/** * Sets up the filesystem and user for public sharing * @param string $token string share token * @param string $relativePath optional path relative to the share * @param string $password optional password */ public static function setupFromToken($token, $relativePath = null, $password = null) { \OC_User::setIncognitoMode(true); $linkItem = \OCP\Share::getShareByToken($token, !$password); if ($linkItem === false || $linkItem['item_type'] !== 'file' && $linkItem['item_type'] !== 'folder') { \OC_Response::setStatus(404); \OC_Log::write('core-preview', 'Passed token parameter is not valid', \OC_Log::DEBUG); exit; } if (!isset($linkItem['uid_owner']) || !isset($linkItem['file_source'])) { \OC_Response::setStatus(500); \OC_Log::write('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")', \OC_Log::WARN); exit; } $rootLinkItem = \OCP\Share::resolveReShare($linkItem); $path = null; if (isset($rootLinkItem['uid_owner'])) { \OCP\JSON::checkUserExists($rootLinkItem['uid_owner']); \OC_Util::tearDownFS(); \OC_Util::setupFS($rootLinkItem['uid_owner']); $path = \OC\Files\Filesystem::getPath($linkItem['file_source']); } if ($path === null) { \OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG); \OC_Response::setStatus(404); \OCP\JSON::error(array('success' => false)); exit; } if (!isset($linkItem['item_type'])) { \OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR); \OC_Response::setStatus(404); \OCP\JSON::error(array('success' => false)); exit; } if (isset($linkItem['share_with'])) { if (!self::authenticate($linkItem, $password)) { \OC_Response::setStatus(403); \OCP\JSON::error(array('success' => false)); exit; } } $basePath = $path; if ($relativePath !== null && \OC\Files\Filesystem::isReadable($basePath . $relativePath)) { $path .= \OC\Files\Filesystem::normalizePath($relativePath); } return array('linkItem' => $linkItem, 'basePath' => $basePath, 'realPath' => $path); }
/** * @param Exception $e */ function handleException(Exception $e) { $request = \OC::$server->getRequest(); // in case the request content type is text/xml - we assume it's a WebDAV request $isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml'); if ($isXmlContentType === 0) { // fire up a simple server to properly process the exception $server = new Server(); if (!$e instanceof RemoteException) { // we shall not log on RemoteException $server->addPlugin(new ExceptionLoggerPlugin('webdav', \OC::$server->getLogger())); } $server->on('beforeMethod', function () use($e) { if ($e instanceof RemoteException) { switch ($e->getCode()) { case OC_Response::STATUS_SERVICE_UNAVAILABLE: throw new ServiceUnavailable($e->getMessage()); case OC_Response::STATUS_NOT_FOUND: throw new \Sabre\DAV\Exception\NotFound($e->getMessage()); } } $class = get_class($e); $msg = $e->getMessage(); throw new ServiceUnavailable("{$class}: {$msg}"); }); $server->exec(); } else { $statusCode = OC_Response::STATUS_INTERNAL_SERVER_ERROR; if ($e instanceof \OC\ServiceUnavailableException) { $statusCode = OC_Response::STATUS_SERVICE_UNAVAILABLE; } if ($e instanceof RemoteException) { // we shall not log on RemoteException OC_Response::setStatus($e->getCode()); OC_Template::printErrorPage($e->getMessage()); } else { \OCP\Util::writeLog('remote', $e->getMessage(), \OCP\Util::FATAL); OC_Response::setStatus($statusCode); OC_Template::printExceptionErrorPage($e); } } }
/** * respond to a call * @param OC_OCS_Result $result * @param string $format the format xml|json */ public static function respond($result, $format = 'xml') { // Send 401 headers if unauthorised if ($result->getStatusCode() === API::RESPOND_UNAUTHORISED) { header('WWW-Authenticate: Basic realm="Authorisation Required"'); header('HTTP/1.0 401 Unauthorized'); } foreach ($result->getHeaders() as $name => $value) { header($name . ': ' . $value); } $meta = $result->getMeta(); $data = $result->getData(); if (self::isV2(\OC::$server->getRequest())) { $statusCode = self::mapStatusCodes($result->getStatusCode()); if (!is_null($statusCode)) { $meta['statuscode'] = $statusCode; OC_Response::setStatus($statusCode); } } self::setContentType($format); $body = self::renderResult($format, $meta, $data); echo $body; }
