Example #1
0
 /**
  * @dataProvider rawPathInfoThrowsExceptionProvider
  * @expectedException Exception
  *
  * @param $requestUri
  * @param $scriptName
  */
 public function testRawPathInfoThrowsException($requestUri, $scriptName)
 {
     $_SERVER['REQUEST_URI'] = $requestUri;
     $_SERVER['SCRIPT_NAME'] = $scriptName;
     OC_Request::getRawPathInfo();
 }
Example #2
0
 /**
  * @brief Handle the request
  */
 public static function handleRequest()
 {
     // load all the classpaths from the enabled apps so they are available
     // in the routing files of each app
     OC::loadAppClassPaths();
     // Check if ownCloud is installed or in maintenance (update) mode
     if (!OC_Config::getValue('installed', false)) {
         require_once 'core/setup.php';
         exit;
     }
     $request = OC_Request::getPathInfo();
     if (substr($request, -3) !== '.js') {
         // we need these files during the upgrade
         self::checkMaintenanceMode();
         self::checkUpgrade();
     }
     if (!self::$CLI) {
         try {
             if (!OC_Config::getValue('maintenance', false)) {
                 OC_App::loadApps();
             }
             OC::getRouter()->match(OC_Request::getRawPathInfo());
             return;
         } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
             //header('HTTP/1.0 404 Not Found');
         } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
             OC_Response::setStatus(405);
             return;
         }
     }
     $app = OC::$REQUESTEDAPP;
     $file = OC::$REQUESTEDFILE;
     $param = array('app' => $app, 'file' => $file);
     // Handle app css files
     if (substr($file, -3) == 'css') {
         self::loadCSSFile($param);
         return;
     }
     // Handle redirect URL for logged in users
     if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
         $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
         // Deny the redirect if the URL contains a @
         // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
         if (strpos($location, '@') === FALSE) {
             header('Location: ' . $location);
             return;
         }
     }
     // Handle WebDAV
     if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
         header('location: ' . OC_Helper::linkToRemote('webdav'));
         return;
     }
     // Someone is logged in :
     if (OC_User::isLoggedIn()) {
         OC_App::loadApps();
         OC_User::setupBackends();
         if (isset($_GET["logout"]) and $_GET["logout"]) {
             if (isset($_COOKIE['oc_token'])) {
                 OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
             }
             OC_User::logout();
             header("Location: " . OC::$WEBROOT . '/');
         } else {
             if (is_null($file)) {
                 $param['file'] = 'index.php';
             }
             $file_ext = substr($param['file'], -3);
             if ($file_ext != 'php' || !self::loadAppScriptFile($param)) {
                 header('HTTP/1.0 404 Not Found');
             }
         }
         return;
     }
     // Not handled and not logged in
     self::handleLogin();
 }
Example #3
0
	/**
	 * Handle the request
	 */
	public static function handleRequest() {
		\OC::$server->getEventLogger()->start('handle_request', 'Handle request');
		$systemConfig = \OC::$server->getSystemConfig();
		// load all the classpaths from the enabled apps so they are available
		// in the routing files of each app
		OC::loadAppClassPaths();

		// Check if ownCloud is installed or in maintenance (update) mode
		if (!$systemConfig->getValue('installed', false)) {
			\OC::$server->getSession()->clear();
			$controller = new OC\Core\Setup\Controller(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('core'), new \OC_Defaults());
			$controller->run($_POST);
			exit();
		}

		$request = OC_Request::getPathInfo();
		if (substr($request, -3) !== '.js') { // we need these files during the upgrade
			self::checkMaintenanceMode();
			self::checkUpgrade();
		}

		// Always load authentication apps
		OC_App::loadApps(['authentication']);

		// Load minimum set of apps
		if (!self::checkUpgrade(false)
			&& !$systemConfig->getValue('maintenance', false)
			&& !\OCP\Util::needUpgrade()) {
			// For logged-in users: Load everything
			if(OC_User::isLoggedIn()) {
				OC_App::loadApps();
			} else {
				// For guests: Load only filesystem and logging
				OC_App::loadApps(array('filesystem', 'logging'));
				\OC_User::tryBasicAuthLogin();
			}
		}

		if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
			try {
				if (!$systemConfig->getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
					OC_App::loadApps(array('filesystem', 'logging'));
					OC_App::loadApps();
				}
				self::checkSingleUserMode();
				OC_Util::setupFS();
				OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
				return;
			} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
				//header('HTTP/1.0 404 Not Found');
			} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
				OC_Response::setStatus(405);
				return;
			}
		}

