/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
\OCP\Util::addscript('core', 'tags');
\OCP\Util::addStyle($this->appName, 'style');
\OCP\Util::addStyle($this->appName, 'jquery.Jcrop');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/animation');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/fontello');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.webui-popover');
\OCP\Util::addscript($this->appName, 'app');
\OCP\Util::addscript($this->appName, '3rdparty/jquery.webui-popover');
\OCP\Util::addscript($this->appName, 'settings');
\OCP\Util::addscript($this->appName, 'loader');
\OCP\Util::addscript($this->appName, 'jquery.scrollTo.min');
\OCP\Util::addscript($this->appName, 'jquery.nicescroll.min');
\OCP\Util::addscript('files', 'jquery.fileupload');
\OCP\Util::addscript($this->appName, 'jquery.Jcrop');
$iosSupport = $this->configInfo->getUserValue($this->userId, $this->appName, 'iossupport');
$maxUploadFilesize = \OCP\Util::maxUploadFilesize('/');
$addressbooks = Addressbook::all($this->userId);
if (count($addressbooks) == 0) {
Addressbook::addDefault($this->userId);
$addressbooks = Addressbook::all($this->userId);
}
//ContactsApp::addingDummyContacts(50);
$params = ['uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'iossupport' => $iosSupport, 'addressbooks' => $addressbooks];
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$csp->addAllowedFrameDomain('*');
$response = new TemplateResponse($this->appName, 'index');
$response->setContentSecurityPolicy($csp);
$response->setParams($params);
return $response;
}
public function testGetDefaultPolicyWithPolicies()
{
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$policy->addAllowedFontDomain('mydomain.com');
$policy->addAllowedImageDomain('anotherdomain.de');
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$policy->addAllowedFontDomain('example.com');
$policy->addAllowedImageDomain('example.org');
$policy->allowInlineScript(true);
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('childdomain');
$policy->addAllowedFontDomain('anotherFontDomain');
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
$expected = new \OC\Security\CSP\ContentSecurityPolicy();
$expected->allowInlineScript(true);
$expected->addAllowedFontDomain('mydomain.com');
$expected->addAllowedFontDomain('example.com');
$expected->addAllowedFontDomain('anotherFontDomain');
$expected->addAllowedImageDomain('anotherdomain.de');
$expected->addAllowedImageDomain('example.org');
$expected->addAllowedChildSrcDomain('childdomain');
$expectedStringPolicy = 'default-src \'none\';script-src \'self\' \'unsafe-inline\' \'unsafe-eval\';style-src \'self\' \'unsafe-inline\';img-src \'self\' data: blob: anotherdomain.de example.org;font-src \'self\' mydomain.com example.com anotherFontDomain;connect-src \'self\';media-src \'self\';child-src childdomain';
$this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy());
$this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy());
}
/**
* @NoAdminRequired
*/
public function cropPhoto()
{
$id = $this->params('id');
$tmpkey = $this->params('tmpkey');
$params = array('tmpkey' => $tmpkey, 'id' => $id);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('data:');
$response = new TemplateResponse($this->appName, 'part.cropphoto', $params, '');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @return TemplateResponse renders the index page
*/
public function index()
{
$response = new TemplateResponse($this->appName, 'index', []);
// set csp rules for ownCloud 8.1
if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$response->setContentSecurityPolicy($csp);
}
return $response;
}
public function testIndex()
{
$expected = new TemplateResponse($this->appName, 'index', []);
// set csp rules for ownCloud 8.1
if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$expected->setContentSecurityPolicy($csp);
}
$response = $this->controller->index();
$this->assertEquals($expected, $response);
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
if (\OC::$server->getAppManager()->isEnabledForUser('calendarplus')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain(':data');
$config = \OC::$server->getConfig();
$response = new TemplateResponse($this->appName, 'index');
$response->setParams(array('allowShareWithLink' => $config->getAppValue('core', 'shareapi_allow_links', 'yes'), 'mailNotificationEnabled' => $config->getAppValue('core', 'shareapi_allow_mail_notification', 'no'), 'mailPublicNotificationEnabled' => $config->getAppValue('core', 'shareapi_allow_public_notification', 'no'), 'appname' => TasksApp::$appname, 'calappname' => CalendarApp::$appname));
