public function testGetOverwriteHost()
{
unset($_SERVER['REMOTE_ADDR']);
OC_Config::deleteKey('overwritecondaddr');
OC_Config::deleteKey('overwritehost');
$host = OC_Request::getOverwriteHost();
$this->assertNull($host);
OC_Config::setValue('overwritehost', '');
$host = OC_Request::getOverwriteHost();
$this->assertNull($host);
OC_Config::setValue('overwritehost', 'host.one.test:8080');
$host = OC_Request::getOverwriteHost();
$this->assertEquals('host.one.test:8080', $host);
$_SERVER['REMOTE_ADDR'] = 'somehost.test:8080';
OC_Config::setValue('overwritecondaddr', '^somehost\\..*$');
$host = OC_Request::getOverwriteHost();
$this->assertEquals('host.one.test:8080', $host);
OC_Config::setValue('overwritecondaddr', '^somethingelse.*$');
$host = OC_Request::getOverwriteHost();
$this->assertNull($host);
// clean up
unset($_SERVER['REMOTE_ADDR']);
OC_Config::deleteKey('overwritecondaddr');
OC_Config::deleteKey('overwritehost');
}
public static function init() {
// register autoloader
$loaderStart = microtime(true);
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader();
spl_autoload_register(array(self::$loader, 'load'));
$loaderEnd = microtime(true);
self::initPaths();
// setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (file_exists($vendorAutoLoad)) {
require_once $vendorAutoLoad;
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
// we can't use the template error page here, because this needs the
// DI container which isn't available yet
print('Composer autoloader not found, unable to continue. Check the folder "3rdparty".');
exit();
}
// setup the basic server
self::$server = new \OC\Server(\OC::$WEBROOT);
\OC::$server->getEventLogger()->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd);
\OC::$server->getEventLogger()->start('boot', 'Initialize');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = (php_sapi_name() == 'cli');
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
self::handleAuthHeaders();
self::registerAutoloaderCache();
// initialize intl fallback is necessary
\Patchwork\Utf8\Bootup::initIntl();
OC_Util::isSetLocaleWorking();
if (!defined('PHPUNIT_RUN')) {
OC\Log\ErrorHandler::setLogger(OC_Log::$object);
if (defined('DEBUG') and DEBUG) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir');
stream_wrapper_register('static', 'OC\Files\Stream\StaticStream');
stream_wrapper_register('close', 'OC\Files\Stream\Close');
stream_wrapper_register('quota', 'OC\Files\Stream\Quota');
stream_wrapper_register('oc', 'OC\Files\Stream\OC');
\OC::$server->getEventLogger()->start('init_session', 'Initialize session');
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
}
\OC::$server->getEventLogger()->end('init_session');
self::initTemplateEngine();
self::checkConfig();
self::checkInstalled();
self::checkSSL();
OC_Response::addSecurityHeaders();
$errors = OC_Util::checkServer(\OC::$server->getConfig());
if (count($errors) > 0) {
if (self::$CLI) {
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
}
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
}
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string)$sessionLifeTime);
$systemConfig = \OC::$server->getSystemConfig();
// User and Groups
if (!$systemConfig->getValue("installed", false)) {
self::$server->getSession()->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
//setup extra user backends
if (!self::checkUpgrade(false)) {
OC_User::setupBackends();
}
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerPreviewHooks();
self::registerShareHooks();
self::registerLogRotate();
self::registerLocalAddressBook();
//make sure temporary files are cleaned up
$tmpManager = \OC::$server->getTempManager();
register_shutdown_function(array($tmpManager, 'clean'));
if ($systemConfig->getValue('installed', false) && !self::checkUpgrade(false)) {
if (\OC::$server->getConfig()->getAppValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
// Check whether the sample configuration has been copied
if($systemConfig->getValue('copied_sample_config', false)) {
$l = \OC::$server->getL10N('lib');
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
OC_Template::printErrorPage(
$l->t('Sample configuration detected'),
$l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php')
);
return;
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI
// overwritehost is always trusted
&& OC_Request::getOverwriteHost() === null
&& !OC_Request::isTrustedDomain($host)
) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
$tmpl->printPage();
exit();
}
\OC::$server->getEventLogger()->end('boot');
}
/**
* @brief Handle the request
*/
public static function handleRequest()
{
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!OC_Config::getValue('installed', false)) {
require_once 'core/setup.php';
exit;
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
OC_Template::printErrorPage('You are accessing the server from an untrusted domain.', 'Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.');
return;
}
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
OC::tryBasicAuthLogin();
if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
try {
if (!OC_Config::getValue('maintenance', false)) {
OC_App::loadApps();
}
self::checkSingleUserMode();
OC::getRouter()->match(OC_Request::getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
$app = OC::$REQUESTEDAPP;
$file = OC::$REQUESTEDFILE;
$param = array('app' => $app, 'file' => $file);
