2010-03-10 12:03:40 +00:00
< ? php
/**
2011-04-15 17:24:23 +00:00
* ownCloud
*
* @ author Frank Karlitschek
* @ copyright 2010 Frank Karlitschek karlitschek @ kde . org
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation ; either
* version 3 of the License , or any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details .
*
* You should have received a copy of the GNU Affero General Public
* License along with this library . If not , see < http :// www . gnu . org / licenses />.
*
*/
2010-03-10 12:03:40 +00:00
2011-08-02 16:31:42 +00:00
/**
* Class that is a namespace for all global OC variables
2011-08-06 09:36:56 +00:00
* No , we can not put this class in its own file because it is used by
* OC_autoload !
2011-08-02 16:31:42 +00:00
*/
class OC {
/**
* Assoziative array for autoloading . classname => filename
*/
public static $CLASSPATH = array ();
2011-08-02 16:48:19 +00:00
/**
* $_SERVER [ 'DOCUMENTROOT' ] but without symlinks
*/
public static $DOCUMENTROOT = '' ;
/**
2011-08-06 21:04:39 +00:00
* The installation path for owncloud on the server ( e . g . / srv / http / owncloud )
2011-08-02 16:48:19 +00:00
*/
public static $SERVERROOT = '' ;
/**
2011-08-06 21:04:39 +00:00
* the current request path relative to the owncloud root ( e . g . files / index . php )
2011-08-02 16:48:19 +00:00
*/
public static $SUBURI = '' ;
/**
2011-08-06 21:04:39 +00:00
* the owncloud root path for http requests ( e . g . owncloud / )
2011-08-02 16:48:19 +00:00
*/
public static $WEBROOT = '' ;
/**
2011-08-06 21:04:39 +00:00
* the folder that stores that data files for the filesystem of the user ( e . g . / srv / http / owncloud / data / myusername / files )
2011-08-02 16:48:19 +00:00
*/
public static $CONFIG_DATADIRECTORY = '' ;
/**
2011-08-06 21:04:39 +00:00
* the folder that stores the data for the root filesystem ( e . g . / srv / http / owncloud / data )
2011-08-02 16:48:19 +00:00
*/
public static $CONFIG_DATADIRECTORY_ROOT = '' ;
2012-02-23 14:37:38 +00:00
/**
* The installation path of the 3 rdparty folder on the server ( e . g . / srv / http / owncloud / 3 rdparty )
*/
public static $THIRDPARTYROOT = '' ;
/**
* the root path of the 3 rdparty folder for http requests ( e . g . owncloud / 3 rdparty )
*/
public static $THIRDPARTYWEBROOT = '' ;
2012-04-18 06:20:51 +00:00
/**
* The installation path of the apps folder on the server ( e . g . / srv / http / owncloud )
*/
public static $APPSROOT = '' ;
/**
* the root path of the apps folder for http requests ( e . g . owncloud )
*/
public static $APPSWEBROOT = '' ;
/*
* requested app
*/
public static $REQUESTEDAPP = '' ;
/*
* requested file of app
*/
public static $REQUESTEDFILE = '' ;
2011-08-06 09:36:56 +00:00
/**
* SPL autoload
*/
public static function autoload ( $className ){
if ( array_key_exists ( $className , OC :: $CLASSPATH )){
require_once OC :: $CLASSPATH [ $className ];
}
elseif ( strpos ( $className , 'OC_' ) === 0 ){
require_once strtolower ( str_replace ( '_' , '/' , substr ( $className , 3 )) . '.php' );
}
2012-04-23 13:50:30 +00:00
elseif ( strpos ( $className , 'OCP\\' ) === 0 ){
require_once 'public/' . strtolower ( str_replace ( '\\' , '/' , substr ( $className , 3 )) . '.php' );
}
2011-09-18 18:57:05 +00:00
elseif ( strpos ( $className , 'Sabre_' ) === 0 ) {
require_once str_replace ( '_' , '/' , $className ) . '.php' ;
}
2012-02-12 17:06:32 +00:00
elseif ( strpos ( $className , 'Test_' ) === 0 ){
require_once 'tests/lib/' . strtolower ( str_replace ( '_' , '/' , substr ( $className , 5 )) . '.php' );
}
2011-07-27 17:07:28 +00:00
}
2010-06-26 22:16:09 +00:00
2012-01-06 16:21:24 +00:00
/**
* autodetects the formfactor of the used device
* default -> the normal desktop browser interface
* mobile -> interface for smartphones
* tablet -> interface for tablets
* standalone -> the default interface but without header , footer and sidebar . just the application . useful to ue just a specific app on the desktop in a standalone window .
