This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.
This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.
Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.
Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
HHVM seems to have problems with this at the moment (even setting those values in the php.ini of HHVM doesn't have helped much) and thus the unit test execution failed.
So it's better if we disable this check for now for HHVM.
Apparently `normalizer_normalize` is not verifying itself whether the string needs to be converted or not. Or does it at least not very performantly.
This simple change leads to a 4% performance gain on the processing of normalizeUnicode. Since this method is called quite often (i.e. for every file path) this has actually a measurable impact. For examples searches are now 200ms faster on my machine. Still not perfect but way to go.
Part of https://github.com/owncloud/core/issues/13221
Issue #9885 appears to be triggered by ownCloud invalidating the entire
PHP opcache. Testing indicates it can be avoided by only invalidating the
single file that was written from the opcache, instead of clearing the
whole thing. In general it is more efficient to invalidate only the single
file that was changed, rather than the whole cache.
This adds a deleteFromOpcodeCache() function which invalidates a single
file from the opcache if possible, returning true if the underlying
function returns true (which may mean 'success', or 'file does not exist',
or 'file exists but is not in opcache', all of which are OK to treat as
good for our purposes). It also changes writeData() in config.php to try
using deleteFromOpcodeCache() and only fall back on clearOpcodeCache() if
that fails.
Added addTranslations and fixed de.js file
Fixed de.js to use OC.L10N.register() and use to correct expected
format.
Added JS unit tests for OC.L10N class
Include translations JS script for all apps
This commit will make the supported DBs for installation configurable within config.php. By default the following databases are tested: "sqlite", "mysql", "pgsql". The reason behind this is that there might be instances where we want to prevent SQLite to be used by mistake.
To test this play around with the new configuration parameter "supportedDatabases".
We do not want to redirect to other domains using the "?redirect_url=" feature. Please notice, that the ownCloud project does not consider open redirectors as security issue.
- Added setup checks in JavaScript
- Moved isWebDAVWorking to JS using SetupChecks
- Moved internet connection checks to an ajax call that goes through the
server
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)
Get final redirect manually using get_headers()
Migrate to HTTPHelper class and add unit tests
Some providers block connections with missing user-agents. Also
user-agents are useful for analyzing requests. I've added a USER_AGENT
constant that is used in cURL and in file_get_contents.
Fix issue where the currently logged user was causing side-effects when
upgrading.
Now setting incognito mode (no user) on update to make sure the whole
apps list is taken into account with getEnabledApps() or isEnabled().
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
This adds some security utilities to core including:
- A library for basic crypto operations (e.g. to encrypt passwords)
- A better library for cryptographic actions which allows you to specify the charset
- A library for secure string comparisions
Remove .htaccess
Remove .htaccess
Fix typo
Add public API
Use timing constant comparision
Remove CBC constant
Adjust code
Remove confusing $this
As constants not defined within a class cannot be automatically found by the
autoloader moving those constants into a class makes them accessible to
code which uses them.
Signed-off-by: Stephan Peijnik <speijnik@anexia-it.com>
The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application.
This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app.
Testplan:
[x] Installation works
[x] Login with DB works
[x] Logout works
[x] Login with alternate backend works (tested with user_webdavauth)
[x] Other apps are accessible
[x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled)
[x] Personal settings are accessible
[x] Admin settings are accessible
[x] Sharing files works
[x] DAV works
[x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications
Lukas Reschke
Thomas Müller
Yann VERRY
Morris Jobke
Robin Appelman
Bernhard Posselt
Bjoern Schiessle
Frank Karlitschek
Joas Schilling
Adam Williamson
Vincent Petry
Jörn Friedrich Dreyer
cbhp
Clark Tomlinson
Stephan Peijnik
helix84
Stefan Rado
Lukas Reschke
Volkan Gezer
Lukas Reschke