public function testGetCsp()
{
$policy = new Http\ContentSecurityPolicy();
$policy->allowInlineScript(true);
$this->childResponse->setContentSecurityPolicy($policy);
$this->assertEquals($policy, $this->childResponse->getContentSecurityPolicy());
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$status = $this->statusService->getStatus();
$response = new TemplateResponse($this->appName, 'index', ['cronWarning' => $status['warnings']['improperlyConfiguredCron']]);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*')->addAllowedMediaDomain('*')->addAllowedConnectDomain('*')->addAllowedFrameDomain('https://youtube.com')->addAllowedFrameDomain('https://www.youtube.com')->addAllowedFrameDomain('https://player.vimeo.com')->addAllowedFrameDomain('https://www.player.vimeo.com');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$params = array('user' => $this->userId);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('data:');
$response = new TemplateResponse('ownnote', 'main', $params);
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$bookmarkleturl = $this->urlgenerator->getAbsoluteURL('index.php/apps/bookmarks/bookmarklet');
$params = array('user' => $this->userId, 'bookmarkleturl' => $bookmarkleturl);
$policy = new ContentSecurityPolicy();
$policy->addAllowedFrameDomain("'self'");
$response = new TemplateResponse('bookmarks', 'main', $params);
$response->setContentSecurityPolicy($policy);
return $response;
}
public function testShowPdfViewer()
{
$params = ['urlGenerator' => $this->urlGenerator];
$expectedResponse = new TemplateResponse($this->appName, 'viewer', $params, 'blank');
$policy = new ContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('\'self\'');
$policy->addAllowedFontDomain('data:');
$expectedResponse->setContentSecurityPolicy($policy);
$this->assertEquals($expectedResponse, $this->controller->showPdfViewer());
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showPdfViewer()
{
$params = ['urlGenerator' => $this->urlGenerator];
$response = new TemplateResponse($this->appName, 'viewer', $params, 'blank');
$policy = new ContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('\'self\'');
$policy->addAllowedFontDomain('data:');
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* @NoCSRFRequired
* @return TemplateResponse
*/
public function viewApps()
{
$params = [];
$params['experimentalEnabled'] = $this->config->getSystemValue('appstore.experimental.enabled', false);
$this->navigationManager->setActiveEntry('core_apps');
$templateResponse = new TemplateResponse($this->appName, 'apps', $params, 'user');
$policy = new ContentSecurityPolicy();
$policy->addAllowedImageDomain('https://apps.owncloud.com');
$templateResponse->setContentSecurityPolicy($policy);
return $templateResponse;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function webRTC()
{
$params = [];
$response = new TemplateResponse(Settings::APP_ID, 'webrtc', $params);
// Allow to embed iframes
$csp = new ContentSecurityPolicy();
//$csp->addAllowedFrameDomain('*');
$csp->addAllowedFrameDomain(implode(' ', Security::getAllowedIframeDomains()));
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
*/
public function webRTC()
{
$params = ['is_guest' => $this->userid === null];
$response = new TemplateResponse(Settings::APP_ID, 'webrtc', $params, $this->userid === null ? 'empty' : 'user');
// Allow to embed iframes
$csp = new ContentSecurityPolicy();
//$csp->addAllowedFrameDomain('*');
$csp->addAllowedFrameDomain(implode(' ', Security::getAllowedIframeDomains()));
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$params = array('user' => $this->userId);
$response = new TemplateResponse('ownmnote', 'main', $params);
$ocVersion = \OCP\Util::getVersion();
if ($ocVersion[0] > 8 || $ocVersion[0] == 8 && $ocVersion[1] >= 1) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('data:');
$response->setContentSecurityPolicy($csp);
}
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
if (substr(\OC_Util::getHumanVersion(), 0, 3) != '8.0') {
// OC >= 8.1
$response = new TemplateResponse('passwords', 'main');
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('https://icons.duckduckgo.com');
