/**
* The constructor
* @param string $app app requesting l10n
* @param string $lang default: null Language
*
* If language is not set, the constructor tries to find the right
* language.
* @deprecated 9.0.0 Use \OC::$server->getL10NFactory()->get() instead
*/
public function __construct($app, $lang = null)
{
$app = \OC_App::cleanAppId($app);
$this->app = $app;
if ($lang !== null) {
$lang = str_replace(array('\\0', '/', '\\', '..'), '', $lang);
}
// Find the right language
if ($app !== 'test' && !\OC::$server->getL10NFactory()->languageExists($app, $lang)) {
$lang = \OC::$server->getL10NFactory()->findLanguage($app);
}
$this->lang = $lang;
}
/**
* Get a language instance
*
* @param string $app
* @param string|null $lang
* @return \OCP\IL10N
*/
public function get($app, $lang = null)
{
$app = \OC_App::cleanAppId($app);
if ($lang !== null) {
$lang = str_replace(array('\\0', '/', '\\', '..'), '', (string) $lang);
}
if ($lang === null || !$this->languageExists($app, $lang)) {
$lang = $this->findLanguage($app);
}
if (!isset($this->instances[$lang][$app])) {
$this->instances[$lang][$app] = new L10N($this, $app, $lang, $this->getL10nFilesForApp($app, $lang));
}
return $this->instances[$lang][$app];
}
<?php
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$appid = $_POST['appid'];
$appid = OC_App::cleanAppId($appid);
$result = OC_Installer::updateApp($appid);
if ($result !== false) {
OC_JSON::success(array('data' => array('appid' => $appid)));
} else {
$l = OC_L10N::get('settings');
OC_JSON::error(array("data" => array("message" => $l->t("Couldn't update app."))));
}
* @author Kamil Domanski <*****@*****.**>
* @author Lukas Reschke <*****@*****.**>
* @author Morris Jobke <*****@*****.**>
* @author Robin Appelman <*****@*****.**>
*
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$groups = isset($_POST['groups']) ? (array) $_POST['groups'] : null;
try {
OC_App::enable(OC_App::cleanAppId((string) $_POST['appid']), $groups);
OC_JSON::success();
} catch (Exception $e) {
OC_Log::write('core', $e->getMessage(), OC_Log::ERROR);
OC_JSON::error(array("data" => array("message" => $e->getMessage())));
}
protected function init()
{
if ($this->app === true) {
return;
}
$app = OC_App::cleanAppId($this->app);
$lang = str_replace(array('\\0', '/', '\\', '..'), '', $this->lang);
$this->app = true;
// Find the right language
if (is_null($lang) || $lang == '') {
$lang = self::findLanguage($app);
}
// Use cache if possible
if (array_key_exists($app . '::' . $lang, self::$cache)) {
$this->translations = self::$cache[$app . '::' . $lang]['t'];
$this->localizations = self::$cache[$app . '::' . $lang]['l'];
} else {
$i18ndir = self::findI18nDir($app);
// Localization is in /l10n, Texts are in $i18ndir
// (Just no need to define date/time format etc. twice)
if ((OC_Helper::isSubDirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/core/l10n/') || OC_Helper::isSubDirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/lib/l10n/') || OC_Helper::isSubDirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/settings') || OC_Helper::isSubDirectory($i18ndir . $lang . '.php', OC_App::getAppPath($app) . '/l10n/')) && file_exists($i18ndir . $lang . '.php')) {
// Include the file, save the data from $CONFIG
$transFile = strip_tags($i18ndir) . strip_tags($lang) . '.php';
include $transFile;
if (isset($TRANSLATIONS) && is_array($TRANSLATIONS)) {
$this->translations = $TRANSLATIONS;
//merge with translations from theme
$theme = OC_Config::getValue("theme");
if (!is_null($theme)) {
$transFile = OC::$SERVERROOT . '/themes/' . $theme . substr($transFile, strlen(OC::$SERVERROOT));
if (file_exists($transFile)) {
include $transFile;
if (isset($TRANSLATIONS) && is_array($TRANSLATIONS)) {
$this->translations = array_merge($this->translations, $TRANSLATIONS);
}
}
}
}
if (isset($PLURAL_FORMS)) {
$this->plural_form_string = $PLURAL_FORMS;
}
}
if (file_exists(OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php') && OC_Helper::isSubDirectory(OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php', OC::$SERVERROOT . '/core/l10n/')) {
// Include the file, save the data from $CONFIG
include OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php';
