Commit 59b1a87bf1681405977bb1cf273b893fdff0cd30
1 parent
b93276a689
Exists in
master
[fix] Apply #4574 fix manually
Showing 1 changed file with 6 additions and 4 deletions Inline Diff
sources/lib/base.php
1 | <?php | 1 | <?php |
2 | /** | 2 | /** |
3 | * ownCloud | 3 | * ownCloud |
4 | * | 4 | * |
5 | * @author Frank Karlitschek | 5 | * @author Frank Karlitschek |
6 | * @copyright 2012 Frank Karlitschek frank@owncloud.org | 6 | * @copyright 2012 Frank Karlitschek frank@owncloud.org |
7 | * | 7 | * |
8 | * This library is free software; you can redistribute it and/or | 8 | * This library is free software; you can redistribute it and/or |
9 | * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE | 9 | * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE |
10 | * License as published by the Free Software Foundation; either | 10 | * License as published by the Free Software Foundation; either |
11 | * version 3 of the License, or any later version. | 11 | * version 3 of the License, or any later version. |
12 | * | 12 | * |
13 | * This library is distributed in the hope that it will be useful, | 13 | * This library is distributed in the hope that it will be useful, |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | * GNU AFFERO GENERAL PUBLIC LICENSE for more details. | 16 | * GNU AFFERO GENERAL PUBLIC LICENSE for more details. |
17 | * | 17 | * |
18 | * You should have received a copy of the GNU Affero General Public | 18 | * You should have received a copy of the GNU Affero General Public |
19 | * License along with this library. If not, see <http://www.gnu.org/licenses/>. | 19 | * License along with this library. If not, see <http://www.gnu.org/licenses/>. |
20 | * | 20 | * |
21 | */ | 21 | */ |
22 | 22 | ||
23 | require_once 'public/constants.php'; | 23 | require_once 'public/constants.php'; |
24 | 24 | ||
25 | /** | 25 | /** |
26 | * Class that is a namespace for all global OC variables | 26 | * Class that is a namespace for all global OC variables |
27 | * No, we can not put this class in its own file because it is used by | 27 | * No, we can not put this class in its own file because it is used by |
28 | * OC_autoload! | 28 | * OC_autoload! |
29 | */ | 29 | */ |
30 | class OC { | 30 | class OC { |
31 | /** | 31 | /** |
32 | * Associative array for autoloading. classname => filename | 32 | * Associative array for autoloading. classname => filename |
33 | */ | 33 | */ |
34 | public static $CLASSPATH = array(); | 34 | public static $CLASSPATH = array(); |
35 | /** | 35 | /** |
36 | * The installation path for owncloud on the server (e.g. /srv/http/owncloud) | 36 | * The installation path for owncloud on the server (e.g. /srv/http/owncloud) |
37 | */ | 37 | */ |
38 | public static $SERVERROOT = ''; | 38 | public static $SERVERROOT = ''; |
39 | /** | 39 | /** |
40 | * the current request path relative to the owncloud root (e.g. files/index.php) | 40 | * the current request path relative to the owncloud root (e.g. files/index.php) |
41 | */ | 41 | */ |
42 | private static $SUBURI = ''; | 42 | private static $SUBURI = ''; |
43 | /** | 43 | /** |
44 | * the owncloud root path for http requests (e.g. owncloud/) | 44 | * the owncloud root path for http requests (e.g. owncloud/) |
45 | */ | 45 | */ |
46 | public static $WEBROOT = ''; | 46 | public static $WEBROOT = ''; |
47 | /** | 47 | /** |
48 | * The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty) | 48 | * The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty) |
49 | */ | 49 | */ |
50 | public static $THIRDPARTYROOT = ''; | 50 | public static $THIRDPARTYROOT = ''; |
51 | /** | 51 | /** |
52 | * the root path of the 3rdparty folder for http requests (e.g. owncloud/3rdparty) | 52 | * the root path of the 3rdparty folder for http requests (e.g. owncloud/3rdparty) |
53 | */ | 53 | */ |
54 | public static $THIRDPARTYWEBROOT = ''; | 54 | public static $THIRDPARTYWEBROOT = ''; |
55 | /** | 55 | /** |
56 | * The installation path array of the apps folder on the server (e.g. /srv/http/owncloud) 'path' and | 56 | * The installation path array of the apps folder on the server (e.g. /srv/http/owncloud) 'path' and |
57 | * web path in 'url' | 57 | * web path in 'url' |
58 | */ | 58 | */ |
59 | public static $APPSROOTS = array(); | 59 | public static $APPSROOTS = array(); |
60 | 60 | ||
61 | public static $configDir; | 61 | public static $configDir; |
62 | 62 | ||
63 | /** | 63 | /** |
64 | * requested app | 64 | * requested app |
65 | */ | 65 | */ |
66 | public static $REQUESTEDAPP = ''; | 66 | public static $REQUESTEDAPP = ''; |
67 | 67 | ||
68 | /** | 68 | /** |
69 | * check if owncloud runs in cli mode | 69 | * check if owncloud runs in cli mode |
70 | */ | 70 | */ |
71 | public static $CLI = false; | 71 | public static $CLI = false; |
72 | 72 | ||
73 | /** | 73 | /** |
74 | * @var \OC\Session\Session | 74 | * @var \OC\Session\Session |
75 | */ | 75 | */ |
76 | public static $session = null; | 76 | public static $session = null; |
77 | 77 | ||
78 | /** | 78 | /** |
79 | * @var \OC\Autoloader $loader | 79 | * @var \OC\Autoloader $loader |
80 | */ | 80 | */ |
81 | public static $loader = null; | 81 | public static $loader = null; |
82 | 82 | ||
83 | /** | 83 | /** |
84 | * @var \OC\Server | 84 | * @var \OC\Server |
85 | */ | 85 | */ |
86 | public static $server = null; | 86 | public static $server = null; |
87 | 87 | ||
88 | public static function initPaths() { | 88 | public static function initPaths() { |
89 | // calculate the root directories | 89 | // calculate the root directories |
90 | OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4)); | 90 | OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4)); |
91 | 91 | ||
92 | // ensure we can find OC_Config | 92 | // ensure we can find OC_Config |
93 | set_include_path( | 93 | set_include_path( |
94 | OC::$SERVERROOT . '/lib' . PATH_SEPARATOR . | 94 | OC::$SERVERROOT . '/lib' . PATH_SEPARATOR . |
95 | get_include_path() | 95 | get_include_path() |
96 | ); | 96 | ); |
97 | 97 | ||
98 | if(defined('PHPUNIT_CONFIG_DIR')) { | 98 | if(defined('PHPUNIT_CONFIG_DIR')) { |
99 | self::$configDir = OC::$SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/'; | 99 | self::$configDir = OC::$SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/'; |
100 | } elseif(defined('PHPUNIT_RUN') and PHPUNIT_RUN and is_dir(OC::$SERVERROOT . '/tests/config/')) { | 100 | } elseif(defined('PHPUNIT_RUN') and PHPUNIT_RUN and is_dir(OC::$SERVERROOT . '/tests/config/')) { |
101 | self::$configDir = OC::$SERVERROOT . '/tests/config/'; | 101 | self::$configDir = OC::$SERVERROOT . '/tests/config/'; |
102 | } else { | 102 | } else { |
103 | self::$configDir = OC::$SERVERROOT . '/config/'; | 103 | self::$configDir = OC::$SERVERROOT . '/config/'; |
104 | } | 104 | } |
105 | OC_Config::$object = new \OC\Config(self::$configDir); | 105 | OC_Config::$object = new \OC\Config(self::$configDir); |
106 | 106 | ||
107 | OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT))); | 107 | OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT))); |
108 | $scriptName = OC_Request::scriptName(); | 108 | $scriptName = OC_Request::scriptName(); |
109 | if (substr($scriptName, -1) == '/') { | 109 | if (substr($scriptName, -1) == '/') { |
110 | $scriptName .= 'index.php'; | 110 | $scriptName .= 'index.php'; |
111 | //make sure suburi follows the same rules as scriptName | 111 | //make sure suburi follows the same rules as scriptName |
112 | if (substr(OC::$SUBURI, -9) != 'index.php') { | 112 | if (substr(OC::$SUBURI, -9) != 'index.php') { |
113 | if (substr(OC::$SUBURI, -1) != '/') { | 113 | if (substr(OC::$SUBURI, -1) != '/') { |
114 | OC::$SUBURI = OC::$SUBURI . '/'; | 114 | OC::$SUBURI = OC::$SUBURI . '/'; |
115 | } | 115 | } |
116 | OC::$SUBURI = OC::$SUBURI . 'index.php'; | 116 | OC::$SUBURI = OC::$SUBURI . 'index.php'; |
117 | } | 117 | } |
118 | } | 118 | } |
119 | 119 | ||
120 | if (substr($scriptName, 0 - strlen(OC::$SUBURI)) === OC::$SUBURI) { | 120 | if (substr($scriptName, 0 - strlen(OC::$SUBURI)) === OC::$SUBURI) { |
121 | OC::$WEBROOT = substr($scriptName, 0, 0 - strlen(OC::$SUBURI)); | 121 | OC::$WEBROOT = substr($scriptName, 0, 0 - strlen(OC::$SUBURI)); |
122 | 122 | ||
123 | if (OC::$WEBROOT != '' && OC::$WEBROOT[0] !== '/') { | 123 | if (OC::$WEBROOT != '' && OC::$WEBROOT[0] !== '/') { |
124 | OC::$WEBROOT = '/' . OC::$WEBROOT; | 124 | OC::$WEBROOT = '/' . OC::$WEBROOT; |
125 | } | 125 | } |
126 | } else { | 126 | } else { |
127 | // The scriptName is not ending with OC::$SUBURI | 127 | // The scriptName is not ending with OC::$SUBURI |
128 | // This most likely means that we are calling from CLI. | 128 | // This most likely means that we are calling from CLI. |
129 | // However some cron jobs still need to generate | 129 | // However some cron jobs still need to generate |
130 | // a web URL, so we use overwritewebroot as a fallback. | 130 | // a web URL, so we use overwritewebroot as a fallback. |
131 | OC::$WEBROOT = OC_Config::getValue('overwritewebroot', ''); | 131 | OC::$WEBROOT = OC_Config::getValue('overwritewebroot', ''); |
132 | } | 132 | } |
133 | 133 | ||
134 | // search the 3rdparty folder | 134 | // search the 3rdparty folder |
135 | if (OC_Config::getValue('3rdpartyroot', '') <> '' and OC_Config::getValue('3rdpartyurl', '') <> '') { | 135 | if (OC_Config::getValue('3rdpartyroot', '') <> '' and OC_Config::getValue('3rdpartyurl', '') <> '') { |