$csp->addAllowedImageDomain('https://www.google.com');
$response->setContentSecurityPolicy($csp);
return $response;
} else {
// OC =< 8.0.4
return new TemplateResponse('passwords', 'main');
}
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function index()
{
$lastViewedNote = (int) $this->settings->getUserValue($this->userId, $this->appName, 'notesLastViewedNote');
// check if note exists
try {
$this->notesService->get($lastViewedNote, $this->userId);
} catch (NoteDoesNotExistException $ex) {
$lastViewedNote = 0;
}
$response = new TemplateResponse($this->appName, 'main', ['lastViewedNote' => $lastViewedNote]);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$response->setContentSecurityPolicy($csp);
return $response;
}
public function testGetPolicyDisallowChildSrcDomainMultipleStakes()
{
$expectedPolicy = "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$conf = \OCP\CONFIG::getUserValue(\OCP\User::getUser(), 'firstpassmanrun', 'show', 1);
$params = array('user' => $this->userId);
$conf = $this->userId === 'test' ? 1 : $conf;
if ($conf == 1) {
\OCP\Util::addscript('passman', 'firstrun');
$exampleItems = array();
$exampleItems[0] = array('label' => 'Item 1', 'tags' => array(array('text' => 'Example tag'), array('text' => 'Example tag 2')));
$exampleItems[1] = array('label' => 'Item 2', 'tags' => array(array('text' => 'Example tag 2'), array('text' => 'Example tag 3')));
foreach ($exampleItems as $key => $val) {
$this->itemAPI->create('', '', '', '', '', $val['label'], '', '', '', '', $val['tags'], array());
}
}
$response = new TemplateResponse('passman', 'main', $params);
$csp = new ContentSecurityPolicy();
$csp->addAllowedObjectDomain('\'self\'');
$csp->addAllowedImageDomain('data:');
$response->setContentSecurityPolicy($csp);
return $response;
// templates/main.php
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
\OC::$server->getNavigationManager()->setActiveEntry('documents_index');
$maxUploadFilesize = \OCP\Util::maxUploadFilesize("/");
$response = new TemplateResponse('documents', 'documents', ['enable_previews' => $this->settings->getSystemValue('enable_previews', true), 'useUnstable' => $this->settings->getAppValue('documents', 'unstable', 'false'), 'savePath' => $this->settings->getUserValue($this->uid, 'documents', 'save_path', '/'), 'uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'allowShareWithLink' => $this->settings->getAppValue('core', 'shareapi_allow_links', 'yes')]);
$policy = new ContentSecurityPolicy();
//$policy->addAllowedChildSrcDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\'');
$policy->addAllowedScriptDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\'');
$policy->addAllowedFrameDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\'');
$policy->addAllowedConnectDomain('ws://' . $_SERVER['SERVER_NAME'] . ':9980');
$policy->addAllowedImageDomain('*');
$policy->allowInlineScript(true);
$policy->addAllowedFontDomain('data:');
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showPad($file, $dir)
{
/* Retrieve file content to find pad’s URL */
$content = \OC\Files\Filesystem::file_get_contents($dir . "/" . $file);
preg_match('/URL=(.*)$/', $content, $matches);
$url = $matches[1];
$title = $file;
/* Not totally sure that this is the right way to proceed…
*
* First we decode the URL (to avoid double encode), then we
* replace spaces with underscore (as they are converted as
* such by Etherpad), then we encode the URL properly (and we
* avoid to urlencode() the protocol scheme).
*
* Magic urlencode() function was stolen from this answer on
* StackOverflow: <http://stackoverflow.com/a/7974253>.
*/
$url = urldecode($url);
$url = str_replace(' ', '_', $url);
$url = preg_replace_callback('#://([^/]+)/([^?]+)#', function ($match) {
return '://' . $match[1] . '/' . join('/', array_map('rawurlencode', explode('/', $match[2])));
}, $url);
$params = ['urlGenerator' => $this->urlGenerator, 'url' => $url, 'title' => $title];
$response = new TemplateResponse($this->appName, 'viewer', $params, 'blank');
/* Allow Etherpad and Ethercalc domains to the
* Content-Security-frame- list.
*
* This feature was introduced in ownCloud 8.1.
