + static public function isNoCache() { if (!isset($_SERVER['HTTP_CACHE_CONTROL'])) { return false; -- cgit v1.2.3 From 7522a23693b11a4c277a475cdb3204a1d9ac5912 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Wed, 8 Aug 2012 17:13:20 +0200 Subject: Remove unused RUNTIME_NOSETUPFS var --- apps/bookmarks/ajax/addBookmark.php | 7 +------ apps/bookmarks/ajax/delBookmark.php | 5 ----- apps/bookmarks/ajax/editBookmark.php | 5 ----- apps/bookmarks/ajax/recordClick.php | 5 ----- apps/bookmarks/ajax/updateList.php | 5 ----- apps/files_sharing/get.php | 2 -- apps/media/ajax/autoupdate.php | 3 +-- apps/remoteStorage/ajax/revokeToken.php | 4 ---- apps/remoteStorage/auth.php | 3 --- files/webdav.php | 2 -- lib/base.php | 3 --- public.php | 1 - remote.php | 1 - 13 files changed, 2 insertions(+), 44 deletions(-) (limited to 'lib/base.php') diff --git a/apps/bookmarks/ajax/addBookmark.php b/apps/bookmarks/ajax/addBookmark.php index 483716405a1..c8a64d531c9 100644 --- a/apps/bookmarks/ajax/addBookmark.php +++ b/apps/bookmarks/ajax/addBookmark.php @@ -21,11 +21,6 @@ * */ -//no apps or filesystem -$RUNTIME_NOSETUPFS=true; - - - // Check if we are a user OCP\JSON::checkLoggedIn(); OCP\JSON::callCheck(); @@ -34,4 +29,4 @@ OCP\JSON::checkAppEnabled('bookmarks'); require_once(OC_App::getAppPath('bookmarks').'/bookmarksHelper.php'); $id = addBookmark($_POST['url'], $_POST['title'], $_POST['tags']); -OCP\JSON::success(array('data' => $id)); \ No newline at end of file +OCP\JSON::success(array('data' => $id)); diff --git a/apps/bookmarks/ajax/delBookmark.php b/apps/bookmarks/ajax/delBookmark.php index f40f02ebab7..ba1dfff3bed 100644 --- a/apps/bookmarks/ajax/delBookmark.php +++ b/apps/bookmarks/ajax/delBookmark.php @@ -21,11 +21,6 @@ * */ -//no apps or filesystem -$RUNTIME_NOSETUPFS=true; - - - // Check if we are a user OCP\JSON::checkLoggedIn(); OCP\JSON::callCheck(); diff --git a/apps/bookmarks/ajax/editBookmark.php b/apps/bookmarks/ajax/editBookmark.php index 0b37d161af1..ad43be064f0 100644 --- a/apps/bookmarks/ajax/editBookmark.php +++ b/apps/bookmarks/ajax/editBookmark.php @@ -21,11 +21,6 @@ * */ -//no apps or filesystem -$RUNTIME_NOSETUPFS=true; - - - // Check if we are a user OCP\JSON::checkLoggedIn(); OCP\JSON::callCheck(); diff --git a/apps/bookmarks/ajax/recordClick.php b/apps/bookmarks/ajax/recordClick.php index 1eee1718d13..0283f09f60d 100644 --- a/apps/bookmarks/ajax/recordClick.php +++ b/apps/bookmarks/ajax/recordClick.php @@ -21,11 +21,6 @@ * */ -//no apps or filesystem -$RUNTIME_NOSETUPFS=true; - - - // Check if we are a user OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('bookmarks'); diff --git a/apps/bookmarks/ajax/updateList.php b/apps/bookmarks/ajax/updateList.php index 4de2475d067..cf9a2cf9183 100644 --- a/apps/bookmarks/ajax/updateList.php +++ b/apps/bookmarks/ajax/updateList.php @@ -22,11 +22,6 @@ * */ -//no apps or filesystem -$RUNTIME_NOSETUPFS=true; - - - // Check if we are a user OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('bookmarks'); diff --git a/apps/files_sharing/get.php b/apps/files_sharing/get.php index 70a5162d382..1d219719b2d 100644 --- a/apps/files_sharing/get.php +++ b/apps/files_sharing/get.php @@ -1,6 +1,4 @@ Date: Wed, 8 Aug 2012 21:08:20 +0200 Subject: Move handling request of index.php to OC class --- index.php | 45 ++------------------------------------------- lib/base.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 43 deletions(-) (limited to 'lib/base.php') diff --git a/index.php b/index.php index e3c94adf66f..94893e475a2 100755 --- a/index.php +++ b/index.php @@ -26,49 +26,8 @@ $RUNTIME_NOAPPS = TRUE; //no apps, yet require_once('lib/base.php'); -// Setup required : -$not_installed = !OC_Config::getValue('installed', false); -if($not_installed) { - // Check for autosetup: - $autosetup_file = OC::$SERVERROOT."