if (isset($LOCALIZATIONS) && is_array($LOCALIZATIONS)) {
$this->localizations = array_merge($this->localizations, $LOCALIZATIONS);
}
}
self::$cache[$app . '::' . $lang]['t'] = $this->translations;
self::$cache[$app . '::' . $lang]['l'] = $this->localizations;
}
}
/**
* Find the route matching $url
*
* @param string $url The url to find
* @throws \Exception
* @return void
*/
public function match($url)
{
if (substr($url, 0, 6) === '/apps/') {
// empty string / 'apps' / $app / rest of the route
list(, , $app, ) = explode('/', $url, 4);
$app = \OC_App::cleanAppId($app);
\OC::$REQUESTEDAPP = $app;
$this->loadRoutes($app);
} else {
if (substr($url, 0, 6) === '/core/' or substr($url, 0, 10) === '/settings/') {
\OC::$REQUESTEDAPP = $url;
if (!\OC::$server->getConfig()->getSystemValue('maintenance', false) && !Util::needUpgrade()) {
\OC_App::loadApps();
}
$this->loadRoutes('core');
} else {
$this->loadRoutes();
}
}
$matcher = new UrlMatcher($this->root, $this->context);
try {
$parameters = $matcher->match($url);
} catch (ResourceNotFoundException $e) {
if (substr($url, -1) !== '/') {
// We allow links to apps/files? for backwards compatibility reasons
// However, since Symfony does not allow empty route names, the route
// we need to match is '/', so we need to append the '/' here.
try {
$parameters = $matcher->match($url . '/');
} catch (ResourceNotFoundException $newException) {
// If we still didn't match a route, we throw the original exception
throw $e;
}
} else {
throw $e;
}
}
\OC::$server->getEventLogger()->start('run_route', 'Run route');
if (isset($parameters['action'])) {
$action = $parameters['action'];
if (!is_callable($action)) {
throw new \Exception('not a callable action');
}
unset($parameters['action']);
call_user_func($action, $parameters);
} elseif (isset($parameters['file'])) {
include $parameters['file'];
} else {
throw new \Exception('no action available');
}
\OC::$server->getEventLogger()->end('run_route');
}
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
OC_Util::checkAdminUser();
OCP\JSON::callCheck();
$action = isset($_POST['action']) ? $_POST['action'] : $_GET['action'];
if (isset($_POST['app']) || isset($_GET['app'])) {
$app = OC_App::cleanAppId(isset($_POST['app']) ? (string) $_POST['app'] : (string) $_GET['app']);
}
// An admin should not be able to add remote and public services
// on its own. This should only be possible programmatically.
// This change is due the fact that an admin may not be expected
// to execute arbitrary code in every environment.
if ($app === 'core' && isset($_POST['key']) && (substr((string) $_POST['key'], 0, 7) === 'remote_' || substr((string) $_POST['key'], 0, 7) === 'public_')) {
OC_JSON::error(array('data' => array('message' => 'Unexpected error!')));
return;
}
$result = false;
$appConfig = \OC::$server->getAppConfig();
switch ($action) {
case 'getValue':
$result = $appConfig->getValue($app, (string) $_GET['key'], (string) $_GET['defaultValue']);
break;
/**
* Returns the URL of the default page
* based on the system configuration and
* the apps visible for the current user
*
* @return string URL
*/
public static function getDefaultPageUrl()
{
$urlGenerator = \OC::$server->getURLGenerator();
if (isset($_REQUEST['redirect_url'])) {
$location = urldecode($_REQUEST['redirect_url']);
} else {
$defaultPage = OC_Appconfig::getValue('core', 'defaultpage');
if ($defaultPage) {
$location = $urlGenerator->getAbsoluteURL($defaultPage);
} else {
$appId = 'files';
$defaultApps = explode(',', \OCP\Config::getSystemValue('defaultapp', 'files'));
// find the first app that is enabled for the current user
foreach ($defaultApps as $defaultApp) {
$defaultApp = OC_App::cleanAppId(strip_tags($defaultApp));
if (OC_App::isEnabled($defaultApp)) {
$appId = $defaultApp;
break;
}
}
$location = $urlGenerator->getAbsoluteURL('/index.php/apps/' . $appId . '/');
}
}
return $location;
}
/**
* check an app's integrity
* @param array $data
* @param string $extractDir
* @param string $path
* @param bool $isShipped
* @return array
* @throws \Exception
*/
public static function checkAppsIntegrity($data, $extractDir, $path, $isShipped = false)
{
$l = \OC::$server->getL10N('lib');
