예제 #1
0
파일: request.php 프로젝트: Romua1d/core
 public function testGetOverwriteHost()
 {
     unset($_SERVER['REMOTE_ADDR']);
     OC_Config::deleteKey('overwritecondaddr');
     OC_Config::deleteKey('overwritehost');
     $host = OC_Request::getOverwriteHost();
     $this->assertNull($host);
     OC_Config::setValue('overwritehost', '');
     $host = OC_Request::getOverwriteHost();
     $this->assertNull($host);
     OC_Config::setValue('overwritehost', 'host.one.test:8080');
     $host = OC_Request::getOverwriteHost();
     $this->assertEquals('host.one.test:8080', $host);
     $_SERVER['REMOTE_ADDR'] = 'somehost.test:8080';
     OC_Config::setValue('overwritecondaddr', '^somehost\\..*$');
     $host = OC_Request::getOverwriteHost();
     $this->assertEquals('host.one.test:8080', $host);
     OC_Config::setValue('overwritecondaddr', '^somethingelse.*$');
     $host = OC_Request::getOverwriteHost();
     $this->assertNull($host);
     // clean up
     unset($_SERVER['REMOTE_ADDR']);
     OC_Config::deleteKey('overwritecondaddr');
     OC_Config::deleteKey('overwritehost');
 }
예제 #2
0
	public static function init() {
		// register autoloader
		$loaderStart = microtime(true);
		require_once __DIR__ . '/autoloader.php';
		self::$loader = new \OC\Autoloader();
		spl_autoload_register(array(self::$loader, 'load'));
		$loaderEnd = microtime(true);

		self::initPaths();

		// setup 3rdparty autoloader
		$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
		if (file_exists($vendorAutoLoad)) {
			require_once $vendorAutoLoad;
		} else {
			OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
			// we can't use the template error page here, because this needs the
			// DI container which isn't available yet
			print('Composer autoloader not found, unable to continue. Check the folder "3rdparty".');
			exit();
		}

		// setup the basic server
		self::$server = new \OC\Server(\OC::$WEBROOT);
		\OC::$server->getEventLogger()->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd);
		\OC::$server->getEventLogger()->start('boot', 'Initialize');

		// set some stuff
		//ob_start();
		error_reporting(E_ALL | E_STRICT);
		if (defined('DEBUG') && DEBUG) {
			ini_set('display_errors', 1);
		}
		self::$CLI = (php_sapi_name() == 'cli');

		date_default_timezone_set('UTC');
		ini_set('arg_separator.output', '&');

		//try to configure php to enable big file uploads.
		//this doesn´t work always depending on the webserver and php configuration.
		//Let´s try to overwrite some defaults anyways

		//try to set the maximum execution time to 60min
		@set_time_limit(3600);
		@ini_set('max_execution_time', 3600);
		@ini_set('max_input_time', 3600);

		//try to set the maximum filesize to 10G
		@ini_set('upload_max_filesize', '10G');
		@ini_set('post_max_size', '10G');
		@ini_set('file_uploads', '50');

		self::handleAuthHeaders();
		self::registerAutoloaderCache();

		// initialize intl fallback is necessary
		\Patchwork\Utf8\Bootup::initIntl();
		OC_Util::isSetLocaleWorking();

		if (!defined('PHPUNIT_RUN')) {
			OC\Log\ErrorHandler::setLogger(OC_Log::$object);
			if (defined('DEBUG') and DEBUG) {
				OC\Log\ErrorHandler::register(true);
				set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
			} else {
				OC\Log\ErrorHandler::register();
			}
		}

		// register the stream wrappers
		stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir');
		stream_wrapper_register('static', 'OC\Files\Stream\StaticStream');
		stream_wrapper_register('close', 'OC\Files\Stream\Close');
		stream_wrapper_register('quota', 'OC\Files\Stream\Quota');
		stream_wrapper_register('oc', 'OC\Files\Stream\OC');

		\OC::$server->getEventLogger()->start('init_session', 'Initialize session');
		OC_App::loadApps(array('session'));
		if (!self::$CLI) {
			self::initSession();
		}
		\OC::$server->getEventLogger()->end('init_session');
		self::initTemplateEngine();
		self::checkConfig();
		self::checkInstalled();
		self::checkSSL();
		OC_Response::addSecurityHeaders();

