/**
* @brief Constructor
* @param string $app app providing the template
* @param string $name of the template file (without suffix)
* @param string $renderas = ""; produce a full page
* @return OC_Template object
*
* This function creates an OC_Template object.
*
* If $renderas is set, OC_Template will try to produce a full page in the
* according layout. For now, renderas can be set to "guest", "user" or
* "admin".
*/
public function __construct($app, $name, $renderas = "")
{
// Read the selected theme from the config file
$theme = OC_Util::getTheme();
// Read the detected formfactor and use the right file name.
$fext = self::getFormFactorExtension();
$requesttoken = OC::$session ? OC_Util::callRegister() : '';
$parts = explode('/', $app);
// fix translation when app is something like core/lostpassword
$l10n = OC_L10N::get($parts[0]);
$themeDefaults = new OC_Defaults();
list($path, $template) = $this->findTemplate($theme, $app, $name, $fext);
// Set the private data
$this->renderas = $renderas;
$this->path = $path;
parent::__construct($template, $requesttoken, $l10n, $themeDefaults);
// Some headers to enhance security
header('X-XSS-Protection: 1; mode=block');
// Enforce browser based XSS filters
header('X-Content-Type-Options: nosniff');
// Disable sniffing the content type for IE
// iFrame Restriction Policy
$xFramePolicy = OC_Config::getValue('xframe_restriction', true);
if ($xFramePolicy) {
header('X-Frame-Options: Sameorigin');
// Disallow iFraming from other domains
}
// Content Security Policy
// If you change the standard policy, please also change it in config.sample.php
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; ' . 'script-src \'self\' \'unsafe-eval\'; ' . 'style-src \'self\' \'unsafe-inline\'; ' . 'frame-src *; ' . 'img-src *; ' . 'font-src \'self\' data:; ' . 'media-src *');
header('Content-Security-Policy:' . $policy);
// Standard
}
/**
* Constructor
* @param string $app app providing the template
* @param string $name of the template file (without suffix)
* @param string $renderas = ""; produce a full page
* @param bool $registerCall = true
* @return OC_Template object
*
* This function creates an OC_Template object.
*
* If $renderas is set, OC_Template will try to produce a full page in the
* according layout. For now, renderas can be set to "guest", "user" or
* "admin".
*/
public function __construct($app, $name, $renderas = "", $registerCall = true)
{
// Read the selected theme from the config file
$theme = OC_Util::getTheme();
$requesttoken = (OC::$server->getSession() and $registerCall) ? OC_Util::callRegister() : '';
$parts = explode('/', $app);
// fix translation when app is something like core/lostpassword
$l10n = \OC::$server->getL10N($parts[0]);
$themeDefaults = new OC_Defaults();
list($path, $template) = $this->findTemplate($theme, $app, $name);
// Set the private data
$this->renderas = $renderas;
$this->path = $path;
$this->app = $app;
parent::__construct($template, $requesttoken, $l10n, $themeDefaults);
}
/**
* @brief Constructor
* @param string $app app providing the template
* @param string $name of the template file (without suffix)
* @param string $renderas = ""; produce a full page
* @return OC_Template object
*
* This function creates an OC_Template object.
*
* If $renderas is set, OC_Template will try to produce a full page in the
* according layout. For now, renderas can be set to "guest", "user" or
* "admin".
*/
public function __construct($app, $name, $renderas = "")
{
// Read the selected theme from the config file
$theme = OC_Util::getTheme();
// Read the detected formfactor and use the right file name.
