$configDataDirectory), '/'); self::$rootMounted = true; } } /** * mounting an object storage as the root fs will in essence remove the * necessity of a data folder being present. * TODO make home storage aware of this and use the object storage instead of local disk access * * @param array $config containing 'class' and optional 'arguments' */ private static function initObjectStoreRootFS($config) { // check misconfiguration if (empty($config['class'])) { \OCP\Util::writeLog('files', 'No class given for objectstore', \OCP\Util::ERROR); } if (!isset($config['arguments'])) { $config['arguments'] = array(); } // instantiate object store implementation $config['arguments']['objectstore'] = new $config['class']($config['arguments']); // mount with plain / root object store implementation $config['class'] = '\OC\Files\ObjectStore\ObjectStoreStorage'; // mount object storage as root \OC\Files\Filesystem::initMounts(); if (!self::$rootMounted) { \OC\Files\Filesystem::mount($config['class'], $config['arguments'], '/'); self::$rootMounted = true; } } /** * Can be set up * * @param string $user * @return boolean * @description configure the initial filesystem based on the configuration */ public static function setupFS($user = '') { //setting up the filesystem twice can only lead to trouble if (self::$fsSetup) { return false; } // If we are not forced to load a specific user we load the one that is logged in if ($user == "" && OC_User::isLoggedIn()) { $user = OC_User::getUser(); } // load all filesystem apps before, so no setup-hook gets lost OC_App::loadApps(array('filesystem')); // the filesystem will finish when $user is not empty, // mark fs setup here to avoid doing the setup from loading // OC_Filesystem if ($user != '') { self::$fsSetup = true; } //check if we are using an object storage $objectStore = OC_Config::getValue('objectstore'); if (isset($objectStore)) { self::initObjectStoreRootFS($objectStore); } else { self::initLocalStorageRootFS(); } if ($user != '' && !OCP\User::userExists($user)) { return false; } //if we aren't logged in, there is no use to set up the filesystem if ($user != "") { \OC\Files\Filesystem::addStorageWrapper('oc_quota', function ($mountPoint, $storage) { // set up quota for home storages, even for other users // which can happen when using sharing /** * @var \OC\Files\Storage\Storage $storage */ if ($storage->instanceOfStorage('\OC\Files\Storage\Home') || $storage->instanceOfStorage('\OC\Files\ObjectStore\HomeObjectStoreStorage') ) { if (is_object($storage->getUser())) { $user = $storage->getUser()->getUID(); $quota = OC_Util::getUserQuota($user); if ($quota !== \OCP\Files\FileInfo::SPACE_UNLIMITED) { return new \OC\Files\Storage\Wrapper\Quota(array('storage' => $storage, 'quota' => $quota, 'root' => 'files')); } } } return $storage; }); // copy skeleton for local storage only if (!isset($objectStore)) { $userRoot = OC_User::getHome($user); $userDirectory = $userRoot . '/files'; if (!is_dir($userDirectory)) { mkdir($userDirectory, 0755, true); OC_Util::copySkeleton($userDirectory); } } $userDir = '/' . $user . '/files'; //jail the user into his "home" directory \OC\Files\Filesystem::init($user, $userDir); $fileOperationProxy = new OC_FileProxy_FileOperations(); OC_FileProxy::register($fileOperationProxy); OC_Hook::emit('OC_Filesystem', 'setup', array('user' => $user, 'user_dir' => $userDir)); } return true; } /** * check if a password is required for each public link * * @return boolean */ public static function isPublicLinkPasswordRequired() { $appConfig = \OC::$server->getAppConfig(); $enforcePassword = $appConfig->getValue('core', 'shareapi_enforce_links_password', 'no'); return ($enforcePassword === 'yes') ? true : false; } /** * check if sharing is disabled for the current user * * @return boolean */ public static function isSharingDisabledForUser() { if (\OC_Appconfig::getValue('core', 'shareapi_exclude_groups', 'no') === 'yes') { $user = \OCP\User::getUser(); $groupsList = \OC_Appconfig::getValue('core', 'shareapi_exclude_groups_list', ''); $excludedGroups = explode(',', $groupsList); $usersGroups = \OC_Group::getUserGroups($user); if (!empty($usersGroups)) { $remainingGroups = array_diff($usersGroups, $excludedGroups); // if the user is only in groups which are disabled for sharing then // sharing is also disabled for the user if (empty($remainingGroups)) { return true; } } } return false; } /** * check if share API enforces a default expire date * * @return boolean */ public static function isDefaultExpireDateEnforced() { $isDefaultExpireDateEnabled = \OCP\Config::getAppValue('core', 'shareapi_default_expire_date', 'no'); $enforceDefaultExpireDate = false; if ($isDefaultExpireDateEnabled === 'yes') { $value = \OCP\Config::getAppValue('core', 'shareapi_enforce_expire_date', 'no'); $enforceDefaultExpireDate = ($value === 'yes') ? true : false; } return $enforceDefaultExpireDate; } /** * Get the quota of