//load the info.xml file of the app
if (!is_file($extractDir . '/appinfo/info.xml')) {
//try to find it in a subdir
$dh = opendir($extractDir);
if (is_resource($dh)) {
while (($folder = readdir($dh)) !== false) {
if ($folder[0] != '.' and is_dir($extractDir . '/' . $folder)) {
if (is_file($extractDir . '/' . $folder . '/appinfo/info.xml')) {
$extractDir .= '/' . $folder;
}
}
}
}
}
if (!is_file($extractDir . '/appinfo/info.xml')) {
OC_Helper::rmdirr($extractDir);
if ($data['source'] === 'http') {
unlink($path);
}
throw new \Exception($l->t("App does not provide an info.xml file"));
}
$info = OC_App::getAppInfo($extractDir . '/appinfo/info.xml', true);
// We can't trust the parsed info.xml file as it may have been tampered
// with by an attacker and thus we need to use the local data to check
// whether the application needs to be signed.
$appId = OC_App::cleanAppId($data['appdata']['id']);
$appBelongingToId = OC_App::getInternalAppIdByOcs($appId);
if (is_string($appBelongingToId)) {
$previouslySigned = \OC::$server->getConfig()->getAppValue($appBelongingToId, 'signed', 'false');
} else {
$appBelongingToId = $info['id'];
$previouslySigned = 'false';
}
if ($data['appdata']['level'] === OC_App::officialApp || $previouslySigned === 'true') {
\OC::$server->getConfig()->setAppValue($appBelongingToId, 'signed', 'true');
$integrityResult = \OC::$server->getIntegrityCodeChecker()->verifyAppSignature($appBelongingToId, $extractDir);
if ($integrityResult !== []) {
$e = new \Exception($l->t('Signature could not get checked. Please contact the app developer and check your admin screen.'));
throw $e;
}
}
// check the code for not allowed calls
if (!$isShipped && !OC_Installer::checkCode($extractDir)) {
OC_Helper::rmdirr($extractDir);
throw new \Exception($l->t("App can't be installed because of not allowed code in the App"));
}
// check if the app is compatible with this version of ownCloud
if (!OC_App::isAppCompatible(\OCP\Util::getVersion(), $info)) {
OC_Helper::rmdirr($extractDir);
throw new \Exception($l->t("App can't be installed because it is not compatible with this version of ownCloud"));
}
// check if shipped tag is set which is only allowed for apps that are shipped with ownCloud
if (!$isShipped && isset($info['shipped']) && $info['shipped'] == 'true') {
OC_Helper::rmdirr($extractDir);
throw new \Exception($l->t("App can't be installed because it contains the <shipped>true</shipped> tag which is not allowed for non shipped apps"));
}
// check if the ocs version is the same as the version in info.xml/version
$version = trim($info['version']);
if (isset($data['appdata']['version']) && $version != trim($data['appdata']['version'])) {
OC_Helper::rmdirr($extractDir);
throw new \Exception($l->t("App can't be installed because the version in info.xml is not the same as the version reported from the app store"));
}
return $info;
}
<?php
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$appid = OC_App::enable(OC_App::cleanAppId($_POST['appid']));
if ($appid !== false) {
OC_JSON::success(array('data' => array('appid' => $appid)));
} else {
$l = OC_L10N::get('settings');
OC_JSON::error(array("data" => array("message" => $l->t("Could not enable app. "))));
}
public static function init()
{
// register autoloader
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader();
self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
self::$loader->registerPrefix('Sabre\\VObject', '3rdparty');
self::$loader->registerPrefix('Sabre_', '3rdparty');
self::$loader->registerPrefix('Patchwork', '3rdparty');
spl_autoload_register(array(self::$loader, 'load'));
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = php_sapi_name() == 'cli';
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (get_magic_quotes_gpc() == 1) {
ini_set('magic_quotes_runtime', 0);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//copy http auth headers for apache+php-fcgid work around
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
}
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
if (OC_Config::getValue('instanceid', false)) {
// \OC\Memcache\Cache has a hidden dependency on
// OC_Util::getInstanceId() for namespacing. See #5409.
