nextcloud / server

lib/private/Encryption/Util.php

Spacing +8 added lines, -8 removed lines

@@ -96,7 +96,7 @@ 
 		$this->config = $config;
 
 		$this->excludedPaths[] = 'files_encryption';
-		$this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
+		$this->excludedPaths[] = 'appdata_'.$config->getSystemValue('instanceid', null);
 		$this->excludedPaths[] = 'files_external';
 	}
 
@@ -136,12 +136,12 @@ 
 	 * @throws EncryptionHeaderKeyExistsException if header key is already in use
 	 */
 	public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
-		$header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
+		$header = self::HEADER_START.':'.self::HEADER_ENCRYPTION_MODULE_KEY.':'.$encryptionModule->getId().':';
 		foreach ($headerData as $key => $value) {
 			if (in_array($key, $this->ocHeaderKeys)) {
 				throw new EncryptionHeaderKeyExistsException($key);
 			}
-			$header .= $key . ':' . $value . ':';
+			$header .= $key.':'.$value.':';
 		}
 		$header .= self::HEADER_END;
 
@@ -172,7 +172,7 @@ 
 				if ($c->getType() === 'dir') {
 					$dirList[] = $c->getPath();
 				} else {
-					$result[] =  $c->getPath();
+					$result[] = $c->getPath();
 				}
 			}
 
@@ -249,15 +249,15 @@ 
 	public function stripPartialFileExtension($path) {
 		$extension = pathinfo($path, PATHINFO_EXTENSION);
 
-		if ( $extension === 'part') {
+		if ($extension === 'part') {
 
 			$newLength = strlen($path) - 5; // 5 = strlen(".part")
 			$fPath = substr($path, 0, $newLength);
 
 			// if path also contains a transaction id, we remove it too
 			$extension = pathinfo($fPath, PATHINFO_EXTENSION);
-			if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
-				$newLength = strlen($fPath) - strlen($extension) -1;
+			if (substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
+				$newLength = strlen($fPath) - strlen($extension) - 1;
 				$fPath = substr($fPath, 0, $newLength);
 			}
 			return $fPath;
@@ -301,7 +301,7 @@ 
 		if (\OCP\App::isEnabled("files_external")) {
 			$mounts = \OC_Mount_Config::getSystemMountPoints();
 			foreach ($mounts as $mount) {
-				if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
+				if (strpos($path, '/files/'.$mount['mountpoint']) === 0) {
 					if ($this->isMountPointApplicableToUser($mount, $uid)) {
 						return true;
 					}