a user * * @param string $user * @return int Quota bytes */ public static function getUserQuota($user) { $config = \OC::$server->getConfig(); $userQuota = $config->getUserValue($user, 'files', 'quota', 'default'); if ($userQuota === 'default') { $userQuota = $config->getAppValue('files', 'default_quota', 'none'); } if($userQuota === 'none') { return \OCP\Files\FileInfo::SPACE_UNLIMITED; }else{ return OC_Helper::computerFileSize($userQuota); } } /** * copies the user skeleton files into the fresh user home files * * @param string $userDirectory */ public static function copySkeleton($userDirectory) { $skeletonDirectory = OC_Config::getValue('skeletondirectory', \OC::$SERVERROOT . '/core/skeleton'); if (!empty($skeletonDirectory)) { OC_Util::copyr($skeletonDirectory, $userDirectory); } } /** * copies a directory recursively * * @param string $source * @param string $target * @return void */ public static function copyr($source, $target) { $dir = opendir($source); @mkdir($target); while (false !== ($file = readdir($dir))) { if (!\OC\Files\Filesystem::isIgnoredDir($file)) { if (is_dir($source . '/' . $file)) { OC_Util::copyr($source . '/' . $file, $target . '/' . $file); } else { copy($source . '/' . $file, $target . '/' . $file); } } } closedir($dir); } /** * @return void */ public static function tearDownFS() { \OC\Files\Filesystem::tearDown(); self::$fsSetup = false; self::$rootMounted = false; } /** * get the current installed version of ownCloud * * @return array */ public static function getVersion() { OC_Util::loadVersion(); return \OC::$server->getSession()->get('OC_Version'); } /** * get the current installed version string of ownCloud * * @return string */ public static function getVersionString() { OC_Util::loadVersion(); return \OC::$server->getSession()->get('OC_VersionString'); } /** * @description get the current installed edition of ownCloud. There is the community * edition that just returns an empty string and the enterprise edition * that returns "Enterprise". * @return string */ public static function getEditionString() { OC_Util::loadVersion(); return \OC::$server->getSession()->get('OC_Edition'); } /** * @description get the update channel of the current installed of ownCloud. * @return string */ public static function getChannel() { OC_Util::loadVersion(); return \OC::$server->getSession()->get('OC_Channel'); } /** * @description get the build number of the current installed of ownCloud. * @return string */ public static function getBuild() { OC_Util::loadVersion(); return \OC::$server->getSession()->get('OC_Build'); } /** * @description load the version.php into the session as cache */ private static function loadVersion() { $timestamp = filemtime(OC::$SERVERROOT . '/version.php'); if (!\OC::$server->getSession()->exists('OC_Version') or OC::$server->getSession()->get('OC_Version_Timestamp') != $timestamp) { require 'version.php'; $session = \OC::$server->getSession(); /** @var $timestamp int */ $session->set('OC_Version_Timestamp', $timestamp); /** @var $OC_Version string */ $session->set('OC_Version', $OC_Version); /** @var $OC_VersionString string */ $session->set('OC_VersionString', $OC_VersionString); /** @var $OC_Edition string */ $session->set('OC_Edition', $OC_Edition); /** @var $OC_Channel string */ $session->set('OC_Channel', $OC_Channel); /** @var $OC_Build string */ $session->set('OC_Build', $OC_Build); } } /** * add a javascript file * * @param string $application * @param string|null $file filename * @return void */ public static function addScript($application, $file = null) { if (is_null($file)) { $file = $application; $application = ""; } if (!empty($application)) { self::$scripts[] = "$application/js/$file"; } else { self::$scripts[] = "js/$file"; } } /** * add a css file * * @param string $application * @param string|null $file filename * @return void */ public static function addStyle($application, $file = null) { if (is_null($file)) { $file = $application; $application = ""; } if (!empty($application)) { self::$styles[] = "$application/css/$file"; } else { self::$styles[] = "css/$file"; } } /** * Add a custom element to the header * * @param string $tag tag name of the element * @param array $attributes array of attributes for the element * @param string $text the text content for the element * @return void */ public static function addHeader($tag, $attributes, $text = '') { self::$headers[] = array( 'tag' => $tag, 'attributes' => $attributes, 'text' => $text ); } /** * formats a timestamp in the "right" way * * @param int $timestamp * @param bool $dateOnly option to omit time from the result * @return string timestamp * @description adjust to clients timezone if we know it */ public static function formatDate( $timestamp, $dateOnly = false) { if(\OC::$server->getSession()->exists('timezone')) { $systemTimeZone = intval(date('O')); $systemTimeZone = (round($systemTimeZone / 100, 0) * 60) + ($systemTimeZone % 100); $clientTimeZone = \OC::$server->getSession()->get('timezone') * 60; $offset = $clientTimeZone - $systemTimeZone; $timestamp = $timestamp + $offset * 60; } $l = \OC::$server->getL10N('lib'); return $l->l($dateOnly ? 