/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
\OCP\Util::addscript('core', 'tags');
\OCP\Util::addStyle($this->appName, 'style');
\OCP\Util::addStyle($this->appName, 'jquery.Jcrop');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/animation');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/fontello');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.webui-popover');
\OCP\Util::addscript($this->appName, 'app');
\OCP\Util::addscript($this->appName, '3rdparty/jquery.webui-popover');
\OCP\Util::addscript($this->appName, 'settings');
\OCP\Util::addscript($this->appName, 'loader');
\OCP\Util::addscript($this->appName, 'jquery.scrollTo.min');
\OCP\Util::addscript($this->appName, 'jquery.nicescroll.min');
\OCP\Util::addscript('files', 'jquery.fileupload');
\OCP\Util::addscript($this->appName, 'jquery.Jcrop');
$iosSupport = $this->configInfo->getUserValue($this->userId, $this->appName, 'iossupport');
$maxUploadFilesize = \OCP\Util::maxUploadFilesize('/');
$addressbooks = Addressbook::all($this->userId);
if (count($addressbooks) == 0) {
Addressbook::addDefault($this->userId);
$addressbooks = Addressbook::all($this->userId);
}
//ContactsApp::addingDummyContacts(50);
$params = ['uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'iossupport' => $iosSupport, 'addressbooks' => $addressbooks];
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$csp->addAllowedFrameDomain('*');
$response = new TemplateResponse($this->appName, 'index');
$response->setContentSecurityPolicy($csp);
$response->setParams($params);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$status = $this->statusService->getStatus();
$response = new TemplateResponse($this->appName, 'index', ['cronWarning' => $status['warnings']['improperlyConfiguredCron']]);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*')->addAllowedMediaDomain('*')->addAllowedConnectDomain('*')->addAllowedFrameDomain('https://youtube.com')->addAllowedFrameDomain('https://www.youtube.com')->addAllowedFrameDomain('https://player.vimeo.com')->addAllowedFrameDomain('https://www.player.vimeo.com');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$params = array('user' => $this->userId);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('data:');
$response = new TemplateResponse('ownnote', 'main', $params);
$response->setContentSecurityPolicy($csp);
return $response;
}
public function testShowPdfViewer()
{
$params = ['urlGenerator' => $this->urlGenerator];
$expectedResponse = new TemplateResponse($this->appName, 'viewer', $params, 'blank');
$policy = new ContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('\'self\'');
$policy->addAllowedFontDomain('data:');
$expectedResponse->setContentSecurityPolicy($policy);
$this->assertEquals($expectedResponse, $this->controller->showPdfViewer());
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showPdfViewer()
{
$params = ['urlGenerator' => $this->urlGenerator];
$response = new TemplateResponse($this->appName, 'viewer', $params, 'blank');
$policy = new ContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('\'self\'');
$policy->addAllowedFontDomain('data:');
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$bookmarkleturl = $this->urlgenerator->getAbsoluteURL('index.php/apps/bookmarks/bookmarklet');
$params = array('user' => $this->userId, 'bookmarkleturl' => $bookmarkleturl);
$policy = new ContentSecurityPolicy();
$policy->addAllowedFrameDomain("'self'");
$response = new TemplateResponse('bookmarks', 'main', $params);
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function webRTC()
{
$params = [];
$response = new TemplateResponse(Settings::APP_ID, 'webrtc', $params);
// Allow to embed iframes
$csp = new ContentSecurityPolicy();
//$csp->addAllowedFrameDomain('*');
$csp->addAllowedFrameDomain(implode(' ', Security::getAllowedIframeDomains()));
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoCSRFRequired
* @return TemplateResponse
*/
public function viewApps()
{
$params = [];
$params['experimentalEnabled'] = $this->config->getSystemValue('appstore.experimental.enabled', false);
$this->navigationManager->setActiveEntry('core_apps');
$templateResponse = new TemplateResponse($this->appName, 'apps', $params, 'user');
$policy = new ContentSecurityPolicy();
$policy->addAllowedImageDomain('https://apps.owncloud.com');
$templateResponse->setContentSecurityPolicy($policy);
return $templateResponse;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
*/
public function webRTC()
{
$params = ['is_guest' => $this->userid === null];
$response = new TemplateResponse(Settings::APP_ID, 'webrtc', $params, $this->userid === null ? 'empty' : 'user');
// Allow to embed iframes
$csp = new ContentSecurityPolicy();