Indentation +369 added lines, -369 removed lines

@@ -39,374 +39,374 @@
 
 class Util {
 
-	const HEADER_START = 'HBEGIN';
-	const HEADER_END = 'HEND';
-	const HEADER_PADDING_CHAR = '-';
-
-	const HEADER_ENCRYPTION_MODULE_KEY = 'oc_encryption_module';
-
-	/**
-	 * block size will always be 8192 for a PHP stream
-	 * @see https://bugs.php.net/bug.php?id=21641
-	 * @var integer
-	 */
-	protected $headerSize = 8192;
-
-	/**
-	 * block size will always be 8192 for a PHP stream
-	 * @see https://bugs.php.net/bug.php?id=21641
-	 * @var integer
-	 */
-	protected $blockSize = 8192;
-
-	/** @var View */
-	protected $rootView;
-
-	/** @var array */
-	protected $ocHeaderKeys;
-
-	/** @var \OC\User\Manager */
-	protected $userManager;
-
-	/** @var IConfig */
-	protected $config;
-
-	/** @var array paths excluded from encryption */
-	protected $excludedPaths;
-
-	/** @var \OC\Group\Manager $manager */
-	protected $groupManager;
-
-	/**
-	 *
-	 * @param View $rootView
-	 * @param \OC\User\Manager $userManager
-	 * @param \OC\Group\Manager $groupManager
-	 * @param IConfig $config
-	 */
-	public function __construct(
-		View $rootView,
-		\OC\User\Manager $userManager,
-		\OC\Group\Manager $groupManager,
-		IConfig $config) {
-
-		$this->ocHeaderKeys = [
-			self::HEADER_ENCRYPTION_MODULE_KEY
-		];
-
-		$this->rootView = $rootView;
-		$this->userManager = $userManager;
-		$this->groupManager = $groupManager;
-		$this->config = $config;
-
-		$this->excludedPaths[] = 'files_encryption';
-		$this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
-		$this->excludedPaths[] = 'files_external';
-	}
-
-	/**
-	 * read encryption module ID from header
-	 *
-	 * @param array $header
-	 * @return string
-	 * @throws ModuleDoesNotExistsException
-	 */
-	public function getEncryptionModuleId(array $header = null) {
-		$id = '';
-		$encryptionModuleKey = self::HEADER_ENCRYPTION_MODULE_KEY;
-
-		if (isset($header[$encryptionModuleKey])) {
-			$id = $header[$encryptionModuleKey];
-		} elseif (isset($header['cipher'])) {
-			if (class_exists('\OCA\Encryption\Crypto\Encryption')) {
-				// fall back to default encryption if the user migrated from
-				// ownCloud <= 8.0 with the old encryption
-				$id = \OCA\Encryption\Crypto\Encryption::ID;
-			} else {
-				throw new ModuleDoesNotExistsException('Default encryption module missing');
-			}
-		}
-
-		return $id;
-	}
-
-	/**
-	 * create header for encrypted file
-	 *
-	 * @param array $headerData
-	 * @param IEncryptionModule $encryptionModule
-	 * @return string
-	 * @throws EncryptionHeaderToLargeException if header has to many arguments
-	 * @throws EncryptionHeaderKeyExistsException if header key is already in use
-	 */
-	public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
-		$header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
-		foreach ($headerData as $key => $value) {
-			if (in_array($key, $this->ocHeaderKeys)) {
-				throw new EncryptionHeaderKeyExistsException($key);
-			}
-			$header .= $key . ':' . $value . ':';
-		}
-		$header .= self::HEADER_END;
-
-		if (strlen($header) > $this->getHeaderSize()) {
-			throw new EncryptionHeaderToLargeException();
-		}
-
-		$paddedHeader = str_pad($header, $this->headerSize, self::HEADER_PADDING_CHAR, STR_PAD_RIGHT);
-
-		return $paddedHeader;
-	}
-
-	/**
-	 * go recursively through a dir and collect all files and sub files.
-	 *
-	 * @param string $dir relative to the users files folder
-	 * @return array with list of files relative to the users files folder
-	 */
-	public function getAllFiles($dir) {
-		$result = array();
-		$dirList = array($dir);
-
-		while ($dirList) {
-			$dir = array_pop($dirList);
-			$content = $this->rootView->getDirectoryContent($dir);
-
-			foreach ($content as $c) {
-				if ($c->getType() === 'dir') {
-					$dirList[] = $c->getPath();
-				} else {
-					$result[] =  $c->getPath();
-				}
-			}
-
-		}
-
-		return $result;
-	}
-
-	/**
-	 * check if it is a file uploaded by the user stored in data/user/files
-	 * or a metadata file
-	 *
-	 * @param string $path relative to the data/ folder
-	 * @return boolean
-	 */
-	public function isFile($path) {
-		$parts = explode('/', Filesystem::normalizePath($path), 4);
-		if (isset($parts[2]) && $parts[2] === 'files') {
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * return size of encryption header
-	 *
-	 * @return integer
-	 */
-	public function getHeaderSize() {
-		return $this->headerSize;
-	}
-
-	/**
-	 * return size of block read by a PHP stream
-	 *
-	 * @return integer
-	 */
-	public function getBlockSize() {
-		return $this->blockSize;
-	}
-
-	/**
-	 * get the owner and the path for the file relative to the owners files folder
-	 *
-	 * @param string $path
-	 * @return array
-	 * @throws \BadMethodCallException
-	 */
-	public function getUidAndFilename($path) {
-
-		$parts = explode('/', $path);
-		$uid = '';
-		if (count($parts) > 2) {
-			$uid = $parts[1];
-		}
-		if (!$this->userManager->userExists($uid)) {
-			throw new \BadMethodCallException(
-				'path needs to be relative to the system wide data folder and point to a user specific file'
-			);
-		}
-
-		$ownerPath = implode('/', array_slice($parts, 2));
-
-		return array($uid, Filesystem::normalizePath($ownerPath));
-
-	}
-
-	/**
-	 * Remove .path extension from a file path
-	 * @param string $path Path that may identify a .part file
-	 * @return string File path without .part extension
-	 * @note this is needed for reusing keys
-	 */
-	public function stripPartialFileExtension($path) {
-		$extension = pathinfo($path, PATHINFO_EXTENSION);
-
-		if ( $extension === 'part') {
-
-			$newLength = strlen($path) - 5; // 5 = strlen(".part")
-			$fPath = substr($path, 0, $newLength);
-
-			// if path also contains a transaction id, we remove it too
-			$extension = pathinfo($fPath, PATHINFO_EXTENSION);
-			if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
-				$newLength = strlen($fPath) - strlen($extension) -1;
-				$fPath = substr($fPath, 0, $newLength);
-			}
-			return $fPath;
-
-		} else {
-			return $path;
-		}
-	}
-
-	public function getUserWithAccessToMountPoint($users, $groups) {
-		$result = [];
-		if (in_array('all', $users)) {
-			$users = $this->userManager->search('', null, null);
-			$result = array_map(function(IUser $user) {
-				return $user->getUID();
-			}, $users);
-		} else {
-			$result = array_merge($result, $users);
-
-			$groupManager = \OC::$server->getGroupManager();
-			foreach ($groups as $group) {
-				$groupObject = $groupManager->get($group);
-				if ($groupObject) {
-					$foundUsers = $groupObject->searchUsers('', -1, 0);
-					$userIds = [];
-					foreach ($foundUsers as $user) {
-						$userIds[] = $user->getUID();
-					}
-					$result = array_merge($result, $userIds);
-				}
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * check if the file is stored on a system wide mount point
-	 * @param string $path relative to /data/user with leading '/'
-	 * @param string $uid
-	 * @return boolean
-	 */
-	public function isSystemWideMountPoint($path, $uid) {
-		if (\OCP\App::isEnabled("files_external")) {
-			$mounts = \OC_Mount_Config::getSystemMountPoints();
-			foreach ($mounts as $mount) {
-				if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
-					if ($this->isMountPointApplicableToUser($mount, $uid)) {
-						return true;
-					}
-				}
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * check if mount point is applicable to user
-	 *
-	 * @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups']
-	 * @param string $uid
-	 * @return boolean
-	 */
-	private function isMountPointApplicableToUser($mount, $uid) {
-		$acceptedUids = array('all', $uid);
-		// check if mount point is applicable for the user
-		$intersection = array_intersect($acceptedUids, $mount['applicable']['users']);
-		if (!empty($intersection)) {
-			return true;
-		}
-		// check if mount point is applicable for group where the user is a member
-		foreach ($mount['applicable']['groups'] as $gid) {
-			if ($this->groupManager->isInGroup($uid, $gid)) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * check if it is a path which is excluded by ownCloud from encryption
-	 *
-	 * @param string $path
-	 * @return boolean
-	 */
-	public function isExcluded($path) {
-		$normalizedPath = Filesystem::normalizePath($path);
-		$root = explode('/', $normalizedPath, 4);
-		if (count($root) > 1) {
-
-			// detect alternative key storage root
-			$rootDir = $this->getKeyStorageRoot();
-			if ($rootDir !== '' &&
-				0 === strpos(
-					Filesystem::normalizePath($path),
-					Filesystem::normalizePath($rootDir)
-				)
-			) {
-				return true;
-			}
-
-
-			//detect system wide folders
-			if (in_array($root[1], $this->excludedPaths)) {
-				return true;
-			}
-
-			// detect user specific folders
-			if ($this->userManager->userExists($root[1])
-				&& in_array($root[2], $this->excludedPaths)) {
-
-				return true;
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * check if recovery key is enabled for user
-	 *
-	 * @param string $uid
-	 * @return boolean
-	 */
-	public function recoveryEnabled($uid) {
-		$enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
-
-		return $enabled === '1';
-	}
-
-	/**
-	 * set new key storage root
-	 *
-	 * @param string $root new key store root relative to the data folder
-	 */
-	public function setKeyStorageRoot($root) {
-		$this->config->setAppValue('core', 'encryption_key_storage_root', $root);
-	}
-
-	/**
-	 * get key storage root
-	 *
-	 * @return string key storage root
-	 */
-	public function getKeyStorageRoot() {
-		return $this->config->getAppValue('core', 'encryption_key_storage_root', '');
-	}
+    const HEADER_START = 'HBEGIN';
+    const HEADER_END = 'HEND';
+    const HEADER_PADDING_CHAR = '-';
+
+    const HEADER_ENCRYPTION_MODULE_KEY = 'oc_encryption_module';
+
+    /**
+     * block size will always be 8192 for a PHP stream
+     * @see https://bugs.php.net/bug.php?id=21641
+     * @var integer
+     */
+    protected $headerSize = 8192;
+
+    /**
+     * block size will always be 8192 for a PHP stream
+     * @see https://bugs.php.net/bug.php?id=21641
+     * @var integer
+     */
+    protected $blockSize = 8192;
+
+    /** @var View */
+    protected $rootView;
+
+    /** @var array */
+    protected $ocHeaderKeys;
+
+    /** @var \OC\User\Manager */
+    protected $userManager;
+
+    /** @var IConfig */
+    protected $config;