'date' : 'datetime', $timestamp); } /** * check if the current server configuration is suitable for ownCloud * * @return array arrays with error messages and hints */ public static function checkServer() { $l = \OC::$server->getL10N('lib'); $errors = array(); $CONFIG_DATADIRECTORY = OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data'); if (!self::needUpgrade() && OC_Config::getValue('installed', false)) { // this check needs to be done every time $errors = self::checkDataDirectoryValidity($CONFIG_DATADIRECTORY); } // Assume that if checkServer() succeeded before in this session, then all is fine. if (\OC::$server->getSession()->exists('checkServer_succeeded') && \OC::$server->getSession()->get('checkServer_succeeded')) { return $errors; } $webServerRestart = false; //check for database drivers if (!(is_callable('sqlite_open') or class_exists('SQLite3')) and !is_callable('mysql_connect') and !is_callable('pg_connect') and !is_callable('oci_connect') ) { $errors[] = array( 'error' => $l->t('No database drivers (sqlite, mysql, or postgresql) installed.'), 'hint' => '' //TODO: sane hint ); $webServerRestart = true; } //common hint for all file permissions error messages $permissionsHint = $l->t('Permissions can usually be fixed by ' . '%sgiving the webserver write access to the root directory%s.', array('', '')); // Check if config folder is writable. if (!is_writable(OC::$configDir) or !is_readable(OC::$configDir)) { $errors[] = array( 'error' => $l->t('Cannot write into "config" directory'), 'hint' => $l->t('This can usually be fixed by ' . '%sgiving the webserver write access to the config directory%s.', array('', '')) ); } // Check if there is a writable install folder. if (OC_Config::getValue('appstoreenabled', true)) { if (OC_App::getInstallPath() === null || !is_writable(OC_App::getInstallPath()) || !is_readable(OC_App::getInstallPath()) ) { $errors[] = array( 'error' => $l->t('Cannot write into "apps" directory'), 'hint' => $l->t('This can usually be fixed by ' . '%sgiving the webserver write access to the apps directory%s' . ' or disabling the appstore in the config file.', array('', '')) ); } } // Create root dir. if (!is_dir($CONFIG_DATADIRECTORY)) { $success = @mkdir($CONFIG_DATADIRECTORY); if ($success) { $errors = array_merge($errors, self::checkDataDirectoryPermissions($CONFIG_DATADIRECTORY)); } else { $errors[] = array( 'error' => $l->t('Cannot create "data" directory (%s)', array($CONFIG_DATADIRECTORY)), 'hint' => $l->t('This can usually be fixed by ' . 'giving the webserver write access to the root directory.', array(OC_Helper::linkToDocs('admin-dir_permissions'))) ); } } else if (!is_writable($CONFIG_DATADIRECTORY) or !is_readable($CONFIG_DATADIRECTORY)) { $errors[] = array( 'error' => 'Data directory (' . $CONFIG_DATADIRECTORY . ') not writable by ownCloud', 'hint' => $permissionsHint ); } else { $errors = array_merge($errors, self::checkDataDirectoryPermissions($CONFIG_DATADIRECTORY)); } if (!OC_Util::isSetLocaleWorking()) { $errors[] = array( 'error' => $l->t('Setting locale to %s failed', array('en_US.UTF-8/fr_FR.UTF-8/es_ES.UTF-8/de_DE.UTF-8/ru_RU.UTF-8/' . 'pt_BR.UTF-8/it_IT.UTF-8/ja_JP.UTF-8/zh_CN.UTF-8')), 'hint' => $l->t('Please install one of these locales on your system and restart your webserver.') ); } $moduleHint = $l->t('Please ask your server administrator to install the module.'); // check if all required php modules are present if (!class_exists('ZipArchive')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('zip')), 'hint' => $moduleHint ); $webServerRestart = true; } if (!class_exists('DOMDocument')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('dom')), 'hint' => $moduleHint ); $webServerRestart = true; } if (!function_exists('xml_parser_create')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('libxml')), 'hint' => $moduleHint ); $webServerRestart = true; } if (!function_exists('mb_detect_encoding')) { $errors[] = array( 'error' => 'PHP module mb multibyte not installed.', 'hint' => $moduleHint ); $webServerRestart = true; } if (!function_exists('ctype_digit')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('ctype')), 'hint' => $moduleHint ); $webServerRestart = true; } if (!function_exists('json_encode')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('JSON')), 'hint' => $moduleHint ); $webServerRestart = true; } if (!extension_loaded('gd') || !function_exists('gd_info')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('GD')), 'hint' => $moduleHint ); $webServerRestart = true; } if (!function_exists('gzencode')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('zlib')), 'hint' => $moduleHint ); $webServerRestart = true; } if (!function_exists('iconv')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('iconv')), 'hint' => $moduleHint ); $webServerRestart = true; } if (!function_exists('simplexml_load_string')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('SimpleXML')), 'hint' => $moduleHint ); $webServerRestart = true; } if (version_compare(phpversion(), '5.3.3', '<')) { $errors[] = array( 'error' => $l->t('PHP %s or higher is required.', '5.3.3'), 'hint' => $l->t('Please ask your server administrator to update PHP to the latest version.' . ' Your PHP version is no longer supported by ownCloud and the PHP community.') ); $webServerRestart = true; } if (!defined('PDO::ATTR_DRIVER_NAME')) { $errors[] = array( 'error' => $l->t('PHP module %s not installed.', array('PDO')), 'hint' => $moduleHint ); $webServerRestart = true; } if (((strtolower(@ini_get('safe_mode')) == 'on') || (strtolower(@ini_get('safe_mode')) == 'yes') || (strtolower(@ini_get('safe_mode')) == 'true') || (ini_get("safe_mode") == 1)) ) { $errors[] = array( 'error' => $l->t('PHP Safe Mode is enabled. ownCloud requires that it is disabled to work properly.'), 'hint' => $l->t('PHP Safe Mode is a deprecated and mostly useless setting that should be disabled. ' . 'Please ask your server administrator to disable it in php.ini or in your webserver config.') ); $webServerRestart = true; } if (get_magic_quotes_gpc() == 1) { $errors[] = array( 'error' => $l->t('Magic Quotes is enabled. ownCloud requires that it is disabled to work properly.'), 'hint' => $l->t('Magic Quotes is a deprecated and mostly useless setting that should be disabled. ' . 'Please ask your server administrator to disable it in php.ini or in your webserver config.') ); $webServerRestart = true; } if (!self::isAnnotationsWorking()) { $errors[] = array( 'error' => 'PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible.', 'hint' => 'This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator.' ); } if ($webServerRestart) { $errors[] = array( 'error' => $l->t('PHP modules have been installed, but they are still listed as missing?'), 'hint' => $l->t('Please ask your server administrator to restart the web server.') ); } $errors = array_merge($errors, self::checkDatabaseVersion()); // Cache the result of this function \OC::$server->getSession()->set('checkServer_succeeded', count($errors) == 0); return $errors; } /** * Check the database version * * @return array errors array */ public static function checkDatabaseVersion() { $l = \OC::$server->getL10N('lib'); $errors = array(); $dbType = \OC_Config::getValue('dbtype', 'sqlite'); if ($dbType === 'pgsql') { // check PostgreSQL version try { $result = \OC_DB::executeAudited('SHOW SERVER_VERSION'); $data = $result->fetchRow(); if (isset($data['server_version'])) { $version = $data['server_version']; if (version_compare($version, '9.0.0', '<')) { $errors[] = array( 'error' => $l->t('PostgreSQL >= 9 required'), 'hint' => $l->t('Please upgrade your database version') ); } } } catch (\Doctrine\DBAL\DBALException $e) { \OCP\Util::logException('core', $e); $errors[] = array( 'error' => $l->t('Error occurred while checking PostgreSQL version'), 'hint' => $l->t('Please make sure you have PostgreSQL >= 9 or' . ' check the logs for more information about the error') ); } } return $errors; } /** * check if there are still some encrypted files stored * * @return boolean */ public static function encryptedFiles() { //check if encryption was enabled in the past $encryptedFiles = false; if (OC_App::isEnabled('files_encryption') === false) { $view = new OC\Files\View('/' . OCP\User::getUser()); $keyfilePath = '/files_encryption/keyfiles'; if ($view->is_dir($keyfilePath)) { $dircontent = $view->getDirectoryContent($keyfilePath); if (!empty($dircontent)) { $encryptedFiles = true; } } } return $encryptedFiles; } /** * check if a backup from the encryption keys exists * * @return boolean */ public static function backupKeysExists() { //check if encryption was enabled in the past $backupExists = false; if (OC_App::isEnabled('files_encryption') === false) { $view = new OC\Files\View('/' . OCP\User::getUser()); $backupPath = '/files_encryption/keyfiles.backup'; if ($view->is_dir($backupPath)) { $dircontent = $view->getDirectoryContent($backupPath); if (!empty($dircontent)) { $backupExists = true; } } } return $backupExists; } /** * Check for correct file permissions of data directory * * @param string $dataDirectory * @return array arrays with error messages and hints */ public static function checkDataDirectoryPermissions($dataDirectory) { $l = \OC::$server->getL10N('lib'); $errors = array(); if (self::runningOnWindows()) { //TODO: permissions checks for windows hosts } else { $permissionsModHint = $l->t('Please change the permissions to 0770 so that the directory' . ' cannot be listed by other users.'); $perms = substr(decoct(@fileperms($dataDirectory)), -3); if (substr($perms, -1) != '0') { chmod($dataDirectory, 