2012-05-05 20:54:14 +00:00
|
|
|
<?php
|
2015-03-26 10:44:34 +00:00
|
|
|
/**
|
2016-07-21 15:07:57 +00:00
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
|
|
*
|
2015-03-26 10:44:34 +00:00
|
|
|
* @author Brice Maron <brice@bmaron.net>
|
|
|
|
* @author Christopher Schäpers <kondou@ts.unde.re>
|
2016-07-21 15:07:57 +00:00
|
|
|
* @author Joas Schilling <coding@schilljs.com>
|
2015-03-26 10:44:34 +00:00
|
|
|
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
|
2016-05-26 17:56:05 +00:00
|
|
|
* @author Lukas Reschke <lukas@statuscode.ch>
|
2016-07-21 16:13:36 +00:00
|
|
|
* @author Robin Appelman <robin@icewind.nl>
|
2016-01-12 14:02:16 +00:00
|
|
|
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
2015-03-26 10:44:34 +00:00
|
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
|
|
|
* @author Vincent Petry <pvince81@owncloud.com>
|
|
|
|
*
|
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*
|
|
|
|
*/
|
2015-06-29 13:47:05 +00:00
|
|
|
|
2015-08-30 17:13:01 +00:00
|
|
|
use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
|
2015-06-29 13:47:05 +00:00
|
|
|
use Sabre\DAV\Exception\ServiceUnavailable;
|
|
|
|
use Sabre\DAV\Server;
|
|
|
|
|
2015-06-29 20:08:34 +00:00
|
|
|
/**
|
|
|
|
* Class RemoteException
|
|
|
|
* Dummy exception class to be use locally to identify certain conditions
|
2015-08-18 13:02:30 +00:00
|
|
|
* Will not be logged to avoid DoS
|
2015-06-29 20:08:34 +00:00
|
|
|
*/
|
|
|
|
class RemoteException extends Exception {
|
|
|
|
}
|
|
|
|
|
2015-06-29 13:47:05 +00:00
|
|
|
/**
|
2016-04-20 16:01:47 +00:00
|
|
|
* @param Exception | Error $e
|
2015-06-29 13:47:05 +00:00
|
|
|
*/
|
2016-04-20 16:01:47 +00:00
|
|
|
function handleException($e) {
|
2015-06-29 13:47:05 +00:00
|
|
|
$request = \OC::$server->getRequest();
|
|
|
|
// in case the request content type is text/xml - we assume it's a WebDAV request
|
2015-06-29 20:08:34 +00:00
|
|
|
$isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml');
|
|
|
|
if ($isXmlContentType === 0) {
|
2015-06-29 13:47:05 +00:00
|
|
|
// fire up a simple server to properly process the exception
|
|
|
|
$server = new Server();
|
2015-08-18 13:02:30 +00:00
|
|
|
if (!($e instanceof RemoteException)) {
|
|
|
|
// we shall not log on RemoteException
|
|
|
|
$server->addPlugin(new ExceptionLoggerPlugin('webdav', \OC::$server->getLogger()));
|
|
|
|
}
|
2015-06-29 13:47:05 +00:00
|
|
|
$server->on('beforeMethod', function () use ($e) {
|
2015-06-29 20:08:34 +00:00
|
|
|
if ($e instanceof RemoteException) {
|
|
|
|
switch ($e->getCode()) {
|
|
|
|
case OC_Response::STATUS_SERVICE_UNAVAILABLE:
|
|
|
|
throw new ServiceUnavailable($e->getMessage());
|
|
|
|
case OC_Response::STATUS_NOT_FOUND:
|
|
|
|
throw new \Sabre\DAV\Exception\NotFound($e->getMessage());
|
|
|
|
}
|
|
|
|
}
|
2015-06-29 13:47:05 +00:00
|
|
|
$class = get_class($e);
|
|
|
|
$msg = $e->getMessage();
|
|
|
|
throw new ServiceUnavailable("$class: $msg");
|
|
|
|
});
|
|
|
|
$server->exec();
|
|
|
|
} else {
|
2015-06-29 20:08:34 +00:00
|
|
|
$statusCode = OC_Response::STATUS_INTERNAL_SERVER_ERROR;
|
2015-06-29 13:47:05 +00:00
|
|
|
if ($e instanceof \OC\ServiceUnavailableException ) {
|
2015-06-29 20:08:34 +00:00
|
|
|
$statusCode = OC_Response::STATUS_SERVICE_UNAVAILABLE;
|
2015-06-29 13:47:05 +00:00
|
|
|
}
|
2015-06-29 20:08:34 +00:00
|
|
|
if ($e instanceof RemoteException) {
|
2015-08-18 13:02:30 +00:00
|
|
|
// we shall not log on RemoteException
|
2015-06-29 20:08:34 +00:00
|
|
|
OC_Response::setStatus($e->getCode());
|
|
|
|
OC_Template::printErrorPage($e->getMessage());
|
|
|
|
} else {
|
2016-04-20 16:01:47 +00:00
|
|
|
\OC::$server->getLogger()->logException($e, ['app' => 'remote']);
|
2015-06-29 20:08:34 +00:00
|
|
|
OC_Response::setStatus($statusCode);
|
|
|
|
OC_Template::printExceptionErrorPage($e);
|
|
|
|
}
|
2015-06-29 13:47:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-04-05 07:59:43 +00:00
|
|
|
/**
|
|
|
|
* @param $service
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
function resolveService($service) {
|
|
|
|
$services = [
|
|
|
|
'webdav' => 'dav/appinfo/v1/webdav.php',
|
|
|
|
'dav' => 'dav/appinfo/v2/remote.php',
|
|
|
|
'caldav' => 'dav/appinfo/v1/caldav.php',
|
|
|
|
'calendar' => 'dav/appinfo/v1/caldav.php',
|
|
|
|
'carddav' => 'dav/appinfo/v1/carddav.php',
|
|
|
|
'contacts' => 'dav/appinfo/v1/carddav.php',
|
|
|
|
'files' => 'dav/appinfo/v1/webdav.php',
|
|
|
|
];
|
|
|
|
if (isset($services[$service])) {
|
|
|
|
return $services[$service];
|
|
|
|
}
|
|
|
|
|
|
|
|
return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
|
|
|
|
}
|
|
|
|
|
2013-06-10 11:45:19 +00:00
|
|
|
try {
|
2016-10-06 10:13:02 +00:00
|
|
|
require_once __DIR__ . '/lib/base.php';
|
2014-06-25 16:17:17 +00:00
|
|
|
|
2016-04-12 11:30:37 +00:00
|
|
|
// All resources served via the DAV endpoint should have the strictest possible
|
|
|
|
// policy. Exempted from this is the SabreDAV browser plugin which overwrites
|
|
|
|
// this policy with a softer one if debug mode is enabled.
