/** * Do security precheck for not logged in users * @param bool callcheck - whether security token check is needed */ public static function preDispatchGuest($callcheck = true) { if ($callcheck) { \OCP\JSON::callCheck(); } \OCP\JSON::checkAppEnabled('documents'); }
public static function initAjaxController() { \OCP\JSON::checkLoggedIn(); \OCP\JSON::callCheck(); \OCP\JSON::checkAppEnabled('contacts'); \OCP\JSON::checkAppEnabled(self::APP_ID); }
/** * Runs all security checks */ public function runChecks() { if ($this->csrfCheck) { \OCP\JSON::callCheck(); } if ($this->loggedInCheck) { \OCP\JSON::checkLoggedIn(); } if ($this->appEnabledCheck) { \OCP\JSON::checkAppEnabled($this->appName); } if ($this->isAdminCheck) { \OCP\User::checkAdminUser(); } }
<?php /** * Copyright (c) 2013, Bjoern Schiessle <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. * * check migration status */ use OCA\Encryption\Util; \OCP\JSON::checkAppEnabled('files_encryption'); $loginname = isset($_POST['user']) ? $_POST['user'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $migrationStatus = Util::MIGRATION_COMPLETED; if ($loginname !== '' && $password !== '') { $username = \OCP\User::checkPassword($loginname, $password); if ($username) { $util = new Util(new \OC\Files\View('/'), $username); $migrationStatus = $util->getMigrationStatus(); } } \OCP\JSON::success(array('data' => array('migrationStatus' => $migrationStatus)));
* @license AGPL-3.0 * * This code is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ \OCP\JSON::checkAppEnabled('files_external_listing'); \OCP\JSON::checkLoggedIn(); \OCP\JSON::callCheck(); \OC_JSON::checkAdminUser(); $defaultDir = '/home'; if (\OC_Util::runningOnWindows()) { $defaultDir = 'C:\\'; } $localroot = OCP\Config::getAppValue('files_external_listing', 'starting_dir', $defaultDir); if (isset($_POST['path'])) { $path = realpath($_POST['path']); if (strpos($path, $localroot) === 0 or empty($_POST['path'])) { if (empty($_POST['path'])) { $path = $localroot; } if (!is_dir($path)) {
* License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ namespace OCA\Documents; \OCP\User::checkLoggedIn(); \OCP\JSON::checkAppEnabled('documents'); \OCP\App::setActiveNavigationEntry('documents_index'); \OCP\Util::addStyle('documents', 'style'); \OCP\Util::addStyle('documents', '3rdparty/webodf/dojo-app'); \OCP\Util::addScript('documents', 'documents'); \OCP\Util::addScript('files', 'file-upload'); \OCP\Util::addScript('files', 'jquery.iframe-transport'); \OCP\Util::addScript('files', 'jquery.fileupload'); $tmpl = new \OCP\Template('documents', 'documents', 'user'); $previewsEnabled = \OC::$server->getConfig()->getSystemValue('enable_previews', true); $unstable = \OCP\Config::getAppValue('documents', 'unstable', 'false'); $maxUploadFilesize = \OCP\Util::maxUploadFilesize("/"); $savePath = \OCP\Config::getUserValue(\OCP\User::getUser(), 'documents', 'save_path', '/'); $tmpl->assign('enable_previews', $previewsEnabled); $tmpl->assign('useUnstable', $unstable); $tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
<?php \OCP\JSON::checkAppEnabled('gallery'); OCP\Util::addStyle('gallery', 'styles'); OCP\Util::addStyle('gallery', 'mobile'); $token = isset($_GET['t']) ? (string) $_GET['t'] : ''; if ($token) { $linkItem = \OCP\Share::getShareByToken($token, false); if (is_array($linkItem) && isset($linkItem['uid_owner'])) { // seems to be a valid share $type = $linkItem['item_type']; $fileSource = $linkItem['file_source']; $shareOwner = $linkItem['uid_owner']; $path = null; $rootLinkItem = \OCP\Share::resolveReShare($linkItem); $fileOwner = $rootLinkItem['uid_owner']; $albumName = trim($linkItem['file_target'], '//'); $ownerDisplayName = \OC_User::getDisplayName($fileOwner); // stupid copy and paste job if (isset($linkItem['share_with'])) { // Authenticate share_with $url = OCP\Util::linkToPublic('gallery') . '&t=' . $token; if (isset($_GET['file'])) { $url .= '&file=' . urlencode($_GET['file']); } else { if (isset($_GET['dir'])) { $url .= '&dir=' . urlencode($_GET['dir']); } } if (isset($_POST['password'])) { $password = $_POST['password'];