0770); clearstatcache(); $perms = substr(decoct(@fileperms($dataDirectory)), -3); if (substr($perms, 2, 1) != '0') { $errors[] = array( 'error' => $l->t('Data directory (%s) is readable by other users', array($dataDirectory)), 'hint' => $permissionsModHint ); } } } return $errors; } /** * Check that the data directory exists and is valid by * checking the existence of the ".ocdata" file. * * @param string $dataDirectory data directory path * @return bool true if the data directory is valid, false otherwise */ public static function checkDataDirectoryValidity($dataDirectory) { $l = \OC::$server->getL10N('lib'); $errors = array(); if (!file_exists($dataDirectory . '/.ocdata')) { $errors[] = array( 'error' => $l->t('Data directory (%s) is invalid', array($dataDirectory)), 'hint' => $l->t('Please check that the data directory contains a file' . ' ".ocdata" in its root.') ); } return $errors; } /** * @param array $errors */ public static function displayLoginPage($errors = array()) { $parameters = array(); foreach ($errors as $value) { $parameters[$value] = true; } if (!empty($_POST['user'])) { $parameters["username"] = $_POST['user']; $parameters['user_autofocus'] = false; } else { $parameters["username"] = ''; $parameters['user_autofocus'] = true; } if (isset($_REQUEST['redirect_url'])) { $redirectUrl = $_REQUEST['redirect_url']; $parameters['redirect_url'] = urlencode($redirectUrl); } $parameters['alt_login'] = OC_App::getAlternativeLogIns(); $parameters['rememberLoginAllowed'] = self::rememberLoginAllowed(); OC_Template::printGuestPage("", "login", $parameters); } /** * Check if the app is enabled, redirects to home if not * * @param string $app * @return void */ public static function checkAppEnabled($app) { if (!OC_App::isEnabled($app)) { header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php')); exit(); } } /** * Check if the user is logged in, redirects to home if not. With * redirect URL parameter to the request URI. * * @return void */ public static function checkLoggedIn() { // Check if we are a user if (!OC_User::isLoggedIn()) { header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php', array('redirect_url' => OC_Request::requestUri()) )); exit(); } } /** * Check if the user is a admin, redirects to home if not * * @return void */ public static function checkAdminUser() { OC_Util::checkLoggedIn(); if (!OC_User::isAdminUser(OC_User::getUser())) { header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php')); exit(); } } /** * Check if it is allowed to remember login. * * @note Every app can set 'rememberlogin' to 'false' to disable the remember login feature * * @return bool */ public static function rememberLoginAllowed() { $apps = OC_App::getEnabledApps(); foreach ($apps as $app) { $appInfo = OC_App::getAppInfo($app); if (isset($appInfo['rememberlogin']) && $appInfo['rememberlogin'] === 'false') { return false; } } return true; } /** * Check if the user is a subadmin, redirects to home if not * * @return null|boolean $groups where the current user is subadmin */ public static function checkSubAdminUser() { OC_Util::checkLoggedIn(); if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) { header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php')); exit(); } return true; } /** * Returns the URL of the default page * based on the system configuration and * the apps visible for the current user * * @return string URL */ public static function getDefaultPageUrl() { $urlGenerator = \OC::$server->getURLGenerator(); if (isset($_REQUEST['redirect_url'])) { $location = urldecode($_REQUEST['redirect_url']); } else { $defaultPage = OC_Appconfig::getValue('core', 'defaultpage'); if ($defaultPage) { $location = $urlGenerator->getAbsoluteURL($defaultPage); } else { $appId = 'files'; $defaultApps = explode(',', \OCP\Config::getSystemValue('defaultapp', 'files')); // find the first app that is enabled for the current user foreach ($defaultApps as $defaultApp) { $defaultApp = OC_App::cleanAppId(strip_tags($defaultApp)); if (OC_App::isEnabled($defaultApp)) { $appId = $defaultApp; break; } } $location = $urlGenerator->getAbsoluteURL('/index.php/apps/' . $appId . '/'); } } return $location; } /** * Redirect to the user default page * * @return void */ public static function redirectToDefaultPage() { $location = self::getDefaultPageUrl(); header('Location: ' . $location); exit(); } /** * get an id unique for this instance * * @return string */ public static function getInstanceId() { $id = OC_Config::getValue('instanceid', null); if (is_null($id)) { // We need to guarantee at least one letter in instanceid so it can be used as the session_name $id = 'oc' . self::generateRandomBytes(10); OC_Config::$object->setValue('instanceid', $id); } return $id; } /** * Static lifespan (in seconds) when a request token expires. * * @see OC_Util::callRegister() * @see OC_Util::isCallRegistered() * @description * Also required