nextcloud /
server
@@ -33,99 +33,99 @@ |
||
| 33 | 33 | * use server side events with caution, to many open requests can hang the server |
| 34 | 34 | */ |
| 35 | 35 | class OC_EventSource implements \OCP\IEventSource { |
| 36 | - /** |
|
| 37 | - * @var bool |
|
| 38 | - */ |
|
| 39 | - private $fallback; |
|
| 36 | + /** |
|
| 37 | + * @var bool |
|
| 38 | + */ |
|
| 39 | + private $fallback; |
|
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * @var int |
|
| 43 | - */ |
|
| 44 | - private $fallBackId = 0; |
|
| 41 | + /** |
|
| 42 | + * @var int |
|
| 43 | + */ |
|
| 44 | + private $fallBackId = 0; |
|
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * @var bool |
|
| 48 | - */ |
|
| 49 | - private $started = false; |
|
| 46 | + /** |
|
| 47 | + * @var bool |
|
| 48 | + */ |
|
| 49 | + private $started = false; |
|
| 50 | 50 | |
| 51 | - protected function init() { |
|
| 52 | - if ($this->started) { |
|
| 53 | - return; |
|
| 54 | - } |
|
| 55 | - $this->started = true; |
|
| 51 | + protected function init() { |
|
| 52 | + if ($this->started) { |
|
| 53 | + return; |
|
| 54 | + } |
|
| 55 | + $this->started = true; |
|
| 56 | 56 | |
| 57 | - // prevent php output buffering, caching and nginx buffering |
|
| 58 | - OC_Util::obEnd(); |
|
| 59 | - header('Cache-Control: no-cache'); |
|
| 60 | - header('X-Accel-Buffering: no'); |
|
| 61 | - $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true'; |
|
| 62 | - if ($this->fallback) { |
|
| 63 | - $this->fallBackId = (int)$_GET['fallback_id']; |
|
| 64 | - /** |
|
| 65 | - * FIXME: The default content-security-policy of ownCloud forbids inline |
|
| 66 | - * JavaScript for security reasons. IE starting on Windows 10 will |
|
| 67 | - * however also obey the CSP which will break the event source fallback. |
|
| 68 | - * |
|
| 69 | - * As a workaround thus we set a custom policy which allows the execution |
|
| 70 | - * of inline JavaScript. |
|
| 71 | - * |
|
| 72 | - * @link https://github.com/owncloud/core/issues/14286 |
|
| 73 | - */ |
|
| 74 | - header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'"); |
|
| 75 | - header("Content-Type: text/html"); |
|
| 76 | - echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy |
|
| 77 | - } else { |
|
| 78 | - header("Content-Type: text/event-stream"); |
|
| 79 | - } |
|
| 80 | - if(!\OC::$server->getRequest()->passesStrictCookieCheck()) { |
|
| 81 | - header('Location: '.\OC::$WEBROOT); |
|
| 82 | - exit(); |
|
| 83 | - } |
|
| 84 | - if (!\OC::$server->getRequest()->passesCSRFCheck()) { |
|
| 85 | - $this->send('error', 'Possible CSRF attack. Connection will be closed.'); |
|
| 86 | - $this->close(); |
|
| 87 | - exit(); |
|
| 88 | - } |
|
| 89 | - flush(); |
|
| 90 | - } |
|
| 57 | + // prevent php output buffering, caching and nginx buffering |
|
| 58 | + OC_Util::obEnd(); |
|
| 59 | + header('Cache-Control: no-cache'); |
|
| 60 | + header('X-Accel-Buffering: no'); |
|
| 61 | + $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true'; |
|
| 62 | + if ($this->fallback) { |
|
| 63 | + $this->fallBackId = (int)$_GET['fallback_id']; |
|
| 64 | + /** |
|
| 65 | + * FIXME: The default content-security-policy of ownCloud forbids inline |
|
| 66 | + * JavaScript for security reasons. IE starting on Windows 10 will |
|
| 67 | + * however also obey the CSP which will break the event source fallback. |
|
| 68 | + * |
|
| 69 | + * As a workaround thus we set a custom policy which allows the execution |
|
| 70 | + * of inline JavaScript. |
|
| 71 | + * |
|
| 72 | + * @link https://github.com/owncloud/core/issues/14286 |
|
| 73 | + */ |
|
| 74 | + header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'"); |
|
| 75 | + header("Content-Type: text/html"); |
|
| 76 | + echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy |
|
| 77 | + } else { |
|
| 78 | + header("Content-Type: text/event-stream"); |
|
| 79 | + } |
|
| 80 | + if(!\OC::$server->getRequest()->passesStrictCookieCheck()) { |
|
| 81 | + header('Location: '.\OC::$WEBROOT); |
|
| 82 | + exit(); |
|
| 83 | + } |
|
| 84 | + if (!\OC::$server->getRequest()->passesCSRFCheck()) { |
|
| 85 | + $this->send('error', 'Possible CSRF attack. Connection will be closed.'); |
|
| 86 | + $this->close(); |
|
| 87 | + exit(); |
|
| 88 | + } |
|
| 89 | + flush(); |
|
| 90 | + } |
|
| 91 | 91 | |
| 92 | - /** |
|
| 93 | - * send a message to the client |
|
| 94 | - * |
|
| 95 | - * @param string $type |
|
| 96 | - * @param mixed $data |
|
| 97 | - * |
|
| 98 | - * @throws \BadMethodCallException |
|
| 99 | - * if only one parameter is given, a typeless message will be send with that parameter as data |
