1 | <?php |
||
2 | /** |
||
3 | * @copyright Copyright (c) 2018 Robin Appelman <[email protected]> |
||
4 | * |
||
5 | * @author Bastien Durel <[email protected]> |
||
6 | * @author Christoph Wurst <[email protected]> |
||
7 | * @author Georg Ehrke <[email protected]> |
||
8 | * @author Julius Härtl <[email protected]> |
||
9 | * @author Robin Appelman <[email protected]> |
||
10 | * |
||
11 | * @license GNU AGPL version 3 or any later version |
||
12 | * |
||
13 | * This program is free software: you can redistribute it and/or modify |
||
14 | * it under the terms of the GNU Affero General Public License as |
||
15 | * published by the Free Software Foundation, either version 3 of the |
||
16 | * License, or (at your option) any later version. |
||
17 | * |
||
18 | * This program is distributed in the hope that it will be useful, |
||
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
21 | * GNU Affero General Public License for more details. |
||
22 | * |
||
23 | * You should have received a copy of the GNU Affero General Public License |
||
24 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
25 | * |
||
26 | */ |
||
27 | namespace OCA\DAV\Connector\Sabre; |
||
28 | |||
29 | use Sabre\DAV\CorePlugin; |
||
30 | use Sabre\DAV\FS\Directory; |
||
0 ignored issues
–
show
|
|||
31 | use Sabre\DAV\ServerPlugin; |
||
32 | use Sabre\DAV\Tree; |
||
33 | use Sabre\HTTP\RequestInterface; |
||
34 | use Sabre\HTTP\ResponseInterface; |
||
35 | |||
36 | class AnonymousOptionsPlugin extends ServerPlugin { |
||
37 | |||
38 | /** |
||
39 | * @var \Sabre\DAV\Server |
||
40 | */ |
||
41 | private $server; |
||
42 | |||
43 | /** |
||
44 | * @param \Sabre\DAV\Server $server |
||
45 | * @return void |
||
46 | */ |
||
47 | public function initialize(\Sabre\DAV\Server $server) { |
||
48 | $this->server = $server; |
||
49 | // before auth |
||
50 | $this->server->on('beforeMethod:*', [$this, 'handleAnonymousOptions'], 9); |
||
51 | } |
||
52 | |||
53 | /** |
||
54 | * @return bool |
||
55 | */ |
||
56 | public function isRequestInRoot($path) { |
||
57 | return $path === '' || (is_string($path) && strpos($path, '/') === false); |
||
58 | } |
||
59 | |||
60 | /** |
||
61 | * @throws \Sabre\DAV\Exception\Forbidden |
||
62 | * @return bool |
||
63 | */ |
||
64 | public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) { |
||
65 | $isOffice = preg_match('/Microsoft Office/i', $request->getHeader('User-Agent') ?? ''); |
||
66 | $emptyAuth = $request->getHeader('Authorization') === null |
||
67 | || $request->getHeader('Authorization') === '' |
||
68 | || trim($request->getHeader('Authorization')) === 'Bearer'; |
||
69 | $isAnonymousOfficeOption = $request->getMethod() === 'OPTIONS' && $isOffice && $emptyAuth; |
||
70 | $isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $emptyAuth; |
||
71 | if ($isAnonymousOfficeOption || $isOfficeHead) { |
||
72 | /** @var CorePlugin $corePlugin */ |
||
73 | $corePlugin = $this->server->getPlugin('core'); |
||
74 | // setup a fake tree for anonymous access |
||
75 | $this->server->tree = new Tree(new Directory('')); |
||
76 | $corePlugin->httpOptions($request, $response); |
||
77 | $this->server->emit('afterMethod:*', [$request, $response]); |
||
78 | $this->server->emit('afterMethod:OPTIONS', [$request, $response]); |
||
79 | |||
80 | $this->server->sapi->sendResponse($response); |
||
81 | return false; |
||
82 | } |
||
83 | } |
||
84 | } |
||
85 |
Let?s assume that you have a directory layout like this:
and let?s assume the following content of
Bar.php
:If both files
OtherDir/Foo.php
andSomeDir/Foo.php
are loaded in the same runtime, you will see a PHP error such as the following:PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php
However, as
OtherDir/Foo.php
does not necessarily have to be loaded and the error is only triggered if it is loaded beforeOtherDir/Bar.php
, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: