public.php 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Björn Schießle <bjoern@schiessle.org>
  6. * @author Christopher Schäpers <kondou@ts.unde.re>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  10. * @author Lukas Reschke <lukas@statuscode.ch>
  11. * @author Maxence Lange <maxence@artificial-owl.com>
  12. * @author Morris Jobke <hey@morrisjobke.de>
  13. * @author Robin Appelman <robin@icewind.nl>
  14. * @author Roeland Jago Douma <roeland@famdouma.nl>
  15. * @author Thomas Müller <thomas.mueller@tmit.eu>
  16. * @author Vincent Petry <vincent@nextcloud.com>
  17. *
  18. * @license AGPL-3.0
  19. *
  20. * This code is free software: you can redistribute it and/or modify
  21. * it under the terms of the GNU Affero General Public License, version 3,
  22. * as published by the Free Software Foundation.
  23. *
  24. * This program is distributed in the hope that it will be useful,
  25. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  26. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  27. * GNU Affero General Public License for more details.
  28. *
  29. * You should have received a copy of the GNU Affero General Public License, version 3,
  30. * along with this program. If not, see <http://www.gnu.org/licenses/>
  31. *
  32. */
  33. require_once __DIR__ . '/lib/versioncheck.php';
  34. use Psr\Log\LoggerInterface;
  35. /**
  36. * @param $service
  37. * @return string
  38. */
  39. function resolveService(string $service): string {
  40. $services = [
  41. 'webdav' => 'dav/appinfo/v1/publicwebdav.php',
  42. 'dav' => 'dav/appinfo/v2/publicremote.php',
  43. ];
  44. if (isset($services[$service])) {
  45. return $services[$service];
  46. }
  47. return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
  48. }
  49. try {
  50. require_once __DIR__ . '/lib/base.php';
  51. // All resources served via the DAV endpoint should have the strictest possible
  52. // policy. Exempted from this is the SabreDAV browser plugin which overwrites
  53. // this policy with a softer one if debug mode is enabled.
  54. header("Content-Security-Policy: default-src 'none';");
  55. if (\OCP\Util::needUpgrade()) {
  56. // since the behavior of apps or remotes are unpredictable during
  57. // an upgrade, return a 503 directly
  58. throw new RemoteException('Service unavailable', 503);
  59. }
  60. $request = \OC::$server->getRequest();
  61. $pathInfo = $request->getPathInfo();
  62. if ($pathInfo === false || $pathInfo === '') {
  63. throw new RemoteException('Path not found', 404);
  64. }
  65. if (!$pos = strpos($pathInfo, '/', 1)) {
  66. $pos = strlen($pathInfo);
  67. }
  68. $service = substr($pathInfo, 1, $pos - 1);
  69. $file = resolveService($service);
  70. if (!$file) {
  71. throw new RemoteException('Path not found', 404);
  72. }
  73. $file = ltrim($file, '/');
  74. $parts = explode('/', $file, 2);
  75. $app = $parts[0];
  76. // Load all required applications
  77. \OC::$REQUESTEDAPP = $app;
  78. OC_App::loadApps(['authentication']);
  79. OC_App::loadApps(['extended_authentication']);
  80. OC_App::loadApps(['filesystem', 'logging']);
  81. if (!\OC::$server->getAppManager()->isInstalled($app)) {
  82. throw new RemoteException('App not installed: ' . $app);
  83. }
  84. OC_App::loadApp($app);
  85. OC_User::setIncognitoMode(true);
  86. $baseuri = OC::$WEBROOT . '/public.php/'.$service.'/';
  87. require_once $file;
  88. } catch (Exception $ex) {
  89. $status = 500;
  90. if ($ex instanceof \OC\ServiceUnavailableException) {
  91. $status = 503;
  92. }
  93. //show the user a detailed error page
  94. \OCP\Server::get(LoggerInterface::class)->error($ex->getMessage(), ['app' => 'public', 'exception' => $ex]);
  95. OC_Template::printExceptionErrorPage($ex, $status);
  96. } catch (Error $ex) {
  97. //show the user a detailed error page
  98. \OCP\Server::get(LoggerInterface::class)->error($ex->getMessage(), ['app' => 'public', 'exception' => $ex]);
  99. OC_Template::printExceptionErrorPage($ex, 500);
  100. }