|
| 100 | - * @suppress PhanDeprecatedFunction |
|
| 101 | - */ |
|
| 102 | - public function send($type, $data = null) { |
|
| 103 | - if ($data and !preg_match('/^[A-Za-z0-9_]+$/', $type)) { |
|
| 104 | - throw new BadMethodCallException('Type needs to be alphanumeric ('. $type .')'); |
|
| 105 | - } |
|
| 106 | - $this->init(); |
|
| 107 | - if (is_null($data)) { |
|
| 108 | - $data = $type; |
|
| 109 | - $type = null; |
|
| 110 | - } |
|
| 111 | - if ($this->fallback) { |
|
| 112 | - $response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack(' |
|
| 113 | - . $this->fallBackId . ',"' . $type . '",' . OC_JSON::encode($data) . ')</script>' . PHP_EOL; |
|
| 114 | - echo $response; |
|
| 115 | - } else { |
|
| 116 | - if ($type) { |
|
| 117 | - echo 'event: ' . $type . PHP_EOL; |
|
| 118 | - } |
|
| 119 | - echo 'data: ' . OC_JSON::encode($data) . PHP_EOL; |
|
| 120 | - } |
|
| 121 | - echo PHP_EOL; |
|
| 122 | - flush(); |
|
| 123 | - } |
|
| 92 | + /** |
|
| 93 | + * send a message to the client |
|
| 94 | + * |
|
| 95 | + * @param string $type |
|
| 96 | + * @param mixed $data |
|
| 97 | + * |
|
| 98 | + * @throws \BadMethodCallException |
|
| 99 | + * if only one parameter is given, a typeless message will be send with that parameter as data |
|
| 100 | + * @suppress PhanDeprecatedFunction |
|
| 101 | + */ |
|
| 102 | + public function send($type, $data = null) { |
|
| 103 | + if ($data and !preg_match('/^[A-Za-z0-9_]+$/', $type)) { |
|
| 104 | + throw new BadMethodCallException('Type needs to be alphanumeric ('. $type .')'); |
|
| 105 | + } |
|
| 106 | + $this->init(); |
|
| 107 | + if (is_null($data)) { |
|
| 108 | + $data = $type; |
|
| 109 | + $type = null; |
|
| 110 | + } |
|
| 111 | + if ($this->fallback) { |
|
| 112 | + $response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack(' |
|
| 113 | + . $this->fallBackId . ',"' . $type . '",' . OC_JSON::encode($data) . ')</script>' . PHP_EOL; |
|
| 114 | + echo $response; |
|
| 115 | + } else { |
|
| 116 | + if ($type) { |
|
| 117 | + echo 'event: ' . $type . PHP_EOL; |
|
| 118 | + } |
|
| 119 | + echo 'data: ' . OC_JSON::encode($data) . PHP_EOL; |
|
| 120 | + } |
|
| 121 | + echo PHP_EOL; |
|
| 122 | + flush(); |
|
| 123 | + } |
|
| 124 | 124 | |
| 125 | - /** |
|
| 126 | - * close the connection of the event source |
|
| 127 | - */ |
|
| 128 | - public function close() { |
|
| 129 | - $this->send('__internal__', 'close'); //server side closing can be an issue, let the client do it |
|
| 130 | - } |
|
| 125 | + /** |
|
| 126 | + * close the connection of the event source |
|
| 127 | + */ |
|
| 128 | + public function close() { |
|
| 129 | + $this->send('__internal__', 'close'); //server side closing can be an issue, let the client do it |
|
| 130 | + } |
|
| 131 | 131 | } |
@@ -60,7 +60,7 @@ discard block |
||
| 60 | 60 | header('X-Accel-Buffering: no'); |
| 61 | 61 | $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true'; |
| 62 | 62 | if ($this->fallback) { |
| 63 | - $this->fallBackId = (int)$_GET['fallback_id']; |
|
| 63 | + $this->fallBackId = (int) $_GET['fallback_id']; |
|
| 64 | 64 | /** |
| 65 | 65 | * FIXME: The default content-security-policy of ownCloud forbids inline |
| 66 | 66 | * JavaScript for security reasons. IE starting on Windows 10 will |
@@ -73,11 +73,11 @@ discard block |
||
| 73 | 73 | */ |
| 74 | 74 | header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'"); |
| 75 | 75 | header("Content-Type: text/html"); |
| 76 | - echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy |
|
| 76 | + echo str_repeat('<span></span>'.PHP_EOL, 10); //dummy data to keep IE happy |
|
| 77 | 77 | } else { |
| 78 | 78 | header("Content-Type: text/event-stream"); |
| 79 | 79 | } |
| 80 | - if(!\OC::$server->getRequest()->passesStrictCookieCheck()) { |
|
| 80 | + if (!\OC::$server->getRequest()->passesStrictCookieCheck()) { |
|
| 81 | 81 | header('Location: '.\OC::$WEBROOT); |
| 82 | 82 | exit(); |
| 83 | 83 | } |
@@ -101,7 +101,7 @@ discard block |
||
| 101 | 101 | */ |
| 102 | 102 | public function send($type, $data = null) { |
| 103 | 103 | if ($data and !preg_match('/^[A-Za-z0-9_]+$/', $type)) { |
| 104 | - throw new BadMethodCallException('Type needs to be alphanumeric ('. $type .')'); |
|
| 104 | + throw new BadMethodCallException('Type needs to be alphanumeric ('.$type.')'); |
|
| 105 | 105 | } |
| 106 | 106 | $this->init(); |
| 107 | 107 | if (is_null($data)) { |
@@ -110,13 +110,13 @@ discard block |
||
| 110 | 110 | } |
| 111 | 111 | if ($this->fallback) { |
| 112 | 112 | $response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack(' |
