nextcloud /
server
@@ -29,13 +29,13 @@ |
||
| 29 | 29 | */ |
| 30 | 30 | class Audio extends File { |
| 31 | 31 | |
| 32 | - /** |
|
| 33 | - * Type name; translated in templates |
|
| 34 | - * @var string |
|
| 35 | - */ |
|
| 36 | - public $type = 'audio'; |
|
| 32 | + /** |
|
| 33 | + * Type name; translated in templates |
|
| 34 | + * @var string |
|
| 35 | + */ |
|
| 36 | + public $type = 'audio'; |
|
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * @TODO add ID3 information |
|
| 40 | - */ |
|
| 38 | + /** |
|
| 39 | + * @TODO add ID3 information |
|
| 40 | + */ |
|
| 41 | 41 | } |
@@ -29,10 +29,10 @@ |
||
| 29 | 29 | */ |
| 30 | 30 | class Folder extends File { |
| 31 | 31 | |
| 32 | - /** |
|
| 33 | - * Type name; translated in templates |
|
| 34 | - * @var string |
|
| 35 | - */ |
|
| 36 | - public $type = 'folder'; |
|
| 32 | + /** |
|
| 33 | + * Type name; translated in templates |
|
| 34 | + * @var string |
|
| 35 | + */ |
|
| 36 | + public $type = 'folder'; |
|
| 37 | 37 | |
| 38 | 38 | } |
@@ -89,17 +89,17 @@ discard block |
||
| 89 | 89 | * @throws QueryException if the class could not be found or instantiated |
| 90 | 90 | */ |
| 91 | 91 | public function resolve($name) { |
| 92 | - $baseMsg = 'Could not resolve ' . $name . '!'; |
|
| 92 | + $baseMsg = 'Could not resolve '.$name.'!'; |
|
| 93 | 93 | try { |
| 94 | 94 | $class = new ReflectionClass($name); |
| 95 | 95 | if ($class->isInstantiable()) { |
| 96 | 96 | return $this->buildClass($class); |
| 97 | 97 | } else { |
| 98 | - throw new QueryException($baseMsg . |
|
| 98 | + throw new QueryException($baseMsg. |
|
| 99 | 99 | ' Class can not be instantiated'); |
| 100 | 100 | } |
| 101 | - } catch(ReflectionException $e) { |
|
| 102 | - throw new QueryException($baseMsg . ' ' . $e->getMessage()); |
|
| 101 | + } catch (ReflectionException $e) { |
|
| 102 | + throw new QueryException($baseMsg.' '.$e->getMessage()); |
|
| 103 | 103 | } |
| 104 | 104 | } |
| 105 | 105 | |
@@ -115,7 +115,7 @@ discard block |
||
| 115 | 115 | return $this->offsetGet($name); |
| 116 | 116 | } else { |
| 117 | 117 | $object = $this->resolve($name); |
| 118 | - $this->registerService($name, function () use ($object) { |
|
| 118 | + $this->registerService($name, function() use ($object) { |
|
| 119 | 119 | return $object; |
| 120 | 120 | }); |
| 121 | 121 | return $object; |
@@ -141,7 +141,7 @@ discard block |
||
| 141 | 141 | */ |
| 142 | 142 | public function registerService($name, Closure $closure, $shared = true) { |
| 143 | 143 | $name = $this->sanitizeName($name); |
| 144 | - if (isset($this[$name])) { |
|
| 144 | + if (isset($this[$name])) { |
|
| 145 | 145 | unset($this[$name]); |
| 146 | 146 | } |
| 147 | 147 | if ($shared) { |
@@ -159,7 +159,7 @@ discard block |
||
| 159 | 159 | * @param string $target the target that should be resolved instead |
| 160 | 160 | */ |
| 161 | 161 | public function registerAlias($alias, $target) { |
| 162 | - $this->registerService($alias, function (IContainer $container) use ($target) { |
|
| 162 | + $this->registerService($alias, function(IContainer $container) use ($target) { |
|
| 163 | 163 | return $container->query($target); |
| 164 | 164 | }, false); |
| 165 | 165 | } |
@@ -43,144 +43,144 @@ |
||
| 43 | 43 | class SimpleContainer extends Container implements IContainer { |
| 44 | 44 | |
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * @param ReflectionClass $class the class to instantiate |
|
| 48 | - * @return \stdClass the created class |
|
| 49 | - * @suppress PhanUndeclaredClassInstanceof |
|
| 50 | - */ |
|
| 51 | - private function buildClass(ReflectionClass $class) { |
|
| 52 | - $constructor = $class->getConstructor(); |
|
| 53 | - if ($constructor === null) { |
|
| 54 | - return $class->newInstance(); |
|
| 55 | - } else { |
|
| 56 | - $parameters = []; |
|
| 57 | - foreach ($constructor->getParameters() as $parameter) { |
|
| 58 | - $parameterClass = $parameter->getClass(); |
|
| 59 | - |
|
| 60 | - // try to find out if it is a class or a simple parameter |
|
| 61 | - if ($parameterClass === null) { |
|
| 62 | - $resolveName = $parameter->getName(); |
|
| 63 | - } else { |
|
| 64 | - $resolveName = $parameterClass->name; |
|
| 65 | - } |
|
| 66 | - |
|
| 67 | - try { |
|
| 68 | - $parameters[] = $this->query($resolveName); |
|
| 69 | - } catch (\Exception $e) { |
|
| 70 | - if (class_exists('PHPUnit_Framework_AssertionFailedError', false) && |
|
| 71 | - $e instanceof \PHPUnit_Framework_AssertionFailedError) { |
|
| 72 | - // Easier debugging of "Your test case is not allowed to access the database." |
|
| 73 | - throw $e; |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - // Service not found, use the default value when available |
|
| 77 | - if ($parameter->isDefaultValueAvailable()) { |
|
| 78 | - $parameters[] = $parameter->getDefaultValue(); |
|
| 79 | - } else if ($parameterClass !== null) { |
|
| 80 | - $resolveName = $parameter->getName(); |
|
| 81 | - $parameters[] = $this->query($resolveName); |
|
| 82 | - } else { |
|
| 83 | - throw $e; |
|
| 84 | - } |
|
| 85 | - } |
|
| 86 | - } |
|
| 87 | - return $class->newInstanceArgs($parameters); |
|
| 88 | - } |
|
| 89 | - } |
|
| 90 | - |
|
| 91 | - |
|
| 92 | - /** |
|
| 93 | - * If a parameter is not registered in the container try to instantiate it |
|
| 94 | - * by using reflection to find out how to build the class |
|
| 95 | - * @param string $name the class name to resolve |
|
| 96 | - * @return \stdClass |
|
| 97 | - * @throws QueryException if the class could not be found or instantiated |
|
| 98 | - */ |
|
| 99 | - public function resolve($name) { |
|
| 100 | - $baseMsg = 'Could not resolve ' . $name . '!'; |
|
| 101 | - try { |
|
| 102 | - $class = new ReflectionClass($name); |
|
| 103 | - if ($class->isInstantiable()) { |
|
| 104 | - return $this->buildClass($class); |
|
| 105 | - } else { |
|
| 106 | - throw new QueryException($baseMsg . |
|
| 107 | - ' Class can not be instantiated'); |
|
| 108 | - } |
|
| 109 | - } catch(ReflectionException $e) { |
|
| 110 | - throw new QueryException($baseMsg . ' ' . $e->getMessage()); |