for the client side to compute the point in time when to * request a fresh token. The client will do so when nearly 97% of the * time span coded here has expired. */ public static $callLifespan = 3600; // 3600 secs = 1 hour /** * Register an get/post call. Important to prevent CSRF attacks. * * @todo Write howto: CSRF protection guide * @return string Generated token. * @description * Creates a 'request token' (random) and stores it inside the session. * Ever subsequent (ajax) request must use such a valid token to succeed, * otherwise the request will be denied as a protection against CSRF. * The tokens expire after a fixed lifespan. * @see OC_Util::$callLifespan * @see OC_Util::isCallRegistered() */ public static function callRegister() { // Check if a token exists if (!\OC::$server->getSession()->exists('requesttoken')) { // No valid token found, generate a new one. $requestToken = self::generateRandomBytes(20); \OC::$server->getSession()->set('requesttoken', $requestToken); } else { // Valid token already exists, send it $requestToken = \OC::$server->getSession()->get('requesttoken'); } return ($requestToken); } /** * Check an ajax get/post call if the request token is valid. * * @return boolean False if request token is not set or is invalid. * @see OC_Util::$callLifespan * @see OC_Util::callRegister() */ public static function isCallRegistered() { return \OC::$server->getRequest()->passesCSRFCheck(); } /** * Check an ajax get/post call if the request token is valid. Exit if not. * * @todo Write howto * @return void */ public static function callCheck() { if (!OC_Util::isCallRegistered()) { exit(); } } /** * Public function to sanitize HTML * * This function is used to sanitize HTML and should be applied on any * string or array of strings before displaying it on a web page. * * @param string|array &$value * @return string|array an array of sanitized strings or a single sanitized string, depends on the input parameter. */ public static function sanitizeHTML(&$value) { if (is_array($value)) { array_walk_recursive($value, 'OC_Util::sanitizeHTML'); } else { //Specify encoding for PHP<5.4 $value = htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8'); } return $value; } /** * Public function to encode url parameters * * This function is used to encode path to file before output. * Encoding is done according to RFC 3986 with one exception: * Character '/' is preserved as is. * * @param string $component part of URI to encode * @return string */ public static function encodePath($component) { $encoded = rawurlencode($component); $encoded = str_replace('%2F', '/', $encoded); return $encoded; } /** * Check if the .htaccess file is working * * @throws OC\HintException If the testfile can't get written. * @return bool * @description Check if the .htaccess file is working by creating a test * file in the data directory and trying to access via http */ public static function isHtaccessWorking() { if (!OC::$server->getConfig()->getSystemValue('check_for_working_htaccess', true)) { return true; } // testdata $fileName = '/htaccesstest.txt'; $testContent = 'testcontent'; // creating a test file $testFile = OC::$server->getConfig()->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName; if (file_exists($testFile)) {// already running this test, possible recursive call return false; } $fp = @fopen($testFile, 'w'); if (!$fp) { throw new OC\HintException('Can\'t create test file to check for working .htaccess file.', 'Make sure it is possible for the webserver to write to ' . $testFile); } fwrite($fp, $testContent); fclose($fp); // accessing the file via http $url = OC_Helper::makeURLAbsolute(OC::$WEBROOT . '/data' . $fileName); $content = self::getUrlContent($url); // cleanup @unlink($testFile); /* * If the content is not equal to test content our .htaccess * is working as required */ return $content !== $testContent; } /** * test if webDAV is working properly * * @return bool * @description * The basic assumption is that if the server returns 401/Not Authenticated for an unauthenticated PROPFIND * the web server it self is setup properly. * * Why not an authenticated PROPFIND and other verbs? * - We don't have the password available * - We have no idea about other auth methods implemented (e.g. OAuth with Bearer header) * */ public static function isWebDAVWorking() { if (!function_exists('curl_init')) { return true; } if (!