$fext = self::getFormFactorExtension();
$requesttoken = OC::$session ? OC_Util::callRegister() : '';
$parts = explode('/', $app);
// fix translation when app is something like core/lostpassword
$l10n = OC_L10N::get($parts[0]);
$themeDefaults = new OC_Defaults();
list($path, $template) = $this->findTemplate($theme, $app, $name, $fext);
// Set the private data
$this->renderas = $renderas;
$this->path = $path;
parent::__construct($template, $requesttoken, $l10n, $themeDefaults);
}
/**
* Show a single chart
*
* @NoCSRFRequired
* @NoAdminRequired
* @param string $id
* @return TemplateResponse
*/
public function displayChart($id)
{
$chartConfigs = $this->configService->getCharts();
foreach($chartConfigs as $config)
{
if ( $config->getId() == $id )
{
break;
}
}
$chart = $this->chartService->getChartByConfig($config);
$templateName = 'main'; // will use templates/main.php
return new TemplateResponse($this->appName, $templateName, array('chart' => $chart, 'configs' => $chartConfigs, 'requesttoken' => \OC_Util::callRegister()));
}
function testCallRegister()
{
$result = strlen(OC_Util::callRegister());
$this->assertEquals(20, $result);
}
*/
// Check if we are a user
OCP\User::checkLoggedIn();
OCP\App::checkAppEnabled('bookmarks');
// Prep screen if we come from the bookmarklet
$url = '';
if (isset($_GET['url'])) {
$url = $_GET['url'];
}
if (!isset($_GET['title']) || trim($_GET['title']) == '') {
$datas = OC_Bookmarks_Bookmarks::getURLMetadata($url);
$title = isset($datas['title']) ? $datas['title'] : '';
} else {
$title = $_GET['title'];
}
OCP\Util::addscript('bookmarks/3rdparty', 'tag-it');
OCP\Util::addscript('bookmarks', 'addBm');
OCP\Util::addStyle('bookmarks', 'bookmarks');
OCP\Util::addStyle('bookmarks/3rdparty', 'jquery.tagit');
$bm = array('title' => $title, 'url' => $url, 'tags' => array(), 'desc' => '', 'is_public' => 0);
//Find All Tags
$qtags = OC_Bookmarks_Bookmarks::findTags(array(), 0, 400);
$tags = array();
foreach ($qtags as $tag) {
$tags[] = $tag['tag'];
}
$tmpl = new OCP\Template('bookmarks', 'addBm', 'base');
$tmpl->assign('requesttoken', OC_Util::callRegister());
$tmpl->assign('bookmark', $bm);
$tmpl->assign('tags', json_encode($tags));
$tmpl->printPage();
/**
* Try to login a user using HTTP authentication.
* @return bool
*/
protected static function tryBasicAuthLogin()
{
if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"]) || isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) {
return false;
}
if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
OC_User::unsetMagicInCookie();
$_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
}
return true;
}
/**
* @brief Constructor
* @param string $app app providing the template
* @param string $file name of the template file (without suffix)
* @param string $renderas = ""; produce a full page
* @return OC_Template object
*
* This function creates an OC_Template object.
*
* If $renderas is set, OC_Template will try to produce a full page in the
* according layout. For now, renderas can be set to "guest", "user" or
* "admin".
*/
public function __construct($app, $name, $renderas = "")
{
// Set the private data
$this->renderas = $renderas;
$this->application = $app;
$this->vars = array();
$this->vars['requesttoken'] = OC_Util::callRegister();
$this->vars['requestlifespan'] = OC_Util::$callLifespan;
$parts = explode('/', $app);
// fix translation when app is something like core/lostpassword
$this->l10n = OC_L10N::get($parts[0]);
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
$this->findTemplate($name);
}
private function uploadFileBkp($file)
{
//$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH,
// \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_UPPER.
// \OCP\Security\ISecureRandom::CHAR_DIGITS
// );
$fd = ['requesttoken' => \OC_Util::callRegister(), 'dir' => '/', 'file_directory' => 'Talks'];
//$fd['file'] = '@' . $this->dir.'/'.$file['filename'];
$filename = $this->dir . '/' . $file['filename'];
$path = realpath(dirname(dirname(dirname(__DIR__))));
include $path . '/config/config.php';
$url = $CONFIG['overwrite.cli.url'] . "/index.php/apps/files/ajax/upload.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fd);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$fh_res = fopen($filename, 'r');
curl_setopt($ch, CURLOPT_INFILE, $fh_res);
curl_setopt($ch, CURLOPT_INFILESIZE, filesize($filename));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, TRUE);
// --data-binary
$resultCurl = curl_exec($ch);
fclose($fh_res);
//print_r($resultCurl);
file_put_contents('/tmp/inb.log', "\nCurl result : " . print_r($resultCurl, true) . "\n", FILE_APPEND);
$errorCurl = curl_error($ch);
//print_r($errorCurl);
file_put_contents('/tmp/inb.log', "\nCurl error : " . print_r($errorCurl, true) . "\n", FILE_APPEND);
curl_close($ch);
return $resultCurl['id'];
//TODO Взнати id файла
}
protected static function tryBasicAuthLogin()
{
if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])) {
return false;
}
OC_App::loadApps(array('authentication'));
if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
//OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG);
OC_User::unsetMagicInCookie();
$_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
}
return true;
}
/**
* Try to login a user using HTTP authentication.
