upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

check if the data directory is accessible via http. Show a big security warning if yes

Browse source
This commit is contained in:
Frank Karlitschek 2012-06-21 14:18:43 +02:00
parent 3b4d2a971a
commit 5212fa3fa7
4 changed files with 62 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
lib/util.php
View file

@ -417,5 +417,46 @@ class OC_Util {
else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4 else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
return $value; return $value;
} }
/**
* Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http
*/
public static function ishtaccessworking() {
// testdata
$filename='/htaccesstest.txt';
$testcontent='testcontent';
// creating a test file
$testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename;
$fp = @fopen($testfile, 'w');
@fwrite($fp, $testcontent);
@fclose($fp);
// accessing the file via http
$url = OC_Helper::serverProtocol(). '://' . OC_Helper::serverHost() . OC::$WEBROOT.'/data'.$filename;
$fp = @fopen($url, 'r');
$content=@fread($fp, 2048);
@fclose($fp);
// cleanup
@unlink($testfile);
// does it work ?
if($content==$testcontent) {
return(false);
}else{
return(true);
}
}
} }

2
settings/admin.php
View file

@ -15,6 +15,7 @@ OC_App::setActiveNavigationEntry( "admin" );
$tmpl = new OC_Template( 'settings', 'admin', 'user'); $tmpl = new OC_Template( 'settings', 'admin', 'user');
$forms=OC_App::getForms('admin'); $forms=OC_App::getForms('admin');
$htaccessworking=OC_Util::ishtaccessworking();
$entries=OC_Log_Owncloud::getEntries(3); $entries=OC_Log_Owncloud::getEntries(3);
function compareEntries($a,$b){ function compareEntries($a,$b){
@ -24,6 +25,7 @@ usort($entries, 'compareEntries');
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 )); $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
$tmpl->assign('entries',OC_Util::sanitizeHTML($entries)); $tmpl->assign('entries',OC_Util::sanitizeHTML($entries));
$tmpl->assign('htaccessworking',$htaccessworking);
$tmpl->assign('forms',array()); $tmpl->assign('forms',array());
foreach($forms as $form){ foreach($forms as $form){
$tmpl->append('forms',$form); $tmpl->append('forms',$form);

8
settings/css/settings.css
View file

@ -48,7 +48,11 @@ li.active { color:#000; }
small.externalapp { color:#FFF; background-color:#BBB; font-weight:bold; font-size:6pt; padding:4px; border-radius: 4px;} small.externalapp { color:#FFF; background-color:#BBB; font-weight:bold; font-size:6pt; padding:4px; border-radius: 4px;}
span.version { margin-left:3em; color:#ddd; } span.version { margin-left:3em; color:#ddd; }
/* LOF */ /* LOG */
#log { white-space:normal; } #log { white-space:normal; }
/* Don't show blank images */ /* Don't show blank images */
img[src=""] { display:none} img[src=""] { display:none}
/* ADMIN */
span.securitywarning {color:#C33; font-weight:bold; }

13
settings/templates/admin.php
View file

@ -4,8 +4,21 @@
* See the COPYING-README file. * See the COPYING-README file.
*/ */
$levels=array('Debug','Info','Warning','Error','Fatal'); $levels=array('Debug','Info','Warning','Error','Fatal');
if(!$_['htaccessworking']) {
?>
<fieldset class="personalblock">
<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
<span class="securitywarning">Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.</span>
</fieldset>
<?php
}
?> ?>
<?php foreach($_['forms'] as $form){ <?php foreach($_['forms'] as $form){
echo $form; echo $form;
};?> };?>