/config/autoconfig.php"; - if( file_exists( $autosetup_file )){ - OC_Log::write('core','Autoconfig file found, setting up owncloud...',OC_Log::INFO); - include( $autosetup_file ); - $_POST['install'] = 'true'; - $_POST = array_merge ($_POST, $AUTOCONFIG); - unlink($autosetup_file); - } - OC_Util::addScript('setup'); - require_once('setup.php'); - exit(); -} - -// Handle WebDAV -if($_SERVER['REQUEST_METHOD']=='PROPFIND'){ - header('location: '.OC_Helper::linkToRemote('webdav')); - exit(); -} -elseif(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css'){ - OC_App::loadApps(); - OC::loadfile(); -} -// Someone is logged in : -elseif(OC_User::isLoggedIn()) { - OC_App::loadApps(); - if(isset($_GET["logout"]) and ($_GET["logout"])) { - OC_User::logout(); - header("Location: ".OC::$WEBROOT.'/'); - exit(); - }else{ - if(is_null(OC::$REQUESTEDFILE)){ - OC::loadapp(); - }else{ - OC::loadfile(); - } - } - -// For all others cases, we display the guest page : -} else { +if (!OC::handleRequest()) { +// Not handled -> we display the login page: OC_App::loadApps(array('prelogin')); $error = false; // remember was checked after last login diff --git a/lib/base.php b/lib/base.php index c5827064d75..b91945ab97b 100644 --- a/lib/base.php +++ b/lib/base.php @@ -398,6 +398,54 @@ class OC{ } } } + + /** + * @brief Try to handle request + * @return true when the request is handled here + */ + public static function handleRequest() { + if (!OC_Config::getValue('installed', false)) { + // Check for autosetup: + $autosetup_file = OC::$SERVERROOT."/config/autoconfig.php"; + if( file_exists( $autosetup_file )){ + OC_Log::write('core','Autoconfig file found, setting up owncloud...',OC_Log::INFO); + include( $autosetup_file ); + $_POST['install'] = 'true'; + $_POST = array_merge ($_POST, $AUTOCONFIG); + unlink($autosetup_file); + } + OC_Util::addScript('setup'); + require_once('setup.php'); + exit(); + } + // Handle WebDAV + if($_SERVER['REQUEST_METHOD']=='PROPFIND'){ + header('location: '.OC_Helper::linkToRemote('webdav')); + return true; + } + if(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css') { + OC_App::loadApps(); + OC::loadfile(); + return true; + } + // Someone is logged in : + if(OC_User::isLoggedIn()) { + OC_App::loadApps(); + if(isset($_GET["logout"]) and ($_GET["logout"])) { + OC_User::logout(); + header("Location: ".OC::$WEBROOT.'/'); + }else{ + if(is_null(OC::$REQUESTEDFILE)) { + OC::loadapp(); + }else{ + OC::loadfile(); + } + } + return true; + } + return false; + } + } // define runtime variables - unless this already has been done -- cgit v1.2.3 From 3387454094318676aa78d87d098b038219e3dccb Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Wed, 8 Aug 2012 22:42:45 +0200 Subject: Move login code from index.php to OC class --- index.php | 48 ++++++--------------------------------------- lib/base.php | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 42 deletions(-) (limited to 'lib/base.php') diff --git a/index.php b/index.php index 94893e475a2..4ffd013aa86 100755 --- a/index.php +++ b/index.php @@ -31,52 +31,16 @@ if (!OC::handleRequest()) { OC_App::loadApps(array('prelogin')); $error = false; // remember was checked after last login - if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) { - OC_App::loadApps(array('authentication')); - if(defined("DEBUG") && DEBUG) { - OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG); - } - // confirm credentials in cookie - if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && - OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { - OC_User::setUserId($_COOKIE['oc_username']); - OC_Util::redirectToDefaultPage(); - } - else { - OC_User::unsetMagicInCookie(); - } + if (OC::tryRememberLogin()) { + // nothing more to do // Someone wants to log in : - } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) { - OC_App::loadApps(); - if(OC_User::login($_POST["user"], $_POST["password"])) { - if(!empty($_POST["remember_login"])){ - if(defined("DEBUG") && DEBUG) { - OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG); - } - $token = md5($_POST["user"].time().