Check if the application is actually enabled

apps/admin_export/settings.php

@@ -20,6 +20,7 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
+OC_Util::checkAppEnabled('admin_export');
 if (isset($_POST['admin_export'])) {
     $root = OC::$SERVERROOT . "/";
     $zip = new ZipArchive();
@@ -91,4 +92,4 @@ function zipAddDir($dir, $zip, $recursive=true, $internalDir='') {
     } else {
 	error_log("Was not able to open directory: " . $dir);
     }
-}
+}

apps/bookmarks/addBm.php

@@ -25,6 +25,7 @@ require_once('../../lib/base.php');
 
 // Check if we are a user
 OC_Util::checkLoggedIn();
+OC_Util::checkAppEnabled('bookmarks');
 
 require_once('bookmarksHelper.php');
 

apps/bookmarks/ajax/addBookmark.php

@@ -28,6 +28,7 @@ require_once('../../../lib/base.php');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('bookmarks');
 
 $CONFIG_DBTYPE = OC_Config::getValue( "dbtype", "sqlite" );
 if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){

apps/bookmarks/ajax/delBookmark.php

@@ -28,6 +28,7 @@ require_once('../../../lib/base.php');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('bookmarks');
 
 $params=array(
 	htmlspecialchars_decode($_GET["url"]),

apps/bookmarks/ajax/editBookmark.php

@@ -28,6 +28,7 @@ require_once('../../../lib/base.php');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('bookmarks');
 
 $CONFIG_DBTYPE = OC_Config::getValue( "dbtype", "sqlite" );
 if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){

apps/bookmarks/ajax/getMeta.php

@@ -28,6 +28,7 @@ require_once('../../../lib/base.php');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('bookmarks');
 
 // $metadata = array();
 

apps/bookmarks/ajax/recordClick.php

@@ -28,6 +28,7 @@ require_once('../../../lib/base.php');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('bookmarks');
 
 $query = OC_DB::prepare("
 	UPDATE *PREFIX*bookmarks

apps/bookmarks/ajax/updateList.php

@@ -28,6 +28,7 @@ require_once('../../../lib/base.php');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('bookmarks');
 
 $params=array(OC_User::getUser());
 $CONFIG_DBTYPE = OC_Config::getValue( 'dbtype', 'sqlite' );

apps/bookmarks/index.php

@@ -25,6 +25,7 @@ require_once('../../lib/base.php');
 
 // Check if we are a user
 OC_Util::checkLoggedIn();
+OC_Util::checkAppEnabled('bookmarks');
 
 OC_App::setActiveNavigationEntry( 'bookmarks_index' );
 

apps/calendar/ajax/activation.php

@@ -10,6 +10,7 @@ require_once ("../../../lib/base.php");
 if(!OC_USER::isLoggedIn()) {
 	die("<script type=\"text/javascript\">document.location = oc_webroot;</script>");
 }
+OC_JSON::checkAppEnabled('calendar');
 $calendarid = $_POST['calendarid'];
 OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']);
 $cal = OC_Calendar_Calendar::findCalendar($calendarid);

apps/calendar/ajax/changeview.php

@@ -10,6 +10,7 @@ require_once ("../../../lib/base.php");
 if(!OC_USER::isLoggedIn()) {
 	die("<script type=\"text/javascript\">document.location = oc_webroot;</script>");
 }
+OC_JSON::checkAppEnabled('calendar');
 $currentview = $_GET["v"];
 OC_Preferences::setValue(OC_USER::getUser(), "calendar", "currentview", $currentview);
 ?>

apps/calendar/ajax/choosecalendar.php

@@ -11,6 +11,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die("<script type=\"text/javascript\">document.location = oc_webroot;</script>");
 }
+OC_JSON::checkAppEnabled('calendar');
 $output = new OC_TEMPLATE("calendar", "part.choosecalendar");
 $output -> printpage();
 ?>

apps/calendar/ajax/createcalendar.php

@@ -12,6 +12,7 @@ $l10n = new OC_L10N('calendar');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('calendar');
 
 $userid = OC_User::getUser();
 $calendarid = OC_Calendar_Calendar::addCalendar($userid, $_POST['name'], $_POST['description'], 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']);

apps/calendar/ajax/deletecalendar.php

@@ -12,6 +12,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die('<script type="text/javascript">document.location = oc_webroot;</script>');
 }
+OC_JSON::checkAppEnabled('calendar');
 
 $cal = $_POST["calendarid"];
 $calendar = OC_Calendar_Calendar::findCalendar($cal);

apps/calendar/ajax/deleteevent.php

@@ -12,6 +12,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die('<script type="text/javascript">document.location = oc_webroot;</script>');
 }
+OC_JSON::checkAppEnabled('calendar');
 