136 | OC::$THIRDPARTYROOT = OC_Config::getValue('3rdpartyroot', ''); | 136 | OC::$THIRDPARTYROOT = OC_Config::getValue('3rdpartyroot', ''); |
137 | OC::$THIRDPARTYWEBROOT = OC_Config::getValue('3rdpartyurl', ''); | 137 | OC::$THIRDPARTYWEBROOT = OC_Config::getValue('3rdpartyurl', ''); |
138 | } elseif (file_exists(OC::$SERVERROOT . '/3rdparty')) { | 138 | } elseif (file_exists(OC::$SERVERROOT . '/3rdparty')) { |
139 | OC::$THIRDPARTYROOT = OC::$SERVERROOT; | 139 | OC::$THIRDPARTYROOT = OC::$SERVERROOT; |
140 | OC::$THIRDPARTYWEBROOT = OC::$WEBROOT; | 140 | OC::$THIRDPARTYWEBROOT = OC::$WEBROOT; |
141 | } elseif (file_exists(OC::$SERVERROOT . '/../3rdparty')) { | 141 | } elseif (file_exists(OC::$SERVERROOT . '/../3rdparty')) { |
142 | OC::$THIRDPARTYWEBROOT = rtrim(dirname(OC::$WEBROOT), '/'); | 142 | OC::$THIRDPARTYWEBROOT = rtrim(dirname(OC::$WEBROOT), '/'); |
143 | OC::$THIRDPARTYROOT = rtrim(dirname(OC::$SERVERROOT), '/'); | 143 | OC::$THIRDPARTYROOT = rtrim(dirname(OC::$SERVERROOT), '/'); |
144 | } else { | 144 | } else { |
145 | throw new Exception('3rdparty directory not found! Please put the ownCloud 3rdparty' | 145 | throw new Exception('3rdparty directory not found! Please put the ownCloud 3rdparty' |
146 | . ' folder in the ownCloud folder or the folder above.' | 146 | . ' folder in the ownCloud folder or the folder above.' |
147 | . ' You can also configure the location in the config.php file.'); | 147 | . ' You can also configure the location in the config.php file.'); |
148 | } | 148 | } |
149 | // search the apps folder | 149 | // search the apps folder |
150 | $config_paths = OC_Config::getValue('apps_paths', array()); | 150 | $config_paths = OC_Config::getValue('apps_paths', array()); |
151 | if (!empty($config_paths)) { | 151 | if (!empty($config_paths)) { |
152 | foreach ($config_paths as $paths) { | 152 | foreach ($config_paths as $paths) { |
153 | if (isset($paths['url']) && isset($paths['path'])) { | 153 | if (isset($paths['url']) && isset($paths['path'])) { |
154 | $paths['url'] = rtrim($paths['url'], '/'); | 154 | $paths['url'] = rtrim($paths['url'], '/'); |
155 | $paths['path'] = rtrim($paths['path'], '/'); | 155 | $paths['path'] = rtrim($paths['path'], '/'); |
156 | OC::$APPSROOTS[] = $paths; | 156 | OC::$APPSROOTS[] = $paths; |
157 | } | 157 | } |
158 | } | 158 | } |
159 | } elseif (file_exists(OC::$SERVERROOT . '/apps')) { | 159 | } elseif (file_exists(OC::$SERVERROOT . '/apps')) { |
160 | OC::$APPSROOTS[] = array('path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true); | 160 | OC::$APPSROOTS[] = array('path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true); |
161 | } elseif (file_exists(OC::$SERVERROOT . '/../apps')) { | 161 | } elseif (file_exists(OC::$SERVERROOT . '/../apps')) { |
162 | OC::$APPSROOTS[] = array( | 162 | OC::$APPSROOTS[] = array( |
163 | 'path' => rtrim(dirname(OC::$SERVERROOT), '/') . '/apps', | 163 | 'path' => rtrim(dirname(OC::$SERVERROOT), '/') . '/apps', |
164 | 'url' => '/apps', | 164 | 'url' => '/apps', |
165 | 'writable' => true | 165 | 'writable' => true |
166 | ); | 166 | ); |
167 | } | 167 | } |
168 | 168 | ||
169 | if (empty(OC::$APPSROOTS)) { | 169 | if (empty(OC::$APPSROOTS)) { |
170 | throw new Exception('apps directory not found! Please put the ownCloud apps folder in the ownCloud folder' | 170 | throw new Exception('apps directory not found! Please put the ownCloud apps folder in the ownCloud folder' |
171 | . ' or the folder above. You can also configure the location in the config.php file.'); | 171 | . ' or the folder above. You can also configure the location in the config.php file.'); |
172 | } | 172 | } |
173 | $paths = array(); | 173 | $paths = array(); |
174 | foreach (OC::$APPSROOTS as $path) { | 174 | foreach (OC::$APPSROOTS as $path) { |
175 | $paths[] = $path['path']; | 175 | $paths[] = $path['path']; |
176 | } | 176 | } |
177 | 177 | ||
178 | // set the right include path | 178 | // set the right include path |
179 | set_include_path( | 179 | set_include_path( |
180 | OC::$SERVERROOT . '/lib/private' . PATH_SEPARATOR . | 180 | OC::$SERVERROOT . '/lib/private' . PATH_SEPARATOR . |
181 | OC::$SERVERROOT . '/config' . PATH_SEPARATOR . | 181 | OC::$SERVERROOT . '/config' . PATH_SEPARATOR . |
182 | OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR . | 182 | OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR . |
183 | implode(PATH_SEPARATOR, $paths) . PATH_SEPARATOR . | 183 | implode(PATH_SEPARATOR, $paths) . PATH_SEPARATOR . |
184 | get_include_path() . PATH_SEPARATOR . | 184 | get_include_path() . PATH_SEPARATOR . |
185 | OC::$SERVERROOT | 185 | OC::$SERVERROOT |
186 | ); | 186 | ); |
187 | } | 187 | } |
188 | 188 | ||
189 | public static function checkConfig() { | 189 | public static function checkConfig() { |
190 | $l = OC_L10N::get('lib'); | 190 | $l = OC_L10N::get('lib'); |
191 | if (file_exists(self::$configDir . "/config.php") | 191 | if (file_exists(self::$configDir . "/config.php") |
192 | and !is_writable(self::$configDir . "/config.php") | 192 | and !is_writable(self::$configDir . "/config.php") |
193 | ) { | 193 | ) { |
194 | if (self::$CLI) { | 194 | if (self::$CLI) { |
195 | echo $l->t('Cannot write into "config" directory!')."\n"; | 195 | echo $l->t('Cannot write into "config" directory!')."\n"; |
196 | echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n"; | 196 | echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n"; |
197 | echo "\n"; | 197 | echo "\n"; |
198 | echo $l->t('See %s', array(\OC_Helper::linkToDocs('admin-dir_permissions')))."\n"; | 198 | echo $l->t('See %s', array(\OC_Helper::linkToDocs('admin-dir_permissions')))."\n"; |
199 | exit; | 199 | exit; |
200 | } else { | 200 | } else { |
201 | OC_Template::printErrorPage( | 201 | OC_Template::printErrorPage( |
202 | $l->t('Cannot write into "config" directory!'), | 202 | $l->t('Cannot write into "config" directory!'), |
203 | $l->t('This can usually be fixed by ' | 203 | $l->t('This can usually be fixed by ' |
204 | . '%sgiving the webserver write access to the config directory%s.', | 204 | . '%sgiving the webserver write access to the config directory%s.', |
205 | array('<a href="'.\OC_Helper::linkToDocs('admin-dir_permissions').'" target="_blank">', '</a>')) | 205 | array('<a href="'.\OC_Helper::linkToDocs('admin-dir_permissions').'" target="_blank">', '</a>')) |
206 | ); | 206 | ); |
207 | } | 207 | } |
208 | } | 208 | } |
209 | } | 209 | } |
210 | 210 | ||
211 | public static function checkInstalled() { | 211 | public static function checkInstalled() { |
212 | // Redirect to installer if not installed | 212 | // Redirect to installer if not installed |
213 | if (!OC_Config::getValue('installed', false) && OC::$SUBURI != '/index.php') { | 213 | if (!OC_Config::getValue('installed', false) && OC::$SUBURI != '/index.php') { |
214 | if (!OC::$CLI) { | 214 | if (!OC::$CLI) { |
215 | $url = 'http://' . $_SERVER['SERVER_NAME'] . OC::$WEBROOT . '/index.php'; | 215 | $url = 'http://' . $_SERVER['SERVER_NAME'] . OC::$WEBROOT . '/index.php'; |
216 | header("Location: $url"); | 216 | header("Location: $url"); |
217 | } | 217 | } |
218 | exit(); | 218 | exit(); |
219 | } | 219 | } |
220 | } | 220 | } |
221 | 221 | ||
222 | public static function checkSSL() { | 222 | public static function checkSSL() { |
223 | // redirect to https site if configured | 223 | // redirect to https site if configured |
224 | if (OC_Config::getValue("forcessl", false)) { | 224 | if (OC_Config::getValue("forcessl", false)) { |
225 | header('Strict-Transport-Security: max-age=31536000'); | 225 | header('Strict-Transport-Security: max-age=31536000'); |
226 | ini_set("session.cookie_secure", "on"); | 226 | ini_set("session.cookie_secure", "on"); |
227 | if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) { | 227 | if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) { |
228 | $url = "https://" . OC_Request::serverHost() . OC_Request::requestUri(); | 228 | $url = "https://" . OC_Request::serverHost() . OC_Request::requestUri(); |
229 | header("Location: $url"); | 229 | header("Location: $url"); |
230 | exit(); | 230 | exit(); |
231 | } | 231 | } |
232 | } else { | 232 | } else { |
233 | // Invalidate HSTS headers | 233 | // Invalidate HSTS headers |
234 | if (OC_Request::serverProtocol() === 'https') { | 234 | if (OC_Request::serverProtocol() === 'https') { |
235 | header('Strict-Transport-Security: max-age=0'); | 235 | header('Strict-Transport-Security: max-age=0'); |
236 | } | 236 | } |
237 | } | 237 | } |
238 | } | 238 | } |
239 | 239 | ||
240 | public static function checkMaintenanceMode() { | 240 | public static function checkMaintenanceMode() { |
241 | // Allow ajax update script to execute without being stopped | 241 | // Allow ajax update script to execute without being stopped |
242 | if (OC_Config::getValue('maintenance', false) && OC::$SUBURI != '/core/ajax/update.php') { | 242 | if (OC_Config::getValue('maintenance', false) && OC::$SUBURI != '/core/ajax/update.php') { |
243 | // send http status 503 | 243 | // send http status 503 |
244 | header('HTTP/1.1 503 Service Temporarily Unavailable'); | 244 | header('HTTP/1.1 503 Service Temporarily Unavailable'); |
245 | header('Status: 503 Service Temporarily Unavailable'); | 245 | header('Status: 503 Service Temporarily Unavailable'); |
246 | header('Retry-After: 120'); | 246 | header('Retry-After: 120'); |
247 | 247 | ||
248 | // render error page | 248 | // render error page |
249 | $tmpl = new OC_Template('', 'update.user', 'guest'); | 249 | $tmpl = new OC_Template('', 'update.user', 'guest'); |