*/
$policy = new ContentSecurityPolicy();
$appConfig = \OC::$server->getAppConfig();
$policy->addAllowedFrameDomain($appConfig->getValue('ownpad', 'ownpad_etherpad_host', ''));
$policy->addAllowedFrameDomain($appConfig->getValue('ownpad', 'ownpad_ethercalc_host', ''));
$response->setContentSecurityPolicy($policy);
return $response;
}
public function testConfigureStacked() {
$expectedPolicy = "default-src 'none';script-src 'self' script.owncloud.org;style-src 'self' style.owncloud.org;img-src 'self' img.owncloud.org;font-src 'self' font.owncloud.org;connect-src 'self' connect.owncloud.org;media-src 'self' media.owncloud.org;object-src objects.owncloud.org;frame-src frame.owncloud.org;child-src child.owncloud.org";
$this->contentSecurityPolicy->allowInlineStyle(false)
->allowEvalScript(false)
->addAllowedScriptDomain('script.owncloud.org')
->addAllowedStyleDomain('style.owncloud.org')
->addAllowedFontDomain('font.owncloud.org')
->addAllowedImageDomain('img.owncloud.org')
->addAllowedConnectDomain('connect.owncloud.org')
->addAllowedMediaDomain('media.owncloud.org')
->addAllowedObjectDomain('objects.owncloud.org')
->addAllowedChildSrcDomain('child.owncloud.org')
->addAllowedFrameDomain('frame.owncloud.org');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showReader()
{
$params = ['urlGenerator' => $this->urlGenerator];
$response = new TemplateResponse($this->appName, 'reader', $params, 'blank');
$csp = new ContentSecurityPolicy();
$csp->addAllowedChildSrcDomain('\'self\'');
$csp->addAllowedFrameDomain('\'self\'');
$csp->addAllowedStyleDomain('blob:');
$csp->addAllowedImageDomain('blob:');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @param int $accountId
* @param string $folderId
* @param string $messageId
* @return \OCA\Mail\Http\HtmlResponse
*/
public function getHtmlBody($accountId, $folderId, $messageId)
{
try {
$mailBox = $this->getFolder($accountId, $folderId);
$m = $mailBox->getMessage($messageId, true);
$html = $m->getHtmlBody($accountId, $folderId, $messageId, function ($cid) use($m) {
$match = array_filter($m->attachments, function ($a) use($cid) {
return $a['cid'] === $cid;
});
$match = array_shift($match);
if (is_null($match)) {
return null;
}
return $match['id'];
});
$htmlResponse = new HtmlResponse($html);
// Harden the default security policy
// FIXME: Remove once ownCloud 8.1 is a requirement for the mail app
if (class_exists('\\OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$policy = new ContentSecurityPolicy();
$policy->allowEvalScript(false);
$policy->disallowScriptDomain('\'self\'');
$policy->disallowConnectDomain('\'self\'');
$policy->disallowFontDomain('\'self\'');
$policy->disallowMediaDomain('\'self\'');
$htmlResponse->setContentSecurityPolicy($policy);
}
// Enable caching
$htmlResponse->cacheFor(60 * 60);
$htmlResponse->addHeader('Pragma', 'cache');
return $htmlResponse;
} catch (\Exception $ex) {
return new TemplateResponse($this->appName, 'error', ['message' => $ex->getMessage()], 'none');
}
}
/**
* Adds the domain "data:" to the allowed image domains
* this function is called by reference
*
* @param TemplateResponse $response
*/
private function addContentSecurityToResponse($response)
{
$csp = new Http\ContentSecurityPolicy();
$csp->addAllowedFontDomain("data:");
$response->setContentSecurityPolicy($csp);
}
/**
* CAUTION: the @Stuff turns off security checks; for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$uploadLimit = Util::uploadLimit();
$params = ['user' => $this->userId, 'uploadLimit' => $uploadLimit];
/** @var ContentSecurityPolicy $csp */
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
/** @var TemplateResponse $response */
if (isset($_SESSION['targetType']) && $_SESSION['targetType'] == TargetType::PROJECT) {
$response = new TemplateResponse('pkdrive', 'container', $params);
} else {
$response = new TemplateResponse('pkdrive', 'target', $params);
}
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$wopiRemote = $this->appConfig->getAppValue('wopi_url');