/** * Handle the request */ public static function handleRequest() { \OC::$server->getEventLogger()->start('handle_request', 'Handle request'); $systemConfig = \OC::$server->getSystemConfig(); // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode if (!$systemConfig->getValue('installed', false)) { \OC::$server->getSession()->clear(); $setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom()); $controller = new OC\Core\Setup\Controller($setupHelper); $controller->run($_POST); exit; } $request = \OC::$server->getRequest()->getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); self::checkUpgrade(); } // Always load authentication apps OC_App::loadApps(['authentication']); // Load minimum set of apps if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false) && !\OCP\Util::needUpgrade()) { // For logged-in users: Load everything if (OC_User::isLoggedIn()) { OC_App::loadApps(); } else { // For guests: Load only filesystem and logging OC_App::loadApps(array('filesystem', 'logging')); \OC_User::tryBasicAuthLogin(); } } if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) { try { if (!$systemConfig->getValue('maintenance', false) && !\OCP\Util::needUpgrade()) { OC_App::loadApps(array('filesystem', 'logging')); OC_App::loadApps(); } self::checkSingleUserMode(); OC_Util::setupFS(); OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } } // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (strpos($location, '@') === false) { header('Location: ' . $location); return; } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. header('HTTP/1.1 405 Method Not Allowed'); header('Status: 405 Method Not Allowed'); return; } // Redirect to index if the logout link is accessed without valid session // this is needed to prevent "Token expired" messages while login if a session is expired // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 if (isset($_GET['logout']) && !OC_User::isLoggedIn()) { header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); return; } // Someone is logged in if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); OC_Util::setupFS(); if (isset($_GET["logout"]) and $_GET["logout"]) { OC_JSON::callCheck(); if (isset($_COOKIE['oc_token'])) { \OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); } OC_User::logout(); // redirect to webroot and add slash if webroot is empty header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); } else { // Redirect to default application OC_Util::redirectToDefaultPage(); } } else { // Not handled and not logged in self::handleLogin(); } }
/** * @NoAdminRequired * @PublicPage * Store the document content to its origin */ public function save() { try { $esId = $this->request->server['HTTP_WEBODF_SESSION_ID']; if (!$esId) { throw new \Exception('Session id can not be empty'); } $memberId = $this->request->server['HTTP_WEBODF_MEMBER_ID']; $currentMember = new Db\Member(); $currentMember->load($memberId); //check if member belongs to the session if ($esId != $currentMember->getEsId()) { throw new \Exception($memberId . ' does not belong to session ' . $esId); } // Extra info for future usage // $sessionRevision = $this->request->server['HTTP_WEBODF_SESSION_REVISION']; //NB ouch! New document content is passed as an input stream content $stream = fopen('php://input', 'r'); if (!$stream) { throw new \Exception('New content missing'); } $content = stream_get_contents($stream); $session = new Db\Session(); $session->load($esId); if (!$session->getEsId()) { throw new \Exception('Session does not exist'); } try { if ($currentMember->getIsGuest()) { $file = File::getByShareToken($currentMember->getToken()); } else { $file = new File($session->getFileId()); } list($view, $path) = $file->getOwnerViewAndPath(true); } catch (\Exception $e) { //File was deleted or unshared. We need to save content as new file anyway //Sorry, but for guests it would be lost :( if ($this->uid) { $view = new View('/' . $this->uid . '/files'); $dir = \OCP\Config::getUserValue($this->uid, 'documents', 'save_path', ''); $path = Helper::getNewFileName($view, $dir . 