| 113 | - . $this->fallBackId . ',"' . $type . '",' . OC_JSON::encode($data) . ')</script>' . PHP_EOL; |
|
| 113 | + . $this->fallBackId.',"'.$type.'",'.OC_JSON::encode($data).')</script>'.PHP_EOL; |
|
| 114 | 114 | echo $response; |
| 115 | 115 | } else { |
| 116 | 116 | if ($type) { |
| 117 | - echo 'event: ' . $type . PHP_EOL; |
|
| 117 | + echo 'event: '.$type.PHP_EOL; |
|
| 118 | 118 | } |
| 119 | - echo 'data: ' . OC_JSON::encode($data) . PHP_EOL; |
|
| 119 | + echo 'data: '.OC_JSON::encode($data).PHP_EOL; |
|
| 120 | 120 | } |
| 121 | 121 | echo PHP_EOL; |
| 122 | 122 | flush(); |
@@ -38,125 +38,125 @@ |
||
| 38 | 38 | */ |
| 39 | 39 | class OC_JSON{ |
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * Check if the app is enabled, send json error msg if not |
|
| 43 | - * @param string $app |
|
| 44 | - * @deprecated Use the AppFramework instead. It will automatically check if the app is enabled. |
|
| 45 | - * @suppress PhanDeprecatedFunction |
|
| 46 | - */ |
|
| 47 | - public static function checkAppEnabled($app) { |
|
| 48 | - if( !\OC::$server->getAppManager()->isEnabledForUser($app)) { |
|
| 49 | - $l = \OC::$server->getL10N('lib'); |
|
| 50 | - self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' ))); |
|
| 51 | - exit(); |
|
| 52 | - } |
|
| 53 | - } |
|
| 41 | + /** |
|
| 42 | + * Check if the app is enabled, send json error msg if not |
|
| 43 | + * @param string $app |
|
| 44 | + * @deprecated Use the AppFramework instead. It will automatically check if the app is enabled. |
|
| 45 | + * @suppress PhanDeprecatedFunction |
|
| 46 | + */ |
|
| 47 | + public static function checkAppEnabled($app) { |
|
| 48 | + if( !\OC::$server->getAppManager()->isEnabledForUser($app)) { |
|
| 49 | + $l = \OC::$server->getL10N('lib'); |
|
| 50 | + self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' ))); |
|
| 51 | + exit(); |
|
| 52 | + } |
|
| 53 | + } |
|
| 54 | 54 | |
| 55 | - /** |
|
| 56 | - * Check if the user is logged in, send json error msg if not |
|
| 57 | - * @deprecated Use annotation based ACLs from the AppFramework instead |
|
| 58 | - * @suppress PhanDeprecatedFunction |
|
| 59 | - */ |
|
| 60 | - public static function checkLoggedIn() { |
|
| 61 | - $twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager(); |
|
| 62 | - if( !\OC::$server->getUserSession()->isLoggedIn() |
|
| 63 | - || $twoFactorAuthManger->needsSecondFactor(\OC::$server->getUserSession()->getUser())) { |
|
| 64 | - $l = \OC::$server->getL10N('lib'); |
|
| 65 | - http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED); |
|
| 66 | - self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 67 | - exit(); |
|
| 68 | - } |
|
| 69 | - } |
|
| 55 | + /** |
|
| 56 | + * Check if the user is logged in, send json error msg if not |
|
| 57 | + * @deprecated Use annotation based ACLs from the AppFramework instead |
|
| 58 | + * @suppress PhanDeprecatedFunction |
|
| 59 | + */ |
|
| 60 | + public static function checkLoggedIn() { |
|
| 61 | + $twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager(); |
|
| 62 | + if( !\OC::$server->getUserSession()->isLoggedIn() |
|
| 63 | + || $twoFactorAuthManger->needsSecondFactor(\OC::$server->getUserSession()->getUser())) { |
|
| 64 | + $l = \OC::$server->getL10N('lib'); |
|
| 65 | + http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED); |
|
| 66 | + self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 67 | + exit(); |
|
| 68 | + } |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - /** |
|
| 72 | - * Check an ajax get/post call if the request token is valid, send json error msg if not. |
|
| 73 | - * @deprecated Use annotation based CSRF checks from the AppFramework instead |
|
| 74 | - * @suppress PhanDeprecatedFunction |
|
| 75 | - */ |
|
| 76 | - public static function callCheck() { |
|
| 77 | - if(!\OC::$server->getRequest()->passesStrictCookieCheck()) { |
|
| 78 | - header('Location: '.\OC::$WEBROOT); |
|
| 79 | - exit(); |
|
| 80 | - } |
|
| 71 | + /** |
|
| 72 | + * Check an ajax get/post call if the request token is valid, send json error msg if not. |
|
| 73 | + * @deprecated Use annotation based CSRF checks from the AppFramework instead |
|
| 74 | + * @suppress PhanDeprecatedFunction |
|
| 75 | + */ |
|
| 76 | + public static function callCheck() { |
|
| 77 | + if(!\OC::$server->getRequest()->passesStrictCookieCheck()) { |
|
| 78 | + header('Location: '.\OC::$WEBROOT); |
|
| 79 | + exit(); |
|
| 80 | + } |
|
| 81 | 81 | |
| 82 | - if( !\OC::$server->getRequest()->passesCSRFCheck()) { |
|
| 83 | - $l = \OC::$server->getL10N('lib'); |
|
| 84 | - self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' ))); |
|
