2010-03-10 15:03:40 +03:00
< ? php
/**
2016-07-21 18:07:57 +03:00
* @ copyright Copyright ( c ) 2016 , ownCloud , Inc .
*
2015-03-26 13:44:34 +03:00
* @ author Adam Williamson < awilliam @ redhat . com >
* @ author Andreas Fischer < bantu @ owncloud . com >
2016-05-26 20:56:05 +03:00
* @ author Arthur Schiwon < blizzz @ arthur - schiwon . de >
2015-03-26 13:44:34 +03:00
* @ author Bart Visscher < bartv @ thisnet . nl >
* @ author Bernhard Posselt < dev @ bernhard - posselt . com >
2017-11-06 17:56:42 +03:00
* @ author Bjoern Schiessle < bjoern @ schiessle . org >
2016-05-26 20:56:05 +03:00
* @ author Björn Schießle < bjoern @ schiessle . org >
2019-12-03 21:57:53 +03:00
* @ author Christoph Wurst < christoph @ winzerhof - wurst . at >
2017-11-06 17:56:42 +03:00
* @ author Damjan Georgievski < gdamjan @ gmail . com >
2020-03-31 11:49:10 +03:00
* @ author Daniel Kesselberg < mail @ danielkesselberg . de >
2015-03-26 13:44:34 +03:00
* @ author davidgumberg < davidnoizgumberg @ gmail . com >
2019-12-03 21:57:53 +03:00
* @ author Eric Masseran < rico . masseran @ gmail . com >
2015-03-26 13:44:34 +03:00
* @ author Florin Peter < github @ florin - peter . de >
2019-12-03 21:57:53 +03:00
* @ author Greta Doci < gretadoci @ gmail . com >
2015-03-26 13:44:34 +03:00
* @ author Jakob Sack < mail @ jakobsack . de >
2019-12-03 21:57:53 +03:00
* @ author jaltek < jaltek @ mailbox . org >
2017-11-06 17:56:42 +03:00
* @ author Jan - Christoph Borchardt < hey @ jancborchardt . net >
2016-07-21 18:07:57 +03:00
* @ author Joachim Sokolowski < github @ sokolowski . org >
* @ author Joas Schilling < coding @ schilljs . com >
2017-11-06 17:56:42 +03:00
* @ author John Molakvoæ ( skjnldsv ) < skjnldsv @ protonmail . com >
2015-03-26 13:44:34 +03:00
* @ author Jörn Friedrich Dreyer < jfd @ butonic . de >
2020-03-31 11:49:10 +03:00
* @ author Jose Quinteiro < github @ quinteiro . org >
2019-12-03 21:57:53 +03:00
* @ author Juan Pablo Villafáñez < jvillafanez @ solidgear . es >
* @ author Julius Härtl < jus @ bitgrid . net >
2017-11-06 17:56:42 +03:00
* @ author Ko - < k . stoffelen @ cs . ru . nl >
2016-05-26 20:56:05 +03:00
* @ author Lukas Reschke < lukas @ statuscode . ch >
2019-12-03 21:57:53 +03:00
* @ author MartB < mart . b @ outlook . de >
2015-03-26 13:44:34 +03:00
* @ author Michael Gapczynski < GapczynskiM @ gmail . com >
* @ author Morris Jobke < hey @ morrisjobke . de >
* @ author Owen Winkler < a_github @ midnightcircus . com >
2015-10-05 21:54:56 +03:00
* @ author Phil Davis < phil . davis @ inf . org >
2015-03-26 13:44:34 +03:00
* @ author Ramiro Aparicio < rapariciog @ gmail . com >
2016-07-21 19:13:36 +03:00
* @ author Robin Appelman < robin @ icewind . nl >
2016-01-12 17:02:16 +03:00
* @ author Robin McCorkell < robin @ mccorkell . me . uk >
2016-07-21 18:07:57 +03:00
* @ author Roeland Jago Douma < roeland @ famdouma . nl >
2017-11-06 17:56:42 +03:00
* @ author Sebastian Wessalowski < sebastian @ wessalowski . org >
2016-05-26 20:56:05 +03:00
* @ author Stefan Weil < sw @ weilnetz . de >
2015-03-26 13:44:34 +03:00
* @ author Thomas Müller < thomas . mueller @ tmit . eu >
* @ author Thomas Tanghus < thomas @ tanghus . net >
2019-12-03 21:57:53 +03:00
* @ author Tobia De Koninck < tobia @ ledfan . be >
2020-12-16 16:54:15 +03:00
* @ author Vincent Petry < vincent @ nextcloud . com >
2015-03-26 13:44:34 +03:00
* @ author Volkan Gezer < volkangezer @ gmail . com >
2011-04-15 21:24:23 +04:00
*
2015-03-26 13:44:34 +03:00
* @ license AGPL - 3.0
2011-04-15 21:24:23 +04:00
*
2015-03-26 13:44:34 +03:00
* This code is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License , version 3 ,
* as published by the Free Software Foundation .
2011-04-15 21:24:23 +04:00
*
2015-03-26 13:44:34 +03:00
* This program is distributed in the hope that it will be useful ,
2011-04-15 21:24:23 +04:00
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
2015-03-26 13:44:34 +03:00
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
2014-04-27 18:41:09 +04:00
*
2015-03-26 13:44:34 +03:00
* You should have received a copy of the GNU Affero General Public License , version 3 ,
2019-12-03 21:57:53 +03:00
* along with this program . If not , see < http :// www . gnu . org / licenses />
2011-04-15 21:24:23 +04:00
*
*/
2015-02-26 13:37:37 +03:00
2020-07-07 22:17:25 +03:00
use OCP\EventDispatcher\IEventDispatcher ;
2020-07-27 13:12:11 +03:00
use OCP\Group\Events\UserRemovedEvent ;
2018-04-25 16:22:28 +03:00
use OCP\ILogger ;
2018-01-26 01:16:13 +03:00
use OCP\Share ;
use OC\Encryption\HookManager ;
use OC\Files\Filesystem ;
use OC\Share20\Hooks ;
2016-05-19 09:00:09 +03:00
require_once 'public/Constants.php' ;
2012-11-11 18:52:23 +04:00
2011-08-02 20:31:42 +04:00
/**
* Class that is a namespace for all global OC variables
2011-08-06 13:36:56 +04:00
* No , we can not put this class in its own file because it is used by
* OC_autoload !
2011-08-02 20:31:42 +04:00
*/
2013-01-31 01:55:33 +04:00
class OC {
2013-01-14 23:30:28 +04:00
/**
2013-01-18 22:52:29 +04:00
* Associative array for autoloading . classname => filename
2013-01-14 23:30:28 +04:00
*/
2020-03-26 11:30:18 +03:00
public static $CLASSPATH = [];
2013-01-14 23:30:28 +04:00
/**
2016-06-22 09:41:10 +03:00
* The installation path for Nextcloud on the server ( e . g . / srv / http / nextcloud )
2013-01-14 23:30:28 +04:00
*/
public static $SERVERROOT = '' ;
/**
2016-06-22 09:41:10 +03:00
* the current request path relative to the Nextcloud root ( e . g . files / index . php )
2013-01-14 23:30:28 +04:00
*/
private static $SUBURI = '' ;
/**
2016-06-22 09:41:10 +03:00
* the Nextcloud root path for http requests ( e . g . nextcloud / )
2013-01-14 23:30:28 +04:00
*/
public static $WEBROOT = '' ;
/**
2016-06-22 09:41:10 +03:00
* The installation path array of the apps folder on the server ( e . g . / srv / http / nextcloud ) 'path' and
2013-01-14 23:30:28 +04:00
* web path in 'url'
*/
2020-03-26 11:30:18 +03:00
public static $APPSROOTS = [];
2014-01-17 17:40:48 +04:00
2016-04-14 18:59:49 +03:00
/**
* @ var string
*/
2014-01-17 17:40:48 +04:00
public static $configDir ;
2014-05-10 16:00:22 +04:00
/**
2013-01-14 23:30:28 +04:00
* requested app
*/
public static $REQUESTEDAPP = '' ;
2014-05-10 16:00:22 +04:00
2013-01-14 23:30:28 +04:00
/**
2016-06-22 09:41:10 +03:00
* check if Nextcloud runs in cli mode
2013-01-14 23:30:28 +04:00
*/
public static $CLI = false ;
2013-10-07 02:32:08 +04:00
2013-01-14 23:30:28 +04:00
/**
2013-05-08 00:16:02 +04:00
* @ var \OC\Autoloader $loader
2013-01-14 23:30:28 +04:00
*/
2013-05-08 00:16:02 +04:00
public static $loader = null ;
2013-01-14 23:30:28 +04:00
2016-05-02 15:10:53 +03:00
/** @var \Composer\Autoload\ClassLoader $composerAutoloader */
public static $composerAutoloader = null ;
2013-08-21 02:58:15 +04:00
/**
* @ var \OC\Server
*/
public static $server = null ;
2015-12-18 12:33:30 +03:00
/**
* @ var \OC\Config
*/
2015-12-18 13:42:09 +03:00
private static $config = null ;
2015-12-18 12:33:30 +03:00
2015-03-18 13:48:51 +03:00
/**
* @ throws \RuntimeException when the 3 rdparty directory is missing or
* the app path list is empty or contains an invalid path
*/
2013-01-31 01:55:33 +04:00
public static function initPaths () {
2020-04-10 15:19:56 +03:00
if ( defined ( 'PHPUNIT_CONFIG_DIR' )) {
2014-03-13 16:33:09 +04:00
self :: $configDir = OC :: $SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/' ;
2020-04-10 15:19:56 +03:00
} elseif ( defined ( 'PHPUNIT_RUN' ) and PHPUNIT_RUN and is_dir ( OC :: $SERVERROOT . '/tests/config/' )) {
2014-01-20 16:41:52 +04:00
self :: $configDir = OC :: $SERVERROOT . '/tests/config/' ;
2020-04-10 15:19:56 +03:00
} elseif ( $dir = getenv ( 'NEXTCLOUD_CONFIG_DIR' )) {
2016-07-29 18:47:39 +03:00
self :: $configDir = rtrim ( $dir , '/' ) . '/' ;
2014-01-17 17:40:48 +04:00
} else {
self :: $configDir = OC :: $SERVERROOT . '/config/' ;
}
2015-12-18 12:33:30 +03:00
self :: $config = new \OC\Config ( self :: $configDir );
2014-01-17 17:40:48 +04:00
2013-01-14 23:30:28 +04:00
OC :: $SUBURI = str_replace ( " \\ " , " / " , substr ( realpath ( $_SERVER [ " SCRIPT_FILENAME " ]), strlen ( OC :: $SERVERROOT )));
2015-10-21 18:33:49 +03:00
/**
2017-05-15 15:33:27 +03:00
* FIXME : The following lines are required because we can ' t yet instantiate
2015-10-21 18:33:49 +03:00
* \OC :: $server -> getRequest () since \OC :: $server does not yet exist .