'New Document.odt'); } else { throw $e; } } $member = new Db\Member(); $members = $member->getActiveCollection($esId); $memberIds = array_map(function ($x) { return $x['member_id']; }, $members); // Active users except current user $memberCount = count($memberIds) - 1; if ($view->file_exists($path)) { $currentHash = sha1($view->file_get_contents($path)); if (!Helper::isVersionsEnabled() && $currentHash !== $session->getGenesisHash()) { // Original file was modified externally. Save to a new one $path = Helper::getNewFileName($view, $path, '-conflict'); } $mimetype = $view->getMimeType($path); } else { $mimetype = Storage::MIMETYPE_LIBREOFFICE_WORDPROCESSOR; } $data = Filter::write($content, $mimetype); if ($view->file_put_contents($path, $data['content'])) { // Not a last user if ($memberCount > 0) { // Update genesis hash to prevent conflicts $this->logger->debug('Update hash', array('app' => $this->appName)); $session->updateGenesisHash($esId, sha1($data['content'])); } else { // Last user. Kill session data Db\Session::cleanUp($esId); } $view->touch($path); } $response = array('status' => 'success'); } catch (\Exception $e) { $this->logger->warning('Saving failed. Reason:' . $e->getMessage(), array('app' => $this->appName)); \OC_Response::setStatus(500); $response = array(); } return $response; }
/** * @brief Handle the request */ public static function handleRequest() { // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode if (!OC_Config::getValue('installed', false)) { require_once 'core/setup.php'; exit; } $request = OC_Request::getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); self::checkUpgrade(); } if (!self::$CLI) { try { if (!OC_Config::getValue('maintenance', false)) { OC_App::loadApps(); } OC::getRouter()->match(OC_Request::getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } } $app = OC::$REQUESTEDAPP; $file = OC::$REQUESTEDFILE; $param = array('app' => $app, 'file' => $file); // Handle app css files if (substr($file, -3) == 'css') { self::loadCSSFile($param); return; } // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (strpos($location, '@') === FALSE) { header('Location: ' . $location); return; } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { header('location: ' . OC_Helper::linkToRemote('webdav')); return; } // Someone is logged in : if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); if (isset($_GET["logout"]) and $_GET["logout"]) { if (isset($_COOKIE['oc_token'])) { OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); } OC_User::logout(); header("Location: " . OC::$WEBROOT . '/'); } else { if (is_null($file)) { $param['file'] = 'index.php'; } $file_ext = substr($param['file'], -3); if ($file_ext != 'php' || !self::loadAppScriptFile($param)) { header('HTTP/1.0 404 Not Found'); } } return; } // Not handled and not logged in self::handleLogin(); }
/** * @brief Handle the request */ public static function handleRequest() { if (!OC_Config::getValue('installed', false)) { require_once 'core/setup.php'; exit; } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { header('location: ' . OC_Helper::linkToRemote('webdav')); return; } try { OC_App::loadApps(); OC::getRouter()->match(OC_Request::getPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } $app = OC::$REQUESTEDAPP; $file = OC::$REQUESTEDFILE; $param = array('app' => $app, 'file' => $file); // Handle app css files if (substr($file, -3) == 'css') { self::loadCSSFile($param); return; } // Someone is logged in : if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); if (isset($_GET["logout"]) and $_GET["logout"]) { OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); OC_User::logout(); header("Location: " . OC::$WEBROOT . '/'); } else { if (is_null($file)) { $param['file'] = 'index.php'; } $file_ext = substr($param['file'], -3); if ($file_ext != 'php' || !self::loadAppScriptFile($param)) { header('HTTP/1.0 404 Not Found'); } } return; } // Not handled and not logged in self::handleLogin(); }
