From ac7fb1b23e40e3075535ed5d4188219580b2386a Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 10 May 2014 14:00:22 +0200
Subject: [PATCH] Remove legacy routing code
The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application.
This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app.
Testplan:
[x] Installation works
[x] Login with DB works
[x] Logout works
[x] Login with alternate backend works (tested with user_webdavauth)
[x] Other apps are accessible
[x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled)
[x] Personal settings are accessible
[x] Admin settings are accessible
[x] Sharing files works
[x] DAV works
[x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications
---
.htaccess | 1 -
lib/base.php | 75 +++++++++---------------------------
lib/private/route/router.php | 3 ++
lib/private/util.php | 5 +--
public.php | 4 ++
remote.php | 6 ++-
6 files changed, 32 insertions(+), 62 deletions(-)
diff --git a/.htaccess b/.htaccess
index 714e8af213b..ee4d5af1d85 100644
--- a/.htaccess
+++ b/.htaccess
@@ -24,7 +24,6 @@ RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R]
RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R]
RewriteRule ^apps/calendar/caldav\.php remote.php/caldav/ [QSA,L]
RewriteRule ^apps/contacts/carddav\.php remote.php/carddav/ [QSA,L]
-RewriteRule ^apps/([^/]*)/(.*\.(php))$ index.php?app=$1&getfile=$2 [QSA,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
</IfModule>
<IfModule mod_mime.c>
diff --git a/lib/base.php b/lib/base.php
index 7c58619a556..d3f98ab0c1c 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -60,14 +60,11 @@ class OC {
public static $configDir;
- /*
+ /**
* requested app
*/
public static $REQUESTEDAPP = '';
- /*
- * requested file of app
- */
- public static $REQUESTEDFILE = '';
+
/**
* check if owncloud runs in cli mode
*/
@@ -574,12 +571,6 @@ class OC {
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
- // Load minimum set of apps - which is filesystem, authentication and logging
- if (!self::checkUpgrade(false)) {
- OC_App::loadApps(array('authentication'));
- OC_App::loadApps(array('filesystem', 'logging'));
- }
-
//setup extra user backends
OC_User::setupBackends();
@@ -592,35 +583,6 @@ class OC {
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
- //parse the given parameters
- self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'));
- if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
- $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
- $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
- parse_str($param, $get);
- $_GET = array_merge($_GET, $get);
- self::$REQUESTEDAPP = $app;
- $_GET['app'] = $app;
- }
- self::$REQUESTEDFILE = (isset($_GET['getfile']) ? $_GET['getfile'] : null);
- if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
- $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
- $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
- parse_str($param, $get);
- $_GET = array_merge($_GET, $get);
- self::$REQUESTEDFILE = $file;
- $_GET['getfile'] = $file;
- }
- if (!is_null(self::$REQUESTEDFILE)) {
- $subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
- $parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
- if (!OC_Helper::isSubDirectory($subdir, $parent)) {
- self::$REQUESTEDFILE = null;
- header('HTTP/1.0 404 Not Found');
- exit;
- }
- }
-
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
@@ -729,6 +691,7 @@ class OC {
OC::tryBasicAuthLogin();
}
+
if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
try {
if (!OC_Config::getValue('maintenance', false) && !self::needUpgrade()) {
@@ -745,9 +708,16 @@ class OC {
}
}
- $app = OC::$REQUESTEDAPP;
- $file = OC::$REQUESTEDFILE;
- $param = array('app' => $app, 'file' => $file);
+ // Load minimum set of apps
+ if (!self::checkUpgrade(false)) {
+ // For logged-in users: Load everything
+ if(OC_User::isLoggedIn()) {
+ OC_App::loadApps();
+ } else {
+ // For guests: Load only authentication, filesystem and logging
+ OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
+ }
+ }
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
@@ -778,7 +748,7 @@ class OC {
return;
}
- // Someone is logged in :
+ // Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
@@ -800,20 +770,13 @@ class OC {
// redirect to webroot and add slash if webroot is empty
header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
} else {
- if (is_null($file)) {
- $param['file'] = 'index.php';
- }
- $file_ext = substr($param['file'], -3);
- if ($file_ext != 'php'
- || !self::loadAppScriptFile($param)
- ) {
- header('HTTP/1.0 404 Not Found');
- }
+ // Redirect to default application
+ OC_Util::redirectToDefaultPage();
}
- return;
+ } else {
+ // Not handled and not logged in
+ self::handleLogin();
}
- // Not handled and not logged in
- self::handleLogin();
}
/**
diff --git a/lib/private/route/router.php b/lib/private/route/router.php
index a72ac2bb3f1..e7c8ad9ebdd 100644
--- a/lib/private/route/router.php
+++ b/lib/private/route/router.php
@@ -188,8 +188,11 @@ class Router implements IRouter {
if (substr($url, 0, 6) === '/apps/') {
// empty string / 'apps' / $app / rest of the route
list(, , $app,) = explode('/', $url, 4);
+ \OC::$REQUESTEDAPP = $app;
$this->loadRoutes($app);
} else if (substr($url, 0, 6) === '/core/' or substr($url, 0, 10) === '/settings/') {
+ \OC::$REQUESTEDAPP = $url;
+ \OC_App::loadApps();
$this->loadRoutes('core');
} else {
$this->loadRoutes();
diff --git a/lib/private/util.php b/lib/private/util.php
index 0daef78ce7f..dfdddd0e3ab 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -767,15 +767,12 @@ class OC_Util {
$urlGenerator = \OC::$server->getURLGenerator();
if(isset($_REQUEST['redirect_url'])) {
$location = urldecode($_REQUEST['redirect_url']);
- }
- else if (isset(OC::$REQUESTEDAPP) && !empty(OC::$REQUESTEDAPP)) {
- $location = $urlGenerator->getAbsoluteURL('/index.php/apps/'.OC::$REQUESTEDAPP.'/index.php');
} else {
$defaultPage = OC_Appconfig::getValue('core', 'defaultpage');
if ($defaultPage) {
$location = $urlGenerator->getAbsoluteURL($defaultPage);
} else {
- $location = $urlGenerator->getAbsoluteURL('/index.php/files/index.php');
+ $location = $urlGenerator->getAbsoluteURL('/index.php/apps/files');
}
}
OC_Log::write('core', 'redirectToDefaultPage: '.$location, OC_Log::DEBUG);
diff --git a/public.php b/public.php
index dfdd4c52af9..3b48e129d9a 100644
--- a/public.php
+++ b/public.php
@@ -24,6 +24,10 @@ try {
$parts = explode('/', $file, 2);
$app = $parts[0];
+ // Load all required applications
+ \OC::$REQUESTEDAPP = $app;
+ OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
+
OC_Util::checkAppEnabled($app);
OC_App::loadApp($app);
OC_User::setIncognitoMode(true);
diff --git a/remote.php b/remote.php
index 15dfa8256ff..6a069ed4605 100644
--- a/remote.php
+++ b/remote.php
@@ -1,7 +1,6 @@
<?php
try {
-
require_once 'lib/base.php';
$path_info = OC_Request::getPathInfo();
if ($path_info === false || $path_info === '') {
@@ -24,6 +23,11 @@ try {
$parts=explode('/', $file, 2);
$app=$parts[0];
+
+ // Load all required applications
+ \OC::$REQUESTEDAPP = $app;
+ OC_App::loadApps(array('authentication', 'filesystem', 'logging'));
+
switch ($app) {
case 'core':
$file = OC::$SERVERROOT .'/'. $file;
--
GitLab