|
| 111 | - } |
|
| 112 | - } |
|
| 113 | - |
|
| 114 | - |
|
| 115 | - /** |
|
| 116 | - * @param string $name name of the service to query for |
|
| 117 | - * @return mixed registered service for the given $name |
|
| 118 | - * @throws QueryException if the query could not be resolved |
|
| 119 | - */ |
|
| 120 | - public function query($name) { |
|
| 121 | - $name = $this->sanitizeName($name); |
|
| 122 | - if ($this->offsetExists($name)) { |
|
| 123 | - return $this->offsetGet($name); |
|
| 124 | - } else { |
|
| 125 | - $object = $this->resolve($name); |
|
| 126 | - $this->registerService($name, function () use ($object) { |
|
| 127 | - return $object; |
|
| 128 | - }); |
|
| 129 | - return $object; |
|
| 130 | - } |
|
| 131 | - } |
|
| 132 | - |
|
| 133 | - /** |
|
| 134 | - * @param string $name |
|
| 135 | - * @param mixed $value |
|
| 136 | - */ |
|
| 137 | - public function registerParameter($name, $value) { |
|
| 138 | - $this[$name] = $value; |
|
| 139 | - } |
|
| 140 | - |
|
| 141 | - /** |
|
| 142 | - * The given closure is call the first time the given service is queried. |
|
| 143 | - * The closure has to return the instance for the given service. |
|
| 144 | - * Created instance will be cached in case $shared is true. |
|
| 145 | - * |
|
| 146 | - * @param string $name name of the service to register another backend for |
|
| 147 | - * @param Closure $closure the closure to be called on service creation |
|
| 148 | - * @param bool $shared |
|
| 149 | - */ |
|
| 150 | - public function registerService($name, Closure $closure, $shared = true) { |
|
| 151 | - $name = $this->sanitizeName($name); |
|
| 152 | - if (isset($this[$name])) { |
|
| 153 | - unset($this[$name]); |
|
| 154 | - } |
|
| 155 | - if ($shared) { |
|
| 156 | - $this[$name] = $closure; |
|
| 157 | - } else { |
|
| 158 | - $this[$name] = parent::factory($closure); |
|
| 159 | - } |
|
| 160 | - } |
|
| 161 | - |
|
| 162 | - /** |
|
| 163 | - * Shortcut for returning a service from a service under a different key, |
|
| 164 | - * e.g. to tell the container to return a class when queried for an |
|
| 165 | - * interface |
|
| 166 | - * @param string $alias the alias that should be registered |
|
| 167 | - * @param string $target the target that should be resolved instead |
|
| 168 | - */ |
|
| 169 | - public function registerAlias($alias, $target) { |
|
| 170 | - $this->registerService($alias, function (IContainer $container) use ($target) { |
|
| 171 | - return $container->query($target); |
|
| 172 | - }, false); |
|
| 173 | - } |
|
| 174 | - |
|
| 175 | - /* |
|
| 46 | + /** |
|
| 47 | + * @param ReflectionClass $class the class to instantiate |
|
| 48 | + * @return \stdClass the created class |
|
| 49 | + * @suppress PhanUndeclaredClassInstanceof |
|
| 50 | + */ |
|
| 51 | + private function buildClass(ReflectionClass $class) { |
|
| 52 | + $constructor = $class->getConstructor(); |
|
| 53 | + if ($constructor === null) { |
|
| 54 | + return $class->newInstance(); |
|
| 55 | + } else { |
|
| 56 | + $parameters = []; |
|
| 57 | + foreach ($constructor->getParameters() as $parameter) { |
|
| 58 | + $parameterClass = $parameter->getClass(); |
|
| 59 | + |
|
| 60 | + // try to find out if it is a class or a simple parameter |
|
| 61 | + if ($parameterClass === null) { |
|
| 62 | + $resolveName = $parameter->getName(); |
|
| 63 | + } else { |
|
| 64 | + $resolveName = $parameterClass->name; |
|
| 65 | + } |
|
| 66 | + |
|
| 67 | + try { |
|
| 68 | + $parameters[] = $this->query($resolveName); |
|
| 69 | + } catch (\Exception $e) { |
|
| 70 | + if (class_exists('PHPUnit_Framework_AssertionFailedError', false) && |
|
| 71 | + $e instanceof \PHPUnit_Framework_AssertionFailedError) { |
|
| 72 | + // Easier debugging of "Your test case is not allowed to access the database." |
|
| 73 | + throw $e; |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + // Service not found, use the default value when available |
|
| 77 | + if ($parameter->isDefaultValueAvailable()) { |
|
| 78 | + $parameters[] = $parameter->getDefaultValue(); |
|
| 79 | + } else if ($parameterClass !== null) { |
|
| 80 | + $resolveName = $parameter->getName(); |
|
| 81 | + $parameters[] = $this->query($resolveName); |
|
| 82 | + } else { |
|
| 83 | + throw $e; |
|
| 84 | + } |
|
| 85 | + } |
|
| 86 | + } |
|
| 87 | + return $class->newInstanceArgs($parameters); |
|
| 88 | + } |
|
| 89 | + } |
|
| 90 | + |
|
| 91 | + |
|
| 92 | + /** |
|
| 93 | + * If a parameter is not registered in the container try to instantiate it |
|
| 94 | + * by using reflection to find out how to build the class |
|
| 95 | + * @param string $name the class name to resolve |
|
| 96 | + * @return \stdClass |
|
| 97 | + * @throws QueryException if the class could not be found or instantiated |
|
| 98 | + */ |
|
| 99 | + public function resolve($name) { |
|
| 100 | + $baseMsg = 'Could not resolve ' . $name . '!'; |
|
| 101 | + try { |
|
| 102 | + $class = new ReflectionClass($name); |
|
| 103 | + if ($class->isInstantiable()) { |
|
| 104 | + return $this->buildClass($class); |
|
| 105 | + } else { |
|
| 106 | + throw new QueryException($baseMsg . |
|
| 107 | + ' Class can not be instantiated'); |
|
| 108 | + } |
|
| 109 | + } catch(ReflectionException $e) { |
|
| 110 | + throw new QueryException($baseMsg . ' ' . $e->getMessage()); |
|
| 111 | + } |
|
| 112 | + } |
|
| 113 | + |
|
| 114 | + |
|
| 115 | + /** |
|
| 116 | + * @param string $name name of the service to query for |
|
| 117 | + * @return mixed registered service for the given $name |
|
| 118 | + * @throws QueryException if the query could not be resolved |
|
| 119 | + */ |
|
| 120 | + public function query($name) { |
|
| 121 | + $name = $this->sanitizeName($name); |
|
| 122 | + if ($this->offsetExists($name)) { |
|
| 123 | + return $this->offsetGet($name); |
|
| 124 | + } else { |
|
| 125 | + $object = $this->resolve($name); |
|
| 126 | + $this->registerService($name, function () use ($object) { |
|
| 127 | + return $object; |
|
| 128 | + }); |
|
| 129 | + return $object; |
|
| 130 | + } |
|
| 131 | + } |
|
| 132 | + |
|
| 133 | + /** |