if (($parts = parse_url($wopiRemote)) && isset($parts['scheme']) && isset($parts['host'])) {
$webSocketProtocol = "ws://";
if ($parts['scheme'] == "https") {
$webSocketProtocol = "wss://";
}
$webSocket = sprintf("%s%s%s", $webSocketProtocol, $parts['host'], isset($parts['port']) ? ":" . $parts['port'] : "");
} else {
return $this->responseError($this->l10n->t('Collabora Online: Invalid URL "%s".', array($wopiRemote)), $this->l10n->t('Please ask your administrator to check the Collabora Online server setting.'));
}
\OC::$server->getNavigationManager()->setActiveEntry('richdocuments_index');
$maxUploadFilesize = \OCP\Util::maxUploadFilesize("/");
$response = new TemplateResponse('richdocuments', 'documents', ['enable_previews' => $this->settings->getSystemValue('enable_previews', true), 'uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'allowShareWithLink' => $this->settings->getAppValue('core', 'shareapi_allow_links', 'yes'), 'wopi_url' => $webSocket]);
$policy = new ContentSecurityPolicy();
$policy->addAllowedScriptDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $wopiRemote);
/* frame-src is deprecated on Firefox, but Safari wants it! */
$policy->addAllowedFrameDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $wopiRemote);
$policy->addAllowedChildSrcDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $wopiRemote);
$policy->addAllowedConnectDomain($webSocket);
$policy->addAllowedImageDomain('*');
$policy->allowInlineScript(true);
$policy->addAllowedFontDomain('data:');
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
* @param string $path
* @return TemplateResponse|RedirectResponse
*/
public function showShare($token, $path = '')
{
\OC_User::setIncognitoMode(true);
// Check whether share exists
$linkItem = Share::getShareByToken($token, false);
if ($linkItem === false) {
return new NotFoundResponse();
}
$shareOwner = $linkItem['uid_owner'];
$originalSharePath = $this->getPath($token);
// Share is password protected - check whether the user is permitted to access the share
if (isset($linkItem['share_with']) && !Helper::authenticate($linkItem)) {
return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', array('token' => $token)));
}
if (Filesystem::isReadable($originalSharePath . $path)) {
$getPath = Filesystem::normalizePath($path);
$originalSharePath .= $path;
} else {
throw new OCP\Files\NotFoundException();
}
$file = basename($originalSharePath);
$shareTmpl = [];
$shareTmpl['displayName'] = User::getDisplayName($shareOwner);
$shareTmpl['filename'] = $file;
$shareTmpl['directory_path'] = $linkItem['file_target'];
$shareTmpl['mimetype'] = Filesystem::getMimeType($originalSharePath);
$shareTmpl['previewSupported'] = \OC::$server->getPreviewManager()->isMimeSupported($shareTmpl['mimetype']);
$shareTmpl['dirToken'] = $linkItem['token'];
$shareTmpl['sharingToken'] = $token;
$shareTmpl['server2serversharing'] = Helper::isOutgoingServer2serverShareEnabled();
$shareTmpl['protected'] = isset($linkItem['share_with']) ? 'true' : 'false';
$shareTmpl['dir'] = '';
$nonHumanFileSize = \OC\Files\Filesystem::filesize($originalSharePath);
$shareTmpl['nonHumanFileSize'] = $nonHumanFileSize;
$shareTmpl['fileSize'] = \OCP\Util::humanFileSize($nonHumanFileSize);
// Show file list
if (Filesystem::is_dir($originalSharePath)) {
$shareTmpl['dir'] = $getPath;
$maxUploadFilesize = Util::maxUploadFilesize($originalSharePath);
$freeSpace = Util::freeSpace($originalSharePath);
$uploadLimit = Util::uploadLimit();
$folder = new Template('files', 'list', '');
$folder->assign('dir', $getPath);
$folder->assign('dirToken', $linkItem['token']);
$folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
$folder->assign('isPublic', true);
$folder->assign('publicUploadEnabled', 'no');
$folder->assign('uploadMaxFilesize', $maxUploadFilesize);
$folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$folder->assign('freeSpace', $freeSpace);
$folder->assign('uploadLimit', $uploadLimit);
// PHP upload limit