*/
public static function detectFormfactor (){
// please add more useragent strings for other devices
if ( isset ( $_SERVER [ 'HTTP_USER_AGENT' ])){
if ( stripos ( $_SERVER [ 'HTTP_USER_AGENT' ], 'ipad' ) > 0 ) {
$mode = 'tablet' ;
} elseif ( stripos ( $_SERVER [ 'HTTP_USER_AGENT' ], 'iphone' ) > 0 ){
$mode = 'mobile' ;
} elseif (( stripos ( $_SERVER [ 'HTTP_USER_AGENT' ], 'N9' ) > 0 ) and ( stripos ( $_SERVER [ 'HTTP_USER_AGENT' ], 'nokia' ) > 0 )){
$mode = 'mobile' ;
} else {
$mode = 'default' ;
}
} else {
$mode = 'default' ;
}
return ( $mode );
}
2012-03-19 20:42:59 +00:00
public static function initPaths (){
2011-09-18 18:57:05 +00:00
// calculate the documentroot
OC :: $DOCUMENTROOT = realpath ( $_SERVER [ 'DOCUMENT_ROOT' ]);
OC :: $SERVERROOT = str_replace ( " \\ " , '/' , substr ( __FILE__ , 0 , - 13 ));
OC :: $SUBURI = substr ( realpath ( $_SERVER [ " SCRIPT_FILENAME " ]), strlen ( OC :: $SERVERROOT ));
$scriptName = $_SERVER [ " SCRIPT_NAME " ];
if ( substr ( $scriptName , - 1 ) == '/' ){
$scriptName .= 'index.php' ;
2012-02-26 03:09:48 +00:00
//make sure suburi follows the same rules as scriptName
if ( substr ( OC :: $SUBURI , - 9 ) != 'index.php' ){
if ( substr ( OC :: $SUBURI , - 1 ) != '/' ){
OC :: $SUBURI = OC :: $SUBURI . '/' ;
}
OC :: $SUBURI = OC :: $SUBURI . 'index.php' ;
}
2011-09-18 18:57:05 +00:00
}
2012-03-01 14:19:44 +00:00
OC :: $WEBROOT = substr ( $scriptName , 0 , strlen ( $scriptName ) - strlen ( OC :: $SUBURI ));
2012-02-28 17:21:23 +00:00
// try a new way to detect the WEBROOT which is simpler and also works with the app directory outside the owncloud folder. let´ s see if this works for everybody
2012-03-01 14:19:44 +00:00
// OC::$WEBROOT=substr(OC::$SERVERROOT,strlen(OC::$DOCUMENTROOT));
2011-08-06 09:36:56 +00:00
2012-02-23 14:37:38 +00:00
2011-09-18 18:57:05 +00:00
if ( OC :: $WEBROOT != '' and OC :: $WEBROOT [ 0 ] !== '/' ){
OC :: $WEBROOT = '/' . OC :: $WEBROOT ;
}
2011-03-02 21:18:22 +00:00
2012-03-23 17:52:41 +00:00
// ensure we can find OC_Config
set_include_path (
OC :: $SERVERROOT . '/lib' . PATH_SEPARATOR .
