/**
* @brief Check an ajax get/post call if the request token is valid.
* @return json Error msg if not valid.
*/
public static function callCheck() {
if( !OC_Util::isCallRegistered()) {
$l = OC_L10N::get('lib');
self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') )));
exit();
}
}
protected function init()
{
if ($this->started) {
return;
}
$this->started = true;
// prevent php output buffering, caching and nginx buffering
OC_Util::obEnd();
header('Cache-Control: no-cache');
header('X-Accel-Buffering: no');
$this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
if ($this->fallback) {
$this->fallBackId = (int) $_GET['fallback_id'];
header("Content-Type: text/html");
echo str_repeat('<span></span>' . PHP_EOL, 10);
//dummy data to keep IE happy
} else {
header("Content-Type: text/event-stream");
}
if (!OC_Util::isCallRegistered()) {
$this->send('error', 'Possible CSRF attack. Connection will be closed.');
$this->close();
exit;
}
flush();
}
/**
* Check an ajax get/post call if the request token is valid, send json error msg if not.
* @deprecated Use annotation based CSRF checks from the AppFramework instead
*/
public static function callCheck()
{
if (!OC_Util::isCallRegistered()) {
$l = \OC::$server->getL10N('lib');
self::error(array('data' => array('message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired')));
exit;
}
}
public function __construct()
{
@ob_end_clean();
header('Cache-Control: no-cache');
$this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
if ($this->fallback) {
$this->fallBackId = $_GET['fallback_id'];
header("Content-Type: text/html");
echo str_repeat('<span></span>' . PHP_EOL, 10);
//dummy data to keep IE happy
} else {
header("Content-Type: text/event-stream");
}
if (!OC_Util::isCallRegistered()) {
exit;
}
flush();
}
public function __construct()
{
OC_Util::obEnd();
header('Cache-Control: no-cache');
$this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
if ($this->fallback) {
$this->fallBackId = $_GET['fallback_id'];
header("Content-Type: text/html");
echo str_repeat('<span></span>' . PHP_EOL, 10);
//dummy data to keep IE happy
} else {
header("Content-Type: text/event-stream");
}
if (!OC_Util::isCallRegistered()) {
$this->send('error', 'Possible CSRF attack. Connection will be closed.');
exit;
}
flush();
}
protected function init()
{
if ($this->started) {
return;
}
$this->started = true;
// prevent php output buffering, caching and nginx buffering
OC_Util::obEnd();
header('Cache-Control: no-cache');
header('X-Accel-Buffering: no');
$this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
if ($this->fallback) {
$this->fallBackId = (int) $_GET['fallback_id'];
/**
* FIXME: The default content-security-policy of ownCloud forbids inline
* JavaScript for security reasons. IE starting on Windows 10 will
* however also obey the CSP which will break the event source fallback.
*
* As a workaround thus we set a custom policy which allows the execution
* of inline JavaScript.
*
* @link https://github.com/owncloud/core/issues/14286
*/
header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'");
header("Content-Type: text/html");
echo str_repeat('<span></span>' . PHP_EOL, 10);
//dummy data to keep IE happy
} else {
header("Content-Type: text/event-stream");
}
if (!OC_Util::isCallRegistered()) {
$this->send('error', 'Possible CSRF attack. Connection will be closed.');
$this->close();
exit;
}
flush();
}
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
OCP\User::checkAdminUser();
$htaccessWorking = getenv('htaccessWorking') == 'true';
$upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
$post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
$maxUploadFilesize = OCP\Util::humanFileSize(min($upload_max_filesize, $post_max_size));
if ($_POST && OC_Util::isCallRegistered()) {
if (isset($_POST['maxUploadSize'])) {
if (($setMaxSize = OC_Files::setUploadLimit(OCP\Util::computerFileSize($_POST['maxUploadSize']))) !== false) {
$maxUploadFilesize = OCP\Util::humanFileSize($setMaxSize);
}
}
}
OCP\App::setActiveNavigationEntry("files_administration");
$htaccessWritable = is_writable(OC::$SERVERROOT . '/.htaccess');
$tmpl = new OCP\Template('files', 'admin');
/*
* extended version
* + only users with permission can delete files(in the files app only)
* + file type restriction
*/
$filetyprestriction = \OC_Appconfig::getValue('core', 'filetyperes_enabled', 'no');
/**
* Check an ajax get/post call if the request token is valid. Exit if not.