*/
$params = [
'server' => [
'SCRIPT_NAME' => $_SERVER [ 'SCRIPT_NAME' ],
'SCRIPT_FILENAME' => $_SERVER [ 'SCRIPT_FILENAME' ],
],
];
2020-12-10 11:37:38 +03:00
$fakeRequest = new \OC\AppFramework\Http\Request ( $params , new \OC\Security\SecureRandom (), new \OC\AllConfig ( new \OC\SystemConfig ( self :: $config )));
2015-10-21 18:33:49 +03:00
$scriptName = $fakeRequest -> getScriptName ();
2013-01-14 23:30:28 +04:00
if ( substr ( $scriptName , - 1 ) == '/' ) {
$scriptName .= 'index.php' ;
//make sure suburi follows the same rules as scriptName
if ( substr ( OC :: $SUBURI , - 9 ) != 'index.php' ) {
if ( substr ( OC :: $SUBURI , - 1 ) != '/' ) {
OC :: $SUBURI = OC :: $SUBURI . '/' ;
}
OC :: $SUBURI = OC :: $SUBURI . 'index.php' ;
}
}
2015-10-21 18:33:49 +03:00
2015-02-23 23:49:35 +03:00
if ( OC :: $CLI ) {
2015-12-18 13:42:09 +03:00
OC :: $WEBROOT = self :: $config -> getValue ( 'overwritewebroot' , '' );
2015-02-23 23:49:35 +03:00
} else {
if ( substr ( $scriptName , 0 - strlen ( OC :: $SUBURI )) === OC :: $SUBURI ) {
OC :: $WEBROOT = substr ( $scriptName , 0 , 0 - strlen ( OC :: $SUBURI ));
2013-01-14 23:30:28 +04:00
2015-02-23 23:49:35 +03:00
if ( OC :: $WEBROOT != '' && OC :: $WEBROOT [ 0 ] !== '/' ) {
OC :: $WEBROOT = '/' . OC :: $WEBROOT ;
}
} else {
// The scriptName is not ending with OC::$SUBURI
// This most likely means that we are calling from CLI.
// However some cron jobs still need to generate
// a web URL, so we use overwritewebroot as a fallback.
2015-12-18 13:42:09 +03:00
OC :: $WEBROOT = self :: $config -> getValue ( 'overwritewebroot' , '' );
2014-07-07 17:01:02 +04:00
}
2013-01-14 23:30:28 +04:00
2016-06-22 09:41:10 +03:00
// Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing
2015-12-02 13:49:33 +03:00
// slash which is required by URL generation.
2017-05-15 15:33:27 +03:00
if ( isset ( $_SERVER [ 'REQUEST_URI' ]) && $_SERVER [ 'REQUEST_URI' ] === \OC :: $WEBROOT &&
2015-12-02 13:49:33 +03:00
substr ( $_SERVER [ 'REQUEST_URI' ], - 1 ) !== '/' ) {
header ( 'Location: ' . \OC :: $WEBROOT . '/' );
exit ();
}
2015-12-02 13:26:41 +03:00
}
2013-01-14 23:30:28 +04:00
// search the apps folder
2020-03-26 11:30:18 +03:00
$config_paths = self :: $config -> getValue ( 'apps_paths' , []);
2013-01-14 23:30:28 +04:00
if ( ! empty ( $config_paths )) {
foreach ( $config_paths as $paths ) {
if ( isset ( $paths [ 'url' ]) && isset ( $paths [ 'path' ])) {
$paths [ 'url' ] = rtrim ( $paths [ 'url' ], '/' );
$paths [ 'path' ] = rtrim ( $paths [ 'path' ], '/' );
OC :: $APPSROOTS [] = $paths ;
}
}
} elseif ( file_exists ( OC :: $SERVERROOT . '/apps' )) {
2020-03-26 11:30:18 +03:00
OC :: $APPSROOTS [] = [ 'path' => OC :: $SERVERROOT . '/apps' , 'url' => '/apps' , 'writable' => true ];
2013-01-14 23:30:28 +04:00
}
if ( empty ( OC :: $APPSROOTS )) {
2016-06-22 09:41:10 +03:00
throw new \RuntimeException ( 'apps directory not found! Please put the Nextcloud apps folder in the Nextcloud folder'
2021-01-20 23:22:39 +03:00
. '. You can also configure the location in the config.php file.' );
2013-01-14 23:30:28 +04:00
}
2020-03-26 11:30:18 +03:00
$paths = [];
2013-01-31 01:55:33 +04:00
foreach ( OC :: $APPSROOTS as $path ) {
2013-01-14 23:30:28 +04:00
$paths [] = $path [ 'path' ];
2015-03-18 13:48:51 +03:00
if ( ! is_dir ( $path [ 'path' ])) {
2016-06-22 09:41:10 +03:00
throw new \RuntimeException ( sprintf ( 'App directory "%s" not found! Please put the Nextcloud apps folder in the'
2021-01-20 23:22:39 +03:00
. ' Nextcloud folder. You can also configure the location in the config.php file.' , $path [ 'path' ]));
2015-03-18 13:48:51 +03:00
}
2013-01-31 01:55:33 +04:00
}
2013-01-14 23:30:28 +04:00
// set the right include path
set_include_path (
2016-10-25 00:37:05 +03:00
implode ( PATH_SEPARATOR , $paths )
2013-01-14 23:30:28 +04:00
);
}
2012-12-20 14:10:45 +04:00
2013-01-03 23:11:00 +04:00
public static function checkConfig () {
2014-08-31 12:05:59 +04:00
$l = \OC :: $server -> getL10N ( 'lib' );
2014-12-05 19:32:19 +03:00
2015-09-21 20:19:25 +03:00
// Create config if it does not already exist
2014-12-05 19:32:19 +03:00
$configFilePath = self :: $configDir . '/config.php' ;
2020-04-10 15:19:56 +03:00
if ( ! file_exists ( $configFilePath )) {
2014-12-05 19:32:19 +03:00
@ touch ( $configFilePath );
}
// Check if config is writable
$configFileWritable = is_writable ( $configFilePath );
2014-11-25 18:12:12 +03:00
if ( ! $configFileWritable && ! OC_Helper :: isReadOnlyConfigEnabled ()
2017-11-30 18:00:19 +03:00
|| ! $configFileWritable && \OCP\Util :: needUpgrade ()) {
2015-11-26 12:48:08 +03:00
$urlGenerator = \OC :: $server -> getURLGenerator ();
2013-11-25 16:04:23 +04:00
if ( self :: $CLI ) {
2014-05-29 03:21:54 +04:00
echo $l -> t ( 'Cannot write into "config" directory!' ) . " \n " ;
2021-05-27 16:37:39 +03:00
echo $l -> t ( 'This can usually be fixed by giving the webserver write access to the config directory.' ) . " \n " ;
2017-10-28 01:54:25 +03:00
echo " \n " ;
2021-05-27 16:37:39 +03:00
echo $l -> t ( 'But, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.' ) . " \n " ;
2017-10-28 01:54:25 +03:00
echo $l -> t ( 'See %s' , [ $urlGenerator -> linkToDocs ( 'admin-config' ) ]) . " \n " ;
2013-11-25 16:04:23 +04:00
exit ;
} else {
OC_Template :: printErrorPage (
2014-05-29 03:21:54 +04:00
$l -> t ( 'Cannot write into "config" directory!' ),
2021-05-27 16:37:39 +03:00
$l -> t ( 'This can usually be fixed by giving the webserver write access to the config directory.' ) . ' '
. $l -> t ( 'But, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.' ) . ' '
. $l -> t ( 'See %s' , [ $urlGenerator -> linkToDocs ( 'admin-config' ) ]),
2018-07-05 18:09:38 +03:00
503
2013-11-25 16:04:23 +04:00
);
}
2013-01-03 23:11:00 +04:00
}
}
2021-01-20 23:55:16 +03:00
public static function checkInstalled ( \OC\SystemConfig $systemConfig ) {
2015-02-21 22:52:32 +03:00
if ( defined ( 'OC_CONSOLE' )) {
return ;
}
2013-01-14 23:30:28 +04:00
// Redirect to installer if not installed
2021-01-20 23:55:16 +03:00
if ( ! $systemConfig -> getValue ( 'installed' , false ) && OC :: $SUBURI !== '/index.php' && OC :: $SUBURI !== '/status.php' ) {