\OC_Config::getValue("check_for_working_webdav", true)) { return true; } $settings = array( 'baseUri' => OC_Helper::linkToRemote('webdav'), ); $client = new \OC_DAVClient($settings); $client->setRequestTimeout(10); // for this self test we don't care if the ssl certificate is self signed and the peer cannot be verified. $client->setVerifyPeer(false); // also don't care if the host can't be verified $client->setVerifyHost(0); $return = true; try { // test PROPFIND $client->propfind('', array('{DAV:}resourcetype')); } catch (\Sabre\DAV\Exception\NotAuthenticated $e) { $return = true; } catch (\Exception $e) { OC_Log::write('core', 'isWebDAVWorking: NO - Reason: ' . $e->getMessage() . ' (' . get_class($e) . ')', OC_Log::WARN); $return = false; } return $return; } /** * Check if the setlocal call does not work. This can happen if the right * local packages are not available on the server. * * @return bool */ public static function isSetLocaleWorking() { // setlocale test is pointless on Windows if (OC_Util::runningOnWindows()) { return true; } \Patchwork\Utf8\Bootup::initLocale(); if ('' === basename('ยง')) { return false; } return true; } /** * Check if it's possible to get the inline annotations * * @return bool */ public static function isAnnotationsWorking() { $reflection = new \ReflectionMethod(__METHOD__); $docs = $reflection->getDocComment(); return (is_string($docs) && strlen($docs) > 50); } /** * Check if the PHP module fileinfo is loaded. * * @return bool */ public static function fileInfoLoaded() { return function_exists('finfo_open'); } /** * Check if a PHP version older then 5.3.8 is installed. * * @return bool */ public static function isPHPoutdated() { return version_compare(phpversion(), '5.3.8', '<'); } /** * Check if the ownCloud server can connect to the internet * * @return bool */ public static function isInternetConnectionWorking() { // in case there is no internet connection on purpose return false if (self::isInternetConnectionEnabled() === false) { return false; } // in case the connection is via proxy return true to avoid connecting to owncloud.org if (OC_Config::getValue('proxy', '') != '') { return true; } // try to connect to owncloud.org to see if http connections to the internet are possible. $connected = @fsockopen("www.owncloud.org", 80); if ($connected) { fclose($connected); return true; } else { // second try in case one server is down $connected = @fsockopen("apps.owncloud.com", 80); if ($connected) { fclose($connected); return true; } else { return false; } } } /** * Check if the connection to the internet is disabled on purpose * * @return string */ public static function isInternetConnectionEnabled() { return \OC_Config::getValue("has_internet_connection", true); } /** * clear all levels of output buffering * * @return void */ public static function obEnd() { while (ob_get_level()) { ob_end_clean(); } } /** * Generates a cryptographic secure pseudo-random string * * @param int $length of the random string * @return string * @throws Exception when no secure RNG source is available * Please also update secureRNGAvailable if you change something here */ public static function generateRandomBytes($length = 30) { // Try to use openssl_random_pseudo_bytes if (function_exists('openssl_random_pseudo_bytes')) { $pseudoByte = bin2hex(openssl_random_pseudo_bytes($length, $strong)); if ($strong == true) { return substr($pseudoByte, 0, $length); // Truncate it to match the length } } // Try to use /dev/urandom if (!self::runningOnWindows()) { $fp = @file_get_contents('/dev/urandom', false, null, 0, $length); if ($fp !== false) { $string = substr(bin2hex($fp), 0, $length); return $string; } } // No random numbers are better then bad random numbers throw new \Exception('No secure random number generator available, please install the php-openssl extension'); } /** * Checks if a secure random number generator is available * * @return bool */ public static function secureRNGAvailable() { // Check openssl_random_pseudo_bytes if (function_exists('openssl_random_pseudo_bytes')) { openssl_random_pseudo_bytes(1, $strong); if ($strong == true) { return true; } } // Check /dev/urandom if (!self::runningOnWindows()) { $fp = @file_get_contents('/dev/urandom', false, null, 0, 1); if ($fp !== false) { return true; } } return false; } /** * @Brief Get file content via curl. * @param string $url Url to get content * @throws Exception If the URL does not start with http:// or https:// * @return string of the response or false on error * This function get the content of a page via curl, if curl is enabled. * If not, file_get_contents is used. */ public static function getUrlContent($url) { if (strpos($url, 'http://') !== 0 && strpos($url, 'https://') !== 0) { throw new Exception('$url must start with https:// or http://', 1); } if (function_exists('curl_init')) { $curl = curl_init(); $max_redirects = 10; curl_setopt($curl, CURLOPT_HEADER, 0); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_USERAGENT, "ownCloud Server Crawler"); if (OC_Config::getValue('proxy', '') != '') { curl_setopt($curl, CURLOPT_PROXY, OC_Config::getValue('proxy')); } if (OC_Config::getValue('proxyuserpwd', '') != '') { curl_setopt($curl, CURLOPT_PROXYUSERPWD, OC_Config::getValue('proxyuserpwd')); } if (ini_get('open_basedir') === '' && ini_get('safe_mode') === 'Off') { curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_MAXREDIRS, $max_redirects); $data = curl_exec($curl); } else { curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false); $mr = $max_redirects; if ($mr > 0) { $newURL = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL); $rcurl = curl_copy_handle($curl); curl_setopt($rcurl, CURLOPT_HEADER, true); curl_setopt($rcurl, CURLOPT_NOBODY, true); curl_setopt($rcurl, CURLOPT_FORBID_REUSE, false); curl_setopt($rcurl, CURLOPT_RETURNTRANSFER, true); do { curl_setopt($rcurl, CURLOPT_URL, $newURL); $header = curl_exec($rcurl); if (curl_errno($rcurl)) { $code = 0; } else { $code = curl_getinfo($rcurl, CURLINFO_HTTP_CODE); if ($code == 301 || $code == 302) { preg_match('/Location:(.