|
| 134 | + * @param string $name |
|
| 135 | + * @param mixed $value |
|
| 136 | + */ |
|
| 137 | + public function registerParameter($name, $value) { |
|
| 138 | + $this[$name] = $value; |
|
| 139 | + } |
|
| 140 | + |
|
| 141 | + /** |
|
| 142 | + * The given closure is call the first time the given service is queried. |
|
| 143 | + * The closure has to return the instance for the given service. |
|
| 144 | + * Created instance will be cached in case $shared is true. |
|
| 145 | + * |
|
| 146 | + * @param string $name name of the service to register another backend for |
|
| 147 | + * @param Closure $closure the closure to be called on service creation |
|
| 148 | + * @param bool $shared |
|
| 149 | + */ |
|
| 150 | + public function registerService($name, Closure $closure, $shared = true) { |
|
| 151 | + $name = $this->sanitizeName($name); |
|
| 152 | + if (isset($this[$name])) { |
|
| 153 | + unset($this[$name]); |
|
| 154 | + } |
|
| 155 | + if ($shared) { |
|
| 156 | + $this[$name] = $closure; |
|
| 157 | + } else { |
|
| 158 | + $this[$name] = parent::factory($closure); |
|
| 159 | + } |
|
| 160 | + } |
|
| 161 | + |
|
| 162 | + /** |
|
| 163 | + * Shortcut for returning a service from a service under a different key, |
|
| 164 | + * e.g. to tell the container to return a class when queried for an |
|
| 165 | + * interface |
|
| 166 | + * @param string $alias the alias that should be registered |
|
| 167 | + * @param string $target the target that should be resolved instead |
|
| 168 | + */ |
|
| 169 | + public function registerAlias($alias, $target) { |
|
| 170 | + $this->registerService($alias, function (IContainer $container) use ($target) { |
|
| 171 | + return $container->query($target); |
|
| 172 | + }, false); |
|
| 173 | + } |
|
| 174 | + |
|
| 175 | + /* |
|
| 176 | 176 | * @param string $name |
| 177 | 177 | * @return string |
| 178 | 178 | */ |
| 179 | - protected function sanitizeName($name) { |
|
| 180 | - if (isset($name[0]) && $name[0] === '\\') { |
|
| 181 | - return ltrim($name, '\\'); |
|
| 182 | - } |
|
| 183 | - return $name; |
|
| 184 | - } |
|
| 179 | + protected function sanitizeName($name) { |
|
| 180 | + if (isset($name[0]) && $name[0] === '\\') { |
|
| 181 | + return ltrim($name, '\\'); |
|
| 182 | + } |
|
| 183 | + return $name; |
|
| 184 | + } |
|
| 185 | 185 | |
| 186 | 186 | } |
@@ -30,70 +30,70 @@ |
||
| 30 | 30 | * Very thin wrapper class to make output testable |
| 31 | 31 | */ |
| 32 | 32 | class Output implements IOutput { |
| 33 | - /** @var string */ |
|
| 34 | - private $webRoot; |
|
| 33 | + /** @var string */ |
|
| 34 | + private $webRoot; |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * @param $webRoot |
|
| 38 | - */ |
|
| 39 | - public function __construct($webRoot) { |
|
| 40 | - $this->webRoot = $webRoot; |
|
| 41 | - } |
|
| 36 | + /** |
|
| 37 | + * @param $webRoot |
|
| 38 | + */ |
|
| 39 | + public function __construct($webRoot) { |
|
| 40 | + $this->webRoot = $webRoot; |
|
| 41 | + } |
|
| 42 | 42 | |
| 43 | - /** |
|
| 44 | - * @param string $out |
|
| 45 | - */ |
|
| 46 | - public function setOutput($out) { |
|
| 47 | - print($out); |
|
| 48 | - } |
|
| 43 | + /** |
|
| 44 | + * @param string $out |
|
| 45 | + */ |
|
| 46 | + public function setOutput($out) { |
|
| 47 | + print($out); |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - /** |
|
| 51 | - * @param string|resource $path or file handle |
|
| 52 | - * |
|
| 53 | - * @return bool false if an error occurred |
|
| 54 | - */ |
|
| 55 | - public function setReadfile($path) { |
|
| 56 | - if (is_resource($path)) { |
|
| 57 | - $output = fopen('php://output', 'w'); |
|
| 58 | - return stream_copy_to_stream($path, $output) > 0; |
|
| 59 | - } else { |
|
| 60 | - return @readfile($path); |
|
| 61 | - } |
|
| 62 | - } |
|
| 50 | + /** |
|
| 51 | + * @param string|resource $path or file handle |
|
| 52 | + * |
|
| 53 | + * @return bool false if an error occurred |
|
| 54 | + */ |
|
| 55 | + public function setReadfile($path) { |
|
| 56 | + if (is_resource($path)) { |
|
| 57 | + $output = fopen('php://output', 'w'); |
|
| 58 | + return stream_copy_to_stream($path, $output) > 0; |
|
| 59 | + } else { |
|
| 60 | + return @readfile($path); |
|
| 61 | + } |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - /** |
|
| 65 | - * @param string $header |
|
| 66 | - */ |
|
| 67 | - public function setHeader($header) { |
|
| 68 | - header($header); |
|
| 69 | - } |
|
| 64 | + /** |
|
| 65 | + * @param string $header |
|
| 66 | + */ |
|
| 67 | + public function setHeader($header) { |
|
| 68 | + header($header); |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - /** |
|
| 72 | - * @param int $code sets the http status code |
|
| 73 | - */ |
|
| 74 | - public function setHttpResponseCode($code) { |
|
| 75 | - http_response_code($code); |
|
| 76 | - } |
|
| 71 | + /** |
|
| 72 | + * @param int $code sets the http status code |
|
| 73 | + */ |
|
| 74 | + public function setHttpResponseCode($code) { |
|
| 75 | + http_response_code($code); |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - /** |
|
| 79 | - * @return int returns the current http response code |
|
| 80 | - */ |
|
| 81 | - public function getHttpResponseCode() { |
|
| 82 | - return http_response_code(); |
|
| 83 | - } |
|
| 78 | + /** |
|
| 79 | + * @return int returns the current http response code |
|
| 80 | + */ |
|
| 81 | + public function getHttpResponseCode() { |
|
| 82 | + return http_response_code(); |
|
| 83 | + } |
|
| 84 | 84 | |
| 85 | - /** |
|
| 86 | - * @param string $name |
|
| 87 | - * @param string $value |
|
| 88 | - * @param int $expire |
|
| 89 | - * @param string $path |
|
| 90 | - * @param string $domain |
|
| 91 | - * @param bool $secure |
|
| 92 | - * @param bool $httpOnly |
|
| 93 | - */ |
|
| 94 | - public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly) { |
|
| 95 | - $path = $this->webRoot ? : '/'; |
|
| 96 | - setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); |
|
| 97 | - } |
|
| 85 | + /** |
|
| 86 | + * @param string $name |
|
| 87 | + * @param string $value |
|