$_POST['password']); - OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); - OC_User::setMagicInCookie($_POST["user"], $token); - } - else { - OC_User::unsetMagicInCookie(); - } - OC_Util::redirectToDefaultPage(); - } else { - $error = true; - } + } elseif (OC::tryFormLogin()) { + $error = true; // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP - } elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){ - OC_App::loadApps(array('authentication')); - if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { - //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); - OC_User::unsetMagicInCookie(); - $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:''); - OC_Util::redirectToDefaultPage(); - }else{ - $error = true; - } + } elseif(OC::tryBasicAuthLogin()) { + $error = true; } if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ $sectoken=rand(1000000,9999999); diff --git a/lib/base.php b/lib/base.php index b91945ab97b..6514a0c0b0c 100644 --- a/lib/base.php +++ b/lib/base.php @@ -446,6 +446,70 @@ class OC{ return false; } + public static function tryRememberLogin() { + if(!isset($_COOKIE["oc_remember_login"]) + || !isset($_COOKIE["oc_token"]) + || !isset($_COOKIE["oc_username"]) + || !$_COOKIE["oc_remember_login"]) { + return false; + } + OC_App::loadApps(array('authentication')); + if(defined("DEBUG") && DEBUG) { + OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG); + } + // confirm credentials in cookie + if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && + OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { + OC_User::setUserId($_COOKIE['oc_username']); + OC_Util::redirectToDefaultPage(); + } + else { + OC_User::unsetMagicInCookie(); + } + return true; + } + + public static function tryFormLogin() { + if(!isset($_POST["user"]) + || !isset($_POST['password']) + || !isset($_SESSION['sectoken']) + || !isset($_POST['sectoken']) + || ($_SESSION['sectoken']!=$_POST['sectoken']) ) { + return false; + } + OC_App::loadApps(); + if(OC_User::login($_POST["user"], $_POST["password"])) { + if(!empty($_POST["remember_login"])){ + if(defined("DEBUG") && DEBUG) { + OC_Log::write('core','Setting remember login to cookie', OC_Log::DEBUG); + } + $token = md5($_POST["user"].time().$_POST['password']); + OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); + OC_User::setMagicInCookie($_POST["user"], $token); + } + else { + OC_User::unsetMagicInCookie(); + } + OC_Util::redirectToDefaultPage(); + } + return true; + } + + public static function tryBasicAuthLogin() { + if (!isset($_SERVER["PHP_AUTH_USER"]) + || !isset($_SERVER["PHP_AUTH_PW"])){ + return false; + } + OC_App::loadApps(array('authentication')); + if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { + //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); + OC_User::unsetMagicInCookie(); + $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:''); + OC_Util::redirectToDefaultPage(); + } + return true; + } + } // define runtime variables - unless this already has been done -- cgit v1.2.3 From 13a0818fec4ac758fb050764fb33d90c74200cfe Mon Sep 17 00:00:00 2001 From: Jakob Sack Date: Thu, 9 Aug 2012 01:02:05 +0200 Subject: Be more precise regarding backgroundjobs mode --- cron.php | 6 +++--- lib/base.php | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'lib/base.php') diff --git a/cron.php b/cron.php index fd46174f2bd..2bcaaff9fd9 100644 --- a/cron.php +++ b/cron.php @@ -23,9 +23,9 @@ $RUNTIME_NOSETUPFS = true; require_once('lib/base.php'); -$appmode = OC_Appconfig::getValue( 'core', 'backgroundjob_mode', 'web' ); +$appmode = OC_Appconfig::getValue( 'core', 'backgroundjob_mode', 'ajax' ); if( OC::$CLI ){ - if( $appmode == 'web' ){ + if( $appmode != 'cron' ){ OC_Appconfig::setValue( 'core', 'backgroundjob_mode', 'cron' ); } @@ -41,7 +41,7 @@ if( OC::$CLI ){ OC_BackgroundJob_Worker::doAllSteps(); } else{ - if( $appmode == 'web' ){ + if( $appmode == 'cron' ){ OC_JSON::error( array( 'data' => array( 'message' => 'Backgroundjobs are using system cron!'))); exit(); } diff --git a/lib/base.php b/lib/base.php index c3887dec2f8..090d05cdbae 100644 --- a/lib/base.php +++ b/lib/base.php @@ -227,11 +227,17 @@ class OC{ OC_Util::addScript( "jquery.infieldlabel.min" ); OC_Util::addScript( "jquery-tipsy" ); OC_Util::addScript( "oc-dialogs" ); + OC_Util::addScript( "backgroundjobs" ); OC_Util::addScript( "js" ); OC_Util::addScript( "eventsource" ); OC_Util::addScript( "config" ); //OC_Util::addScript( "multiselect" ); OC_Util::addScript('search','result'); + + if( OC_Appconfig::getValue( 'core', 'backgroundjob_mode', 