Remove legacy routing code

The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application. This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app. Testplan: [x] Installation works [x] Login with DB works [x] Logout works [x] Login with alternate backend works (tested with user_webdavauth) [x] Other apps are accessible [x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled) [x] Personal settings are accessible [x] Admin settings are accessible [x] Sharing files works [x] DAV works [x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications
2014-05-10 14:00:22 +02:00 · 2014-05-10 14:00:22 +02:00 · ac7fb1b23e
parent d0eb8f8668
commit ac7fb1b23e
6 changed files with 32 additions and 62 deletions
--- a/.htaccess
+++ b/.htaccess
@ -24,7 +24,6 @@ RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R]
 RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R]
 RewriteRule ^apps/calendar/caldav\.php remote.php/caldav/ [QSA,L]
 RewriteRule ^apps/contacts/carddav\.php remote.php/carddav/ [QSA,L]
-RewriteRule ^apps/([^/]*)/(.*\.(php))$ index.php?app=$1&getfile=$2 [QSA,L]
 RewriteRule ^remote/(.*) remote.php [QSA,L]
 </IfModule>
 <IfModule mod_mime.c>
--- a/lib/base.php
+++ b/lib/base.php
@ -60,14 +60,11 @@ class OC {

 	public static $configDir;

-	/*
+	/**
 	 * requested app
 	 */
 	public static $REQUESTEDAPP = '';
-	/*
-	 * requested file of app
-	 */
-	public static $REQUESTEDFILE = '';
+
 	/**
 	 * check if owncloud runs in cli mode
 	 */
@ -574,12 +571,6 @@ class OC {
 		OC_User::useBackend(new OC_User_Database());
 		OC_Group::useBackend(new OC_Group_Database());

-		// Load minimum set of apps - which is filesystem, authentication and logging
-		if (!self::checkUpgrade(false)) {
-			OC_App::loadApps(array('authentication'));
-			OC_App::loadApps(array('filesystem', 'logging'));
-		}
-
 		//setup extra user backends
 		OC_User::setupBackends();

@ -592,35 +583,6 @@ class OC {
 		//make sure temporary files are cleaned up
 		register_shutdown_function(array('OC_Helper', 'cleanTmp'));

-		//parse the given parameters
-		self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'));
-		if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
-			$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
-			$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
-			parse_str($param, $get);
-			$_GET = array_merge($_GET, $get);
-			self::$REQUESTEDAPP = $app;
-			$_GET['app'] = $app;
-		}
-		self::$REQUESTEDFILE = (isset($_GET['getfile']) ? $_GET['getfile'] : null);
-		if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
-			$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
-			$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
-			parse_str($param, $get);
-			$_GET = array_merge($_GET, $get);
-			self::$REQUESTEDFILE = $file;
-			$_GET['getfile'] = $file;
-		}
-		if (!is_null(self::$REQUESTEDFILE)) {
-			$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
-			$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
-			if (!OC_Helper::isSubDirectory($subdir, $parent)) {
-				self::$REQUESTEDFILE = null;
-				header('HTTP/1.0 404 Not Found');
-				exit;
-			}
-		}
-
 		if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
 			if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
 				OC_Util::addScript('backgroundjobs');
@ -729,6 +691,7 @@ class OC {
 			OC::tryBasicAuthLogin();
 		}

+
 		if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
 			try {
 				if (!OC_Config::getValue('maintenance', false) && !self::needUpgrade()) {
@ -745,9 +708,16 @@ class OC {
 			}
 		}

-		$app = OC::$REQUESTEDAPP;
-		$file = OC::$REQUESTEDFILE;
-		$param = array('app' => $app, 'file' => $file);
+		// Load minimum set of apps
+		if (!self::checkUpgrade(false)) {
+			// For logged-in users: Load everything
+			if(OC_User::isLoggedIn()) {
+				OC_App::loadApps();
+			} else {
+				// For guests: Load only authentication, filesystem and logging
+				OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
+			}
+		}

