/** * The constructor * @param string $app app requesting l10n * @param string $lang default: null Language * * If language is not set, the constructor tries to find the right * language. * @deprecated 9.0.0 Use \OC::$server->getL10NFactory()->get() instead */ public function __construct($app, $lang = null) { $app = \OC_App::cleanAppId($app); $this->app = $app; if ($lang !== null) { $lang = str_replace(array('\\0', '/', '\\', '..'), '', $lang); } // Find the right language if ($app !== 'test' && !\OC::$server->getL10NFactory()->languageExists($app, $lang)) { $lang = \OC::$server->getL10NFactory()->findLanguage($app); } $this->lang = $lang; }
/** * Get a language instance * * @param string $app * @param string|null $lang * @return \OCP\IL10N */ public function get($app, $lang = null) { $app = \OC_App::cleanAppId($app); if ($lang !== null) { $lang = str_replace(array('\\0', '/', '\\', '..'), '', (string) $lang); } if ($lang === null || !$this->languageExists($app, $lang)) { $lang = $this->findLanguage($app); } if (!isset($this->instances[$lang][$app])) { $this->instances[$lang][$app] = new L10N($this, $app, $lang, $this->getL10nFilesForApp($app, $lang)); } return $this->instances[$lang][$app]; }
<?php OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); $appid = $_POST['appid']; $appid = OC_App::cleanAppId($appid); $result = OC_Installer::updateApp($appid); if ($result !== false) { OC_JSON::success(array('data' => array('appid' => $appid))); } else { $l = OC_L10N::get('settings'); OC_JSON::error(array("data" => array("message" => $l->t("Couldn't update app.")))); }
* @author Kamil Domanski <*****@*****.**> * @author Lukas Reschke <*****@*****.**> * @author Morris Jobke <*****@*****.**> * @author Robin Appelman <*****@*****.**> * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * * This code is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); $groups = isset($_POST['groups']) ? (array) $_POST['groups'] : null; try { OC_App::enable(OC_App::cleanAppId((string) $_POST['appid']), $groups); OC_JSON::success(); } catch (Exception $e) { OC_Log::write('core', $e->getMessage(), OC_Log::ERROR); OC_JSON::error(array("data" => array("message" => $e->getMessage()))); }
protected function init() { if ($this->app === true) { return; } $app = OC_App::cleanAppId($this->app); $lang = str_replace(array('\\0', '/', '\\', '..'), '', $this->lang); $this->app = true; // Find the right language if (is_null($lang) || $lang == '') { $lang = self::findLanguage($app); } // Use cache if possible if (array_key_exists($app . '::' . $lang, self::$cache)) { $this->translations = self::$cache[$app . '::' . $lang]['t']; $this->localizations = self::$cache[$app . '::' . $lang]['l']; } else { $i18ndir = self::findI18nDir($app); // Localization is in /l10n, Texts are in $i18ndir // (Just no need to define date/time format etc. twice) if ((OC_Helper::isSubDirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/core/l10n/') || OC_Helper::isSubDirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/lib/l10n/') || OC_Helper::isSubDirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/settings') || OC_Helper::isSubDirectory($i18ndir . $lang . '.php', OC_App::getAppPath($app) . '/l10n/')) && file_exists($i18ndir . $lang . '.php')) { // Include the file, save the data from $CONFIG $transFile = strip_tags($i18ndir) . strip_tags($lang) . '.php'; include $transFile; if (isset($TRANSLATIONS) && is_array($TRANSLATIONS)) { $this->translations = $TRANSLATIONS; //merge with translations from theme $theme = OC_Config::getValue("theme"); if (!is_null($theme)) { $transFile = OC::$SERVERROOT . '/themes/' . $theme . substr($transFile, strlen(OC::$SERVERROOT)); if (file_exists($transFile)) { include $transFile; if (isset($TRANSLATIONS) && is_array($TRANSLATIONS)) { $this->translations = array_merge($this->translations, $TRANSLATIONS); } } } } if (isset($PLURAL_FORMS)) { $this->plural_form_string = $PLURAL_FORMS; } } if (file_exists(OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php') && OC_Helper::isSubDirectory(OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php', OC::$SERVERROOT . '/core/l10n/')) { // Include the file, save the data from $CONFIG include OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php'; if (isset($LOCALIZATIONS) && is_array($LOCALIZATIONS)) { $this->localizations = array_merge($this->localizations, $LOCALIZATIONS); } } self::$cache[$app . '::' . $lang]['t'] = $this->translations; self::$cache[$app . '::' . $lang]['l'] = $this->localizations; } }
