public function __construct()
{
$baseUrl = OC_Helper::linkTo('', 'index.php');
$method = $_SERVER['REQUEST_METHOD'];
$host = OC_Request::serverHost();
$schema = OC_Request::serverProtocol();
$this->context = new RequestContext($baseUrl, $method, $host, $schema);
// TODO cache
$this->root = $this->getCollection('root');
}
/**
* runs the update actions in maintenance mode, does not upgrade the source files
* except the main .htaccess file
*
* @param string $currentVersion current version to upgrade to
* @param string $installedVersion previous version from which to upgrade from
*
* @throws \Exception
* @return bool true if the operation succeeded, false otherwise
*/
private function doUpgrade($currentVersion, $installedVersion)
{
// Stop update if the update is over several major versions
if (!self::isUpgradePossible($installedVersion, $currentVersion)) {
throw new \Exception('Updates between multiple major versions are unsupported.');
}
// Update htaccess files for apache hosts
if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
\OC_Setup::updateHtaccess();
}
// create empty file in data dir, so we can later find
// out that this is indeed an ownCloud data directory
// (in case it didn't exist before)
file_put_contents(\OC_Config::getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/.ocdata', '');
/*
* START CONFIG CHANGES FOR OLDER VERSIONS
*/
if (!\OC::$CLI && version_compare($installedVersion, '6.90.1', '<')) {
// Add the trusted_domains config if it is not existant
// This is added to prevent host header poisoning
\OC_Config::setValue('trusted_domains', \OC_Config::getValue('trusted_domains', array(\OC_Request::serverHost())));
}
/*
* STOP CONFIG CHANGES FOR OLDER VERSIONS
*/
// pre-upgrade repairs
$repair = new \OC\Repair(\OC\Repair::getBeforeUpgradeRepairSteps());
$repair->run();
// simulate DB upgrade
if ($this->simulateStepEnabled) {
$this->checkCoreUpgrade();
// simulate apps DB upgrade
$this->checkAppUpgrade($currentVersion);
}
// upgrade from OC6 to OC7
// TODO removed it again for OC8
$sharePolicy = \OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global');
if ($sharePolicy === 'groups_only') {
\OC_Appconfig::setValue('core', 'shareapi_only_share_with_group_members', 'yes');
}
if ($this->updateStepEnabled) {
$this->doCoreUpgrade();
$disabledApps = \OC_App::checkAppsRequirements();
if (!empty($disabledApps)) {
$this->emit('\\OC\\Updater', 'disabledApps', array($disabledApps));
}
$this->doAppUpgrade();
// post-upgrade repairs
$repair = new \OC\Repair(\OC\Repair::getRepairSteps());
$repair->run();
//Invalidate update feed
\OC_Appconfig::setValue('core', 'lastupdatedat', 0);
// only set the final version if everything went well
\OC_Config::setValue('version', implode('.', \OC_Util::getVersion()));
}
}
public function testServerHost()
{
OC_Config::deleteKey('overwritecondaddr');
OC_Config::setValue('overwritehost', 'overwritten.host:8080');
OC_Config::setValue('trusted_domains', array('trusted.host:8080', 'second.trusted.host:8080'));
$_SERVER['HTTP_HOST'] = 'trusted.host:8080';
// CLI always gives localhost
$oldCLI = OC::$CLI;
OC::$CLI = true;
$host = OC_Request::serverHost();
$this->assertEquals('localhost', $host);
OC::$CLI = false;
// overwritehost overrides trusted domain
$host = OC_Request::serverHost();
$this->assertEquals('overwritten.host:8080', $host);
// trusted domain returned when used
OC_Config::deleteKey('overwritehost');
$host = OC_Request::serverHost();
$this->assertEquals('trusted.host:8080', $host);
// trusted domain returned when untrusted one in header
$_SERVER['HTTP_HOST'] = 'untrusted.host:8080';
OC_Config::deleteKey('overwritehost');