 $id = $_POST['id'];
 $data = OC_Calendar_Object::find($id);

apps/calendar/ajax/editcalendar.php

@@ -11,6 +11,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die("<script type=\"text/javascript\">document.location = oc_webroot;</script>");
 }
+OC_JSON::checkAppEnabled('calendar');
 $calendar = OC_Calendar_Calendar::findCalendar($_GET['calendarid']);
 $tmpl = new OC_Template("calendar", "part.editcalendar");
 $tmpl->assign('new', false);

apps/calendar/ajax/editevent.php

@@ -13,6 +13,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die('<script type="text/javascript">document.location = oc_webroot;</script>');
 }
+OC_JSON::checkAppEnabled('calendar');
 
 $errarr = OC_Calendar_Object::validateRequest($_POST);
 if($errarr){

apps/calendar/ajax/editeventform.php

@@ -13,6 +13,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die('<script type="text/javascript">document.location = oc_webroot;</script>');
 }
+OC_JSON::checkAppEnabled('calendar');
 
 $calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser());
 $category_options = OC_Calendar_Object::getCategoryOptions($l10n);

apps/calendar/ajax/getcal.php

@@ -10,6 +10,7 @@ require_once ("../../../lib/base.php");
 if(!OC_USER::isLoggedIn()) {
 	die("<script type=\"text/javascript\">document.location = oc_webroot;</script>");
 }
+OC_JSON::checkAppEnabled('calendar');
 
 $calendars = OC_Calendar_Calendar::allCalendars(OC_User::getUser(), 1);
 $events = array();

apps/calendar/ajax/newcalendar.php

@@ -11,6 +11,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die("<script type=\"text/javascript\">document.location = oc_webroot;</script>");
 }
+OC_JSON::checkAppEnabled('calendar');
 $calendar = array(
 	'id' => 'new',
 	'displayname' => 'Test',

apps/calendar/ajax/newevent.php

@@ -13,6 +13,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die("<script type=\"text/javascript\">document.location = oc_webroot;</script>");
 }
+OC_JSON::checkAppEnabled('calendar');
 
 $errarr = OC_Calendar_Object::validateRequest($_POST);
 if($errarr){

apps/calendar/ajax/neweventform.php

@@ -13,6 +13,7 @@ $l10n = new OC_L10N('calendar');
 if(!OC_USER::isLoggedIn()) {
 	die('<script type="text/javascript">document.location = oc_webroot;</script>');
 }
+OC_JSON::checkAppEnabled('calendar');
 
 $calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser());
 $category_options = OC_Calendar_Object::getCategoryOptions($l10n);

apps/calendar/ajax/settimezone.php

@@ -13,6 +13,7 @@ $l=new OC_L10N('calendar');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('calendar');
 
 // Get data
 if( isset( $_POST['timezone'] ) ){

apps/calendar/ajax/updatecalendar.php

@@ -12,6 +12,7 @@ $l10n = new OC_L10N('calendar');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('calendar');
 
 $calendarid = $_POST['id'];
 OC_Calendar_Calendar::editCalendar($calendarid, $_POST['name'], $_POST['description'], null, null, null, $_POST['color']);

apps/calendar/caldav.php

@@ -10,6 +10,7 @@
 $RUNTIME_NOSETUPFS = true;
 
 require_once('../../lib/base.php');
+OC_Util::checkAppEnabled('calendar');
 
 // Backends
 $authBackend = new OC_Connector_Sabre_Auth();

apps/calendar/export.php

@@ -8,6 +8,7 @@
 
 require_once ("../../lib/base.php");
 OC_Util::checkLoggedIn();
+OC_Util::checkAppEnabled('calendar');
 $cal = $_GET["calid"];
 $calendar = OC_Calendar_Calendar::findCalendar($cal);
 if($calendar["userid"] != OC_User::getUser()){

apps/calendar/index.php

@@ -8,6 +8,7 @@
 
 require_once ('../../lib/base.php');
 OC_Util::checkLoggedIn();
+OC_Util::checkAppEnabled('calendar');
 // Create default calendar ...
 $calendars = OC_Calendar_Calendar::allCalendars(OC_User::getUser());
 if( count($calendars) == 0){

apps/contacts/ajax/addcard.php

@@ -28,6 +28,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $addressbook = OC_Contacts_Addressbook::find( $aid );
 if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){