'ajax' ) == 'ajax' ){ + OC_Util::addScript( 'backgroundjobs' ); + } + OC_Util::addStyle( "styles" ); OC_Util::addStyle( "multiselect" ); OC_Util::addStyle( "jquery-ui-1.8.16.custom" ); -- cgit v1.2.3 From 889f0a1c6df51c5b6495445809143940ad17c327 Mon Sep 17 00:00:00 2001 From: Jakob Sack Date: Thu, 9 Aug 2012 10:40:39 +0200 Subject: rename appconfig keys for backgroundjobs --- cron.php | 8 ++++---- lib/backgroundjob/worker.php | 12 ++++++------ lib/base.php | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) (limited to 'lib/base.php') diff --git a/cron.php b/cron.php index 2bcaaff9fd9..9d7e396d61e 100644 --- a/cron.php +++ b/cron.php @@ -23,19 +23,19 @@ $RUNTIME_NOSETUPFS = true; require_once('lib/base.php'); -$appmode = OC_Appconfig::getValue( 'core', 'backgroundjob_mode', 'ajax' ); +$appmode = OC_Appconfig::getValue( 'core', 'backgroundjobs_mode', 'ajax' ); if( OC::$CLI ){ if( $appmode != 'cron' ){ - OC_Appconfig::setValue( 'core', 'backgroundjob_mode', 'cron' ); + OC_Appconfig::setValue( 'core', 'backgroundjobs_mode', 'cron' ); } // check if backgroundjobs is still running - $pid = OC_Appconfig::getValue( 'core', 'backgroundjob_pid', false ); + $pid = OC_Appconfig::getValue( 'core', 'backgroundjobs_pid', false ); if( $pid !== false ){ // FIXME: check if $pid is still alive (*nix/mswin). if so then exit } // save pid - OC_Appconfig::setValue( 'core', 'backgroundjob_pid', getmypid()); + OC_Appconfig::setValue( 'core', 'backgroundjobs_pid', getmypid()); // Work OC_BackgroundJob_Worker::doAllSteps(); diff --git a/lib/backgroundjob/worker.php b/lib/backgroundjob/worker.php index 7514a16b696..799fa5306c6 100644 --- a/lib/backgroundjob/worker.php +++ b/lib/backgroundjob/worker.php @@ -60,11 +60,11 @@ class OC_BackgroundJob_Worker{ * services. */ public static function doNextStep(){ - $laststep = OC_Appconfig::getValue( 'core', 'backgroundjob_step', 'regular_tasks' ); + $laststep = OC_Appconfig::getValue( 'core', 'backgroundjobs_step', 'regular_tasks' ); if( $laststep == 'regular_tasks' ){ // get last app - $lasttask = OC_Appconfig::getValue( 'core', 'backgroundjob_task', '' ); + $lasttask = OC_Appconfig::getValue( 'core', 'backgroundjobs_task', '' ); // What's the next step? $regular_tasks = OC_BackgroundJob_RegularTask::all(); @@ -74,7 +74,7 @@ class OC_BackgroundJob_Worker{ // search for next background job foreach( $regular_tasks as $key => $value ){ if( strcmp( $lasttask, $key ) > 0 ){ - OC_Appconfig::getValue( 'core', 'backgroundjob_task', $key ); + OC_Appconfig::getValue( 'core', 'backgroundjobs_task', $key ); $done = true; call_user_func( $value ); break; @@ -83,7 +83,7 @@ class OC_BackgroundJob_Worker{ if( $done == false ){ // Next time load scheduled tasks - OC_Appconfig::setValue( 'core', 'backgroundjob_step', 'scheduled_tasks' ); + OC_Appconfig::setValue( 'core', 'backgroundjobs_step', 'scheduled_tasks' ); } } else{ @@ -99,8 +99,8 @@ class OC_BackgroundJob_Worker{ } else{ // Next time load scheduled tasks - OC_Appconfig::setValue( 'core', 'backgroundjob_step', 'regular_tasks' ); - OC_Appconfig::setValue( 'core', 'backgroundjob_task', '' ); + OC_Appconfig::setValue( 'core', 'backgroundjobs_step', 'regular_tasks' ); + OC_Appconfig::setValue( 'core', 'backgroundjobs_task', '' ); } } diff --git a/lib/base.php b/lib/base.php index 090d05cdbae..ee80294dd92 100644 --- a/lib/base.php +++ b/lib/base.php @@ -234,7 +234,7 @@ class OC{ //OC_Util::addScript( "multiselect" ); OC_Util::addScript('search','result'); - if( OC_Appconfig::getValue( 'core', 'backgroundjob_mode', 'ajax' ) == 'ajax' ){ + if( OC_Appconfig::getValue( 'core', 'backgroundjobs_mode', 'ajax' ) == 'ajax' ){ OC_Util::addScript( 'backgroundjobs' ); } -- cgit v1.2.3 From aa9fbf6639e2ce2fa2e8549d2d82d54a745d5327 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Thu, 9 Aug 2012 08:55:51 +0200 Subject: Combine install checks in lib/base.php --- lib/base.php | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index 6514a0c0b0c..4fc8cfa2455 100644 --- a/lib/base.php +++ b/lib/base.php @@ -172,11 +172,25 @@ class OC{ public static function checkInstalled() { // Redirect to installer if not installed - if (!OC_Config::getValue('installed', false) && OC::$SUBURI != '/index.php') { - if(!OC::$CLI){ - $url = 'http://'.