+
+    /** @var array paths excluded from encryption */
+    protected $excludedPaths;
+
+    /** @var \OC\Group\Manager $manager */
+    protected $groupManager;
+
+    /**
+     *
+     * @param View $rootView
+     * @param \OC\User\Manager $userManager
+     * @param \OC\Group\Manager $groupManager
+     * @param IConfig $config
+     */
+    public function __construct(
+        View $rootView,
+        \OC\User\Manager $userManager,
+        \OC\Group\Manager $groupManager,
+        IConfig $config) {
+
+        $this->ocHeaderKeys = [
+            self::HEADER_ENCRYPTION_MODULE_KEY
+        ];
+
+        $this->rootView = $rootView;
+        $this->userManager = $userManager;
+        $this->groupManager = $groupManager;
+        $this->config = $config;
+
+        $this->excludedPaths[] = 'files_encryption';
+        $this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
+        $this->excludedPaths[] = 'files_external';
+    }
+
+    /**
+     * read encryption module ID from header
+     *
+     * @param array $header
+     * @return string
+     * @throws ModuleDoesNotExistsException
+     */
+    public function getEncryptionModuleId(array $header = null) {
+        $id = '';
+        $encryptionModuleKey = self::HEADER_ENCRYPTION_MODULE_KEY;
+
+        if (isset($header[$encryptionModuleKey])) {
+            $id = $header[$encryptionModuleKey];
+        } elseif (isset($header['cipher'])) {
+            if (class_exists('\OCA\Encryption\Crypto\Encryption')) {
+                // fall back to default encryption if the user migrated from
+                // ownCloud <= 8.0 with the old encryption
+                $id = \OCA\Encryption\Crypto\Encryption::ID;
+            } else {
+                throw new ModuleDoesNotExistsException('Default encryption module missing');
+            }
+        }
+
+        return $id;
+    }
+
+    /**
+     * create header for encrypted file
+     *
+     * @param array $headerData
+     * @param IEncryptionModule $encryptionModule
+     * @return string
+     * @throws EncryptionHeaderToLargeException if header has to many arguments
+     * @throws EncryptionHeaderKeyExistsException if header key is already in use
+     */
+    public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
+        $header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
+        foreach ($headerData as $key => $value) {
+            if (in_array($key, $this->ocHeaderKeys)) {
+                throw new EncryptionHeaderKeyExistsException($key);
+            }
+            $header .= $key . ':' . $value . ':';
+        }
+        $header .= self::HEADER_END;
+
+        if (strlen($header) > $this->getHeaderSize()) {
+            throw new EncryptionHeaderToLargeException();
+        }
+
+        $paddedHeader = str_pad($header, $this->headerSize, self::HEADER_PADDING_CHAR, STR_PAD_RIGHT);
+
+        return $paddedHeader;
+    }
+
+    /**
+     * go recursively through a dir and collect all files and sub files.
+     *
+     * @param string $dir relative to the users files folder
+     * @return array with list of files relative to the users files folder
+     */
+    public function getAllFiles($dir) {
+        $result = array();
+        $dirList = array($dir);
+
+        while ($dirList) {
+            $dir = array_pop($dirList);
+            $content = $this->rootView->getDirectoryContent($dir);
+
+            foreach ($content as $c) {
+                if ($c->getType() === 'dir') {
+                    $dirList[] = $c->getPath();
+                } else {
+                    $result[] =  $c->getPath();
+                }
+            }
+
+        }
+
+        return $result;
+    }
+
+    /**
+     * check if it is a file uploaded by the user stored in data/user/files
+     * or a metadata file
+     *
+     * @param string $path relative to the data/ folder
+     * @return boolean
+     */
+    public function isFile($path) {
+        $parts = explode('/', Filesystem::normalizePath($path), 4);
+        if (isset($parts[2]) && $parts[2] === 'files') {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * return size of encryption header
+     *
+     * @return integer
+     */
+    public function getHeaderSize() {
+        return $this->headerSize;
+    }
+
+    /**
+     * return size of block read by a PHP stream
+     *
+     * @return integer
+     */
+    public function getBlockSize() {
+        return $this->blockSize;
+    }
+
+    /**
+     * get the owner and the path for the file relative to the owners files folder
+     *
+     * @param string $path
+     * @return array
+     * @throws \BadMethodCallException
+     */
+    public function getUidAndFilename($path) {
+
+        $parts = explode('/', $path);
+        $uid = '';
+        if (count($parts) > 2) {
+            $uid = $parts[1];
+        }
+        if (!$this->userManager->userExists($uid)) {
+            throw new \BadMethodCallException(
+                'path needs to be relative to the system wide data folder and point to a user specific file'
+            );
+        }
+
+        $ownerPath = implode('/', array_slice($parts, 2));
+
+        return array($uid, Filesystem::normalizePath($ownerPath));
+
+    }
+
+    /**
+     * Remove .path extension from a file path
+     * @param string $path Path that may identify a .part file
+     * @return string File path without .part extension
+     * @note this is needed for reusing keys
+     */
+    public function stripPartialFileExtension($path) {
+        $extension = pathinfo($path, PATHINFO_EXTENSION);
+
+        if ( $extension === 'part') {
+
+            $newLength = strlen($path) - 5; // 5 = strlen(".part")
+            $fPath = substr($path, 0, $newLength);
+
+            // if path also contains a transaction id, we remove it too
+            $extension = pathinfo($fPath, PATHINFO_EXTENSION);
+            if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
+                $newLength = strlen($fPath) - strlen($extension) -1;
+                $fPath = substr($fPath, 0, $newLength);
+            }
+            return $fPath;
+
+        } else {
+            return $path;
+        }
+    }
+
+    public function getUserWithAccessToMountPoint($users, $groups) {
+        $result = [];
+        if (in_array('all', $users)) {
+            $users = $this->userManager->search('', null, null);
+            $result = array_map(function(IUser $user) {
+                return $user->getUID();
+            }, $users);
+        } else {
+            $result = array_merge($result, $users);
+
+            $groupManager = \OC::$server->getGroupManager();
+            foreach ($groups as $group) {
+                $groupObject = $groupManager->get($group);
+                if ($groupObject) {
+                    $foundUsers = $groupObject->searchUsers('', -1, 0);
+                    $userIds = [];
+                    foreach ($foundUsers as $user) {
+                        $userIds[] = $user->getUID();
+                    }
+                    $result = array_merge($result, $userIds);
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * check if the file is stored on a system wide mount point
+     * @param string $path relative to /data/user with leading '/'
+     * @param string $uid
+     * @return boolean
+     */
+    public function isSystemWideMountPoint($path, $uid) {
+        if (\OCP\App::isEnabled("files_external")) {
+            $mounts = \OC_Mount_Config::getSystemMountPoints();
+            foreach ($mounts as $mount) {
+                if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
+                    if ($this->isMountPointApplicableToUser($mount, $uid)) {
+                        return true;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
+    /**
+     * check if mount point is applicable to user
+     *
+     * @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups']
+     * @param string $uid
+     * @return boolean
+     */
+    private function isMountPointApplicableToUser($mount, $uid) {
+        $acceptedUids = array('all', $uid);
+        // check if mount point is applicable for the user
+        $intersection = array_intersect($acceptedUids, $mount['applicable']['users']);
+        if (!empty($intersection)) {
+            return true;
+        }
+        // check if mount point is applicable for group where the user is a member
+        foreach ($mount['applicable']['groups'] as $gid) {
+            if ($this->groupManager->isInGroup($uid, $gid)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * check if it is a path which is excluded by ownCloud from encryption
+     *
+     * @param string $path
+     * @return boolean
+     */
+    public function isExcluded($path) {
+        $normalizedPath = Filesystem::normalizePath($path);
+        $root = explode('/', $normalizedPath, 4);
+        if (count($root) > 1) {
+
+            // detect alternative key storage root
+            $rootDir = $this->getKeyStorageRoot();
+            if ($rootDir !== '' &&
+                0 === strpos(
+                    Filesystem::normalizePath($path),
+                    Filesystem::normalizePath($rootDir)
+                )
+            ) {
+                return true;
+            }
+
+
+            //detect system wide folders
+            if (in_array($root[1], $this->excludedPaths)) {
+                return true;
+            }
+
+            // detect user specific folders
+            if ($this->userManager->userExists($root[1])
+                && in_array($root[2], $this->excludedPaths)) {
+
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * check if recovery key is enabled for user
+     *
+     * @param string $uid
+     * @return boolean
+     */
+    public function recoveryEnabled($uid) {
+        $enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
+
+        return $enabled === '1';
+    }
+
+    /**
+     * set new key storage root
+     *
+     * @param string $root new key store root relative to the data folder
+     */
+    public function setKeyStorageRoot($root) {
+        $this->config->setAppValue('core', 'encryption_key_storage_root', $root);
+    }
+
+    /**
+     * get key storage root
+     *
+     * @return string key storage root
+     */
+    public function getKeyStorageRoot() {
+        return $this->config->getAppValue('core', 'encryption_key_storage_root', '');
+    }
 