/** * Find the route matching $url * * @param string $url The url to find * @throws \Exception * @return void */ public function match($url) { if (substr($url, 0, 6) === '/apps/') { // empty string / 'apps' / $app / rest of the route list(, , $app, ) = explode('/', $url, 4); $app = \OC_App::cleanAppId($app); \OC::$REQUESTEDAPP = $app; $this->loadRoutes($app); } else { if (substr($url, 0, 6) === '/core/' or substr($url, 0, 10) === '/settings/') { \OC::$REQUESTEDAPP = $url; if (!\OC::$server->getConfig()->getSystemValue('maintenance', false) && !Util::needUpgrade()) { \OC_App::loadApps(); } $this->loadRoutes('core'); } else { $this->loadRoutes(); } } $matcher = new UrlMatcher($this->root, $this->context); try { $parameters = $matcher->match($url); } catch (ResourceNotFoundException $e) { if (substr($url, -1) !== '/') { // We allow links to apps/files? for backwards compatibility reasons // However, since Symfony does not allow empty route names, the route // we need to match is '/', so we need to append the '/' here. try { $parameters = $matcher->match($url . '/'); } catch (ResourceNotFoundException $newException) { // If we still didn't match a route, we throw the original exception throw $e; } } else { throw $e; } } \OC::$server->getEventLogger()->start('run_route', 'Run route'); if (isset($parameters['action'])) { $action = $parameters['action']; if (!is_callable($action)) { throw new \Exception('not a callable action'); } unset($parameters['action']); call_user_func($action, $parameters); } elseif (isset($parameters['file'])) { include $parameters['file']; } else { throw new \Exception('no action available'); } \OC::$server->getEventLogger()->end('run_route'); }
* as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); $action = isset($_POST['action']) ? $_POST['action'] : $_GET['action']; if (isset($_POST['app']) || isset($_GET['app'])) { $app = OC_App::cleanAppId(isset($_POST['app']) ? (string) $_POST['app'] : (string) $_GET['app']); } // An admin should not be able to add remote and public services // on its own. This should only be possible programmatically. // This change is due the fact that an admin may not be expected // to execute arbitrary code in every environment. if ($app === 'core' && isset($_POST['key']) && (substr((string) $_POST['key'], 0, 7) === 'remote_' || substr((string) $_POST['key'], 0, 7) === 'public_')) { OC_JSON::error(array('data' => array('message' => 'Unexpected error!'))); return; } $result = false; $appConfig = \OC::$server->getAppConfig(); switch ($action) { case 'getValue': $result = $appConfig->getValue($app, (string) $_GET['key'], (string) $_GET['defaultValue']); break;
/** * Returns the URL of the default page * based on the system configuration and * the apps visible for the current user * * @return string URL */ public static function getDefaultPageUrl() { $urlGenerator = \OC::$server->getURLGenerator(); if (isset($_REQUEST['redirect_url'])) { $location = urldecode($_REQUEST['redirect_url']); } else { $defaultPage = OC_Appconfig::getValue('core', 'defaultpage'); if ($defaultPage) { $location = $urlGenerator->getAbsoluteURL($defaultPage); } else { $appId = 'files'; $defaultApps = explode(',', \OCP\Config::getSystemValue('defaultapp', 'files')); // find the first app that is enabled for the current user foreach ($defaultApps as $defaultApp) { $defaultApp = OC_App::cleanAppId(strip_tags($defaultApp)); if (OC_App::isEnabled($defaultApp)) { $appId = $defaultApp; break; } } $location = $urlGenerator->getAbsoluteURL('/index.php/apps/' . $appId . '/'); } } return $location; }
/** * check an app's integrity * @param array $data * @param string $extractDir * @param string $path * @param bool $isShipped * @return array * @throws \Exception */ public static function checkAppsIntegrity($data, $extractDir, $path, $isShipped = false) { $l = \OC::$server->getL10N('lib'); //load the info.xml file of the app if (!is_file($extractDir . '/appinfo/info.xml')) { //try to find it in a subdir $dh = opendir($extractDir); if (is_resource($dh)) { while (($folder = readdir($dh)) !== false) { if ($folder[0] != '.' and is_dir($extractDir . '/' . $folder)) { if (is_file($extractDir . '/' . $folder . '/appinfo/info.xml')) { $extractDir .