/**
* @brief Handle the request
*/
public static function handleRequest()
{
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!OC_Config::getValue('installed', false)) {
require_once 'core/setup.php';
exit;
}
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
if (!self::$CLI) {
try {
if (!OC_Config::getValue('maintenance', false)) {
OC_App::loadApps();
}
OC::getRouter()->match(OC_Request::getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
$app = OC::$REQUESTEDAPP;
$file = OC::$REQUESTEDFILE;
$param = array('app' => $app, 'file' => $file);
// Handle app css files
if (substr($file, -3) == 'css') {
self::loadCSSFile($param);
return;
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === FALSE) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
header('location: ' . OC_Helper::linkToRemote('webdav'));
return;
}
// Someone is logged in :
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
if (isset($_GET["logout"]) and $_GET["logout"]) {
if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
OC_User::logout();
header("Location: " . OC::$WEBROOT . '/');
} else {
if (is_null($file)) {
$param['file'] = 'index.php';
}
$file_ext = substr($param['file'], -3);
if ($file_ext != 'php' || !self::loadAppScriptFile($param)) {
header('HTTP/1.0 404 Not Found');
}
}
return;
}
// Not handled and not logged in
self::handleLogin();
}
/**
* get the id of loaded app
*
* @return string
*/
public static function getCurrentApp()
{
$script = substr(OC_Request::scriptName(), strlen(OC::$WEBROOT) + 1);
$topFolder = substr($script, 0, strpos($script, '/'));
if (empty($topFolder)) {
$path_info = OC_Request::getPathInfo();
if ($path_info) {
$topFolder = substr($path_info, 1, strpos($path_info, '/', 1) - 1);
}
}
if ($topFolder == 'apps') {
$length = strlen($topFolder);
return substr($script, $length + 1, strpos($script, '/', $length + 1) - $length - 1);
} else {
return $topFolder;
}
}
/**
* Handle the request
*/
public static function handleRequest() {
\OC::$server->getEventLogger()->start('handle_request', 'Handle request');
$systemConfig = \OC::$server->getSystemConfig();
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!$systemConfig->getValue('installed', false)) {
\OC::$server->getSession()->clear();
$controller = new OC\Core\Setup\Controller(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('core'), new \OC_Defaults());
$controller->run($_POST);
exit();
}
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') { // we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
// Always load authentication apps
OC_App::loadApps(['authentication']);
// Load minimum set of apps
if (!self::checkUpgrade(false)
&& !$systemConfig->getValue('maintenance', false)
&& !\OCP\Util::needUpgrade()) {
// For logged-in users: Load everything
if(OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only filesystem and logging
OC_App::loadApps(array('filesystem', 'logging'));
\OC_User::tryBasicAuthLogin();
}
}
if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
try {
if (!$systemConfig->getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC_Util::setupFS();
OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Redirect to index if the logout link is accessed without valid session
// this is needed to prevent "Token expired" messages while login if a session is expired
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
if(isset($_GET['logout']) && !OC_User::isLoggedIn()) {
header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
OC_Util::setupFS();
if (isset($_GET["logout"]) and ($_GET["logout"])) {
OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) {
\OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
OC_User::logout();
// redirect to webroot and add slash if webroot is empty
header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
} else {
// Redirect to default application
OC_Util::redirectToDefaultPage();
}
} else {
// Not handled and not logged in
self::handleLogin();
}
}
<?php
try {
require_once 'lib/base.php';
if (\OCP\Util::needUpgrade()) {
// since the behavior of apps or remotes are unpredictable during
// an upgrade, return a 503 directly
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printErrorPage('Service unavailable');
exit;
}
$path_info = OC_Request::getPathInfo();
if ($path_info === false || $path_info === '') {
OC_Response::setStatus(OC_Response::STATUS_NOT_FOUND);
exit;
}
if (!($pos = strpos($path_info, '/', 1))) {
$pos = strlen($path_info);
}
$service = substr($path_info, 1, $pos - 1);
$file = \OC::$server->getAppConfig()->getValue('core', 'remote_' . $service);
if (is_null($file)) {
OC_Response::setStatus(OC_Response::STATUS_NOT_FOUND);
exit;
}
$file = ltrim($file, '/');
$parts = explode('/', $file, 2);
$app = $parts[0];
// Load all required applications
\OC::$REQUESTEDAPP = $app;