*
* @todo Write howto
* @return void
*/
public static function callCheck()
{
if (!OC_Util::isCallRegistered()) {
exit;
}
}
/**
* Tries to login a user using the form based authentication
* @return bool|void
*/
protected static function tryFormLogin()
{
if (!isset($_POST["user"]) || !isset($_POST['password'])) {
return false;
}
if (!OC_Util::isCallRegistered()) {
return false;
}
OC_App::loadApps();
//setup extra user backends
OC_User::setupBackends();
if (OC_User::login((string) $_POST["user"], (string) $_POST["password"])) {
$userId = OC_User::getUser();
// setting up the time zone
if (isset($_POST['timezone-offset'])) {
self::$server->getSession()->set('timezone', (string) $_POST['timezone-offset']);
self::$server->getConfig()->setUserValue($userId, 'core', 'timezone', (string) $_POST['timezone']);
}
self::cleanupLoginTokens($userId);
if (!empty($_POST["remember_login"])) {
$config = self::$server->getConfig();
if ($config->getSystemValue('debug', false)) {
self::$server->getLogger()->debug('Setting remember login to cookie', array('app' => 'core'));
}
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
$config->setUserValue($userId, 'login_token', $token, time());
OC_User::setMagicInCookie($userId, $token);
} else {
OC_User::unsetMagicInCookie();
}
OC_Util::redirectToDefaultPage();
exit;
}
return true;
}
/**
* Tries to login a user using the formbased authentication
* @return bool|void
*/
protected static function tryFormLogin() {
if (!isset($_POST["user"]) || !isset($_POST['password'])) {
return false;
}
if(!OC_Util::isCallRegistered()) {
return false;
}
OC_App::loadApps();
//setup extra user backends
OC_User::setupBackends();
if (OC_User::login($_POST["user"], $_POST["password"])) {
// setting up the time zone
if (isset($_POST['timezone-offset'])) {
self::$session->set('timezone', $_POST['timezone-offset']);
}
$userid = OC_User::getUser();
self::cleanupLoginTokens($userid);
if (!empty($_POST["remember_login"])) {
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
}
$token = OC_Util::generateRandomBytes(32);
OC_Preferences::setValue($userid, 'login_token', $token, time());
OC_User::setMagicInCookie($userid, $token);
} else {
OC_User::unsetMagicInCookie();
}
OC_Util::redirectToDefaultPage();
exit();
}
return true;
}
/**
* @param int $talkid
* @param string $text
* Save an answer to the talk
*/
public function answerTalk($args)
{
$talkid = $args['talkid'];
$text = $args['text'];
$users = $this->connect->users();
$messages = $this->connect->messages();
$message = $messages->getByReply($talkid);
$talk = $messages->getById($talkid)[0];
$usermessages = $this->connect->userMessage();
//$usermessages = $this->getUserMessages($this->userId);
if (!($usermessage = $usermessages->getMessageById($message['id']))) {
$usermessages->createStatus($message['id'], $this->userId);
$usermessage = $usermessages->getMessageById($message['id']);
}
if ($message['status'] < 2) {
$message['status'] = 2;
$messages->setStatus($message['mid'], 2);
}
$subscribers = explode(',', $talk['subscribers']);
if (!in_array($this->userId, $subscribers)) {
$subscribers[] = $this->userId;
} else {
unset($subscribers[array_search($this->userId, $subscribers)]);
$talk['subscribers'] = $subscribers;
$subscribers[] = $talk['author'];
//$subscribers[] = $this->userId;
$talk['subscribers'] = $subscribers;
}
$mailsubscribers = array();