= '/' . $folder; } } } } } if (!is_file($extractDir . '/appinfo/info.xml')) { OC_Helper::rmdirr($extractDir); if ($data['source'] === 'http') { unlink($path); } throw new \Exception($l->t("App does not provide an info.xml file")); } $info = OC_App::getAppInfo($extractDir . '/appinfo/info.xml', true); // We can't trust the parsed info.xml file as it may have been tampered // with by an attacker and thus we need to use the local data to check // whether the application needs to be signed. $appId = OC_App::cleanAppId($data['appdata']['id']); $appBelongingToId = OC_App::getInternalAppIdByOcs($appId); if (is_string($appBelongingToId)) { $previouslySigned = \OC::$server->getConfig()->getAppValue($appBelongingToId, 'signed', 'false'); } else { $appBelongingToId = $info['id']; $previouslySigned = 'false'; } if ($data['appdata']['level'] === OC_App::officialApp || $previouslySigned === 'true') { \OC::$server->getConfig()->setAppValue($appBelongingToId, 'signed', 'true'); $integrityResult = \OC::$server->getIntegrityCodeChecker()->verifyAppSignature($appBelongingToId, $extractDir); if ($integrityResult !== []) { $e = new \Exception($l->t('Signature could not get checked. Please contact the app developer and check your admin screen.')); throw $e; } } // check the code for not allowed calls if (!$isShipped && !OC_Installer::checkCode($extractDir)) { OC_Helper::rmdirr($extractDir); throw new \Exception($l->t("App can't be installed because of not allowed code in the App")); } // check if the app is compatible with this version of ownCloud if (!OC_App::isAppCompatible(\OCP\Util::getVersion(), $info)) { OC_Helper::rmdirr($extractDir); throw new \Exception($l->t("App can't be installed because it is not compatible with this version of ownCloud")); } // check if shipped tag is set which is only allowed for apps that are shipped with ownCloud if (!$isShipped && isset($info['shipped']) && $info['shipped'] == 'true') { OC_Helper::rmdirr($extractDir); throw new \Exception($l->t("App can't be installed because it contains the <shipped>true</shipped> tag which is not allowed for non shipped apps")); } // check if the ocs version is the same as the version in info.xml/version $version = trim($info['version']); if (isset($data['appdata']['version']) && $version != trim($data['appdata']['version'])) { OC_Helper::rmdirr($extractDir); throw new \Exception($l->t("App can't be installed because the version in info.xml is not the same as the version reported from the app store")); } return $info; }
<?php OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); $appid = OC_App::enable(OC_App::cleanAppId($_POST['appid'])); if ($appid !== false) { OC_JSON::success(array('data' => array('appid' => $appid))); } else { $l = OC_L10N::get('settings'); OC_JSON::error(array("data" => array("message" => $l->t("Could not enable app. ")))); }
public static function init() { // register autoloader require_once __DIR__ . '/autoloader.php'; self::$loader = new \OC\Autoloader(); self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib'); self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib'); self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing'); self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console'); self::$loader->registerPrefix('Sabre\\VObject', '3rdparty'); self::$loader->registerPrefix('Sabre_', '3rdparty'); self::$loader->registerPrefix('Patchwork', '3rdparty'); spl_autoload_register(array(self::$loader, 'load')); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = php_sapi_name() == 'cli'; date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (get_magic_quotes_gpc() == 1) { ini_set('magic_quotes_runtime', 0); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; } //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); if (OC_Config::getValue('instanceid', false)) { // \OC\Memcache\Cache has a hidden dependency on // OC_Util::getInstanceId() for namespacing. See #5409. try { self::$loader->setMemoryCache(\OC\Memcache\Factory::createLowLatency('Autoloader')); } catch (\Exception $ex) { } } OC_Util::isSetLocaleWorking(); // set debug mode if an xdebug session is active if (!defined('DEBUG') || !DEBUG) { if (isset($_COOKIE['XDEBUG_SESSION'])) { define('DEBUG', true); } } if (!defined('PHPUNIT_RUN')) { if (defined('DEBUG') and DEBUG) { OC\Log\ErrorHandler::register(true); set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); } else { OC\Log\ErrorHandler::register(); } OC\Log\ErrorHandler::setLogger(OC_Log::$object); } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir'); stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream'); stream_wrapper_register('close', 'OC\\Files\\Stream\\Close'); stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota'); stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC'); // setup the basic server self::$server = new \OC\Server(); self::initTemplateEngine(); OC_App::loadApps(array('session')); if (!self::$CLI) { self::initSession(); } else { self::$session = new \OC\Session\Memory(''); } self::checkConfig(); self::checkInstalled(); self::checkSSL(); self::addSecurityHeaders(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { if (self::$CLI) { foreach ($errors as $error) { echo $error['error'] . "\n"; echo $error['hint'] . "\n\n"; } } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printGuestPage('', 'error', array('errors' => $errors)); } exit; } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string) $sessionLifeTime); // User and Groups if (!OC_Config::getValue("installed", false)) { self::$session->set('user_id', ''); } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) { $sessionUser = self::$session->get('loginname'); $serverUser = $_SERVER['PHP_AUTH_USER']; OC_Log::write('core', "Session loginname ({$sessionUser}) doesn't match SERVER[PHP_AUTH_USER] ({$serverUser}).", OC_Log::WARN); OC_User::logout(); } // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; global $RUNTIME_APPTYPES; if (!$RUNTIME_NOAPPS && !self::checkUpgrade(false)) { if ($RUNTIME_APPTYPES) { OC_App::loadApps($RUNTIME_APPTYPES); } else { OC_App::loadApps(); } } //setup extra user backends OC_User::setupBackends(); self::registerCacheHooks(); self::registerFilesystemHooks(); self::registerPreviewHooks(); self::registerShareHooks(); self::registerLogRotate(); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; $_GET['app'] = $app; } self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null; if (substr_count(self::$REQUESTEDFILE, '?') != 0) { $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } if (!is_null(self::$REQUESTEDFILE)) { $subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE; $parent = OC_App::getAppPath(OC::$REQUESTEDAPP); if (!OC_Helper::issubdirectory($subdir, $parent)) { self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); exit; } } if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } }
/** * Handle the request */ public static function handleRequest() { \OC::$server->getEventLogger()->start('handle_request', 'Handle request'); $systemConfig = \OC::$server->getSystemConfig(); // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode if (!$systemConfig->getValue('installed', false)) { \OC::$server->getSession()->clear(); $setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom()); $controller = new OC\Core\Controller\SetupController($setupHelper); $controller->run($_POST); exit; } $request = \OC::$server->getRequest(); $requestPath = $request->getPathInfo(); if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); self::checkUpgrade(); } // emergency app disabling if ($requestPath === '/disableapp' && $request->getMethod() === 'POST' && (string) $request->getParam('appid') !== '') { \OCP\JSON::callCheck(); \OCP\JSON::checkAdminUser(); $appId = (string) $request->getParam('appid'); $appId = \OC_App::cleanAppId($appId); \OC_App::disable($appId); \OC_JSON::success(); exit; } // Always load authentication apps OC_App::loadApps(['authentication']); // Load minimum set of apps if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false)) { // For logged-in users: Load everything if (OC_User::isLoggedIn()) { OC_App::loadApps(); } else { // For guests: Load only filesystem and logging OC_App::loadApps(array('filesystem', 'logging')); \OC_User::tryBasicAuthLogin(); } } if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) { try { if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) { OC_App::loadApps(array('filesystem', 'logging')); OC_App::loadApps(); } self::checkSingleUserMode(); OC_Util::setupFS(); OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } } // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = \OC::$server->getURLGenerator()->getAbsoluteURL(urldecode($_REQUEST['redirect_url'])); // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (strpos($location, '@') === false) { header('Location: ' . $location); return; } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. header('HTTP/1.1 405 Method Not Allowed'); header('Status: 405 Method Not Allowed'); return; } // Redirect to index if the logout link is accessed without valid session // this is needed to prevent "Token expired" messages while login if a session is expired // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 if (isset($_GET['logout']) && !OC_User::isLoggedIn()) { header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/')); return; } // Someone is logged in if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); OC_Util::setupFS(); if (isset($_GET["logout"]) and $_GET["logout"]) { OC_JSON::callCheck(); if (isset($_COOKIE['oc_token'])) { \OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); } OC_User::logout(); // redirect to webroot and add slash if webroot is empty header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/')); } else { // Redirect to default application OC_Util::redirectToDefaultPage(); } } else { // Not handled and not logged in self::handleLogin(); } }