2014-07-25 21:39:29 +04:00
if ( OC :: $CLI ) {
throw new Exception ( 'Not installed' );
2014-07-24 15:45:06 +04:00
} else {
2016-08-25 15:27:58 +03:00
$url = OC :: $WEBROOT . '/index.php' ;
2014-07-25 21:39:29 +04:00
header ( 'Location: ' . $url );
2013-01-14 23:30:28 +04:00
}
exit ();
}
}
2021-01-20 23:55:16 +03:00
public static function checkMaintenanceMode ( \OC\SystemConfig $systemConfig ) {
2013-01-04 06:32:33 +04:00
// Allow ajax update script to execute without being stopped
2021-01-20 23:55:16 +03:00
if ((( bool ) $systemConfig -> getValue ( 'maintenance' , false )) && OC :: $SUBURI != '/core/ajax/update.php' ) {
2013-01-15 00:39:55 +04:00
// send http status 503
2018-06-26 11:32:50 +03:00
http_response_code ( 503 );
2013-01-15 00:39:55 +04:00
header ( 'Retry-After: 120' );
// render error page
2015-04-10 00:47:24 +03:00
$template = new OC_Template ( '' , 'update.user' , 'guest' );
2019-05-16 17:40:02 +03:00
OC_Util :: addScript ( 'dist/maintenance' );
2017-06-14 00:43:25 +03:00
OC_Util :: addStyle ( 'core' , 'guest' );
2015-04-10 00:47:24 +03:00
$template -> printPage ();
2013-10-24 19:46:52 +04:00
die ();
2013-01-03 23:11:00 +04:00
}
}
2015-07-07 13:12:54 +03:00
/**
* Prints the upgrade page
2017-11-30 18:01:42 +03:00
*
* @ param \OC\SystemConfig $systemConfig
2015-07-07 13:12:54 +03:00
*/
2017-11-30 18:01:42 +03:00
private static function printUpgradePage ( \OC\SystemConfig $systemConfig ) {
2016-04-11 17:58:08 +03:00
$disableWebUpdater = $systemConfig -> getValue ( 'upgrade.disable-web' , false );
$tooBig = false ;
if ( ! $disableWebUpdater ) {
2016-04-22 16:52:18 +03:00
$apps = \OC :: $server -> getAppManager ();
2017-05-11 05:39:09 +03:00
if ( $apps -> isInstalled ( 'user_ldap' )) {
$qb = \OC :: $server -> getDatabaseConnection () -> getQueryBuilder ();
2018-10-19 17:44:28 +03:00
$result = $qb -> select ( $qb -> func () -> count ( '*' , 'user_count' ))
2017-05-11 05:39:09 +03:00
-> from ( 'ldap_user_mapping' )
-> execute ();
$row = $result -> fetch ();
$result -> closeCursor ();
$tooBig = ( $row [ 'user_count' ] > 50 );
}
if ( ! $tooBig && $apps -> isInstalled ( 'user_saml' )) {
$qb = \OC :: $server -> getDatabaseConnection () -> getQueryBuilder ();
2018-10-19 17:44:28 +03:00
$result = $qb -> select ( $qb -> func () -> count ( '*' , 'user_count' ))
2017-05-11 05:39:09 +03:00
-> from ( 'user_saml_users' )
-> execute ();
$row = $result -> fetch ();
$result -> closeCursor ();
$tooBig = ( $row [ 'user_count' ] > 50 );
}
2016-04-22 16:52:18 +03:00
if ( ! $tooBig ) {
// count users
$stats = \OC :: $server -> getUserManager () -> countUsers ();
$totalUsers = array_sum ( $stats );
$tooBig = ( $totalUsers > 50 );
}
2016-04-11 17:58:08 +03:00
}
2017-05-11 06:26:51 +03:00
$ignoreTooBigWarning = isset ( $_GET [ 'IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup' ]) &&
$_GET [ 'IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup' ] === 'IAmSuperSureToDoThis' ;
if ( $disableWebUpdater || ( $tooBig && ! $ignoreTooBigWarning )) {
2016-04-11 17:58:08 +03:00
// send http status 503
2018-06-26 11:32:50 +03:00
http_response_code ( 503 );
2016-04-11 17:58:08 +03:00
header ( 'Retry-After: 120' );
// render error page
$template = new OC_Template ( '' , 'update.use-cli' , 'guest' );
2016-08-04 13:48:25 +03:00
$template -> assign ( 'productName' , 'nextcloud' ); // for now
2016-04-11 17:58:08 +03:00
$template -> assign ( 'version' , OC_Util :: getVersionString ());
$template -> assign ( 'tooBig' , $tooBig );
$template -> printPage ();
die ();
}
// check whether this is a core update or apps update
$installedVersion = $systemConfig -> getValue ( 'version' , '0.0.0' );
$currentVersion = implode ( '.' , \OCP\Util :: getVersion ());
// if not a core upgrade, then it's apps upgrade
2018-01-27 01:46:40 +03:00
$isAppsOnlyUpgrade = version_compare ( $currentVersion , $installedVersion , '=' );
2016-04-11 17:58:08 +03:00
2015-07-07 13:12:54 +03:00
$oldTheme = $systemConfig -> getValue ( 'theme' );
$systemConfig -> setValue ( 'theme' , '' );
2017-01-10 19:44:39 +03:00
OC_Util :: addScript ( 'update' );
2015-07-07 13:12:54 +03:00
2016-11-16 14:27:22 +03:00
/** @var \OC\App\AppManager $appManager */
2015-07-07 13:12:54 +03:00
$appManager = \OC :: $server -> getAppManager ();
$tmpl = new OC_Template ( '' , 'update.admin' , 'guest' );
$tmpl -> assign ( 'version' , OC_Util :: getVersionString ());
2016-04-11 17:58:08 +03:00
$tmpl -> assign ( 'isAppsOnlyUpgrade' , $isAppsOnlyUpgrade );
2015-08-20 12:14:30 +03:00
// get third party apps
2015-12-18 17:26:54 +03:00
$ocVersion = \OCP\Util :: getVersion ();
2018-02-21 15:00:41 +03:00
$ocVersion = implode ( '.' , $ocVersion );
2016-11-02 11:40:10 +03:00
$incompatibleApps = $appManager -> getIncompatibleApps ( $ocVersion );
2016-11-16 14:27:22 +03:00
$incompatibleShippedApps = [];
2016-11-02 11:40:10 +03:00
foreach ( $incompatibleApps as $appInfo ) {
if ( $appManager -> isShipped ( $appInfo [ 'id' ])) {
2016-11-16 14:27:22 +03:00
$incompatibleShippedApps [] = $appInfo [ 'name' ] . ' (' . $appInfo [ 'id' ] . ')' ;
2016-11-02 11:40:10 +03:00
}
}
2016-11-16 14:27:22 +03:00
if ( ! empty ( $incompatibleShippedApps )) {
$l = \OC :: $server -> getL10N ( 'core' );
2019-03-25 18:04:39 +03:00
$hint = $l -> t ( 'The files of the app %1$s were not replaced correctly. Make sure it is a version compatible with the server.' , [ implode ( ', ' , $incompatibleShippedApps )]);
2016-11-16 14:27:22 +03:00
throw new \OC\HintException ( 'The files of the app ' . implode ( ', ' , $incompatibleShippedApps ) . ' were not replaced correctly. Make sure it is a version compatible with the server.' , $hint );
}
2015-08-20 12:14:30 +03:00
$tmpl -> assign ( 'appsToUpgrade' , $appManager -> getAppsNeedingUpgrade ( $ocVersion ));
2016-11-02 11:40:10 +03:00
$tmpl -> assign ( 'incompatibleAppsList' , $incompatibleApps );
2021-03-22 18:32:35 +03:00
try {
$defaults = new \OC_Defaults ();
$tmpl -> assign ( 'productName' , $defaults -> getName ());
} catch ( Throwable $error ) {
$tmpl -> assign ( 'productName' , 'Nextcloud' );
}
2015-07-07 13:12:54 +03:00
$tmpl -> assign ( 'oldTheme' , $oldTheme );
$tmpl -> printPage ();
}
2013-01-31 01:55:33 +04:00
public static function initSession () {
2020-04-10 15:19:56 +03:00
if ( self :: $server -> getRequest () -> getServerProtocol () === 'https' ) {
2021-04-26 13:44:05 +03:00
ini_set ( 'session.cookie_secure' , 'true' );
2017-12-12 16:33:30 +03:00
}
2013-01-14 23:30:28 +04:00
// prevents javascript from accessing php session cookies
2017-12-05 01:20:48 +03:00
ini_set ( 'session.cookie_httponly' , 'true' );
2013-01-14 23:30:28 +04:00
2016-06-22 09:41:10 +03:00
// set the cookie path to the Nextcloud directory
2013-07-02 19:45:34 +04:00
$cookie_path = OC :: $WEBROOT ? : '/' ;
2013-04-18 23:11:55 +04:00
ini_set ( 'session.cookie_path' , $cookie_path );
2013-04-06 02:16:52 +04:00
2014-05-12 19:08:28 +04:00
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util :: getInstanceId ();
2013-07-02 19:45:34 +04:00
try {
2020-07-07 22:42:20 +03:00
// set the session name to the instance id - which is unique
$session = new \OC\Session\Internal ( $sessionName );
2015-07-20 13:59:04 +03:00
$cryptoWrapper = \OC :: $server -> getSessionCryptoWrapper ();
$session = $cryptoWrapper -> wrapSession ( $session );
self :: $server -> setSession ( $session );
2016-04-07 20:51:27 +03:00
// if session can't be started break with http 500 error
2013-07-02 19:45:34 +04:00
} catch ( Exception $e ) {
2018-03-12 20:10:59 +03:00
\OC :: $server -> getLogger () -> logException ( $e , [ 'app' => 'base' ]);
2013-11-05 00:55:55 +04:00
//show the user a detailed error page
2018-06-26 13:15:09 +03:00
OC_Template :: printExceptionErrorPage ( $e , 500 );
2016-01-10 01:56:28 +03:00
die ();
2013-02-25 21:37:05 +04:00
}
2013-01-14 23:30:28 +04:00
2013-06-26 11:19:19 +04:00
$sessionLifeTime = self :: getSessionLifeTime ();
2013-01-14 23:30:28 +04:00
// session timeout
2014-07-16 21:40:22 +04:00
if ( $session -> exists ( 'LAST_ACTIVITY' ) && ( time () - $session -> get ( 'LAST_ACTIVITY' ) > $sessionLifeTime )) {
2013-01-14 23:30:28 +04:00
if ( isset ( $_COOKIE [ session_name ()])) {
2018-09-06 21:34:16 +03:00
setcookie ( session_name (), '' , - 1 , self :: $WEBROOT ? : '/' );
2013-01-14 23:30:28 +04:00
}
2016-05-12 13:09:13 +03:00
\OC :: $server -> getUserSession () -> logout ();
2013-01-14 23:30:28 +04:00
}
2013-05-28 03:04:09 +04:00
2014-07-16 21:40:22 +04:00
$session -> set ( 'LAST_ACTIVITY' , time ());
2013-01-14 23:30:28 +04:00
}
2013-06-26 11:19:19 +04:00
/**
2014-02-06 19:30:58 +04:00
* @ return string
2013-06-26 11:19:19 +04:00
*/
private static function getSessionLifeTime () {
2014-11-19 15:06:22 +03:00
return \OC :: $server -> getConfig () -> getSystemValue ( 'session_lifetime' , 60 * 60 * 24 );
2013-06-26 11:19:19 +04:00
}
2015-05-03 14:23:29 +03:00
/**
2016-06-22 09:41:10 +03:00
* Try to set some values to the required Nextcloud default
2015-05-03 14:23:29 +03:00
*/
public static function setRequiredIniValues () {
@ ini_set ( 'default_charset' , 'UTF-8' );
2017-12-05 01:20:48 +03:00
@ ini_set ( 'gd.jpeg_ignore_warning' , '1' );
2015-05-03 14:23:29 +03:00
}
2013-01-18 00:42:33 +04:00
2016-07-20 18:37:30 +03:00
/**
* Send the same site cookies
*/
private static function sendSameSiteCookies () {
$cookieParams = session_get_cookie_params ();
$secureCookie = ( $cookieParams [ 'secure' ] === true ) ? 'secure; ' : '' ;
$policies = [
'lax' ,
'strict' ,
];
2016-11-23 14:53:44 +03:00
// Append __Host to the cookie if it meets the requirements
$cookiePrefix = '' ;
2020-04-10 15:19:56 +03:00
if ( $cookieParams [ 'secure' ] === true && $cookieParams [ 'path' ] === '/' ) {
2016-11-23 14:53:44 +03:00
$cookiePrefix = '__Host-' ;
}
2020-04-10 15:19:56 +03:00
foreach ( $policies as $policy ) {
2016-07-20 18:37:30 +03:00
header (
sprintf (
2016-11-23 14:53:44 +03:00
'Set-Cookie: %snc_sameSiteCookie%s=true; path=%s; httponly;' . $secureCookie . 'expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=%s' ,
$cookiePrefix ,
2016-07-20 18:37:30 +03:00
$policy ,
$cookieParams [ 'path' ],
$policy
),
false
);
}
}
/**
* Same Site cookie to further mitigate CSRF attacks . This cookie has to
* be set in every request if cookies are sent to add a second level of
* defense against CSRF .
*
* If the cookie is not sent this will set the cookie and reload the page .
* We use an additional cookie since we want to protect logout CSRF and
* also we can 't directly interfere with PHP' s session mechanism .
*/
2021-01-20 23:55:16 +03:00
private static function performSameSiteCookieProtection ( \OCP\IConfig $config ) {
2016-09-08 18:14:32 +03:00
$request = \OC :: $server -> getRequest ();
// Some user agents are notorious and don't really properly follow HTTP
// specifications. For those, have an automated opt-out. Since the protection
// for remote.php is applied in base.php as starting point we need to opt out
// here.
2021-01-20 23:55:16 +03:00
$incompatibleUserAgents = $config -> getSystemValue ( 'csrf.optout' );
2018-01-31 16:17:56 +03:00
// Fallback, if csrf.optout is unset
if ( ! is_array ( $incompatibleUserAgents )) {
$incompatibleUserAgents = [
// OS X Finder
'/^WebDAVFS/' ,
// Windows webdav drive
'/^Microsoft-WebDAV-MiniRedir/' ,
];
}
2020-04-10 15:19:56 +03:00
if ( $request -> isUserAgent ( $incompatibleUserAgents )) {
2016-09-08 18:14:32 +03:00
return ;
}
2020-04-10 15:19:56 +03:00
if ( count ( $_COOKIE ) > 0 ) {
2016-07-20 18:37:30 +03:00
$requestUri = $request -> getScriptName ();
$processingScript = explode ( '/' , $requestUri );
2020-10-05 16:12:57 +03:00
$processingScript = $processingScript [ count ( $processingScript ) - 1 ];
2017-09-27 09:28:09 +03:00
2017-09-22 13:21:44 +03:00
// index.php routes are handled in the middleware
2020-04-10 15:19:56 +03:00
if ( $processingScript === 'index.php' ) {
2017-09-22 13:21:44 +03:00
return ;
}
// All other endpoints require the lax and the strict cookie
2020-04-10 15:19:56 +03:00
if ( ! $request -> passesStrictCookieCheck ()) {
2017-09-22 13:21:44 +03:00
self :: sendSameSiteCookies ();
// Debug mode gets access to the resources without strict cookie
// due to the fact that the SabreDAV browser also lives there.