$groupspref = array();
foreach ($subscribers as $s => $subscriber) {
if (strstr($subscriber, "-group")) {
$group = substr($subscriber, 0, strpos($subscriber, "-group"));
if ($group && is_string($group)) {
foreach ($users->getUsersFromGroup($group) as $gu => $groupuser) {
$user = $users->getUserDetails($groupuser['uid']);
$groupusers[$groupuser['uid']] = $user;
}
$mailsubscribers[$group] = ['groupid' => $group, 'grouppref' => $group . '-group', 'groupusers' => $groupusers];
$groupspref[] = $group . '-group';
}
} else {
if (!($subscriber == $this->userId)) {
$allusers[$subscriber] = $users->getUserDetails($subscriber);
}
}
}
$mailsubscribers['ungroupped'] = ['groupusers' => $allusers];
if (count($mailsubscribers) > 0 && count($groupspref) > 0) {
$messageSubscribers = implode(',', $groupspref);
if (count($mailsubscribers['ungroupped']['groupusers']) > 0) {
$messageSubscribers .= ',' . implode(',', array_keys($mailsubscribers['ungroupped']['groupusers']));
}
} else {
$messageSubscribers = implode(',', array_keys($mailsubscribers['ungroupped']['groupusers']));
}
$messagedata = array('rid' => $talkid, 'date' => date("Y-m-d h:i:s"), 'title' => Helper::checkTxt($text), 'text' => '', 'author' => $this->userId, 'subscribers' => $messageSubscribers, 'hash' => isset($talk['hash']) && !empty($talk['hash']) ? $talk['hash'] : md5(date("Y-m-d h:i:s") . '' . $text), 'status' => 0);
$messages = $this->connect->messages();
$saved = $messages->save($messagedata);
//$saved = 1;
if ($saved) {
foreach ($subscribers as $s => $subscriber) {
if (is_string($subscriber) && !empty($subscriber)) {
$usermessagedata = ['uid' => $subscriber, 'mid' => $saved, 'status' => 0];
$usermessages->save($usermessagedata);
}
}
$sent = $this->sendMessage($saved, $mailsubscribers, $this->userId, $messagedata);
foreach ($mailsubscribers as $m => $ms) {
if ($m == 'ungroupped') {
$sent = $this->sendMessage($saved, $ms['groupusers'], $this->userId, $messagedata);
} else {
$messagedata['groupsid'] = $ms['grouppref'];
$sent = $this->sendMessage($saved, $ms['groupusers'], $ms['grouppref'], $messagedata);
}
}
$params = array('answerid' => $saved, 'author' => $this->userId, 'date' => date("Y-m-d h:i:s"), 'title' => Helper::checkTxt($text), 'sent' => $sent, 'appname' => $this->appName);
} else {
$params = array('title' => Helper::checkTxt($text));
}
$view = Helper::renderPartial($this->appName, 'api.addanswer', $params);
$params = array('user' => $this->userId, 'view' => $view, 'requesttoken' => !\OC_Util::isCallRegistered() ? '' : \OC_Util::callRegister());
return new DataResponse($params);
}
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
OC_Util::checkAdminUser();
OC_Util::isCallRegistered();
$params = array('redmine_db_host', 'redmine_db_port', 'redmine_db_user', 'redmine_db_password', 'redmine_db_name', 'redmine_db_driver');
if ($_POST) {
foreach ($params as $param) {
if (isset($_POST[$param])) {
OC_Appconfig::setValue('user_redmine', $param, $_POST[$param]);
}
}
}
// fill template
$tmpl = new OC_Template('user_redmine', 'settings');
foreach ($params as $param) {
$default = '';
if ($param == 'redmine_db_driver') {
$default = 'mysql';
}
/**
* Checks if the CSRF check was correct
* @return bool true if CSRF check passed
*/
public function passesCSRFCheck()
{
# TODO: use public api
return \OC_Util::isCallRegistered();
}