 }

apps/federatedfilesharing/templates/settings-admin.php

Braces +16 added lines, -4 removed lines

@@ -15,7 +15,10 @@ 
 
 	<p>
 		<input type="checkbox" name="outgoing_server2server_share_enabled" id="outgoingServer2serverShareEnabled" class="checkbox"
-			   value="1" <?php if ($_['outgoingServer2serverShareEnabled']) print_unescaped('checked="checked"'); ?> />
+			   value="1" <?php if ($_['outgoingServer2serverShareEnabled']) {
+    print_unescaped('checked="checked"');
+}
+?> />
 		<label for="outgoingServer2serverShareEnabled">
 			<?php p($l->t('Allow users on this server to send shares to other servers'));?>
 		</label>
@@ -23,21 +26,30 @@ 
 
 	<p>
 		<input type="checkbox" name="incoming_server2server_share_enabled" id="incomingServer2serverShareEnabled" class="checkbox"
-			   value="1" <?php if ($_['incomingServer2serverShareEnabled']) print_unescaped('checked="checked"'); ?> />
+			   value="1" <?php if ($_['incomingServer2serverShareEnabled']) {
+    print_unescaped('checked="checked"');
+}
+?> />
 		<label for="incomingServer2serverShareEnabled">
 			<?php p($l->t('Allow users on this server to receive shares from other servers'));?>
 		</label><br/>
 	</p>
 	<p>
 		<input type="checkbox" name="lookupServerEnabled" id="lookupServerEnabled" class="checkbox"
-			   value="1" <?php if ($_['lookupServerEnabled']) print_unescaped('checked="checked"'); ?> />
+			   value="1" <?php if ($_['lookupServerEnabled']) {
+    print_unescaped('checked="checked"');
+}
+?> />
 		<label for="lookupServerEnabled">
 			<?php p($l->t('Search global and public address book for users'));?>
 		</label><br/>
 	</p>
 	<p>
 		<input type="checkbox" name="lookupServerUploadEnabled" id="lookupServerUploadEnabled" class="checkbox"
-			   value="1" <?php if ($_['lookupServerUploadEnabled']) print_unescaped('checked="checked"'); ?> />
+			   value="1" <?php if ($_['lookupServerUploadEnabled']) {
+    print_unescaped('checked="checked"');
+}
+?> />
 		<label for="lookupServerUploadEnabled">
 			<?php p($l->t('Allow users to publish their data to a global and public address book'));?>
 		</label><br/>

Spacing +7 added lines, -7 removed lines

@@ -4,13 +4,13 @@ 
 script('federatedfilesharing', 'settings-admin');
 ?>
 
-<?php if($_['internalOnly'] === false): ?>
+<?php if ($_['internalOnly'] === false): ?>
 
 <div id="fileSharingSettings" class="section">
 	<h2>
-		<?php p($l->t('Federated Cloud Sharing'));?>
+		<?php p($l->t('Federated Cloud Sharing')); ?>
 		<a target="_blank" rel="noreferrer noopener" class="icon-info svg"
-		   title="<?php p($l->t('Open documentation'));?>"
+		   title="<?php p($l->t('Open documentation')); ?>"
 		   href="<?php p(link_to_docs('admin-sharing-federated')); ?>"></a>
 	</h2>
 
@@ -20,7 +20,7 @@ 
 		<input type="checkbox" name="outgoing_server2server_share_enabled" id="outgoingServer2serverShareEnabled" class="checkbox"
 			   value="1" <?php if ($_['outgoingServer2serverShareEnabled']) print_unescaped('checked="checked"'); ?> />
 		<label for="outgoingServer2serverShareEnabled">
-			<?php p($l->t('Allow users on this server to send shares to other servers'));?>
+			<?php p($l->t('Allow users on this server to send shares to other servers')); ?>
 		</label>
 	</p>
 
@@ -28,21 +28,21 @@ 
 		<input type="checkbox" name="incoming_server2server_share_enabled" id="incomingServer2serverShareEnabled" class="checkbox"
 			   value="1" <?php if ($_['incomingServer2serverShareEnabled']) print_unescaped('checked="checked"'); ?> />
 		<label for="incomingServer2serverShareEnabled">
-			<?php p($l->t('Allow users on this server to receive shares from other servers'));?>
+			<?php p($l->t('Allow users on this server to receive shares from other servers')); ?>
 		</label><br/>
 	</p>
 	<p>
 		<input type="checkbox" name="lookupServerEnabled" id="lookupServerEnabled" class="checkbox"
 			   value="1" <?php if ($_['lookupServerEnabled']) print_unescaped('checked="checked"'); ?> />
 		<label for="lookupServerEnabled">
-			<?php p($l->t('Search global and public address book for users'));?>
+			<?php p($l->t('Search global and public address book for users')); ?>
 		</label><br/>
 	</p>
 	<p>
 		<input type="checkbox" name="lookupServerUploadEnabled" id="lookupServerUploadEnabled" class="checkbox"
 			   value="1" <?php if ($_['lookupServerUploadEnabled']) print_unescaped('checked="checked"'); ?> />
 		<label for="lookupServerUploadEnabled">
-			<?php p($l->t('Allow users to publish their data to a global and public address book'));?>
+			<?php p($l->t('Allow users to publish their data to a global and public address book')); ?>
 		</label><br/>
 	</p>
 

lib/private/Comments/ManagerFactory.php

Indentation +27 added lines, -27 removed lines

@@ -30,33 +30,33 @@
 
 class ManagerFactory implements ICommentsManagerFactory {
 
-	/**
-	 * Server container
-	 *
-	 * @var IServerContainer
-	 */
-	private $serverContainer;
+    /**
+     * Server container
+     *
+     * @var IServerContainer
+     */
+    private $serverContainer;
 