| 88 | + * @param int $expire |
|
| 89 | + * @param string $path |
|
| 90 | + * @param string $domain |
|
| 91 | + * @param bool $secure |
|
| 92 | + * @param bool $httpOnly |
|
| 93 | + */ |
|
| 94 | + public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly) { |
|
| 95 | + $path = $this->webRoot ? : '/'; |
|
| 96 | + setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); |
|
| 97 | + } |
|
| 98 | 98 | |
| 99 | 99 | } |
@@ -92,7 +92,7 @@ |
||
| 92 | 92 | * @param bool $httpOnly |
| 93 | 93 | */ |
| 94 | 94 | public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly) { |
| 95 | - $path = $this->webRoot ? : '/'; |
|
| 95 | + $path = $this->webRoot ?: '/'; |
|
| 96 | 96 | setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); |
| 97 | 97 | } |
| 98 | 98 | |
@@ -41,7 +41,7 @@ discard block |
||
| 41 | 41 | * @param array $server $_SERVER |
| 42 | 42 | * @param string $protocolVersion the http version to use defaults to HTTP/1.1 |
| 43 | 43 | */ |
| 44 | - public function __construct($server, $protocolVersion='HTTP/1.1') { |
|
| 44 | + public function __construct($server, $protocolVersion = 'HTTP/1.1') { |
|
| 45 | 45 | $this->server = $server; |
| 46 | 46 | $this->protocolVersion = $protocolVersion; |
| 47 | 47 | |
@@ -116,16 +116,16 @@ discard block |
||
| 116 | 116 | * @param string $ETag the etag |
| 117 | 117 | * @return string |
| 118 | 118 | */ |
| 119 | - public function getStatusHeader($status, \DateTime $lastModified=null, |
|
| 120 | - $ETag=null) { |
|
| 119 | + public function getStatusHeader($status, \DateTime $lastModified = null, |
|
| 120 | + $ETag = null) { |
|
| 121 | 121 | |
| 122 | - if(!is_null($lastModified)) { |
|
| 122 | + if (!is_null($lastModified)) { |
|
| 123 | 123 | $lastModified = $lastModified->format(\DateTime::RFC2822); |
| 124 | 124 | } |
| 125 | 125 | |
| 126 | 126 | // if etag or lastmodified have not changed, return a not modified |
| 127 | 127 | if ((isset($this->server['HTTP_IF_NONE_MATCH']) |
| 128 | - && trim(trim($this->server['HTTP_IF_NONE_MATCH']), '"') === (string)$ETag) |
|
| 128 | + && trim(trim($this->server['HTTP_IF_NONE_MATCH']), '"') === (string) $ETag) |
|
| 129 | 129 | |
| 130 | 130 | || |
| 131 | 131 | |
@@ -139,13 +139,13 @@ discard block |
||
| 139 | 139 | // we have one change currently for the http 1.0 header that differs |
| 140 | 140 | // from 1.1: STATUS_TEMPORARY_REDIRECT should be STATUS_FOUND |
| 141 | 141 | // if this differs any more, we want to create childclasses for this |
| 142 | - if($status === self::STATUS_TEMPORARY_REDIRECT |
|
| 142 | + if ($status === self::STATUS_TEMPORARY_REDIRECT |
|
| 143 | 143 | && $this->protocolVersion === 'HTTP/1.0') { |
| 144 | 144 | |
| 145 | 145 | $status = self::STATUS_FOUND; |
| 146 | 146 | } |
| 147 | 147 | |
| 148 | - return $this->protocolVersion . ' ' . $status . ' ' . |
|
| 148 | + return $this->protocolVersion.' '.$status.' '. |
|
| 149 | 149 | $this->headers[$status]; |
| 150 | 150 | } |
| 151 | 151 | |
@@ -33,121 +33,121 @@ |
||
| 33 | 33 | |
| 34 | 34 | class Http extends BaseHttp { |
| 35 | 35 | |
| 36 | - private $server; |
|
| 37 | - private $protocolVersion; |
|
| 38 | - protected $headers; |
|
| 39 | - |
|
| 40 | - /** |
|
| 41 | - * @param array $server $_SERVER |
|
| 42 | - * @param string $protocolVersion the http version to use defaults to HTTP/1.1 |
|
| 43 | - */ |
|
| 44 | - public function __construct($server, $protocolVersion='HTTP/1.1') { |
|
| 45 | - $this->server = $server; |
|
| 46 | - $this->protocolVersion = $protocolVersion; |
|
| 47 | - |
|
| 48 | - $this->headers = array( |
|
| 49 | - self::STATUS_CONTINUE => 'Continue', |
|
| 50 | - self::STATUS_SWITCHING_PROTOCOLS => 'Switching Protocols', |
|
| 51 | - self::STATUS_PROCESSING => 'Processing', |
|
| 52 | - self::STATUS_OK => 'OK', |
|
| 53 | - self::STATUS_CREATED => 'Created', |
|
| 54 | - self::STATUS_ACCEPTED => 'Accepted', |
|
| 55 | - self::STATUS_NON_AUTHORATIVE_INFORMATION => 'Non-Authorative Information', |
|
| 56 | - self::STATUS_NO_CONTENT => 'No Content', |
|
| 57 | - self::STATUS_RESET_CONTENT => 'Reset Content', |
|
| 58 | - self::STATUS_PARTIAL_CONTENT => 'Partial Content', |
|
| 59 | - self::STATUS_MULTI_STATUS => 'Multi-Status', // RFC 4918 |
|
| 60 | - self::STATUS_ALREADY_REPORTED => 'Already Reported', // RFC 5842 |
|
| 61 | - self::STATUS_IM_USED => 'IM Used', // RFC 3229 |
|
| 62 | - self::STATUS_MULTIPLE_CHOICES => 'Multiple Choices', |
|
| 63 | - self::STATUS_MOVED_PERMANENTLY => 'Moved Permanently', |
|
| 64 | - self::STATUS_FOUND => 'Found', |
|
| 65 | - self::STATUS_SEE_OTHER => 'See Other', |
|
| 66 | - self::STATUS_NOT_MODIFIED => 'Not Modified', |
|
| 67 | - self::STATUS_USE_PROXY => 'Use Proxy', |
|
| 68 | - self::STATUS_RESERVED => 'Reserved', |
|
| 69 | - self::STATUS_TEMPORARY_REDIRECT => 'Temporary Redirect', |
|
| 70 | - self::STATUS_BAD_REQUEST => 'Bad request', |
|
| 71 | - self::STATUS_UNAUTHORIZED => 'Unauthorized', |
|
| 72 | - self::STATUS_PAYMENT_REQUIRED => 'Payment Required', |
|
| 73 | - self::STATUS_FORBIDDEN => 'Forbidden', |
|
| 74 | - self::STATUS_NOT_FOUND => 'Not Found', |
|
| 75 | - self::STATUS_METHOD_NOT_ALLOWED => 'Method Not Allowed', |
|
| 76 | - self::STATUS_NOT_ACCEPTABLE => 'Not Acceptable', |
|
| 77 | - self::STATUS_PROXY_AUTHENTICATION_REQUIRED => 'Proxy Authentication Required', |
|
| 78 | - self::STATUS_REQUEST_TIMEOUT => 'Request Timeout', |
|
| 79 | - self::STATUS_CONFLICT => 'Conflict', |
|
| 80 | - self::STATUS_GONE => 'Gone', |
|
| 81 | - self::STATUS_LENGTH_REQUIRED => 'Length Required', |
|
| 82 | - self::STATUS_PRECONDITION_FAILED => 'Precondition failed', |
|
| 83 | - self::STATUS_REQUEST_ENTITY_TOO_LARGE => 'Request Entity Too Large', |
|
| 84 | - self::STATUS_REQUEST_URI_TOO_LONG => 'Request-URI Too Long', |
|
| 85 | - self::STATUS_UNSUPPORTED_MEDIA_TYPE => 'Unsupported Media Type', |
|
| 86 | - self::STATUS_REQUEST_RANGE_NOT_SATISFIABLE => 'Requested Range Not Satisfiable', |
|
| 87 | - self::STATUS_EXPECTATION_FAILED => 'Expectation Failed', |
|
| 88 | - self::STATUS_IM_A_TEAPOT => 'I\'m a teapot', // RFC 2324 |
|