* @return bool
*/
protected static function tryBasicAuthLogin() {
if (!isset($_SERVER["PHP_AUTH_USER"])
|| !isset($_SERVER["PHP_AUTH_PW"])
|| (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER'])
) {
return false;
}
if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
//OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG);
OC_User::unsetMagicInCookie();
$_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
}
return true;
}
/**
*
* @NoAdminRequired
* @NoCSRFRequired
* @return TemplateResponse
*/
public function run()
{
return new TemplateResponse($this->appName, 'main', array('requesttoken' => \OC_Util::callRegister()));
}
/**
* Show a single chart
*
* @NoCSRFRequired
* @NoAdminRequired
* @param string $id
* @throws \OCA\ocUsageCharts\Exception\ChartServiceException
*
* @return TemplateResponse
*/
public function displayChart($id)
{
$selectedConfig = null;
$chartConfigs = $this->configService->getChartsForLoggedInUser();
foreach ($chartConfigs as $config) {
if ($config->getId() == $id) {
$selectedConfig = $config;
break;
}
}
if (is_null($selectedConfig)) {
throw new ChartServiceException('No config found for selected ID');
}
$chart = $this->chartService->getChartByConfig($selectedConfig);
$templateName = 'main';
// will use templates/main.php
return new TemplateResponse($this->appName, $templateName, array('chart' => $chart, 'configs' => $chartConfigs, 'requesttoken' => \OC_Util::callRegister()));
}
/**
* @brief Constructor
* @param string $app app providing the template
* @param string $file name of the template file (without suffix)
* @param string $renderas = ""; produce a full page
* @return OC_Template object
*
* This function creates an OC_Template object.
*
* If $renderas is set, OC_Template will try to produce a full page in the
* according layout. For now, renderas can be set to "guest", "user" or
* "admin".
*/
public function __construct($app, $name, $renderas = "")
{
// Set the private data
$this->renderas = $renderas;
$this->application = $app;
$this->vars = array();
$this->vars['requesttoken'] = OC_Util::callRegister();
$parts = explode('/', $app);
// fix translation when app is something like core/lostpassword
$this->l10n = OC_L10N::get($parts[0]);
// Some headers to enhance security
header('X-XSS-Protection: 1; mode=block');
// Enforce browser based XSS filters
header('X-Content-Type-Options: nosniff');
// Disable sniffing the content type for IE
// iFrame Restriction Policy
$xFramePolicy = OC_Config::getValue('xframe_restriction', true);
if ($xFramePolicy) {
header('X-Frame-Options: Sameorigin');
// Disallow iFraming from other domains
}
// Content Security Policy
// If you change the standard policy, please also change it in config.sample.php
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; ' . 'script-src \'self\' \'unsafe-eval\'; ' . 'style-src \'self\' \'unsafe-inline\'; ' . 'frame-src *; ' . 'img-src *; ' . 'font-src \'self\' data:; ' . 'media-src *');
header('Content-Security-Policy:' . $policy);
// Standard
$this->findTemplate($name);
}
/**
* @brief Constructor
* @param $app app providing the template
* @param $file name of the template file (without suffix)
* @param $renderas = ""; produce a full page
* @returns OC_Template object
*
* This function creates an OC_Template object.
*
* If $renderas is set, OC_Template will try to produce a full page in the
* according layout. For now, renderas can be set to "guest", "user" or
* "admin".
*/
public function __construct($app, $name, $renderas = "")
{
// Set the private data
$this->renderas = $renderas;
$this->application = $app;
$this->vars = array();
if ($renderas == 'user') {
$this->vars['requesttoken'] = OC_Util::callRegister();
}
$this->l10n = OC_L10N::get($app);
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
$this->findTemplate($name);
}
/**
* Register an get/post call. This is important to prevent CSRF attacks
* TODO: write example
* @since 4.5.0
*/
public static function callRegister()
{
return \OC_Util::callRegister();
}
/**
* Supplies an attribute to the logout hyperlink. The default behaviour
* is to return an href with '?logout=true' appended. However, it can
* supply any attribute(s) which are valid for <a>.
*
* @return string with one or more HTML attributes.