| 85 | - exit(); |
|
| 86 | - } |
|
| 87 | - } |
|
| 82 | + if( !\OC::$server->getRequest()->passesCSRFCheck()) { |
|
| 83 | + $l = \OC::$server->getL10N('lib'); |
|
| 84 | + self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' ))); |
|
| 85 | + exit(); |
|
| 86 | + } |
|
| 87 | + } |
|
| 88 | 88 | |
| 89 | - /** |
|
| 90 | - * Check if the user is a admin, send json error msg if not. |
|
| 91 | - * @deprecated Use annotation based ACLs from the AppFramework instead |
|
| 92 | - * @suppress PhanDeprecatedFunction |
|
| 93 | - */ |
|
| 94 | - public static function checkAdminUser() { |
|
| 95 | - if( !OC_User::isAdminUser(OC_User::getUser())) { |
|
| 96 | - $l = \OC::$server->getL10N('lib'); |
|
| 97 | - self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 98 | - exit(); |
|
| 99 | - } |
|
| 100 | - } |
|
| 89 | + /** |
|
| 90 | + * Check if the user is a admin, send json error msg if not. |
|
| 91 | + * @deprecated Use annotation based ACLs from the AppFramework instead |
|
| 92 | + * @suppress PhanDeprecatedFunction |
|
| 93 | + */ |
|
| 94 | + public static function checkAdminUser() { |
|
| 95 | + if( !OC_User::isAdminUser(OC_User::getUser())) { |
|
| 96 | + $l = \OC::$server->getL10N('lib'); |
|
| 97 | + self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 98 | + exit(); |
|
| 99 | + } |
|
| 100 | + } |
|
| 101 | 101 | |
| 102 | - /** |
|
| 103 | - * Check if the user is a subadmin, send json error msg if not |
|
| 104 | - * @deprecated Use annotation based ACLs from the AppFramework instead |
|
| 105 | - * @suppress PhanDeprecatedFunction |
|
| 106 | - */ |
|
| 107 | - public static function checkSubAdminUser() { |
|
| 108 | - $userObject = \OC::$server->getUserSession()->getUser(); |
|
| 109 | - $isSubAdmin = false; |
|
| 110 | - if($userObject !== null) { |
|
| 111 | - $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject); |
|
| 112 | - } |
|
| 102 | + /** |
|
| 103 | + * Check if the user is a subadmin, send json error msg if not |
|
| 104 | + * @deprecated Use annotation based ACLs from the AppFramework instead |
|
| 105 | + * @suppress PhanDeprecatedFunction |
|
| 106 | + */ |
|
| 107 | + public static function checkSubAdminUser() { |
|
| 108 | + $userObject = \OC::$server->getUserSession()->getUser(); |
|
| 109 | + $isSubAdmin = false; |
|
| 110 | + if($userObject !== null) { |
|
| 111 | + $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject); |
|
| 112 | + } |
|
| 113 | 113 | |
| 114 | - if(!$isSubAdmin) { |
|
| 115 | - $l = \OC::$server->getL10N('lib'); |
|
| 116 | - self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 117 | - exit(); |
|
| 118 | - } |
|
| 119 | - } |
|
| 114 | + if(!$isSubAdmin) { |
|
| 115 | + $l = \OC::$server->getL10N('lib'); |
|
| 116 | + self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 117 | + exit(); |
|
| 118 | + } |
|
| 119 | + } |
|
| 120 | 120 | |
| 121 | - /** |
|
| 122 | - * Send json error msg |
|
| 123 | - * @deprecated Use a AppFramework JSONResponse instead |
|
| 124 | - * @suppress PhanDeprecatedFunction |
|
| 125 | - */ |
|
| 126 | - public static function error($data = array()) { |
|
| 127 | - $data['status'] = 'error'; |
|
| 128 | - header( 'Content-Type: application/json; charset=utf-8'); |
|
| 129 | - echo self::encode($data); |
|
| 130 | - } |
|
| 121 | + /** |
|
| 122 | + * Send json error msg |
|
| 123 | + * @deprecated Use a AppFramework JSONResponse instead |
|
| 124 | + * @suppress PhanDeprecatedFunction |
|
| 125 | + */ |
|
| 126 | + public static function error($data = array()) { |
|
| 127 | + $data['status'] = 'error'; |
|
| 128 | + header( 'Content-Type: application/json; charset=utf-8'); |
|
| 129 | + echo self::encode($data); |
|
| 130 | + } |
|
| 131 | 131 | |
| 132 | - /** |
|
| 133 | - * Send json success msg |
|
| 134 | - * @deprecated Use a AppFramework JSONResponse instead |
|
| 135 | - * @suppress PhanDeprecatedFunction |
|
| 136 | - */ |
|
| 137 | - public static function success($data = array()) { |
|
| 138 | - $data['status'] = 'success'; |
|
| 139 | - header( 'Content-Type: application/json; charset=utf-8'); |
|
| 140 | - echo self::encode($data); |
|
| 141 | - } |
|
| 132 | + /** |
|
| 133 | + * Send json success msg |
|
| 134 | + * @deprecated Use a AppFramework JSONResponse instead |
|
| 135 | + * @suppress PhanDeprecatedFunction |
|
| 136 | + */ |
|
| 137 | + public static function success($data = array()) { |
|
| 138 | + $data['status'] = 'success'; |
|
| 139 | + header( 'Content-Type: application/json; charset=utf-8'); |
|
| 140 | + echo self::encode($data); |
|
| 141 | + } |
|
| 142 | 142 | |
| 143 | - /** |
|