$response->setContentSecurityPolicy($csp);
} else {
\OCP\Util::addStyle($this->appName, 'style');
$response = new TemplateResponse($this->appName, 'no-calendar-app');
}
return $response;
}
/**
* CAUTION: the @Stuff turn off security checks, for this page no admin is
* required and no CSRF check. If you don't know what CSRF is, read
* it up in the docs or you might create a security hole. This is
* basically the only required method to add this exemption, don't
* add it to any other method if you don't exactly know what it does
*
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$params = array('user' => $this->userId, 'devices' => $this->deviceMapper->findAll($this->userId));
$response = new TemplateResponse('maps', 'main', $params);
if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
// map tiles
$csp->addAllowedImageDomain('http://*.mqcdn.com');
// marker icons
$csp->addAllowedImageDomain('https://api.tiles.mapbox.com');
// inline images
$csp->addAllowedScriptDomain('data:');
$response->setContentSecurityPolicy($csp);
}
return $response;
// templates/main.php
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
$iosSupport = $this->configInfo->getUserValue($this->userId, $this->appName, 'iossupport');
$activeView = $this->configInfo->getUserValue($this->userId, $this->appName, 'view', 'listview');
$lastSelectedBook = $this->configInfo->getUserValue($this->userId, $this->appName, 'currentbook', 0);
$maxUploadFilesize = \OCP\Util::maxUploadFilesize('/');
$addressbooks = Addressbook::all($this->userId);
if (count($addressbooks) == 0) {
Addressbook::addDefault($this->userId);
$addressbooks = Addressbook::all($this->userId);
}
//ContactsApp::addingDummyContacts(1000);
$params = ['uploadMaxFilesize' => $maxUploadFilesize, 'uploadMaxHumanFilesize' => \OCP\Util::humanFileSize($maxUploadFilesize), 'iossupport' => $iosSupport, 'addressbooks' => $addressbooks, 'activeView' => $activeView, 'lastSelectedBook' => $lastSelectedBook];
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$csp->addAllowedFrameDomain('*');
$response = new TemplateResponse($this->appName, 'index');
$response->setContentSecurityPolicy($csp);
$response->setParams($params);
return $response;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index() {
$status = $this->statusService->getStatus();
$response = new TemplateResponse($this->appName, 'index', [
'cronWarning' => $status['warnings']['improperlyConfiguredCron']
]);
// set csp rules for ownCloud 8.1
if (class_exists('OCP\AppFramework\Http\ContentSecurityPolicy')) {
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$csp->addAllowedMediaDomain('*');
$csp->addAllowedFrameDomain('https://youtube.com');
$csp->addAllowedFrameDomain('https://www.youtube.com');
$csp->addAllowedFrameDomain('https://player.vimeo.com');
$csp->addAllowedFrameDomain('https://www.player.vimeo.com');
$response->setContentSecurityPolicy($csp);
}
return $response;
}
public function testGetHtmlBody()
{
$accountId = 17;
$folderId = 'testfolder';
$messageId = 4321;
$this->accountService->expects($this->once())->method('find')->with($this->equalTo($this->userId), $this->equalTo($accountId))->will($this->returnValue($this->account));
$this->account->expects($this->once())->method('getMailbox')->with($this->equalTo($folderId))->will($this->returnValue($this->mailbox));
$this->mailbox->expects($this->once())->method('getMessage')->with($this->equalTo($messageId), $this->equalTo(true))->will($this->returnValue($this->message));
$expectedResponse = new \OCA\Mail\Http\HtmlResponse(null);
$expectedResponse->cacheFor(3600);
$expectedResponse->addHeader('Pragma', 'cache');
if (class_exists('\\OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$policy->allowEvalScript(false);
$policy->disallowScriptDomain('\'self\'');
$policy->disallowConnectDomain('\'self\'');
$policy->disallowFontDomain('\'self\'');
$policy->disallowMediaDomain('\'self\'');
$expectedResponse->setContentSecurityPolicy($policy);
}
$actualResponse = $this->controller->getHtmlBody($accountId, base64_encode($folderId), $messageId);
$this->assertEquals($expectedResponse, $actualResponse);
}
public function testShowShare()
{
$owner = $this->getMock('OCP\\IUser');
$owner->method('getDisplayName')->willReturn('ownerDisplay');
$owner->method('getUID')->willReturn('ownerUID');
$file = $this->getMock('OCP\\Files\\File');
$file->method('getName')->willReturn('file1.txt');
$file->method('getMimetype')->willReturn('text/plain');
$file->method('getSize')->willReturn(33);
$file->method('isReadable')->willReturn(true);
$file->method('isShareable')->willReturn(true);
$share = \OC::$server->getShareManager()->newShare();