try {
self::$loader->setMemoryCache(\OC\Memcache\Factory::createLowLatency('Autoloader'));
} catch (\Exception $ex) {
}
}
OC_Util::isSetLocaleWorking();
// set debug mode if an xdebug session is active
if (!defined('DEBUG') || !DEBUG) {
if (isset($_COOKIE['XDEBUG_SESSION'])) {
define('DEBUG', true);
}
}
if (!defined('PHPUNIT_RUN')) {
if (defined('DEBUG') and DEBUG) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
OC\Log\ErrorHandler::setLogger(OC_Log::$object);
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir');
stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream');
stream_wrapper_register('close', 'OC\\Files\\Stream\\Close');
stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota');
stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC');
// setup the basic server
self::$server = new \OC\Server();
self::initTemplateEngine();
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
} else {
self::$session = new \OC\Session\Memory('');
}
self::checkConfig();
self::checkInstalled();
self::checkSSL();
self::addSecurityHeaders();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
if (self::$CLI) {
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
}
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
}
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string) $sessionLifeTime);
// User and Groups
if (!OC_Config::getValue("installed", false)) {
self::$session->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) {
$sessionUser = self::$session->get('loginname');
$serverUser = $_SERVER['PHP_AUTH_USER'];
OC_Log::write('core', "Session loginname ({$sessionUser}) doesn't match SERVER[PHP_AUTH_USER] ({$serverUser}).", OC_Log::WARN);
OC_User::logout();
}
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
global $RUNTIME_APPTYPES;
if (!$RUNTIME_NOAPPS && !self::checkUpgrade(false)) {
if ($RUNTIME_APPTYPES) {
OC_App::loadApps($RUNTIME_APPTYPES);
} else {
OC_App::loadApps();
}
}
//setup extra user backends
OC_User::setupBackends();
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerPreviewHooks();
self::registerShareHooks();
self::registerLogRotate();
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files');
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null;
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
if (!OC_Helper::issubdirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
}
/**
* Handle the request
*/
public static function handleRequest()
{
\OC::$server->getEventLogger()->start('handle_request', 'Handle request');
$systemConfig = \OC::$server->getSystemConfig();
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!$systemConfig->getValue('installed', false)) {
\OC::$server->getSession()->clear();
$setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom());
$controller = new OC\Core\Controller\SetupController($setupHelper);
$controller->run($_POST);
exit;
}
$request = \OC::$server->getRequest();
$requestPath = $request->getPathInfo();
if (substr($requestPath, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
// emergency app disabling
if ($requestPath === '/disableapp' && $request->getMethod() === 'POST' && (string) $request->getParam('appid') !== '') {
\OCP\JSON::callCheck();
\OCP\JSON::checkAdminUser();
$appId = (string) $request->getParam('appid');
$appId = \OC_App::cleanAppId($appId);
\OC_App::disable($appId);
\OC_JSON::success();
exit;
}
// Always load authentication apps
OC_App::loadApps(['authentication']);
// Load minimum set of apps
if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false)) {
// For logged-in users: Load everything
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only filesystem and logging
OC_App::loadApps(array('filesystem', 'logging'));
\OC_User::tryBasicAuthLogin();
}
}
if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
try {
if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) {
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC_Util::setupFS();
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = \OC::$server->getURLGenerator()->getAbsoluteURL(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Redirect to index if the logout link is accessed without valid session
// this is needed to prevent "Token expired" messages while login if a session is expired
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
if (isset($_GET['logout']) && !OC_User::isLoggedIn()) {
header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/'));
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
OC_Util::setupFS();