250 | $tmpl->printPage(); | 250 | $tmpl->printPage(); |
251 | die(); | 251 | die(); |
252 | } | 252 | } |
253 | } | 253 | } |
254 | 254 | ||
255 | public static function checkSingleUserMode() { | 255 | public static function checkSingleUserMode() { |
256 | $user = OC_User::getUserSession()->getUser(); | 256 | $user = OC_User::getUserSession()->getUser(); |
257 | $group = OC_Group::getManager()->get('admin'); | 257 | $group = OC_Group::getManager()->get('admin'); |
258 | if ($user && OC_Config::getValue('singleuser', false) && !$group->inGroup($user)) { | 258 | if ($user && OC_Config::getValue('singleuser', false) && !$group->inGroup($user)) { |
259 | // send http status 503 | 259 | // send http status 503 |
260 | header('HTTP/1.1 503 Service Temporarily Unavailable'); | 260 | header('HTTP/1.1 503 Service Temporarily Unavailable'); |
261 | header('Status: 503 Service Temporarily Unavailable'); | 261 | header('Status: 503 Service Temporarily Unavailable'); |
262 | header('Retry-After: 120'); | 262 | header('Retry-After: 120'); |
263 | 263 | ||
264 | // render error page | 264 | // render error page |
265 | $tmpl = new OC_Template('', 'singleuser.user', 'guest'); | 265 | $tmpl = new OC_Template('', 'singleuser.user', 'guest'); |
266 | $tmpl->printPage(); | 266 | $tmpl->printPage(); |
267 | die(); | 267 | die(); |
268 | } | 268 | } |
269 | } | 269 | } |
270 | 270 | ||
271 | /** | 271 | /** |
272 | * check if the instance needs to preform an upgrade | 272 | * check if the instance needs to preform an upgrade |
273 | * | 273 | * |
274 | * @return bool | 274 | * @return bool |
275 | * @deprecated use \OCP\Util::needUpgrade instead | 275 | * @deprecated use \OCP\Util::needUpgrade instead |
276 | */ | 276 | */ |
277 | public static function needUpgrade() { | 277 | public static function needUpgrade() { |
278 | return \OCP\Util::needUpgrade(); | 278 | return \OCP\Util::needUpgrade(); |
279 | } | 279 | } |
280 | 280 | ||
281 | /** | 281 | /** |
282 | * Checks if the version requires an update and shows | 282 | * Checks if the version requires an update and shows |
283 | * @param bool $showTemplate Whether an update screen should get shown | 283 | * @param bool $showTemplate Whether an update screen should get shown |
284 | * @return bool|void | 284 | * @return bool|void |
285 | */ | 285 | */ |
286 | public static function checkUpgrade($showTemplate = true) { | 286 | public static function checkUpgrade($showTemplate = true) { |
287 | if (\OCP\Util::needUpgrade()) { | 287 | if (\OCP\Util::needUpgrade()) { |
288 | if ($showTemplate && !OC_Config::getValue('maintenance', false)) { | 288 | if ($showTemplate && !OC_Config::getValue('maintenance', false)) { |
289 | $version = OC_Util::getVersion(); | 289 | $version = OC_Util::getVersion(); |
290 | $oldTheme = OC_Config::getValue('theme'); | 290 | $oldTheme = OC_Config::getValue('theme'); |
291 | OC_Config::setValue('theme', ''); | 291 | OC_Config::setValue('theme', ''); |
292 | OC_Util::addScript('config'); // needed for web root | 292 | OC_Util::addScript('config'); // needed for web root |
293 | OC_Util::addScript('update'); | 293 | OC_Util::addScript('update'); |
294 | $tmpl = new OC_Template('', 'update.admin', 'guest'); | 294 | $tmpl = new OC_Template('', 'update.admin', 'guest'); |
295 | $tmpl->assign('version', OC_Util::getVersionString()); | 295 | $tmpl->assign('version', OC_Util::getVersionString()); |
296 | 296 | ||
297 | // get third party apps | 297 | // get third party apps |
298 | $apps = OC_App::getEnabledApps(); | 298 | $apps = OC_App::getEnabledApps(); |
299 | $incompatibleApps = array(); | 299 | $incompatibleApps = array(); |
300 | foreach ($apps as $appId) { | 300 | foreach ($apps as $appId) { |
301 | $info = OC_App::getAppInfo($appId); | 301 | $info = OC_App::getAppInfo($appId); |
302 | if(!OC_App::isAppCompatible($version, $info)) { | 302 | if(!OC_App::isAppCompatible($version, $info)) { |
303 | $incompatibleApps[] = $info; | 303 | $incompatibleApps[] = $info; |
304 | } | 304 | } |
305 | } | 305 | } |
306 | $tmpl->assign('appList', $incompatibleApps); | 306 | $tmpl->assign('appList', $incompatibleApps); |
307 | $tmpl->assign('productName', 'ownCloud'); // for now | 307 | $tmpl->assign('productName', 'ownCloud'); // for now |
308 | $tmpl->assign('oldTheme', $oldTheme); | 308 | $tmpl->assign('oldTheme', $oldTheme); |
309 | $tmpl->printPage(); | 309 | $tmpl->printPage(); |
310 | exit(); | 310 | exit(); |
311 | } else { | 311 | } else { |
312 | return true; | 312 | return true; |
313 | } | 313 | } |
314 | } | 314 | } |
315 | return false; | 315 | return false; |
316 | } | 316 | } |
317 | 317 | ||
318 | public static function initTemplateEngine() { | 318 | public static function initTemplateEngine() { |
319 | // Add the stuff we need always | 319 | // Add the stuff we need always |
320 | // TODO: read from core/js/core.json | 320 | // TODO: read from core/js/core.json |
321 | OC_Util::addScript("jquery-1.10.0.min"); | 321 | OC_Util::addScript("jquery-1.10.0.min"); |
322 | OC_Util::addScript("jquery-migrate-1.2.1.min"); | 322 | OC_Util::addScript("jquery-migrate-1.2.1.min"); |
323 | OC_Util::addScript("jquery-ui-1.10.0.custom"); | 323 | OC_Util::addScript("jquery-ui-1.10.0.custom"); |
324 | OC_Util::addScript("jquery-showpassword"); | 324 | OC_Util::addScript("jquery-showpassword"); |
325 | OC_Util::addScript("placeholders"); | 325 | OC_Util::addScript("placeholders"); |
326 | OC_Util::addScript("jquery-tipsy"); | 326 | OC_Util::addScript("jquery-tipsy"); |
327 | OC_Util::addScript("compatibility"); | 327 | OC_Util::addScript("compatibility"); |
328 | OC_Util::addScript("underscore"); | 328 | OC_Util::addScript("underscore"); |
329 | OC_Util::addScript("jquery.ocdialog"); | 329 | OC_Util::addScript("jquery.ocdialog"); |
330 | OC_Util::addScript("oc-dialogs"); | 330 | OC_Util::addScript("oc-dialogs"); |
331 | OC_Util::addScript("js"); | 331 | OC_Util::addScript("js"); |
332 | OC_Util::addScript("octemplate"); | 332 | OC_Util::addScript("octemplate"); |
333 | OC_Util::addScript("eventsource"); | 333 | OC_Util::addScript("eventsource"); |
334 | OC_Util::addScript("config"); | 334 | OC_Util::addScript("config"); |
335 | //OC_Util::addScript( "multiselect" ); | 335 | //OC_Util::addScript( "multiselect" ); |
336 | OC_Util::addScript('search', 'result'); | 336 | OC_Util::addScript('search', 'result'); |
337 | OC_Util::addScript("oc-requesttoken"); | 337 | OC_Util::addScript("oc-requesttoken"); |
338 | OC_Util::addScript("apps"); | 338 | OC_Util::addScript("apps"); |
339 | OC_Util::addScript("snap"); | 339 | OC_Util::addScript("snap"); |
340 | 340 | ||
341 | // avatars | 341 | // avatars |
342 | if (\OC_Config::getValue('enable_avatars', true) === true) { | 342 | if (\OC_Config::getValue('enable_avatars', true) === true) { |
343 | \OC_Util::addScript('placeholder'); | 343 | \OC_Util::addScript('placeholder'); |
344 | \OC_Util::addScript('3rdparty', 'md5/md5.min'); | 344 | \OC_Util::addScript('3rdparty', 'md5/md5.min'); |
345 | \OC_Util::addScript('jquery.avatar'); | 345 | \OC_Util::addScript('jquery.avatar'); |
346 | \OC_Util::addScript('avatar'); | 346 | \OC_Util::addScript('avatar'); |
347 | } | 347 | } |
348 | 348 | ||
349 | OC_Util::addStyle("styles"); | 349 | OC_Util::addStyle("styles"); |
350 | OC_Util::addStyle("header"); | 350 | OC_Util::addStyle("header"); |
351 | OC_Util::addStyle("mobile"); | 351 | OC_Util::addStyle("mobile"); |
352 | OC_Util::addStyle("icons"); | 352 | OC_Util::addStyle("icons"); |
353 | OC_Util::addStyle("fonts"); | 353 | OC_Util::addStyle("fonts"); |
354 | OC_Util::addStyle("apps"); | 354 | OC_Util::addStyle("apps"); |
355 | OC_Util::addStyle("fixes"); | 355 | OC_Util::addStyle("fixes"); |
356 | OC_Util::addStyle("multiselect"); | 356 | OC_Util::addStyle("multiselect"); |
357 | OC_Util::addStyle("jquery-ui-1.10.0.custom"); | 357 | OC_Util::addStyle("jquery-ui-1.10.0.custom"); |
358 | OC_Util::addStyle("jquery-tipsy"); | 358 | OC_Util::addStyle("jquery-tipsy"); |
359 | OC_Util::addStyle("jquery.ocdialog"); | 359 | OC_Util::addStyle("jquery.ocdialog"); |
360 | } | 360 | } |
361 | 361 | ||
362 | public static function initSession() { | 362 | public static function initSession() { |
363 | // prevents javascript from accessing php session cookies | 363 | // prevents javascript from accessing php session cookies |
364 | ini_set('session.cookie_httponly', '1;'); | 364 | ini_set('session.cookie_httponly', '1;'); |
365 | 365 | ||
366 | // set the cookie path to the ownCloud directory | 366 | // set the cookie path to the ownCloud directory |
367 | $cookie_path = OC::$WEBROOT ? : '/'; | 367 | $cookie_path = OC::$WEBROOT ? : '/'; |
368 | ini_set('session.cookie_path', $cookie_path); | 368 | ini_set('session.cookie_path', $cookie_path); |
369 | 369 | ||
370 | //set the session object to a dummy session so code relying on the session existing still works | 370 | //set the session object to a dummy session so code relying on the session existing still works |
371 | self::$session = new \OC\Session\Memory(''); | 371 | self::$session = new \OC\Session\Memory(''); |
372 | 372 | ||
373 | // Let the session name be changed in the initSession Hook | 373 | // Let the session name be changed in the initSession Hook |
374 | $sessionName = OC_Util::getInstanceId(); | 374 | $sessionName = OC_Util::getInstanceId(); |
375 | 375 | ||
376 | try { | 376 | try { |