| 144 | - * Convert OC_L10N_String to string, for use in json encodings |
|
| 145 | - */ |
|
| 146 | - protected static function to_string(&$value) { |
|
| 147 | - if ($value instanceof \OC\L10N\L10NString) { |
|
| 148 | - $value = (string)$value; |
|
| 149 | - } |
|
| 150 | - } |
|
| 143 | + /** |
|
| 144 | + * Convert OC_L10N_String to string, for use in json encodings |
|
| 145 | + */ |
|
| 146 | + protected static function to_string(&$value) { |
|
| 147 | + if ($value instanceof \OC\L10N\L10NString) { |
|
| 148 | + $value = (string)$value; |
|
| 149 | + } |
|
| 150 | + } |
|
| 151 | 151 | |
| 152 | - /** |
|
| 153 | - * Encode JSON |
|
| 154 | - * @deprecated Use a AppFramework JSONResponse instead |
|
| 155 | - */ |
|
| 156 | - public static function encode($data) { |
|
| 157 | - if (is_array($data)) { |
|
| 158 | - array_walk_recursive($data, array('OC_JSON', 'to_string')); |
|
| 159 | - } |
|
| 160 | - return json_encode($data, JSON_HEX_TAG); |
|
| 161 | - } |
|
| 152 | + /** |
|
| 153 | + * Encode JSON |
|
| 154 | + * @deprecated Use a AppFramework JSONResponse instead |
|
| 155 | + */ |
|
| 156 | + public static function encode($data) { |
|
| 157 | + if (is_array($data)) { |
|
| 158 | + array_walk_recursive($data, array('OC_JSON', 'to_string')); |
|
| 159 | + } |
|
| 160 | + return json_encode($data, JSON_HEX_TAG); |
|
| 161 | + } |
|
| 162 | 162 | } |
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | * Class OC_JSON |
| 37 | 37 | * @deprecated Use a AppFramework JSONResponse instead |
| 38 | 38 | */ |
| 39 | -class OC_JSON{ |
|
| 39 | +class OC_JSON { |
|
| 40 | 40 | |
| 41 | 41 | /** |
| 42 | 42 | * Check if the app is enabled, send json error msg if not |
@@ -45,9 +45,9 @@ discard block |
||
| 45 | 45 | * @suppress PhanDeprecatedFunction |
| 46 | 46 | */ |
| 47 | 47 | public static function checkAppEnabled($app) { |
| 48 | - if( !\OC::$server->getAppManager()->isEnabledForUser($app)) { |
|
| 48 | + if (!\OC::$server->getAppManager()->isEnabledForUser($app)) { |
|
| 49 | 49 | $l = \OC::$server->getL10N('lib'); |
| 50 | - self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' ))); |
|
| 50 | + self::error(array('data' => array('message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled'))); |
|
| 51 | 51 | exit(); |
| 52 | 52 | } |
| 53 | 53 | } |
@@ -59,11 +59,11 @@ discard block |
||
| 59 | 59 | */ |
| 60 | 60 | public static function checkLoggedIn() { |
| 61 | 61 | $twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager(); |
| 62 | - if( !\OC::$server->getUserSession()->isLoggedIn() |
|
| 62 | + if (!\OC::$server->getUserSession()->isLoggedIn() |
|
| 63 | 63 | || $twoFactorAuthManger->needsSecondFactor(\OC::$server->getUserSession()->getUser())) { |
| 64 | 64 | $l = \OC::$server->getL10N('lib'); |
| 65 | 65 | http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED); |
| 66 | - self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 66 | + self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error'))); |
|
| 67 | 67 | exit(); |
| 68 | 68 | } |
| 69 | 69 | } |
@@ -74,14 +74,14 @@ discard block |
||
| 74 | 74 | * @suppress PhanDeprecatedFunction |
| 75 | 75 | */ |
| 76 | 76 | public static function callCheck() { |
| 77 | - if(!\OC::$server->getRequest()->passesStrictCookieCheck()) { |
|
| 77 | + if (!\OC::$server->getRequest()->passesStrictCookieCheck()) { |
|
| 78 | 78 | header('Location: '.\OC::$WEBROOT); |
| 79 | 79 | exit(); |
| 80 | 80 | } |
| 81 | 81 | |
| 82 | - if( !\OC::$server->getRequest()->passesCSRFCheck()) { |
|
| 82 | + if (!\OC::$server->getRequest()->passesCSRFCheck()) { |
|
| 83 | 83 | $l = \OC::$server->getL10N('lib'); |
| 84 | - self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' ))); |
|
| 84 | + self::error(array('data' => array('message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired'))); |
|
| 85 | 85 | exit(); |
| 86 | 86 | } |
| 87 | 87 | } |
@@ -92,9 +92,9 @@ discard block |
||
| 92 | 92 | * @suppress PhanDeprecatedFunction |
| 93 | 93 | */ |
| 94 | 94 | public static function checkAdminUser() { |
| 95 | - if( !OC_User::isAdminUser(OC_User::getUser())) { |
|
| 95 | + if (!OC_User::isAdminUser(OC_User::getUser())) { |
|
| 96 | 96 | $l = \OC::$server->getL10N('lib'); |
| 97 | - self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 97 | + self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error'))); |
|
| 98 | 98 | exit(); |
| 99 | 99 | } |
| 100 | 100 | } |
@@ -107,13 +107,13 @@ discard block |
||
| 107 | 107 | public static function checkSubAdminUser() { |
| 108 | 108 | $userObject = \OC::$server->getUserSession()->getUser(); |
| 109 | 109 | $isSubAdmin = false; |
| 110 | - if($userObject !== null) { |