/** * Find the route matching $url * * @param string $url The url to find * @throws \Exception * @return void */ public function match($url) { if (substr($url, 0, 6) === '/apps/') { // empty string / 'apps' / $app / rest of the route list(, , $app, ) = explode('/', $url, 4); $app = \OC_App::cleanAppId($app); \OC::$REQUESTEDAPP = $app; $this->loadRoutes($app); } else { if (substr($url, 0, 6) === '/core/' or substr($url, 0, 10) === '/settings/') { \OC::$REQUESTEDAPP = $url; if (!\OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) { \OC_App::loadApps(); } $this->loadRoutes('core'); } else { $this->loadRoutes(); } } $matcher = new UrlMatcher($this->root, $this->context); $parameters = $matcher->match($url); if (isset($parameters['action'])) { $action = $parameters['action']; if (!is_callable($action)) { var_dump($action); throw new \Exception('not a callable action'); } unset($parameters['action']); call_user_func($action, $parameters); } elseif (isset($parameters['file'])) { include $parameters['file']; } else { throw new \Exception('no action available'); } }
<?php /** * ownCloud - ajax frontend * * @author Jakob Sack * @copyright 2011 Jakob Sack kde@jakobsack.de * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ $app = isset($_POST["app"]) ? $_POST["app"] : ""; $app = OC_App::cleanAppId($app); $l = OC_L10N::get($app); OC_JSON::success(array('data' => $l->getTranslations(), 'plural_form' => $l->getPluralFormString()));
* @author Lukas Reschke <*****@*****.**> * @author Robin Appelman <*****@*****.**> * @author Thomas Müller <*****@*****.**> * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * * This code is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); $groups = isset($_POST['groups']) ? (array) $_POST['groups'] : null; try { $app = OC_App::cleanAppId((string) $_POST['appid']); OC_App::enable($app, $groups); OC_JSON::success(['data' => ['update_required' => \OC_App::shouldUpgrade($app)]]); } catch (Exception $e) { \OCP\Util::writeLog('core', $e->getMessage(), \OCP\Util::ERROR); OC_JSON::error(array("data" => array("message" => $e->getMessage()))); }
/** * Returns the URL of the default page * based on the system configuration and * the apps visible for the current user * * @return string URL */ public static function getDefaultPageUrl() { $urlGenerator = \OC::$server->getURLGenerator(); // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (isset($_REQUEST['redirect_url']) && strpos($_REQUEST['redirect_url'], '@') === false) { $location = $urlGenerator->getAbsoluteURL(urldecode($_REQUEST['redirect_url'])); } else { $defaultPage = OC_Appconfig::getValue('core', 'defaultpage'); if ($defaultPage) { $location = $urlGenerator->getAbsoluteURL($defaultPage); } else { $appId = 'files'; $defaultApps = explode(',', \OCP\Config::getSystemValue('defaultapp', 'files')); // find the first app that is enabled for the current user foreach ($defaultApps as $defaultApp) { $defaultApp = OC_App::cleanAppId(strip_tags($defaultApp)); if (OC_App::isEnabled($defaultApp)) { $appId = $defaultApp; break; } } $location = $urlGenerator->getAbsoluteURL('/index.php/apps/' . $appId . '/'); } } return $location; }
/** * Handle the request */ public static function handleRequest() { \OC::$server->getEventLogger()->start('handle_request', 'Handle request'); $systemConfig = \OC::$server->getSystemConfig(); // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode if (!$systemConfig->getValue('installed', false)) { \OC::$server->getSession()->clear(); $setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom()); $controller = new OC\Core\Controller\SetupController($setupHelper); $controller->run($_POST); exit; } $request = \OC::$server->getRequest(); // Check if requested URL matches 'index.php/occ' $isOccControllerRequested = preg_match('|/index\\.php$|', $request->getScriptName()) === 1 && strpos($request->getPathInfo(), '/occ/') === 0; $requestPath = $request->getRawPathInfo(); if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode($request); $needUpgrade = self::checkUpgrade(!$isOccControllerRequested); } // emergency app disabling if ($requestPath === '/disableapp' && $request->getMethod() === 'POST' && (string) $request->getParam('appid') !