if (isset($_GET["logout"]) and $_GET["logout"]) {
OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) {
\OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
OC_User::logout();
// redirect to webroot and add slash if webroot is empty
header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/'));
} else {
// Redirect to default application
OC_Util::redirectToDefaultPage();
}
} else {
// Not handled and not logged in
self::handleLogin();
}
}
/**
* Find the route matching $url
*
* @param string $url The url to find
* @throws \Exception
* @return void
*/
public function match($url)
{
if (substr($url, 0, 6) === '/apps/') {
// empty string / 'apps' / $app / rest of the route
list(, , $app, ) = explode('/', $url, 4);
$app = \OC_App::cleanAppId($app);
\OC::$REQUESTEDAPP = $app;
$this->loadRoutes($app);
} else {
if (substr($url, 0, 6) === '/core/' or substr($url, 0, 10) === '/settings/') {
\OC::$REQUESTEDAPP = $url;
if (!\OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
\OC_App::loadApps();
}
$this->loadRoutes('core');
} else {
$this->loadRoutes();
}
}
$matcher = new UrlMatcher($this->root, $this->context);
$parameters = $matcher->match($url);
if (isset($parameters['action'])) {
$action = $parameters['action'];
if (!is_callable($action)) {
var_dump($action);
throw new \Exception('not a callable action');
}
unset($parameters['action']);
call_user_func($action, $parameters);
} elseif (isset($parameters['file'])) {
include $parameters['file'];
} else {
throw new \Exception('no action available');
}
}
<?php
/**
* ownCloud - ajax frontend
*
* @author Jakob Sack
* @copyright 2011 Jakob Sack kde@jakobsack.de
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
$app = isset($_POST["app"]) ? $_POST["app"] : "";
$app = OC_App::cleanAppId($app);
$l = OC_L10N::get($app);
OC_JSON::success(array('data' => $l->getTranslations(), 'plural_form' => $l->getPluralFormString()));
* @author Lukas Reschke <*****@*****.**>
* @author Robin Appelman <*****@*****.**>
* @author Thomas Müller <*****@*****.**>
*
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$groups = isset($_POST['groups']) ? (array) $_POST['groups'] : null;
try {
$app = OC_App::cleanAppId((string) $_POST['appid']);
OC_App::enable($app, $groups);
OC_JSON::success(['data' => ['update_required' => \OC_App::shouldUpgrade($app)]]);
} catch (Exception $e) {
\OCP\Util::writeLog('core', $e->getMessage(), \OCP\Util::ERROR);
OC_JSON::error(array("data" => array("message" => $e->getMessage())));
}
/**
* Returns the URL of the default page
* based on the system configuration and
* the apps visible for the current user
*
* @return string URL
*/
public static function getDefaultPageUrl() {
$urlGenerator = \OC::$server->getURLGenerator();
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (isset($_REQUEST['redirect_url']) && strpos($_REQUEST['redirect_url'], '@') === false) {
$location = $urlGenerator->getAbsoluteURL(urldecode($_REQUEST['redirect_url']));
} else {
$defaultPage = OC_Appconfig::getValue('core', 'defaultpage');
if ($defaultPage) {
$location = $urlGenerator->getAbsoluteURL($defaultPage);
} else {
$appId = 'files';
$defaultApps = explode(',', \OCP\Config::getSystemValue('defaultapp', 'files'));
// find the first app that is enabled for the current user
foreach ($defaultApps as $defaultApp) {
$defaultApp = OC_App::cleanAppId(strip_tags($defaultApp));
if (OC_App::isEnabled($defaultApp)) {
$appId = $defaultApp;
break;
}
}
$location = $urlGenerator->getAbsoluteURL('/index.php/apps/' . $appId . '/');
}
}
return $location;
}
/**
* Handle the request
*/
public static function handleRequest()
{
\OC::$server->getEventLogger()->start('handle_request', 'Handle request');
$systemConfig = \OC::$server->getSystemConfig();
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!$systemConfig->getValue('installed', false)) {
\OC::$server->getSession()->clear();
$setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom());
$controller = new OC\Core\Controller\SetupController($setupHelper);
$controller->run($_POST);
exit;
}
$request = \OC::$server->getRequest();
// Check if requested URL matches 'index.php/occ'
$isOccControllerRequested = preg_match('|/index\\.php$|', $request->getScriptName()) === 1 && strpos($request->getPathInfo(), '/occ/') === 0;
$requestPath = $request->getRawPathInfo();
if (substr($requestPath, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode($request);
$needUpgrade = self::checkUpgrade(!$isOccControllerRequested);
}
// emergency app disabling