$folder->assign('usedSpacePercent', 0);
$folder->assign('trash', false);
$shareTmpl['folder'] = $folder->fetchPage();
}
$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token));
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
$csp = new OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showLibreOnline()
{
$params = ['urlGenerator' => $this->urlGenerator];
$response = new TemplateResponse($this->appName, 'online', $params, 'blank');
$policy = new ContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('*');
$policy->addAllowedScriptDomain("*");
$policy->addAllowedConnectDomain("*");
$policy->addAllowedStyleDomain("*");
$policy->addAllowedMediaDomain("*");
$policy->addAllowedFontDomain('*');
$policy->addAllowedImageDomain('*');
$policy->addAllowedFrameDomain('*');
$policy->addAllowedObjectDomain('*');
$policy->allowInlineScript(True);
$policy->allowInlineStyle(True);
$policy->allowEvalScript(True);
$response->setContentSecurityPolicy($policy);
return $response;
}
public function testIndexWithRegularBrowser()
{
$this->request->expects($this->once())->method('isUserAgent')->with(['/MSIE 8.0/'])->will($this->returnValue(false));
$this->viewController->expects($this->once())->method('getStorageInfo')->will($this->returnValue(['relative' => 123, 'owner' => 'MyName', 'ownerDisplayName' => 'MyDisplayName']));
$this->config->expects($this->any())->method('getAppValue')->will($this->returnArgument(2));
$nav = new Template('files', 'appnavigation');
$nav->assign('navigationItems', [0 => ['id' => 'files', 'appname' => 'files', 'script' => 'list.php', 'order' => 0, 'name' => new \OC_L10N_String(new \OC_L10N('files'), 'All files', []), 'active' => false, 'icon' => ''], 1 => ['id' => 'favorites', 'appname' => 'files', 'script' => 'simplelist.php', 'order' => 5, 'name' => null, 'active' => false, 'icon' => ''], 2 => ['id' => 'sharingin', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 10, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared with you', []), 'active' => false, 'icon' => ''], 3 => ['id' => 'sharingout', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 15, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared with others', []), 'active' => false, 'icon' => ''], 4 => ['id' => 'sharinglinks', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 20, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared by link', []), 'active' => false, 'icon' => ''], 5 => ['id' => 'trashbin', 'appname' => 'files_trashbin', 'script' => 'list.php', 'order' => 50, 'name' => new \OC_L10N_String(new \OC_L10N('files_trashbin'), 'Deleted files', []), 'active' => false, 'icon' => '']]);
$expected = new Http\TemplateResponse('files', 'index', ['usedSpacePercent' => 123, 'owner' => 'MyName', 'ownerDisplayName' => 'MyDisplayName', 'isPublic' => false, 'mailNotificationEnabled' => 'no', 'mailPublicNotificationEnabled' => 'no', 'allowShareWithLink' => 'yes', 'appNavigation' => $nav, 'appContents' => [0 => ['id' => 'files', 'content' => null], 1 => ['id' => 'favorites', 'content' => null], 2 => ['id' => 'sharingin', 'content' => null], 3 => ['id' => 'sharingout', 'content' => null], 4 => ['id' => 'sharinglinks', 'content' => null], 5 => ['id' => 'trashbin', 'content' => null]]]);
$policy = new Http\ContentSecurityPolicy();
$policy->addAllowedFrameDomain('\'self\'');
$expected->setContentSecurityPolicy($policy);
$this->assertEquals($expected, $this->viewController->index('MyDir', 'MyView'));
}
/**
* @NoCSRFRequired
* @NoAdminRequired
*
* @param string $dir
* @param string $view
* @return TemplateResponse
* @throws \OCP\Files\NotFoundException
*/
public function index($dir = '', $view = '')
{
$nav = new \OCP\Template('files', 'appnavigation', '');
// Load the files we need
\OCP\Util::addStyle('files', 'files');
\OCP\Util::addStyle('files', 'upload');
\OCP\Util::addStyle('files', 'mobile');
\OCP\Util::addscript('files', 'app');
\OCP\Util::addscript('files', 'file-upload');
\OCP\Util::addscript('files', 'newfilemenu');