OC_App::loadApps(array('authentication'));
/**
* @brief Handle the request
*/
public static function handleRequest()
{
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!OC_Config::getValue('installed', false)) {
require_once 'core/setup.php';
exit;
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
OC_Template::printErrorPage('You are accessing the server from an untrusted domain.', 'Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.');
return;
}
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
OC::tryBasicAuthLogin();
if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
try {
if (!OC_Config::getValue('maintenance', false)) {
OC_App::loadApps();
}
self::checkSingleUserMode();
OC::getRouter()->match(OC_Request::getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
$app = OC::$REQUESTEDAPP;
$file = OC::$REQUESTEDFILE;
$param = array('app' => $app, 'file' => $file);
// Handle app css files
if (substr($file, -3) == 'css') {
self::loadCSSFile($param);
return;
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Someone is logged in :
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
if (isset($_GET["logout"]) and $_GET["logout"]) {
if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
OC_User::logout();
header("Location: " . OC::$WEBROOT . '/');
} else {
if (is_null($file)) {
$param['file'] = 'index.php';
}
$file_ext = substr($param['file'], -3);
if ($file_ext != 'php' || !self::loadAppScriptFile($param)) {
header('HTTP/1.0 404 Not Found');
}
}
return;
}
// Not handled and not logged in
self::handleLogin();
}
/**
* Handle the request
*/
public static function handleRequest()
{
$l = \OC_L10N::get('lib');
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!OC_Config::getValue('installed', false)) {
$controller = new OC\Core\Setup\Controller();
$controller->run($_POST);
exit;
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
OC_Template::printErrorPage($l->t('You are accessing the server from an untrusted domain.'), $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.'));
return;
}
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
if (!OC_User::isLoggedIn()) {
// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
OC::tryBasicAuthLogin();
}
if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
try {
if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Load minimum set of apps
if (!self::checkUpgrade(false)) {
// For logged-in users: Load everything
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only authentication, filesystem and logging
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
}
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Redirect to index if the logout link is accessed without valid session
// this is needed to prevent "Token expired" messages while login if a session is expired
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
if (isset($_GET['logout']) && !OC_User::isLoggedIn()) {
header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
if (isset($_GET["logout"]) and $_GET["logout"]) {
OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
if (isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
// Ignore HTTP Authentication for 5 more mintues.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
} elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
// Ignore HTTP Authentication to allow a different user to log in.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
}
}
OC_User::logout();
// redirect to webroot and add slash if webroot is empty
header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
} else {
// Redirect to default application
OC_Util::redirectToDefaultPage();
}
} else {
// Not handled and not logged in
self::handleLogin();
}
}
/**
* @brief Handle the request
*/
public static function handleRequest()
{
if (!OC_Config::getValue('installed', false)) {
require_once 'core/setup.php';
exit;
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
header('location: ' . OC_Helper::linkToRemote('webdav'));
return;
}
try {
OC_App::loadApps();
OC::getRouter()->match(OC_Request::getPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
$app = OC::$REQUESTEDAPP;
$file = OC::$REQUESTEDFILE;
$param = array('app' => $app, 'file' => $file);
// Handle app css files
if (substr($file, -3) == 'css') {
self::loadCSSFile($param);
return;
}
// Someone is logged in :
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
if (isset($_GET["logout"]) and $_GET["logout"]) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
OC_User::logout();
header("Location: " . OC::$WEBROOT . '/');
} else {
if (is_null($file)) {
$param['file'] = 'index.php';
}
$file_ext = substr($param['file'], -3);
if ($file_ext != 'php' || !self::loadAppScriptFile($param)) {
header('HTTP/1.0 404 Not Found');
}
}
return;
}
// Not handled and not logged in
self::handleLogin();
}