377 | // Allow session apps to create a custom session object | 377 | // Allow session apps to create a custom session object |
378 | $useCustomSession = false; | 378 | $useCustomSession = false; |
379 | OC_Hook::emit('OC', 'initSession', array('session' => &self::$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession)); | 379 | OC_Hook::emit('OC', 'initSession', array('session' => &self::$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession)); |
380 | if(!$useCustomSession) { | 380 | if(!$useCustomSession) { |
381 | // set the session name to the instance id - which is unique | 381 | // set the session name to the instance id - which is unique |
382 | self::$session = new \OC\Session\Internal($sessionName); | 382 | self::$session = new \OC\Session\Internal($sessionName); |
383 | } | 383 | } |
384 | // if session cant be started break with http 500 error | 384 | // if session cant be started break with http 500 error |
385 | } catch (Exception $e) { | 385 | } catch (Exception $e) { |
386 | //show the user a detailed error page | 386 | //show the user a detailed error page |
387 | OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); | 387 | OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); |
388 | OC_Template::printExceptionErrorPage($e); | 388 | OC_Template::printExceptionErrorPage($e); |
389 | } | 389 | } |
390 | 390 | ||
391 | $sessionLifeTime = self::getSessionLifeTime(); | 391 | $sessionLifeTime = self::getSessionLifeTime(); |
392 | // regenerate session id periodically to avoid session fixation | 392 | // regenerate session id periodically to avoid session fixation |
393 | if (!self::$session->exists('SID_CREATED')) { | 393 | if (!self::$session->exists('SID_CREATED')) { |
394 | self::$session->set('SID_CREATED', time()); | 394 | self::$session->set('SID_CREATED', time()); |
395 | } else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) { | 395 | } else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) { |
396 | session_regenerate_id(true); | 396 | session_regenerate_id(true); |
397 | self::$session->set('SID_CREATED', time()); | 397 | self::$session->set('SID_CREATED', time()); |
398 | } | 398 | } |
399 | 399 | ||
400 | // session timeout | 400 | // session timeout |
401 | if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) { | 401 | if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) { |
402 | if (isset($_COOKIE[session_name()])) { | 402 | if (isset($_COOKIE[session_name()])) { |
403 | setcookie(session_name(), '', time() - 42000, $cookie_path); | 403 | setcookie(session_name(), '', time() - 42000, $cookie_path); |
404 | } | 404 | } |
405 | session_unset(); | 405 | session_unset(); |
406 | session_destroy(); | 406 | session_destroy(); |
407 | session_start(); | 407 | session_start(); |
408 | } | 408 | } |
409 | 409 | ||
410 | self::$session->set('LAST_ACTIVITY', time()); | 410 | self::$session->set('LAST_ACTIVITY', time()); |
411 | } | 411 | } |
412 | 412 | ||
413 | /** | 413 | /** |
414 | * @return string | 414 | * @return string |
415 | */ | 415 | */ |
416 | private static function getSessionLifeTime() { | 416 | private static function getSessionLifeTime() { |
417 | return OC_Config::getValue('session_lifetime', 60 * 60 * 24); | 417 | return OC_Config::getValue('session_lifetime', 60 * 60 * 24); |
418 | } | 418 | } |
419 | 419 | ||
420 | public static function loadAppClassPaths() { | 420 | public static function loadAppClassPaths() { |
421 | foreach (OC_APP::getEnabledApps() as $app) { | 421 | foreach (OC_APP::getEnabledApps() as $app) { |
422 | $file = OC_App::getAppPath($app) . '/appinfo/classpath.php'; | 422 | $file = OC_App::getAppPath($app) . '/appinfo/classpath.php'; |
423 | if (file_exists($file)) { | 423 | if (file_exists($file)) { |
424 | require_once $file; | 424 | require_once $file; |
425 | } | 425 | } |
426 | } | 426 | } |
427 | } | 427 | } |
428 | 428 | ||
429 | 429 | ||
430 | public static function init() { | 430 | public static function init() { |
431 | // register autoloader | 431 | // register autoloader |
432 | require_once __DIR__ . '/autoloader.php'; | 432 | require_once __DIR__ . '/autoloader.php'; |
433 | self::$loader = new \OC\Autoloader(); | 433 | self::$loader = new \OC\Autoloader(); |
434 | self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib'); | 434 | self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib'); |
435 | self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib'); | 435 | self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib'); |
436 | self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing'); | 436 | self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing'); |
437 | self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console'); | 437 | self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console'); |
438 | self::$loader->registerPrefix('Patchwork', '3rdparty'); | 438 | self::$loader->registerPrefix('Patchwork', '3rdparty'); |
439 | self::$loader->registerPrefix('Pimple', '3rdparty/Pimple'); | 439 | self::$loader->registerPrefix('Pimple', '3rdparty/Pimple'); |
440 | spl_autoload_register(array(self::$loader, 'load')); | 440 | spl_autoload_register(array(self::$loader, 'load')); |
441 | 441 | ||
442 | // make a dummy session available as early as possible since error pages need it | 442 | // make a dummy session available as early as possible since error pages need it |
443 | self::$session = new \OC\Session\Memory(''); | 443 | self::$session = new \OC\Session\Memory(''); |
444 | 444 | ||
445 | // set some stuff | 445 | // set some stuff |
446 | //ob_start(); | 446 | //ob_start(); |
447 | error_reporting(E_ALL | E_STRICT); | 447 | error_reporting(E_ALL | E_STRICT); |
448 | if (defined('DEBUG') && DEBUG) { | 448 | if (defined('DEBUG') && DEBUG) { |
449 | ini_set('display_errors', 1); | 449 | ini_set('display_errors', 1); |
450 | } | 450 | } |
451 | self::$CLI = (php_sapi_name() == 'cli'); | 451 | self::$CLI = (php_sapi_name() == 'cli'); |
452 | 452 | ||
453 | date_default_timezone_set('UTC'); | 453 | date_default_timezone_set('UTC'); |
454 | ini_set('arg_separator.output', '&'); | 454 | ini_set('arg_separator.output', '&'); |
455 | 455 | ||
456 | // try to switch magic quotes off. | 456 | // try to switch magic quotes off. |
457 | if (get_magic_quotes_gpc() == 1) { | 457 | if (get_magic_quotes_gpc() == 1) { |
458 | ini_set('magic_quotes_runtime', 0); | 458 | ini_set('magic_quotes_runtime', 0); |
459 | } | 459 | } |
460 | 460 | ||
461 | //try to configure php to enable big file uploads. | 461 | //try to configure php to enable big file uploads. |
462 | //this doesnยดt work always depending on the webserver and php configuration. | 462 | //this doesnยดt work always depending on the webserver and php configuration. |
463 | //Letยดs try to overwrite some defaults anyways | 463 | //Letยดs try to overwrite some defaults anyways |
464 | 464 | ||
465 | //try to set the maximum execution time to 60min | 465 | //try to set the maximum execution time to 60min |
466 | @set_time_limit(3600); | 466 | @set_time_limit(3600); |
467 | @ini_set('max_execution_time', 3600); | 467 | @ini_set('max_execution_time', 3600); |
468 | @ini_set('max_input_time', 3600); | 468 | @ini_set('max_input_time', 3600); |
469 | 469 | ||
470 | //try to set the maximum filesize to 10G | 470 | //try to set the maximum filesize to 10G |
471 | @ini_set('upload_max_filesize', '10G'); | 471 | @ini_set('upload_max_filesize', '10G'); |
472 | @ini_set('post_max_size', '10G'); | 472 | @ini_set('post_max_size', '10G'); |
473 | @ini_set('file_uploads', '50'); | 473 | @ini_set('file_uploads', '50'); |
474 | 474 | ||
475 | self::handleAuthHeaders(); | 475 | self::handleAuthHeaders(); |
476 | self::initPaths(); | 476 | self::initPaths(); |
477 | self::registerAutoloaderCache(); | 477 | self::registerAutoloaderCache(); |
478 | 478 | ||
479 | OC_Util::isSetLocaleWorking(); | 479 | OC_Util::isSetLocaleWorking(); |
480 | 480 | ||
481 | // setup 3rdparty autoloader | 481 | // setup 3rdparty autoloader |
482 | $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; | 482 | $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; |
483 | if (file_exists($vendorAutoLoad)) { | 483 | if (file_exists($vendorAutoLoad)) { |
484 | require_once $vendorAutoLoad; | 484 | require_once $vendorAutoLoad; |
485 | } | 485 | } |
486 | 486 | ||
487 | if (!defined('PHPUNIT_RUN')) { | 487 | if (!defined('PHPUNIT_RUN')) { |
488 | OC\Log\ErrorHandler::setLogger(OC_Log::$object); | 488 | OC\Log\ErrorHandler::setLogger(OC_Log::$object); |
489 | if (defined('DEBUG') and DEBUG) { | 489 | if (defined('DEBUG') and DEBUG) { |
490 | OC\Log\ErrorHandler::register(true); | 490 | OC\Log\ErrorHandler::register(true); |
491 | set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); | 491 | set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); |
492 | } else { | 492 | } else { |
493 | OC\Log\ErrorHandler::register(); | 493 | OC\Log\ErrorHandler::register(); |
494 | } | 494 | } |
495 | } | 495 | } |
496 | 496 | ||
497 | // register the stream wrappers | 497 | // register the stream wrappers |
498 | stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir'); | 498 | stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir'); |
499 | stream_wrapper_register('static', 'OC\Files\Stream\StaticStream'); | 499 | stream_wrapper_register('static', 'OC\Files\Stream\StaticStream'); |
500 | stream_wrapper_register('close', 'OC\Files\Stream\Close'); | 500 | stream_wrapper_register('close', 'OC\Files\Stream\Close'); |
