handleRequest() is not called from remote.php or public.php which made these files party available but all included apps in there produced errors.
As the expected behaviour is anyways that a trusted domain warning is shown I moved this to init()
Fixes https://github.com/owncloud/core/issues/10064
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
Adds a little button to the trusted domain warning, if an admin clicks on the warning he will be redirected to ownCloud and asked whether he want to trust this domain.
By far not the cleanest code, or clean at all, but does the job and I don't see a reason to make a lot of changes for this little improvement.
Hopefully this will stop people from copying the sample config. I'm so annoyed by all those wrong bug reports...
Add some explanation about this switch
Move check to init
Users should not be able to enable debug mode on their own by setting a cookie. Using debug mode might leak too much information about the environment or have other unexpected behaviour.
We should backport this.
This `strip_tags` seems to be completely unneeded and will cause problems with passwords containing stripped characters. (e.g. `<` or `>`)
Needs https://github.com/owncloud/core/pull/9735 to be merged first.
This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way.
Port of https://github.com/owncloud/core/pull/9033
The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application.
This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app.
Testplan:
[x] Installation works
[x] Login with DB works
[x] Logout works
[x] Login with alternate backend works (tested with user_webdavauth)
[x] Other apps are accessible
[x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled)
[x] Personal settings are accessible
[x] Admin settings are accessible
[x] Sharing files works
[x] DAV works
[x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications
Lukas Reschke
Robin Appelman
Jörn Friedrich Dreyer
Georg Ehrke
blizzz
gekmihesg
marc0s
Morris Jobke
Victor Dubiniuk
Andreas Fischer
Thomas Müller
Lukas Reschke
Joas Schilling
Bjoern Schiessle
Volkan Gezer
Vincent Petry
Jan-Christoph Borchardt
Bernhard Posselt