$share->setId(42);
$share->setPassword('password')->setShareOwner('ownerUID')->setNode($file)->setTarget('/file1.txt');
$this->session->method('exists')->with('public_link_authenticated')->willReturn(true);
$this->session->method('get')->with('public_link_authenticated')->willReturn('42');
$this->previewManager->method('isMimeSupported')->with('text/plain')->willReturn(true);
$this->config->method('getSystemValue')->willReturnMap([['max_filesize_animated_gifs_public_sharing', 10, 10], ['enable_previews', true, true]]);
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
$shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
$this->shareManager->expects($this->once())->method('getShareByToken')->with('token')->willReturn($share);
$this->userManager->method('get')->with('ownerUID')->willReturn($owner);
$response = $this->shareController->showShare('token');
$sharedTmplParams = array('displayName' => 'ownerDisplay', 'owner' => 'ownerUID', 'filename' => 'file1.txt', 'directory_path' => '/file1.txt', 'mimetype' => 'text/plain', 'dirToken' => 'token', 'sharingToken' => 'token', 'server2serversharing' => true, 'protected' => 'true', 'dir' => '', 'downloadURL' => null, 'fileSize' => '33 B', 'nonHumanFileSize' => 33, 'maxSizeAnimateGif' => 10, 'previewSupported' => true, 'previewEnabled' => true);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$expectedResponse = new TemplateResponse($this->appName, 'public', $sharedTmplParams, 'base');
$expectedResponse->setContentSecurityPolicy($csp);
$this->assertEquals($expectedResponse, $response);
}
public function testShowShare()
{
$this->container['UserManager']->expects($this->exactly(2))->method('userExists')->with($this->user)->will($this->returnValue(true));
// Test without a not existing token
$response = $this->shareController->showShare('ThisTokenShouldHopefullyNeverExistSoThatTheUnitTestWillAlwaysPass :)');
$expectedResponse = new NotFoundResponse();
$this->assertEquals($expectedResponse, $response);
// Test with a password protected share and no authentication
$response = $this->shareController->showShare($this->token);
$expectedResponse = new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', array('token' => $this->token)));
$this->assertEquals($expectedResponse, $response);
// Test with password protected share and authentication
$linkItem = Share::getShareByToken($this->token, false);
\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
$response = $this->shareController->showShare($this->token);
$sharedTmplParams = array('displayName' => $this->user, 'filename' => 'file1.txt', 'directory_path' => '/file1.txt', 'mimetype' => 'text/plain', 'dirToken' => $this->token, 'sharingToken' => $this->token, 'server2serversharing' => true, 'protected' => 'true', 'dir' => '', 'downloadURL' => null, 'fileSize' => '33 B', 'nonHumanFileSize' => 33, 'maxSizeAnimateGif' => 10, 'previewSupported' => true, 'previewEnabled' => true);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$expectedResponse = new TemplateResponse($this->container['AppName'], 'public', $sharedTmplParams, 'base');
$expectedResponse->setContentSecurityPolicy($csp);
$this->assertEquals($expectedResponse, $response);
}
<?php
/**
* owncloud_piwik
*
* Copyright (c) 2015 Klaus Herberth <*****@*****.**> <br>
* Released under the MIT license
*
* @author Klaus Herberth <*****@*****.**>
* @license MIT
*/
OCP\App::registerAdmin('piwik', 'settings-admin');
$internal = OCP\Config::getAppValue('piwik', 'internal');
if ($internal === 'yes') {
OCP\Util::addScript('piwik', 'piwik');
}
if (class_exists('\\OCP\\AppFramework\\Http\\ContentSecurityPolicy')) {
$piwik = json_decode(OCP\Config::getAppValue('piwik', 'piwik'));
$url = parse_url($piwik->url, PHP_URL_HOST);
if ($_SERVER['HTTP_HOST'] !== $url) {
$policy = new OCP\AppFramework\Http\ContentSecurityPolicy();
$policy->addAllowedScriptDomain($url);
$policy->addAllowedImageDomain($url);
\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy);
}
}
OCP\Util::addScript('piwik', 'track');
/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function index()
{
if (\OC::$server->getAppManager()->isEnabledForUser('contactsplus')) {
$appinfo = \OCP\App::getAppVersion('contactsplus');
if (version_compare($appinfo, '1.0.6', '>=')) {
$calId = $this->calendarController->checkBirthdayCalendarByUri('bdaycpltocal_' . $this->userId);
}
}
$calendars = CalendarCalendar::allCalendars($this->userId, false, false, false);
if (count($calendars) == 0) {
CalendarCalendar::addDefaultCalendars($this->userId);
$calendars = CalendarCalendar::allCalendars($this->userId, true);
