Esempio n. 1
0
	/**
	 * @brief Check an ajax get/post call if the request token is valid.
	 * @return json Error msg if not valid.
	 */
	public static function callCheck() {
		if( !OC_Util::isCallRegistered()) {
			$l = OC_L10N::get('lib');
			self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') )));
			exit();
		}
	}
Esempio n. 2
0
 protected function init()
 {
     if ($this->started) {
         return;
     }
     $this->started = true;
     // prevent php output buffering, caching and nginx buffering
     OC_Util::obEnd();
     header('Cache-Control: no-cache');
     header('X-Accel-Buffering: no');
     $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
     if ($this->fallback) {
         $this->fallBackId = (int) $_GET['fallback_id'];
         header("Content-Type: text/html");
         echo str_repeat('<span></span>' . PHP_EOL, 10);
         //dummy data to keep IE happy
     } else {
         header("Content-Type: text/event-stream");
     }
     if (!OC_Util::isCallRegistered()) {
         $this->send('error', 'Possible CSRF attack. Connection will be closed.');
         $this->close();
         exit;
     }
     flush();
 }
Esempio n. 3
0
 /**
  * Check an ajax get/post call if the request token is valid, send json error msg if not.
  * @deprecated Use annotation based CSRF checks from the AppFramework instead
  */
 public static function callCheck()
 {
     if (!OC_Util::isCallRegistered()) {
         $l = \OC::$server->getL10N('lib');
         self::error(array('data' => array('message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired')));
         exit;
     }
 }
Esempio n. 4
0
 public function __construct()
 {
     @ob_end_clean();
     header('Cache-Control: no-cache');
     $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
     if ($this->fallback) {
         $this->fallBackId = $_GET['fallback_id'];
         header("Content-Type: text/html");
         echo str_repeat('<span></span>' . PHP_EOL, 10);
         //dummy data to keep IE happy
     } else {
         header("Content-Type: text/event-stream");
     }
     if (!OC_Util::isCallRegistered()) {
         exit;
     }
     flush();
 }
Esempio n. 5
0
 public function __construct()
 {
     OC_Util::obEnd();
     header('Cache-Control: no-cache');
     $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
     if ($this->fallback) {
         $this->fallBackId = $_GET['fallback_id'];
         header("Content-Type: text/html");
         echo str_repeat('<span></span>' . PHP_EOL, 10);
         //dummy data to keep IE happy
     } else {
         header("Content-Type: text/event-stream");
     }
     if (!OC_Util::isCallRegistered()) {
         $this->send('error', 'Possible CSRF attack. Connection will be closed.');
         exit;
     }
     flush();
 }
Esempio n. 6
0
 protected function init()
 {
     if ($this->started) {
         return;
     }
     $this->started = true;
     // prevent php output buffering, caching and nginx buffering
     OC_Util::obEnd();
     header('Cache-Control: no-cache');
     header('X-Accel-Buffering: no');
     $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
     if ($this->fallback) {
         $this->fallBackId = (int) $_GET['fallback_id'];
         /**
          * FIXME: The default content-security-policy of ownCloud forbids inline
          * JavaScript for security reasons. IE starting on Windows 10 will
          * however also obey the CSP which will break the event source fallback.
          *
          * As a workaround thus we set a custom policy which allows the execution
          * of inline JavaScript.
          *
          * @link https://github.com/owncloud/core/issues/14286
          */
         header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'");
         header("Content-Type: text/html");
         echo str_repeat('<span></span>' . PHP_EOL, 10);
         //dummy data to keep IE happy
     } else {
         header("Content-Type: text/event-stream");
     }
     if (!OC_Util::isCallRegistered()) {
         $this->send('error', 'Possible CSRF attack. Connection will be closed.');
         $this->close();
         exit;
     }
     flush();
 }
Esempio n. 7
0
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
*
*/
OCP\User::checkAdminUser();
$htaccessWorking = getenv('htaccessWorking') == 'true';
$upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
$post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
$maxUploadFilesize = OCP\Util::humanFileSize(min($upload_max_filesize, $post_max_size));
if ($_POST && OC_Util::isCallRegistered()) {
    if (isset($_POST['maxUploadSize'])) {
        if (($setMaxSize = OC_Files::setUploadLimit(OCP\Util::computerFileSize($_POST['maxUploadSize']))) !== false) {
            $maxUploadFilesize = OCP\Util::humanFileSize($setMaxSize);
        }
    }
}
OCP\App::setActiveNavigationEntry("files_administration");
$htaccessWritable = is_writable(OC::$SERVERROOT . '/.htaccess');
$tmpl = new OCP\Template('files', 'admin');
/* 
* extended version
* + only users with permission can delete files(in the files app only)
* + file type restriction
*/
$filetyprestriction = \OC_Appconfig::getValue('core', 'filetyperes_enabled', 'no');
Esempio n. 8
0
 /**
  * Check an ajax get/post call if the request token is valid. Exit if not.