//$csp->addAllowedFrameDomain('*');
$csp->addAllowedFrameDomain(implode(' ', Security::getAllowedIframeDomains()));
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
*/
public function cropPhoto()
{
$id = $this->params('id');
$tmpkey = $this->params('tmpkey');
$params = array('tmpkey' => $tmpkey, 'id' => $id);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('data:');
$response = new TemplateResponse($this->appName, 'part.cropphoto', $params, '');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @return TemplateResponse renders the index page
*/
public function index()
{
$response = new TemplateResponse($this->appName, 'index', []);
// set csp rules for ownCloud 8.1
if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$response->setContentSecurityPolicy($csp);
}
return $response;
}
public function testIndex()
{
$expected = new TemplateResponse($this->appName, 'index', []);
// set csp rules for ownCloud 8.1
if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$expected->setContentSecurityPolicy($csp);
}
$response = $this->controller->index();
$this->assertEquals($expected, $response);
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$params = array('user' => $this->userId);
$response = new TemplateResponse('ownmnote', 'main', $params);
$ocVersion = \OCP\Util::getVersion();
if ($ocVersion[0] > 8 || $ocVersion[0] == 8 && $ocVersion[1] >= 1) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('data:');
$response->setContentSecurityPolicy($csp);
}
return $response;
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showReader()
{
$params = ['urlGenerator' => $this->urlGenerator];
$response = new TemplateResponse($this->appName, 'reader', $params, 'blank');
$csp = new ContentSecurityPolicy();
$csp->addAllowedChildSrcDomain('\'self\'');
$csp->addAllowedFrameDomain('\'self\'');
$csp->addAllowedStyleDomain('blob:');
$csp->addAllowedImageDomain('blob:');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
if (\OC::$server->getAppManager()->isEnabledForUser('calendarplus')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain(':data');
$config = \OC::$server->getConfig();
$response = new TemplateResponse($this->appName, 'index');
$response->setParams(array('allowShareWithLink' => $config->getAppValue('core', 'shareapi_allow_links', 'yes'), 'mailNotificationEnabled' => $config->getAppValue('core', 'shareapi_allow_mail_notification', 'no'), 'mailPublicNotificationEnabled' => $config->getAppValue('core', 'shareapi_allow_public_notification', 'no'), 'appname' => TasksApp::$appname, 'calappname' => CalendarApp::$appname));
$response->setContentSecurityPolicy($csp);
} else {
\OCP\Util::addStyle($this->appName, 'style');
$response = new TemplateResponse($this->appName, 'no-calendar-app');
}
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function index()
{
$lastViewedNote = (int) $this->settings->getUserValue($this->userId, $this->appName, 'notesLastViewedNote');
// check if note exists
try {
$this->notesService->get($lastViewedNote, $this->userId);
} catch (NoteDoesNotExistException $ex) {
$lastViewedNote = 0;
}
$response = new TemplateResponse($this->appName, 'main', ['lastViewedNote' => $lastViewedNote]);
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
if (substr(\OC_Util::getHumanVersion(), 0, 3) != '8.0') {
// OC >= 8.1
$response = new TemplateResponse('passwords', 'main');
$csp = new ContentSecurityPolicy();
$csp->addAllowedImageDomain('https://icons.duckduckgo.com');
$csp->addAllowedImageDomain('https://www.google.com');
$response->setContentSecurityPolicy($csp);
return $response;
} else {
// OC =< 8.0.4
return new TemplateResponse('passwords', 'main');
}
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
\OC::$server->getNavigationManager()->setActiveEntry('documents_index');
$maxUploadFilesize = \OCP\Util::maxUploadFilesize("/");
$response = new TemplateResponse('documents', 'documents', ['enable_previews' => $this->settings->getSystemValue('enable_previews', true), 'useUnstable' => $this->settings->getAppValue('documents', 'unstable', 'false'), 'savePath' => $this->settings->getUserValue($this->uid, 'documents', 'save_path', '/'), 'uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'allowShareWithLink' => $this->settings->getAppValue('core', 'shareapi_allow_links', 'yes')]);
$policy = new ContentSecurityPolicy();
//$policy->addAllowedChildSrcDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\'');
$policy->addAllowedScriptDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\'');
$policy->addAllowedFrameDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\'');
$policy->addAllowedConnectDomain('ws://' . $_SERVER['SERVER_NAME'] . ':9980');
$policy->addAllowedImageDomain('*');
