mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove legacy routing code 

The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application.

This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app.

Testplan:
[x] Installation works
[x] Login with DB works
[x] Logout works
[x] Login with alternate backend works (tested with user_webdavauth)
[x] Other apps are accessible
[x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled)
[x] Personal settings are accessible
[x] Admin settings are accessible
[x] Sharing files works
[x] DAV works
[x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications
This commit is contained in:
Lukas Reschke 2014-05-10 14:00:22 +02:00 committed by Thomas Müller
parent d0eb8f8668
commit ac7fb1b23e
6 changed files with 32 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.htaccess
View File

@ -24,7 +24,6 @@ RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R]
RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R] RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R]
RewriteRule ^apps/calendar/caldav\.php remote.php/caldav/ [QSA,L] RewriteRule ^apps/calendar/caldav\.php remote.php/caldav/ [QSA,L]
RewriteRule ^apps/contacts/carddav\.php remote.php/carddav/ [QSA,L] RewriteRule ^apps/contacts/carddav\.php remote.php/carddav/ [QSA,L]
RewriteRule ^apps/([^/]*)/(.*\.(php))$ index.php?app=$1&getfile=$2 [QSA,L]
RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule ^remote/(.*) remote.php [QSA,L]
</IfModule> </IfModule>
<IfModule mod_mime.c> <IfModule mod_mime.c>

75
lib/base.php
View File

@ -60,14 +60,11 @@ class OC {
public static $configDir; public static $configDir;
/* /**
* requested app * requested app
*/ */
public static $REQUESTEDAPP = ''; public static $REQUESTEDAPP = '';
/*
* requested file of app
*/
public static $REQUESTEDFILE = '';
/** /**
* check if owncloud runs in cli mode * check if owncloud runs in cli mode
*/ */
@ -574,12 +571,6 @@ class OC {
OC_User::useBackend(new OC_User_Database()); OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database()); OC_Group::useBackend(new OC_Group_Database());
// Load minimum set of apps - which is filesystem, authentication and logging
if (!self::checkUpgrade(false)) {
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
}
//setup extra user backends //setup extra user backends
OC_User::setupBackends(); OC_User::setupBackends();
@ -592,35 +583,6 @@ class OC {
//make sure temporary files are cleaned up //make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp')); register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'));
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = (isset($_GET['getfile']) ? $_GET['getfile'] : null);
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
if (!OC_Helper::isSubDirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs'); OC_Util::addScript('backgroundjobs');
@ -729,6 +691,7 @@ class OC {
OC::tryBasicAuthLogin(); OC::tryBasicAuthLogin();
} }
if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
try { try {
if (!OC_Config::getValue('maintenance', false) && !self::needUpgrade()) { if (!OC_Config::getValue('maintenance', false) && !self::needUpgrade()) {
@ -745,9 +708,16 @@ class OC {
} }
} }
$app = OC::$REQUESTEDAPP; // Load minimum set of apps
$file = OC::$REQUESTEDFILE; if (!self::checkUpgrade(false)) {
$param = array('app' => $app, 'file' => $file); // For logged-in users: Load everything
if(OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only authentication, filesystem and logging
OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
}
}
// Handle redirect URL for logged in users // Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
@ -778,7 +748,7 @@ class OC {
return; return;
} }
// Someone is logged in : // Someone is logged in
if (OC_User::isLoggedIn()) { if (OC_User::isLoggedIn()) {
OC_App::loadApps(); OC_App::loadApps();
OC_User::setupBackends(); OC_User::setupBackends();
@ -800,20 +770,13 @@ class OC {
// redirect to webroot and add slash if webroot is empty // redirect to webroot and add slash if webroot is empty
header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
} else { } else {
if (is_null($file)) { // Redirect to default application
$param['file'] = 'index.php'; OC_Util::redirectToDefaultPage();
}
$file_ext = substr($param['file'], -3);
if ($file_ext != 'php'
|| !self::loadAppScriptFile($param)
) {
header('HTTP/1.0 404 Not Found');
}
} }
return; } else {
// Not handled and not logged in
self::handleLogin();
} }
// Not handled and not logged in
self::handleLogin();
} }
/** /**

