From bc62aa1ef564119d0a51c8140d0340c7d8dfa4d6 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Wed, 20 Jan 2016 23:05:37 +0100 Subject: Exclude .htaccess modifications from code checker After the initial installation ownCloud will write some content into the .htaccess file such as the 404 or 403 directives. This adds a magic marker into the .htaccess file and only the content above this marker will be compared in the integrity checker. --- lib/private/integritycheck/checker.php | 21 +++++++++++++++++++-- .../integritycheck/helpers/environmenthelper.php | 2 +- .../iterator/excludefoldersbypathfilteriterator.php | 1 + lib/private/setup.php | 2 +- 4 files changed, 22 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/private/integritycheck/checker.php b/lib/private/integritycheck/checker.php index 0cd01df7fe1..4c6e114dc23 100644 --- a/lib/private/integritycheck/checker.php +++ b/lib/private/integritycheck/checker.php @@ -149,16 +149,33 @@ class Checker { } $relativeFileName = substr($filename, $baseDirectoryLength); + $relativeFileName = ltrim($relativeFileName, '/'); // Exclude signature.json files in the appinfo and root folder - if($relativeFileName === '/appinfo/signature.json') { + if($relativeFileName === 'appinfo/signature.json') { continue; } // Exclude signature.json files in the appinfo and core folder - if($relativeFileName === '/core/signature.json') { + if($relativeFileName === 'core/signature.json') { continue; } + // The .htaccess file in the root folder of ownCloud can contain + // custom content after the installation due to the fact that dynamic + // content is written into it at installation time as well. This + // includes for example the 404 and 403 instructions. + // Thus we ignore everything below the first occurrence of + // "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####" and have the + // hash generated based on this. + if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') { + $fileContent = file_get_contents($filename); + $explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent); + if(count($explodedArray) === 2) { + $hashes[$relativeFileName] = hash('sha512', $explodedArray[0]); + continue; + } + } + $hashes[$relativeFileName] = hash_file('sha512', $filename); } return $hashes; diff --git a/lib/private/integritycheck/helpers/environmenthelper.php b/lib/private/integritycheck/helpers/environmenthelper.php index 8bddcb3d794..f56f07486c2 100644 --- a/lib/private/integritycheck/helpers/environmenthelper.php +++ b/lib/private/integritycheck/helpers/environmenthelper.php @@ -34,7 +34,7 @@ class EnvironmentHelper { * @return string */ public function getServerRoot() { - return \OC::$SERVERROOT; + return rtrim(\OC::$SERVERROOT, '/'); } /** diff --git a/lib/private/integritycheck/iterator/excludefoldersbypathfilteriterator.php b/lib/private/integritycheck/iterator/excludefoldersbypathfilteriterator.php index efe7c114d9e..c3994197fc6 100644 --- a/lib/private/integritycheck/iterator/excludefoldersbypathfilteriterator.php +++ b/lib/private/integritycheck/iterator/excludefoldersbypathfilteriterator.php @@ -35,6 +35,7 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator { $this->excludedFolders = array_merge([ rtrim(\OC::$server->getConfig()->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data'), '/'), rtrim(\OC::$SERVERROOT.'/themes', '/'), + rtrim(\OC::$SERVERROOT.'/config', '/'), ], $appFolders); } diff --git a/lib/private/setup.php b/lib/private/setup.php index 7903b94ccde..a96dade0665 100644 --- a/lib/private/setup.php +++ b/lib/private/setup.php @@ -408,7 +408,7 @@ class Setup { \OC::$server->getSecureRandom()); $htaccessContent = file_get_contents($setupHelper->pathToHtaccess()); - $content = ''; + $content = "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####\n"; if (strpos($htaccessContent, 'ErrorDocument 403') === false) { //custom 403 error page $content.= "\nErrorDocument 403 ".\OC::$WEBROOT."/core/templates/403.php"; -- cgit v1.2.3