| 89 | - self::STATUS_UNPROCESSABLE_ENTITY => 'Unprocessable Entity', // RFC 4918 |
|
| 90 | - self::STATUS_LOCKED => 'Locked', // RFC 4918 |
|
| 91 | - self::STATUS_FAILED_DEPENDENCY => 'Failed Dependency', // RFC 4918 |
|
| 92 | - self::STATUS_UPGRADE_REQUIRED => 'Upgrade required', |
|
| 93 | - self::STATUS_PRECONDITION_REQUIRED => 'Precondition required', // draft-nottingham-http-new-status |
|
| 94 | - self::STATUS_TOO_MANY_REQUESTS => 'Too Many Requests', // draft-nottingham-http-new-status |
|
| 95 | - self::STATUS_REQUEST_HEADER_FIELDS_TOO_LARGE => 'Request Header Fields Too Large', // draft-nottingham-http-new-status |
|
| 96 | - self::STATUS_INTERNAL_SERVER_ERROR => 'Internal Server Error', |
|
| 97 | - self::STATUS_NOT_IMPLEMENTED => 'Not Implemented', |
|
| 98 | - self::STATUS_BAD_GATEWAY => 'Bad Gateway', |
|
| 99 | - self::STATUS_SERVICE_UNAVAILABLE => 'Service Unavailable', |
|
| 100 | - self::STATUS_GATEWAY_TIMEOUT => 'Gateway Timeout', |
|
| 101 | - self::STATUS_HTTP_VERSION_NOT_SUPPORTED => 'HTTP Version not supported', |
|
| 102 | - self::STATUS_VARIANT_ALSO_NEGOTIATES => 'Variant Also Negotiates', |
|
| 103 | - self::STATUS_INSUFFICIENT_STORAGE => 'Insufficient Storage', // RFC 4918 |
|
| 104 | - self::STATUS_LOOP_DETECTED => 'Loop Detected', // RFC 5842 |
|
| 105 | - self::STATUS_BANDWIDTH_LIMIT_EXCEEDED => 'Bandwidth Limit Exceeded', // non-standard |
|
| 106 | - self::STATUS_NOT_EXTENDED => 'Not extended', |
|
| 107 | - self::STATUS_NETWORK_AUTHENTICATION_REQUIRED => 'Network Authentication Required', // draft-nottingham-http-new-status |
|
| 108 | - ); |
|
| 109 | - } |
|
| 110 | - |
|
| 111 | - |
|
| 112 | - /** |
|
| 113 | - * Gets the correct header |
|
| 114 | - * @param int Http::CONSTANT $status the constant from the Http class |
|
| 115 | - * @param \DateTime $lastModified formatted last modified date |
|
| 116 | - * @param string $ETag the etag |
|
| 117 | - * @return string |
|
| 118 | - */ |
|
| 119 | - public function getStatusHeader($status, \DateTime $lastModified=null, |
|
| 120 | - $ETag=null) { |
|
| 121 | - |
|
| 122 | - if(!is_null($lastModified)) { |
|
| 123 | - $lastModified = $lastModified->format(\DateTime::RFC2822); |
|
| 124 | - } |
|
| 125 | - |
|
| 126 | - // if etag or lastmodified have not changed, return a not modified |
|
| 127 | - if ((isset($this->server['HTTP_IF_NONE_MATCH']) |
|
| 128 | - && trim(trim($this->server['HTTP_IF_NONE_MATCH']), '"') === (string)$ETag) |
|
| 129 | - |
|
| 130 | - || |
|
| 131 | - |
|
| 132 | - (isset($this->server['HTTP_IF_MODIFIED_SINCE']) |
|
| 133 | - && trim($this->server['HTTP_IF_MODIFIED_SINCE']) === |
|
| 134 | - $lastModified)) { |
|
| 135 | - |
|
| 136 | - $status = self::STATUS_NOT_MODIFIED; |
|
| 137 | - } |
|
| 138 | - |
|
| 139 | - // we have one change currently for the http 1.0 header that differs |
|
| 140 | - // from 1.1: STATUS_TEMPORARY_REDIRECT should be STATUS_FOUND |
|
| 141 | - // if this differs any more, we want to create childclasses for this |
|
| 142 | - if($status === self::STATUS_TEMPORARY_REDIRECT |
|
| 143 | - && $this->protocolVersion === 'HTTP/1.0') { |
|
| 144 | - |
|
| 145 | - $status = self::STATUS_FOUND; |
|
| 146 | - } |
|
| 147 | - |
|
| 148 | - return $this->protocolVersion . ' ' . $status . ' ' . |
|
| 149 | - $this->headers[$status]; |
|
| 150 | - } |
|
| 36 | + private $server; |
|
| 37 | + private $protocolVersion; |
|
| 38 | + protected $headers; |
|
| 39 | + |
|
| 40 | + /** |
|
| 41 | + * @param array $server $_SERVER |
|
| 42 | + * @param string $protocolVersion the http version to use defaults to HTTP/1.1 |
|
| 43 | + */ |
|
| 44 | + public function __construct($server, $protocolVersion='HTTP/1.1') { |
|
| 45 | + $this->server = $server; |
|
| 46 | + $this->protocolVersion = $protocolVersion; |
|
| 47 | + |
|
| 48 | + $this->headers = array( |
|
| 49 | + self::STATUS_CONTINUE => 'Continue', |
|
| 50 | + self::STATUS_SWITCHING_PROTOCOLS => 'Switching Protocols', |
|
| 51 | + self::STATUS_PROCESSING => 'Processing', |
|
| 52 | + self::STATUS_OK => 'OK', |
|
| 53 | + self::STATUS_CREATED => 'Created', |
|
| 54 | + self::STATUS_ACCEPTED => 'Accepted', |
|
| 55 | + self::STATUS_NON_AUTHORATIVE_INFORMATION => 'Non-Authorative Information', |
|
| 56 | + self::STATUS_NO_CONTENT => 'No Content', |
|
| 57 | + self::STATUS_RESET_CONTENT => 'Reset Content', |
|
| 58 | + self::STATUS_PARTIAL_CONTENT => 'Partial Content', |
|
| 59 | + self::STATUS_MULTI_STATUS => 'Multi-Status', // RFC 4918 |
|
| 60 | + self::STATUS_ALREADY_REPORTED => 'Already Reported', // RFC 5842 |
|
| 61 | + self::STATUS_IM_USED => 'IM Used', // RFC 3229 |
|
| 62 | + self::STATUS_MULTIPLE_CHOICES => 'Multiple Choices', |
|
| 63 | + self::STATUS_MOVED_PERMANENTLY => 'Moved Permanently', |
|
| 64 | + self::STATUS_FOUND => 'Found', |
|
| 65 | + self::STATUS_SEE_OTHER => 'See Other', |
|
| 66 | + self::STATUS_NOT_MODIFIED => 'Not Modified', |
|
| 67 | + self::STATUS_USE_PROXY => 'Use Proxy', |
|
| 68 | + self::STATUS_RESERVED => 'Reserved', |
|
| 69 | + self::STATUS_TEMPORARY_REDIRECT => 'Temporary Redirect', |
|
| 70 | + self::STATUS_BAD_REQUEST => 'Bad request', |
|
| 71 | + self::STATUS_UNAUTHORIZED => 'Unauthorized', |
|
| 72 | + self::STATUS_PAYMENT_REQUIRED => 'Payment Required', |
|
| 73 | + self::STATUS_FORBIDDEN => 'Forbidden', |
|
| 74 | + self::STATUS_NOT_FOUND => 'Not Found', |
|
| 75 | + self::STATUS_METHOD_NOT_ALLOWED => 'Method Not Allowed', |
|
| 76 | + self::STATUS_NOT_ACCEPTABLE => 'Not Acceptable', |
|
| 77 | + self::STATUS_PROXY_AUTHENTICATION_REQUIRED => 'Proxy Authentication Required', |
|
| 78 | + self::STATUS_REQUEST_TIMEOUT => 'Request Timeout', |
|
| 79 | + self::STATUS_CONFLICT => 'Conflict', |
|
| 80 | + self::STATUS_GONE => 'Gone', |
|
| 81 | + self::STATUS_LENGTH_REQUIRED => 'Length Required', |
|
| 82 | + self::STATUS_PRECONDITION_FAILED => 'Precondition failed', |
|
| 83 | + self::STATUS_REQUEST_ENTITY_TOO_LARGE => 'Request Entity Too Large', |
|
| 84 | + self::STATUS_REQUEST_URI_TOO_LONG => 'Request-URI Too Long', |
|
| 85 | + self::STATUS_UNSUPPORTED_MEDIA_TYPE => 'Unsupported Media Type', |
|