-	/**
-	 * Constructor for the comments manager factory
-	 *
-	 * @param IServerContainer $serverContainer server container
-	 */
-	public function __construct(IServerContainer $serverContainer) {
-		$this->serverContainer = $serverContainer;
-	}
+    /**
+     * Constructor for the comments manager factory
+     *
+     * @param IServerContainer $serverContainer server container
+     */
+    public function __construct(IServerContainer $serverContainer) {
+        $this->serverContainer = $serverContainer;
+    }
 
-	/**
-	 * creates and returns an instance of the ICommentsManager
-	 *
-	 * @return ICommentsManager
-	 * @since 9.0.0
-	 */
-	public function getManager() {
-		return new Manager(
-			$this->serverContainer->getDatabaseConnection(),
-			$this->serverContainer->getLogger(),
-			$this->serverContainer->getConfig()
-		);
-	}
+    /**
+     * creates and returns an instance of the ICommentsManager
+     *
+     * @return ICommentsManager
+     * @since 9.0.0
+     */
+    public function getManager() {
+        return new Manager(
+            $this->serverContainer->getDatabaseConnection(),
+            $this->serverContainer->getLogger(),
+            $this->serverContainer->getConfig()
+        );
+    }
 }

apps/dav/lib/Connector/Sabre/CachingTree.php

Indentation +12 added lines, -12 removed lines

@@ -24,16 +24,16 @@
 use Sabre\DAV\Tree;
 
 class CachingTree extends Tree {
-	/**
-	 * Store a node in the cache
-	 *
-	 * @param Node $node
-	 * @param null|string $path
-	 */
-	public function cacheNode(Node $node, $path = null) {
-		if (is_null($path)) {
-			$path = $node->getPath();
-		}
-		$this->cache[trim($path, '/')] = $node;
-	}
+    /**
+     * Store a node in the cache
+     *
+     * @param Node $node
+     * @param null|string $path
+     */
+    public function cacheNode(Node $node, $path = null) {
+        if (is_null($path)) {
+            $path = $node->getPath();
+        }
+        $this->cache[trim($path, '/')] = $node;
+    }
 }

apps/dav/lib/Connector/Sabre/Server.php

Indentation +9 added lines, -9 removed lines

@@ -33,14 +33,14 @@
  * @see \Sabre\DAV\Server
  */
 class Server extends \Sabre\DAV\Server {
-	/** @var CachingTree $tree */
+    /** @var CachingTree $tree */
 
-	/**
-	 * @see \Sabre\DAV\Server
-	 */
-	public function __construct($treeOrNode = null) {
-		parent::__construct($treeOrNode);
-		self::$exposeVersion = false;
-		$this->enablePropfindDepthInfinity = true;
-	}
+    /**
+     * @see \Sabre\DAV\Server
+     */
+    public function __construct($treeOrNode = null) {
+        parent::__construct($treeOrNode);
+        self::$exposeVersion = false;
+        $this->enablePropfindDepthInfinity = true;
+    }
 }

settings/templates/settings/personal/security.php

Indentation +4 added lines, -4 removed lines

@@ -22,10 +22,10 @@
  */
 
 script('settings', [
-	'authtoken',
-	'authtoken_collection',
-	'authtoken_view',
-	'settings/authtoken-init'
+    'authtoken',
+    'authtoken_collection',
+    'authtoken_view',
+    'settings/authtoken-init'
 ]);
 
 ?>

Spacing +4 added lines, -4 removed lines

@@ -32,14 +32,14 @@
 
 
 <div id="security" class="section">
-	<h2><?php p($l->t('Devices & sessions'));?></h2>
-	<p class="settings-hint hidden-when-empty"><?php p($l->t('Web, desktop and mobile clients currently logged in to your account.'));?></p>
+	<h2><?php p($l->t('Devices & sessions')); ?></h2>
+	<p class="settings-hint hidden-when-empty"><?php p($l->t('Web, desktop and mobile clients currently logged in to your account.')); ?></p>
 	<table class="icon-loading">
 		<thead class="token-list-header">
 			<tr>
 				<th></th>
-				<th><?php p($l->t('Device'));?></th>
-				<th><?php p($l->t('Last activity'));?></th>
+				<th><?php p($l->t('Device')); ?></th>
+				<th><?php p($l->t('Last activity')); ?></th>
 				<th></th>
 			</tr>
 		</thead>

lib/private/Settings/Personal/Security.php

Indentation +25 added lines, -25 removed lines

@@ -29,31 +29,31 @@
 
 class Security implements ISettings {
 
-	/**
-	 * @return TemplateResponse returns the instance with all parameters set, ready to be rendered
-	 * @since 9.1
-	 */
-	public function getForm() {
-		return new TemplateResponse('settings', 'settings/personal/security');
-	}
+    /**
+     * @return TemplateResponse returns the instance with all parameters set, ready to be rendered
+     * @since 9.1
+     */
+    public function getForm() {
+        return new TemplateResponse('settings', 'settings/personal/security');
+    }
 
-	/**
-	 * @return string the section ID, e.g. 'sharing'
-	 * @since 9.1
-	 */
-	public function getSection() {
-		return 'security';
-	}
+    /**
+     * @return string the section ID, e.g. 'sharing'
+     * @since 9.1
+     */
+    public function getSection() {
+        return 'security';
+    }
 
-	/**
-	 * @return int whether the form should be rather on the top or bottom of
-	 * the admin section. The forms are arranged in ascending order of the
-	 * priority values. It is required to return a value between 0 and 100.
-	 *
-	 * E.g.: 70
-	 * @since 9.1
-	 */
-	public function getPriority() {
-		return 10;
-	}
+    /**
+     * @return int whether the form should be rather on the top or bottom of
+     * the admin section. The forms are arranged in ascending order of the
+     * priority values. It is required to return a value between 0 and 100.
+     *
+     * E.g.: 70
+     * @since 9.1
+     */
+    public function getPriority() {
+        return 10;
+    }
 }

lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php

Spacing +25 added lines, -25 removed lines

@@ -362,77 +362,77 @@
 		$policy .= "base-uri 'none';";
 		$policy .= "manifest-src 'self';";
 
-		if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
+		if (!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
 			$policy .= 'script-src ';
-			if(is_string($this->useJsNonce)) {
+			if (is_string($this->useJsNonce)) {
 				$policy .= '\'nonce-'.base64_encode($this->useJsNonce).'\'';
 				$allowedScriptDomains = array_flip($this->allowedScriptDomains);
 				unset($allowedScriptDomains['\'self\'']);
 				$this->allowedScriptDomains = array_flip($allowedScriptDomains);
-				if(count($allowedScriptDomains) !== 0) {
+				if (count($allowedScriptDomains) !== 0) {
 					$policy .= ' ';
 				}
 			}
-			if(is_array($this->allowedScriptDomains)) {
+			if (is_array($this->allowedScriptDomains)) {
 				$policy .= implode(' ', $this->allowedScriptDomains);
 			}
-			if($this->inlineScriptAllowed) {
+			if ($this->inlineScriptAllowed) {
 				$policy .= ' \'unsafe-inline\'';
 			}
-			if($this->evalScriptAllowed) {
+			if ($this->evalScriptAllowed) {
 				$policy .= ' \'unsafe-eval\'';
 			}
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedStyleDomains) || $this->inlineStyleAllowed) {
+		if (!empty($this->allowedStyleDomains) || $this->inlineStyleAllowed) {
 			$policy .= 'style-src ';
-			if(is_array($this->allowedStyleDomains)) {
+			if (is_array($this->allowedStyleDomains)) {
 				$policy .= implode(' ', $this->allowedStyleDomains);
 			}
-			if($this->inlineStyleAllowed) {
+			if ($this->inlineStyleAllowed) {
 				$policy .= ' \'unsafe-inline\'';
 			}
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedImageDomains)) {
-			$policy .= 'img-src ' . implode(' ', $this->allowedImageDomains);
+		if (!empty($this->allowedImageDomains)) {
+			$policy .= 'img-src '.implode(' ', $this->allowedImageDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedFontDomains)) {
-			$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
+		if (!empty($this->allowedFontDomains)) {
+			$policy .= 'font-src '.implode(' ', $this->allowedFontDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedConnectDomains)) {
-			$policy .= 'connect-src ' . implode(' ', $this->allowedConnectDomains);
+		if (!empty($this->allowedConnectDomains)) {
+			$policy .= 'connect-src '.implode(' ', $this->allowedConnectDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedMediaDomains)) {
-			$policy .= 'media-src ' . implode(' ', $this->allowedMediaDomains);
+		if (!empty($this->allowedMediaDomains)) {
+			$policy .= 'media-src '.implode(' ', $this->allowedMediaDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedObjectDomains)) {
-			$policy .= 'object-src ' . implode(' ', $this->allowedObjectDomains);
+		if (!empty($this->allowedObjectDomains)) {
+			$policy .= 'object-src '.implode(' ', $this->allowedObjectDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedFrameDomains)) {
-			$policy .= 'frame-src ' . implode(' ', $this->allowedFrameDomains);
+		if (!empty($this->allowedFrameDomains)) {
+			$policy .= 'frame-src '.implode(' ', $this->allowedFrameDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedChildSrcDomains)) {
-			$policy .= 'child-src ' . implode(' ', $this->allowedChildSrcDomains);
+		if (!empty($this->allowedChildSrcDomains)) {
+			$policy .= 'child-src '.implode(' ', $this->allowedChildSrcDomains);
 			$policy .= ';';
 		}
 
-		if(!empty($this->allowedFrameAncestors)) {
-			$policy .= 'frame-ancestors ' . implode(' ', $this->allowedFrameAncestors);
+		if (!empty($this->allowedFrameAncestors)) {
+			$policy .= 'frame-ancestors '.implode(' ', $this->allowedFrameAncestors);
 			$policy .= ';';
 		}
 