501 | stream_wrapper_register('quota', 'OC\Files\Stream\Quota'); | 501 | stream_wrapper_register('quota', 'OC\Files\Stream\Quota'); |
502 | stream_wrapper_register('oc', 'OC\Files\Stream\OC'); | 502 | stream_wrapper_register('oc', 'OC\Files\Stream\OC'); |
503 | 503 | ||
504 | // setup the basic server | 504 | // setup the basic server |
505 | self::$server = new \OC\Server(); | 505 | self::$server = new \OC\Server(); |
506 | 506 | ||
507 | self::initTemplateEngine(); | 507 | self::initTemplateEngine(); |
508 | OC_App::loadApps(array('session')); | 508 | OC_App::loadApps(array('session')); |
509 | if (!self::$CLI) { | 509 | if (!self::$CLI) { |
510 | self::initSession(); | 510 | self::initSession(); |
511 | } else { | 511 | } else { |
512 | self::$session = new \OC\Session\Memory(''); | 512 | self::$session = new \OC\Session\Memory(''); |
513 | } | 513 | } |
514 | self::checkConfig(); | 514 | self::checkConfig(); |
515 | self::checkInstalled(); | 515 | self::checkInstalled(); |
516 | self::checkSSL(); | 516 | self::checkSSL(); |
517 | OC_Response::addSecurityHeaders(); | 517 | OC_Response::addSecurityHeaders(); |
518 | 518 | ||
519 | $errors = OC_Util::checkServer(); | 519 | $errors = OC_Util::checkServer(); |
520 | if (count($errors) > 0) { | 520 | if (count($errors) > 0) { |
521 | if (self::$CLI) { | 521 | if (self::$CLI) { |
522 | foreach ($errors as $error) { | 522 | foreach ($errors as $error) { |
523 | echo $error['error'] . "\n"; | 523 | echo $error['error'] . "\n"; |
524 | echo $error['hint'] . "\n\n"; | 524 | echo $error['hint'] . "\n\n"; |
525 | } | 525 | } |
526 | } else { | 526 | } else { |
527 | OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); | 527 | OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); |
528 | OC_Template::printGuestPage('', 'error', array('errors' => $errors)); | 528 | OC_Template::printGuestPage('', 'error', array('errors' => $errors)); |
529 | } | 529 | } |
530 | exit; | 530 | exit; |
531 | } | 531 | } |
532 | 532 | ||
533 | //try to set the session lifetime | 533 | //try to set the session lifetime |
534 | $sessionLifeTime = self::getSessionLifeTime(); | 534 | $sessionLifeTime = self::getSessionLifeTime(); |
535 | @ini_set('gc_maxlifetime', (string)$sessionLifeTime); | 535 | @ini_set('gc_maxlifetime', (string)$sessionLifeTime); |
536 | 536 | ||
537 | // User and Groups | 537 | // User and Groups |
538 | if (!OC_Config::getValue("installed", false)) { | 538 | if (!OC_Config::getValue("installed", false)) { |
539 | self::$session->set('user_id', ''); | 539 | self::$session->set('user_id', ''); |
540 | } | 540 | } |
541 | 541 | ||
542 | OC_User::useBackend(new OC_User_Database()); | 542 | OC_User::useBackend(new OC_User_Database()); |
543 | OC_Group::useBackend(new OC_Group_Database()); | 543 | OC_Group::useBackend(new OC_Group_Database()); |
544 | 544 | ||
545 | //setup extra user backends | 545 | //setup extra user backends |
546 | OC_User::setupBackends(); | 546 | OC_User::setupBackends(); |
547 | 547 | ||
548 | self::registerCacheHooks(); | 548 | self::registerCacheHooks(); |
549 | self::registerFilesystemHooks(); | 549 | self::registerFilesystemHooks(); |
550 | self::registerPreviewHooks(); | 550 | self::registerPreviewHooks(); |
551 | self::registerShareHooks(); | 551 | self::registerShareHooks(); |
552 | self::registerLogRotate(); | 552 | self::registerLogRotate(); |
553 | self::registerLocalAddressBook(); | 553 | self::registerLocalAddressBook(); |
554 | 554 | ||
555 | //make sure temporary files are cleaned up | 555 | //make sure temporary files are cleaned up |
556 | register_shutdown_function(array('OC_Helper', 'cleanTmp')); | 556 | register_shutdown_function(array('OC_Helper', 'cleanTmp')); |
557 | 557 | ||
558 | if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { | 558 | if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { |
559 | if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { | 559 | if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { |
560 | OC_Util::addScript('backgroundjobs'); | 560 | OC_Util::addScript('backgroundjobs'); |
561 | } | 561 | } |
562 | } | 562 | } |
563 | } | 563 | } |
564 | 564 | ||
565 | private static function registerLocalAddressBook() { | 565 | private static function registerLocalAddressBook() { |
566 | self::$server->getContactsManager()->register(function() { | 566 | self::$server->getContactsManager()->register(function() { |
567 | $userManager = \OC::$server->getUserManager(); | 567 | $userManager = \OC::$server->getUserManager(); |
568 | \OC::$server->getContactsManager()->registerAddressBook( | 568 | \OC::$server->getContactsManager()->registerAddressBook( |
569 | new \OC\Contacts\LocalAddressBook($userManager)); | 569 | new \OC\Contacts\LocalAddressBook($userManager)); |
570 | }); | 570 | }); |
571 | } | 571 | } |
572 | 572 | ||
573 | /** | 573 | /** |
574 | * register hooks for the cache | 574 | * register hooks for the cache |
575 | */ | 575 | */ |
576 | public static function registerCacheHooks() { | 576 | public static function registerCacheHooks() { |
577 | if (OC_Config::getValue('installed', false) && !\OCP\Util::needUpgrade()) { //don't try to do this before we are properly setup | 577 | if (OC_Config::getValue('installed', false) && !\OCP\Util::needUpgrade()) { //don't try to do this before we are properly setup |
578 | \OCP\BackgroundJob::registerJob('OC\Cache\FileGlobalGC'); | 578 | \OCP\BackgroundJob::registerJob('OC\Cache\FileGlobalGC'); |
579 | 579 | ||
580 | // NOTE: This will be replaced to use OCP | 580 | // NOTE: This will be replaced to use OCP |
581 | $userSession = \OC_User::getUserSession(); | 581 | $userSession = \OC_User::getUserSession(); |
582 | $userSession->listen('postLogin', '\OC\Cache\File', 'loginListener'); | 582 | $userSession->listen('postLogin', '\OC\Cache\File', 'loginListener'); |
583 | } | 583 | } |
584 | } | 584 | } |
585 | 585 | ||
586 | /** | 586 | /** |
587 | * register hooks for the cache | 587 | * register hooks for the cache |
588 | */ | 588 | */ |
589 | public static function registerLogRotate() { | 589 | public static function registerLogRotate() { |
590 | if (OC_Config::getValue('installed', false) && OC_Config::getValue('log_rotate_size', false) && !\OCP\Util::needUpgrade()) { | 590 | if (OC_Config::getValue('installed', false) && OC_Config::getValue('log_rotate_size', false) && !\OCP\Util::needUpgrade()) { |
591 | //don't try to do this before we are properly setup | 591 | //don't try to do this before we are properly setup |
592 | //use custom logfile path if defined, otherwise use default of owncloud.log in data directory | 592 | //use custom logfile path if defined, otherwise use default of owncloud.log in data directory |
593 | \OCP\BackgroundJob::registerJob('OC\Log\Rotate', OC_Config::getValue('logfile', OC_Config::getValue("datadirectory", OC::$SERVERROOT . '/data') . '/owncloud.log')); | 593 | \OCP\BackgroundJob::registerJob('OC\Log\Rotate', OC_Config::getValue('logfile', OC_Config::getValue("datadirectory", OC::$SERVERROOT . '/data') . '/owncloud.log')); |
594 | } | 594 | } |
595 | } | 595 | } |
596 | 596 | ||
597 | /** | 597 | /** |
598 | * register hooks for the filesystem | 598 | * register hooks for the filesystem |
599 | */ | 599 | */ |
600 | public static function registerFilesystemHooks() { | 600 | public static function registerFilesystemHooks() { |
601 | // Check for blacklisted files | 601 | // Check for blacklisted files |
602 | OC_Hook::connect('OC_Filesystem', 'write', 'OC\Files\Filesystem', 'isBlacklisted'); | 602 | OC_Hook::connect('OC_Filesystem', 'write', 'OC\Files\Filesystem', 'isBlacklisted'); |
603 | OC_Hook::connect('OC_Filesystem', 'rename', 'OC\Files\Filesystem', 'isBlacklisted'); | 603 | OC_Hook::connect('OC_Filesystem', 'rename', 'OC\Files\Filesystem', 'isBlacklisted'); |
604 | } | 604 | } |
605 | 605 | ||
606 | /** | 606 | /** |
607 | * register hooks for previews | 607 | * register hooks for previews |
608 | */ | 608 | */ |
609 | public static function registerPreviewHooks() { | 609 | public static function registerPreviewHooks() { |
610 | OC_Hook::connect('OC_Filesystem', 'post_write', 'OC\Preview', 'post_write'); | 610 | OC_Hook::connect('OC_Filesystem', 'post_write', 'OC\Preview', 'post_write'); |
611 | OC_Hook::connect('OC_Filesystem', 'delete', 'OC\Preview', 'prepare_delete_files'); | 611 | OC_Hook::connect('OC_Filesystem', 'delete', 'OC\Preview', 'prepare_delete_files'); |
612 | OC_Hook::connect('\OCP\Versions', 'preDelete', 'OC\Preview', 'prepare_delete'); | 612 | OC_Hook::connect('\OCP\Versions', 'preDelete', 'OC\Preview', 'prepare_delete'); |
613 | OC_Hook::connect('\OCP\Trashbin', 'preDelete', 'OC\Preview', 'prepare_delete'); | 613 | OC_Hook::connect('\OCP\Trashbin', 'preDelete', 'OC\Preview', 'prepare_delete'); |
614 | OC_Hook::connect('OC_Filesystem', 'post_delete', 'OC\Preview', 'post_delete_files'); | 614 | OC_Hook::connect('OC_Filesystem', 'post_delete', 'OC\Preview', 'post_delete_files'); |
615 | OC_Hook::connect('\OCP\Versions', 'delete', 'OC\Preview', 'post_delete'); | 615 | OC_Hook::connect('\OCP\Versions', 'delete', 'OC\Preview', 'post_delete'); |
616 | OC_Hook::connect('\OCP\Trashbin', 'delete', 'OC\Preview', 'post_delete'); | 616 | OC_Hook::connect('\OCP\Trashbin', 'delete', 'OC\Preview', 'post_delete'); |
617 | } | 617 | } |
618 | 618 | ||
619 | /** | 619 | /** |
620 | * register hooks for sharing | 620 | * register hooks for sharing |
621 | */ | 621 | */ |