2021-01-20 23:55:16 +03:00
if ( ! $config -> getSystemValue ( 'debug' , false )) {
2017-09-22 13:21:44 +03:00
http_response_code ( \OCP\AppFramework\Http :: STATUS_SERVICE_UNAVAILABLE );
2016-07-20 18:37:30 +03:00
exit ();
}
}
2020-04-10 15:19:56 +03:00
} elseif ( ! isset ( $_COOKIE [ 'nc_sameSiteCookielax' ]) || ! isset ( $_COOKIE [ 'nc_sameSiteCookiestrict' ])) {
2016-07-20 18:37:30 +03:00
self :: sendSameSiteCookies ();
}
}
2013-01-31 01:55:33 +04:00
public static function init () {
2015-08-18 16:35:02 +03:00
// calculate the root directories
OC :: $SERVERROOT = str_replace ( " \\ " , '/' , substr ( __DIR__ , 0 , - 4 ));
2013-01-14 23:30:28 +04:00
// register autoloader
2014-10-15 15:53:19 +04:00
$loaderStart = microtime ( true );
2013-05-08 00:53:07 +04:00
require_once __DIR__ . '/autoloader.php' ;
2015-08-18 16:35:02 +03:00
self :: $loader = new \OC\Autoloader ([
2016-05-19 16:32:20 +03:00
OC :: $SERVERROOT . '/lib/private/legacy' ,
2015-08-18 16:35:02 +03:00
]);
2016-01-10 23:36:14 +03:00
if ( defined ( 'PHPUNIT_RUN' )) {
self :: $loader -> addValidRoot ( OC :: $SERVERROOT . '/tests' );
}
2020-03-26 11:30:18 +03:00
spl_autoload_register ([ self :: $loader , 'load' ]);
2014-10-15 15:53:19 +04:00
$loaderEnd = microtime ( true );
2013-01-14 23:30:28 +04:00
2015-02-23 23:49:35 +03:00
self :: $CLI = ( php_sapi_name () == 'cli' );
2016-04-22 16:28:09 +03:00
// Add default composer PSR-4 autoloader
2016-05-02 15:10:53 +03:00
self :: $composerAutoloader = require_once OC :: $SERVERROOT . '/lib/composer/autoload.php' ;
2016-04-22 16:28:09 +03:00
2015-03-18 13:48:51 +03:00
try {
self :: initPaths ();
// setup 3rdparty autoloader
2016-04-14 18:59:49 +03:00
$vendorAutoLoad = OC :: $SERVERROOT . '/3rdparty/autoload.php' ;
2015-03-18 13:48:51 +03:00
if ( ! file_exists ( $vendorAutoLoad )) {
2015-09-03 15:55:26 +03:00
throw new \RuntimeException ( 'Composer autoloader not found, unable to continue. Check the folder "3rdparty". Running "git submodule update --init" will initialize the git submodule that handles the subfolder "3rdparty".' );
2015-03-18 13:48:51 +03:00
}
2014-11-17 15:10:15 +03:00
require_once $vendorAutoLoad ;
2015-03-18 13:48:51 +03:00
} catch ( \RuntimeException $e ) {
2016-03-09 17:40:34 +03:00
if ( ! self :: $CLI ) {
2018-06-26 11:32:50 +03:00
http_response_code ( 503 );
2016-03-09 17:40:34 +03:00
}
2015-01-31 18:04:24 +03:00
// we can't use the template error page here, because this needs the
// DI container which isn't available yet
2015-03-18 13:48:51 +03:00
print ( $e -> getMessage ());
2015-01-31 18:04:24 +03:00
exit ();
2014-07-29 05:48:17 +04:00
}
// setup the basic server
2015-12-18 13:24:15 +03:00
self :: $server = new \OC\Server ( \OC :: $WEBROOT , self :: $config );
2020-04-22 16:21:15 +03:00
self :: $server -> boot ();
2021-01-20 23:55:16 +03:00
$eventLogger = \OC :: $server -> getEventLogger ();
$eventLogger -> log ( 'autoloader' , 'Autoloader' , $loaderStart , $loaderEnd );
$eventLogger -> start ( 'boot' , 'Initialize' );
2013-01-14 23:30:28 +04:00
2020-03-09 22:01:05 +03:00
// Override php.ini and log everything if we're troubleshooting
if ( self :: $config -> getValue ( 'loglevel' ) === ILogger :: DEBUG ) {
2020-03-09 22:59:54 +03:00
error_reporting ( E_ALL );
2020-03-09 22:01:05 +03:00
}
2015-05-05 13:34:22 +03:00
// Don't display errors and log them
2017-12-05 01:20:48 +03:00
@ ini_set ( 'display_errors' , '0' );
@ ini_set ( 'log_errors' , '1' );
2013-01-14 23:30:28 +04:00
2020-04-10 15:19:56 +03:00
if ( ! date_default_timezone_set ( 'UTC' )) {
2016-10-24 16:03:18 +03:00
throw new \RuntimeException ( 'Could not set timezone to UTC' );
2018-01-27 01:46:40 +03:00
}
2013-01-14 23:30:28 +04:00
//try to configure php to enable big file uploads.
//this doesn´ t work always depending on the webserver and php configuration.
2015-09-21 20:19:25 +03:00
//Let´ s try to overwrite some defaults anyway
2013-01-14 23:30:28 +04:00
//try to set the maximum execution time to 60min
2017-03-11 19:04:21 +03:00
if ( strpos ( @ ini_get ( 'disable_functions' ), 'set_time_limit' ) === false ) {
@ set_time_limit ( 3600 );
}
2017-12-05 01:20:48 +03:00
@ ini_set ( 'max_execution_time' , '3600' );
@ ini_set ( 'max_input_time' , '3600' );
2013-01-14 23:30:28 +04:00
2015-05-03 14:23:29 +03:00
self :: setRequiredIniValues ();
2014-07-19 04:16:28 +04:00
self :: handleAuthHeaders ();
2021-01-20 23:55:16 +03:00
$systemConfig = \OC :: $server -> get ( \OC\SystemConfig :: class );
self :: registerAutoloaderCache ( $systemConfig );
2014-07-29 13:14:36 +04:00
2021-01-07 17:55:49 +03:00
// initialize intl fallback if necessary
2014-07-29 05:48:17 +04:00
OC_Util :: isSetLocaleWorking ();
2014-09-09 16:41:45 +04:00
2021-01-20 23:55:16 +03:00
$config = \OC :: $server -> get ( \OCP\IConfig :: class );
2013-07-22 00:40:35 +04:00
if ( ! defined ( 'PHPUNIT_RUN' )) {
2016-04-18 23:30:01 +03:00
OC\Log\ErrorHandler :: setLogger ( \OC :: $server -> getLogger ());
2021-01-20 23:55:16 +03:00
$debug = $config -> getSystemValue ( 'debug' , false );
2016-04-18 23:30:01 +03:00
OC\Log\ErrorHandler :: register ( $debug );
2013-02-15 06:15:09 +04:00
}
2020-05-07 22:10:30 +03:00
/** @var \OC\AppFramework\Bootstrap\Coordinator $bootstrapCoordinator */
$bootstrapCoordinator = \OC :: $server -> query ( \OC\AppFramework\Bootstrap\Coordinator :: class );
2020-11-16 21:41:22 +03:00
$bootstrapCoordinator -> runInitialRegistration ();
2020-05-07 22:10:30 +03:00
2021-01-20 23:55:16 +03:00
$eventLogger -> start ( 'init_session' , 'Initialize session' );
2020-03-26 11:30:18 +03:00
OC_App :: loadApps ([ 'session' ]);
2014-11-26 15:16:22 +03:00
if ( ! self :: $CLI ) {
2014-07-25 21:39:29 +04:00
self :: initSession ();
2013-04-19 17:18:27 +04:00
}
2021-01-20 23:55:16 +03:00
$eventLogger -> end ( 'init_session' );
2013-05-31 19:31:52 +04:00
self :: checkConfig ();
2021-01-20 23:55:16 +03:00
self :: checkInstalled ( $systemConfig );
2015-01-19 13:56:04 +03:00
2014-05-12 17:14:01 +04:00
OC_Response :: addSecurityHeaders ();
2013-01-14 23:30:28 +04:00
2021-01-20 23:55:16 +03:00
self :: performSameSiteCookieProtection ( $config );
2016-07-20 18:37:30 +03:00
2015-04-08 01:19:23 +03:00
if ( ! defined ( 'OC_CONSOLE' )) {
2021-01-20 23:55:16 +03:00
$errors = OC_Util :: checkServer ( $systemConfig );
2015-04-08 01:19:23 +03:00
if ( count ( $errors ) > 0 ) {
2019-09-16 20:38:13 +03:00
if ( ! self :: $CLI ) {
http_response_code ( 503 );
OC_Util :: addStyle ( 'guest' );
2015-04-08 01:19:23 +03:00
try {
2020-03-26 11:30:18 +03:00
OC_Template :: printGuestPage ( '' , 'error' , [ 'errors' => $errors ]);
2019-09-16 20:38:13 +03:00
exit ;
2015-04-08 01:19:23 +03:00
} catch ( \Exception $e ) {
2019-09-16 20:38:13 +03:00
// In case any error happens when showing the error page, we simply fall back to posting the text.