 		// Handle redirect URL for logged in users
 		if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
@ -778,7 +748,7 @@ class OC {
 			return;
 		}

-		// Someone is logged in :
+		// Someone is logged in
 		if (OC_User::isLoggedIn()) {
 			OC_App::loadApps();
 			OC_User::setupBackends();
@ -800,20 +770,13 @@ class OC {
 				// redirect to webroot and add slash if webroot is empty
 				header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
 			} else {
-				if (is_null($file)) {
-					$param['file'] = 'index.php';
-				}
-				$file_ext = substr($param['file'], -3);
-				if ($file_ext != 'php'
-					|| !self::loadAppScriptFile($param)
-				) {
-					header('HTTP/1.0 404 Not Found');
-				}
+				// Redirect to default application
+				OC_Util::redirectToDefaultPage();
 			}
-			return;
+		} else {
+			// Not handled and not logged in
+			self::handleLogin();
 		}
-		// Not handled and not logged in
-		self::handleLogin();
 	}

 	/**
--- a/lib/private/route/router.php
+++ b/lib/private/route/router.php
@ -188,8 +188,11 @@ class Router implements IRouter {
 		if (substr($url, 0, 6) === '/apps/') {
 			// empty string / 'apps' / $app / rest of the route
 			list(, , $app,) = explode('/', $url, 4);
+			\OC::$REQUESTEDAPP = $app;
 			$this->loadRoutes($app);
 		} else if (substr($url, 0, 6) === '/core/' or substr($url, 0, 10) === '/settings/') {
+			\OC::$REQUESTEDAPP = $url;
+			\OC_App::loadApps();
 			$this->loadRoutes('core');
 		} else {
 			$this->loadRoutes();
--- a/lib/private/util.php
+++ b/lib/private/util.php
@ -767,15 +767,12 @@ class OC_Util {
 		$urlGenerator = \OC::$server->getURLGenerator();
 		if(isset($_REQUEST['redirect_url'])) {
 			$location = urldecode($_REQUEST['redirect_url']);
-		}
-		else if (isset(OC::$REQUESTEDAPP) && !empty(OC::$REQUESTEDAPP)) {
-			$location = $urlGenerator->getAbsoluteURL('/index.php/apps/'.OC::$REQUESTEDAPP.'/index.php');
 		} else {
 			$defaultPage = OC_Appconfig::getValue('core', 'defaultpage');
 			if ($defaultPage) {
 				$location = $urlGenerator->getAbsoluteURL($defaultPage);
 			} else {
-				$location = $urlGenerator->getAbsoluteURL('/index.php/files/index.php');
+				$location = $urlGenerator->getAbsoluteURL('/index.php/apps/files');
 			}
 		}
 		OC_Log::write('core', 'redirectToDefaultPage: '.$location, OC_Log::DEBUG);
--- a/public.php
+++ b/public.php
@ -24,6 +24,10 @@ try {
 	$parts = explode('/', $file, 2);
 	$app = $parts[0];

+	// Load all required applications
+	\OC::$REQUESTEDAPP = $app;
+	OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
+
 	OC_Util::checkAppEnabled($app);
 	OC_App::loadApp($app);
 	OC_User::setIncognitoMode(true);
--- a/remote.php
+++ b/remote.php
@ -1,7 +1,6 @@
 <?php

 try {
-
 	require_once 'lib/base.php';
 	$path_info = OC_Request::getPathInfo();
 	if ($path_info === false || $path_info === '') {
@ -24,6 +23,11 @@ try {

 	$parts=explode('/', $file, 2);
 	$app=$parts[0];
+
+	// Load all required applications
+	\OC::$REQUESTEDAPP = $app;
+	OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
+
 	switch ($app) {
 		case 'core':
 			$file =  OC::$SERVERROOT .'/'. $file;