| 86 | + self::STATUS_REQUEST_RANGE_NOT_SATISFIABLE => 'Requested Range Not Satisfiable', |
|
| 87 | + self::STATUS_EXPECTATION_FAILED => 'Expectation Failed', |
|
| 88 | + self::STATUS_IM_A_TEAPOT => 'I\'m a teapot', // RFC 2324 |
|
| 89 | + self::STATUS_UNPROCESSABLE_ENTITY => 'Unprocessable Entity', // RFC 4918 |
|
| 90 | + self::STATUS_LOCKED => 'Locked', // RFC 4918 |
|
| 91 | + self::STATUS_FAILED_DEPENDENCY => 'Failed Dependency', // RFC 4918 |
|
| 92 | + self::STATUS_UPGRADE_REQUIRED => 'Upgrade required', |
|
| 93 | + self::STATUS_PRECONDITION_REQUIRED => 'Precondition required', // draft-nottingham-http-new-status |
|
| 94 | + self::STATUS_TOO_MANY_REQUESTS => 'Too Many Requests', // draft-nottingham-http-new-status |
|
| 95 | + self::STATUS_REQUEST_HEADER_FIELDS_TOO_LARGE => 'Request Header Fields Too Large', // draft-nottingham-http-new-status |
|
| 96 | + self::STATUS_INTERNAL_SERVER_ERROR => 'Internal Server Error', |
|
| 97 | + self::STATUS_NOT_IMPLEMENTED => 'Not Implemented', |
|
| 98 | + self::STATUS_BAD_GATEWAY => 'Bad Gateway', |
|
| 99 | + self::STATUS_SERVICE_UNAVAILABLE => 'Service Unavailable', |
|
| 100 | + self::STATUS_GATEWAY_TIMEOUT => 'Gateway Timeout', |
|
| 101 | + self::STATUS_HTTP_VERSION_NOT_SUPPORTED => 'HTTP Version not supported', |
|
| 102 | + self::STATUS_VARIANT_ALSO_NEGOTIATES => 'Variant Also Negotiates', |
|
| 103 | + self::STATUS_INSUFFICIENT_STORAGE => 'Insufficient Storage', // RFC 4918 |
|
| 104 | + self::STATUS_LOOP_DETECTED => 'Loop Detected', // RFC 5842 |
|
| 105 | + self::STATUS_BANDWIDTH_LIMIT_EXCEEDED => 'Bandwidth Limit Exceeded', // non-standard |
|
| 106 | + self::STATUS_NOT_EXTENDED => 'Not extended', |
|
| 107 | + self::STATUS_NETWORK_AUTHENTICATION_REQUIRED => 'Network Authentication Required', // draft-nottingham-http-new-status |
|
| 108 | + ); |
|
| 109 | + } |
|
| 110 | + |
|
| 111 | + |
|
| 112 | + /** |
|
| 113 | + * Gets the correct header |
|
| 114 | + * @param int Http::CONSTANT $status the constant from the Http class |
|
| 115 | + * @param \DateTime $lastModified formatted last modified date |
|
| 116 | + * @param string $ETag the etag |
|
| 117 | + * @return string |
|
| 118 | + */ |
|
| 119 | + public function getStatusHeader($status, \DateTime $lastModified=null, |
|
| 120 | + $ETag=null) { |
|
| 121 | + |
|
| 122 | + if(!is_null($lastModified)) { |
|
| 123 | + $lastModified = $lastModified->format(\DateTime::RFC2822); |
|
| 124 | + } |
|
| 125 | + |
|
| 126 | + // if etag or lastmodified have not changed, return a not modified |
|
| 127 | + if ((isset($this->server['HTTP_IF_NONE_MATCH']) |
|
| 128 | + && trim(trim($this->server['HTTP_IF_NONE_MATCH']), '"') === (string)$ETag) |
|
| 129 | + |
|
| 130 | + || |
|
| 131 | + |
|
| 132 | + (isset($this->server['HTTP_IF_MODIFIED_SINCE']) |
|
| 133 | + && trim($this->server['HTTP_IF_MODIFIED_SINCE']) === |
|
| 134 | + $lastModified)) { |
|
| 135 | + |
|
| 136 | + $status = self::STATUS_NOT_MODIFIED; |
|
| 137 | + } |
|
| 138 | + |
|
| 139 | + // we have one change currently for the http 1.0 header that differs |
|
| 140 | + // from 1.1: STATUS_TEMPORARY_REDIRECT should be STATUS_FOUND |
|
| 141 | + // if this differs any more, we want to create childclasses for this |
|
| 142 | + if($status === self::STATUS_TEMPORARY_REDIRECT |
|
| 143 | + && $this->protocolVersion === 'HTTP/1.0') { |
|
| 144 | + |
|
| 145 | + $status = self::STATUS_FOUND; |
|
| 146 | + } |
|
| 147 | + |
|
| 148 | + return $this->protocolVersion . ' ' . $status . ' ' . |
|
| 149 | + $this->headers[$status]; |
|
| 150 | + } |
|
| 151 | 151 | |
| 152 | 152 | |
| 153 | 153 | } |
@@ -45,116 +45,116 @@ |
||
| 45 | 45 | * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS |
| 46 | 46 | */ |
| 47 | 47 | class CORSMiddleware extends Middleware { |
| 48 | - /** @var IRequest */ |
|
| 49 | - private $request; |
|
| 50 | - /** @var ControllerMethodReflector */ |
|
| 51 | - private $reflector; |
|
| 52 | - /** @var Session */ |
|
| 53 | - private $session; |
|
| 54 | - /** @var Throttler */ |
|
| 55 | - private $throttler; |
|
| 48 | + /** @var IRequest */ |
|
| 49 | + private $request; |
|
| 50 | + /** @var ControllerMethodReflector */ |
|
| 51 | + private $reflector; |
|
| 52 | + /** @var Session */ |
|
| 53 | + private $session; |
|
| 54 | + /** @var Throttler */ |
|
| 55 | + private $throttler; |
|
| 56 | 56 | |
| 57 | - /** |
|
| 58 | - * @param IRequest $request |
|
| 59 | - * @param ControllerMethodReflector $reflector |
|
| 60 | - * @param Session $session |
|
| 61 | - * @param Throttler $throttler |
|
| 62 | - */ |
|
| 63 | - public function __construct(IRequest $request, |
|
| 64 | - ControllerMethodReflector $reflector, |
|
| 65 | - Session $session, |
|
| 66 | - Throttler $throttler) { |
|
| 67 | - $this->request = $request; |
|
| 68 | - $this->reflector = $reflector; |
|
| 69 | - $this->session = $session; |
|
| 70 | - $this->throttler = $throttler; |
|
| 71 | - } |
|
| 57 | + /** |
|
| 58 | + * @param IRequest $request |
|
| 59 | + * @param ControllerMethodReflector $reflector |
|
| 60 | + * @param Session $session |
|
| 61 | + * @param Throttler $throttler |
|
| 62 | + */ |
|
| 63 | + public function __construct(IRequest $request, |
|
| 64 | + ControllerMethodReflector $reflector, |
|
| 65 | + Session $session, |
|
| 66 | + Throttler $throttler) { |
|
| 67 | + $this->request = $request; |
|
| 68 | + $this->reflector = $reflector; |
|
| 69 | + $this->session = $session; |
|
| 70 | + $this->throttler = $throttler; |
|
| 71 | + } |
|
| 72 | 72 | |
| 73 | - /** |
|
| 74 | - * This is being run in normal order before the controller is being |
|
| 75 | - * called which allows several modifications and checks |
|
| 76 | - * |
|
| 77 | - * @param Controller $controller the controller that is being called |
|
| 78 | - * @param string $methodName the name of the method that will be called on |
|
| 79 | - * the controller |
|
| 80 | - * @throws SecurityException |
|
| 81 | - * @since 6.0.0 |
|
| 82 | - */ |
|
| 83 | - public function beforeController($controller, $methodName){ |
|
| 84 | - // ensure that @CORS annotated API routes are not used in conjunction |