// This might be the case when e.g. the data directory is broken and we can not load/write SCSS to/from it.
2015-04-08 01:19:23 +03:00
}
2015-02-27 22:04:52 +03:00
}
2019-09-16 20:38:13 +03:00
// Convert l10n string into regular string for usage in database
$staticErrors = [];
foreach ( $errors as $error ) {
echo $error [ 'error' ] . " \n " ;
echo $error [ 'hint' ] . " \n \n " ;
$staticErrors [] = [
'error' => ( string ) $error [ 'error' ],
'hint' => ( string ) $error [ 'hint' ],
];
}
try {
2021-01-20 23:55:16 +03:00
$config -> setAppValue ( 'core' , 'cronErrors' , json_encode ( $staticErrors ));
2019-09-16 20:38:13 +03:00
} catch ( \Exception $e ) {
echo ( 'Writing to database failed' );
}
exit ( 1 );
2021-01-20 23:55:16 +03:00
} elseif ( self :: $CLI && $config -> getSystemValue ( 'installed' , false )) {
$config -> deleteAppValue ( 'core' , 'cronErrors' );
2015-04-08 01:19:23 +03:00
}
2013-01-14 23:30:28 +04:00
}
2013-06-26 11:19:19 +04:00
//try to set the session lifetime
$sessionLifeTime = self :: getSessionLifeTime ();
@ ini_set ( 'gc_maxlifetime' , ( string ) $sessionLifeTime );
2013-01-14 23:30:28 +04:00
// User and Groups
2014-11-28 20:52:09 +03:00
if ( ! $systemConfig -> getValue ( " installed " , false )) {
2014-07-16 21:40:22 +04:00
self :: $server -> getSession () -> set ( 'user_id' , '' );
2013-01-14 23:30:28 +04:00
}
2016-05-04 09:34:39 +03:00
OC_User :: useBackend ( new \OC\User\Database ());
2017-03-03 10:24:27 +03:00
\OC :: $server -> getGroupManager () -> addBackend ( new \OC\Group\Database ());
2013-12-11 17:01:48 +04:00
2015-10-05 12:50:36 +03:00
// Subscribe to the hook
\OCP\Util :: connectHook (
'\OCA\Files_Sharing\API\Server2Server' ,
'preLoginNameUsedAsUserName' ,
2016-05-24 11:42:11 +03:00
'\OC\User\Database' ,
2015-10-05 12:50:36 +03:00
'preLoginNameUsedAsUserName'
);
2013-01-14 23:30:28 +04:00
//setup extra user backends
2017-11-30 18:00:19 +03:00
if ( ! \OCP\Util :: needUpgrade ()) {
2014-09-08 14:30:04 +04:00
OC_User :: setupBackends ();
2016-05-12 12:56:58 +03:00
} else {
// Run upgrades in incognito mode
OC_User :: setIncognitoMode ( true );
2014-09-08 14:30:04 +04:00
}
2013-01-14 23:30:28 +04:00
2021-01-20 23:55:16 +03:00
self :: registerCleanupHooks ( $systemConfig );
2013-01-14 23:30:28 +04:00
self :: registerFilesystemHooks ();
2021-01-20 23:55:16 +03:00
self :: registerShareHooks ( $systemConfig );
self :: registerEncryptionWrapperAndHooks ();
2016-11-23 23:19:06 +03:00
self :: registerAccountHooks ();
2019-02-22 17:04:59 +03:00
self :: registerResourceCollectionHooks ();
2019-06-25 16:20:06 +03:00
self :: registerAppRestrictionsHooks ();
2013-01-14 23:30:28 +04:00
2018-01-29 15:15:05 +03:00
// Make sure that the application class is not loaded before the database is setup
if ( $systemConfig -> getValue ( " installed " , false )) {
2019-09-17 17:33:27 +03:00
OC_App :: loadApp ( 'settings' );
2018-01-29 15:15:05 +03:00
}
2017-04-12 16:19:45 +03:00
2013-01-14 23:30:28 +04:00
//make sure temporary files are cleaned up
2014-10-22 19:36:52 +04:00
$tmpManager = \OC :: $server -> getTempManager ();
2020-03-26 11:30:18 +03:00
register_shutdown_function ([ $tmpManager , 'clean' ]);
2015-05-19 18:12:09 +03:00
$lockProvider = \OC :: $server -> getLockingProvider ();
2020-03-26 11:30:18 +03:00
register_shutdown_function ([ $lockProvider , 'releaseAll' ]);
2013-01-14 23:30:28 +04:00
2014-08-14 02:06:19 +04:00
// Check whether the sample configuration has been copied
2020-04-10 15:19:56 +03:00
if ( $systemConfig -> getValue ( 'copied_sample_config' , false )) {
2014-08-31 12:05:59 +04:00
$l = \OC :: $server -> getL10N ( 'lib' );
2014-08-14 02:06:19 +04:00
OC_Template :: printErrorPage (
$l -> t ( 'Sample configuration detected' ),
2018-06-26 10:17:37 +03:00
$l -> t ( 'It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php' ),
2018-07-05 18:09:38 +03:00
503
2014-08-14 02:06:19 +04:00
);
return ;
}
2014-09-05 16:10:35 +04:00
2015-02-10 15:02:48 +03:00
$request = \OC :: $server -> getRequest ();
$host = $request -> getInsecureServerHost ();
/**
* if the host passed in headers isn ' t trusted
* FIXME : Should not be in here at all : see_no_evil :
*/
2014-09-05 16:10:35 +04:00
if ( ! OC :: $CLI
2015-02-17 00:12:47 +03:00
&& ! \OC :: $server -> getTrustedDomainHelper () -> isTrustedDomain ( $host )
2021-01-20 23:55:16 +03:00
&& $config -> getSystemValue ( 'installed' , false )
2014-09-05 16:10:35 +04:00
) {
2017-01-09 14:52:43 +03:00
// Allow access to CSS resources
$isScssRequest = false ;
2020-04-10 15:19:56 +03:00
if ( strpos ( $request -> getPathInfo (), '/css/' ) === 0 ) {
2017-01-09 14:52:43 +03:00
$isScssRequest = true ;
}
2020-04-10 15:19:56 +03:00
if ( substr ( $request -> getRequestUri (), - 11 ) === '/status.php' ) {
2018-06-26 11:32:50 +03:00
http_response_code ( 400 );
2018-01-22 17:58:57 +03:00
header ( 'Content-Type: application/json' );
echo '{"error": "Trusted domain error.", "code": 15}' ;
exit ();
}
2017-01-09 14:52:43 +03:00
if ( ! $isScssRequest ) {
2018-06-26 11:32:50 +03:00
http_response_code ( 400 );
2014-09-08 18:15:31 +04:00
2018-04-17 18:47:11 +03:00
\OC :: $server -> getLogger () -> info (
2015-11-10 13:13:25 +03:00
'Trusted domain error. "{remoteAddress}" tried to access using "{host}" as host.' ,
[
'app' => 'core' ,
'remoteAddress' => $request -> getRemoteAddress (),
'host' => $host ,
]
2017-01-09 14:52:43 +03:00
);
2015-11-10 13:13:25 +03:00
2017-01-09 14:52:43 +03:00
$tmpl = new OCP\Template ( 'core' , 'untrustedDomain' , 'guest' );
2018-04-17 18:47:11 +03:00
$tmpl -> assign ( 'docUrl' , \OC :: $server -> getURLGenerator () -> linkToDocs ( 'admin-trusted-domains' ));
2017-01-09 14:52:43 +03:00
$tmpl -> printPage ();
2014-09-08 18:15:31 +04:00
2017-01-09 14:52:43 +03:00
exit ();
}
2014-09-05 16:10:35 +04:00
}
2021-01-20 23:55:16 +03:00
$eventLogger -> end ( 'boot' );
2013-01-14 23:30:28 +04:00
}
2015-06-05 15:21:17 +03:00
/**
2017-11-23 15:37:50 +03:00
* register hooks for the cleanup of cache and bruteforce protection