get_include_path ()
);
2012-02-23 14:37:38 +00:00
// search the 3rdparty folder
if ( OC_Config :: getValue ( '3rdpartyroot' , '' ) <> '' and OC_Config :: getValue ( '3rdpartyurl' , '' ) <> '' ){
OC :: $THIRDPARTYROOT = OC_Config :: getValue ( '3rdpartyroot' , '' );
OC :: $THIRDPARTYWEBROOT = OC_Config :: getValue ( '3rdpartyurl' , '' );
} elseif ( file_exists ( OC :: $SERVERROOT . '/3rdparty' )){
OC :: $THIRDPARTYROOT = OC :: $SERVERROOT ;
OC :: $THIRDPARTYWEBROOT = OC :: $WEBROOT ;
} elseif ( file_exists ( OC :: $SERVERROOT . '/../3rdparty' )){
2012-03-01 21:04:13 +00:00
OC :: $THIRDPARTYWEBROOT = rtrim ( dirname ( OC :: $WEBROOT ), '/' );
OC :: $THIRDPARTYROOT = rtrim ( dirname ( OC :: $SERVERROOT ), '/' );
2012-02-23 14:37:38 +00:00
} else {
echo ( " 3rdparty directory not found! Please put the ownCloud 3rdparty folder in the ownCloud folder or the folder above. You can also configure the location in the config.php file. " );
exit ;
}
2012-02-28 17:21:23 +00:00
// search the apps folder
2012-04-18 06:20:51 +00:00
if ( OC_Config :: getValue ( 'appsroot' , '' ) <> '' ){
OC :: $APPSROOT = OC_Config :: getValue ( 'appsroot' , '' );
OC :: $APPSWEBROOT = OC_Config :: getValue ( 'appsurl' , '' );
} elseif ( file_exists ( OC :: $SERVERROOT . '/apps' )){
2012-02-28 17:21:23 +00:00
OC :: $APPSROOT = OC :: $SERVERROOT ;
OC :: $APPSWEBROOT = OC :: $WEBROOT ;
} elseif ( file_exists ( OC :: $SERVERROOT . '/../apps' )){
2012-03-01 21:04:13 +00:00
OC :: $APPSROOT = rtrim ( dirname ( OC :: $SERVERROOT ), '/' );
2012-04-18 06:20:51 +00:00
OC :: $APPSWEBROOT = rtrim ( dirname ( OC :: $WEBROOT ), '/' );
2012-02-28 17:21:23 +00:00
} else {
echo ( " apps directory not found! Please put the ownCloud apps folder in the ownCloud folder or the folder above. You can also configure the location in the config.php file. " );
exit ;
}
2012-02-23 14:37:38 +00:00
2011-09-18 18:57:05 +00:00
// set the right include path
2012-03-01 19:56:51 +00:00
set_include_path (
OC :: $SERVERROOT . '/lib' . PATH_SEPARATOR .
OC :: $SERVERROOT . '/config' . PATH_SEPARATOR .
OC :: $THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR .
OC :: $APPSROOT . PATH_SEPARATOR .
OC :: $APPSROOT . '/apps' . PATH_SEPARATOR .
get_include_path () . PATH_SEPARATOR .
OC :: $SERVERROOT
);
2012-03-19 20:42:59 +00:00
}
2011-04-16 10:18:42 +00:00
2012-03-19 20:42:59 +00:00
public static function checkInstalled () {
2012-02-11 22:37:35 +00:00
// Redirect to installer if not installed
if ( ! OC_Config :: getValue ( 'installed' , false ) && OC :: $SUBURI != '/index.php' ) {
$url = 'http://' . $_SERVER [ 'SERVER_NAME' ] . OC :: $WEBROOT . '/index.php' ;
header ( " Location: $url " );
exit ();
}
2012-03-19 20:42:59 +00:00
}
2012-02-11 22:37:35 +00:00
2012-03-19 20:42:59 +00:00
public static function checkSSL () {
2011-09-18 18:57:05 +00:00
// redirect to https site if configured
if ( OC_Config :: getValue ( " forcessl " , false )){
2011-09-23 11:52:10 +00:00
ini_set ( " session.cookie_secure " , " on " );
2012-06-01 09:06:49 +00:00
if ( OC_Helper :: serverProtocol () <> 'https' ) {
$url = " https:// " . OC_Helper :: serverHost () . $_SERVER [ 'REQUEST_URI' ];
header ( " Location: $url " );
exit ();