		$errors = OC_Util::checkServer(\OC::$server->getConfig());
		if (count($errors) > 0) {
			if (self::$CLI) {
				foreach ($errors as $error) {
					echo $error['error'] . "\n";
					echo $error['hint'] . "\n\n";
				}
			} else {
				OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
				OC_Template::printGuestPage('', 'error', array('errors' => $errors));
			}
			exit;
		}

		//try to set the session lifetime
		$sessionLifeTime = self::getSessionLifeTime();
		@ini_set('gc_maxlifetime', (string)$sessionLifeTime);

		$systemConfig = \OC::$server->getSystemConfig();

		// User and Groups
		if (!$systemConfig->getValue("installed", false)) {
			self::$server->getSession()->set('user_id', '');
		}

		OC_User::useBackend(new OC_User_Database());
		OC_Group::useBackend(new OC_Group_Database());

		//setup extra user backends
		if (!self::checkUpgrade(false)) {
			OC_User::setupBackends();
		}

		self::registerCacheHooks();
		self::registerFilesystemHooks();
		self::registerPreviewHooks();
		self::registerShareHooks();
		self::registerLogRotate();
		self::registerLocalAddressBook();

		//make sure temporary files are cleaned up
		$tmpManager = \OC::$server->getTempManager();
		register_shutdown_function(array($tmpManager, 'clean'));

		if ($systemConfig->getValue('installed', false) && !self::checkUpgrade(false)) {
			if (\OC::$server->getConfig()->getAppValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
				OC_Util::addScript('backgroundjobs');
			}
		}

		// Check whether the sample configuration has been copied
		if($systemConfig->getValue('copied_sample_config', false)) {
			$l = \OC::$server->getL10N('lib');
			header('HTTP/1.1 503 Service Temporarily Unavailable');
			header('Status: 503 Service Temporarily Unavailable');
			OC_Template::printErrorPage(
				$l->t('Sample configuration detected'),
				$l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php')
			);
			return;
		}

		$host = OC_Request::insecureServerHost();
		// if the host passed in headers isn't trusted
		if (!OC::$CLI
			// overwritehost is always trusted
			&& OC_Request::getOverwriteHost() === null
			&& !OC_Request::isTrustedDomain($host)
		) {
			header('HTTP/1.1 400 Bad Request');
			header('Status: 400 Bad Request');

			$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
			$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
			$tmpl->printPage();

			exit();
		}
		\OC::$server->getEventLogger()->end('boot');
	}
예제 #3
0
 /**
  * @brief Handle the request
  */
 public static function handleRequest()
 {
     // load all the classpaths from the enabled apps so they are available
     // in the routing files of each app
     OC::loadAppClassPaths();
     // Check if ownCloud is installed or in maintenance (update) mode
     if (!OC_Config::getValue('installed', false)) {
         require_once 'core/setup.php';
         exit;
     }
     $host = OC_Request::insecureServerHost();
     // if the host passed in headers isn't trusted
     if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
         header('HTTP/1.1 400 Bad Request');
         header('Status: 400 Bad Request');
         OC_Template::printErrorPage('You are accessing the server from an untrusted domain.', 'Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.');
         return;
     }
     $request = OC_Request::getPathInfo();
     if (substr($request, -3) !== '.js') {
         // we need these files during the upgrade
         self::checkMaintenanceMode();
         self::checkUpgrade();
     }
     // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
     OC::tryBasicAuthLogin();
     if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
         try {
             if (!OC_Config::getValue('maintenance', false)) {
                 OC_App::loadApps();
             }
             self::checkSingleUserMode();
             OC::getRouter()->match(OC_Request::getRawPathInfo());
             return;
         } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
             //header('HTTP/1.0 404 Not Found');
         } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
             OC_Response::setStatus(405);
             return;
         }
     }
     $app = OC::$REQUESTEDAPP;
     $file = OC::$REQUESTEDFILE;
     $param = array('app' => $app, 'file' => $file);
     // Handle app css files
     if (substr($file, -3) == 'css') {
         self::loadCSSFile($param);
         return;
     }
     // Handle redirect URL for logged in users
     if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
         $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
         // Deny the redirect if the URL contains a @
         // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
         if (strpos($location, '@') === false) {
             header('Location: ' . $location);
             return;
         }
     }
     // Handle WebDAV
     if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
         // not allowed any more to prevent people
         // mounting this root directly.
         // Users need to mount remote.php/webdav instead.
         header('HTTP/1.1 405 Method Not Allowed');
         header('Status: 405 Method Not Allowed');
         return;
     }
     // Someone is logged in :
     if (OC_User::isLoggedIn()) {
         OC_App::loadApps();
         OC_User::setupBackends();
         if (isset($_GET["logout"]) and $_GET["logout"]) {
             if (isset($_COOKIE['oc_token'])) {
                 OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
             }
             OC_User::logout();
             header("Location: " . OC::$WEBROOT . '/');
         } else {
             if (is_null($file)) {
                 $param['file'] = 'index.php';
             }
             $file_ext = substr($param['file'], -3);
             if ($file_ext != 'php' || !self::loadAppScriptFile($param)) {
                 header('HTTP/1.0 404 Not Found');
             }
         }
         return;
     }
     // Not handled and not logged in
     self::handleLogin();
 }
예제 #4
0
	public static function init() {
		// register autoloader
		require_once __DIR__ . '/autoloader.php';
		self::$loader = new \OC\Autoloader();
		self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
		self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
		self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
		self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
		self::$loader->registerPrefix('Patchwork', '3rdparty');
		self::$loader->registerPrefix('Pimple', '3rdparty/Pimple');
		spl_autoload_register(array(self::$loader, 'load'));

