public static function initAjaxController() { \OCP\JSON::checkLoggedIn(); \OCP\JSON::callCheck(); \OCP\JSON::checkAppEnabled('contacts'); \OCP\JSON::checkAppEnabled(self::APP_ID); }
/** * Do security precheck * @param bool callcheck - whether security token check is needed * @return string userId of the currently logged in user */ public static function preDispatch($callcheck = true) { if ($callcheck) { \OCP\JSON::callCheck(); } \OCP\JSON::checkAppEnabled('documents'); \OCP\JSON::checkLoggedIn(); return \OCP\User::getUser(); }
/** * Runs all security checks */ public function runChecks() { if ($this->csrfCheck) { \OCP\JSON::callCheck(); } if ($this->loggedInCheck) { \OCP\JSON::checkLoggedIn(); } if ($this->appEnabledCheck) { \OCP\JSON::checkAppEnabled($this->appName); } if ($this->isAdminCheck) { \OCP\User::checkAdminUser(); } }
/** * @NoAdminRequired * @NoCSRFRequired * @SSOCORS */ public function getFileList($dir = null, $sortby = 'name', $sort = false) { \OCP\JSON::checkLoggedIn(); \OC::$server->getSession()->close(); // Load the files $dir = $dir ? (string) $dir : ''; $dir = \OC\Files\Filesystem::normalizePath($dir); try { $dirInfo = \OC\Files\Filesystem::getFileInfo($dir); if (!$dirInfo || !$dirInfo->getType() === 'dir') { header('HTTP/1.0 404 Not Found'); exit; } $data = array(); $baseUrl = \OCP\Util::linkTo('files', 'index.php') . '?dir='; $permissions = $dirInfo->getPermissions(); $sortDirection = $sort === 'desc'; $mimetypeFilters = ''; $files = []; if (is_array($mimetypeFilters) && count($mimetypeFilters)) { $mimetypeFilters = array_unique($mimetypeFilters); if (!in_array('httpd/unix-directory', $mimetypeFilters)) { $mimetypeFilters[] = 'httpd/unix-directory'; } foreach ($mimetypeFilters as $mimetypeFilter) { $files = array_merge($files, \OCA\Files\Helper::getFiles($dir, $sortby, $sortDirection, $mimetypeFilter)); } $files = \OCA\Files\Helper::sortFiles($files, $sortby, $sortDirection); } else { $files = \OCA\Files\Helper::getFiles($dir, $sortby, $sortDirection); } $files = \OCA\Files\Helper::populateTags($files); $data['directory'] = $dir; $data['files'] = \OCA\Files\Helper::formatFileInfos($files); $data['permissions'] = $permissions; return new DataResponse(array('data' => $data, 'status' => 'success')); } catch (\OCP\Files\StorageNotAvailableException $e) { \OCP\Util::logException('files', $e); return new DataResponse(array('data' => array('exception' => '\\OCP\\Files\\StorageNotAvailableException', 'message' => 'Storage not available'), 'status' => 'error')); } catch (\OCP\Files\StorageInvalidException $e) { \OCP\Util::logException('files', $e); return new DataResponse(array('data' => array('exception' => '\\OCP\\Files\\StorageInvalidException', 'message' => 'Storage invalid'), 'status' => 'error')); } catch (\Exception $e) { \OCP\Util::logException('files', $e); return new DataResponse(array('data' => array('exception' => '\\Exception', 'message' => 'Unknown error'), 'status' => 'error')); } }
* * This code is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ \OCP\JSON::checkAppEnabled('files_external_listing'); \OCP\JSON::checkLoggedIn(); \OCP\JSON::callCheck(); \OC_JSON::checkAdminUser(); $defaultDir = '/home'; if (\OC_Util::runningOnWindows()) { $defaultDir = 'C:\\'; } $localroot = OCP\Config::getAppValue('files_external_listing', 'starting_dir', $defaultDir); if (isset($_POST['path'])) { $path = realpath($_POST['path']); if (strpos($path, $localroot) === 0 or empty($_POST['path'])) { if (empty($_POST['path'])) { $path = $localroot; } if (!is_dir($path)) { //path is incorrect or is a file. Nothing to do, we work only with dirs
/** * @NoAdminRequired * @PublicPage */ public function poll($command, $args) { $response = new JSONResponse(); try { $esId = isset($args['es_id']) ? $args['es_id'] : null; $session = new Db\Session(); $session->load($esId); $memberId = isset($args['member_id']) ? $args['member_id'] : null; $member = new Db\Member(); $member->load($memberId); if (!$member->getIsGuest()) { \OCP\JSON::checkLoggedIn(); } try { new File($session->getFileId()); } catch (\Exception $e) { $this->logger->warning('Error. Session no longer exists. ' . $e->getMessage(), array('app' => $this->appName)); $ex = new BadRequestException(); $ex->setBody(implode(',', $this->request->getParams())); throw $ex; } switch ($command) { case 'sync_ops': $seqHead = (string) isset($args['seq_head']) ? $args['seq_head'] : null; if (!is_null($seqHead)) { $ops = isset($args['client_ops']) ? $args['client_ops'] : array(); $op = new Db\Op(); $currentHead = $op->getHeadSeq($esId); try { $member->updateActivity($memberId); } catch (\Exception $e) { //Db error. Not critical } $response->setData($session->syncOps($memberId, $currentHead, $seqHead, $ops)); $inactiveMembers = $member->updateByTimeout($esId); foreach ($inactiveMembers as $inactive) { $op->removeCursor($esId, $inactive); $op->removeMember($esId, $inactive); } } else { // Error - no seq_head passed throw new BadRequestException(); } break; default: $ex = new BadRequestException(); $ex->setBody(implode(',', $this->request->getParams())); throw $ex; } } catch (BadRequestException $e) { $response->setStatus(Http::STATUS_BAD_REQUEST); $response->setData(array('err' => 'bad request:[' . $e->getBody() . ']')); } return $response; }