Exemplo n.º 1
0
 /**
  * @brief Constructor
  * @param string $app app providing the template
  * @param string $name of the template file (without suffix)
  * @param string $renderas = ""; produce a full page
  * @return OC_Template object
  *
  * This function creates an OC_Template object.
  *
  * If $renderas is set, OC_Template will try to produce a full page in the
  * according layout. For now, renderas can be set to "guest", "user" or
  * "admin".
  */
 public function __construct($app, $name, $renderas = "")
 {
     // Read the selected theme from the config file
     $theme = OC_Util::getTheme();
     // Read the detected formfactor and use the right file name.
     $fext = self::getFormFactorExtension();
     $requesttoken = OC::$session ? OC_Util::callRegister() : '';
     $parts = explode('/', $app);
     // fix translation when app is something like core/lostpassword
     $l10n = OC_L10N::get($parts[0]);
     $themeDefaults = new OC_Defaults();
     list($path, $template) = $this->findTemplate($theme, $app, $name, $fext);
     // Set the private data
     $this->renderas = $renderas;
     $this->path = $path;
     parent::__construct($template, $requesttoken, $l10n, $themeDefaults);
     // Some headers to enhance security
     header('X-XSS-Protection: 1; mode=block');
     // Enforce browser based XSS filters
     header('X-Content-Type-Options: nosniff');
     // Disable sniffing the content type for IE
     // iFrame Restriction Policy
     $xFramePolicy = OC_Config::getValue('xframe_restriction', true);
     if ($xFramePolicy) {
         header('X-Frame-Options: Sameorigin');
         // Disallow iFraming from other domains
     }
     // Content Security Policy
     // If you change the standard policy, please also change it in config.sample.php
     $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; ' . 'script-src \'self\' \'unsafe-eval\'; ' . 'style-src \'self\' \'unsafe-inline\'; ' . 'frame-src *; ' . 'img-src *; ' . 'font-src \'self\' data:; ' . 'media-src *');
     header('Content-Security-Policy:' . $policy);
     // Standard
 }
Exemplo n.º 2
0
 /**
  * Constructor
  * @param string $app app providing the template
  * @param string $name of the template file (without suffix)
  * @param string $renderas = ""; produce a full page
  * @param bool $registerCall = true
  * @return OC_Template object
  *
  * This function creates an OC_Template object.
  *
  * If $renderas is set, OC_Template will try to produce a full page in the
  * according layout. For now, renderas can be set to "guest", "user" or
  * "admin".
  */
 public function __construct($app, $name, $renderas = "", $registerCall = true)
 {
     // Read the selected theme from the config file
     $theme = OC_Util::getTheme();
     $requesttoken = (OC::$server->getSession() and $registerCall) ? OC_Util::callRegister() : '';
     $parts = explode('/', $app);
     // fix translation when app is something like core/lostpassword
     $l10n = \OC::$server->getL10N($parts[0]);
     $themeDefaults = new OC_Defaults();
     list($path, $template) = $this->findTemplate($theme, $app, $name);
     // Set the private data
     $this->renderas = $renderas;
     $this->path = $path;
     $this->app = $app;
     parent::__construct($template, $requesttoken, $l10n, $themeDefaults);
 }
Exemplo n.º 3
0
 /**
  * @brief Constructor
  * @param string $app app providing the template
  * @param string $name of the template file (without suffix)
  * @param string $renderas = ""; produce a full page
  * @return OC_Template object
  *
  * This function creates an OC_Template object.
  *
  * If $renderas is set, OC_Template will try to produce a full page in the
  * according layout. For now, renderas can be set to "guest", "user" or
  * "admin".
  */
 public function __construct($app, $name, $renderas = "")
 {
     // Read the selected theme from the config file
     $theme = OC_Util::getTheme();
     // Read the detected formfactor and use the right file name.