2015-06-05 15:21:17 +03:00
*/
2021-01-20 23:55:16 +03:00
public static function registerCleanupHooks ( \OC\SystemConfig $systemConfig ) {
2015-06-05 15:21:17 +03:00
//don't try to do this before we are properly setup
2021-01-20 23:55:16 +03:00
if ( $systemConfig -> getValue ( 'installed' , false ) && ! \OCP\Util :: needUpgrade ()) {
2015-06-05 15:21:17 +03:00
// NOTE: This will be replaced to use OCP
$userSession = self :: $server -> getUserSession ();
2017-11-23 15:37:50 +03:00
$userSession -> listen ( '\OC\User' , 'postLogin' , function () use ( $userSession ) {
2020-04-03 23:51:46 +03:00
if ( ! defined ( 'PHPUNIT_RUN' ) && $userSession -> isLoggedIn ()) {
2017-11-23 15:37:50 +03:00
// reset brute force delay for this IP address and username
$uid = \OC :: $server -> getUserSession () -> getUser () -> getUID ();
$request = \OC :: $server -> getRequest ();
$throttler = \OC :: $server -> getBruteForceThrottler ();
$throttler -> resetDelay ( $request -> getRemoteAddress (), 'login' , [ 'user' => $uid ]);
}
2015-06-30 18:36:55 +03:00
try {
$cache = new \OC\Cache\File ();
$cache -> gc ();
2016-03-03 03:15:36 +03:00
} catch ( \OC\ServerNotAvailableException $e ) {
// not a GC exception, pass it on
throw $e ;
2017-04-27 22:48:06 +03:00
} catch ( \OC\ForbiddenException $e ) {
// filesystem blocked for this request, ignore
2015-06-30 18:36:55 +03:00
} catch ( \Exception $e ) {
// a GC exception should not prevent users from using OC,
// so log the exception
2018-01-17 17:21:56 +03:00
\OC :: $server -> getLogger () -> logException ( $e , [
'message' => 'Exception when running cache gc.' ,
2018-04-25 16:22:28 +03:00
'level' => ILogger :: WARN ,
2018-01-17 17:21:56 +03:00
'app' => 'core' ,
]);
2015-06-30 18:36:55 +03:00
}
2015-06-08 15:13:38 +03:00
});
2015-06-05 15:21:17 +03:00
}
}
2021-01-20 23:55:16 +03:00
private static function registerEncryptionWrapperAndHooks () {
2016-03-31 00:20:37 +03:00
$manager = self :: $server -> getEncryptionManager ();
\OCP\Util :: connectHook ( 'OC_Filesystem' , 'preSetup' , $manager , 'setupStorage' );
2015-01-14 22:39:23 +03:00
2021-01-20 23:55:16 +03:00
$enabled = $manager -> isEnabled ();
2015-01-14 22:39:23 +03:00
if ( $enabled ) {
2018-01-26 01:16:13 +03:00
\OCP\Util :: connectHook ( Share :: class , 'post_shared' , HookManager :: class , 'postShared' );
\OCP\Util :: connectHook ( Share :: class , 'post_unshare' , HookManager :: class , 'postUnshared' );
\OCP\Util :: connectHook ( 'OC_Filesystem' , 'post_rename' , HookManager :: class , 'postRename' );
\OCP\Util :: connectHook ( '\OCA\Files_Trashbin\Trashbin' , 'post_restore' , HookManager :: class , 'postRestore' );
2015-01-14 22:39:23 +03:00
}
}
2016-11-23 23:19:06 +03:00
private static function registerAccountHooks () {
2020-10-20 18:43:50 +03:00
$hookHandler = \OC :: $server -> get ( \OC\Accounts\Hooks :: class );
2016-11-23 23:19:06 +03:00
\OCP\Util :: connectHook ( 'OC_User' , 'changeUser' , $hookHandler , 'changeUserHook' );
}
2019-06-25 16:20:06 +03:00
private static function registerAppRestrictionsHooks () {
2020-10-14 14:00:20 +03:00
/** @var \OC\Group\Manager $groupManager */
2019-06-25 16:20:06 +03:00
$groupManager = self :: $server -> query ( \OCP\IGroupManager :: class );
2020-04-09 17:05:56 +03:00
$groupManager -> listen ( '\OC\Group' , 'postDelete' , function ( \OCP\IGroup $group ) {
2019-06-25 16:20:06 +03:00
$appManager = self :: $server -> getAppManager ();
$apps = $appManager -> getEnabledAppsForGroup ( $group );
foreach ( $apps as $appId ) {
$restrictions = $appManager -> getAppRestriction ( $appId );
if ( empty ( $restrictions )) {
continue ;
}
$key = array_search ( $group -> getGID (), $restrictions );
unset ( $restrictions [ $key ]);
$restrictions = array_values ( $restrictions );
if ( empty ( $restrictions )) {
$appManager -> disableApp ( $appId );
2020-04-10 15:19:56 +03:00
} else {
2019-06-25 16:20:06 +03:00
$appManager -> enableAppForGroups ( $appId , $restrictions );
}
}
});
}
2019-02-22 17:04:59 +03:00
private static function registerResourceCollectionHooks () {
\OC\Collaboration\Resources\Listener :: register ( \OC :: $server -> getEventDispatcher ());
}
2013-01-14 23:30:28 +04:00
/**
* register hooks for the filesystem
*/
2013-01-31 01:55:33 +04:00
public static function registerFilesystemHooks () {
2013-01-14 23:30:28 +04:00
// Check for blacklisted files
2018-01-26 01:16:13 +03:00
OC_Hook :: connect ( 'OC_Filesystem' , 'write' , Filesystem :: class , 'isBlacklisted' );
OC_Hook :: connect ( 'OC_Filesystem' , 'rename' , Filesystem :: class , 'isBlacklisted' );
2013-01-14 23:30:28 +04:00
}
/**
* register hooks for sharing
*/
2021-01-20 23:55:16 +03:00
public static function registerShareHooks ( \OC\SystemConfig $systemConfig ) {
if ( $systemConfig -> getValue ( 'installed' )) {
2018-01-26 01:16:13 +03:00
OC_Hook :: connect ( 'OC_User' , 'post_deleteUser' , Hooks :: class , 'post_deleteUser' );
OC_Hook :: connect ( 'OC_User' , 'post_deleteGroup' , Hooks :: class , 'post_deleteGroup' );
2020-07-27 13:12:11 +03:00
2020-07-07 22:17:25 +03:00
/** @var IEventDispatcher $dispatcher */
$dispatcher = \OC :: $server -> get ( IEventDispatcher :: class );
2020-07-27 13:12:11 +03:00
$dispatcher -> addServiceListener ( UserRemovedEvent :: class , \OC\Share20\UserRemovedListener :: class );
2013-05-17 03:20:02 +04:00
}
2013-01-14 23:30:28 +04:00
}
2021-01-20 23:55:16 +03:00
protected static function registerAutoloaderCache ( \OC\SystemConfig $systemConfig ) {
2014-07-29 13:18:40 +04:00
// The class loader takes an optional low-latency cache, which MUST be
// namespaced. The instanceid is used for namespacing, but might be
2016-04-07 20:51:27 +03:00
// unavailable at this point. Furthermore, it might not be possible to
2014-07-29 13:18:40 +04:00
// generate an instanceid via \OC_Util::getInstanceId() because the
// config file may not be writable. As such, we only register a class
// loader cache if instanceid is available without trying to create one.