*/
public static function getLogoutAttribute()
{
$backend = self::findFirstActiveUsedBackend();
if ($backend) {
return $backend->getLogoutAttribute();
}
return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(OC_Util::callRegister()) . '"';
}
/**
* @param int $talkid
* @param string $text
* Save an answer to the talk
*/
public function answerTalk($args)
{
$talkid = $args['talkid'];
$text = $args['text'];
$users = $this->connect->users();
$messages = $this->connect->messages();
$message = $messages->getByReply($talkid);
$talk = $messages->getById($talkid)[0];
$usermessages = $this->connect->userMessage();
//$usermessages = $this->getUserMessages($this->userId);
if (!($usermessage = $usermessages->getMessageById($message['id']))) {
$usermessages->createStatus($message['id'], $this->userId);
$usermessage = $usermessages->getMessageById($message['id']);
}
if ($message['status'] < 2) {
$message['status'] = 2;
$messages->setStatus($message['mid'], 2);
}
$subscribers = explode(',', $talk['subscribers']);
if (!in_array($this->userId, $subscribers)) {
$subscribers[] = $this->userId;
} else {
unset($subscribers[array_search($this->userId, $subscribers)]);
$talk['subscribers'] = $subscribers;
$subscribers[] = $talk['author'];
//$subscribers[] = $this->userId;
$talk['subscribers'] = $subscribers;
}
$mailsubscribers = array();
$groupspref = array();
foreach ($subscribers as $s => $subscriber) {
if (strstr($subscriber, "-group")) {
$group = substr($subscriber, 0, strpos($subscriber, "-group"));
if ($group && is_string($group)) {
foreach ($users->getUsersFromGroup($group) as $gu => $groupuser) {
$user = $users->getUserDetails($groupuser['uid']);
$groupusers[$groupuser['uid']] = $user;
}
$mailsubscribers[$group] = ['groupid' => $group, 'grouppref' => $group . '-group', 'groupusers' => $groupusers];
$groupspref[] = $group . '-group';
}
} else {
if (!($subscriber == $this->userId)) {
$allusers[$subscriber] = $users->getUserDetails($subscriber);
}
}
}
$mailsubscribers['ungroupped'] = ['groupusers' => $allusers];
if (count($mailsubscribers) > 0 && count($groupspref) > 0) {
$messageSubscribers = implode(',', $groupspref);
if (count($mailsubscribers['ungroupped']['groupusers']) > 0) {
$messageSubscribers .= ',' . implode(',', array_keys($mailsubscribers['ungroupped']['groupusers']));
}
} else {
$messageSubscribers = implode(',', array_keys($mailsubscribers['ungroupped']['groupusers']));
}
$messagedata = array('rid' => $talkid, 'date' => date("Y-m-d h:i:s"), 'title' => Helper::checkTxt($text), 'text' => '', 'author' => $this->userId, 'subscribers' => $messageSubscribers, 'hash' => isset($talk['hash']) && !empty($talk['hash']) ? $talk['hash'] : md5(date("Y-m-d h:i:s") . '' . $text), 'status' => 0);
$messages = $this->connect->messages();
$saved = $messages->save($messagedata);
//$saved = 1;
if ($saved) {
foreach ($subscribers as $s => $subscriber) {
if (is_string($subscriber) && !empty($subscriber)) {
$usermessagedata = ['uid' => $subscriber, 'mid' => $saved, 'status' => 0];
$usermessages->save($usermessagedata);
}
}
$sent = $this->sendMessage($saved, $mailsubscribers, $this->userId, $messagedata);
foreach ($mailsubscribers as $m => $ms) {
if ($m == 'ungroupped') {
$sent = $this->sendMessage($saved, $ms['groupusers'], $this->userId, $messagedata);
} else {
$messagedata['groupsid'] = $ms['grouppref'];
$sent = $this->sendMessage($saved, $ms['groupusers'], $ms['grouppref'], $messagedata);
}
}
$params = array('answerid' => $saved, 'author' => $this->userId, 'date' => date("Y-m-d h:i:s"), 'title' => Helper::checkTxt($text), 'sent' => $sent, 'appname' => $this->appName);
} else {
$params = array('title' => Helper::checkTxt($text));
}
$view = Helper::renderPartial($this->appName, 'api.addanswer', $params);
$params = array('user' => $this->userId, 'view' => $view, 'requesttoken' => !\OC_Util::isCallRegistered() ? '' : \OC_Util::callRegister());
return new DataResponse($params);
}