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php'; - header("Location: $url"); + if (!OC_Config::getValue('installed', false)) { + if (OC::$SUBURI != '/index.php') { + if(!OC::$CLI){ + $url = 'http://'.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php'; + header("Location: $url"); + } + exit(); } + // Check for autosetup: + $autosetup_file = OC::$SERVERROOT."/config/autoconfig.php"; + if( file_exists( $autosetup_file )){ + OC_Log::write('core','Autoconfig file found, setting up owncloud...', OC_Log::INFO); + include( $autosetup_file ); + $_POST['install'] = 'true'; + $_POST = array_merge ($_POST, $AUTOCONFIG); + unlink($autosetup_file); + } + OC_Util::addScript('setup'); + require_once('setup.php'); exit(); } } @@ -331,10 +345,10 @@ class OC{ stream_wrapper_register('static', 'OC_StaticStreamWrapper'); stream_wrapper_register('close', 'OC_CloseStreamWrapper'); + self::initTemplateEngine(); self::checkInstalled(); self::checkSSL(); self::initSession(); - self::initTemplateEngine(); self::checkUpgrade(); $errors=OC_Util::checkServer(); @@ -404,20 +418,6 @@ class OC{ * @return true when the request is handled here */ public static function handleRequest() { - if (!OC_Config::getValue('installed', false)) { - // Check for autosetup: - $autosetup_file = OC::$SERVERROOT."/config/autoconfig.php"; - if( file_exists( $autosetup_file )){ - OC_Log::write('core','Autoconfig file found, setting up owncloud...',OC_Log::INFO); - include( $autosetup_file ); - $_POST['install'] = 'true'; - $_POST = array_merge ($_POST, $AUTOCONFIG); - unlink($autosetup_file); - } - OC_Util::addScript('setup'); - require_once('setup.php'); - exit(); - } // Handle WebDAV if($_SERVER['REQUEST_METHOD']=='PROPFIND'){ header('location: '.OC_Helper::linkToRemote('webdav')); -- cgit v1.2.3 From 0973969386d70ce9935d0c01860bea82d13d5663 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 10 Aug 2012 00:40:16 +0200 Subject: Cleanup OC::loadfile --- lib/base.php | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index 4fc8cfa2455..62d3918171f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -257,25 +257,35 @@ class OC{ session_start(); } - public static function loadapp(){ - if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php')){ + public static function loadapp() { + if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php')) { require_once(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php'); - }else{ + } + else { trigger_error('The requested App was not found.', E_USER_ERROR);//load default app instead? } } - public static function loadfile(){ - if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . OC::$REQUESTEDFILE)){ - if(substr(OC::$REQUESTEDFILE, -3) == 'css'){ - $file = OC_App::getAppWebPath(OC::$REQUESTEDAPP). '/' . OC::$REQUESTEDFILE; + public static function loadfile() { + $app = OC::$REQUESTEDAPP; + $file = OC::$REQUESTEDFILE; + $app_path = OC_App::getAppPath($app); + if(file_exists($app_path . '/' . $file)) { + $file_ext = substr($file, -3); + if ($file_ext == 'css') { + $app_web_path = OC_App::getAppWebPath($app); + $filepath = $app_web_path . '/' . $file; $minimizer = new OC_Minimizer_CSS(); - $minimizer->output(array(array(OC_App::getAppPath(OC::$REQUESTEDAPP), OC_App::getAppWebPath(OC::$REQUESTEDAPP), OC::$REQUESTEDFILE)),$file); + $info = array($app_path, $app_web_path, $file); + $minimizer->output(array($info), $filepath); exit; - }elseif(substr(OC::$REQUESTEDFILE, -3) == 'php'){ - require_once(OC_App::getAppPath(OC::$REQUESTEDAPP). '/' . OC::$REQUESTEDFILE); + } elseif($file_ext == 'php') { + $file = $app_path . '/' . $file; + unset($app, $app_path, $app_web_path, $file_ext); + require_once($file); } - }else{ + } + else { die(); header('HTTP/1.0 404 Not Found'); exit; -- cgit v1.2.3 From e3c732040b7eeb45efcd563d1c9abddf617ecd32 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 10 Aug 2012 00:42:46 +0200 Subject: Make OC::loadfile and OC::loadapp protected, only used in OC::handleRequest --- lib/base.