|
|
|
|
header("Content-Security-Policy: default-src 'none';");
|
|
|
|
|
2014-06-25 16:17:17 +00:00
|
|
|
if (\OCP\Util::needUpgrade()) {
|
|
|
|
// since the behavior of apps or remotes are unpredictable during
|
|
|
|
// an upgrade, return a 503 directly
|
2015-06-29 20:08:34 +00:00
|
|
|
throw new RemoteException('Service unavailable', OC_Response::STATUS_SERVICE_UNAVAILABLE);
|
2014-06-25 16:17:17 +00:00
|
|
|
}
|
|
|
|
|
2015-02-10 12:02:48 +00:00
|
|
|
$request = \OC::$server->getRequest();
|
|
|
|
$pathInfo = $request->getPathInfo();
|
|
|
|
if ($pathInfo === false || $pathInfo === '') {
|
2015-06-29 20:08:34 +00:00
|
|
|
throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
|
2013-06-10 11:45:19 +00:00
|
|
|
}
|
2015-02-10 12:02:48 +00:00
|
|
|
if (!$pos = strpos($pathInfo, '/', 1)) {
|
|
|
|
$pos = strlen($pathInfo);
|
2013-06-10 11:45:19 +00:00
|
|
|
}
|
2015-02-10 12:02:48 +00:00
|
|
|
$service=substr($pathInfo, 1, $pos-1);
|
2012-06-24 08:06:42 +00:00
|
|
|
|
2016-04-05 07:59:43 +00:00
|
|
|
$file = resolveService($service);
|
2012-07-13 22:10:17 +00:00
|
|
|
|
2013-06-10 11:45:19 +00:00
|
|
|
if(is_null($file)) {
|
2015-06-29 20:08:34 +00:00
|
|
|
throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
|
2013-06-10 11:45:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$file=ltrim($file, '/');
|
|
|
|
|
|
|
|
$parts=explode('/', $file, 2);
|
|
|
|
$app=$parts[0];
|
2014-05-10 12:00:22 +00:00
|
|
|
|
|
|
|
// Load all required applications
|
|
|
|
\OC::$REQUESTEDAPP = $app;
|
2014-05-28 19:43:48 +00:00
|
|
|
OC_App::loadApps(array('authentication'));
|
|
|
|
OC_App::loadApps(array('filesystem', 'logging'));
|
2014-05-10 12:00:22 +00:00
|
|
|
|
2013-06-10 11:45:19 +00:00
|
|
|
switch ($app) {
|
|
|
|
case 'core':
|
|
|
|
$file = OC::$SERVERROOT .'/'. $file;
|
|
|
|
break;
|
|
|
|
default:
|
2014-09-04 13:23:55 +00:00
|
|
|
if (!\OC::$server->getAppManager()->isInstalled($app)) {
|
2015-08-18 13:02:30 +00:00
|
|
|
throw new RemoteException('App not installed: ' . $app);
|
2014-09-04 13:23:55 +00:00
|
|
|
}
|
2013-06-10 11:45:19 +00:00
|
|
|
OC_App::loadApp($app);
|
2014-02-20 13:51:23 +00:00
|
|
|
$file = OC_App::getAppPath($app) .'/'. $parts[1];
|
2013-06-10 11:45:19 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
$baseuri = OC::$WEBROOT . '/remote.php/'.$service.'/';
|
|
|
|
require_once $file;
|
|
|
|
|
|
|
|
} catch (Exception $ex) {
|
2015-06-29 13:47:05 +00:00
|
|
|
handleException($ex);
|
2016-04-20 16:01:47 +00:00
|
|
|
} catch (Error $e) {
|
2016-05-02 11:10:03 +00:00
|
|
|
handleException($e);
|
2013-08-18 09:02:08 +00:00
|
|
|
}
|