nextcloud/core/ajax/appconfig.php

<?php
/**
 * Copyright (c) 2011, Robin Appelman <icewind1991@gmail.com>
 * This file is licensed under the Affero General Public License version 3 or later.
 * See the COPYING-README file.
 */

OC_Util::checkAdminUser();
OCP\JSON::callCheck();

$action=isset($_POST['action'])?$_POST['action']:$_GET['action'];

if(isset($_POST['app']) || isset($_GET['app'])) {
	$app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']);
}

// An admin should not be able to add remote and public services
// on its own. This should only be possible programmatically.
// This change is due the fact that an admin may not be expected 
// to execute arbitrary code in every environment.
if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' || substr($_POST['key'],0,7) === 'public_')) {
	OC_JSON::error(array('data' => array('message' => 'Unexpected error!')));
	return;
}

$result=false;
$appConfig = \OC::$server->getAppConfig();
switch($action) {
	case 'getValue':
		$result=$appConfig->getValue($app, $_GET['key'], $_GET['defaultValue']);
		break;
	case 'setValue':
		$result=$appConfig->setValue($app, $_POST['key'], $_POST['value']);
		break;
	case 'getApps':
		$result=$appConfig->getApps();
		break;
	case 'getKeys':
		$result=$appConfig->getKeys($app);
		break;
	case 'hasKey':
		$result=$appConfig->hasKey($app, $_GET['key']);
		break;
	case 'deleteKey':
		$result=$appConfig->deleteKey($app, $_POST['key']);
		break;
	case 'deleteApp':
		$result=$appConfig->deleteApp($app);
		break;
}
OC_JSON::success(array('data'=>$result));
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`<?php`
			`/**`
			`* Copyright (c) 2011, Robin Appelman <icewind1991@gmail.com>`
			`* This file is licensed under the Affero General Public License version 3 or later.`
			`* See the COPYING-README file.`
			`*/`

Check for admin user 2012-07-26 02:06:51 +04:00			`OC_Util::checkAdminUser();`
Added XSRF check 2012-08-10 02:11:04 +04:00			`OCP\JSON::callCheck();`
Updated style 2012-07-26 03:38:20 +04:00
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`$action=isset($_POST['action'])?$_POST['action']:$_GET['action'];`
Check whether the app is set 2014-02-18 17:12:49 +04:00
			`if(isset($_POST['app']) \|\| isset($_GET['app'])) {`
			`$app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']);`
			`}`
An admin should not be able to add remote and public services on its own. This should only be possible programmatically. This change is due the fact that an admin may not be expected to execute arbitrary code in every environment. 2014-02-18 15:32:57 +04:00
			`// An admin should not be able to add remote and public services`
			`// on its own. This should only be possible programmatically.`
			`// This change is due the fact that an admin may not be expected`
			`// to execute arbitrary code in every environment.`
Check whether the Key is set 2014-02-18 15:47:05 +04:00			`if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' \|\| substr($_POST['key'],0,7) === 'public_')) {`
An admin should not be able to add remote and public services on its own. This should only be possible programmatically. This change is due the fact that an admin may not be expected to execute arbitrary code in every environment. 2014-02-18 15:32:57 +04:00			`OC_JSON::error(array('data' => array('message' => 'Unexpected error!')));`
			`return;`
			`}`

add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`$result=false;`
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server 2014-10-17 14:08:31 +04:00			`$appConfig = \OC::$server->getAppConfig();`
adding space between) and { 2012-09-07 17:22:01 +04:00			`switch($action) {`
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`case 'getValue':`
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server 2014-10-17 14:08:31 +04:00			`$result=$appConfig->getValue($app, $_GET['key'], $_GET['defaultValue']);`
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`break;`
			`case 'setValue':`
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server 2014-10-17 14:08:31 +04:00			`$result=$appConfig->setValue($app, $_POST['key'], $_POST['value']);`
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`break;`
			`case 'getApps':`
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server 2014-10-17 14:08:31 +04:00			`$result=$appConfig->getApps();`
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`break;`
			`case 'getKeys':`
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server 2014-10-17 14:08:31 +04:00			`$result=$appConfig->getKeys($app);`
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`break;`
			`case 'hasKey':`
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server 2014-10-17 14:08:31 +04:00			`$result=$appConfig->hasKey($app, $_GET['key']);`
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`break;`
			`case 'deleteKey':`
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server 2014-10-17 14:08:31 +04:00			`$result=$appConfig->deleteKey($app, $_POST['key']);`
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`break;`
			`case 'deleteApp':`
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server 2014-10-17 14:08:31 +04:00			`$result=$appConfig->deleteApp($app);`
add javascript bindings for OC_AppConfig 2012-02-23 01:16:33 +04:00			`break;`
			`}`
			`OC_JSON::success(array('data'=>$result));`
An admin should not be able to add remote and public services on its own. This should only be possible programmatically. This change is due the fact that an admin may not be expected to execute arbitrary code in every environment. 2014-02-18 15:32:57 +04:00