apps/contacts/ajax/addproperty.php

@@ -28,6 +28,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $card = OC_Contacts_VCard::find( $id );
 if( $card === false ){

apps/contacts/ajax/deletebook.php

@@ -29,6 +29,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $addressbook = OC_Contacts_Addressbook::find( $id );
 if( $addressbook === false || $addressbook['userid'] != OC_USER::getUser()){

apps/contacts/ajax/deletecard.php

@@ -29,6 +29,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $card = OC_Contacts_VCard::find( $id );
 if( $card === false ){

apps/contacts/ajax/deleteproperty.php

@@ -31,6 +31,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $card = OC_Contacts_VCard::find( $id );
 if( $card === false ){

apps/contacts/ajax/getdetails.php

@@ -29,6 +29,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 
 $card = OC_Contacts_VCard::find( $id );

apps/contacts/ajax/setproperty.php

@@ -29,6 +29,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $card = OC_Contacts_VCard::find( $id );
 if( $card === false ){

apps/contacts/ajax/showaddcard.php

@@ -27,6 +27,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $addressbooks = OC_Contacts_Addressbook::all(OC_USER::getUser());
 $tmpl = new OC_Template('contacts','part.addcardform');

apps/contacts/ajax/showaddproperty.php

@@ -28,6 +28,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $card = OC_Contacts_VCard::find( $id );
 if( $card === false ){

apps/contacts/ajax/showsetproperty.php

@@ -29,6 +29,7 @@ $l10n = new OC_L10N('contacts');
 
 // Check if we are a user
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('contacts');
 
 $card = OC_Contacts_VCard::find( $id );
 if( $card === false ){

apps/contacts/carddav.php

@@ -24,6 +24,7 @@
 $RUNTIME_NOSETUPFS = true;
 
 require_once('../../lib/base.php');
+OC_Util::checkAppEnabled('contacts');
 
 // Backends
 $authBackend = new OC_Connector_Sabre_Auth();

apps/contacts/index.php

@@ -29,6 +29,7 @@ require_once('../../lib/base.php');
 
 // Check if we are a user
 OC_Util::checkLoggedIn();
+OC_Util::checkAppEnabled('contacts');
 
 // Check if the user has an addressbook
 $addressbooks = OC_Contacts_Addressbook::all(OC_User::getUser());

apps/contacts/photo.php

@@ -22,6 +22,7 @@
 
 // Init owncloud
 require_once('../../lib/base.php');
+OC_Util::checkAppEnabled('contacts');
 
 $id = $_GET['id'];
 

apps/files_sharing/ajax/getitem.php

@@ -2,6 +2,7 @@
 $RUNTIME_NOAPPS = true;
 
 require_once('../../../lib/base.php');
+OC_JSON::checkAppEnabled('files_sharing');
 require_once('../lib_share.php');
 
 $userDirectory = "/".OC_User::getUser()."/files";

apps/files_sharing/ajax/setpermissions.php

@@ -2,6 +2,7 @@
 $RUNTIME_NOAPPS = true;
 
 require_once('../../../lib/base.php');
+OC_JSON::checkAppEnabled('files_sharing');
 require_once('../lib_share.php');
 
 $source = "/".OC_User::getUser()."/files".$_GET['source'];
@@ -9,4 +10,4 @@ $uid_shared_with = $_GET['uid_shared_with'];
 $permissions = $_GET['permissions'];
 OC_Share::setPermissions($source, $uid_shared_with, $permissions);
 
-?>
+?>

apps/files_sharing/ajax/share.php

@@ -2,6 +2,7 @@
 $RUNTIME_NOAPPS = true;
 
 require_once('../../../lib/base.php');
+OC_JSON::checkAppEnabled('files_sharing');
 require_once('../lib_share.php');
 
 $userDirectory = "/".OC_User::getUser()."/files";
@@ -26,4 +27,4 @@ foreach ($sources as $source) {
 	}
 }
 
-?>
+?>

apps/files_sharing/ajax/unshare.php

@@ -2,10 +2,11 @@
 $RUNTIME_NOAPPS = true;
 
 require_once('../../../lib/base.php');
+OC_JSON::checkAppEnabled('files_sharing');
 require_once('../lib_share.php');
 
 $source = "/".OC_User::getUser()."/files".$_GET['source'];
 $uid_shared_with = $_GET['uid_shared_with'];
 OC_Share::unshare($source, $uid_shared_with);
 
-?>
+?>

apps/files_sharing/ajax/userautocomplete.php

@@ -4,6 +4,7 @@ $RUNTIME_NOAPPS = true;
 require_once('../../../lib/base.php');
 
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('files_sharing');
 
