Issues in AnonymousOptionsPlugin.php (master) - Issues in master - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2553)

dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php (1 issue)

Labels

Bug 1

Severity

Major 1

Robin Appelman 1

<?php
/**
 * @copyright Copyright (c) 2018 Robin Appelman <[email protected]>
 *
 * @author Bastien Durel <[email protected]>
 * @author Christoph Wurst <[email protected]>
 * @author Georg Ehrke <[email protected]>
 * @author Julius Härtl <[email protected]>
 * @author Robin Appelman <[email protected]>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */
namespace OCA\DAV\Connector\Sabre;

use Sabre\DAV\CorePlugin;
use Sabre\DAV\FS\Directory;
.
|-- OtherDir
|   |-- Bar.php
|   `-- Foo.php
`-- SomeDir
    `-- Foo.php
use Sabre\DAV\ServerPlugin;
use Sabre\DAV\Tree;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;

class AnonymousOptionsPlugin extends ServerPlugin {

	/**
	 * @var \Sabre\DAV\Server
	 */
	private $server;

	/**
	 * @param \Sabre\DAV\Server $server
	 * @return void
	 */
	public function initialize(\Sabre\DAV\Server $server) {
		$this->server = $server;
		// before auth
		$this->server->on('beforeMethod:*', [$this, 'handleAnonymousOptions'], 9);
	}

	/**
	 * @return bool
	 */
	public function isRequestInRoot($path) {
		return $path === '' || (is_string($path) && strpos($path, '/') === false);
	}

	/**
	 * @throws \Sabre\DAV\Exception\Forbidden
	 * @return bool
	 */
	public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) {
		$isOffice = preg_match('/Microsoft Office/i', $request->getHeader('User-Agent') ?? '');
		$emptyAuth = $request->getHeader('Authorization') === null
			|| $request->getHeader('Authorization') === ''
			|| trim($request->getHeader('Authorization')) === 'Bearer';
		$isAnonymousOfficeOption = $request->getMethod() === 'OPTIONS' && $isOffice && $emptyAuth;
		$isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $emptyAuth;
		if ($isAnonymousOfficeOption || $isOfficeHead) {
			/** @var CorePlugin $corePlugin */
			$corePlugin = $this->server->getPlugin('core');
			// setup a fake tree for anonymous access
			$this->server->tree = new Tree(new Directory(''));
			$corePlugin->httpOptions($request, $response);
			$this->server->emit('afterMethod:*', [$request, $response]);
			$this->server->emit('afterMethod:OPTIONS', [$request, $response]);

			$this->server->sapi->sendResponse($response);
			return false;
		}
	}
}


1			<?php
2			/**
3			* @copyright Copyright (c) 2018 Robin Appelman <[email protected]>
4			*
5			* @author Bastien Durel <[email protected]>
6			* @author Christoph Wurst <[email protected]>
7			* @author Georg Ehrke <[email protected]>
8			* @author Julius Härtl <[email protected]>
9			* @author Robin Appelman <[email protected]>
10			*
11			* @license GNU AGPL version 3 or any later version
12			*
13			* This program is free software: you can redistribute it and/or modify
14			* it under the terms of the GNU Affero General Public License as
15			* published by the Free Software Foundation, either version 3 of the
16			* License, or (at your option) any later version.
17			*
18			* This program is distributed in the hope that it will be useful,
19			* but WITHOUT ANY WARRANTY; without even the implied warranty of
20			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21			* GNU Affero General Public License for more details.
22			*
23			* You should have received a copy of the GNU Affero General Public License
24			* along with this program. If not, see <http://www.gnu.org/licenses/>.
25			*
26			*/
27			namespace OCA\DAV\Connector\Sabre;
28
29			use Sabre\DAV\CorePlugin;
30			use Sabre\DAV\FS\Directory;
			0 ignored issues – show Bug introduced 2018-10-24 12:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this This use statement conflicts with another class in this namespace, `OCA\DAV\Connector\Sabre\Directory`. Consider defining an alias. Let?s assume that you have a directory layout like this: . \|-- OtherDir \| \|-- Bar.php \| `-- Foo.php `-- SomeDir `-- Foo.php and let?s assume the following content of `Bar.php`: // Bar.php namespace OtherDir; use SomeDir\Foo; // This now conflicts the class OtherDir\Foo If both files `OtherDir/Foo.php` and `SomeDir/Foo.php` are loaded in the same runtime, you will see a PHP error such as the following: PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php However, as `OtherDir/Foo.php` does not necessarily have to be loaded and the error is only triggered if it is loaded before `OtherDir/Bar.php`, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: // Bar.php namespace OtherDir; use SomeDir\Foo as SomeDirFoo; // There is no conflict anymore. Loading history...
31			use Sabre\DAV\ServerPlugin;
32			use Sabre\DAV\Tree;
33			use Sabre\HTTP\RequestInterface;
34			use Sabre\HTTP\ResponseInterface;
35
36			class AnonymousOptionsPlugin extends ServerPlugin {
37
38			/**
39			* @var \Sabre\DAV\Server
40			*/
41			private $server;
42
43			/**
44			* @param \Sabre\DAV\Server $server
45			* @return void
46			*/
47			public function initialize(\Sabre\DAV\Server $server) {
48			$this->server = $server;
49			// before auth
50			$this->server->on('beforeMethod:*', [$this, 'handleAnonymousOptions'], 9);
51			}
52
53			/**
54			* @return bool
55			*/
56			public function isRequestInRoot($path) {
57			return $path === '' \|\| (is_string($path) && strpos($path, '/') === false);
58			}
59
60			/**
61			* @throws \Sabre\DAV\Exception\Forbidden
62			* @return bool
63			*/
64			public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) {
65			$isOffice = preg_match('/Microsoft Office/i', $request->getHeader('User-Agent') ?? '');
66			$emptyAuth = $request->getHeader('Authorization') === null
67			\|\| $request->getHeader('Authorization') === ''
68			\|\| trim($request->getHeader('Authorization')) === 'Bearer';
69			$isAnonymousOfficeOption = $request->getMethod() === 'OPTIONS' && $isOffice && $emptyAuth;
70			$isOfficeHead = $request->getMethod() === 'HEAD' && $isOffice && $emptyAuth;
71			if ($isAnonymousOfficeOption \|\| $isOfficeHead) {
72			/** @var CorePlugin $corePlugin */
73			$corePlugin = $this->server->getPlugin('core');
74			// setup a fake tree for anonymous access
75			$this->server->tree = new Tree(new Directory(''));
76			$corePlugin->httpOptions($request, $response);
77			$this->server->emit('afterMethod:*', [$request, $response]);
78			$this->server->emit('afterMethod:OPTIONS', [$request, $response]);
79
80			$this->server->sapi->sendResponse($response);
81			return false;
82			}
83			}
84			}
85

nextcloud / server

Issues (2553)

dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like