		// Handle redirect URL for logged in users
		if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
			$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));

			// Deny the redirect if the URL contains a @
			// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
			if (strpos($location, '@') === false) {
				header('Location: ' . $location);
				return;
			}
		}
		// Handle WebDAV
		if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
			// not allowed any more to prevent people
			// mounting this root directly.
			// Users need to mount remote.php/webdav instead.
			header('HTTP/1.1 405 Method Not Allowed');
			header('Status: 405 Method Not Allowed');
			return;
		}

		// Redirect to index if the logout link is accessed without valid session
		// this is needed to prevent "Token expired" messages while login if a session is expired
		// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
		if(isset($_GET['logout']) && !OC_User::isLoggedIn()) {
			header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
			return;
		}

		// Someone is logged in
		if (OC_User::isLoggedIn()) {
			OC_App::loadApps();
			OC_User::setupBackends();
			OC_Util::setupFS();
			if (isset($_GET["logout"]) and ($_GET["logout"])) {
				OC_JSON::callCheck();
				if (isset($_COOKIE['oc_token'])) {
					\OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
				}
				OC_User::logout();
				// redirect to webroot and add slash if webroot is empty
				header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
			} else {
				// Redirect to default application
				OC_Util::redirectToDefaultPage();
			}
		} else {
			// Not handled and not logged in
			self::handleLogin();
		}
	}
Example #4
0
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2012 Frank Karlitschek frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
*
*/
require_once '../lib/base.php';
use Symfony\Component\Routing\Exception\ResourceNotFoundException;
use Symfony\Component\Routing\Exception\MethodNotAllowedException;
try {
    OC::getRouter()->match('/ocs' . OC_Request::getRawPathInfo());
} catch (ResourceNotFoundException $e) {
    OC_API::setContentType();
    OC_OCS::notFound();
} catch (MethodNotAllowedException $e) {
    OC_API::setContentType();
    OC_Response::setStatus(405);
}
Example #5
0
 /**
  * @brief Handle the request
  */
 public static function handleRequest()
 {
     // load all the classpaths from the enabled apps so they are available
     // in the routing files of each app
     OC::loadAppClassPaths();
     // Check if ownCloud is installed or in maintenance (update) mode
     if (!OC_Config::getValue('installed', false)) {
         require_once 'core/setup.php';
         exit;
     }
     $host = OC_Request::insecureServerHost();
     // if the host passed in headers isn't trusted
     if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
         header('HTTP/1.1 400 Bad Request');
         header('Status: 400 Bad Request');
         OC_Template::printErrorPage('You are accessing the server from an untrusted domain.', 'Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.');
         return;
     }
     $request = OC_Request::getPathInfo();
     if (substr($request, -3) !== '.js') {
         // we need these files during the upgrade
         self::checkMaintenanceMode();
         self::checkUpgrade();
     }
     // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
     OC::tryBasicAuthLogin();
     if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
         try {
             if (!OC_Config::getValue('maintenance', false)) {
                 OC_App::loadApps();
             }
             self::checkSingleUserMode();
             OC::getRouter()->match(OC_Request::getRawPathInfo());
             return;
         } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
             //header('HTTP/1.0 404 Not Found');
         } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
             OC_Response::setStatus(405);
             return;
         }
     }
     $app = OC::$REQUESTEDAPP;
     $file = OC::$REQUESTEDFILE;
     $param = array('app' => $app, 'file' => $file);
     // Handle app css files
     if (substr($file, -3) == 'css') {
         self::loadCSSFile($param);
         return;
     }
     // Handle redirect URL for logged in users
     if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
         $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
         // Deny the redirect if the URL contains a @
         // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
         if (strpos($location, '@') === false) {
             header('Location: ' . $location);
             return;
         }
     }
     // Handle WebDAV
     if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
         // not allowed any more to prevent people
         // mounting this root directly.
         // Users need to mount remote.php/webdav instead.
         header('HTTP/1.1 405 Method Not Allowed');
         header('Status: 405 Method Not Allowed');
         return;
     }
     // Someone is logged in :
     if (OC_User::isLoggedIn()) {
         OC_App::loadApps();
         OC_User::setupBackends();
         if (isset($_GET["logout"]) and $_GET["logout"]) {
             if (isset($_COOKIE['oc_token'])) {
                 OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
             }