Indentation +404 added lines, -404 removed lines

@@ -34,408 +34,408 @@
  * @since 9.0.0
  */
 class EmptyContentSecurityPolicy {
-	/** @var bool Whether inline JS snippets are allowed */
-	protected $inlineScriptAllowed = null;
-	/** @var string Whether JS nonces should be used */
-	protected $useJsNonce = null;
-	/**
-	 * @var bool Whether eval in JS scripts is allowed
-	 * TODO: Disallow per default
-	 * @link https://github.com/owncloud/core/issues/11925
-	 */
-	protected $evalScriptAllowed = null;
-	/** @var array Domains from which scripts can get loaded */
-	protected $allowedScriptDomains = null;
-	/**
-	 * @var bool Whether inline CSS is allowed
-	 * TODO: Disallow per default
-	 * @link https://github.com/owncloud/core/issues/13458
-	 */
-	protected $inlineStyleAllowed = null;
-	/** @var array Domains from which CSS can get loaded */
-	protected $allowedStyleDomains = null;
-	/** @var array Domains from which images can get loaded */
-	protected $allowedImageDomains = null;
-	/** @var array Domains to which connections can be done */
-	protected $allowedConnectDomains = null;
-	/** @var array Domains from which media elements can be loaded */
-	protected $allowedMediaDomains = null;
-	/** @var array Domains from which object elements can be loaded */
-	protected $allowedObjectDomains = null;
-	/** @var array Domains from which iframes can be loaded */
-	protected $allowedFrameDomains = null;
-	/** @var array Domains from which fonts can be loaded */
-	protected $allowedFontDomains = null;
-	/** @var array Domains from which web-workers and nested browsing content can load elements */
-	protected $allowedChildSrcDomains = null;
-	/** @var array Domains which can embed this Nextcloud instance */
-	protected $allowedFrameAncestors = null;
-
-	/**
-	 * Whether inline JavaScript snippets are allowed or forbidden
-	 * @param bool $state
-	 * @return $this
-	 * @since 8.1.0
-	 * @deprecated 10.0 CSP tokens are now used
-	 */
-	public function allowInlineScript($state = false) {
-		$this->inlineScriptAllowed = $state;
-		return $this;
-	}
-
-	/**
-	 * Use the according JS nonce
-	 *
-	 * @param string $nonce
-	 * @return $this
-	 * @since 11.0.0
-	 */
-	public function useJsNonce($nonce) {
-		$this->useJsNonce = $nonce;
-		return $this;
-	}
-
-	/**
-	 * Whether eval in JavaScript is allowed or forbidden
-	 * @param bool $state
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function allowEvalScript($state = true) {
-		$this->evalScriptAllowed = $state;
-		return $this;
-	}
-
-	/**
-	 * Allows to execute JavaScript files from a specific domain. Use * to
-	 * allow JavaScript from all domains.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedScriptDomain($domain) {
-		$this->allowedScriptDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed script domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowScriptDomain($domain) {
-		$this->allowedScriptDomains = array_diff($this->allowedScriptDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Whether inline CSS snippets are allowed or forbidden
-	 * @param bool $state
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function allowInlineStyle($state = true) {
-		$this->inlineStyleAllowed = $state;
-		return $this;
-	}
-
-	/**
-	 * Allows to execute CSS files from a specific domain. Use * to allow
-	 * CSS from all domains.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedStyleDomain($domain) {
-		$this->allowedStyleDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed style domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowStyleDomain($domain) {
-		$this->allowedStyleDomains = array_diff($this->allowedStyleDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Allows using fonts from a specific domain. Use * to allow
-	 * fonts from all domains.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedFontDomain($domain) {
-		$this->allowedFontDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed font domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowFontDomain($domain) {
-		$this->allowedFontDomains = array_diff($this->allowedFontDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Allows embedding images from a specific domain. Use * to allow
-	 * images from all domains.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedImageDomain($domain) {
-		$this->allowedImageDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed image domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowImageDomain($domain) {
-		$this->allowedImageDomains = array_diff($this->allowedImageDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * To which remote domains the JS connect to.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedConnectDomain($domain) {
-		$this->allowedConnectDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed connect domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowConnectDomain($domain) {
-		$this->allowedConnectDomains = array_diff($this->allowedConnectDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * From which domains media elements can be embedded.
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedMediaDomain($domain) {
-		$this->allowedMediaDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed media domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowMediaDomain($domain) {
-		$this->allowedMediaDomains = array_diff($this->allowedMediaDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * From which domains objects such as <object>, <embed> or <applet> are executed
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedObjectDomain($domain) {
-		$this->allowedObjectDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed object domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowObjectDomain($domain) {
-		$this->allowedObjectDomains = array_diff($this->allowedObjectDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Which domains can be embedded in an iframe
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedFrameDomain($domain) {
-		$this->allowedFrameDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed frame domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowFrameDomain($domain) {
-		$this->allowedFrameDomains = array_diff($this->allowedFrameDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Domains from which web-workers and nested browsing content can load elements
-	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function addAllowedChildSrcDomain($domain) {
-		$this->allowedChildSrcDomains[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Remove the specified allowed child src domain from the allowed domains.
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function disallowChildSrcDomain($domain) {
-		$this->allowedChildSrcDomains = array_diff($this->allowedChildSrcDomains, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Domains which can embed an iFrame of the Nextcloud instance
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 13.0.0
-	 */
-	public function addAllowedFrameAncestorDomain($domain) {
-		$this->allowedFrameAncestors[] = $domain;
-		return $this;
-	}
-
-	/**
-	 * Domains which can embed an iFrame of the Nextcloud instance
-	 *
-	 * @param string $domain
-	 * @return $this
-	 * @since 13.0.0
-	 */
-	public function disallowFrameAncestorDomain($domain) {
-		$this->allowedFrameAncestors = array_diff($this->allowedFrameAncestors, [$domain]);
-		return $this;
-	}
-
-	/**
-	 * Get the generated Content-Security-Policy as a string
-	 * @return string
-	 * @since 8.1.0
-	 */
-	public function buildPolicy() {
-		$policy = "default-src 'none';";
-		$policy .= "base-uri 'none';";
-		$policy .= "manifest-src 'self';";
-
-		if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
-			$policy .= 'script-src ';
-			if(is_string($this->useJsNonce)) {
-				$policy .= '\'nonce-'.base64_encode($this->useJsNonce).'\'';
-				$allowedScriptDomains = array_flip($this->allowedScriptDomains);
-				unset($allowedScriptDomains['\'self\'']);
-				$this->allowedScriptDomains = array_flip($allowedScriptDomains);
-				if(count($allowedScriptDomains) !== 0) {
-					$policy .= ' ';
-				}
-			}
-			if(is_array($this->allowedScriptDomains)) {
-				$policy .= implode(' ', $this->allowedScriptDomains);
-			}
-			if($this->inlineScriptAllowed) {
-				$policy .= ' \'unsafe-inline\'';
-			}
-			if($this->evalScriptAllowed) {
-				$policy .= ' \'unsafe-eval\'';
-			}
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedStyleDomains) || $this->inlineStyleAllowed) {
-			$policy .= 'style-src ';
-			if(is_array($this->allowedStyleDomains)) {
-				$policy .= implode(' ', $this->allowedStyleDomains);
-			}
-			if($this->inlineStyleAllowed) {
-				$policy .= ' \'unsafe-inline\'';
-			}
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedImageDomains)) {
-			$policy .= 'img-src ' . implode(' ', $this->allowedImageDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedFontDomains)) {
-			$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedConnectDomains)) {
-			$policy .= 'connect-src ' . implode(' ', $this->allowedConnectDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedMediaDomains)) {
-			$policy .= 'media-src ' . implode(' ', $this->allowedMediaDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedObjectDomains)) {
-			$policy .= 'object-src ' . implode(' ', $this->allowedObjectDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedFrameDomains)) {
-			$policy .= 'frame-src ' . implode(' ', $this->allowedFrameDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedChildSrcDomains)) {
-			$policy .= 'child-src ' . implode(' ', $this->allowedChildSrcDomains);
-			$policy .= ';';
-		}
-
-		if(!empty($this->allowedFrameAncestors)) {
-			$policy .= 'frame-ancestors ' . implode(' ', $this->allowedFrameAncestors);
-			$policy .= ';';
-		}
-
-		return rtrim($policy, ';');
-	}
+    /** @var bool Whether inline JS snippets are allowed */
+    protected $inlineScriptAllowed = null;
+    /** @var string Whether JS nonces should be used */
+    protected $useJsNonce = null;
+    /**
+     * @var bool Whether eval in JS scripts is allowed
+     * TODO: Disallow per default
+     * @link https://github.com/owncloud/core/issues/11925
+     */
+    protected $evalScriptAllowed = null;
+    /** @var array Domains from which scripts can get loaded */
+    protected $allowedScriptDomains = null;
+    /**
+     * @var bool Whether inline CSS is allowed
+     * TODO: Disallow per default
+     * @link https://github.com/owncloud/core/issues/13458
+     */
+    protected $inlineStyleAllowed = null;