$policy->allowInlineScript(true);
$policy->addAllowedFontDomain('data:');
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$params = array('user' => $this->userId, 'devices' => $this->deviceMapper->findAll($this->userId));
$response = new TemplateResponse('maps', 'main', $params);
if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
// map tiles
$csp->addAllowedImageDomain('http://*.mqcdn.com');
// marker icons
$csp->addAllowedImageDomain('https://api.tiles.mapbox.com');
// inline images
$csp->addAllowedScriptDomain('data:');
$response->setContentSecurityPolicy($csp);
}
return $response;
// templates/main.php
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showLibreOnline()
{
$params = ['urlGenerator' => $this->urlGenerator];
$response = new TemplateResponse($this->appName, 'online', $params, 'blank');
$policy = new ContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('*');
$policy->addAllowedScriptDomain("*");
$policy->addAllowedConnectDomain("*");
$policy->addAllowedStyleDomain("*");
$policy->addAllowedMediaDomain("*");
$policy->addAllowedFontDomain('*');
$policy->addAllowedImageDomain('*');
$policy->addAllowedFrameDomain('*');
$policy->addAllowedObjectDomain('*');
$policy->allowInlineScript(True);
$policy->allowInlineStyle(True);
$policy->allowEvalScript(True);
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index() {
$status = $this->statusService->getStatus();
$response = new TemplateResponse($this->appName, 'index', [
'cronWarning' => $status['warnings']['improperlyConfiguredCron']
]);
// set csp rules for ownCloud 8.1
if (class_exists('OCP\AppFramework\Http\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$csp->addAllowedMediaDomain('*');
$csp->addAllowedFrameDomain('https://youtube.com');
$csp->addAllowedFrameDomain('https://www.youtube.com');
$csp->addAllowedFrameDomain('https://player.vimeo.com');
$csp->addAllowedFrameDomain('https://www.player.vimeo.com');
$response->setContentSecurityPolicy($csp);
}
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$iosSupport = $this->configInfo->getUserValue($this->userId, $this->appName, 'iossupport');
$activeView = $this->configInfo->getUserValue($this->userId, $this->appName, 'view', 'listview');
$lastSelectedBook = $this->configInfo->getUserValue($this->userId, $this->appName, 'currentbook', 0);
$maxUploadFilesize = \OCP\Util::maxUploadFilesize('/');
$addressbooks = Addressbook::all($this->userId);
if (count($addressbooks) == 0) {
Addressbook::addDefault($this->userId);
$addressbooks = Addressbook::all($this->userId);
}
//ContactsApp::addingDummyContacts(1000);
$params = ['uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'iossupport' => $iosSupport, 'addressbooks' => $addressbooks, 'activeView' => $activeView, 'lastSelectedBook' => $lastSelectedBook];
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$csp->addAllowedFrameDomain('*');
$response = new TemplateResponse($this->appName, 'index');
$response->setContentSecurityPolicy($csp);
$response->setParams($params);
return $response;
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$conf = \OCP\CONFIG::getUserValue(\OCP\User::getUser(), 'firstpassmanrun', 'show', 1);
$params = array('user' => $this->userId);
$conf = $this->userId === 'test' ? 1 : $conf;
if ($conf == 1) {
\OCP\Util::addscript('passman', 'firstrun');
$exampleItems = array();
$exampleItems[0] = array('label' => 'Item 1', 'tags' => array(array('text' => 'Example tag'), array('text' => 'Example tag 2')));
$exampleItems[1] = array('label' => 'Item 2', 'tags' => array(array('text' => 'Example tag 2'), array('text' => 'Example tag 3')));
foreach ($exampleItems as $key => $val) {
$this->itemAPI->create('', '', '', '', '', $val['label'], '', '', '', '', $val['tags'], array());
}
}
$response = new TemplateResponse('passman', 'main', $params);
$csp = new ContentSecurityPolicy();
$csp->addAllowedObjectDomain('\'self\'');
$csp->addAllowedImageDomain('data:');
$response->setContentSecurityPolicy($csp);
return $response;
// templates/main.php
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showPad($file, $dir)
{
/* Retrieve file content to find pad’s URL */
$content = \OC\Files\Filesystem::file_get_contents($dir . "/" . $file);
preg_match('/URL=(.*)$/', $content, $matches);
$url = $matches[1];
$title = $file;
/* Not totally sure that this is the right way to proceed…
*
* First we decode the URL (to avoid double encode), then we
* replace spaces with underscore (as they are converted as
* such by Etherpad), then we encode the URL properly (and we
* avoid to urlencode() the protocol scheme).
*
* Magic urlencode() function was stolen from this answer on
* StackOverflow: <http://stackoverflow.com/a/7974253>.