/* 19.02.2014 Patrick Hoffmann This app is free to use and can be fully or in parts distributed. If you have questions or suggestions please feel free to contact me. patrick@gen7.de Great thanks to Vincent Petry <*****@*****.**> for supporting me the whole development progress. */ namespace OCA\files_w2g; //Init translations $l = \OCP\Util::getL10N('files_w2g'); //Requirements check \OCP\JSON::checkLoggedIn(); \OCP\JSON::checkAppEnabled('files_w2g'); //Init Database table $exist = \OCP\DB::prepare("SHOW TABLES LIKE '*PREFIX*" . app::table . "'")->execute()->fetchAll(); if ($exist == null) { @($query = \OCP\DB::prepare("CREATE table *PREFIX*" . app::table . "(name varchar(255) PRIMARY KEY,created TIMESTAMP DEFAULT CURRENT_TIMESTAMP,locked_by varchar(255)) " . app::charset)); @$query->execute()->fetchAll(); } //<-End Init Database table //Vars $path = stripslashes($_POST['path']); @($safe = @$_POST['safe']); @($owner = @$_POST['owner']); @($id = @$_POST['id']); $ppath = lockname($path); //Resolve the shared file if (@$owner != "") {
* @copyright 2013 Frank Karlitschek frank@owncloud.org * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ // some housekeeping \OCP\JSON::checkLoggedIn(); \OCP\JSON::checkAppEnabled('activity'); $l = \OCP\Util::getL10N('activity'); $data = new \OCA\Activity\Data(\OC::$server->getActivityManager()); $groupHelper = new \OCA\Activity\GroupHelper(\OC::$server->getActivityManager(), new \OCA\Activity\DataHelper(\OC::$server->getActivityManager(), new \OCA\Activity\ParameterHelper(new \OC\Files\View(''), $l), $l), true); $page = $data->getPageFromParam() - 1; $filter = $data->getFilterFromParam(); // Read the next 30 items for the endless scrolling $count = 30; $activity = $data->read($groupHelper, $page * $count, $count, $filter); // show the next 30 entries $tmpl = new \OCP\Template('activity', 'activities.part', ''); $tmpl->assign('activity', $activity); $tmpl->printPage();
$property->add($key, strip_tags($val2)); } } } else { if (trim($key) && trim($val)) { debug('Adding parameter: ' . $key . '=>' . print_r($val, true)); $property->add($key, strip_tags($val)); } } } } } } // Check if we are a user \OCP\JSON::checkLoggedIn(); \OCP\JSON::checkAppEnabled('contacts'); \OCP\JSON::callCheck(); $id = isset($_POST['id']) ? $_POST['id'] : null; $name = isset($_POST['name']) ? $_POST['name'] : null; $value = isset($_POST['value']) ? $_POST['value'] : null; $parameters = isset($_POST['parameters']) ? $_POST['parameters'] : null; $checksum = isset($_POST['checksum']) ? $_POST['checksum'] : null; debug('value: ' . print_r($value, 1)); $multi_properties = array('EMAIL', 'TEL', 'IMPP', 'ADR', 'URL'); if (!$name) { bailOut(App::$l10n->t('element name is not set.')); } if (!$id) { bailOut(App::$l10n->t('id is not set.')); } if (!$checksum && in_array($name, $multi_properties)) {
* oclife is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * oclife is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with oclife. If not, see <http://www.gnu.org/licenses/>. */ \OCP\JSON::callCheck(); \OCP\JSON::checkLoggedIn(); \OCP\JSON::checkAppEnabled('oclife'); $ctags = new \OCA\OCLife\hTags(); $tagData = $ctags->getAllTags('xx'); $searchKey = filter_input(INPUT_GET, 'term', FILTER_SANITIZE_STRING); $result = array(); foreach ($tagData as $tag) { if ($tag['tagid'] !== '-1') { if (is_null($searchKey) || $searchKey === FALSE || $searchKey === '') { $result[] = new \OCA\OCLife\tag($tag['tagid'], $tag['descr']); } else { if (strpos($tag['descr'], $searchKey) !== FALSE) { $result[] = new \OCA\OCLife\tag($tag['tagid'], $tag['descr']); } } } }