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index 62d3918171f..025046c31db 100644 --- a/lib/base.php +++ b/lib/base.php @@ -257,7 +257,7 @@ class OC{ session_start(); } - public static function loadapp() { + protected static function loadapp() { if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php')) { require_once(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php'); } @@ -266,7 +266,7 @@ class OC{ } } - public static function loadfile() { + protected static function loadfile() { $app = OC::$REQUESTEDAPP; $file = OC::$REQUESTEDFILE; $app_path = OC_App::getAppPath($app); @@ -435,7 +435,7 @@ class OC{ } if(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css') { OC_App::loadApps(); - OC::loadfile(); + self::loadfile(); return true; } // Someone is logged in : @@ -446,9 +446,9 @@ class OC{ header("Location: ".OC::$WEBROOT.'/'); }else{ if(is_null(OC::$REQUESTEDFILE)) { - OC::loadapp(); + self::loadapp(); }else{ - OC::loadfile(); + self::loadfile(); } } return true; -- cgit v1.2.3 From da07245f59cd3a1636392f63ef89e91b40d792eb Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 10 Aug 2012 00:58:13 +0200 Subject: Move OC::loadfile and OC::loadapp next to OC::handleRequest --- lib/base.php | 70 ++++++++++++++++++++++++++++++------------------------------ 1 file changed, 35 insertions(+), 35 deletions(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index 025046c31db..69de28db4a0 100644 --- a/lib/base.php +++ b/lib/base.php @@ -257,41 +257,6 @@ class OC{ session_start(); } - protected static function loadapp() { - if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php')) { - require_once(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php'); - } - else { - trigger_error('The requested App was not found.', E_USER_ERROR);//load default app instead? - } - } - - protected static function loadfile() { - $app = OC::$REQUESTEDAPP; - $file = OC::$REQUESTEDFILE; - $app_path = OC_App::getAppPath($app); - if(file_exists($app_path . '/' . $file)) { - $file_ext = substr($file, -3); - if ($file_ext == 'css') { - $app_web_path = OC_App::getAppWebPath($app); - $filepath = $app_web_path . '/' . $file; - $minimizer = new OC_Minimizer_CSS(); - $info = array($app_path, $app_web_path, $file); - $minimizer->output(array($info), $filepath); - exit; - } elseif($file_ext == 'php') { - $file = $app_path . '/' . $file; - unset($app, $app_path, $app_web_path, $file_ext); - require_once($file); - } - } - else { - die(); - header('HTTP/1.0 404 Not Found'); - exit; - } - } - public static function init(){ // register autoloader spl_autoload_register(array('OC','autoload')); @@ -456,6 +421,41 @@ class OC{ return false; } + protected static function loadapp() { + if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php')) { + require_once(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php'); + } + else { + trigger_error('The requested App was not found.', E_USER_ERROR);//load default app instead? + } + } + + protected static function loadfile() { + $app = OC::$REQUESTEDAPP; + $file = OC::$REQUESTEDFILE; + $app_path = OC_App::getAppPath($app); + if (file_exists($app_path . '/' . $file)) { + $file_ext = substr($file, -3); + if ($file_ext == 'css') { + $app_web_path = OC_App::getAppWebPath($app); + $filepath = $app_web_path . '/' . $file; + $minimizer = new OC_Minimizer_CSS(); + $info = array($app_path, $app_web_path, $file); + $minimizer->output(array($info), $filepath); + exit; + } elseif($file_ext == 'php') { + $file = $app_path . '/' . $file; + unset($app, $app_path, $app_web_path, $file_ext); + require_once($file); + } + } + else { + die(); + header('HTTP/1.0 404 Not Found'); + exit; + } + } + public static function tryRememberLogin() { if(!