3
lib/private/route/router.php
View File

@ -188,8 +188,11 @@ class Router implements IRouter {
if (substr($url, 0, 6) === '/apps/') { if (substr($url, 0, 6) === '/apps/') {
// empty string / 'apps' / $app / rest of the route // empty string / 'apps' / $app / rest of the route
list(, , $app,) = explode('/', $url, 4); list(, , $app,) = explode('/', $url, 4);
\OC::$REQUESTEDAPP = $app;
$this->loadRoutes($app); $this->loadRoutes($app);
} else if (substr($url, 0, 6) === '/core/' or substr($url, 0, 10) === '/settings/') { } else if (substr($url, 0, 6) === '/core/' or substr($url, 0, 10) === '/settings/') {
\OC::$REQUESTEDAPP = $url;
\OC_App::loadApps();
$this->loadRoutes('core'); $this->loadRoutes('core');
} else { } else {
$this->loadRoutes(); $this->loadRoutes();

5
lib/private/util.php
View File

@ -767,15 +767,12 @@ class OC_Util {
$urlGenerator = \OC::$server->getURLGenerator(); $urlGenerator = \OC::$server->getURLGenerator();
if(isset($_REQUEST['redirect_url'])) { if(isset($_REQUEST['redirect_url'])) {
$location = urldecode($_REQUEST['redirect_url']); $location = urldecode($_REQUEST['redirect_url']);
}
else if (isset(OC::$REQUESTEDAPP) && !empty(OC::$REQUESTEDAPP)) {
$location = $urlGenerator->getAbsoluteURL('/index.php/apps/'.OC::$REQUESTEDAPP.'/index.php');
} else { } else {
$defaultPage = OC_Appconfig::getValue('core', 'defaultpage'); $defaultPage = OC_Appconfig::getValue('core', 'defaultpage');
if ($defaultPage) { if ($defaultPage) {
$location = $urlGenerator->getAbsoluteURL($defaultPage); $location = $urlGenerator->getAbsoluteURL($defaultPage);
} else { } else {
$location = $urlGenerator->getAbsoluteURL('/index.php/files/index.php'); $location = $urlGenerator->getAbsoluteURL('/index.php/apps/files');
} }
} }
OC_Log::write('core', 'redirectToDefaultPage: '.$location, OC_Log::DEBUG); OC_Log::write('core', 'redirectToDefaultPage: '.$location, OC_Log::DEBUG);

4
public.php
View File

@ -24,6 +24,10 @@ try {
$parts = explode('/', $file, 2); $parts = explode('/', $file, 2);
$app = $parts[0]; $app = $parts[0];
// Load all required applications
\OC::$REQUESTEDAPP = $app;
OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
OC_Util::checkAppEnabled($app); OC_Util::checkAppEnabled($app);
OC_App::loadApp($app); OC_App::loadApp($app);
OC_User::setIncognitoMode(true); OC_User::setIncognitoMode(true);

6
remote.php
View File

@ -1,7 +1,6 @@
<?php <?php
try { try {
require_once 'lib/base.php'; require_once 'lib/base.php';
$path_info = OC_Request::getPathInfo(); $path_info = OC_Request::getPathInfo();
if ($path_info === false || $path_info === '') { if ($path_info === false || $path_info === '') {
@ -24,6 +23,11 @@ try {
$parts=explode('/', $file, 2); $parts=explode('/', $file, 2);
$app=$parts[0]; $app=$parts[0];
// Load all required applications
\OC::$REQUESTEDAPP = $app;
OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
switch ($app) { switch ($app) {
case 'core': case 'core':
$file = OC::$SERVERROOT .'/'. $file; $file = OC::$SERVERROOT .'/'. $file;