|
| 85 | - // with session authentication since this enables CSRF attack vectors |
|
| 86 | - if ($this->reflector->hasAnnotation('CORS') && |
|
| 87 | - !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 88 | - $user = $this->request->server['PHP_AUTH_USER']; |
|
| 89 | - $pass = $this->request->server['PHP_AUTH_PW']; |
|
| 73 | + /** |
|
| 74 | + * This is being run in normal order before the controller is being |
|
| 75 | + * called which allows several modifications and checks |
|
| 76 | + * |
|
| 77 | + * @param Controller $controller the controller that is being called |
|
| 78 | + * @param string $methodName the name of the method that will be called on |
|
| 79 | + * the controller |
|
| 80 | + * @throws SecurityException |
|
| 81 | + * @since 6.0.0 |
|
| 82 | + */ |
|
| 83 | + public function beforeController($controller, $methodName){ |
|
| 84 | + // ensure that @CORS annotated API routes are not used in conjunction |
|
| 85 | + // with session authentication since this enables CSRF attack vectors |
|
| 86 | + if ($this->reflector->hasAnnotation('CORS') && |
|
| 87 | + !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 88 | + $user = $this->request->server['PHP_AUTH_USER']; |
|
| 89 | + $pass = $this->request->server['PHP_AUTH_PW']; |
|
| 90 | 90 | |
| 91 | - $this->session->logout(); |
|
| 92 | - try { |
|
| 93 | - if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) { |
|
| 94 | - throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED); |
|
| 95 | - } |
|
| 96 | - } catch (PasswordLoginForbiddenException $ex) { |
|
| 97 | - throw new SecurityException('Password login forbidden, use token instead', Http::STATUS_UNAUTHORIZED); |
|
| 98 | - } |
|
| 99 | - } |
|
| 100 | - } |
|
| 91 | + $this->session->logout(); |
|
| 92 | + try { |
|
| 93 | + if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) { |
|
| 94 | + throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED); |
|
| 95 | + } |
|
| 96 | + } catch (PasswordLoginForbiddenException $ex) { |
|
| 97 | + throw new SecurityException('Password login forbidden, use token instead', Http::STATUS_UNAUTHORIZED); |
|
| 98 | + } |
|
| 99 | + } |
|
| 100 | + } |
|
| 101 | 101 | |
| 102 | - /** |
|
| 103 | - * This is being run after a successful controllermethod call and allows |
|
| 104 | - * the manipulation of a Response object. The middleware is run in reverse order |
|
| 105 | - * |
|
| 106 | - * @param Controller $controller the controller that is being called |
|
| 107 | - * @param string $methodName the name of the method that will be called on |
|
| 108 | - * the controller |
|
| 109 | - * @param Response $response the generated response from the controller |
|
| 110 | - * @return Response a Response object |
|
| 111 | - * @throws SecurityException |
|
| 112 | - */ |
|
| 113 | - public function afterController($controller, $methodName, Response $response){ |
|
| 114 | - // only react if its a CORS request and if the request sends origin and |
|
| 102 | + /** |
|
| 103 | + * This is being run after a successful controllermethod call and allows |
|
| 104 | + * the manipulation of a Response object. The middleware is run in reverse order |
|
| 105 | + * |
|
| 106 | + * @param Controller $controller the controller that is being called |
|
| 107 | + * @param string $methodName the name of the method that will be called on |
|
| 108 | + * the controller |
|
| 109 | + * @param Response $response the generated response from the controller |
|
| 110 | + * @return Response a Response object |
|
| 111 | + * @throws SecurityException |
|
| 112 | + */ |
|
| 113 | + public function afterController($controller, $methodName, Response $response){ |
|
| 114 | + // only react if its a CORS request and if the request sends origin and |
|
| 115 | 115 | |
| 116 | - if(isset($this->request->server['HTTP_ORIGIN']) && |
|
| 117 | - $this->reflector->hasAnnotation('CORS')) { |
|
| 116 | + if(isset($this->request->server['HTTP_ORIGIN']) && |
|
| 117 | + $this->reflector->hasAnnotation('CORS')) { |
|
| 118 | 118 | |
| 119 | - // allow credentials headers must not be true or CSRF is possible |
|
| 120 | - // otherwise |
|
| 121 | - foreach($response->getHeaders() as $header => $value) { |
|
| 122 | - if(strtolower($header) === 'access-control-allow-credentials' && |
|
| 123 | - strtolower(trim($value)) === 'true') { |
|
| 124 | - $msg = 'Access-Control-Allow-Credentials must not be '. |
|
| 125 | - 'set to true in order to prevent CSRF'; |
|
| 126 | - throw new SecurityException($msg); |
|
| 127 | - } |
|
| 128 | - } |
|
| 119 | + // allow credentials headers must not be true or CSRF is possible |
|
| 120 | + // otherwise |
|
| 121 | + foreach($response->getHeaders() as $header => $value) { |
|
| 122 | + if(strtolower($header) === 'access-control-allow-credentials' && |
|
| 123 | + strtolower(trim($value)) === 'true') { |
|
| 124 | + $msg = 'Access-Control-Allow-Credentials must not be '. |
|
| 125 | + 'set to true in order to prevent CSRF'; |
|
| 126 | + throw new SecurityException($msg); |
|
| 127 | + } |
|
| 128 | + } |
|
| 129 | 129 | |
| 130 | - $origin = $this->request->server['HTTP_ORIGIN']; |
|
| 131 | - $response->addHeader('Access-Control-Allow-Origin', $origin); |
|
| 132 | - } |
|
| 133 | - return $response; |
|
| 134 | - } |
|
| 130 | + $origin = $this->request->server['HTTP_ORIGIN']; |
|
| 131 | + $response->addHeader('Access-Control-Allow-Origin', $origin); |
|
| 132 | + } |
|
| 133 | + return $response; |
|
| 134 | + } |
|
| 135 | 135 | |
| 136 | - /** |
|
| 137 | - * If an SecurityException is being caught return a JSON error response |
|
| 138 | - * |
|
| 139 | - * @param Controller $controller the controller that is being called |
|
| 140 | - * @param string $methodName the name of the method that will be called on |
|
| 141 | - * the controller |
|
| 142 | - * @param \Exception $exception the thrown exception |
|
| 143 | - * @throws \Exception the passed in exception if it can't handle it |
|
| 144 | - * @return Response a Response object or null in case that the exception could not be handled |
|
| 145 | - */ |