2011-09-18 18:57:05 +00:00
}
}
2012-03-19 20:42:59 +00:00
}
2010-03-10 12:03:40 +00:00
2012-03-19 20:42:59 +00:00
public static function checkUpgrade () {
2012-01-08 12:01:41 +00:00
if ( OC_Config :: getValue ( 'installed' , false )){
$installedVersion = OC_Config :: getValue ( 'version' , '0.0.0' );
$currentVersion = implode ( '.' , OC_Util :: getVersion ());
if ( version_compare ( $currentVersion , $installedVersion , '>' )) {
2012-05-18 23:55:20 +00:00
OC_Log :: write ( 'core' , 'starting upgrade from ' . $installedVersion . ' to ' . $currentVersion , OC_Log :: DEBUG );
2012-01-16 00:13:54 +00:00
$result = OC_DB :: updateDbFromStructure ( OC :: $SERVERROOT . '/db_structure.xml' );
if ( ! $result ){
echo 'Error while upgrading the database' ;
die ();
}
2012-02-17 21:01:53 +00:00
if ( file_exists ( OC :: $SERVERROOT . " /config/config.php " ) and ! is_writable ( OC :: $SERVERROOT . " /config/config.php " )) {
$tmpl = new OC_Template ( '' , 'error' , 'guest' );
$tmpl -> assign ( 'errors' , array ( 1 => array ( 'error' => " Can't write into config directory 'config' " , 'hint' => " You can usually fix this by giving the webserver user write access to the config directory in owncloud " )));
$tmpl -> printPage ();
exit ;
}
2012-01-08 12:01:41 +00:00
OC_Config :: setValue ( 'version' , implode ( '.' , OC_Util :: getVersion ()));
}
2011-11-13 15:16:21 +00:00
2012-01-08 12:01:41 +00:00
OC_App :: updateApps ();
}
2012-03-19 20:42:59 +00:00
}
2012-03-30 21:31:05 +00:00
public static function initTemplateEngine () {
// if the formfactor is not yet autodetected do the autodetection now. For possible forfactors check the detectFormfactor documentation
if ( ! isset ( $_SESSION [ 'formfactor' ])){
$_SESSION [ 'formfactor' ] = OC :: detectFormfactor ();
}
// allow manual override via GET parameter
if ( isset ( $_GET [ 'formfactor' ])){
$_SESSION [ 'formfactor' ] = $_GET [ 'formfactor' ];
}
// Add the stuff we need always
2012-05-11 21:20:27 +00:00
OC_Util :: addScript ( " jquery-1.7.2.min " );
2012-03-30 21:31:05 +00:00
OC_Util :: addScript ( " jquery-ui-1.8.16.custom.min " );
OC_Util :: addScript ( " jquery-showpassword " );
OC_Util :: addScript ( " jquery.infieldlabel.min " );
OC_Util :: addScript ( " jquery-tipsy " );
OC_Util :: addScript ( " oc-dialogs " );
OC_Util :: addScript ( " js " );
OC_Util :: addScript ( " eventsource " );
OC_Util :: addScript ( " config " );
//OC_Util::addScript( "multiselect" );
OC_Util :: addScript ( 'search' , 'result' );
OC_Util :: addStyle ( " styles " );
OC_Util :: addStyle ( " multiselect " );
OC_Util :: addStyle ( " jquery-ui-1.8.16.custom " );
OC_Util :: addStyle ( " jquery-tipsy " );
}
public static function initSession () {
ini_set ( 'session.cookie_httponly' , '1;' );
session_start ();
}
2012-04-18 06:20:51 +00:00
public static function loadapp (){
2012-04-26 15:55:00 +00:00
if ( file_exists ( OC :: $APPSROOT . '/apps/' . OC :: $REQUESTEDAPP . '/index.php' )){
2012-04-18 06:20:51 +00:00
require_once ( OC :: $APPSROOT . '/apps/' . OC :: $REQUESTEDAPP . '/index.php' );
2012-04-19 14:44:49 +00:00
} else {
2012-04-26 12:52:55 +00:00
trigger_error ( 'The requested App was not found.' , E_USER_ERROR ); //load default app instead?