$host = OC_Request::serverHost();
$this->assertEquals('trusted.host:8080', $host);
// clean up
OC_Config::deleteKey('overwritecondaddr');
OC_Config::deleteKey('overwritehost');
unset($_SERVER['HTTP_HOST']);
OC::$CLI = $oldCLI;
}
public static function checkSSL()
{
// redirect to https site if configured
if (OC_Config::getValue("forcessl", false)) {
header('Strict-Transport-Security: max-age=31536000');
ini_set("session.cookie_secure", "on");
if (OC_Request::serverProtocol() != 'https' and !OC::$CLI) {
$url = "https://" . OC_Request::serverHost() . OC_Request::requestUri();
header("Location: {$url}");
exit;
}
} else {
// Invalidate HSTS headers
if (OC_Request::serverProtocol() === 'https') {
header('Strict-Transport-Security: max-age=0');
}
}
}
public static function checkSSL() {
// redirect to https site if configured
if (\OC::$server->getSystemConfig()->getValue('forcessl', false)) {
// Default HSTS policy
$header = 'Strict-Transport-Security: max-age=31536000';
// If SSL for subdomains is enabled add "; includeSubDomains" to the header
if(\OC::$server->getSystemConfig()->getValue('forceSSLforSubdomains', false)) {
$header .= '; includeSubDomains';
}
header($header);
ini_set('session.cookie_secure', 'on');
if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) {
$url = 'https://' . OC_Request::serverHost() . OC_Request::requestUri();
header("Location: $url");
exit();
}
} else {
// Invalidate HSTS headers
if (OC_Request::serverProtocol() === 'https') {
header('Strict-Transport-Security: max-age=0');
}
}
}
/**
* Refreshs the roundcube HTTP session
* @return boolean true if refresh was successfull, otherwise false
*/
public static function refresh()
{
try {
OCP\Util::writeLog('roundcube', 'OC_RoundCube_AuthHelper.class.php->refresh(): Preparing refresh for roundcube', OCP\Util::DEBUG);
$maildir = OCP\Config::getAppValue('roundcube', 'maildir', '');
$rc_host = OCP\Config::getAppValue('roundcube', 'rcHost', '');
if ($rc_host == '') {
$rc_host = OC_Request::serverHost();
}
$rc_port = OCP\Config::getAppValue('roundcube', 'rcPort', '');
OC_RoundCube_App::refresh($rc_host, $rc_port, $maildir);
OCP\Util::writeLog('roundcube', 'OC_RoundCube_AuthHelper.class.php->refresh(): Finished refresh for roundcube', OCP\Util::DEBUG);
return true;
} catch (Exception $e) {
// We got an exception during login/refresh
OCP\Util::writeLog('roundcube', 'OC_RoundCube_AuthHelper.class.php: ' . 'Login error during refresh.' . $e, OCP\Util::DEBUG);
return false;
}
}
public static function install($options)
{
$l = self::getTrans();
$error = array();
$dbtype = $options['dbtype'];
if (empty($options['adminlogin'])) {
$error[] = $l->t('Set an admin username.');
}
if (empty($options['adminpass'])) {
$error[] = $l->t('Set an admin password.');
}
if (empty($options['directory'])) {
$options['directory'] = OC::$SERVERROOT . "/data";
}
if (!isset(self::$dbSetupClasses[$dbtype])) {
$dbtype = 'sqlite';
}
$class = self::$dbSetupClasses[$dbtype];
$dbSetup = new $class(self::getTrans(), 'db_structure.xml');
$error = array_merge($error, $dbSetup->validate($options));
if (count($error) != 0) {
return $error;
}
//no errors, good
$username = htmlspecialchars_decode($options['adminlogin']);
$password = htmlspecialchars_decode($options['adminpass']);
$datadir = htmlspecialchars_decode($options['directory']);
if (isset($options['trusted_domains']) && is_array($options['trusted_domains'])) {
$trustedDomains = $options['trusted_domains'];
} else {
$trustedDomains = array(OC_Request::serverHost());
}
if (OC_Util::runningOnWindows()) {
$datadir = rtrim(realpath($datadir), '\\');
}
//use sqlite3 when available, otherise sqlite2 will be used.