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) -- cgit v1.2.3 From 83403784d163411856e8ab6e711c319e36040f56 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 10 Aug 2012 00:58:57 +0200 Subject: Always load when the requested file is css --- lib/base.php | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index 69de28db4a0..5132a822927 100644 --- a/lib/base.php +++ b/lib/base.php @@ -398,9 +398,8 @@ class OC{ header('location: '.OC_Helper::linkToRemote('webdav')); return true; } - if(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css') { - OC_App::loadApps(); - self::loadfile(); + if(substr(OC::$REQUESTEDFILE,-3) == 'css') { + self::loadCSSFile(); return true; } // Someone is logged in : @@ -436,14 +435,7 @@ class OC{ $app_path = OC_App::getAppPath($app); if (file_exists($app_path . '/' . $file)) { $file_ext = substr($file, -3); - if ($file_ext == 'css') { - $app_web_path = OC_App::getAppWebPath($app); - $filepath = $app_web_path . '/' . $file; - $minimizer = new OC_Minimizer_CSS(); - $info = array($app_path, $app_web_path, $file); - $minimizer->output(array($info), $filepath); - exit; - } elseif($file_ext == 'php') { + if ($file_ext == 'php') { $file = $app_path . '/' . $file; unset($app, $app_path, $app_web_path, $file_ext); require_once($file); @@ -456,6 +448,19 @@ class OC{ } } + protected static function loadCSSFile() { + $app = OC::$REQUESTEDAPP; + $file = OC::$REQUESTEDFILE; + $app_path = OC_App::getAppPath($app); + if (file_exists($app_path . '/' . $file)) { + $app_web_path = OC_App::getAppWebPath($app); + $filepath = $app_web_path . '/' . $file; + $minimizer = new OC_Minimizer_CSS(); + $info = array($app_path, $app_web_path, $file); + $minimizer->output(array($info), $filepath); + } + } + public static function tryRememberLogin() { if(!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) -- cgit v1.2.3 From 5e7086adc93c501b6fcef8650d6552e95a1b6b28 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 10 Aug 2012 12:17:13 +0200 Subject: Move login handling to OC class --- index.php | 20 +------------------- lib/base.php | 37 ++++++++++++++++++++++++++++--------- 2 files changed, 29 insertions(+), 28 deletions(-) (limited to 'lib/base.php') diff --git a/index.php b/index.php index 12a4d4918df..331d7fae8e0 100755 --- a/index.php +++ b/index.php @@ -21,26 +21,8 @@ * */ - $RUNTIME_NOAPPS = TRUE; //no apps, yet require_once('lib/base.php'); -if (!OC::handleRequest()) { -// Not handled -> we display the login page: - OC_App::loadApps(array('prelogin')); - $error = false; - // remember was checked after last login - if (OC::tryRememberLogin()) { - // nothing more to do - - // Someone wants to log in : - } elseif (OC::tryFormLogin()) { - $error = true; - - // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP - } elseif(OC::tryBasicAuthLogin()) { - $error = true; - } - OC_Util::displayLoginPage($error); -} +OC::handleRequest(); diff --git a/lib/base.php b/lib/base.php index 5132a822927..b200da77ba5 100644 --- a/lib/base.php +++ b/lib/base.php @@ -389,18 +389,18 @@ class OC{ } /** - * @brief Try to handle request - * @return true when the request is handled here + * @brief Handle the request */ public static function handleRequest() { // Handle WebDAV if($_SERVER['REQUEST_METHOD']=='PROPFIND'){ header('location: '.OC_Helper::linkToRemote('webdav')); - return true; + return; } + // Handle app css files if(substr(OC::$REQUESTEDFILE,-3) == 'css') { self::loadCSSFile(); - return true; + return; } // Someone is logged in : if(OC_User::isLoggedIn()) { @@ -415,9 +415,10 @@ class OC{ self::loadfile(); } } - return true; + return; } - return false; + // Not handled and not logged in + self::handleLogin(); } protected static function loadapp() { @@ -461,7 +462,25 @@ class OC{ } } - public static function tryRememberLogin() { + protected static function handleLogin() { + OC_App::loadApps(array('prelogin')); + $error = false; + // remember was checked after last login + if (OC::tryRememberLogin()) { + // nothing more to do + + // Someone wants to log in : + } elseif (OC::tryFormLogin()) { + $error = true; + + // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP + } elseif (OC::tryBasicAuthLogin()) { + $error = true; + } + OC_Util::displayLoginPage($error); + } + + protected static function tryRememberLogin() { if(!