622 | public static function registerShareHooks() { | 622 | public static function registerShareHooks() { |
623 | if (\OC_Config::getValue('installed')) { | 623 | if (\OC_Config::getValue('installed')) { |
624 | OC_Hook::connect('OC_User', 'post_deleteUser', 'OC\Share\Hooks', 'post_deleteUser'); | 624 | OC_Hook::connect('OC_User', 'post_deleteUser', 'OC\Share\Hooks', 'post_deleteUser'); |
625 | OC_Hook::connect('OC_User', 'post_addToGroup', 'OC\Share\Hooks', 'post_addToGroup'); | 625 | OC_Hook::connect('OC_User', 'post_addToGroup', 'OC\Share\Hooks', 'post_addToGroup'); |
626 | OC_Hook::connect('OC_User', 'post_removeFromGroup', 'OC\Share\Hooks', 'post_removeFromGroup'); | 626 | OC_Hook::connect('OC_User', 'post_removeFromGroup', 'OC\Share\Hooks', 'post_removeFromGroup'); |
627 | OC_Hook::connect('OC_User', 'post_deleteGroup', 'OC\Share\Hooks', 'post_deleteGroup'); | 627 | OC_Hook::connect('OC_User', 'post_deleteGroup', 'OC\Share\Hooks', 'post_deleteGroup'); |
628 | } | 628 | } |
629 | } | 629 | } |
630 | 630 | ||
631 | protected static function registerAutoloaderCache() { | 631 | protected static function registerAutoloaderCache() { |
632 | // The class loader takes an optional low-latency cache, which MUST be | 632 | // The class loader takes an optional low-latency cache, which MUST be |
633 | // namespaced. The instanceid is used for namespacing, but might be | 633 | // namespaced. The instanceid is used for namespacing, but might be |
634 | // unavailable at this point. Futhermore, it might not be possible to | 634 | // unavailable at this point. Futhermore, it might not be possible to |
635 | // generate an instanceid via \OC_Util::getInstanceId() because the | 635 | // generate an instanceid via \OC_Util::getInstanceId() because the |
636 | // config file may not be writable. As such, we only register a class | 636 | // config file may not be writable. As such, we only register a class |
637 | // loader cache if instanceid is available without trying to create one. | 637 | // loader cache if instanceid is available without trying to create one. |
638 | $instanceId = OC_Config::getValue('instanceid', null); | 638 | $instanceId = OC_Config::getValue('instanceid', null); |
639 | if ($instanceId) { | 639 | if ($instanceId) { |
640 | try { | 640 | try { |
641 | $memcacheFactory = new \OC\Memcache\Factory($instanceId); | 641 | $memcacheFactory = new \OC\Memcache\Factory($instanceId); |
642 | self::$loader->setMemoryCache($memcacheFactory->createLowLatency('Autoloader')); | 642 | self::$loader->setMemoryCache($memcacheFactory->createLowLatency('Autoloader')); |
643 | } catch (\Exception $ex) { | 643 | } catch (\Exception $ex) { |
644 | } | 644 | } |
645 | } | 645 | } |
646 | } | 646 | } |
647 | 647 | ||
648 | /** | 648 | /** |
649 | * Handle the request | 649 | * Handle the request |
650 | */ | 650 | */ |
651 | public static function handleRequest() { | 651 | public static function handleRequest() { |
652 | $l = \OC_L10N::get('lib'); | 652 | $l = \OC_L10N::get('lib'); |
653 | // load all the classpaths from the enabled apps so they are available | 653 | // load all the classpaths from the enabled apps so they are available |
654 | // in the routing files of each app | 654 | // in the routing files of each app |
655 | OC::loadAppClassPaths(); | 655 | OC::loadAppClassPaths(); |
656 | 656 | ||
657 | // Check if ownCloud is installed or in maintenance (update) mode | 657 | // Check if ownCloud is installed or in maintenance (update) mode |
658 | if (!OC_Config::getValue('installed', false)) { | 658 | if (!OC_Config::getValue('installed', false)) { |
659 | $controller = new OC\Core\Setup\Controller(); | 659 | $controller = new OC\Core\Setup\Controller(); |
660 | $controller->run($_POST); | 660 | $controller->run($_POST); |
661 | exit(); | 661 | exit(); |
662 | } | 662 | } |
663 | 663 | ||
664 | $host = OC_Request::insecureServerHost(); | 664 | $host = OC_Request::insecureServerHost(); |
665 | // if the host passed in headers isn't trusted | 665 | // if the host passed in headers isn't trusted |
666 | if (!OC::$CLI | 666 | if (!OC::$CLI |
667 | // overwritehost is always trusted | 667 | // overwritehost is always trusted |
668 | && OC_Request::getOverwriteHost() === null | 668 | && OC_Request::getOverwriteHost() === null |
669 | && !OC_Request::isTrustedDomain($host)) { | 669 | && !OC_Request::isTrustedDomain($host)) { |
670 | 670 | ||
671 | header('HTTP/1.1 400 Bad Request'); | 671 | header('HTTP/1.1 400 Bad Request'); |
672 | header('Status: 400 Bad Request'); | 672 | header('Status: 400 Bad Request'); |
673 | $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); | 673 | $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); |
674 | $tmpl->assign('domain', $_SERVER['SERVER_NAME']); | 674 | $tmpl->assign('domain', $_SERVER['SERVER_NAME']); |
675 | $tmpl->printPage(); | 675 | $tmpl->printPage(); |
676 | return; | 676 | return; |
677 | } | 677 | } |
678 | 678 | ||
679 | $request = OC_Request::getPathInfo(); | 679 | $request = OC_Request::getPathInfo(); |
680 | if (substr($request, -3) !== '.js') { // we need these files during the upgrade | 680 | if (substr($request, -3) !== '.js') { // we need these files during the upgrade |
681 | self::checkMaintenanceMode(); | 681 | self::checkMaintenanceMode(); |
682 | self::checkUpgrade(); | 682 | self::checkUpgrade(); |
683 | } | 683 | } |
684 | 684 | ||
685 | if (!OC_User::isLoggedIn()) { | 685 | if (!OC_User::isLoggedIn()) { |
686 | // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP | 686 | // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP |
687 | if (!OC_Config::getValue('maintenance', false) && !self::checkUpgrade(false)) { | 687 | if (!OC_Config::getValue('maintenance', false) && !self::checkUpgrade(false)) { |
688 | OC_App::loadApps(array('authentication')); | 688 | OC_App::loadApps(array('authentication')); |
689 | } | 689 | } |
690 | OC::tryBasicAuthLogin(); | 690 | OC::tryBasicAuthLogin(); |
691 | } | 691 | } |
692 | 692 | ||
693 | 693 | ||
694 | if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { | 694 | if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { |
695 | try { | 695 | try { |
696 | if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) { | 696 | if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) { |
697 | OC_App::loadApps(array('authentication')); | 697 | OC_App::loadApps(array('authentication')); |
698 | OC_App::loadApps(array('filesystem', 'logging')); | 698 | OC_App::loadApps(array('filesystem', 'logging')); |
699 | OC_App::loadApps(); | 699 | OC_App::loadApps(); |
700 | } | 700 | } |
701 | self::checkSingleUserMode(); | 701 | self::checkSingleUserMode(); |
702 | OC::$server->getRouter()->match(OC_Request::getRawPathInfo()); | 702 | OC::$server->getRouter()->match(OC_Request::getRawPathInfo()); |
703 | return; | 703 | return; |
704 | } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { | 704 | } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { |
705 | //header('HTTP/1.0 404 Not Found'); | 705 | //header('HTTP/1.0 404 Not Found'); |
706 | } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { | 706 | } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { |
707 | OC_Response::setStatus(405); | 707 | OC_Response::setStatus(405); |
708 | return; | 708 | return; |
709 | } | 709 | } |
710 | } | 710 | } |
711 | 711 | ||
712 | // Load minimum set of apps | 712 | // Load minimum set of apps |
713 | if (!self::checkUpgrade(false)) { | 713 | if (!self::checkUpgrade(false)) { |
714 | // For logged-in users: Load everything | 714 | // For logged-in users: Load everything |
715 | if(OC_User::isLoggedIn()) { | 715 | if(OC_User::isLoggedIn()) { |
716 | OC_App::loadApps(); | 716 | OC_App::loadApps(); |
717 | } else { | 717 | } else { |
718 | // For guests: Load only authentication, filesystem and logging | 718 | // For guests: Load only authentication, filesystem and logging |
719 | OC_App::loadApps(array('authentication')); | 719 | OC_App::loadApps(array('authentication')); |
720 | OC_App::loadApps(array('filesystem', 'logging')); | 720 | OC_App::loadApps(array('filesystem', 'logging')); |
721 | } | 721 | } |
722 | } | 722 | } |
723 | 723 | ||
724 | // Handle redirect URL for logged in users | 724 | // Handle redirect URL for logged in users |
725 | if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { | 725 | if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { |
726 | $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); | 726 | $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); |
727 | 727 | ||
728 | // Deny the redirect if the URL contains a @ | 728 | // Deny the redirect if the URL contains a @ |
729 | // This prevents unvalidated redirects like ?redirect_url=:user@domain.com | 729 | // This prevents unvalidated redirects like ?redirect_url=:user@domain.com |
730 | if (strpos($location, '@') === false) { | 730 | if (strpos($location, '@') === false) { |
731 | header('Location: ' . $location); | 731 | header('Location: ' . $location); |
732 | return; | 732 | return; |
733 | } | 733 | } |
734 | } | 734 | } |
735 | // Handle WebDAV | 735 | // Handle WebDAV |
736 | if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { | 736 | if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { |
737 | // not allowed any more to prevent people | 737 | // not allowed any more to prevent people |
738 | // mounting this root directly. | 738 | // mounting this root directly. |