if ($dbtype == 'sqlite' and class_exists('SQLite3')) {
$dbtype = 'sqlite3';
}
//generate a random salt that is used to salt the local user passwords
$salt = OC_Util::generateRandomBytes(30);
OC_Config::setValue('passwordsalt', $salt);
//write the config file
OC_Config::setValue('trusted_domains', $trustedDomains);
OC_Config::setValue('datadirectory', $datadir);
OC_Config::setValue('dbtype', $dbtype);
OC_Config::setValue('version', implode('.', OC_Util::getVersion()));
try {
$dbSetup->initialize($options);
$dbSetup->setupDatabase($username);
} catch (DatabaseSetupException $e) {
$error[] = array('error' => $e->getMessage(), 'hint' => $e->getHint());
return $error;
} catch (Exception $e) {
$error[] = array('error' => 'Error while trying to create admin user: '******'hint' => '');
return $error;
}
//create the user and group
try {
OC_User::createUser($username, $password);
} catch (Exception $exception) {
$error[] = $exception->getMessage();
}
if (count($error) == 0) {
OC_Appconfig::setValue('core', 'installedat', microtime(true));
OC_Appconfig::setValue('core', 'lastupdatedat', microtime(true));
OC_AppConfig::setValue('core', 'remote_core.css', '/core/minimizer.php');
OC_AppConfig::setValue('core', 'remote_core.js', '/core/minimizer.php');
OC_Group::createGroup('admin');
OC_Group::addToGroup($username, 'admin');
OC_User::login($username, $password);
//guess what this does
OC_Installer::installShippedApps();
// create empty file in data dir, so we can later find
// out that this is indeed an ownCloud data directory
file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data') . '/.ocdata', '');
//create htaccess files for apache hosts
if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
self::createHtaccess();
}
//and we are done
OC_Config::setValue('installed', true);
}
return $error;
}
/**
* Makes an URL absolute
* @param string $url the url in the ownCloud host
* @return string the absolute version of the url
*/
public function getAbsoluteURL($url)
{
$separator = $url[0] === '/' ? '' : '/';
if (\OC::$CLI && !defined('PHPUNIT_RUN')) {
return rtrim($this->config->getSystemValue('overwrite.cli.url'), '/') . '/' . ltrim($url, '/');
}
// The ownCloud web root can already be prepended.
$webRoot = substr($url, 0, strlen(\OC::$WEBROOT)) === \OC::$WEBROOT ? '' : \OC::$WEBROOT;
return \OC_Request::serverProtocol() . '://' . \OC_Request::serverHost() . $webRoot . $separator . $url;
}
public static function checkSSL()
{
// redirect to https site if configured
if (OC_Config::getValue("forcessl", false)) {
ini_set("session.cookie_secure", "on");
if (OC_Request::serverProtocol() != 'https' and !OC::$CLI) {
$url = "https://" . OC_Request::serverHost() . $_SERVER['REQUEST_URI'];
header("Location: {$url}");
exit;
}
}
}
<?php
// Init owncloud
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('roundcube');
// CSRF checks
OCP\JSON::callCheck();
$l = new OC_L10N('roundcube');
if (isset($_POST['appname']) && $_POST['appname'] == "roundcube") {
$ocUser = OCP\User::getUser();
$result = OC_RoundCube_App::cryptEmailIdentity($ocUser, $_POST['rc_mail_username'], $_POST['rc_mail_password']);
if ($result) {
// update login credentials
$maildir = OCP\Config::getAppValue('roundcube', 'maildir', '');
$rc_host = OCP\Config::getAppValue('roundcube', 'rcHost', '');
if ($rc_host == '') {
$rc_host = OC_Request::serverHost();
}
$rc_port = OCP\Config::getAppValue('roundcube', 'rcPort', null);
OC_RoundCube_App::login($rc_host, $rc_port, $maildir, $_POST['rc_mail_username'], $_POST['rc_mail_password']);
} else {
OC_JSON::error(array("data" => array("message" => $l->t("Unable to store email credentials in the data-base."))));
return false;
}
} else {
OC_JSON::error(array("data" => array("message" => $l->t("Not submitted for us."))));
return false;
}
OCP\JSON::success(array('data' => array('message' => $l->t('Email-user credentials successfully stored.'))));
return true;
/**
* Makes an URL absolute
* @param string $url the url in the owncloud host
* @return string the absolute version of the url
*/
public function getAbsoluteURL($url)
{
$separator = $url[0] === '/' ? '' : '/';
// The ownCloud web root can already be prepended.