if (isset($_POST['password'])) { $password = $_POST['password']; } $relativePath = null; if (isset($_GET['dir'])) { $relativePath = $_GET['dir']; } $sortAttribute = isset($_GET['sort']) ? $_GET['sort'] : 'name'; $sortDirection = isset($_GET['sortdirection']) ? $_GET['sortdirection'] === 'desc' : false; $data = \OCA\Files_Sharing\Helper::setupFromToken($token, $relativePath, $password); $linkItem = $data['linkItem']; // Load the files $dir = $data['realPath']; $dir = \OC\Files\Filesystem::normalizePath($dir); if (!\OC\Files\Filesystem::is_dir($dir . '/')) { \OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND); \OCP\JSON::error(array('success' => false)); exit; } $data = array(); // make filelist $files = \OCA\Files\Helper::getFiles($dir, $sortAttribute, $sortDirection); $formattedFiles = array(); foreach ($files as $file) { $entry = \OCA\Files\Helper::formatFileInfo($file); unset($entry['directory']); // for now $entry['permissions'] = \OCP\PERMISSION_READ; $formattedFiles[] = $entry; } $data['directory'] = $relativePath;
public function show() { if ($this->useOriginal) { $fp = @$this->view->fopen($this->path, 'rb'); $mtime = $this->view->filemtime($this->path); $size = $this->view->filesize($this->path); $mime = $this->view->getMimetype($this->path); } else { $fp = @fopen($this->path, 'rb'); $mtime = filemtime($this->path); $size = filesize($this->path); $mime = \OC_Helper::getMimetype($this->path); } if ($fp) { \OCP\Response::enableCaching(); \OCP\Response::setLastModifiedHeader($mtime); header('Content-Length: ' . $size); header('Content-Type: ' . $mime); fpassthru($fp); } else { \OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND); } }
/** main function to handle the REST request **/ public static function handle() { // overwrite the 404 error page returncode header("HTTP/1.0 200 OK"); if ($_SERVER['REQUEST_METHOD'] == 'GET') { $method = 'get'; } elseif ($_SERVER['REQUEST_METHOD'] == 'PUT') { $method = 'put'; parse_str(file_get_contents("php://input"), $put_vars); } elseif ($_SERVER['REQUEST_METHOD'] == 'POST') { $method = 'post'; } else { echo 'internal server error: method not supported'; exit; } $format = self::readData($method, 'format', 'text', ''); $router = new OC_Router(); $router->useCollection('root'); // CONFIG $router->create('config', '/config.{format}')->defaults(array('format' => $format))->action('OC_OCS', 'apiConfig')->requirements(array('format' => 'xml|json')); // PERSON $router->create('person_check', '/person/check.{format}')->post()->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $login = OC_OCS::readData('post', 'login', 'text'); $passwd = OC_OCS::readData('post', 'password', 'text'); OC_OCS::personCheck($format, $login, $passwd); })->requirements(array('format' => 'xml|json')); // ACTIVITY // activityget - GET ACTIVITY page,pagesize als urlparameter $router->create('activity_get', '/activity.{format}')->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $page = OC_OCS::readData('get', 'page', 'int', 0); $pagesize = OC_OCS::readData('get', 'pagesize', 'int', 10); if ($pagesize < 1 or $pagesize > 100) { $pagesize = 10; } OC_OCS::activityGet($format, $page, $pagesize); })->requirements(array('format' => 'xml|json')); // activityput - POST ACTIVITY $router->create('activity_put', '/activity.{format}')->post()->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $message = OC_OCS::readData('post', 'message', 'text'); OC_OCS::activityPut($format, $message); })->requirements(array('format' => 'xml|json')); // PRIVATEDATA // get - GET DATA $router->create('privatedata_get', '/privatedata/getattribute/{app}/{key}.{format}')->defaults(array('app' => '', 'key' => '', 'format' => $format))->action(function ($parameters) { $format = $parameters['format']; $app = addslashes(strip_tags($parameters['app'])); $key = addslashes(strip_tags($parameters['key'])); OC_OCS::privateDataGet($format, $app, $key); })->requirements(array('format' => 'xml|json')); // set - POST DATA $router->create('privatedata_set', '/privatedata/setattribute/{app}/{key}.{format}')->post()->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $app = addslashes(strip_tags($parameters['app'])); $key = addslashes(strip_tags($parameters['key'])); $value = OC_OCS::readData('post', 'value', 'text'); OC_OCS::privateDataSet($format, $app, $key, $value); })->requirements(array('format' => 'xml|json')); // delete - POST DATA $router->create('privatedata_delete', '/privatedata/deleteattribute/{app}/{key}.