739 | // Users need to mount remote.php/webdav instead. | 739 | // Users need to mount remote.php/webdav instead. |
740 | header('HTTP/1.1 405 Method Not Allowed'); | 740 | header('HTTP/1.1 405 Method Not Allowed'); |
741 | header('Status: 405 Method Not Allowed'); | 741 | header('Status: 405 Method Not Allowed'); |
742 | return; | 742 | return; |
743 | } | 743 | } |
744 | 744 | ||
745 | // Redirect to index if the logout link is accessed without valid session | 745 | // Redirect to index if the logout link is accessed without valid session |
746 | // this is needed to prevent "Token expired" messages while login if a session is expired | 746 | // this is needed to prevent "Token expired" messages while login if a session is expired |
747 | // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 | 747 | // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 |
748 | if(isset($_GET['logout']) && !OC_User::isLoggedIn()) { | 748 | if(isset($_GET['logout']) && !OC_User::isLoggedIn()) { |
749 | header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); | 749 | header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); |
750 | return; | 750 | return; |
751 | } | 751 | } |
752 | 752 | ||
753 | // Someone is logged in | 753 | // Someone is logged in |
754 | if (OC_User::isLoggedIn()) { | 754 | if (OC_User::isLoggedIn()) { |
755 | OC_App::loadApps(); | 755 | OC_App::loadApps(); |
756 | OC_User::setupBackends(); | 756 | OC_User::setupBackends(); |
757 | if (isset($_GET["logout"]) and ($_GET["logout"])) { | 757 | if (isset($_GET["logout"]) and ($_GET["logout"])) { |
758 | OC_JSON::callCheck(); | 758 | OC_JSON::callCheck(); |
759 | if (isset($_COOKIE['oc_token'])) { | 759 | if (isset($_COOKIE['oc_token'])) { |
760 | OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); | 760 | OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); |
761 | } | 761 | } |
762 | if (isset($_SERVER['PHP_AUTH_USER'])) { | 762 | if (isset($_SERVER['PHP_AUTH_USER'])) { |
763 | if (isset($_COOKIE['oc_ignore_php_auth_user'])) { | 763 | if (isset($_COOKIE['oc_ignore_php_auth_user'])) { |
764 | // Ignore HTTP Authentication for 5 more mintues. | 764 | // Ignore HTTP Authentication for 5 more mintues. |
765 | setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); | 765 | setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); |
766 | } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { | 766 | } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { |
767 | // Ignore HTTP Authentication to allow a different user to log in. | 767 | // Ignore HTTP Authentication to allow a different user to log in. |
768 | setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); | 768 | setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); |
769 | } | 769 | } |
770 | } | 770 | } |
771 | OC_User::logout(); | 771 | OC_User::logout(); |
772 | // redirect to webroot and add slash if webroot is empty | 772 | // redirect to webroot and add slash if webroot is empty |
773 | header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); | 773 | header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); |
774 | } else { | 774 | } else { |
775 | // Redirect to default application | 775 | // Redirect to default application |
776 | OC_Util::redirectToDefaultPage(); | 776 | OC_Util::redirectToDefaultPage(); |
777 | } | 777 | } |
778 | } else { | 778 | } else { |
779 | // Not handled and not logged in | 779 | // Not handled and not logged in |
780 | self::handleLogin(); | 780 | self::handleLogin(); |
781 | } | 781 | } |
782 | } | 782 | } |
783 | 783 | ||
784 | /** | 784 | /** |
785 | * Load a PHP file belonging to the specified application | 785 | * Load a PHP file belonging to the specified application |
786 | * @param array $param The application and file to load | 786 | * @param array $param The application and file to load |
787 | * @return bool Whether the file has been found (will return 404 and false if not) | 787 | * @return bool Whether the file has been found (will return 404 and false if not) |
788 | * @deprecated This function will be removed in ownCloud 8 - use proper routing instead | 788 | * @deprecated This function will be removed in ownCloud 8 - use proper routing instead |
789 | * @param $param | 789 | * @param $param |
790 | * @return bool Whether the file has been found (will return 404 and false if not) | 790 | * @return bool Whether the file has been found (will return 404 and false if not) |
791 | */ | 791 | */ |
792 | public static function loadAppScriptFile($param) { | 792 | public static function loadAppScriptFile($param) { |
793 | OC_App::loadApps(); | 793 | OC_App::loadApps(); |
794 | $app = $param['app']; | 794 | $app = $param['app']; |
795 | $file = $param['file']; | 795 | $file = $param['file']; |
796 | $app_path = OC_App::getAppPath($app); | 796 | $app_path = OC_App::getAppPath($app); |
797 | $file = $app_path . '/' . $file; | 797 | $file = $app_path . '/' . $file; |
798 | 798 | ||
799 | if (OC_App::isEnabled($app) && $app_path !== false && OC_Helper::issubdirectory($file, $app_path)) { | 799 | if (OC_App::isEnabled($app) && $app_path !== false && OC_Helper::issubdirectory($file, $app_path)) { |
800 | unset($app, $app_path); | 800 | unset($app, $app_path); |
801 | if (file_exists($file)) { | 801 | if (file_exists($file)) { |
802 | require_once $file; | 802 | require_once $file; |
803 | return true; | 803 | return true; |
804 | } | 804 | } |
805 | } | 805 | } |
806 | header('HTTP/1.0 404 Not Found'); | 806 | header('HTTP/1.0 404 Not Found'); |
807 | return false; | 807 | return false; |
808 | } | 808 | } |
809 | 809 | ||
810 | protected static function handleAuthHeaders() { | 810 | protected static function handleAuthHeaders() { |
811 | //copy http auth headers for apache+php-fcgid work around | 811 | //copy http auth headers for apache+php-fcgid work around |
812 | if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { | 812 | if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { |
813 | $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; | 813 | $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; |
814 | } | 814 | } |
815 | 815 | ||
816 | // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary. | 816 | // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary. |
817 | $vars = array( | 817 | $vars = array( |
818 | 'HTTP_AUTHORIZATION', // apache+php-cgi work around | 818 | 'HTTP_AUTHORIZATION', // apache+php-cgi work around |
819 | 'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative | 819 | 'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative |
820 | ); | 820 | ); |
821 | foreach ($vars as $var) { | 821 | foreach ($vars as $var) { |
822 | if (isset($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) { | 822 | if (isset($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) { |
823 | list($name, $password) = explode(':', base64_decode($matches[1]), 2); | 823 | list($name, $password) = explode(':', base64_decode($matches[1]), 2); |
824 | $_SERVER['PHP_AUTH_USER'] = $name; | 824 | $_SERVER['PHP_AUTH_USER'] = $name; |
825 | $_SERVER['PHP_AUTH_PW'] = $password; | 825 | $_SERVER['PHP_AUTH_PW'] = $password; |
826 | break; | 826 | break; |
827 | } | 827 | } |
828 | } | 828 | } |
829 | } | 829 | } |
830 | 830 | ||
831 | protected static function handleLogin() { | 831 | protected static function handleLogin() { |
832 | OC_App::loadApps(array('prelogin')); | 832 | OC_App::loadApps(array('prelogin')); |
833 | $error = array(); | 833 | $error = array(); |
834 | 834 | ||
835 | // auth possible via apache module? | 835 | // auth possible via apache module? |
836 | if (OC::tryApacheAuth()) { | 836 | if (OC::tryApacheAuth()) { |
837 | $error[] = 'apacheauthfailed'; | 837 | $error[] = 'apacheauthfailed'; |
838 | } // remember was checked after last login | 838 | } // remember was checked after last login |
839 | elseif (OC::tryRememberLogin()) { | 839 | elseif (OC::tryRememberLogin()) { |
840 | $error[] = 'invalidcookie'; | 840 | $error[] = 'invalidcookie'; |
841 | } // logon via web form | 841 | } // logon via web form |
842 | elseif (OC::tryFormLogin()) { | 842 | elseif (OC::tryFormLogin()) { |
843 | $error[] = 'invalidpassword'; | 843 | $error[] = 'invalidpassword'; |
844 | } | 844 | } |
845 | 845 | ||
846 | OC_Util::displayLoginPage(array_unique($error)); | 846 | OC_Util::displayLoginPage(array_unique($error)); |
847 | } | 847 | } |
848 | 848 | ||
849 | /** | 849 | /** |
850 | * Remove outdated and therefore invalid tokens for a user | 850 | * Remove outdated and therefore invalid tokens for a user |
851 | * @param string $user | 851 | * @param string $user |
852 | */ | 852 | */ |
853 | protected static function cleanupLoginTokens($user) { | 853 | protected static function cleanupLoginTokens($user) { |
854 | $cutoff = time() - OC_Config::getValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); | 854 | $cutoff = time() - OC_Config::getValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); |
855 | $tokens = OC_Preferences::getKeys($user, 'login_token'); | 855 | $tokens = OC_Preferences::getKeys($user, 'login_token'); |
856 | foreach ($tokens as $token) { | 856 | foreach ($tokens as $token) { |
857 | $time = OC_Preferences::getValue($user, 'login_token', $token); | 857 | $time = OC_Preferences::getValue($user, 'login_token', $token); |
858 | if ($time < $cutoff) { | 858 | if ($time < $cutoff) { |
859 | OC_Preferences::deleteKey($user, 'login_token', $token); | 859 | OC_Preferences::deleteKey($user, 'login_token', $token); |