     $fext = self::getFormFactorExtension();
     $requesttoken = OC::$session ? OC_Util::callRegister() : '';
     $parts = explode('/', $app);
     // fix translation when app is something like core/lostpassword
     $l10n = OC_L10N::get($parts[0]);
     $themeDefaults = new OC_Defaults();
     list($path, $template) = $this->findTemplate($theme, $app, $name, $fext);
     // Set the private data
     $this->renderas = $renderas;
     $this->path = $path;
     parent::__construct($template, $requesttoken, $l10n, $themeDefaults);
 }
 /**
  * Show a single chart
  *
  * @NoCSRFRequired
  * @NoAdminRequired
  * @param string $id
  * @return TemplateResponse
  */
 public function displayChart($id)
 {
     $chartConfigs = $this->configService->getCharts();
     foreach($chartConfigs as $config)
     {
         if ( $config->getId() == $id )
         {
             break;
         }
     }
     $chart = $this->chartService->getChartByConfig($config);
     $templateName = 'main';  // will use templates/main.php
     return new TemplateResponse($this->appName, $templateName, array('chart' => $chart, 'configs' => $chartConfigs, 'requesttoken' => \OC_Util::callRegister()));
 }
Exemplo n.º 5
0
 function testCallRegister()
 {
     $result = strlen(OC_Util::callRegister());
     $this->assertEquals(20, $result);
 }
Exemplo n.º 6
0
*/
// Check if we are a user
OCP\User::checkLoggedIn();
OCP\App::checkAppEnabled('bookmarks');
// Prep screen if we come from the bookmarklet
$url = '';
if (isset($_GET['url'])) {
    $url = $_GET['url'];
}
if (!isset($_GET['title']) || trim($_GET['title']) == '') {
    $datas = OC_Bookmarks_Bookmarks::getURLMetadata($url);
    $title = isset($datas['title']) ? $datas['title'] : '';
} else {
    $title = $_GET['title'];
}
OCP\Util::addscript('bookmarks/3rdparty', 'tag-it');
OCP\Util::addscript('bookmarks', 'addBm');
OCP\Util::addStyle('bookmarks', 'bookmarks');
OCP\Util::addStyle('bookmarks/3rdparty', 'jquery.tagit');
$bm = array('title' => $title, 'url' => $url, 'tags' => array(), 'desc' => '', 'is_public' => 0);
//Find All Tags
$qtags = OC_Bookmarks_Bookmarks::findTags(array(), 0, 400);
$tags = array();
foreach ($qtags as $tag) {
    $tags[] = $tag['tag'];
}
$tmpl = new OCP\Template('bookmarks', 'addBm', 'base');
$tmpl->assign('requesttoken', OC_Util::callRegister());
$tmpl->assign('bookmark', $bm);
$tmpl->assign('tags', json_encode($tags));
$tmpl->printPage();
Exemplo n.º 7
0
 /**
  * Try to login a user using HTTP authentication.
  * @return bool
  */
 protected static function tryBasicAuthLogin()
 {
     if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"]) || isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) {
         return false;
     }
     if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
         OC_User::unsetMagicInCookie();
         $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
     }
     return true;
 }
Exemplo n.º 8
0
 /**
  * @brief Constructor
  * @param string $app app providing the template
  * @param string $file name of the template file (without suffix)
  * @param string $renderas = ""; produce a full page
  * @return OC_Template object
  *
  * This function creates an OC_Template object.
  *
  * If $renderas is set, OC_Template will try to produce a full page in the
  * according layout. For now, renderas can be set to "guest", "user" or
  * "admin".
  */
 public function __construct($app, $name, $renderas = "")
 {
     // Set the private data
     $this->renderas = $renderas;
     $this->application = $app;
     $this->vars = array();
     $this->vars['requesttoken'] = OC_Util::callRegister();
     $this->vars['requestlifespan'] = OC_Util::$callLifespan;
     $parts = explode('/', $app);
     // fix translation when app is something like core/lostpassword
     $this->l10n = OC_L10N::get($parts[0]);
     header('X-Frame-Options: Sameorigin');
     header('X-XSS-Protection: 1; mode=block');
     header('X-Content-Type-Options: nosniff');
     $this->findTemplate($name);
 }
Exemplo n.º 9
0
 private function uploadFileBkp($file)
 {
     //$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH,
     //				\OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_UPPER.