== '') { \OCP\JSON::callCheck(); \OCP\JSON::checkAdminUser(); $appId = (string) $request->getParam('appid'); $appId = \OC_App::cleanAppId($appId); \OC_App::disable($appId); \OC_JSON::success(); exit; } try { // Always load authentication apps OC_App::loadApps(['authentication']); } catch (\OC\NeedsUpdateException $e) { if ($isOccControllerRequested && $needUpgrade) { OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo()); return; } throw $e; } // Load minimum set of apps if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false)) { // For logged-in users: Load everything if (OC_User::isLoggedIn()) { OC_App::loadApps(); } else { // For guests: Load only filesystem and logging OC_App::loadApps(array('filesystem', 'logging')); self::handleLogin($request); } } if (!self::$CLI) { try { if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) { OC_App::loadApps(array('filesystem', 'logging')); OC_App::loadApps(); } self::checkSingleUserMode(); OC_Util::setupFS(); OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. header('HTTP/1.1 405 Method Not Allowed'); header('Status: 405 Method Not Allowed'); return; } // Someone is logged in if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); OC_Util::setupFS(); // FIXME // Redirect to default application OC_Util::redirectToDefaultPage(); } else { // Not handled and not logged in header('Location: ' . \OC::$server->getURLGenerator()->linkToRouteAbsolute('core.login.showLoginForm')); } }
*/ OCP\JSON::checkAdminUser(); OCP\JSON::callCheck(); if (!array_key_exists('appid', $_POST)) { OCP\JSON::error(array('message' => 'No AppId given!')); return; } $appId = (string) $_POST['appid']; if (!is_numeric($appId)) { $appId = \OC::$server->getAppConfig()->getValue($appId, 'ocsid', null); if ($appId === null) { OCP\JSON::error(array('message' => 'No OCS-ID found for app!')); exit; } } $appId = OC_App::cleanAppId($appId); $config = \OC::$server->getConfig(); $config->setSystemValue('maintenance', true); try { $result = OC_Installer::updateAppByOCSId($appId); $config->setSystemValue('maintenance', false); } catch (Exception $ex) { $config->setSystemValue('maintenance', false); OC_JSON::error(array("data" => array("message" => $ex->getMessage()))); return; } if ($result !== false) { OC_JSON::success(array('data' => array('appid' => $appId))); } else { $l = \OC::$server->getL10N('settings'); OC_JSON::error(array("data" => array("message" => $l->t("Couldn't update app."))));
<?php /** * Copyright (c) 2011, Robin Appelman <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. */ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); $action = isset($_POST['action']) ? $_POST['action'] : $_GET['action']; if (isset($_POST['app']) || isset($_GET['app'])) { $app = OC_App::cleanAppId(isset($_POST['app']) ? $_POST['app'] : $_GET['app']); } // An admin should not be able to add remote and public services // on its own. This should only be possible programmatically. // This change is due the fact that an admin may not be expected // to execute arbitrary code in every environment. if ($app === 'core' && isset($_POST['key']) && (substr($_POST['key'], 0, 7) === 'remote_' || substr($_POST['key'], 0, 7) === 'public_')) { OC_JSON::error(array('data' => array('message' => 'Unexpected error!'))); return; } $result = false; switch ($action) { case 'getValue': $result = OC_Appconfig::getValue($app, $_GET['key'], $_GET['defaultValue']); break; case 'setValue': $result = OC_Appconfig::setValue($app, $_POST['key'], $_POST['value']); break; case 'getApps': $result = OC_Appconfig::getApps();
protected function init() { if ($this->app === true) { return; } $app = OC_App::cleanAppId($this->app); $lang = $this->lang; $this->app = true; // Find the right language if (is_null($lang) || $lang == '') { $lang = self::findLanguage($app); } // Use cache if possible if (array_key_exists($app . '::' . $lang, self::$cache)) { $this->translations = self::$cache[$app . '::' . $lang]['t']; $this->localizations = self::$cache[$app . '::' . $lang]['l']; } else { $i18ndir = self::findI18nDir($app); // Localization is in /l10n, Texts are in $i18ndir // (Just no need to define date/time format etc. twice) if ((OC_Helper::issubdirectory($i18ndir . $lang . '.php', OC_App::getAppPath($app) . '/l10n/') || OC_Helper::issubdirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/core/l10n/') || OC_Helper::issubdirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/lib/l10n/') || OC_Helper::issubdirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/settings')) && file_exists($i18ndir . $lang . '.php')) { // Include the file, save the data from $CONFIG include strip_tags($i18ndir) . strip_tags($lang) . '.php'; if (isset($TRANSLATIONS) && is_array($TRANSLATIONS)) { $this->translations = $TRANSLATIONS; } } if (file_exists(OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php')) { // Include the file, save the data from $CONFIG include OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php'; if (isset($LOCALIZATIONS) && is_array($LOCALIZATIONS)) { $this->localizations = array_merge($this->localizations, $LOCALIZATIONS); } } self::$cache[$app . '::' . $lang]['t'] = $this->translations; self::$cache[$app . '::' . $lang]['l'] = $this->localizations; } }