             OC_User::logout();
             header("Location: " . OC::$WEBROOT . '/');
         } else {
             if (is_null($file)) {
                 $param['file'] = 'index.php';
             }
             $file_ext = substr($param['file'], -3);
             if ($file_ext != 'php' || !self::loadAppScriptFile($param)) {
                 header('HTTP/1.0 404 Not Found');
             }
         }
         return;
     }
     // Not handled and not logged in
     self::handleLogin();
 }
Example #6
0
 /**
  * Handle the request
  */
 public static function handleRequest()
 {
     $l = \OC_L10N::get('lib');
     // load all the classpaths from the enabled apps so they are available
     // in the routing files of each app
     OC::loadAppClassPaths();
     // Check if ownCloud is installed or in maintenance (update) mode
     if (!OC_Config::getValue('installed', false)) {
         $controller = new OC\Core\Setup\Controller();
         $controller->run($_POST);
         exit;
     }
     $host = OC_Request::insecureServerHost();
     // if the host passed in headers isn't trusted
     if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
         header('HTTP/1.1 400 Bad Request');
         header('Status: 400 Bad Request');
         OC_Template::printErrorPage($l->t('You are accessing the server from an untrusted domain.'), $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.'));
         return;
     }
     $request = OC_Request::getPathInfo();
     if (substr($request, -3) !== '.js') {
         // we need these files during the upgrade
         self::checkMaintenanceMode();
         self::checkUpgrade();
     }
     if (!OC_User::isLoggedIn()) {
         // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
         OC::tryBasicAuthLogin();
     }
     if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
         try {
             if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
                 OC_App::loadApps(array('authentication'));
                 OC_App::loadApps(array('filesystem', 'logging'));
                 OC_App::loadApps();
             }
             self::checkSingleUserMode();
             OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
             return;
         } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
             //header('HTTP/1.0 404 Not Found');
         } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
             OC_Response::setStatus(405);
             return;
         }
     }
     // Load minimum set of apps
     if (!self::checkUpgrade(false)) {
         // For logged-in users: Load everything
         if (OC_User::isLoggedIn()) {
             OC_App::loadApps();
         } else {
             // For guests: Load only authentication, filesystem and logging
             OC_App::loadApps(array('authentication'));
             OC_App::loadApps(array('filesystem', 'logging'));
         }
     }
     // Handle redirect URL for logged in users
     if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
         $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
         // Deny the redirect if the URL contains a @
         // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
         if (strpos($location, '@') === false) {
             header('Location: ' . $location);
             return;
         }
     }
     // Handle WebDAV
     if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
         // not allowed any more to prevent people
         // mounting this root directly.
         // Users need to mount remote.php/webdav instead.
         header('HTTP/1.1 405 Method Not Allowed');
         header('Status: 405 Method Not Allowed');
         return;
     }
     // Redirect to index if the logout link is accessed without valid session
     // this is needed to prevent "Token expired" messages while login if a session is expired
     // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
     if (isset($_GET['logout']) && !OC_User::isLoggedIn()) {
         header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
         return;
     }
     // Someone is logged in
     if (OC_User::isLoggedIn()) {
         OC_App::loadApps();
         OC_User::setupBackends();
         if (isset($_GET["logout"]) and $_GET["logout"]) {
             OC_JSON::callCheck();
             if (isset($_COOKIE['oc_token'])) {
                 OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
             }
             if (isset($_SERVER['PHP_AUTH_USER'])) {
                 if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
                     // Ignore HTTP Authentication for 5 more mintues.
                     setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
                 } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
                     // Ignore HTTP Authentication to allow a different user to log in.
                     setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
                 }
             }
             OC_User::logout();
             // redirect to webroot and add slash if webroot is empty
             header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
         } else {
             // Redirect to default application
             OC_Util::redirectToDefaultPage();
         }
     } else {
         // Not handled and not logged in
         self::handleLogin();
     }
 }