*/
$url = urldecode($url);
$url = str_replace(' ', '_', $url);
$url = preg_replace_callback('#://([^/]+)/([^?]+)#', function ($match) {
return '://' . $match[1] . '/' . join('/', array_map('rawurlencode', explode('/', $match[2])));
}, $url);
$params = ['urlGenerator' => $this->urlGenerator, 'url' => $url, 'title' => $title];
$response = new TemplateResponse($this->appName, 'viewer', $params, 'blank');
/* Allow Etherpad and Ethercalc domains to the
* Content-Security-frame- list.
*
* This feature was introduced in ownCloud 8.1.
*/
$policy = new ContentSecurityPolicy();
$appConfig = \OC::$server->getAppConfig();
$policy->addAllowedFrameDomain($appConfig->getValue('ownpad', 'ownpad_etherpad_host', ''));
$policy->addAllowedFrameDomain($appConfig->getValue('ownpad', 'ownpad_ethercalc_host', ''));
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* @NoCSRFRequired
* @param string $category
* @return TemplateResponse
*/
public function viewApps($category = '')
{
$categoryId = $this->getCategory($category);
if ($categoryId === self::CAT_ENABLED) {
// Do not use an arbitrary input string, because we put the category in html
$category = 'enabled';
}
$params = [];
$params['experimentalEnabled'] = $this->config->getSystemValue('appstore.experimental.enabled', false);
$params['category'] = $category;
$params['appstoreEnabled'] = $this->config->getSystemValue('appstoreenabled', true) === true;
$this->navigationManager->setActiveEntry('core_apps');
$templateResponse = new TemplateResponse($this->appName, 'apps', $params, 'user');
$policy = new ContentSecurityPolicy();
$policy->addAllowedImageDomain('https://apps.owncloud.com');
$templateResponse->setContentSecurityPolicy($policy);
return $templateResponse;
}
public function testShowShare()
{
$owner = $this->getMock('OCP\\IUser');
$owner->method('getDisplayName')->willReturn('ownerDisplay');
$owner->method('getUID')->willReturn('ownerUID');
$file = $this->getMock('OCP\\Files\\File');
$file->method('getName')->willReturn('file1.txt');
$file->method('getMimetype')->willReturn('text/plain');
$file->method('getSize')->willReturn(33);
$file->method('isReadable')->willReturn(true);
$file->method('isShareable')->willReturn(true);
$share = \OC::$server->getShareManager()->newShare();
$share->setId(42);
$share->setPassword('password')->setShareOwner('ownerUID')->setNode($file)->setTarget('/file1.txt');
$this->session->method('exists')->with('public_link_authenticated')->willReturn(true);
$this->session->method('get')->with('public_link_authenticated')->willReturn('42');
$this->previewManager->method('isMimeSupported')->with('text/plain')->willReturn(true);
$this->config->method('getSystemValue')->willReturnMap([['max_filesize_animated_gifs_public_sharing', 10, 10], ['enable_previews', true, true]]);
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
$shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
$this->shareManager->expects($this->once())->method('getShareByToken')->with('token')->willReturn($share);
$this->userManager->method('get')->with('ownerUID')->willReturn($owner);
$response = $this->shareController->showShare('token');
$sharedTmplParams = array('displayName' => 'ownerDisplay', 'owner' => 'ownerUID', 'filename' => 'file1.txt', 'directory_path' => '/file1.txt', 'mimetype' => 'text/plain', 'dirToken' => 'token', 'sharingToken' => 'token', 'server2serversharing' => true, 'protected' => 'true', 'dir' => '', 'downloadURL' => null, 'fileSize' => '33 B', 'nonHumanFileSize' => 33, 'maxSizeAnimateGif' => 10, 'previewSupported' => true, 'previewEnabled' => true);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$expectedResponse = new TemplateResponse($this->appName, 'public', $sharedTmplParams, 'base');
$expectedResponse->setContentSecurityPolicy($csp);
$this->assertEquals($expectedResponse, $response);
}
public function testShowShare()
{
$this->container['UserManager']->expects($this->exactly(2))->method('userExists')->with($this->user)->will($this->returnValue(true));
// Test without a not existing token
$response = $this->shareController->showShare('ThisTokenShouldHopefullyNeverExistSoThatTheUnitTestWillAlwaysPass :)');
$expectedResponse = new NotFoundResponse();
$this->assertEquals($expectedResponse, $response);
// Test with a password protected share and no authentication
$response = $this->shareController->showShare($this->token);
$expectedResponse = new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', array('token' => $this->token)));
$this->assertEquals($expectedResponse, $response);
// Test with password protected share and authentication