2012-04-19 14:44:49 +00:00
}
}
public static function loadfile (){
if ( file_exists ( OC :: $APPSROOT . '/apps/' . OC :: $REQUESTEDAPP . '/' . OC :: $REQUESTEDFILE )){
2012-04-26 12:52:55 +00:00
if ( substr ( OC :: $REQUESTEDFILE , - 3 ) == 'css' ){
$appswebroot = ( string ) OC :: $APPSWEBROOT ;
$webroot = ( string ) OC :: $WEBROOT ;
2012-05-11 18:33:49 +00:00
$filepath = OC :: $APPSROOT . '/apps/' . OC :: $REQUESTEDAPP . '/' . OC :: $REQUESTEDFILE ;
2012-04-26 12:52:55 +00:00
header ( 'Content-Type: text/css' );
2012-05-11 18:33:49 +00:00
OC_Response :: enableCaching ();
OC_Response :: setLastModifiedHeader ( filemtime ( $filepath ));
2012-05-11 22:31:42 +00:00
$cssfile = file_get_contents ( $filepath );
$cssfile = str_replace ( '%appswebroot%' , $appswebroot , $cssfile );
$cssfile = str_replace ( '%webroot%' , $webroot , $cssfile );
2012-05-11 18:33:49 +00:00
OC_Response :: setETagHeader ( md5 ( $cssfile ));
header ( 'Content-Length: ' . strlen ( $cssfile ));
2012-04-26 12:52:55 +00:00
echo $cssfile ;
exit ;
} elseif ( substr ( OC :: $REQUESTEDFILE , - 3 ) == 'php' ){
require_once ( OC :: $APPSROOT . '/apps/' . OC :: $REQUESTEDAPP . '/' . OC :: $REQUESTEDFILE );
}
2012-04-19 14:44:49 +00:00
} else {
2012-04-25 08:17:20 +00:00
header ( 'HTTP/1.0 404 Not Found' );
exit ;
2012-04-18 06:20:51 +00:00
}
}
2012-03-30 21:31:05 +00:00
2012-03-19 20:42:59 +00:00
public static function init (){
// register autoloader
spl_autoload_register ( array ( 'OC' , 'autoload' ));
2012-04-08 01:30:06 +00:00
setlocale ( LC_ALL , 'en_US.UTF-8' );
2012-03-23 17:52:41 +00:00
2012-03-19 20:42:59 +00:00
// set some stuff
//ob_start();
error_reporting ( E_ALL | E_STRICT );
if ( defined ( 'DEBUG' ) && DEBUG ){
ini_set ( 'display_errors' , 1 );
}
2012-05-23 22:47:03 +00:00
date_default_timezone_set ( 'UTC' );
2012-03-19 20:42:59 +00:00
ini_set ( 'arg_separator.output' , '&' );
2012-06-01 10:42:50 +00:00
// try to switch magic quotes off.
if ( function_exists ( 'set_magic_quotes_runtime' )) {
@ set_magic_quotes_runtime ( false );
}
2012-04-01 15:02:32 +00:00
//try to configure php to enable big file uploads.
//this doesn´ t work always depending on the webserver and php configuration.
//Let´ s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@ set_time_limit ( 3600 );
@ ini_set ( 'max_execution_time' , 3600 );
@ ini_set ( 'max_input_time' , 3600 );
//try to set the maximum filesize to 10G
@ ini_set ( 'upload_max_filesize' , '10G' );
@ ini_set ( 'post_max_size' , '10G' );
@ ini_set ( 'file_uploads' , '50' );
//try to set the session lifetime to 60min
@ ini_set ( 'gc_maxlifetime' , '3600' );
2012-03-19 20:42:59 +00:00
//set http auth headers for apache+php-cgi work around
if ( isset ( $_SERVER [ 'HTTP_AUTHORIZATION' ]) && preg_match ( '/Basic\s+(.*)$/i' , $_SERVER [ 'HTTP_AUTHORIZATION' ], $matches ))
{
list ( $name , $password ) = explode ( ':' , base64_decode ( $matches [ 1 ]));
$_SERVER [ 'PHP_AUTH_USER' ] = strip_tags ( $name );
$_SERVER [ 'PHP_AUTH_PW' ] = strip_tags ( $password );