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "onedayview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "agendaDay");
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "oneweekview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "agendaWeek");
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "onemonthview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "month");
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "listview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "list");
}
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'currentview', 'month') == "fourweeksview") {
$this->configInfo->setUserValue($this->userId, $this->appName, 'currentview', "fourweeks");
}
\OCP\Util::addStyle($this->appName, '3rdparty/colorPicker');
\OCP\Util::addscript($this->appName, '3rdparty/jquery.colorPicker');
\OCP\Util::addScript($this->appName, '3rdparty/fullcalendar');
\OCP\Util::addStyle($this->appName, '3rdparty/fullcalendar');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.timepicker');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/animation');
\OCP\Util::addStyle($this->appName, '3rdparty/fontello/css/fontello');
\OCP\Util::addScript($this->appName, 'jquery.scrollTo.min');
//\OCP\Util::addScript($this->appName,'timepicker');
\OCP\Util::addScript($this->appName, '3rdparty/datepair');
\OCP\Util::addScript($this->appName, '3rdparty/jquery.datepair');
\OCP\Util::addScript($this->appName, '3rdparty/jquery.timepicker');
\OCP\Util::addScript($this->appName, "3rdparty/jquery.webui-popover");
\OCP\Util::addScript($this->appName, "3rdparty/chosen.jquery.min");
\OCP\Util::addStyle($this->appName, "3rdparty/chosen");
\OCP\Util::addScript($this->appName, '3rdparty/tag-it');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.tagit');
\OCP\Util::addStyle($this->appName, '3rdparty/jquery.webui-popover');
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'timezone') == null || $this->configInfo->getUserValue($this->userId, $this->appName, 'timezonedetection') == 'true') {
\OCP\Util::addScript($this->appName, '3rdparty/jstz-1.0.4.min');
\OCP\Util::addScript($this->appName, 'geo');
}
\OCP\Util::addScript($this->appName, '3rdparty/printThis');
\OCP\Util::addScript($this->appName, 'app');
\OCP\Util::addScript($this->appName, 'loaderimport');
\OCP\Util::addStyle($this->appName, 'style');
\OCP\Util::addStyle($this->appName, "mobile");
\OCP\Util::addScript($this->appName, 'jquery.multi-autocomplete');
\OCP\Util::addScript('core', 'tags');
\OCP\Util::addScript($this->appName, 'on-event');
$leftNavAktiv = $this->configInfo->getUserValue($this->userId, $this->appName, 'calendarnav');
$rightNavAktiv = $this->configInfo->getUserValue($this->userId, $this->appName, 'tasknav');
$pCalendar = $calendars;
$pHiddenCal = 'class="isHiddenCal"';
$pButtonCalAktive = '';
if ($leftNavAktiv === 'true') {
$pHiddenCal = '';
$pButtonCalAktive = 'button-info';
}
$pButtonTaskAktive = '';
$pTaskOutput = '';
$pRightnavAktiv = $rightNavAktiv;
$pIsHidden = 'class="isHiddenTask"';
if ($rightNavAktiv === 'true' && \OC::$server->getAppManager()->isEnabledForUser('tasksplus')) {
$allowedCals = [];
foreach ($calendars as $calInfo) {
$isAktiv = (int) $calInfo['active'];
if ($this->configInfo->getUserValue($this->userId, $this->appName, 'calendar_' . $calInfo['id']) !== '') {
$isAktiv = (int) $this->configInfo->getUserValue($this->userId, $this->appName, 'calendar_' . $calInfo['id']);
}
if ($isAktiv === 1) {
$allowedCals[] = $calInfo;
}
}
$cDataTimeLine = new \OCA\TasksPlus\Timeline();
$cDataTimeLine->setCalendars($allowedCals);
$taskOutPutbyTime = $cDataTimeLine->generateAddonCalendarTodo();
$paramsList = ['taskOutPutbyTime' => $taskOutPutbyTime];
$list = new TemplateResponse('tasksplus', 'calendars.tasks.list', $paramsList, '');
$pButtonTaskAktive = 'button-info';
$pTaskOutput = $list->render();
$pIsHidden = '';
}
$params = ['calendars' => $pCalendar, 'leftnavAktiv' => $leftNavAktiv, 'isHiddenCal' => $pHiddenCal, 'buttonCalAktive' => $pButtonCalAktive, 'isHidden' => $pIsHidden, 'buttonTaskAktive' => $pButtonTaskAktive, 'taskOutput' => $pTaskOutput, 'rightnavAktiv' => $pRightnavAktiv, 'mailNotificationEnabled' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_mail_notification', 'yes'), 'allowShareWithLink' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_links', 'yes'), 'mailPublicNotificationEnabled' => \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_public_notification', 'no')];
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedImageDomain('*');
$response = new TemplateResponse($this->appName, 'calendar', $params);
$response->setContentSecurityPolicy($csp);
return $response;
}