$linkItem = Share::getShareByToken($this->token, false);
\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
$response = $this->shareController->showShare($this->token);
$sharedTmplParams = array('displayName' => $this->user, 'filename' => 'file1.txt', 'directory_path' => '/file1.txt', 'mimetype' => 'text/plain', 'dirToken' => $this->token, 'sharingToken' => $this->token, 'server2serversharing' => true, 'protected' => 'true', 'dir' => '', 'downloadURL' => null, 'fileSize' => '33 B', 'nonHumanFileSize' => 33, 'maxSizeAnimateGif' => 10, 'previewSupported' => true, 'previewEnabled' => true);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$expectedResponse = new TemplateResponse($this->container['AppName'], 'public', $sharedTmplParams, 'base');
$expectedResponse->setContentSecurityPolicy($csp);
$this->assertEquals($expectedResponse, $response);
}
/**
* Adds the domain "data:" to the allowed image domains
* this function is called by reference
*
* @param TemplateResponse $response
*/
private function addContentSecurityToResponse($response)
{
$csp = new Http\ContentSecurityPolicy();
$csp->addAllowedFontDomain("data:");
$response->setContentSecurityPolicy($csp);
}
/**
* CAUTION: the @Stuff turns off security checks; for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$uploadLimit = Util::uploadLimit();
$params = ['user' => $this->userId, 'uploadLimit' => $uploadLimit];
/** @var ContentSecurityPolicy $csp */
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
/** @var TemplateResponse $response */
if (isset($_SESSION['targetType']) && $_SESSION['targetType'] == TargetType::PROJECT) {
$response = new TemplateResponse('pkdrive', 'container', $params);
} else {
$response = new TemplateResponse('pkdrive', 'target', $params);
}
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
* @param string $path
* @return TemplateResponse|RedirectResponse
*/
public function showShare($token, $path = '')
{
\OC_User::setIncognitoMode(true);
// Check whether share exists
$linkItem = Share::getShareByToken($token, false);
if ($linkItem === false) {
return new NotFoundResponse();
}
$shareOwner = $linkItem['uid_owner'];
$originalSharePath = $this->getPath($token);
// Share is password protected - check whether the user is permitted to access the share
if (isset($linkItem['share_with']) && !Helper::authenticate($linkItem)) {
return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', array('token' => $token)));
}
if (Filesystem::isReadable($originalSharePath . $path)) {
$getPath = Filesystem::normalizePath($path);
$originalSharePath .= $path;
} else {
throw new OCP\Files\NotFoundException();
}
$file = basename($originalSharePath);
$shareTmpl = [];
$shareTmpl['displayName'] = User::getDisplayName($shareOwner);
$shareTmpl['filename'] = $file;
$shareTmpl['directory_path'] = $linkItem['file_target'];
$shareTmpl['mimetype'] = Filesystem::getMimeType($originalSharePath);
$shareTmpl['previewSupported'] = \OC::$server->getPreviewManager()->isMimeSupported($shareTmpl['mimetype']);
$shareTmpl['dirToken'] = $linkItem['token'];
$shareTmpl['sharingToken'] = $token;
$shareTmpl['server2serversharing'] = Helper::isOutgoingServer2serverShareEnabled();
$shareTmpl['protected'] = isset($linkItem['share_with']) ? 'true' : 'false';
$shareTmpl['dir'] = '';
$nonHumanFileSize = \OC\Files\Filesystem::filesize($originalSharePath);
$shareTmpl['nonHumanFileSize'] = $nonHumanFileSize;
$shareTmpl['fileSize'] = \OCP\Util::humanFileSize($nonHumanFileSize);
// Show file list
if (Filesystem::is_dir($originalSharePath)) {
$shareTmpl['dir'] = $getPath;
$maxUploadFilesize = Util::maxUploadFilesize($originalSharePath);
$freeSpace = Util::freeSpace($originalSharePath);
$uploadLimit = Util::uploadLimit();
$folder = new Template('files', 'list', '');
$folder->assign('dir', $getPath);
$folder->assign('dirToken', $linkItem['token']);
$folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
$folder->assign('isPublic', true);
$folder->assign('publicUploadEnabled', 'no');
$folder->assign('uploadMaxFilesize', $maxUploadFilesize);
$folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
$folder->assign('freeSpace', $freeSpace);
$folder->assign('uploadLimit', $uploadLimit);
// PHP upload limit
$folder->assign('usedSpacePercent', 0);
$folder->assign('trash', false);
$shareTmpl['folder'] = $folder->fetchPage();
}
$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token));
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
$csp = new OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
$response->setContentSecurityPolicy($csp);
return $response;
}