\OCP\Util::addscript('files', 'jquery.iframe-transport');
\OCP\Util::addscript('files', 'jquery.fileupload');
\OCP\Util::addscript('files', 'jquery-visibility');
\OCP\Util::addscript('files', 'fileinfomodel');
\OCP\Util::addscript('files', 'filesummary');
\OCP\Util::addscript('files', 'breadcrumb');
\OCP\Util::addscript('files', 'filelist');
\OCP\Util::addscript('files', 'search');
\OCP\Util::addScript('files', 'favoritesfilelist');
\OCP\Util::addScript('files', 'tagsplugin');
\OCP\Util::addScript('files', 'favoritesplugin');
\OCP\Util::addScript('files', 'detailfileinfoview');
\OCP\Util::addScript('files', 'detailtabview');
\OCP\Util::addScript('files', 'mainfileinfodetailview');
\OCP\Util::addScript('files', 'detailsview');
\OCP\Util::addStyle('files', 'detailsView');
\OC_Util::addVendorScript('core', 'handlebars/handlebars');
\OCP\Util::addscript('files', 'fileactions');
\OCP\Util::addscript('files', 'fileactionsmenu');
\OCP\Util::addscript('files', 'files');
\OCP\Util::addscript('files', 'keyboardshortcuts');
\OCP\Util::addscript('files', 'navigation');
// if IE8 and "?dir=path&view=someview" was specified, reformat the URL to use a hash like "#?dir=path&view=someview"
$isIE8 = $this->request->isUserAgent([Request::USER_AGENT_IE_8]);
if ($isIE8 && ($dir !== '' || $view !== '')) {
$dir = !empty($dir) ? $dir : '/';
$view = !empty($view) ? $view : 'files';
$hash = '#?dir=' . \OCP\Util::encodePath($dir);
if ($view !== 'files') {
$hash .= '&view=' . urlencode($view);
}
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index') . $hash);
}
// mostly for the home storage's free space
// FIXME: Make non static
$storageInfo = $this->getStorageInfo();
\OCA\Files\App::getNavigationManager()->add(['id' => 'favorites', 'appname' => 'files', 'script' => 'simplelist.php', 'order' => 5, 'name' => $this->l10n->t('Favorites')]);
$navItems = \OCA\Files\App::getNavigationManager()->getAll();
usort($navItems, function ($item1, $item2) {
return $item1['order'] - $item2['order'];
});
$nav->assign('navigationItems', $navItems);
$contentItems = [];
// render the container content for every navigation item
foreach ($navItems as $item) {
$content = '';
if (isset($item['script'])) {
$content = $this->renderScript($item['appname'], $item['script']);
}
$contentItem = [];
$contentItem['id'] = $item['id'];
$contentItem['content'] = $content;
$contentItems[] = $contentItem;
}
$this->eventDispatcher->dispatch('OCA\\Files::loadAdditionalScripts');
$params = [];
$params['usedSpacePercent'] = (int) $storageInfo['relative'];
$params['owner'] = $storageInfo['owner'];
$params['ownerDisplayName'] = $storageInfo['ownerDisplayName'];
$params['isPublic'] = false;
$params['mailNotificationEnabled'] = $this->config->getAppValue('core', 'shareapi_allow_mail_notification', 'no');
$params['mailPublicNotificationEnabled'] = $this->config->getAppValue('core', 'shareapi_allow_public_notification', 'no');
$params['allowShareWithLink'] = $this->config->getAppValue('core', 'shareapi_allow_links', 'yes');
$params['appNavigation'] = $nav;
$params['appContents'] = $contentItems;
$this->navigationManager->setActiveEntry('files_index');
$response = new TemplateResponse($this->appName, 'index', $params);
$policy = new ContentSecurityPolicy();
$policy->addAllowedFrameDomain('\'self\'');
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
* @param string $path
* @return TemplateResponse|RedirectResponse
* @throws NotFoundException
*/
public function showShare($token, $path = '')
{
\OC_User::setIncognitoMode(true);
// Check whether share exists
try {
$share = $this->shareManager->getShareByToken($token);
} catch (\OC\Share20\Exception\ShareNotFound $e) {
return new NotFoundResponse();
}
// Share is password protected - check whether the user is permitted to access the share
if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', array('token' => $token)));
}
// We can't get the path of a file share
if ($share->getNode() instanceof \OCP\Files\File && $path !== '') {