|
| 110 | + if ($userObject !== null) { |
|
| 111 | 111 | $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject); |
| 112 | 112 | } |
| 113 | 113 | |
| 114 | - if(!$isSubAdmin) { |
|
| 114 | + if (!$isSubAdmin) { |
|
| 115 | 115 | $l = \OC::$server->getL10N('lib'); |
| 116 | - self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ))); |
|
| 116 | + self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error'))); |
|
| 117 | 117 | exit(); |
| 118 | 118 | } |
| 119 | 119 | } |
@@ -125,7 +125,7 @@ discard block |
||
| 125 | 125 | */ |
| 126 | 126 | public static function error($data = array()) { |
| 127 | 127 | $data['status'] = 'error'; |
| 128 | - header( 'Content-Type: application/json; charset=utf-8'); |
|
| 128 | + header('Content-Type: application/json; charset=utf-8'); |
|
| 129 | 129 | echo self::encode($data); |
| 130 | 130 | } |
| 131 | 131 | |
@@ -136,7 +136,7 @@ discard block |
||
| 136 | 136 | */ |
| 137 | 137 | public static function success($data = array()) { |
| 138 | 138 | $data['status'] = 'success'; |
| 139 | - header( 'Content-Type: application/json; charset=utf-8'); |
|
| 139 | + header('Content-Type: application/json; charset=utf-8'); |
|
| 140 | 140 | echo self::encode($data); |
| 141 | 141 | } |
| 142 | 142 | |
@@ -145,7 +145,7 @@ discard block |
||
| 145 | 145 | */ |
| 146 | 146 | protected static function to_string(&$value) { |
| 147 | 147 | if ($value instanceof \OC\L10N\L10NString) { |
| 148 | - $value = (string)$value; |
|
| 148 | + $value = (string) $value; |
|
| 149 | 149 | } |
| 150 | 150 | } |
| 151 | 151 | |
@@ -41,126 +41,126 @@ |
||
| 41 | 41 | * @deprecated 8.1.0 Use a AppFramework JSONResponse instead |
| 42 | 42 | */ |
| 43 | 43 | class JSON { |
| 44 | - /** |
|
| 45 | - * Check if the user is logged in, send json error msg if not. |
|
| 46 | - * |
|
| 47 | - * This method checks if a user is logged in. If not, a json error |
|
| 48 | - * response will be return and the method will exit from execution |
|
| 49 | - * of the script. |
|
| 50 | - * The returned json will be in the format: |
|
| 51 | - * |
|
| 52 | - * {"status":"error","data":{"message":"Authentication error."}} |
|
| 53 | - * |
|
| 54 | - * Add this call to the start of all ajax method files that requires |
|
| 55 | - * an authenticated user. |
|
| 56 | - * @deprecated 8.1.0 Use annotation based ACLs from the AppFramework instead |
|
| 57 | - * |
|
| 58 | - * @suppress PhanDeprecatedFunction |
|
| 59 | - */ |
|
| 60 | - public static function checkLoggedIn() { |
|
| 61 | - \OC_JSON::checkLoggedIn(); |
|
| 62 | - } |
|
| 44 | + /** |
|
| 45 | + * Check if the user is logged in, send json error msg if not. |
|
| 46 | + * |
|
| 47 | + * This method checks if a user is logged in. If not, a json error |
|
| 48 | + * response will be return and the method will exit from execution |
|
| 49 | + * of the script. |
|
| 50 | + * The returned json will be in the format: |
|
| 51 | + * |
|
| 52 | + * {"status":"error","data":{"message":"Authentication error."}} |
|
| 53 | + * |
|
| 54 | + * Add this call to the start of all ajax method files that requires |
|
| 55 | + * an authenticated user. |
|
| 56 | + * @deprecated 8.1.0 Use annotation based ACLs from the AppFramework instead |
|
| 57 | + * |
|
| 58 | + * @suppress PhanDeprecatedFunction |
|
| 59 | + */ |
|
| 60 | + public static function checkLoggedIn() { |
|
| 61 | + \OC_JSON::checkLoggedIn(); |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - /** |
|
| 65 | - * Check an ajax get/post call if the request token is valid. |
|
| 66 | - * |
|
| 67 | - * This method checks for a valid variable 'requesttoken' in $_GET, |
|
| 68 | - * $_POST and $_SERVER. If a valid token is not found, a json error |
|
| 69 | - * response will be return and the method will exit from execution |
|
| 70 | - * of the script. |
|
| 71 | - * The returned json will be in the format: |
|
| 72 | - * |
|
| 73 | - * {"status":"error","data":{"message":"Token expired. Please reload page."}} |
|
| 74 | - * |
|
| 75 | - * Add this call to the start of all ajax method files that creates, |
|
| 76 | - * updates or deletes anything. |
|
| 77 | - * In cases where you e.g. use an ajax call to load a dialog containing |
|
| 78 | - * a submittable form, you will need to add the requesttoken first as a |
|
| 79 | - * parameter to the ajax call, then assign it to the template and finally |
|
| 80 | - * add a hidden input field also named 'requesttoken' containing the value. |
|
| 81 | - * @deprecated 8.1.0 Use annotation based CSRF checks from the AppFramework instead |
|
| 82 | - * |
|
| 83 | - * @suppress PhanDeprecatedFunction |