		// make a dummy session available as early as possible since error pages need it
		self::$session = new \OC\Session\Memory('');

		// set some stuff
		//ob_start();
		error_reporting(E_ALL | E_STRICT);
		if (defined('DEBUG') && DEBUG) {
			ini_set('display_errors', 1);
		}
		self::$CLI = (php_sapi_name() == 'cli');

		date_default_timezone_set('UTC');
		ini_set('arg_separator.output', '&');

		// try to switch magic quotes off.
		if (get_magic_quotes_gpc() == 1) {
			ini_set('magic_quotes_runtime', 0);
		}

		//try to configure php to enable big file uploads.
		//this doesn´t work always depending on the webserver and php configuration.
		//Let´s try to overwrite some defaults anyways

		//try to set the maximum execution time to 60min
		@set_time_limit(3600);
		@ini_set('max_execution_time', 3600);
		@ini_set('max_input_time', 3600);

		//try to set the maximum filesize to 10G
		@ini_set('upload_max_filesize', '10G');
		@ini_set('post_max_size', '10G');
		@ini_set('file_uploads', '50');

		self::handleAuthHeaders();
		self::initPaths();
		self::registerAutoloaderCache();

		OC_Util::isSetLocaleWorking();

		// setup 3rdparty autoloader
		$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
		if (file_exists($vendorAutoLoad)) {
			require_once $vendorAutoLoad;
		}

		if (!defined('PHPUNIT_RUN')) {
			OC\Log\ErrorHandler::setLogger(OC_Log::$object);
			if (defined('DEBUG') and DEBUG) {
				OC\Log\ErrorHandler::register(true);
				set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
			} else {
				OC\Log\ErrorHandler::register();
			}
		}

		// register the stream wrappers
		stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir');
		stream_wrapper_register('static', 'OC\Files\Stream\StaticStream');
		stream_wrapper_register('close', 'OC\Files\Stream\Close');
		stream_wrapper_register('quota', 'OC\Files\Stream\Quota');
		stream_wrapper_register('oc', 'OC\Files\Stream\OC');

		// setup the basic server
		self::$server = new \OC\Server();

		self::initTemplateEngine();
		OC_App::loadApps(array('session'));
		if (!self::$CLI) {
			self::initSession();
		} else {
			self::$session = new \OC\Session\Memory('');
		}
		self::checkConfig();
		self::checkInstalled();
		self::checkSSL();
		OC_Response::addSecurityHeaders();

		$errors = OC_Util::checkServer(\OC::$server->getConfig());
		if (count($errors) > 0) {
			if (self::$CLI) {
				foreach ($errors as $error) {
					echo $error['error'] . "\n";
					echo $error['hint'] . "\n\n";
				}
			} else {
				OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
				OC_Template::printGuestPage('', 'error', array('errors' => $errors));
			}
			exit;
		}

		//try to set the session lifetime
		$sessionLifeTime = self::getSessionLifeTime();
		@ini_set('gc_maxlifetime', (string)$sessionLifeTime);

		// User and Groups
		if (!OC_Config::getValue("installed", false)) {
			self::$session->set('user_id', '');
		}

		OC_User::useBackend(new OC_User_Database());
		OC_Group::useBackend(new OC_Group_Database());