throw new NotFoundException();
}
$rootFolder = null;
if ($share->getNode() instanceof \OCP\Files\Folder) {
/** @var \OCP\Files\Folder $rootFolder */
$rootFolder = $share->getNode();
try {
$path = $rootFolder->get($path);
} catch (\OCP\Files\NotFoundException $e) {
throw new NotFoundException();
}
}
$shareTmpl = [];
$shareTmpl['displayName'] = $share->getShareOwner()->getDisplayName();
$shareTmpl['owner'] = $share->getShareOwner()->getUID();
$shareTmpl['filename'] = $share->getNode()->getName();
$shareTmpl['directory_path'] = $share->getTarget();
$shareTmpl['mimetype'] = $share->getNode()->getMimetype();
$shareTmpl['previewSupported'] = $this->previewManager->isMimeSupported($share->getNode()->getMimetype());
$shareTmpl['dirToken'] = $token;
$shareTmpl['sharingToken'] = $token;
$shareTmpl['server2serversharing'] = Helper::isOutgoingServer2serverShareEnabled();
$shareTmpl['protected'] = $share->getPassword() !== null ? 'true' : 'false';
$shareTmpl['dir'] = '';
$shareTmpl['nonHumanFileSize'] = $share->getNode()->getSize();
$shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize());
// Show file list
if ($share->getNode() instanceof \OCP\Files\Folder) {
$shareTmpl['dir'] = $rootFolder->getRelativePath($path->getPath());
/*
* The OC_Util methods require a view. This just uses the node API
*/
$freeSpace = $share->getNode()->getStorage()->free_space($share->getNode()->getInternalPath());
if ($freeSpace !== \OCP\Files\FileInfo::SPACE_UNKNOWN) {
$freeSpace = max($freeSpace, 0);
} else {
$freeSpace = INF > 0 ? INF : PHP_INT_MAX;
// work around https://bugs.php.net/bug.php?id=69188
}
$uploadLimit = Util::uploadLimit();
$maxUploadFilesize = min($freeSpace, $uploadLimit);
$folder = new Template('files', 'list', '');
$folder->assign('dir', $rootFolder->getRelativePath($path->getPath()));
$folder->assign('dirToken', $token);
$folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
$folder->assign('isPublic', true);
$folder->assign('publicUploadEnabled', 'no');
$folder->assign('uploadMaxFilesize', $maxUploadFilesize);
$folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$folder->assign('freeSpace', $freeSpace);
$folder->assign('uploadLimit', $uploadLimit);
// PHP upload limit
$folder->assign('usedSpacePercent', 0);
$folder->assign('trash', false);
$shareTmpl['folder'] = $folder->fetchPage();
}
$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token));
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
$shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
$csp = new OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoCSRFRequired
* @param string $category
* @return TemplateResponse
*/
public function viewApps($category = '')
{
$categoryId = $this->getCategory($category);
if ($categoryId === self::CAT_ENABLED) {
// Do not use an arbitrary input string, because we put the category in html
$category = 'enabled';
}
$params = [];
$params['experimentalEnabled'] = $this->config->getSystemValue('appstore.experimental.enabled', false);
$params['category'] = $category;
$params['appstoreEnabled'] = $this->config->getSystemValue('appstoreenabled', true) === true;
$this->navigationManager->setActiveEntry('core_apps');
$templateResponse = new TemplateResponse($this->appName, 'apps', $params, 'user');
$policy = new ContentSecurityPolicy();
$policy->addAllowedImageDomain('https://apps.owncloud.com');
$templateResponse->setContentSecurityPolicy($policy);
return $templateResponse;
}
public function testViewApps() {
$this->config
->expects($this->once())
->method('getSystemValue')
->with('appstore.experimental.enabled', false);
$this->navigationManager
->expects($this->once())
->method('setActiveEntry')
->with('core_apps');
$policy = new ContentSecurityPolicy();
$policy->addAllowedImageDomain('https://apps.owncloud.com');
$expected = new TemplateResponse('settings', 'apps', ['experimentalEnabled' => false], 'user');
$expected->setContentSecurityPolicy($policy);
$this->assertEquals($expected, $this->appSettingsController->viewApps());
}