|
| 84 | - */ |
|
| 85 | - public static function callCheck() { |
|
| 86 | - \OC_JSON::callCheck(); |
|
| 87 | - } |
|
| 64 | + /** |
|
| 65 | + * Check an ajax get/post call if the request token is valid. |
|
| 66 | + * |
|
| 67 | + * This method checks for a valid variable 'requesttoken' in $_GET, |
|
| 68 | + * $_POST and $_SERVER. If a valid token is not found, a json error |
|
| 69 | + * response will be return and the method will exit from execution |
|
| 70 | + * of the script. |
|
| 71 | + * The returned json will be in the format: |
|
| 72 | + * |
|
| 73 | + * {"status":"error","data":{"message":"Token expired. Please reload page."}} |
|
| 74 | + * |
|
| 75 | + * Add this call to the start of all ajax method files that creates, |
|
| 76 | + * updates or deletes anything. |
|
| 77 | + * In cases where you e.g. use an ajax call to load a dialog containing |
|
| 78 | + * a submittable form, you will need to add the requesttoken first as a |
|
| 79 | + * parameter to the ajax call, then assign it to the template and finally |
|
| 80 | + * add a hidden input field also named 'requesttoken' containing the value. |
|
| 81 | + * @deprecated 8.1.0 Use annotation based CSRF checks from the AppFramework instead |
|
| 82 | + * |
|
| 83 | + * @suppress PhanDeprecatedFunction |
|
| 84 | + */ |
|
| 85 | + public static function callCheck() { |
|
| 86 | + \OC_JSON::callCheck(); |
|
| 87 | + } |
|
| 88 | 88 | |
| 89 | - /** |
|
| 90 | - * Send json success msg |
|
| 91 | - * |
|
| 92 | - * Return a json success message with optional extra data. |
|
| 93 | - * @see \OCP\JSON::error() for the format to use. |
|
| 94 | - * |
|
| 95 | - * @param array $data The data to use |
|
| 96 | - * @deprecated 8.1.0 Use a AppFramework JSONResponse instead |
|
| 97 | - * @suppress PhanDeprecatedFunction |
|
| 98 | - */ |
|
| 99 | - public static function success( $data = array() ) { |
|
| 100 | - \OC_JSON::success($data); |
|
| 101 | - } |
|
| 89 | + /** |
|
| 90 | + * Send json success msg |
|
| 91 | + * |
|
| 92 | + * Return a json success message with optional extra data. |
|
| 93 | + * @see \OCP\JSON::error() for the format to use. |
|
| 94 | + * |
|
| 95 | + * @param array $data The data to use |
|
| 96 | + * @deprecated 8.1.0 Use a AppFramework JSONResponse instead |
|
| 97 | + * @suppress PhanDeprecatedFunction |
|
| 98 | + */ |
|
| 99 | + public static function success( $data = array() ) { |
|
| 100 | + \OC_JSON::success($data); |
|
| 101 | + } |
|
| 102 | 102 | |
| 103 | - /** |
|
| 104 | - * Send json error msg |
|
| 105 | - * |
|
| 106 | - * Return a json error message with optional extra data for |
|
| 107 | - * error message or app specific data. |
|
| 108 | - * |
|
| 109 | - * Example use: |
|
| 110 | - * |
|
| 111 | - * $id = [some value] |
|
| 112 | - * OCP\JSON::error(array('data':array('message':'An error happened', 'id': $id))); |
|
| 113 | - * |
|
| 114 | - * Will return the json formatted string: |
|
| 115 | - * |
|
| 116 | - * {"status":"error","data":{"message":"An error happened", "id":[some value]}} |
|
| 117 | - * |
|
| 118 | - * @param array $data The data to use |
|
| 119 | - * @deprecated 8.1.0 Use a AppFramework JSONResponse instead |
|
| 120 | - * @suppress PhanDeprecatedFunction |
|
| 121 | - */ |
|
| 122 | - public static function error( $data = array() ) { |
|
| 123 | - \OC_JSON::error($data); |
|
| 124 | - } |
|
| 103 | + /** |
|
| 104 | + * Send json error msg |
|
| 105 | + * |
|
| 106 | + * Return a json error message with optional extra data for |
|
| 107 | + * error message or app specific data. |
|
| 108 | + * |
|
| 109 | + * Example use: |
|
| 110 | + * |
|
| 111 | + * $id = [some value] |
|
| 112 | + * OCP\JSON::error(array('data':array('message':'An error happened', 'id': $id))); |
|
| 113 | + * |
|
| 114 | + * Will return the json formatted string: |
|
| 115 | + * |
|
| 116 | + * {"status":"error","data":{"message":"An error happened", "id":[some value]}} |
|
| 117 | + * |
|
| 118 | + * @param array $data The data to use |
|
| 119 | + * @deprecated 8.1.0 Use a AppFramework JSONResponse instead |
|
| 120 | + * @suppress PhanDeprecatedFunction |
|
| 121 | + */ |
|
| 122 | + public static function error( $data = array() ) { |
|
| 123 | + \OC_JSON::error($data); |
|
| 124 | + } |
|
| 125 | 125 | |
| 126 | - /** |
|
| 127 | - * Check if the App is enabled and send JSON error message instead |
|
| 128 | - * |
|
| 129 | - * This method checks if a specific app is enabled. If not, a json error |
|
| 130 | - * response will be return and the method will exit from execution |
|
| 131 | - * of the script. |
|
| 132 | - * The returned json will be in the format: |