|
| 146 | - public function afterException($controller, $methodName, \Exception $exception){ |
|
| 147 | - if($exception instanceof SecurityException){ |
|
| 148 | - $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | - if($exception->getCode() !== 0) { |
|
| 150 | - $response->setStatus($exception->getCode()); |
|
| 151 | - } else { |
|
| 152 | - $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); |
|
| 153 | - } |
|
| 154 | - return $response; |
|
| 155 | - } |
|
| 136 | + /** |
|
| 137 | + * If an SecurityException is being caught return a JSON error response |
|
| 138 | + * |
|
| 139 | + * @param Controller $controller the controller that is being called |
|
| 140 | + * @param string $methodName the name of the method that will be called on |
|
| 141 | + * the controller |
|
| 142 | + * @param \Exception $exception the thrown exception |
|
| 143 | + * @throws \Exception the passed in exception if it can't handle it |
|
| 144 | + * @return Response a Response object or null in case that the exception could not be handled |
|
| 145 | + */ |
|
| 146 | + public function afterException($controller, $methodName, \Exception $exception){ |
|
| 147 | + if($exception instanceof SecurityException){ |
|
| 148 | + $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | + if($exception->getCode() !== 0) { |
|
| 150 | + $response->setStatus($exception->getCode()); |
|
| 151 | + } else { |
|
| 152 | + $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); |
|
| 153 | + } |
|
| 154 | + return $response; |
|
| 155 | + } |
|
| 156 | 156 | |
| 157 | - throw $exception; |
|
| 158 | - } |
|
| 157 | + throw $exception; |
|
| 158 | + } |
|
| 159 | 159 | |
| 160 | 160 | } |
@@ -80,11 +80,11 @@ discard block |
||
| 80 | 80 | * @throws SecurityException |
| 81 | 81 | * @since 6.0.0 |
| 82 | 82 | */ |
| 83 | - public function beforeController($controller, $methodName){ |
|
| 83 | + public function beforeController($controller, $methodName) { |
|
| 84 | 84 | // ensure that @CORS annotated API routes are not used in conjunction |
| 85 | 85 | // with session authentication since this enables CSRF attack vectors |
| 86 | 86 | if ($this->reflector->hasAnnotation('CORS') && |
| 87 | - !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 87 | + !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 88 | 88 | $user = $this->request->server['PHP_AUTH_USER']; |
| 89 | 89 | $pass = $this->request->server['PHP_AUTH_PW']; |
| 90 | 90 | |
@@ -110,16 +110,16 @@ discard block |
||
| 110 | 110 | * @return Response a Response object |
| 111 | 111 | * @throws SecurityException |
| 112 | 112 | */ |
| 113 | - public function afterController($controller, $methodName, Response $response){ |
|
| 113 | + public function afterController($controller, $methodName, Response $response) { |
|
| 114 | 114 | // only react if its a CORS request and if the request sends origin and |
| 115 | 115 | |
| 116 | - if(isset($this->request->server['HTTP_ORIGIN']) && |
|
| 116 | + if (isset($this->request->server['HTTP_ORIGIN']) && |
|
| 117 | 117 | $this->reflector->hasAnnotation('CORS')) { |
| 118 | 118 | |
| 119 | 119 | // allow credentials headers must not be true or CSRF is possible |
| 120 | 120 | // otherwise |
| 121 | - foreach($response->getHeaders() as $header => $value) { |
|
| 122 | - if(strtolower($header) === 'access-control-allow-credentials' && |
|
| 121 | + foreach ($response->getHeaders() as $header => $value) { |
|
| 122 | + if (strtolower($header) === 'access-control-allow-credentials' && |
|
| 123 | 123 | strtolower(trim($value)) === 'true') { |
| 124 | 124 | $msg = 'Access-Control-Allow-Credentials must not be '. |
| 125 | 125 | 'set to true in order to prevent CSRF'; |
@@ -143,10 +143,10 @@ discard block |
||
| 143 | 143 | * @throws \Exception the passed in exception if it can't handle it |
| 144 | 144 | * @return Response a Response object or null in case that the exception could not be handled |
| 145 | 145 | */ |
| 146 | - public function afterException($controller, $methodName, \Exception $exception){ |
|
| 147 | - if($exception instanceof SecurityException){ |
|
| 148 | - $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | - if($exception->getCode() !== 0) { |
|
| 146 | + public function afterException($controller, $methodName, \Exception $exception) { |
|
| 147 | + if ($exception instanceof SecurityException) { |
|
| 148 | + $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | + if ($exception->getCode() !== 0) { |
|
| 150 | 150 | $response->setStatus($exception->getCode()); |
| 151 | 151 | } else { |
| 152 | 152 | $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); |
@@ -31,7 +31,7 @@ |
||
| 31 | 31 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 32 | 32 | */ |
| 33 | 33 | class NotConfirmedException extends SecurityException { |
| 34 | - public function __construct() { |
|
| 35 | - parent::__construct('Password confirmation is required', Http::STATUS_FORBIDDEN); |
|
| 36 | - } |
|
| 34 | + public function __construct() { |
|
| 35 | + parent::__construct('Password confirmation is required', Http::STATUS_FORBIDDEN); |
|
| 36 | + } |
|
| 37 | 37 | } |
@@ -34,7 +34,7 @@ |
||
| 34 | 34 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 35 | 35 | */ |
| 36 | 36 | class CrossSiteRequestForgeryException extends SecurityException { |
| 37 | - public function __construct() { |
|
| 38 | - parent::__construct('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | - } |
|
| 37 | + public function __construct() { |
|
| 38 | + parent::__construct('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | + } |
|
| 40 | 40 | } |
@@ -34,7 +34,7 @@ |
||
| 34 | 34 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 35 | 35 | */ |
| 36 | 36 | class AppNotEnabledException extends SecurityException { |
| 37 | - public function __construct() { |
|
| 38 | - parent::__construct('App is not enabled', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | - } |
|
| 37 | + public function __construct() { |
|
| 38 | + parent::__construct('App is not enabled', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | + } |
|
| 40 | 40 | } |