// Handle app css files
if (substr($file, -3) == 'css') {
self::loadCSSFile($param);
return;
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Someone is logged in :
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
if (isset($_GET["logout"]) and $_GET["logout"]) {
if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
OC_User::logout();
header("Location: " . OC::$WEBROOT . '/');
} else {
if (is_null($file)) {
$param['file'] = 'index.php';
}
$file_ext = substr($param['file'], -3);
if ($file_ext != 'php' || !self::loadAppScriptFile($param)) {
header('HTTP/1.0 404 Not Found');
}
}
return;
}
// Not handled and not logged in
self::handleLogin();
}
public static function init() {
// register autoloader
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader();
self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
self::$loader->registerPrefix('Patchwork', '3rdparty');
self::$loader->registerPrefix('Pimple', '3rdparty/Pimple');
spl_autoload_register(array(self::$loader, 'load'));
// make a dummy session available as early as possible since error pages need it
self::$session = new \OC\Session\Memory('');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = (php_sapi_name() == 'cli');
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (get_magic_quotes_gpc() == 1) {
ini_set('magic_quotes_runtime', 0);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
self::handleAuthHeaders();
self::initPaths();
self::registerAutoloaderCache();
OC_Util::isSetLocaleWorking();
// setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (file_exists($vendorAutoLoad)) {
require_once $vendorAutoLoad;
}
if (!defined('PHPUNIT_RUN')) {
OC\Log\ErrorHandler::setLogger(OC_Log::$object);
if (defined('DEBUG') and DEBUG) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir');
stream_wrapper_register('static', 'OC\Files\Stream\StaticStream');
stream_wrapper_register('close', 'OC\Files\Stream\Close');
stream_wrapper_register('quota', 'OC\Files\Stream\Quota');
stream_wrapper_register('oc', 'OC\Files\Stream\OC');
// setup the basic server
self::$server = new \OC\Server();
self::initTemplateEngine();
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
} else {
self::$session = new \OC\Session\Memory('');
}
self::checkConfig();
self::checkInstalled();
self::checkSSL();
OC_Response::addSecurityHeaders();
$errors = OC_Util::checkServer(\OC::$server->getConfig());
if (count($errors) > 0) {
if (self::$CLI) {
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
}
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
}
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string)$sessionLifeTime);
// User and Groups
if (!OC_Config::getValue("installed", false)) {
self::$session->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
//setup extra user backends
if (!self::checkUpgrade(false)) {
OC_User::setupBackends();
}
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerPreviewHooks();
self::registerShareHooks();
self::registerLogRotate();
self::registerLocalAddressBook();
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI
// overwritehost is always trusted
&& OC_Request::getOverwriteHost() === null
&& !OC_Request::isTrustedDomain($host)
) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
$tmpl->printPage();
exit();
}
}
/**
* Handle the request
*/
public static function handleRequest()
{
$l = \OC_L10N::get('lib');
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!OC_Config::getValue('installed', false)) {
$controller = new OC\Core\Setup\Controller();
$controller->run($_POST);
exit;
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
OC_Template::printErrorPage($l->t('You are accessing the server from an untrusted domain.'), $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.'));
return;
}
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
if (!OC_User::isLoggedIn()) {
// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
OC::tryBasicAuthLogin();
}
if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
try {
if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Load minimum set of apps
if (!self::checkUpgrade(false)) {
// For logged-in users: Load everything
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only authentication, filesystem and logging
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
}
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Redirect to index if the logout link is accessed without valid session
// this is needed to prevent "Token expired" messages while login if a session is expired
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
if (isset($_GET['logout']) && !OC_User::isLoggedIn()) {
header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
if (isset($_GET["logout"]) and $_GET["logout"]) {
OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
if (isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
// Ignore HTTP Authentication for 5 more mintues.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
} elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
// Ignore HTTP Authentication to allow a different user to log in.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
}
}
OC_User::logout();
// redirect to webroot and add slash if webroot is empty
header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
} else {
// Redirect to default application
OC_Util::redirectToDefaultPage();
}
} else {
// Not handled and not logged in
self::handleLogin();
}
}