if ($requestPath === '/disableapp' && $request->getMethod() === 'POST' && (string) $request->getParam('appid') !== '') {
\OCP\JSON::callCheck();
\OCP\JSON::checkAdminUser();
$appId = (string) $request->getParam('appid');
$appId = \OC_App::cleanAppId($appId);
\OC_App::disable($appId);
\OC_JSON::success();
exit;
}
try {
// Always load authentication apps
OC_App::loadApps(['authentication']);
} catch (\OC\NeedsUpdateException $e) {
if ($isOccControllerRequested && $needUpgrade) {
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;
}
throw $e;
}
// Load minimum set of apps
if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false)) {
// For logged-in users: Load everything
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only filesystem and logging
OC_App::loadApps(array('filesystem', 'logging'));
self::handleLogin($request);
}
}
if (!self::$CLI) {
try {
if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) {
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC_Util::setupFS();
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
OC_Util::setupFS();
// FIXME
// Redirect to default application
OC_Util::redirectToDefaultPage();
} else {
// Not handled and not logged in
header('Location: ' . \OC::$server->getURLGenerator()->linkToRouteAbsolute('core.login.showLoginForm'));
}
}
*/
OCP\JSON::checkAdminUser();
OCP\JSON::callCheck();
if (!array_key_exists('appid', $_POST)) {
OCP\JSON::error(array('message' => 'No AppId given!'));
return;
}
$appId = (string) $_POST['appid'];
if (!is_numeric($appId)) {
$appId = \OC::$server->getAppConfig()->getValue($appId, 'ocsid', null);
if ($appId === null) {
OCP\JSON::error(array('message' => 'No OCS-ID found for app!'));
exit;
}
}
$appId = OC_App::cleanAppId($appId);
$config = \OC::$server->getConfig();
$config->setSystemValue('maintenance', true);
try {
$result = OC_Installer::updateAppByOCSId($appId);
$config->setSystemValue('maintenance', false);
} catch (Exception $ex) {
$config->setSystemValue('maintenance', false);
OC_JSON::error(array("data" => array("message" => $ex->getMessage())));
return;
}
if ($result !== false) {
OC_JSON::success(array('data' => array('appid' => $appId)));
} else {
$l = \OC::$server->getL10N('settings');
OC_JSON::error(array("data" => array("message" => $l->t("Couldn't update app."))));
<?php
/**
* Copyright (c) 2011, Robin Appelman <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*/
OC_Util::checkAdminUser();
OCP\JSON::callCheck();
$action = isset($_POST['action']) ? $_POST['action'] : $_GET['action'];
if (isset($_POST['app']) || isset($_GET['app'])) {
$app = OC_App::cleanAppId(isset($_POST['app']) ? $_POST['app'] : $_GET['app']);
}
// An admin should not be able to add remote and public services
// on its own. This should only be possible programmatically.
// This change is due the fact that an admin may not be expected
// to execute arbitrary code in every environment.
if ($app === 'core' && isset($_POST['key']) && (substr($_POST['key'], 0, 7) === 'remote_' || substr($_POST['key'], 0, 7) === 'public_')) {
OC_JSON::error(array('data' => array('message' => 'Unexpected error!')));
return;
}
$result = false;
switch ($action) {
case 'getValue':
$result = OC_Appconfig::getValue($app, $_GET['key'], $_GET['defaultValue']);
break;
case 'setValue':
$result = OC_Appconfig::setValue($app, $_POST['key'], $_POST['value']);
break;
case 'getApps':
$result = OC_Appconfig::getApps();
protected function init()
{
if ($this->app === true) {
return;
}
$app = OC_App::cleanAppId($this->app);
$lang = $this->lang;
$this->app = true;
// Find the right language
if (is_null($lang) || $lang == '') {
$lang = self::findLanguage($app);
}
// Use cache if possible
if (array_key_exists($app . '::' . $lang, self::$cache)) {
$this->translations = self::$cache[$app . '::' . $lang]['t'];
$this->localizations = self::$cache[$app . '::' . $lang]['l'];
} else {
$i18ndir = self::findI18nDir($app);
// Localization is in /l10n, Texts are in $i18ndir
// (Just no need to define date/time format etc. twice)
if ((OC_Helper::issubdirectory($i18ndir . $lang . '.php', OC_App::getAppPath($app) . '/l10n/') || OC_Helper::issubdirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/core/l10n/') || OC_Helper::issubdirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/lib/l10n/') || OC_Helper::issubdirectory($i18ndir . $lang . '.php', OC::$SERVERROOT . '/settings')) && file_exists($i18ndir . $lang . '.php')) {
// Include the file, save the data from $CONFIG
include strip_tags($i18ndir) . strip_tags($lang) . '.php';