     //				\OCP\Security\ISecureRandom::CHAR_DIGITS
     //			);
     $fd = ['requesttoken' => \OC_Util::callRegister(), 'dir' => '/', 'file_directory' => 'Talks'];
     //$fd['file'] = '@' . $this->dir.'/'.$file['filename'];
     $filename = $this->dir . '/' . $file['filename'];
     $path = realpath(dirname(dirname(dirname(__DIR__))));
     include $path . '/config/config.php';
     $url = $CONFIG['overwrite.cli.url'] . "/index.php/apps/files/ajax/upload.php";
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_URL, $url);
     curl_setopt($ch, CURLOPT_POST, true);
     curl_setopt($ch, CURLOPT_POSTFIELDS, $fd);
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     $fh_res = fopen($filename, 'r');
     curl_setopt($ch, CURLOPT_INFILE, $fh_res);
     curl_setopt($ch, CURLOPT_INFILESIZE, filesize($filename));
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     curl_setopt($ch, CURLOPT_BINARYTRANSFER, TRUE);
     // --data-binary
     $resultCurl = curl_exec($ch);
     fclose($fh_res);
     //print_r($resultCurl);
     file_put_contents('/tmp/inb.log', "\nCurl result : " . print_r($resultCurl, true) . "\n", FILE_APPEND);
     $errorCurl = curl_error($ch);
     //print_r($errorCurl);
     file_put_contents('/tmp/inb.log', "\nCurl error : " . print_r($errorCurl, true) . "\n", FILE_APPEND);
     curl_close($ch);
     return $resultCurl['id'];
     //TODO Взнати id файла
 }
Exemplo n.º 10
0
 protected static function tryBasicAuthLogin()
 {
     if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])) {
         return false;
     }
     OC_App::loadApps(array('authentication'));
     if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
         //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG);
         OC_User::unsetMagicInCookie();
         $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
     }
     return true;
 }
Exemplo n.º 11
0
	/**
	 * Try to login a user using HTTP authentication.
	 * @return bool
	 */
	protected static function tryBasicAuthLogin() {
		if (!isset($_SERVER["PHP_AUTH_USER"])
			|| !isset($_SERVER["PHP_AUTH_PW"])
			|| (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER'])
		) {
			return false;
		}

		if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
			//OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG);
			OC_User::unsetMagicInCookie();
			$_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
		}
		return true;
	}
 /**
  *
  * @NoAdminRequired
  * @NoCSRFRequired
  * @return TemplateResponse
  */
 public function run()
 {
     return new TemplateResponse($this->appName, 'main', array('requesttoken' => \OC_Util::callRegister()));
 }
Exemplo n.º 13
0
 /**
  * Show a single chart
  *
  * @NoCSRFRequired
  * @NoAdminRequired
  * @param string $id
  * @throws \OCA\ocUsageCharts\Exception\ChartServiceException
  *
  * @return TemplateResponse
  */
 public function displayChart($id)
 {
     $selectedConfig = null;
     $chartConfigs = $this->configService->getChartsForLoggedInUser();
     foreach ($chartConfigs as $config) {
         if ($config->getId() == $id) {
             $selectedConfig = $config;
             break;
         }
     }
     if (is_null($selectedConfig)) {
         throw new ChartServiceException('No config found for selected ID');
     }
     $chart = $this->chartService->getChartByConfig($selectedConfig);
     $templateName = 'main';
     // will use templates/main.php
     return new TemplateResponse($this->appName, $templateName, array('chart' => $chart, 'configs' => $chartConfigs, 'requesttoken' => \OC_Util::callRegister()));
 }
Exemplo n.º 14
0
 /**
  * @brief Constructor
  * @param string $app app providing the template
  * @param string $file name of the template file (without suffix)
  * @param string $renderas = ""; produce a full page
  * @return OC_Template object
  *
  * This function creates an OC_Template object.