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if ( isset ( $_SERVER [ 'REDIRECT_HTTP_AUTHORIZATION' ]) && preg_match ( '/Basic\s+(.*)$/i' , $_SERVER [ 'REDIRECT_HTTP_AUTHORIZATION' ], $matches ))
{
list ( $name , $password ) = explode ( ':' , base64_decode ( $matches [ 1 ]));
$_SERVER [ 'PHP_AUTH_USER' ] = strip_tags ( $name );
$_SERVER [ 'PHP_AUTH_PW' ] = strip_tags ( $password );
}
2012-03-23 17:52:41 +00:00
self :: initPaths ();
2012-03-19 20:42:59 +00:00
// register the stream wrappers
require_once ( 'streamwrappers.php' );
stream_wrapper_register ( " fakedir " , " OC_FakeDirStream " );
stream_wrapper_register ( 'static' , 'OC_StaticStreamWrapper' );
stream_wrapper_register ( 'close' , 'OC_CloseStreamWrapper' );
self :: checkInstalled ();
self :: checkSSL ();
2011-12-11 21:08:01 +00:00
2012-04-26 23:18:21 +00:00
// CSRF protection
if ( isset ( $_SERVER [ 'HTTP_REFERER' ])) $referer = $_SERVER [ 'HTTP_REFERER' ]; else $referer = '' ;
2012-06-01 09:06:49 +00:00
$protocol = OC_Helper :: serverProtocol () . '://' ;
$server = $protocol . OC_Helper :: serverHost ();
2012-04-26 23:18:21 +00:00
if (( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' ) and ( substr ( $referer , 0 , strlen ( $server )) <> $server )) {
2012-06-01 09:06:49 +00:00
$url = $protocol . OC_Helper :: serverProtocol () . OC :: $WEBROOT . '/index.php' ;
2012-04-26 23:18:21 +00:00
header ( " Location: $url " );
exit ();
}
2012-03-30 21:31:05 +00:00
self :: initSession ();
self :: initTemplateEngine ();
2012-03-30 21:33:36 +00:00
self :: checkUpgrade ();
2011-09-18 18:57:05 +00:00
$errors = OC_Util :: checkServer ();
if ( count ( $errors ) > 0 ) {
OC_Template :: printGuestPage ( '' , 'error' , array ( 'errors' => $errors ));
exit ;
}
2011-08-06 21:19:00 +00:00
2011-09-18 18:57:05 +00:00
// TODO: we should get rid of this one, too
// WARNING: to make everything even more confusing,
// DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT
// stays the same, but is set by "datadirectory".
// Any questions?
OC :: $CONFIG_DATADIRECTORY = OC_Config :: getValue ( " datadirectory " , OC :: $SERVERROOT . " /data " );
2011-04-16 13:47:27 +00:00
2011-09-18 18:57:05 +00:00
// User and Groups
if ( ! OC_Config :: getValue ( " installed " , false )){
$_SESSION [ 'user_id' ] = '' ;
}
2012-03-01 17:44:26 +00:00
2011-07-30 22:23:06 +00:00
2011-09-18 18:57:05 +00:00
OC_User :: useBackend ( OC_Config :: getValue ( " userbackend " , " database " ));
2012-04-12 23:58:53 +00:00
OC_Group :: useBackend ( new OC_Group_Database ());
2011-07-30 22:23:06 +00:00
2011-09-18 18:57:05 +00:00
// Set up file system unless forbidden
global $RUNTIME_NOSETUPFS ;
if ( ! $RUNTIME_NOSETUPFS ){
OC_Util :: setupFS ();
}
2011-07-27 18:04:42 +00:00
2011-10-18 19:19:13 +00:00
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS ;
2012-03-30 12:39:07 +00:00
global $RUNTIME_APPTYPES ;
2011-10-18 19:19:13 +00:00
if ( ! $RUNTIME_NOAPPS ){
2012-03-30 12:39:07 +00:00
if ( $RUNTIME_APPTYPES ){
OC_App :: loadApps ( $RUNTIME_APPTYPES );
} else {
OC_App :: loadApps ();
}
2011-10-18 19:19:13 +00:00
}
2012-04-03 22:31:34 +00:00