public static function init() { // register autoloader spl_autoload_register(array('OC', 'autoload')); OC_Util::issetlocaleworking(); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = php_sapi_name() == 'cli'; date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (get_magic_quotes_gpc() == 1) { ini_set('magic_quotes_runtime', 0); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; } //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); // set debug mode if an xdebug session is active if (!defined('DEBUG') || !DEBUG) { if (isset($_COOKIE['XDEBUG_SESSION'])) { define('DEBUG', true); } } if (!defined('PHPUNIT_RUN') and !(defined('DEBUG') and DEBUG)) { register_shutdown_function(array('OC_Log', 'onShutdown')); set_error_handler(array('OC_Log', 'onError')); set_exception_handler(array('OC_Log', 'onException')); } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir'); stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream'); stream_wrapper_register('close', 'OC\\Files\\Stream\\Close'); stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC'); self::initTemplateEngine(); self::checkConfig(); self::checkInstalled(); self::checkSSL(); self::initSession(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { OC_Template::printGuestPage('', 'error', array('errors' => $errors)); exit; } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string) $sessionLifeTime); // User and Groups if (!OC_Config::getValue("installed", false)) { $_SESSION['user_id'] = ''; } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) { OC_User::logout(); } // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; global $RUNTIME_APPTYPES; if (!$RUNTIME_NOAPPS) { if ($RUNTIME_APPTYPES) { OC_App::loadApps($RUNTIME_APPTYPES); } else { OC_App::loadApps(); } } //setup extra user backends OC_User::setupBackends(); self::registerCacheHooks(); self::registerFilesystemHooks(); self::registerShareHooks(); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; $_GET['app'] = $app; } self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null; if (substr_count(self::$REQUESTEDFILE, '?') != 0) { $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } if (!is_null(self::$REQUESTEDFILE)) { $subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE; $parent = OC_App::getAppPath(OC::$REQUESTEDAPP); if (!OC_Helper::issubdirectory($subdir, $parent)) { self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); exit; } } // write error into log if locale can't be set if (OC_Util::issetlocaleworking() == false) { OC_Log::write('core', 'setting locale to en_US.UTF-8/en_US.UTF8 failed. Support is probably not installed on your system', OC_Log::ERROR); } if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } }
protected function init() { if ($this->app === true) { return; } $app = OC_App::cleanAppId($this->app); $lang = str_replace(array('\\0', '/', '\\', '..'), '', $this->lang); $this->app = true; // Find the right language if (is_null($lang) || $lang == '') { $lang = self::findLanguage($app); } // Use cache if possible if (array_key_exists($app . '::' . $lang, self::$cache)) { $this->translations = self::$cache[$app . '::' . $lang]['t']; } else { $i18nDir = self::findI18nDir($app); $transFile = strip_tags($i18nDir) . strip_tags($lang) . '.json'; // Texts are in $i18ndir // (Just no need to define date/time format etc. twice) if ((OC_Helper::isSubDirectory($transFile, OC::$SERVERROOT . '/core/l10n/') || OC_Helper::isSubDirectory($transFile, OC::$SERVERROOT . '/lib/l10n/') || OC_Helper::isSubDirectory($transFile, OC::$SERVERROOT . '/settings') || OC_Helper::isSubDirectory($transFile, OC_App::getAppPath($app) . '/l10n/')) && file_exists($transFile)) { // load the translations file if ($this->load($transFile)) { //merge with translations from theme $theme = \OC::$server->getConfig()->getSystemValue('theme'); if (!empty($theme)) { $transFile = OC::$SERVERROOT . '/themes/' . $theme . substr($transFile, strlen(OC::$SERVERROOT)); if (file_exists($transFile)) { $this->load($transFile, true); } } } } self::$cache[$app . '::' . $lang]['t'] = $this->translations; } }
<?php OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); OC_App::disable(OC_App::cleanAppId($_POST['appid'])); OC_JSON::success();