/** * ownCloud - firstrunwizard application * * @author Frank Karlitschek * @copyright 2012 Frank Karlitschek frank@owncloud.org * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ namespace OCA\FirstRunWizard; use OCP\JSON; JSON::checkLoggedIn(); JSON::checkAppEnabled('firstrunwizard'); JSON::callCheck(); $config = \OC::$server->getConfig(); $userSession = \OC::$server->getUserSession(); $firstRunConfig = new Config($config, $userSession); $firstRunConfig->disable();
* furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ use OCA\ocUsageCharts\AppInfo\Chart; \OCP\JSON::checkLoggedIn(); \OCP\JSON::checkAppEnabled('ocusagecharts'); \OCP\JSON::callCheck(); $l = \OCP\Util::getL10N('ocusagecharts'); $app = new Chart(); $container = $app->getContainer(); $configService = $container->query('ChartConfigService'); $validatorKey = 'ocusagecharts-charts-'; foreach ($_POST as $key => $value) { if (substr($key, 0, strlen($validatorKey)) === $validatorKey) { $id = substr($key, strlen($validatorKey)); $config = $configService->getChartConfigById($id); $config->setMetaData(json_encode(array('size' => $value))); $configService->save($config); } } \OCP\JSON::success(array("data" => array("message" => $l->t('Your settings have been updated.'))));
<?php /** * Copyright (c) 2012 Robin Appelman <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ namespace OCA\Media; \OCP\JSON::checkAppEnabled('media'); \OCP\JSON::checkLoggedIn(); error_reporting(E_ALL); //no script error reporting because of getID3 session_write_close(); $arguments = $_POST; if (!isset($_POST['action']) and isset($_GET['action'])) { $arguments = $_GET; } foreach ($arguments as &$argument) { $argument = stripslashes($argument); } \OC_Util::obEnd(); if (!isset($arguments['artist'])) { $arguments['artist'] = 0; } if (!isset($arguments['album'])) { $arguments['album'] = 0; } if (!isset($arguments['search'])) { $arguments['search'] = '';
/** * @NoAdminRequired * @NoCSRFRequired * @PublicPage * Given an access token and a fileId, returns the contents of the file. * Expects a valid token in access_token parameter. */ public function wopiGetFile($fileId) { $token = $this->request->getParam('access_token'); $arr = explode('_', $fileId, 2); $version = '0'; if (count($arr) == 2) { $fileId = $arr[0]; $version = $arr[1]; } \OC::$server->getLogger()->debug('Getting contents of file {fileId}, version {version} by token {token}.', ['app' => $this->appName, 'fileId' => $fileId, 'version' => $version, 'token' => $token]); $row = new Db\Wopi(); $row->loadBy('token', $token); //TODO: Support X-WOPIMaxExpectedSize header. $res = $row->getPathForToken($fileId, $version, $token); $ownerid = $res['owner']; // Login the user to see his mount locations $this->loginUser($ownerid); $filename = ''; // If some previous version is requested, fetch it from Files_Version app if ($version !== '0') { \OCP\JSON::checkAppEnabled('files_versions'); // Setup the FS \OC_Util::tearDownFS(); \OC_Util::setupFS($ownerid, '/' . $ownerid . '/files'); list($ownerid, $filename) = \OCA\Files_Versions\Storage::getUidAndFilename($res['path']); $filename = '/files_versions/' . $filename . '.v' . $version; \OC_Util::tearDownFS(); } else { $filename = '/files' . $res['path']; } // Close the session created for user login \OC::$server->getSession()->close(); return new DownloadResponse($this->request, $ownerid, $filename); }
* * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ namespace OCA\Videos; \OCP\User::checkLoggedIn(); \OCP\JSON::checkAppEnabled('videos'); \OCP\App::setActiveNavigationEntry('videos_index'); \OCP\Util::addStyle('videos', 'style'); \OCP\Util::addScript('videos', 'app'); \OCP\Util::addScript('videos/3rdparty', 'masonry.pkgd'); \OCP\Util::addStyle('files_videoviewer', 'style'); \OCP\Util::addStyle('files_videoviewer', 'mediaelementplayer'); \OCP\Util::addscript('files_videoviewer', 'viewer'); $manager = new VideosManager(); $videos = $manager->getVideos(); $tmpl = new \OCP\Template('videos', 'videos', 'user'); $tmpl->assign('videos', $videos); $tmpl->printPage();