|
| 133 | - * |
|
| 134 | - * {"status":"error","data":{"message":"Application is not enabled."}} |
|
| 135 | - * |
|
| 136 | - * Add this call to the start of all ajax method files that requires |
|
| 137 | - * a specific app to be enabled. |
|
| 138 | - * |
|
| 139 | - * @param string $app The app to check |
|
| 140 | - * @deprecated 8.1.0 Use the AppFramework instead. It will automatically check if the app is enabled. |
|
| 141 | - * @suppress PhanDeprecatedFunction |
|
| 142 | - */ |
|
| 143 | - public static function checkAppEnabled( $app ) { |
|
| 144 | - \OC_JSON::checkAppEnabled($app); |
|
| 145 | - } |
|
| 126 | + /** |
|
| 127 | + * Check if the App is enabled and send JSON error message instead |
|
| 128 | + * |
|
| 129 | + * This method checks if a specific app is enabled. If not, a json error |
|
| 130 | + * response will be return and the method will exit from execution |
|
| 131 | + * of the script. |
|
| 132 | + * The returned json will be in the format: |
|
| 133 | + * |
|
| 134 | + * {"status":"error","data":{"message":"Application is not enabled."}} |
|
| 135 | + * |
|
| 136 | + * Add this call to the start of all ajax method files that requires |
|
| 137 | + * a specific app to be enabled. |
|
| 138 | + * |
|
| 139 | + * @param string $app The app to check |
|
| 140 | + * @deprecated 8.1.0 Use the AppFramework instead. It will automatically check if the app is enabled. |
|
| 141 | + * @suppress PhanDeprecatedFunction |
|
| 142 | + */ |
|
| 143 | + public static function checkAppEnabled( $app ) { |
|
| 144 | + \OC_JSON::checkAppEnabled($app); |
|
| 145 | + } |
|
| 146 | 146 | |
| 147 | - /** |
|
| 148 | - * Check if the user is a admin, send json error msg if not |
|
| 149 | - * |
|
| 150 | - * This method checks if the current user has admin rights. If not, a json error |
|
| 151 | - * response will be return and the method will exit from execution |
|
| 152 | - * of the script. |
|
| 153 | - * The returned json will be in the format: |
|
| 154 | - * |
|
| 155 | - * {"status":"error","data":{"message":"Authentication error."}} |
|
| 156 | - * |
|
| 157 | - * Add this call to the start of all ajax method files that requires |
|
| 158 | - * administrative rights. |
|
| 159 | - * |
|
| 160 | - * @deprecated 8.1.0 Use annotation based ACLs from the AppFramework instead |
|
| 161 | - * @suppress PhanDeprecatedFunction |
|
| 162 | - */ |
|
| 163 | - public static function checkAdminUser() { |
|
| 164 | - \OC_JSON::checkAdminUser(); |
|
| 165 | - } |
|
| 147 | + /** |
|
| 148 | + * Check if the user is a admin, send json error msg if not |
|
| 149 | + * |
|
| 150 | + * This method checks if the current user has admin rights. If not, a json error |
|
| 151 | + * response will be return and the method will exit from execution |
|
| 152 | + * of the script. |
|
| 153 | + * The returned json will be in the format: |
|
| 154 | + * |
|
| 155 | + * {"status":"error","data":{"message":"Authentication error."}} |
|
| 156 | + * |
|
| 157 | + * Add this call to the start of all ajax method files that requires |
|
| 158 | + * administrative rights. |
|
| 159 | + * |
|
| 160 | + * @deprecated 8.1.0 Use annotation based ACLs from the AppFramework instead |
|
| 161 | + * @suppress PhanDeprecatedFunction |
|
| 162 | + */ |
|
| 163 | + public static function checkAdminUser() { |
|
| 164 | + \OC_JSON::checkAdminUser(); |
|
| 165 | + } |
|
| 166 | 166 | } |
@@ -96,7 +96,7 @@ discard block |
||
| 96 | 96 | * @deprecated 8.1.0 Use a AppFramework JSONResponse instead |
| 97 | 97 | * @suppress PhanDeprecatedFunction |
| 98 | 98 | */ |
| 99 | - public static function success( $data = array() ) { |
|
| 99 | + public static function success($data = array()) { |
|
| 100 | 100 | \OC_JSON::success($data); |
| 101 | 101 | } |
| 102 | 102 | |
@@ -119,7 +119,7 @@ discard block |
||
| 119 | 119 | * @deprecated 8.1.0 Use a AppFramework JSONResponse instead |
| 120 | 120 | * @suppress PhanDeprecatedFunction |
| 121 | 121 | */ |
| 122 | - public static function error( $data = array() ) { |
|
| 122 | + public static function error($data = array()) { |
|
| 123 | 123 | \OC_JSON::error($data); |
| 124 | 124 | } |
| 125 | 125 | |
@@ -140,7 +140,7 @@ discard block |
||
| 140 | 140 | * @deprecated 8.1.0 Use the AppFramework instead. It will automatically check if the app is enabled. |
| 141 | 141 | * @suppress PhanDeprecatedFunction |
| 142 | 142 | */ |
| 143 | - public static function checkAppEnabled( $app ) { |
|
| 143 | + public static function checkAppEnabled($app) { |
|
| 144 | 144 | \OC_JSON::checkAppEnabled($app); |
| 145 | 145 | } |
| 146 | 146 | |