  *
  * If $renderas is set, OC_Template will try to produce a full page in the
  * according layout. For now, renderas can be set to "guest", "user" or
  * "admin".
  */
 public function __construct($app, $name, $renderas = "")
 {
     // Set the private data
     $this->renderas = $renderas;
     $this->application = $app;
     $this->vars = array();
     $this->vars['requesttoken'] = OC_Util::callRegister();
     $parts = explode('/', $app);
     // fix translation when app is something like core/lostpassword
     $this->l10n = OC_L10N::get($parts[0]);
     // Some headers to enhance security
     header('X-XSS-Protection: 1; mode=block');
     // Enforce browser based XSS filters
     header('X-Content-Type-Options: nosniff');
     // Disable sniffing the content type for IE
     // iFrame Restriction Policy
     $xFramePolicy = OC_Config::getValue('xframe_restriction', true);
     if ($xFramePolicy) {
         header('X-Frame-Options: Sameorigin');
         // Disallow iFraming from other domains
     }
     // Content Security Policy
     // If you change the standard policy, please also change it in config.sample.php
     $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; ' . 'script-src \'self\' \'unsafe-eval\'; ' . 'style-src \'self\' \'unsafe-inline\'; ' . 'frame-src *; ' . 'img-src *; ' . 'font-src \'self\' data:; ' . 'media-src *');
     header('Content-Security-Policy:' . $policy);
     // Standard
     $this->findTemplate($name);
 }
Exemplo n.º 15
0
 /**
  * @brief Constructor
  * @param $app app providing the template
  * @param $file name of the template file (without suffix)
  * @param $renderas = ""; produce a full page
  * @returns OC_Template object
  *
  * This function creates an OC_Template object.
  *
  * If $renderas is set, OC_Template will try to produce a full page in the
  * according layout. For now, renderas can be set to "guest", "user" or
  * "admin".
  */
 public function __construct($app, $name, $renderas = "")
 {
     // Set the private data
     $this->renderas = $renderas;
     $this->application = $app;
     $this->vars = array();
     if ($renderas == 'user') {
         $this->vars['requesttoken'] = OC_Util::callRegister();
     }
     $this->l10n = OC_L10N::get($app);
     header('X-Frame-Options: Sameorigin');
     header('X-XSS-Protection: 1; mode=block');
     header('X-Content-Type-Options: nosniff');
     $this->findTemplate($name);
 }
Exemplo n.º 16
0
 /**
  * Register an get/post call. This is important to prevent CSRF attacks
  * TODO: write example
  * @since 4.5.0
  */
 public static function callRegister()
 {
     return \OC_Util::callRegister();
 }
Exemplo n.º 17
0
 /**
  * Supplies an attribute to the logout hyperlink. The default behaviour
  * is to return an href with '?logout=true' appended. However, it can
  * supply any attribute(s) which are valid for <a>.
  *
  * @return string with one or more HTML attributes.
