nextcloud/lib/json.php

<?php
/**
 * Copyright (c) 2011 Bart Visscher <bartv@thisnet.nl>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */

class OC_JSON{
	static protected $send_content_type_header = false;
	/**
	 * set Content-Type header to jsonrequest
	 */
	public static function setContentTypeHeader($type='application/json'){
		if (!self::$send_content_type_header){
			// We send json data
			header( 'Content-Type: '.$type );
			self::$send_content_type_header = true;
		}
	}

	/**
	* Check if the app is enabled, send json error msg if not
	*/
	public static function checkAppEnabled($app){
		if( !OC_App::isEnabled($app)){
			$l = OC_L10N::get('core');
			self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled') )));
			exit();
		}
	}

	/**
	* Check if the user is logged in, send json error msg if not
	*/
	public static function checkLoggedIn(){
		if( !OC_User::isLoggedIn()){
			$l = OC_L10N::get('core');
			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
			exit();
		}
	}

	/**
	 * @brief Check an ajax get/post call if the request token is valid.
	 * @return json Error msg if not valid.
	 */
	public static function callCheck(){
		if( !OC_Util::isCallRegistered()){
			$l = OC_L10N::get('core');
			self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') )));
			exit();
		}
	}
        
	/**
	* Check if the user is a admin, send json error msg if not
	*/
	public static function checkAdminUser(){
		self::checkLoggedIn();
		if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )){
			$l = OC_L10N::get('core');
			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
			exit();
		}
	}

	/**
	* Send json error msg
	*/
	public static function error($data = array()){
		$data['status'] = 'error';
		self::encodedPrint($data);
	}

	/**
	* Send json success msg
	*/
	public static function success($data = array()){
		$data['status'] = 'success';
		self::encodedPrint($data);
	}

	/**
	 * Convert OC_L10N_String to string, for use in json encodings
	 */
	protected static function to_string(&$value){
		if ($value instanceof OC_L10N_String) {
			$value = (string)$value;
		}
	}

	/**
	* Encode and print $data in json format
	*/
	public static function encodedPrint($data,$setContentType=true){
			// Disable mimesniffing, don't move this to setContentTypeHeader!
			header( 'X-Content-Type-Options: nosniff' );
			if($setContentType){
				self::setContentTypeHeader();
			}
			array_walk_recursive($data, array('OC_JSON', 'to_string'));
			echo json_encode($data);
	}
}
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`<?php`
			`/**`
			`* Copyright (c) 2011 Bart Visscher <bartv@thisnet.nl>`
			`* This file is licensed under the Affero General Public License version 3 or`
			`* later.`
			`* See the COPYING-README file.`
			`*/`

			`class OC_JSON{`
			`static protected $send_content_type_header = false;`
			`/**`
			`* set Content-Type header to jsonrequest`
			`*/`
Change json content-type to correct IANA type 2011-09-29 01:16:31 +04:00			`public static function setContentTypeHeader($type='application/json'){`
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`if (!self::$send_content_type_header){`
			`// We send json data`
			`header( 'Content-Type: '.$type );`
			`self::$send_content_type_header = true;`
			`}`
			`}`

Check if the application is actually enabled 2011-10-01 01:05:10 +04:00			`/**`
			`* Check if the app is enabled, send json error msg if not`
			`*/`
			`public static function checkAppEnabled($app){`
			`if( !OC_App::isEnabled($app)){`
reuse OC_L10N objects 2012-04-14 18:44:15 +04:00			`$l = OC_L10N::get('core');`
Check if the application is actually enabled 2011-10-01 01:05:10 +04:00			`self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled') )));`
			`exit();`
			`}`
			`}`

Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`/**`
			`* Check if the user is logged in, send json error msg if not`
			`*/`
			`public static function checkLoggedIn(){`
			`if( !OC_User::isLoggedIn()){`
reuse OC_L10N objects 2012-04-14 18:44:15 +04:00			`$l = OC_L10N::get('core');`
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));`
			`exit();`
			`}`
			`}`

Added JSON methods for CSRF prevention. Make request token accessible from template and add js var. 2012-06-13 19:33:19 +04:00			`/**`
			`* @brief Check an ajax get/post call if the request token is valid.`
			`* @return json Error msg if not valid.`
			`*/`
			`public static function callCheck(){`
			`if( !OC_Util::isCallRegistered()){`
			`$l = OC_L10N::get('core');`
			`self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') )));`
			`exit();`
			`}`
			`}`

Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`/**`
			`* Check if the user is a admin, send json error msg if not`
			`*/`
			`public static function checkAdminUser(){`
			`self::checkLoggedIn();`
			`if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )){`
reuse OC_L10N objects 2012-04-14 18:44:15 +04:00			`$l = OC_L10N::get('core');`
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));`
			`exit();`
			`}`
			`}`

			`/**`
			`* Send json error msg`
			`*/`
			`public static function error($data = array()){`
			`$data['status'] = 'error';`
			`self::encodedPrint($data);`
			`}`

			`/**`
			`* Send json success msg`
			`*/`
			`public static function success($data = array()){`
			`$data['status'] = 'success';`
			`self::encodedPrint($data);`
			`}`

Convert OC_L10N_String to a string in OC_JSON::encodedPrint 2012-06-22 10:43:58 +04:00			`/**`
			`* Convert OC_L10N_String to string, for use in json encodings`
			`*/`
			`protected static function to_string(&$value){`
			`if ($value instanceof OC_L10N_String) {`
			`$value = (string)$value;`
			`}`
			`}`

Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`/**`
			`* Encode and print $data in json format`
			`*/`
dont set content type to json for Apps 2011-09-26 02:19:34 +04:00			`public static function encodedPrint($data,$setContentType=true){`
Disable mimesniffing 2012-07-01 15:45:20 +04:00			`// Disable mimesniffing, don't move this to setContentTypeHeader!`
			`header( 'X-Content-Type-Options: nosniff' );`
Prevent XSS exploit by checking if path-info is set, thanks to Lukas Reschke 2012-05-10 18:26:12 +04:00			`if($setContentType){`
			`self::setContentTypeHeader();`
			`}`
Convert OC_L10N_String to a string in OC_JSON::encodedPrint 2012-06-22 10:43:58 +04:00			`array_walk_recursive($data, array('OC_JSON', 'to_string'));`
Prevent XSS exploit by checking if path-info is set, thanks to Lukas Reschke 2012-05-10 18:26:12 +04:00			`echo json_encode($data);`
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`}`
			`}`