{format}')->post()->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $app = addslashes(strip_tags($parameters['app'])); $key = addslashes(strip_tags($parameters['key'])); OC_OCS::privateDataDelete($format, $app, $key); })->requirements(array('format' => 'xml|json')); // CLOUD // systemWebApps $router->create('system_webapps', '/cloud/system/webapps.{format}')->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; OC_OCS::systemwebapps($format); })->requirements(array('format' => 'xml|json')); // quotaget $router->create('quota_get', '/cloud/user/{user}.{format}')->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $user = $parameters['user']; OC_OCS::quotaGet($format, $user); })->requirements(array('format' => 'xml|json')); // quotaset $router->create('quota_set', '/cloud/user/{user}.{format}')->post()->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $user = $parameters['user']; $quota = self::readData('post', 'quota', 'int'); OC_OCS::quotaSet($format, $user, $quota); })->requirements(array('format' => 'xml|json')); // keygetpublic $router->create('keygetpublic', '/cloud/user/{user}/publickey.{format}')->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $user = $parameters['user']; OC_OCS::publicKeyGet($format, $user); })->requirements(array('format' => 'xml|json')); // keygetprivate $router->create('keygetpublic', '/cloud/user/{user}/privatekey.{format}')->defaults(array('format' => $format))->action(function ($parameters) { $format = $parameters['format']; $user = $parameters['user']; OC_OCS::privateKeyGet($format, $user); })->requirements(array('format' => 'xml|json')); // add more calls here // please document all the call in the draft spec // http://www.freedesktop.org/wiki/Specifications/open-collaboration-services-1.7#CLOUD // TODO: // users // groups // bookmarks // sharing // versioning // news (rss) try { $router->match($_SERVER['PATH_INFO']); } catch (ResourceNotFoundException $e) { $txt = 'Invalid query, please check the syntax. ' . 'API specifications are here: ' . 'http://www.freedesktop.org/wiki/Specifications/open-collaboration-services.' . 'DEBUG OUTPUT:' . "\n"; $txt .= OC_OCS::getdebugoutput(); echo OC_OCS::generatexml($format, 'failed', 999, $txt); } catch (MethodNotAllowedException $e) { OC_Response::setStatus(405); } exit; }
/** * Store the document content to its origin */ public static function save() { try { $esId = @$_SERVER['HTTP_WEBODF_SESSION_ID']; if (!$esId) { throw new \Exception('Session id can not be empty'); } $memberId = @$_SERVER['HTTP_WEBODF_MEMBER_ID']; $currentMember = new Db\Member(); $currentMember->load($memberId); if (is_null($currentMember->getIsGuest()) || $currentMember->getIsGuest()) { self::preDispatchGuest(); } else { $uid = self::preDispatch(); } //check if member belongs to the session if ($esId != $currentMember->getEsId()) { throw new \Exception($memberId . ' does not belong to session ' . $esId); } // Extra info for future usage // $sessionRevision = Helper::getArrayValueByKey($_SERVER, 'HTTP_WEBODF_SESSION_REVISION'); $stream = fopen('php://input', 'r'); if (!$stream) { throw new \Exception('New content missing'); } $content = stream_get_contents($stream); $session = new Db\Session(); $session->load($esId); if (!$session->getEsId()) { throw new \Exception('Session does not exist'); } try { if ($currentMember->getIsGuest()) { $file = File::getByShareToken($currentMember->getToken()); } else { $file = new File($session->getFileId()); } list($view, $path) = $file->getOwnerViewAndPath(true); } catch (\Exception $e) { //File was deleted or unshared. We need to save content as new file anyway //Sorry, but for guests it would be lost :( if (isset($uid)) { $view = new \OC\Files\View('/' . $uid . '/files'); $dir = \OCP\Config::getUserValue(\OCP\User::getUser(), 'documents', 'save_path', ''); $path = Helper::getNewFileName($view, $dir . 