  *
  * @todo Write howto
  * @return void
  */
 public static function callCheck()
 {
     if (!OC_Util::isCallRegistered()) {
         exit;
     }
 }
Esempio n. 9
0
 /**
  * Tries to login a user using the form based authentication
  * @return bool|void
  */
 protected static function tryFormLogin()
 {
     if (!isset($_POST["user"]) || !isset($_POST['password'])) {
         return false;
     }
     if (!OC_Util::isCallRegistered()) {
         return false;
     }
     OC_App::loadApps();
     //setup extra user backends
     OC_User::setupBackends();
     if (OC_User::login((string) $_POST["user"], (string) $_POST["password"])) {
         $userId = OC_User::getUser();
         // setting up the time zone
         if (isset($_POST['timezone-offset'])) {
             self::$server->getSession()->set('timezone', (string) $_POST['timezone-offset']);
             self::$server->getConfig()->setUserValue($userId, 'core', 'timezone', (string) $_POST['timezone']);
         }
         self::cleanupLoginTokens($userId);
         if (!empty($_POST["remember_login"])) {
             $config = self::$server->getConfig();
             if ($config->getSystemValue('debug', false)) {
                 self::$server->getLogger()->debug('Setting remember login to cookie', array('app' => 'core'));
             }
             $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
             $config->setUserValue($userId, 'login_token', $token, time());
             OC_User::setMagicInCookie($userId, $token);
         } else {
             OC_User::unsetMagicInCookie();
         }
         OC_Util::redirectToDefaultPage();
         exit;
     }
     return true;
 }
Esempio n. 10
0
	/**
	 * Tries to login a user using the formbased authentication
	 * @return bool|void
	 */
	protected static function tryFormLogin() {
		if (!isset($_POST["user"]) || !isset($_POST['password'])) {
			return false;
		}

		if(!OC_Util::isCallRegistered()) {
			return false;
		}
		OC_App::loadApps();

		//setup extra user backends
		OC_User::setupBackends();

		if (OC_User::login($_POST["user"], $_POST["password"])) {
			// setting up the time zone
			if (isset($_POST['timezone-offset'])) {
				self::$session->set('timezone', $_POST['timezone-offset']);
			}

			$userid = OC_User::getUser();
			self::cleanupLoginTokens($userid);
			if (!empty($_POST["remember_login"])) {
				if (defined("DEBUG") && DEBUG) {
					OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
				}
				$token = OC_Util::generateRandomBytes(32);
				OC_Preferences::setValue($userid, 'login_token', $token, time());
				OC_User::setMagicInCookie($userid, $token);
			} else {
				OC_User::unsetMagicInCookie();
			}
			OC_Util::redirectToDefaultPage();
			exit();
		}
		return true;
	}
 /**
  * @param int $talkid
  * @param string $text
  * Save an answer to the talk
  */
 public function answerTalk($args)
 {
     $talkid = $args['talkid'];
     $text = $args['text'];
     $users = $this->connect->users();
     $messages = $this->connect->messages();
     $message = $messages->getByReply($talkid);
     $talk = $messages->getById($talkid)[0];
     $usermessages = $this->connect->userMessage();
     //$usermessages = $this->getUserMessages($this->userId);
     if (!($usermessage = $usermessages->getMessageById($message['id']))) {
         $usermessages->createStatus($message['id'], $this->userId);
         $usermessage = $usermessages->getMessageById($message['id']);
     }
     if ($message['status'] < 2) {
         $message['status'] = 2;
         $messages->setStatus($message['mid'], 2);
     }
     $subscribers = explode(',', $talk['subscribers']);
     if (!in_array($this->userId, $subscribers)) {
         $subscribers[] = $this->userId;
     } else {
         unset($subscribers[array_search($this->userId, $subscribers)]);
         $talk['subscribers'] = $subscribers;
         $subscribers[] = $talk['author'];
         //$subscribers[] = $this->userId;
         $talk['subscribers'] = $subscribers;
     }