2021-01-20 23:55:16 +03:00
$instanceId = $systemConfig -> getValue ( 'instanceid' , null );
2014-07-29 13:18:40 +04:00
if ( $instanceId ) {
try {
2015-01-14 21:25:00 +03:00
$memcacheFactory = \OC :: $server -> getMemCacheFactory ();
self :: $loader -> setMemoryCache ( $memcacheFactory -> createLocal ( 'Autoloader' ));
2014-07-29 13:18:40 +04:00
} catch ( \Exception $ex ) {
}
}
}
2013-01-14 23:30:28 +04:00
/**
2014-05-19 19:50:53 +04:00
* Handle the request
2013-01-14 23:30:28 +04:00
*/
2013-01-31 01:55:33 +04:00
public static function handleRequest () {
2014-10-04 00:13:55 +04:00
\OC :: $server -> getEventLogger () -> start ( 'handle_request' , 'Handle request' );
2014-11-28 20:52:09 +03:00
$systemConfig = \OC :: $server -> getSystemConfig ();
2013-01-18 00:42:33 +04:00
2016-06-22 09:41:10 +03:00
// Check if Nextcloud is installed or in maintenance (update) mode
2014-11-28 20:52:09 +03:00
if ( ! $systemConfig -> getValue ( 'installed' , false )) {
2014-10-31 13:21:00 +03:00
\OC :: $server -> getSession () -> clear ();
2017-11-24 12:27:58 +03:00
$setupHelper = new OC\Setup (
2017-11-30 18:01:42 +03:00
$systemConfig ,
2020-08-20 15:08:18 +03:00
\OC :: $server -> get ( \bantu\IniGetWrapper\IniGetWrapper :: class ),
2017-11-24 12:27:58 +03:00
\OC :: $server -> getL10N ( 'lib' ),
\OC :: $server -> query ( \OCP\Defaults :: class ),
2021-04-22 16:22:50 +03:00
\OC :: $server -> get ( \Psr\Log\LoggerInterface :: class ),
2017-11-24 12:27:58 +03:00
\OC :: $server -> getSecureRandom (),
\OC :: $server -> query ( \OC\Installer :: class )
);
2016-01-20 12:20:36 +03:00
$controller = new OC\Core\Controller\SetupController ( $setupHelper );
2013-09-10 22:19:42 +04:00
$controller -> run ( $_POST );
2013-01-31 01:55:33 +04:00
exit ();
}
2013-02-06 02:33:44 +04:00
2015-07-07 18:29:54 +03:00
$request = \OC :: $server -> getRequest ();
2016-03-17 19:32:38 +03:00
$requestPath = $request -> getRawPathInfo ();
2016-08-30 16:44:00 +03:00
if ( $requestPath === '/heartbeat' ) {
return ;
}
2015-07-07 18:29:54 +03:00
if ( substr ( $requestPath , - 3 ) !== '.js' ) { // we need these files during the upgrade
2021-01-20 23:55:16 +03:00
self :: checkMaintenanceMode ( $systemConfig );
2017-11-30 18:00:19 +03:00
if ( \OCP\Util :: needUpgrade ()) {
if ( function_exists ( 'opcache_reset' )) {
opcache_reset ();
}
2019-02-06 19:08:41 +03:00
if ( ! (( bool ) $systemConfig -> getValue ( 'maintenance' , false ))) {
2017-11-30 18:01:42 +03:00
self :: printUpgradePage ( $systemConfig );
2017-11-30 18:00:19 +03:00
exit ();
}
}
2013-01-31 02:05:44 +04:00
}
2013-01-31 01:55:33 +04:00
2015-07-07 18:29:54 +03:00
// emergency app disabling
if ( $requestPath === '/disableapp'
&& $request -> getMethod () === 'POST'
2017-04-25 22:19:49 +03:00
&& (( array ) $request -> getParam ( 'appid' )) !== ''
2015-07-07 18:29:54 +03:00
) {
2018-03-22 15:19:29 +03:00
\OC_JSON :: callCheck ();
\OC_JSON :: checkAdminUser ();
2017-04-25 22:19:49 +03:00
$appIds = ( array ) $request -> getParam ( 'appid' );
2020-04-10 15:19:56 +03:00
foreach ( $appIds as $appId ) {
2017-04-25 22:19:49 +03:00
$appId = \OC_App :: cleanAppId ( $appId );
2018-02-13 10:03:06 +03:00
\OC :: $server -> getAppManager () -> disableApp ( $appId );
2017-04-25 22:19:49 +03:00
}
2015-07-07 18:29:54 +03:00
\OC_JSON :: success ();
exit ();
}
2016-07-07 13:14:39 +03:00
// Always load authentication apps
OC_App :: loadApps ([ 'authentication' ]);
2015-02-24 20:00:26 +03:00
2015-01-09 22:59:23 +03:00
// Load minimum set of apps
2017-11-30 18:00:19 +03:00
if ( ! \OCP\Util :: needUpgrade ()
2019-02-06 19:08:41 +03:00
&& ! (( bool ) $systemConfig -> getValue ( 'maintenance' , false ))) {
2015-01-09 22:59:23 +03:00
// For logged-in users: Load everything
2020-04-10 15:19:56 +03:00
if ( \OC :: $server -> getUserSession () -> isLoggedIn ()) {
2015-01-09 22:59:23 +03:00
OC_App :: loadApps ();
} else {
2015-02-24 20:00:26 +03:00
// For guests: Load only filesystem and logging
2020-03-26 11:30:18 +03:00
OC_App :: loadApps ([ 'filesystem' , 'logging' ]);
2016-04-29 10:40:33 +03:00
self :: handleLogin ( $request );
2015-01-09 22:59:23 +03:00
}
}
2016-04-18 13:14:07 +03:00
if ( ! self :: $CLI ) {
2013-02-07 20:53:38 +04:00
try {
2019-02-06 19:08:41 +03:00
if ( ! (( bool ) $systemConfig -> getValue ( 'maintenance' , false )) && ! \OCP\Util :: needUpgrade ()) {
2020-03-26 11:30:18 +03:00
OC_App :: loadApps ([ 'filesystem' , 'logging' ]);
2014-06-24 19:37:58 +04:00
OC_App :: loadApps ();
2013-03-04 02:03:47 +04:00
}
2021-01-20 23:55:16 +03:00
OC :: $server -> get ( \OC\Route\Router :: class ) -> match ( $request -> getRawPathInfo ());
2013-02-07 20:53:38 +04:00
return ;
} catch ( Symfony\Component\Routing\Exception\ResourceNotFoundException $e ) {
//header('HTTP/1.0 404 Not Found');
} catch ( Symfony\Component\Routing\Exception\MethodNotAllowedException $e ) {
2018-06-26 11:32:50 +03:00
http_response_code ( 405 );
2013-02-07 20:53:38 +04:00
return ;
}
2013-01-14 23:30:28 +04:00
}
2013-01-31 02:05:44 +04:00
2013-01-25 17:57:52 +04:00
// Handle WebDAV
2017-05-15 15:33:27 +03:00
if ( isset ( $_SERVER [ 'REQUEST_METHOD' ]) && $_SERVER [ 'REQUEST_METHOD' ] === 'PROPFIND' ) {
2013-10-24 12:34:09 +04:00
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
2018-06-26 11:32:50 +03:00
http_response_code ( 405 );
2013-01-25 17:57:52 +04:00
return ;
}
2014-05-10 16:00:22 +04:00
// Someone is logged in
2017-03-02 18:52:05 +03:00
if ( \OC :: $server -> getUserSession () -> isLoggedIn ()) {
2013-01-14 23:30:28 +04:00
OC_App :: loadApps ();
OC_User :: setupBackends ();
2014-08-28 18:59:56 +04:00
OC_Util :: setupFS ();
2016-04-25 15:10:55 +03:00
// FIXME
2016-04-18 13:14:07 +03:00
// Redirect to default application
OC_Util :: redirectToDefaultPage ();
2014-05-10 16:00:22 +04:00
} else {
// Not handled and not logged in
2016-04-25 15:10:55 +03:00
header ( 'Location: ' . \OC :: $server -> getURLGenerator () -> linkToRouteAbsolute ( 'core.login.showLoginForm' ));
2013-01-14 23:30:28 +04:00
}
}
2016-04-29 10:40:33 +03:00
/**
* Check login : apache auth , auth token , basic auth
*
* @ param OCP\IRequest $request
* @ return boolean
*/
2020-04-10 17:51:06 +03:00
public static function handleLogin ( OCP\IRequest $request ) {
2016-04-29 10:40:33 +03:00
$userSession = self :: $server -> getUserSession ();
if ( OC_User :: handleApacheAuth ()) {
return true ;
}
if ( $userSession -> tryTokenLogin ( $request )) {
return true ;
}
2016-09-06 22:41:15 +03:00
if ( isset ( $_COOKIE [ 'nc_username' ])
&& isset ( $_COOKIE [ 'nc_token' ])
&& isset ( $_COOKIE [ 'nc_session_id' ])
&& $userSession -> loginWithCookie ( $_COOKIE [ 'nc_username' ], $_COOKIE [ 'nc_token' ], $_COOKIE [ 'nc_session_id' ])) {
return true ;
}
2016-07-20 19:36:15 +03:00
if ( $userSession -> tryBasicAuthLogin ( $request , \OC :: $server -> getBruteForceThrottler ())) {
2016-04-29 10:40:33 +03:00
return true ;
}
return false ;
}
2014-07-19 04:16:28 +04:00
protected static function handleAuthHeaders () {
//copy http auth headers for apache+php-fcgid work around
if ( isset ( $_SERVER [ 'HTTP_XAUTHORIZATION' ]) && ! isset ( $_SERVER [ 'HTTP_AUTHORIZATION' ])) {
$_SERVER [ 'HTTP_AUTHORIZATION' ] = $_SERVER [ 'HTTP_XAUTHORIZATION' ];
}
// Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary.
2020-03-26 11:30:18 +03:00
$vars = [
2014-07-19 04:16:28 +04:00
'HTTP_AUTHORIZATION' , // apache+php-cgi work around
'REDIRECT_HTTP_AUTHORIZATION' , // apache+php-cgi alternative
2020-03-26 11:30:18 +03:00
];
2014-07-19 04:16:28 +04:00
foreach ( $vars as $var ) {
if ( isset ( $_SERVER [ $var ]) && preg_match ( '/Basic\s+(.*)$/i' , $_SERVER [ $var ], $matches )) {
2020-02-23 20:53:17 +03:00
$credentials = explode ( ':' , base64_decode ( $matches [ 1 ]), 2 );
if ( count ( $credentials ) === 2 ) {
$_SERVER [ 'PHP_AUTH_USER' ] = $credentials [ 0 ];
$_SERVER [ 'PHP_AUTH_PW' ] = $credentials [ 1 ];
break ;
}
2014-07-19 04:16:28 +04:00
}
}
}
2011-07-29 23:03:53 +04:00
}
2011-11-13 19:16:21 +04:00
OC :: init ();