$webRoot = substr($url, 0, strlen(\OC::$WEBROOT)) === \OC::$WEBROOT ? '' : \OC::$WEBROOT;
return \OC_Request::serverProtocol() . '://' . \OC_Request::serverHost() . $webRoot . $separator . $url;
}
/**
* runs the update actions in maintenance mode, does not upgrade the source files
* except the main .htaccess file
*
* @param string $currentVersion current version to upgrade to
* @param string $installedVersion previous version from which to upgrade from
*
* @return bool true if the operation succeeded, false otherwise
*/
private function doUpgrade($currentVersion, $installedVersion)
{
// Update htaccess files for apache hosts
if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
\OC_Setup::updateHtaccess();
}
// create empty file in data dir, so we can later find
// out that this is indeed an ownCloud data directory
// (in case it didn't exist before)
file_put_contents(\OC_Config::getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/.ocdata', '');
/*
* START CONFIG CHANGES FOR OLDER VERSIONS
*/
if (!\OC::$CLI && version_compare($installedVersion, '6.90.1', '<')) {
// Add the trusted_domains config if it is not existant
// This is added to prevent host header poisoning
\OC_Config::setValue('trusted_domains', \OC_Config::getValue('trusted_domains', array(\OC_Request::serverHost())));
}
/*
* STOP CONFIG CHANGES FOR OLDER VERSIONS
*/
// pre-upgrade repairs
$repair = new \OC\Repair(\OC\Repair::getBeforeUpgradeRepairSteps());
$repair->run();
// simulate DB upgrade
if ($this->simulateStepEnabled) {
// simulate core DB upgrade
\OC_DB::simulateUpdateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml');
// simulate apps DB upgrade
$version = \OC_Util::getVersion();
$apps = \OC_App::getEnabledApps();
foreach ($apps as $appId) {
$info = \OC_App::getAppInfo($appId);
if (\OC_App::isAppCompatible($version, $info) && \OC_App::shouldUpgrade($appId)) {
if (file_exists(\OC_App::getAppPath($appId) . '/appinfo/database.xml')) {
\OC_DB::simulateUpdateDbFromStructure(\OC_App::getAppPath($appId) . '/appinfo/database.xml');
}
}
}
$this->emit('\\OC\\Updater', 'dbSimulateUpgrade');
}
// upgrade from OC6 to OC7
// TODO removed it again for OC8
$sharePolicy = \OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global');
if ($sharePolicy === 'groups_only') {
\OC_Appconfig::setValue('core', 'shareapi_only_share_with_group_members', 'yes');
}
if ($this->updateStepEnabled) {
// do the real upgrade
\OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml');
$this->emit('\\OC\\Updater', 'dbUpgrade');
// TODO: why not do this at the end ?
\OC_Config::setValue('version', implode('.', \OC_Util::getVersion()));
$disabledApps = \OC_App::checkAppsRequirements();
if (!empty($disabledApps)) {
$this->emit('\\OC\\Updater', 'disabledApps', array($disabledApps));
}
// load all apps to also upgrade enabled apps
\OC_App::loadApps();
// post-upgrade repairs
$repair = new \OC\Repair(\OC\Repair::getRepairSteps());
$repair->run();
//Invalidate update feed
\OC_Appconfig::setValue('core', 'lastupdatedat', 0);
}
}
/**
* Makes an URL absolute
* @param string $url the url in the owncloud host
* @return string the absolute version of the url
*/
public function getAbsoluteURL($url)
{
$separator = $url[0] === '/' ? '' : '/';
return \OC_Request::serverProtocol() . '://' . \OC_Request::serverHost() . $separator . $url;
}
/**
* runs the update actions in maintenance mode, does not upgrade the source files
*/
public function upgrade()
{
\OC_DB::enableCaching(false);
\OC_Config::setValue('maintenance', true);
$installedVersion = \OC_Config::getValue('version', '0.0.0');
$currentVersion = implode('.', \OC_Util::getVersion());
if ($this->log) {
$this->log->debug('starting upgrade from ' . $installedVersion . ' to ' . $currentVersion, array('app' => 'core'));
}
$this->emit('\\OC\\Updater', 'maintenanceStart');
// create empty file in data dir, so we can later find
// out that this is indeed an ownCloud data directory
// (in case it didn't exist before)
file_put_contents(\OC_Config::getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/.ocdata', '');
/*
* START CONFIG CHANGES FOR OLDER VERSIONS
*/
if (!\OC::$CLI && version_compare($installedVersion, '6.00.4', '<')) {
// Add the trusted_domains config if it is not existant
// This is added to prevent host header poisoning
\OC_Config::setValue('trusted_domains', \OC_Config::getValue('trusted_domains', array(\OC_Request::serverHost())));
}
/*
* STOP CONFIG CHANGES FOR OLDER VERSIONS
*/
try {
\OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml');
$this->emit('\\OC\\Updater', 'dbUpgrade');
// do a file cache upgrade for users with files
// this can take loooooooooooooooooooooooong
$this->upgradeFileCache();
} catch (\Exception $exception) {
$this->emit('\\OC\\Updater', 'failure', array($exception->getMessage()));