'New Document.odt'); } } $member = new Db\Member(); $members = $member->getActiveCollection($esId); $memberIds = array_map(function ($x) { return $x['member_id']; }, $members); // Active users except current user $memberCount = count($memberIds) - 1; if ($view->file_exists($path)) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $currentHash = sha1($view->file_get_contents($path)); \OC_FileProxy::$enabled = $proxyStatus; if (!Helper::isVersionsEnabled() && $currentHash !== $session->getGenesisHash()) { // Original file was modified externally. Save to a new one $path = Helper::getNewFileName($view, $path, '-conflict'); } $mimetype = $view->getMimeType($path); } else { $mimetype = Storage::MIMETYPE_LIBREOFFICE_WORDPROCESSOR; } $data = Filter::write($content, $mimetype); if ($view->file_put_contents($path, $data['content'])) { // Not a last user if ($memberCount > 0) { // Update genesis hash to prevent conflicts Helper::debugLog('Update hash'); $session->updateGenesisHash($esId, sha1($data['content'])); } else { // Last user. Kill session data Db\Session::cleanUp($esId); } $view->touch($path); } \OCP\JSON::success(); } catch (\Exception $e) { Helper::warnLog('Saving failed. Reason:' . $e->getMessage()); //\OCP\JSON::error(array('message'=>$e->getMessage())); \OC_Response::setStatus(500); } exit; }
/** * @brief Handle the request */ public static function handleRequest() { // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode if (!OC_Config::getValue('installed', false)) { require_once 'core/setup.php'; exit; } $host = OC_Request::insecureServerHost(); // if the host passed in headers isn't trusted if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); OC_Template::printErrorPage('You are accessing the server from an untrusted domain.', 'Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.'); return; } $request = OC_Request::getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); self::checkUpgrade(); } // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP OC::tryBasicAuthLogin(); if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) { try { if (!OC_Config::getValue('maintenance', false)) { OC_App::loadApps(); } self::checkSingleUserMode(); OC::getRouter()->match(OC_Request::getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } } $app = OC::$REQUESTEDAPP; $file = OC::$REQUESTEDFILE; $param = array('app' => $app, 'file' => $file); // Handle app css files if (substr($file, -3) == 'css') { self::loadCSSFile($param); return; } // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (strpos($location, '@') === false) { header('Location: ' . $location); return; } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. header('HTTP/1.1 405 Method Not Allowed'); header('Status: 405 Method Not Allowed'); return; } // Someone is logged in : if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); if (isset($_GET["logout"]) and $_GET["logout"]) { if (isset($_COOKIE['oc_token'])) { OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); } OC_User::logout(); header("Location: " . OC::$WEBROOT . '/'); } else { if (is_null($file)) { $param['file'] = 'index.php'; } $file_ext = substr($param['file'], -3); if ($file_ext != 'php' || !self::loadAppScriptFile($param)) { header('HTTP/1.0 404 Not Found'); } } return; } // Not handled and not logged in self::handleLogin(); }
/** * Handle the request */ public static function handleRequest() { $l = \OC_L10N::get('lib'); // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode if (!OC_Config::getValue('installed', false)) { $controller = new OC\Core\Setup\Controller(); $controller->run($_POST); exit; } $host = OC_Request::insecureServerHost(); // if the host passed in headers isn't trusted if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); OC_Template::printErrorPage($l->t('You are accessing the server from an untrusted domain.'), $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.')); return; } $request = OC_Request::getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); self::checkUpgrade(); } if (!OC_User::isLoggedIn()) { // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP OC::tryBasicAuthLogin(); } if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) { try { if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) { OC_App::loadApps(array('authentication')); OC_App::loadApps(array('filesystem', 'logging')); OC_App::loadApps(); } self::checkSingleUserMode(); OC::$server->getRouter()->match(OC_Request::getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } } // Load minimum set of apps if (!self::checkUpgrade(false)) { // For logged-in users: Load everything if (OC_User::isLoggedIn()) { OC_App::loadApps(); } else { // For guests: Load only authentication, filesystem and logging OC_App::loadApps(array('authentication')); OC_App::loadApps(array('filesystem', 'logging')); } } // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (strpos($location, '@') === false) { header('Location: ' . $location); return; } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. header('HTTP/1.1 405 Method Not Allowed'); header('Status: 405 Method Not Allowed'); return; } // Redirect to index if the logout link is accessed without valid session // this is needed to prevent "Token expired" messages while login if a session is expired // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 if (isset($_GET['logout']) && !OC_User::isLoggedIn()) { header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); return; } // Someone is logged in if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); if (isset($_GET["logout"]) and $_GET["logout"]) { OC_JSON::callCheck(); if (isset($_COOKIE['oc_token'])) { OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); } if (isset($_SERVER['PHP_AUTH_USER'])) { if (isset($_COOKIE['oc_ignore_php_auth_user'])) { // Ignore HTTP Authentication for 5 more mintues. setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { // Ignore HTTP Authentication to allow a different user to log in. setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); } } OC_User::logout(); // redirect to webroot and add slash if webroot is empty header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); } else { // Redirect to default application OC_Util::redirectToDefaultPage(); } } else { // Not handled and not logged in self::handleLogin(); } }
* but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ OCP\JSON::checkAppEnabled('files_sharing'); if (!isset($_GET['t'])) { \OC_Response::setStatus(400); //400 Bad Request exit; } if (OCA\Files_Sharing\Helper::isOutgoingServer2serverShareEnabled() === false) { \OC_Response::setStatus(404); // 404 not found exit; } $token = $_GET['t']; $password = null; if (isset($_POST['password'])) { $password = $_POST['password']; } $relativePath = null; if (isset($_GET['dir'])) { $relativePath = $_GET['dir']; } $data = \OCA\Files_Sharing\Helper::setupFromToken($token, $relativePath, $password); $linkItem = $data['linkItem']; // Load the files
/** * Handle the request */ public static function handleRequest() { \OC::$server->getEventLogger()->start('handle_request', 'Handle request'); $systemConfig = \OC::$server->getSystemConfig(); // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode if (!$systemConfig->getValue('installed', false)) { \OC::$server->getSession()->clear(); $setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom()); $controller = new OC\Core\Controller\SetupController($setupHelper); $controller->run($_POST); exit; } $request = \OC::$server->getRequest(); // Check if requested URL matches 'index.php/occ' $isOccControllerRequested = preg_match('|/index\\.php$|', $request->getScriptName()) === 1 && strpos($request->getPathInfo(), '/occ/') === 0; $requestPath = $request->getRawPathInfo(); if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode($request); $needUpgrade = self::checkUpgrade(!$isOccControllerRequested); } // emergency app disabling if ($requestPath === '/disableapp' && $request->getMethod() === 'POST' && (string) $request->getParam('appid') !