upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-16 17:30:55 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
nextcloud/lib/private/legacy/OC_JSON.php

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

105 lines
3.3 KiB
PHP
Raw Normal View History

Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
<?php
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-23 03:26:56 -04:00
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
/**
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-23 03:26:56 -04:00
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
Revert "Updating license headers" This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
2015-02-26 05:37:37 -05:00
*/
Refactor `OC\Server::getTwoFactorAuthManager` Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
2023-08-29 18:18:12 -04:00
use OC\Authentication\TwoFactorAuth\Manager as TwoFactorAuthManager;
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 08:19:56 -04:00
class OC_JSON {
Check if the application is actually enabled
2011-09-30 17:05:10 -04:00
/**
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
* Check if the app is enabled, send json error msg if not
* @param string $app
* @deprecated Use the AppFramework instead. It will automatically check if the app is enabled.
Some more invalid PHPDocs in legacy classes Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 14:21:05 -04:00
* @suppress PhanDeprecatedFunction
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
*/
adding space between) and {
2012-09-07 09:22:01 -04:00
public static function checkAppEnabled($app) {
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 08:19:56 -04:00
if (!\OC::$server->getAppManager()->isEnabledForUser($app)) {
Use public api for getting l10n
2014-08-31 04:05:59 -04:00
$l = \OC::$server->getL10N('lib');
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 04:30:18 -04:00
self::error([ 'data' => [ 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' ]]);
Check if the application is actually enabled
2011-09-30 17:05:10 -04:00
exit();
}
}
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
/**
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
* Check if the user is logged in, send json error msg if not
* @deprecated Use annotation based ACLs from the AppFramework instead
Some more invalid PHPDocs in legacy classes Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 14:21:05 -04:00
* @suppress PhanDeprecatedFunction
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
*/
adding space between) and {
2012-09-07 09:22:01 -04:00
public static function checkLoggedIn() {
Refactor `OC\Server::getTwoFactorAuthManager` Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
2023-08-29 18:18:12 -04:00
$twoFactorAuthManger = \OC::$server->get(TwoFactorAuthManager::class);
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 08:19:56 -04:00
if (!\OC::$server->getUserSession()->isLoggedIn()
prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
2016-08-24 04:42:07 -04:00
|| $twoFactorAuthManger->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
Use public api for getting l10n
2014-08-31 04:05:59 -04:00
$l = \OC::$server->getL10N('lib');
Send 401 header for OC_JSON::checkLoggedIn()
2016-02-16 03:48:40 -05:00
http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 04:30:18 -04:00
self::error([ 'data' => [ 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ]]);
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
exit();
}
}
Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.
2012-06-13 11:33:19 -04:00
/**
Some more PHPDoc fixes
2014-04-21 09:44:54 -04:00
* Check an ajax get/post call if the request token is valid, send json error msg if not.
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
* @deprecated Use annotation based CSRF checks from the AppFramework instead
Some more invalid PHPDocs in legacy classes Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 14:21:05 -04:00
* @suppress PhanDeprecatedFunction
Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.
2012-06-13 11:33:19 -04:00
*/
adding space between) and {
2012-09-07 09:22:01 -04:00
public static function callCheck() {
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 08:19:56 -04:00
if (!\OC::$server->getRequest()->passesStrictCookieCheck()) {
[master] Port Same-Site Cookies to master Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 11:37:30 -04:00
header('Location: '.\OC::$WEBROOT);
exit();
}
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 08:19:56 -04:00
if (!\OC::$server->getRequest()->passesCSRFCheck()) {
Use public api for getting l10n
2014-08-31 04:05:59 -04:00
$l = \OC::$server->getL10N('lib');
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 04:30:18 -04:00
self::error([ 'data' => [ 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' ]]);
Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.
2012-06-13 11:33:19 -04:00
exit();
}
}
Whitespace fixes in lib
2012-08-29 02:38:33 -04:00
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
/**
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
* Check if the user is a admin, send json error msg if not.
* @deprecated Use annotation based ACLs from the AppFramework instead
Some more invalid PHPDocs in legacy classes Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 14:21:05 -04:00
* @suppress PhanDeprecatedFunction
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
*/
adding space between) and {
2012-09-07 09:22:01 -04:00
public static function checkAdminUser() {
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 08:19:56 -04:00
if (!OC_User::isAdminUser(OC_User::getUser())) {
Use public api for getting l10n
2014-08-31 04:05:59 -04:00
$l = \OC::$server->getL10N('lib');
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 04:30:18 -04:00
self::error([ 'data' => [ 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' ]]);
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
exit();
}
}
Whitespace fixes in lib
2012-08-29 02:38:33 -04:00
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
/**
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
* Send json error msg
* @deprecated Use a AppFramework JSONResponse instead
Some more invalid PHPDocs in legacy classes Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 14:21:05 -04:00
* @suppress PhanDeprecatedFunction
Add sanitizers for JSON output Those functions set proper content-types that prevent rendering of data. Therefore it's safe to mark them as sanitizers. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-12-11 16:23:11 -05:00
* @psalm-taint-escape html
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
*/
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 04:30:18 -04:00
public static function error($data = []) {
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
$data['status'] = 'error';
Remove trailing and in between spaces Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:07:47 -04:00
header('Content-Type: application/json; charset=utf-8');
Remove unused methods of OC_Json Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-12 13:28:46 -04:00
echo self::encode($data);
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
}
/**
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
* Send json success msg
* @deprecated Use a AppFramework JSONResponse instead
Some more invalid PHPDocs in legacy classes Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 14:21:05 -04:00
* @suppress PhanDeprecatedFunction
Add sanitizers for JSON output Those functions set proper content-types that prevent rendering of data. Therefore it's safe to mark them as sanitizers. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-12-11 16:23:11 -05:00
* @psalm-taint-escape html
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
*/
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 04:30:18 -04:00
public static function success($data = []) {
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
$data['status'] = 'success';
Remove trailing and in between spaces Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:07:47 -04:00
header('Content-Type: application/json; charset=utf-8');
Remove unused methods of OC_Json Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-12 13:28:46 -04:00
echo self::encode($data);
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
}
Fixed download file from URL error messages - L10N now converted to string to make them work with json_encode - Added specific error message when server doesn't allow fopen on URLs - Fixed client side to correctly show error message in a notification - Added OCP\JSON::encode() method to encode JSON with support for the OC_L10N_String values
2013-12-10 09:32:48 -05:00
/**
* Encode JSON
Deprecate `OC_JSON` and `OCP\JSON` This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code. With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-11 18:56:13 -05:00
* @deprecated Use a AppFramework JSONResponse instead
Fixed download file from URL error messages - L10N now converted to string to make them work with json_encode - Added specific error message when server doesn't allow fopen on URLs - Fixed client side to correctly show error message in a notification - Added OCP\JSON::encode() method to encode JSON with support for the OC_L10N_String values
2013-12-10 09:32:48 -05:00
*/
fix: Remove calls to deprecated OC_JSON::encode to_string was useless because L10N string is json serializable now and serialize to string correctly. Removed all external calls to OC_JSON::encode to ease removing the rest of it later. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-03-05 18:26:55 -05:00
private static function encode($data) {
Encode HTML tags in JSON While not encoding the HTML tags in the JSON response is perfectly fine since we set the proper mimetype as well as disable content sniffing a lot of automated code scanner do report this as security bug. Encoding them leads to less discussions and a lot of saved time.
2015-09-02 18:44:46 -04:00
return json_encode($data, JSON_HEX_TAG);
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit.
2011-09-23 16:22:59 -04:00
}
}
Reference in a new issue Copy permalink