+    /** @var array Domains from which CSS can get loaded */
+    protected $allowedStyleDomains = null;
+    /** @var array Domains from which images can get loaded */
+    protected $allowedImageDomains = null;
+    /** @var array Domains to which connections can be done */
+    protected $allowedConnectDomains = null;
+    /** @var array Domains from which media elements can be loaded */
+    protected $allowedMediaDomains = null;
+    /** @var array Domains from which object elements can be loaded */
+    protected $allowedObjectDomains = null;
+    /** @var array Domains from which iframes can be loaded */
+    protected $allowedFrameDomains = null;
+    /** @var array Domains from which fonts can be loaded */
+    protected $allowedFontDomains = null;
+    /** @var array Domains from which web-workers and nested browsing content can load elements */
+    protected $allowedChildSrcDomains = null;
+    /** @var array Domains which can embed this Nextcloud instance */
+    protected $allowedFrameAncestors = null;
+
+    /**
+     * Whether inline JavaScript snippets are allowed or forbidden
+     * @param bool $state
+     * @return $this
+     * @since 8.1.0
+     * @deprecated 10.0 CSP tokens are now used
+     */
+    public function allowInlineScript($state = false) {
+        $this->inlineScriptAllowed = $state;
+        return $this;
+    }
+
+    /**
+     * Use the according JS nonce
+     *
+     * @param string $nonce
+     * @return $this
+     * @since 11.0.0
+     */
+    public function useJsNonce($nonce) {
+        $this->useJsNonce = $nonce;
+        return $this;
+    }
+
+    /**
+     * Whether eval in JavaScript is allowed or forbidden
+     * @param bool $state
+     * @return $this
+     * @since 8.1.0
+     */
+    public function allowEvalScript($state = true) {
+        $this->evalScriptAllowed = $state;
+        return $this;
+    }
+
+    /**
+     * Allows to execute JavaScript files from a specific domain. Use * to
+     * allow JavaScript from all domains.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedScriptDomain($domain) {
+        $this->allowedScriptDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed script domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowScriptDomain($domain) {
+        $this->allowedScriptDomains = array_diff($this->allowedScriptDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Whether inline CSS snippets are allowed or forbidden
+     * @param bool $state
+     * @return $this
+     * @since 8.1.0
+     */
+    public function allowInlineStyle($state = true) {
+        $this->inlineStyleAllowed = $state;
+        return $this;
+    }
+
+    /**
+     * Allows to execute CSS files from a specific domain. Use * to allow
+     * CSS from all domains.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedStyleDomain($domain) {
+        $this->allowedStyleDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed style domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowStyleDomain($domain) {
+        $this->allowedStyleDomains = array_diff($this->allowedStyleDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Allows using fonts from a specific domain. Use * to allow
+     * fonts from all domains.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedFontDomain($domain) {
+        $this->allowedFontDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed font domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowFontDomain($domain) {
+        $this->allowedFontDomains = array_diff($this->allowedFontDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Allows embedding images from a specific domain. Use * to allow
+     * images from all domains.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedImageDomain($domain) {
+        $this->allowedImageDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed image domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowImageDomain($domain) {
+        $this->allowedImageDomains = array_diff($this->allowedImageDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * To which remote domains the JS connect to.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedConnectDomain($domain) {
+        $this->allowedConnectDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed connect domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowConnectDomain($domain) {
+        $this->allowedConnectDomains = array_diff($this->allowedConnectDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * From which domains media elements can be embedded.
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedMediaDomain($domain) {
+        $this->allowedMediaDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed media domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowMediaDomain($domain) {
+        $this->allowedMediaDomains = array_diff($this->allowedMediaDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * From which domains objects such as <object>, <embed> or <applet> are executed
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedObjectDomain($domain) {
+        $this->allowedObjectDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed object domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowObjectDomain($domain) {
+        $this->allowedObjectDomains = array_diff($this->allowedObjectDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Which domains can be embedded in an iframe
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedFrameDomain($domain) {
+        $this->allowedFrameDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed frame domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowFrameDomain($domain) {
+        $this->allowedFrameDomains = array_diff($this->allowedFrameDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Domains from which web-workers and nested browsing content can load elements
+     * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
+     * @return $this
+     * @since 8.1.0
+     */
+    public function addAllowedChildSrcDomain($domain) {
+        $this->allowedChildSrcDomains[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Remove the specified allowed child src domain from the allowed domains.
+     *
+     * @param string $domain
+     * @return $this
+     * @since 8.1.0
+     */
+    public function disallowChildSrcDomain($domain) {
+        $this->allowedChildSrcDomains = array_diff($this->allowedChildSrcDomains, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Domains which can embed an iFrame of the Nextcloud instance
+     *
+     * @param string $domain
+     * @return $this
+     * @since 13.0.0
+     */
+    public function addAllowedFrameAncestorDomain($domain) {
+        $this->allowedFrameAncestors[] = $domain;
+        return $this;
+    }
+
+    /**
+     * Domains which can embed an iFrame of the Nextcloud instance
+     *
+     * @param string $domain
+     * @return $this
+     * @since 13.0.0
+     */
+    public function disallowFrameAncestorDomain($domain) {
+        $this->allowedFrameAncestors = array_diff($this->allowedFrameAncestors, [$domain]);
+        return $this;
+    }
+
+    /**
+     * Get the generated Content-Security-Policy as a string
+     * @return string
+     * @since 8.1.0
+     */
+    public function buildPolicy() {
+        $policy = "default-src 'none';";
+        $policy .= "base-uri 'none';";
+        $policy .= "manifest-src 'self';";
+
+        if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
+            $policy .= 'script-src ';
+            if(is_string($this->useJsNonce)) {
+                $policy .= '\'nonce-'.base64_encode($this->useJsNonce).'\'';
+                $allowedScriptDomains = array_flip($this->allowedScriptDomains);
+                unset($allowedScriptDomains['\'self\'']);
+                $this->allowedScriptDomains = array_flip($allowedScriptDomains);
+                if(count($allowedScriptDomains) !== 0) {
+                    $policy .= ' ';
+                }
+            }
+            if(is_array($this->allowedScriptDomains)) {
+                $policy .= implode(' ', $this->allowedScriptDomains);
+            }
+            if($this->inlineScriptAllowed) {
+                $policy .= ' \'unsafe-inline\'';
+            }
+            if($this->evalScriptAllowed) {
+                $policy .= ' \'unsafe-eval\'';
+            }
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedStyleDomains) || $this->inlineStyleAllowed) {
+            $policy .= 'style-src ';
+            if(is_array($this->allowedStyleDomains)) {
+                $policy .= implode(' ', $this->allowedStyleDomains);
+            }
+            if($this->inlineStyleAllowed) {
+                $policy .= ' \'unsafe-inline\'';
+            }
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedImageDomains)) {
+            $policy .= 'img-src ' . implode(' ', $this->allowedImageDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedFontDomains)) {
+            $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedConnectDomains)) {
+            $policy .= 'connect-src ' . implode(' ', $this->allowedConnectDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedMediaDomains)) {
+            $policy .= 'media-src ' . implode(' ', $this->allowedMediaDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedObjectDomains)) {
+            $policy .= 'object-src ' . implode(' ', $this->allowedObjectDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedFrameDomains)) {
+            $policy .= 'frame-src ' . implode(' ', $this->allowedFrameDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedChildSrcDomains)) {
+            $policy .= 'child-src ' . implode(' ', $this->allowedChildSrcDomains);
+            $policy .= ';';
+        }
+
+        if(!empty($this->allowedFrameAncestors)) {
+            $policy .= 'frame-ancestors ' . implode(' ', $this->allowedFrameAncestors);
+            $policy .= ';';
+        }
+
+        return rtrim($policy, ';');
+    }
 }

core/templates/error.php

Spacing +3 added lines, -3 removed lines

@@ -1,12 +1,12 @@
 <div class="error">
 	<h2><?php p($l->t('Error')) ?></h2>
 	<ul>
-	<?php foreach($_["errors"] as $error):?>
+	<?php foreach ($_["errors"] as $error):?>
 		<li>
 			<p><?php p($error['error']) ?></p>
-			<?php if(isset($error['hint']) && $error['hint']): ?>
+			<?php if (isset($error['hint']) && $error['hint']): ?>
 				<p class='hint'><?php p($error['hint']) ?></p>
-			<?php endif;?>
+			<?php endif; ?>
 		</li>
 	<?php endforeach ?>
 	</ul>