		//setup extra user backends
		if (!self::checkUpgrade(false)) {
			OC_User::setupBackends();
		}

		self::registerCacheHooks();
		self::registerFilesystemHooks();
		self::registerPreviewHooks();
		self::registerShareHooks();
		self::registerLogRotate();
		self::registerLocalAddressBook();

		//make sure temporary files are cleaned up
		register_shutdown_function(array('OC_Helper', 'cleanTmp'));

		if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
			if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
				OC_Util::addScript('backgroundjobs');
			}
		}

		$host = OC_Request::insecureServerHost();
		// if the host passed in headers isn't trusted
		if (!OC::$CLI
			// overwritehost is always trusted
			&& OC_Request::getOverwriteHost() === null
			&& !OC_Request::isTrustedDomain($host)
		) {
			header('HTTP/1.1 400 Bad Request');
			header('Status: 400 Bad Request');

			$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
			$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
			$tmpl->printPage();

			exit();
		}
	}
예제 #5
0
 /**
  * Handle the request
  */
 public static function handleRequest()
 {
     $l = \OC_L10N::get('lib');
     // load all the classpaths from the enabled apps so they are available
     // in the routing files of each app
     OC::loadAppClassPaths();
     // Check if ownCloud is installed or in maintenance (update) mode
     if (!OC_Config::getValue('installed', false)) {
         $controller = new OC\Core\Setup\Controller();
         $controller->run($_POST);
         exit;
     }
     $host = OC_Request::insecureServerHost();
     // if the host passed in headers isn't trusted
     if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
         header('HTTP/1.1 400 Bad Request');
         header('Status: 400 Bad Request');
         OC_Template::printErrorPage($l->t('You are accessing the server from an untrusted domain.'), $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.'));
         return;
     }
     $request = OC_Request::getPathInfo();
     if (substr($request, -3) !== '.js') {
         // we need these files during the upgrade
         self::checkMaintenanceMode();
         self::checkUpgrade();
     }
     if (!OC_User::isLoggedIn()) {
         // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
         OC::tryBasicAuthLogin();
     }
     if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
         try {
             if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
                 OC_App::loadApps(array('authentication'));
                 OC_App::loadApps(array('filesystem', 'logging'));
                 OC_App::loadApps();
             }
             self::checkSingleUserMode();
             OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
             return;
         } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
             //header('HTTP/1.0 404 Not Found');
         } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
             OC_Response::setStatus(405);
             return;
         }
     }
     // Load minimum set of apps
     if (!self::checkUpgrade(false)) {
         // For logged-in users: Load everything
         if (OC_User::isLoggedIn()) {
             OC_App::loadApps();
         } else {
             // For guests: Load only authentication, filesystem and logging
             OC_App::loadApps(array('authentication'));
             OC_App::loadApps(array('filesystem', 'logging'));
         }
     }
     // Handle redirect URL for logged in users
     if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
         $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
         // Deny the redirect if the URL contains a @
         // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
         if (strpos($location, '@') === false) {
             header('Location: ' . $location);
             return;
         }
     }
     // Handle WebDAV
     if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
         // not allowed any more to prevent people
         // mounting this root directly.
         // Users need to mount remote.php/webdav instead.
         header('HTTP/1.1 405 Method Not Allowed');
         header('Status: 405 Method Not Allowed');
         return;
     }
     // Redirect to index if the logout link is accessed without valid session
     // this is needed to prevent "Token expired" messages while login if a session is expired
     // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
     if (isset($_GET['logout']) && !OC_User::isLoggedIn()) {
         header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
         return;
     }
     // Someone is logged in
     if (OC_User::isLoggedIn()) {
         OC_App::loadApps();
         OC_User::setupBackends();
         if (isset($_GET["logout"]) and $_GET["logout"]) {
             OC_JSON::callCheck();
             if (isset($_COOKIE['oc_token'])) {
                 OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
             }
             if (isset($_SERVER['PHP_AUTH_USER'])) {
                 if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
                     // Ignore HTTP Authentication for 5 more mintues.
                     setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
                 } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
                     // Ignore HTTP Authentication to allow a different user to log in.
                     setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
                 }
             }
             OC_User::logout();
             // redirect to webroot and add slash if webroot is empty
             header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
         } else {
             // Redirect to default application
             OC_Util::redirectToDefaultPage();
         }
     } else {
         // Not handled and not logged in
         self::handleLogin();
     }
 }