860 | } | 860 | } |
861 | } | 861 | } |
862 | } | 862 | } |
863 | 863 | ||
864 | /** | 864 | /** |
865 | * Try to login a user via HTTP authentication | 865 | * Try to login a user via HTTP authentication |
866 | * @return bool|void | 866 | * @return bool|void |
867 | */ | 867 | */ |
868 | protected static function tryApacheAuth() { | 868 | protected static function tryApacheAuth() { |
869 | $return = OC_User::handleApacheAuth(); | 869 | $return = OC_User::handleApacheAuth(); |
870 | 870 | ||
871 | // if return is true we are logged in -> redirect to the default page | 871 | // if return is true we are logged in -> redirect to the default page |
872 | if ($return === true) { | 872 | if ($return === true) { |
873 | $_REQUEST['redirect_url'] = \OC_Request::requestUri(); | 873 | $_REQUEST['redirect_url'] = \OC_Request::requestUri(); |
874 | OC_Util::redirectToDefaultPage(); | 874 | OC_Util::redirectToDefaultPage(); |
875 | exit; | 875 | exit; |
876 | } | 876 | } |
877 | 877 | ||
878 | // in case $return is null apache based auth is not enabled | 878 | // in case $return is null apache based auth is not enabled |
879 | return is_null($return) ? false : true; | 879 | return is_null($return) ? false : true; |
880 | } | 880 | } |
881 | 881 | ||
882 | /** | 882 | /** |
883 | * Try to login a user using the remember me cookie. | 883 | * Try to login a user using the remember me cookie. |
884 | * @return bool Whether the provided cookie was valid | 884 | * @return bool Whether the provided cookie was valid |
885 | */ | 885 | */ |
886 | protected static function tryRememberLogin() { | 886 | protected static function tryRememberLogin() { |
887 | if (!isset($_COOKIE["oc_remember_login"]) | 887 | if (!isset($_COOKIE["oc_remember_login"]) |
888 | || !isset($_COOKIE["oc_token"]) | 888 | || !isset($_COOKIE["oc_token"]) |
889 | || !isset($_COOKIE["oc_username"]) | 889 | || !isset($_COOKIE["oc_username"]) |
890 | || !$_COOKIE["oc_remember_login"] | 890 | || !$_COOKIE["oc_remember_login"] |
891 | || !OC_Util::rememberLoginAllowed() | 891 | || !OC_Util::rememberLoginAllowed() |
892 | ) { | 892 | ) { |
893 | return false; | 893 | return false; |
894 | } | 894 | } |
895 | 895 | ||
896 | if (defined("DEBUG") && DEBUG) { | 896 | if (defined("DEBUG") && DEBUG) { |
897 | OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG); | 897 | OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG); |
898 | } | 898 | } |
899 | 899 | ||
900 | if(OC_User::userExists($_COOKIE['oc_username'])) { | 900 | if(OC_User::userExists($_COOKIE['oc_username'])) { |
901 | self::cleanupLoginTokens($_COOKIE['oc_username']); | 901 | self::cleanupLoginTokens($_COOKIE['oc_username']); |
902 | // verify whether the supplied "remember me" token was valid | 902 | // verify whether the supplied "remember me" token was valid |
903 | $granted = OC_User::loginWithCookie( | 903 | $granted = OC_User::loginWithCookie( |
904 | $_COOKIE['oc_username'], $_COOKIE['oc_token']); | 904 | $_COOKIE['oc_username'], $_COOKIE['oc_token']); |
905 | if($granted === true) { | 905 | if($granted === true) { |
906 | OC_Util::redirectToDefaultPage(); | 906 | OC_Util::redirectToDefaultPage(); |
907 | // doesn't return | 907 | // doesn't return |
908 | } | 908 | } |
909 | OC_Log::write('core', 'Authentication cookie rejected for user ' . | 909 | OC_Log::write('core', 'Authentication cookie rejected for user ' . |
910 | $_COOKIE['oc_username'], OC_Log::WARN); | 910 | $_COOKIE['oc_username'], OC_Log::WARN); |
911 | // if you reach this point you have changed your password | 911 | // if you reach this point you have changed your password |
912 | // or you are an attacker | 912 | // or you are an attacker |
913 | // we can not delete tokens here because users may reach | 913 | // we can not delete tokens here because users may reach |
914 | // this point multiple times after a password change | 914 | // this point multiple times after a password change |
915 | } | 915 | } |
916 | 916 | ||
917 | OC_User::unsetMagicInCookie(); | 917 | OC_User::unsetMagicInCookie(); |
918 | return true; | 918 | return true; |
919 | } | 919 | } |
920 | 920 | ||
921 | /** | 921 | /** |
922 | * Tries to login a user using the formbased authentication | 922 | * Tries to login a user using the formbased authentication |
923 | * @return bool|void | 923 | * @return bool|void |
924 | */ | 924 | */ |
925 | protected static function tryFormLogin() { | 925 | protected static function tryFormLogin() { |
926 | if (!isset($_POST["user"]) || !isset($_POST['password'])) { | 926 | if (!isset($_POST["user"]) || !isset($_POST['password'])) { |
927 | return false; | 927 | return false; |
928 | } | 928 | } |
929 | 929 | ||
930 | OC_JSON::callCheck(); | 930 | OC_JSON::callCheck(); |
931 | OC_App::loadApps(); | 931 | OC_App::loadApps(); |
932 | 932 | ||
933 | //setup extra user backends | 933 | //setup extra user backends |
934 | OC_User::setupBackends(); | 934 | OC_User::setupBackends(); |
935 | 935 | ||
936 | if (OC_User::login($_POST["user"], $_POST["password"])) { | 936 | if (OC_User::login($_POST["user"], $_POST["password"])) { |
937 | // setting up the time zone | 937 | // setting up the time zone |
938 | if (isset($_POST['timezone-offset'])) { | 938 | if (isset($_POST['timezone-offset'])) { |
939 | self::$session->set('timezone', $_POST['timezone-offset']); | 939 | self::$session->set('timezone', $_POST['timezone-offset']); |
940 | } | 940 | } |
941 | 941 | ||
942 | $userid = OC_User::getUser(); | 942 | $userid = OC_User::getUser(); |
943 | self::cleanupLoginTokens($userid); | 943 | self::cleanupLoginTokens($userid); |
944 | if (!empty($_POST["remember_login"])) { | 944 | if (!empty($_POST["remember_login"])) { |
945 | if (defined("DEBUG") && DEBUG) { | 945 | if (defined("DEBUG") && DEBUG) { |
946 | OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); | 946 | OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); |
947 | } | 947 | } |
948 | $token = OC_Util::generateRandomBytes(32); | 948 | $token = OC_Util::generateRandomBytes(32); |
949 | OC_Preferences::setValue($userid, 'login_token', $token, time()); | 949 | OC_Preferences::setValue($userid, 'login_token', $token, time()); |
950 | OC_User::setMagicInCookie($userid, $token); | 950 | OC_User::setMagicInCookie($userid, $token); |
951 | } else { | 951 | } else { |
952 | OC_User::unsetMagicInCookie(); | 952 | OC_User::unsetMagicInCookie(); |
953 | } | 953 | } |
954 | OC_Util::redirectToDefaultPage(); | 954 | OC_Util::redirectToDefaultPage(); |
955 | exit(); | 955 | exit(); |
956 | } | 956 | } |
957 | return true; | 957 | return true; |
958 | } | 958 | } |
959 | 959 | ||
960 | /** | 960 | /** |
961 | * Try to login a user using HTTP authentication. | 961 | * Try to login a user using HTTP authentication. |
962 | * @return bool | 962 | * @return bool |
963 | */ | 963 | */ |
964 | protected static function tryBasicAuthLogin() { | 964 | protected static function tryBasicAuthLogin() { |
965 | if (!isset($_SERVER["PHP_AUTH_USER"]) | 965 | if (!isset($_SERVER["PHP_AUTH_USER"]) |
966 | || !isset($_SERVER["PHP_AUTH_PW"]) | 966 | || !isset($_SERVER["PHP_AUTH_PW"]) |
967 | || (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) | 967 | || (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) |
968 | ) { | 968 | ) { |
969 | return false; | 969 | return false; |
970 | } | 970 | } |
971 | 971 | ||
972 | if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { | 972 | if (!OC_User::isLoggedIn()) { |
973 | //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG); | 973 | if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { |
974 | OC_User::unsetMagicInCookie(); | 974 | //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG); |
975 | $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister(); | 975 | OC_User::unsetMagicInCookie(); |
976 | $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister(); | ||
977 | } | ||
976 | } | 978 | } |
977 | return true; | 979 | return true; |
978 | } | 980 | } |
979 | 981 | ||
980 | } | 982 | } |
981 | 983 | ||
982 | if (!function_exists('get_temp_dir')) { | 984 | if (!function_exists('get_temp_dir')) { |
983 | /** | 985 | /** |
984 | * Get the temporary dir to store uploaded data | 986 | * Get the temporary dir to store uploaded data |
985 | * @return null|string Path to the temporary directory or null | 987 | * @return null|string Path to the temporary directory or null |
986 | */ | 988 | */ |
987 | function get_temp_dir() { | 989 | function get_temp_dir() { |
988 | if ($temp = ini_get('upload_tmp_dir')) return $temp; | 990 | if ($temp = ini_get('upload_tmp_dir')) return $temp; |
989 | if ($temp = getenv('TMP')) return $temp; | 991 | if ($temp = getenv('TMP')) return $temp; |
990 | if ($temp = getenv('TEMP')) return $temp; | 992 | if ($temp = getenv('TEMP')) return $temp; |
991 | if ($temp = getenv('TMPDIR')) return $temp; | 993 | if ($temp = getenv('TMPDIR')) return $temp; |
992 | $temp = tempnam(__FILE__, ''); | 994 | $temp = tempnam(__FILE__, ''); |
993 | if (file_exists($temp)) { | 995 | if (file_exists($temp)) { |
994 | unlink($temp); | 996 | unlink($temp); |
995 | return dirname($temp); | 997 | return dirname($temp); |
996 | } | 998 | } |
997 | if ($temp = sys_get_temp_dir()) return $temp; | 999 | if ($temp = sys_get_temp_dir()) return $temp; |
998 | 1000 | ||
999 | return null; | 1001 | return null; |
1000 | } | 1002 | } |
1001 | } | 1003 | } |
1002 | 1004 | ||
1003 | OC::init(); | 1005 | OC::init(); |
1004 | 1006 |