}
\OC_Config::setValue('version', implode('.', \OC_Util::getVersion()));
\OC_App::checkAppsRequirements();
// load all apps to also upgrade enabled apps
\OC_App::loadApps();
$repair = new Repair();
$repair->run();
//Invalidate update feed
\OC_Appconfig::setValue('core', 'lastupdatedat', 0);
\OC_Config::setValue('maintenance', false);
$this->emit('\\OC\\Updater', 'maintenanceEnd');
}
/**
* @param $options
* @return array
*/
public static function install($options)
{
$l = self::getTrans();
$error = array();
$dbType = $options['dbtype'];
if (empty($options['adminlogin'])) {
$error[] = $l->t('Set an admin username.');
}
if (empty($options['adminpass'])) {
$error[] = $l->t('Set an admin password.');
}
if (empty($options['directory'])) {
$options['directory'] = OC::$SERVERROOT . "/data";
}
if (!isset(self::$dbSetupClasses[$dbType])) {
$dbType = 'sqlite';
}
$username = htmlspecialchars_decode($options['adminlogin']);
$password = htmlspecialchars_decode($options['adminpass']);
$dataDir = htmlspecialchars_decode($options['directory']);
$class = self::$dbSetupClasses[$dbType];
/** @var \OC\Setup\AbstractDatabase $dbSetup */
$dbSetup = new $class(self::getTrans(), 'db_structure.xml');
$error = array_merge($error, $dbSetup->validate($options));
// validate the data directory
if (!is_dir($dataDir) and !mkdir($dataDir) or !is_writable($dataDir)) {
$error[] = $l->t("Can't create or write into the data directory %s", array($dataDir));
}
if (count($error) != 0) {
return $error;
}
//no errors, good
if (isset($options['trusted_domains']) && is_array($options['trusted_domains'])) {
$trustedDomains = $options['trusted_domains'];
} else {
$trustedDomains = array(OC_Request::serverHost());
}
if (OC_Util::runningOnWindows()) {
$dataDir = rtrim(realpath($dataDir), '\\');
}
//use sqlite3 when available, otherwise sqlite2 will be used.
if ($dbType == 'sqlite' and class_exists('SQLite3')) {
$dbType = 'sqlite3';
}
//generate a random salt that is used to salt the local user passwords
$salt = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate(30);
\OC::$server->getConfig()->setSystemValue('passwordsalt', $salt);
// generate a secret
$secret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(48);
\OC::$server->getConfig()->setSystemValue('secret', $secret);
//write the config file
\OC::$server->getConfig()->setSystemValue('trusted_domains', $trustedDomains);
\OC::$server->getConfig()->setSystemValue('datadirectory', $dataDir);
\OC::$server->getConfig()->setSystemValue('overwrite.cli.url', \OC_Request::serverProtocol() . '://' . \OC_Request::serverHost() . OC::$WEBROOT);
\OC::$server->getConfig()->setSystemValue('dbtype', $dbType);
\OC::$server->getConfig()->setSystemValue('version', implode('.', OC_Util::getVersion()));
try {
$dbSetup->initialize($options);
$dbSetup->setupDatabase($username);
} catch (DatabaseSetupException $e) {
$error[] = array('error' => $e->getMessage(), 'hint' => $e->getHint());
return $error;
} catch (Exception $e) {
$error[] = array('error' => 'Error while trying to create admin user: '******'hint' => '');
return $error;
}
//create the user and group
try {
OC_User::createUser($username, $password);
} catch (Exception $exception) {
$error[] = $exception->getMessage();
}
if (count($error) == 0) {
$appConfig = \OC::$server->getAppConfig();
$appConfig->setValue('core', 'installedat', microtime(true));
$appConfig->setValue('core', 'lastupdatedat', microtime(true));
OC_Group::createGroup('admin');
OC_Group::addToGroup($username, 'admin');
OC_User::login($username, $password);
//guess what this does
OC_Installer::installShippedApps();
// create empty file in data dir, so we can later find
// out that this is indeed an ownCloud data directory
file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data') . '/.ocdata', '');
// Update htaccess files for apache hosts
if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
self::updateHtaccess();
self::protectDataDirectory();
}
//and we are done
OC_Config::setValue('installed', true);
}
return $error;
}
/**
* @brief Makes an $url absolute
* @param string $url the url
* @return string the absolute url
*
* Returns a absolute url to the given app and file.
*/
public static function makeURLAbsolute( $url )
{
return OC_Request::serverProtocol(). '://' . OC_Request::serverHost() . $url;
}
/**
* @brief Returns the server host
* @returns string the server host
*
* Returns the server host, even if the website uses one or more
* reverse proxies
*/
public static function getServerHost()
{
return \OC_Request::serverHost();
}
/**
* Makes an URL absolute
* @param string $url the url in the owncloud host
* @return string the absolute version of the url
*/
public function getAbsoluteURL($url)
{
return \OC_Request::serverProtocol() . '://' . \OC_Request::serverHost() . $url;
}