 $users = array();
 $ocusers = OC_User::getUsers();

apps/files_sharing/get.php

@@ -3,6 +3,7 @@ $RUNTIME_NOAPPS=true; //no need to load the apps
 $RUNTIME_NOSETUPFS=true; //don't setup the fs yet
 
 require_once '../../lib/base.php';
+OC_JSON::checkAppEnabled('files_sharing');
 require_once 'lib_share.php';
 
 //get the path of the shared file

apps/files_sharing/list.php

@@ -24,6 +24,7 @@ require_once('../../lib/base.php');
 require_once('lib_share.php');
 
 OC_Util::checkLoggedIn();
+OC_Util::checkAppEnabled('files_sharing');
 
 OC_App::setActiveNavigationEntry("files_sharing_list");
 

apps/media/ajax/api.php

@@ -27,6 +27,7 @@ header('Content-type: text/html; charset=UTF-8') ;
 $RUNTIME_NOAPPS=true;
 
 require_once('../../../lib/base.php');
+OC_JSON::checkAppEnabled('media');
 require_once('../lib_collection.php');
 require_once('../lib_scanner.php');
 

apps/media/ajax/autoupdate.php

@@ -28,6 +28,7 @@ $RUNTIME_NOAPPS=true;
 $RUNTIME_NOSETUPFS=true;
 
 require_once('../../../lib/base.php');
+OC_JSON::checkAppEnabled('media');
 
 if(defined("DEBUG") && DEBUG) {error_log($_GET['autoupdate']);}
 $autoUpdate=(isset($_GET['autoupdate']) and $_GET['autoupdate']=='true');

apps/media/index.php

@@ -26,6 +26,7 @@ require_once('../../lib/base.php');
 
 // Check if we are a user
 OC_Util::checkLoggedIn();
+OC_Util::checkAppEnabled('media');
 
 require_once('lib_collection.php');
 require_once('lib_scanner.php');

apps/media/server/xml.server.php

@@ -23,6 +23,7 @@
 
 
 require_once('../../../lib/base.php');
+OC_Util::checkAppEnabled('media');
 require_once('../lib_collection.php');
 require_once('../lib_ampache.php');
 

apps/media/tomahawk.php

@@ -24,6 +24,7 @@
 $_POST=$_GET; //debug
 
 require_once('../../lib/base.php');
+OC_JSON::checkAppEnabled('media');
 require_once('lib_collection.php');
 
 $user=isset($_POST['user'])?$_POST['user']:'';

apps/unhosted/compat.php

@@ -30,6 +30,7 @@
 $RUNTIME_NOSETUPFS = true;
 
 require_once('../../lib/base.php');
+OC_Util::checkAppEnabled('unhosted');
 require_once('Sabre/autoload.php');
 require_once('lib_unhosted.php');
 require_once('oauth_ro_auth.php');

apps/user_openid/user.php

@@ -37,6 +37,7 @@ if($USERNAME=='' and isset($_SERVER['PHP_AUTH_USER'])){
 $RUNTIME_NOAPPS=true;
 $RUNTIME_NOAPPS=false;
 require_once '../../lib/base.php';
+OC_Util::checkAppEnabled('user_openid');
 
 if(!OC_User::userExists($USERNAME)){
 	if(defined("DEBUG") && DEBUG) {error_log($USERNAME.' doesn\'t exist');}

lib/json.php

@@ -19,6 +19,17 @@ class OC_JSON{
 		}
 	}
 
+	/**
+	* Check if the app is enabled, send json error msg if not
+	*/
+	public static function checkAppEnabled($app){
+		if( !OC_App::isEnabled($app)){
+			$l = new OC_L10N('core');
+			self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled') )));
+			exit();
+		}
+	}
+
 	/**
 	* Check if the user is logged in, send json error msg if not
 	*/

lib/util.php

@@ -276,6 +276,16 @@ class OC_Util {
         }
 
 
+	/**
+	* Check if the app is enabled, send json error msg if not
+	*/
+	public static function checkAppEnabled($app){
+		if( !OC_App::isEnabled($app)){
+			header( 'Location: '.OC_Helper::linkTo( '', 'index.php' , true));
+			exit();
+		}
+	}
+
 	/**
 	* Check if the user is logged in, redirects to home if not
 	*/

settings/ajax/openid.php

@@ -6,6 +6,7 @@ require_once('../../lib/base.php');
 $l=new OC_L10N('settings');
 
 OC_JSON::checkLoggedIn();
+OC_JSON::checkAppEnabled('user_openid');
 
 // Get data
 if( isset( $_POST['identity'] ) ){