if (isset($TRANSLATIONS) && is_array($TRANSLATIONS)) {
$this->translations = $TRANSLATIONS;
}
}
if (file_exists(OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php')) {
// Include the file, save the data from $CONFIG
include OC::$SERVERROOT . '/core/l10n/l10n-' . $lang . '.php';
if (isset($LOCALIZATIONS) && is_array($LOCALIZATIONS)) {
$this->localizations = array_merge($this->localizations, $LOCALIZATIONS);
}
}
self::$cache[$app . '::' . $lang]['t'] = $this->translations;
self::$cache[$app . '::' . $lang]['l'] = $this->localizations;
}
}
public static function init()
{
// register autoloader
spl_autoload_register(array('OC', 'autoload'));
OC_Util::issetlocaleworking();
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = php_sapi_name() == 'cli';
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (get_magic_quotes_gpc() == 1) {
ini_set('magic_quotes_runtime', 0);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//copy http auth headers for apache+php-fcgid work around
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
}
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
// set debug mode if an xdebug session is active
if (!defined('DEBUG') || !DEBUG) {
if (isset($_COOKIE['XDEBUG_SESSION'])) {
define('DEBUG', true);
}
}
if (!defined('PHPUNIT_RUN') and !(defined('DEBUG') and DEBUG)) {
register_shutdown_function(array('OC_Log', 'onShutdown'));
set_error_handler(array('OC_Log', 'onError'));
set_exception_handler(array('OC_Log', 'onException'));
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir');
stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream');
stream_wrapper_register('close', 'OC\\Files\\Stream\\Close');
stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC');
self::initTemplateEngine();
self::checkConfig();
self::checkInstalled();
self::checkSSL();
self::initSession();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string) $sessionLifeTime);
// User and Groups
if (!OC_Config::getValue("installed", false)) {
$_SESSION['user_id'] = '';
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) {
OC_User::logout();
}
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
global $RUNTIME_APPTYPES;
if (!$RUNTIME_NOAPPS) {
if ($RUNTIME_APPTYPES) {
OC_App::loadApps($RUNTIME_APPTYPES);
} else {
OC_App::loadApps();
}
}
//setup extra user backends
OC_User::setupBackends();
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerShareHooks();
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files');
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null;
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
if (!OC_Helper::issubdirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
// write error into log if locale can't be set
if (OC_Util::issetlocaleworking() == false) {
OC_Log::write('core', 'setting locale to en_US.UTF-8/en_US.UTF8 failed. Support is probably not installed on your system', OC_Log::ERROR);
}
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
}
protected function init()
{
if ($this->app === true) {
return;
}
$app = OC_App::cleanAppId($this->app);
$lang = str_replace(array('\\0', '/', '\\', '..'), '', $this->lang);
$this->app = true;
// Find the right language
if (is_null($lang) || $lang == '') {
$lang = self::findLanguage($app);
}
// Use cache if possible
if (array_key_exists($app . '::' . $lang, self::$cache)) {
$this->translations = self::$cache[$app . '::' . $lang]['t'];
} else {
$i18nDir = self::findI18nDir($app);
$transFile = strip_tags($i18nDir) . strip_tags($lang) . '.json';
// Texts are in $i18ndir
// (Just no need to define date/time format etc. twice)
if ((OC_Helper::isSubDirectory($transFile, OC::$SERVERROOT . '/core/l10n/') || OC_Helper::isSubDirectory($transFile, OC::$SERVERROOT . '/lib/l10n/') || OC_Helper::isSubDirectory($transFile, OC::$SERVERROOT . '/settings') || OC_Helper::isSubDirectory($transFile, OC_App::getAppPath($app) . '/l10n/')) && file_exists($transFile)) {
// load the translations file
if ($this->load($transFile)) {
//merge with translations from theme
$theme = \OC::$server->getConfig()->getSystemValue('theme');
if (!empty($theme)) {
$transFile = OC::$SERVERROOT . '/themes/' . $theme . substr($transFile, strlen(OC::$SERVERROOT));
if (file_exists($transFile)) {
$this->load($transFile, true);
}
}
}
}
self::$cache[$app . '::' . $lang]['t'] = $this->translations;
}
}
<?php OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); OC_App::disable(OC_App::cleanAppId($_POST['appid'])); OC_JSON::success();