// Check for blacklisted files
OC_Hook :: connect ( 'OC_Filesystem' , 'write' , 'OC_Filesystem' , 'isBlacklisted' );
2011-10-18 19:19:13 +00:00
2012-02-28 10:16:19 +00:00
//make sure temporary files are cleaned up
register_shutdown_function ( array ( 'OC_Helper' , 'cleanTmp' ));
2012-04-18 06:20:51 +00:00
2012-04-26 19:56:29 +00:00
//parse the given parameters
2012-05-29 16:31:47 +00:00
self :: $REQUESTEDAPP = ( isset ( $_GET [ 'app' ]) ? str_replace ( array ( '\0' , '/' , '\\' , '..' ), '' , strip_tags ( $_GET [ 'app' ])) : OC_Config :: getValue ( 'defaultapp' , 'files' ));
2012-04-27 20:22:03 +00:00
if ( substr_count ( self :: $REQUESTEDAPP , '?' ) != 0 ){
$app = substr ( self :: $REQUESTEDAPP , 0 , strpos ( self :: $REQUESTEDAPP , '?' ));
$param = substr ( self :: $REQUESTEDAPP , strpos ( self :: $REQUESTEDAPP , '?' ) + 1 );
parse_str ( $param , $get );
$_GET = array_merge ( $_GET , $get );
self :: $REQUESTEDAPP = $app ;
$_GET [ 'app' ] = $app ;
}
2012-04-26 15:55:00 +00:00
self :: $REQUESTEDFILE = ( isset ( $_GET [ 'getfile' ]) ? $_GET [ 'getfile' ] : null );
2012-04-19 20:25:21 +00:00
if ( substr_count ( self :: $REQUESTEDFILE , '?' ) != 0 ){
2012-04-23 15:09:28 +00:00
$file = substr ( self :: $REQUESTEDFILE , 0 , strpos ( self :: $REQUESTEDFILE , '?' ));
$param = substr ( self :: $REQUESTEDFILE , strpos ( self :: $REQUESTEDFILE , '?' ) + 1 );
2012-04-23 18:11:21 +00:00
parse_str ( $param , $get );
$_GET = array_merge ( $_GET , $get );
2012-04-23 15:09:28 +00:00
self :: $REQUESTEDFILE = $file ;
$_GET [ 'getfile' ] = $file ;
2012-04-19 20:25:21 +00:00
}
2012-04-26 15:55:00 +00:00
if ( ! is_null ( self :: $REQUESTEDFILE )){
2012-05-07 11:20:43 +00:00
$subdir = OC :: $APPSROOT . '/apps/' . self :: $REQUESTEDAPP . '/' . self :: $REQUESTEDFILE ;
$parent = OC :: $APPSROOT . '/apps/' . self :: $REQUESTEDAPP ;
2012-04-26 15:55:00 +00:00
if ( ! OC_Helper :: issubdirectory ( $subdir , $parent )){
self :: $REQUESTEDFILE = null ;
2012-04-26 16:08:49 +00:00
header ( 'HTTP/1.0 404 Not Found' );
2012-04-26 15:55:00 +00:00
exit ;
}
}
2011-09-18 18:57:05 +00:00
}
2011-03-02 21:18:22 +00:00
}
2010-03-10 12:03:40 +00:00
2011-09-18 18:57:05 +00:00
// define runtime variables - unless this already has been done
if ( ! isset ( $RUNTIME_NOSETUPFS )){
$RUNTIME_NOSETUPFS = false ;
2011-08-06 21:31:38 +00:00
}
2011-09-18 18:57:05 +00:00
if ( ! isset ( $RUNTIME_NOAPPS )){
$RUNTIME_NOAPPS = false ;
2011-07-29 19:03:53 +00:00
}
2011-10-19 21:38:35 +00:00
if ( ! function_exists ( 'get_temp_dir' )) {
function get_temp_dir () {
if ( $temp = ini_get ( 'upload_tmp_dir' ) ) return $temp ;
if ( $temp = getenv ( 'TMP' ) ) return $temp ;
if ( $temp = getenv ( 'TEMP' ) ) return $temp ;
if ( $temp = getenv ( 'TMPDIR' ) ) return $temp ;
$temp = tempnam ( __FILE__ , '' );
if ( file_exists ( $temp )) {
unlink ( $temp );
return dirname ( $temp );
}
2011-11-22 00:48:08 +00:00
if ( $temp = sys_get_temp_dir ()) return $temp ;
2011-10-19 21:38:35 +00:00
return null ;
}
2011-07-29 19:03:53 +00:00
}
2011-11-13 15:16:21 +00:00
OC :: init ();