*?)\n/', $header, $matches); $newURL = trim(array_pop($matches)); } else { $code = 0; } } } while ($code && --$mr); curl_close($rcurl); if ($mr > 0) { curl_setopt($curl, CURLOPT_URL, $newURL); } } if ($mr == 0 && $max_redirects > 0) { $data = false; } else { $data = curl_exec($curl); } } curl_close($curl); } else { $contextArray = null; if (OC_Config::getValue('proxy', '') != '') { $contextArray = array( 'http' => array( 'timeout' => 10, 'proxy' => OC_Config::getValue('proxy') ) ); } else { $contextArray = array( 'http' => array( 'timeout' => 10 ) ); } $ctx = stream_context_create( $contextArray ); $data = @file_get_contents($url, 0, $ctx); } return $data; } /** * Checks whether the server is running on Windows * * @return bool true if running on Windows, false otherwise */ public static function runningOnWindows() { return (substr(PHP_OS, 0, 3) === "WIN"); } /** * Checks whether the server is running on Mac OS X * * @return bool true if running on Mac OS X, false otherwise */ public static function runningOnMac() { return (strtoupper(substr(PHP_OS, 0, 6)) === 'DARWIN'); } /** * Handles the case that there may not be a theme, then check if a "default" * theme exists and take that one * * @return string the theme */ public static function getTheme() { $theme = OC_Config::getValue("theme", ''); if ($theme === '') { if (is_dir(OC::$SERVERROOT . '/themes/default')) { $theme = 'default'; } } return $theme; } /** * Clear the opcode cache if one exists * This is necessary for writing to the config file * in case the opcode cache does not re-validate files * * @return void */ public static function clearOpcodeCache() { // APC if (function_exists('apc_clear_cache')) { apc_clear_cache(); } // Zend Opcache if (function_exists('accelerator_reset')) { accelerator_reset(); } // XCache if (function_exists('xcache_clear_cache')) { if (ini_get('xcache.admin.enable_auth')) { OC_Log::write('core', 'XCache opcode cache will not be cleared because "xcache.admin.enable_auth" is enabled.', \OC_Log::WARN); } else { xcache_clear_cache(XC_TYPE_PHP, 0); } } // Opcache (PHP >= 5.5) if (function_exists('opcache_reset')) { opcache_reset(); } } /** * Normalize a unicode string * * @param string $value a not normalized string * @return bool|string */ public static function normalizeUnicode($value) { if (class_exists('Patchwork\PHP\Shim\Normalizer')) { $normalizedValue = \Patchwork\PHP\Shim\Normalizer::normalize($value); if ($normalizedValue === false) { \OC_Log::write('core', 'normalizing failed for "' . $value . '"', \OC_Log::WARN); } else { $value = $normalizedValue; } } return $value; } /** * @param boolean|string $file * @return string */ public static function basename($file) { $file = rtrim($file, '/'); $t = explode('/', $file); return array_pop($t); } /** * A human readable string is generated based on version, channel and build number * * @return string */ public static function getHumanVersion() { $version = OC_Util::getVersionString() . ' (' . OC_Util::getChannel() . ')'; $build = OC_Util::getBuild(); if (!empty($build) and OC_Util::getChannel() === 'daily') { $version .= ' Build:' . $build; } return $version; } /** * Returns whether the given file name is valid * * @param string $file file name to check * @return bool true if the file name is valid, false otherwise */ public static function isValidFileName($file) { $trimmed = trim($file); if ($trimmed === '') { return false; } if ($trimmed === '.' || $trimmed === '..') { return false; } foreach (str_split($trimmed) as $char) { if (strpos(\OCP\FILENAME_INVALID_CHARS, $char) !== false) { return false; } } return true; } /** * Check whether the instance needs to preform an upgrade * * @return bool */ public static function needUpgrade() { if (OC_Config::getValue('installed', false)) { $installedVersion = OC_Config::getValue('version', '0.0.0'); $currentVersion = implode('.', OC_Util::getVersion()); if (version_compare($currentVersion, $installedVersion, '>')) { return true; } // also check for upgrades for apps $apps = \OC_App::getEnabledApps(); foreach ($apps as $app) { if (\OC_App::shouldUpgrade($app)) { return true; } } return false; } else { return false; } } /** * @return string */ public static function isPhpCharSetUtf8() { return ini_get('default_charset') === 'UTF-8'; } }