== '') { \OCP\JSON::callCheck(); \OCP\JSON::checkAdminUser(); $appId = (string) $request->getParam('appid'); $appId = \OC_App::cleanAppId($appId); \OC_App::disable($appId); \OC_JSON::success(); exit; } try { // Always load authentication apps OC_App::loadApps(['authentication']); } catch (\OC\NeedsUpdateException $e) { if ($isOccControllerRequested && $needUpgrade) { OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo()); return; } throw $e; } // Load minimum set of apps if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false)) { // For logged-in users: Load everything if (OC_User::isLoggedIn()) { OC_App::loadApps(); } else { // For guests: Load only filesystem and logging OC_App::loadApps(array('filesystem', 'logging')); self::handleLogin($request); } } if (!self::$CLI) { try { if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) { OC_App::loadApps(array('filesystem', 'logging')); OC_App::loadApps(); } self::checkSingleUserMode(); OC_Util::setupFS(); OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. header('HTTP/1.1 405 Method Not Allowed'); header('Status: 405 Method Not Allowed'); return; } // Someone is logged in if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); OC_Util::setupFS(); // FIXME // Redirect to default application OC_Util::redirectToDefaultPage(); } else { // Not handled and not logged in header('Location: ' . \OC::$server->getURLGenerator()->linkToRouteAbsolute('core.login.showLoginForm')); } }
//400 Bad Request \OCP\Util::writeLog('core-preview', 'x and/or y set to 0', \OCP\Util::DEBUG); exit; } try { $preview = new \OC\Preview(\OC_User::getUser(), 'files_trashbin/files', $file); $view = new \OC\Files\View('/' . \OC_User::getUser() . '/files_trashbin/files'); if ($view->is_dir($file)) { $mimetype = 'httpd/unix-directory'; } else { $pathInfo = pathinfo(ltrim($file, '/')); $fileName = $pathInfo['basename']; // if in root dir if ($pathInfo['dirname'] === '.') { // cut off the .d* suffix $i = strrpos($fileName, '.'); if ($i !== false) { $fileName = substr($fileName, 0, $i); } } $mimetype = \OC::$server->getMimeTypeDetector()->detectPath($fileName); } $preview->setMimetype($mimetype); $preview->setMaxX($maxX); $preview->setMaxY($maxY); $preview->setScalingUp($scalingUp); $preview->showPreview(); } catch (\Exception $e) { \OC_Response::setStatus(500); \OCP\Util::writeLog('core', $e->getmessage(), \OCP\Util::DEBUG); }
* ownCloud * * @author Frank Karlitschek * @copyright 2012 Frank Karlitschek frank@owncloud.org * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ require_once '../lib/base.php'; use Symfony\Component\Routing\Exception\ResourceNotFoundException; use Symfony\Component\Routing\Exception\MethodNotAllowedException; try { OC::getRouter()->match('/ocs' . OC_Request::getRawPathInfo()); } catch (ResourceNotFoundException $e) { OC_API::setContentType(); OC_OCS::notFound(); } catch (MethodNotAllowedException $e) { OC_API::setContentType(); OC_Response::setStatus(405); }
exit; } $sharedFile = \OC\Files\Filesystem::normalizePath($file); } if ($linkedItem['item_type'] === 'file') { $parent = $pathInfo['parent']; $path = $view->getPath($parent); $sharedFile = $pathInfo['name']; } $path = \OC\Files\Filesystem::normalizePath($path, false); if (substr($path, 0, 1) === '/') { $path = substr($path, 1); } if ($maxX === 0 || $maxY === 0) { \OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST); \OCP\Util::writeLog('core-preview', 'x and/or y set to 0', \OCP\Util::DEBUG); exit; } $root = 'files/' . $path; try { $preview = new \OC\Preview($userId, $root); $preview->setFile($sharedFile); $preview->setMaxX($maxX); $preview->setMaxY($maxY); $preview->setScalingUp($scalingUp); $preview->setKeepAspect($keepAspect); $preview->showPreview(); } catch (\Exception $e) { \OC_Response::setStatus(\OC_Response::STATUS_INTERNAL_SERVER_ERROR); \OCP\Util::writeLog('core', $e->getmessage(), \OCP\Util::DEBUG); }
/** * Get the thumbnail of the image * @param string $thumbImagePath */ public function getThumbnail($thumbImagePath) { $fp = @fopen($thumbImagePath, 'rb'); $mtime = filemtime($thumbImagePath); $size = filesize($thumbImagePath); $mime = \OC_Helper::getMimetype($thumbImagePath); if ($fp) { \OCP\Response::enableCaching(); \OCP\Response::setLastModifiedHeader($mtime); header('Content-Length: ' . $size); header('Content-Type: ' . $mime); fpassthru($fp); } else { \OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND); } }