     $mailsubscribers = array();
     $groupspref = array();
     foreach ($subscribers as $s => $subscriber) {
         if (strstr($subscriber, "-group")) {
             $group = substr($subscriber, 0, strpos($subscriber, "-group"));
             if ($group && is_string($group)) {
                 foreach ($users->getUsersFromGroup($group) as $gu => $groupuser) {
                     $user = $users->getUserDetails($groupuser['uid']);
                     $groupusers[$groupuser['uid']] = $user;
                 }
                 $mailsubscribers[$group] = ['groupid' => $group, 'grouppref' => $group . '-group', 'groupusers' => $groupusers];
                 $groupspref[] = $group . '-group';
             }
         } else {
             if (!($subscriber == $this->userId)) {
                 $allusers[$subscriber] = $users->getUserDetails($subscriber);
             }
         }
     }
     $mailsubscribers['ungroupped'] = ['groupusers' => $allusers];
     if (count($mailsubscribers) > 0 && count($groupspref) > 0) {
         $messageSubscribers = implode(',', $groupspref);
         if (count($mailsubscribers['ungroupped']['groupusers']) > 0) {
             $messageSubscribers .= ',' . implode(',', array_keys($mailsubscribers['ungroupped']['groupusers']));
         }
     } else {
         $messageSubscribers = implode(',', array_keys($mailsubscribers['ungroupped']['groupusers']));
     }
     $messagedata = array('rid' => $talkid, 'date' => date("Y-m-d h:i:s"), 'title' => Helper::checkTxt($text), 'text' => '', 'author' => $this->userId, 'subscribers' => $messageSubscribers, 'hash' => isset($talk['hash']) && !empty($talk['hash']) ? $talk['hash'] : md5(date("Y-m-d h:i:s") . '' . $text), 'status' => 0);
     $messages = $this->connect->messages();
     $saved = $messages->save($messagedata);
     //$saved = 1;
     if ($saved) {
         foreach ($subscribers as $s => $subscriber) {
             if (is_string($subscriber) && !empty($subscriber)) {
                 $usermessagedata = ['uid' => $subscriber, 'mid' => $saved, 'status' => 0];
                 $usermessages->save($usermessagedata);
             }
         }
         $sent = $this->sendMessage($saved, $mailsubscribers, $this->userId, $messagedata);
         foreach ($mailsubscribers as $m => $ms) {
             if ($m == 'ungroupped') {
                 $sent = $this->sendMessage($saved, $ms['groupusers'], $this->userId, $messagedata);
             } else {
                 $messagedata['groupsid'] = $ms['grouppref'];
                 $sent = $this->sendMessage($saved, $ms['groupusers'], $ms['grouppref'], $messagedata);
             }
         }
         $params = array('answerid' => $saved, 'author' => $this->userId, 'date' => date("Y-m-d h:i:s"), 'title' => Helper::checkTxt($text), 'sent' => $sent, 'appname' => $this->appName);
     } else {
         $params = array('title' => Helper::checkTxt($text));
     }
     $view = Helper::renderPartial($this->appName, 'api.addanswer', $params);
     $params = array('user' => $this->userId, 'view' => $view, 'requesttoken' => !\OC_Util::isCallRegistered() ? '' : \OC_Util::callRegister());
     return new DataResponse($params);
 }
Esempio n. 12
0
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
OC_Util::checkAdminUser();
OC_Util::isCallRegistered();
$params = array('redmine_db_host', 'redmine_db_port', 'redmine_db_user', 'redmine_db_password', 'redmine_db_name', 'redmine_db_driver');
if ($_POST) {
    foreach ($params as $param) {
        if (isset($_POST[$param])) {
            OC_Appconfig::setValue('user_redmine', $param, $_POST[$param]);
        }
    }
}
// fill template
$tmpl = new OC_Template('user_redmine', 'settings');
foreach ($params as $param) {
    $default = '';
    if ($param == 'redmine_db_driver') {
        $default = 'mysql';
    }
Esempio n. 13
0
 /**
  * Checks if the CSRF check was correct
  * @return bool true if CSRF check passed
  */
 public function passesCSRFCheck()
 {
     # TODO: use public api
     return \OC_Util::isCallRegistered();
 }