  */
 public static function getLogoutAttribute()
 {
     $backend = self::findFirstActiveUsedBackend();
     if ($backend) {
         return $backend->getLogoutAttribute();
     }
     return 'href="' . link_to('', 'index.php') . '?logout=true&amp;requesttoken=' . urlencode(OC_Util::callRegister()) . '"';
 }
Exemplo n.º 18
0
 /**
  * @param int $talkid
  * @param string $text
  * Save an answer to the talk
  */
 public function answerTalk($args)
 {
     $talkid = $args['talkid'];
     $text = $args['text'];
     $users = $this->connect->users();
     $messages = $this->connect->messages();
     $message = $messages->getByReply($talkid);
     $talk = $messages->getById($talkid)[0];
     $usermessages = $this->connect->userMessage();
     //$usermessages = $this->getUserMessages($this->userId);
     if (!($usermessage = $usermessages->getMessageById($message['id']))) {
         $usermessages->createStatus($message['id'], $this->userId);
         $usermessage = $usermessages->getMessageById($message['id']);
     }
     if ($message['status'] < 2) {
         $message['status'] = 2;
         $messages->setStatus($message['mid'], 2);
     }
     $subscribers = explode(',', $talk['subscribers']);
     if (!in_array($this->userId, $subscribers)) {
         $subscribers[] = $this->userId;
     } else {
         unset($subscribers[array_search($this->userId, $subscribers)]);
         $talk['subscribers'] = $subscribers;
         $subscribers[] = $talk['author'];
         //$subscribers[] = $this->userId;
         $talk['subscribers'] = $subscribers;
     }
     $mailsubscribers = array();
     $groupspref = array();
     foreach ($subscribers as $s => $subscriber) {
         if (strstr($subscriber, "-group")) {
             $group = substr($subscriber, 0, strpos($subscriber, "-group"));
             if ($group && is_string($group)) {
                 foreach ($users->getUsersFromGroup($group) as $gu => $groupuser) {
                     $user = $users->getUserDetails($groupuser['uid']);
                     $groupusers[$groupuser['uid']] = $user;
                 }
                 $mailsubscribers[$group] = ['groupid' => $group, 'grouppref' => $group . '-group', 'groupusers' => $groupusers];
                 $groupspref[] = $group . '-group';
             }
         } else {
             if (!($subscriber == $this->userId)) {
                 $allusers[$subscriber] = $users->getUserDetails($subscriber);
             }
         }
     }
     $mailsubscribers['ungroupped'] = ['groupusers' => $allusers];
     if (count($mailsubscribers) > 0 && count($groupspref) > 0) {
         $messageSubscribers = implode(',', $groupspref);
         if (count($mailsubscribers['ungroupped']['groupusers']) > 0) {
             $messageSubscribers .= ',' . implode(',', array_keys($mailsubscribers['ungroupped']['groupusers']));
         }
     } else {
         $messageSubscribers = implode(',', array_keys($mailsubscribers['ungroupped']['groupusers']));
     }
     $messagedata = array('rid' => $talkid, 'date' => date("Y-m-d h:i:s"), 'title' => Helper::checkTxt($text), 'text' => '', 'author' => $this->userId, 'subscribers' => $messageSubscribers, 'hash' => isset($talk['hash']) && !empty($talk['hash']) ? $talk['hash'] : md5(date("Y-m-d h:i:s") . '' . $text), 'status' => 0);
     $messages = $this->connect->messages();
     $saved = $messages->save($messagedata);
     //$saved = 1;
     if ($saved) {
         foreach ($subscribers as $s => $subscriber) {
             if (is_string($subscriber) && !empty($subscriber)) {
                 $usermessagedata = ['uid' => $subscriber, 'mid' => $saved, 'status' => 0];
                 $usermessages->save($usermessagedata);
             }
         }
         $sent = $this->sendMessage($saved, $mailsubscribers, $this->userId, $messagedata);
         foreach ($mailsubscribers as $m => $ms) {
             if ($m == 'ungroupped') {
                 $sent = $this->sendMessage($saved, $ms['groupusers'], $this->userId, $messagedata);
             } else {
                 $messagedata['groupsid'] = $ms['grouppref'];
                 $sent = $this->sendMessage($saved, $ms['groupusers'], $ms['grouppref'], $messagedata);
             }
         }
         $params = array('answerid' => $saved, 'author' => $this->userId, 'date' => date("Y-m-d h:i:s"), 'title' => Helper::checkTxt($text), 'sent' => $sent, 'appname' => $this->appName);
     } else {
         $params = array('title' => Helper::checkTxt($text));
     }
     $view = Helper::renderPartial($this->appName, 'api.addanswer', $params);
     $params = array('user' => $this->userId, 'view' => $view, 'requesttoken' => !\OC_Util::isCallRegistered() ? '' : \OC_Util::callRegister());
     return new DataResponse($params);
 }