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) @@ -484,7 +503,7 @@ class OC{ return true; } - public static function tryFormLogin() { + protected static function tryFormLogin() { if(!isset($_POST["user"]) || !isset($_POST['password']) || !isset($_SESSION['sectoken']) @@ -510,7 +529,7 @@ class OC{ return true; } - public static function tryBasicAuthLogin() { + protected static function tryBasicAuthLogin() { if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])){ return false; -- cgit v1.2.3 From 82b10954e714135aac332c4e349124731841aa90 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 10 Aug 2012 12:27:37 +0200 Subject: Simplify loading app php script files --- lib/base.php | 44 ++++++++++++++++---------------------------- 1 file changed, 16 insertions(+), 28 deletions(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index b200da77ba5..c4127c73f26 100644 --- a/lib/base.php +++ b/lib/base.php @@ -409,10 +409,15 @@ class OC{ OC_User::logout(); header("Location: ".OC::$WEBROOT.'/'); }else{ - if(is_null(OC::$REQUESTEDFILE)) { - self::loadapp(); - }else{ - self::loadfile(); + $app = OC::$REQUESTEDAPP; + $file = OC::$REQUESTEDFILE; + if(is_null($file)) { + $file = 'index.php'; + } + $file_ext = substr($file, -3); + if ($file_ext != 'php' + || !self::loadAppScriptFile($app, $file)) { + header('HTTP/1.0 404 Not Found'); } } return; @@ -421,32 +426,15 @@ class OC{ self::handleLogin(); } - protected static function loadapp() { - if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php')) { - require_once(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php'); - } - else { - trigger_error('The requested App was not found.', E_USER_ERROR);//load default app instead? - } - } - - protected static function loadfile() { - $app = OC::$REQUESTEDAPP; - $file = OC::$REQUESTEDFILE; + protected static function loadAppScriptFile($app, $file) { $app_path = OC_App::getAppPath($app); - if (file_exists($app_path . '/' . $file)) { - $file_ext = substr($file, -3); - if ($file_ext == 'php') { - $file = $app_path . '/' . $file; - unset($app, $app_path, $app_web_path, $file_ext); - require_once($file); - } - } - else { - die(); - header('HTTP/1.0 404 Not Found'); - exit; + $file = $app_path . '/' . $file; + unset($app, $app_path); + if (file_exists($file)) { + require_once($file); + return true; } + return false; } protected static function loadCSSFile() { -- cgit v1.2.3 From 0ea4fa298c20a1cb25223b2bcaa5152c7a0f52dd Mon Sep 17 00:00:00 2001 From: Jakob Sack Date: Fri, 10 Aug 2012 13:53:40 +0200 Subject: Backgroundjobs: don't try to access OC_Appconfig if ownCloud has not been installed --- lib/base.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index dae62a029c8..3a65b30ae9f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -109,7 +109,8 @@ class OC{ OC::$SUBURI=OC::$SUBURI.'index.php'; } } - OC::$WEBROOT=substr($scriptName,0,strlen($scriptName)-strlen(OC::$SUBURI)); + + OC::$WEBROOT=substr($scriptName,0,strlen($scriptName)-strlen(OC::$SUBURI)); if(OC::$WEBROOT!='' and OC::$WEBROOT[0]!=='/'){ OC::$WEBROOT='/'.OC::$WEBROOT; @@ -241,15 +242,16 @@ class OC{ OC_Util::addScript( "jquery.infieldlabel.min" ); OC_Util::addScript( "jquery-tipsy" ); OC_Util::addScript( "oc-dialogs" ); - OC_Util::addScript( "backgroundjobs" ); OC_Util::addScript( "js" ); OC_Util::addScript( "eventsource" ); OC_Util::addScript( "config" ); //OC_Util::addScript( "multiselect" ); OC_Util::addScript('search','result'); - if( OC_Appconfig::getValue( 'core', 'backgroundjobs_mode', 'ajax' ) == 'ajax' ){ - OC_Util::addScript( 'backgroundjobs' ); + if( OC_Config::getValue( 'installed', false )){ + if( OC_Appconfig::getValue( 'core', 'backgroundjobs_mode', 'ajax' ) == 'ajax' ){ + OC_Util::addScript( 'backgroundjobs' ); + } } OC_Util::addStyle( "styles" ); -- cgit v1.2.3 From 8ec45870a3f1d9dfb633a39b7b8a7c4911533d9e Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 10 Aug 2012 15:27:10 +0200 Subject: Validate cookie properly and prevent auth bypass BIG (!) thanks to Julien CAYSSOL --- lib/base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/base.php') diff --git a/lib/base.php b/lib/base.php index 3a65b30ae9f..0730e5ff3a9 100644 --- a/lib/base.php +++ b/lib/base.php @@ -489,7 +489,7 @@ class OC{ } // confirm credentials in cookie if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && - OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { + OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) { OC_User::setUserId($_COOKIE['oc_username']); OC_Util::redirectToDefaultPage(); } -- cgit v1.2.3