diff --git a/lib/util.php b/lib/util.php index 7792f96d4459ef3400276aa0632b0f0475d35612..8a2d913109dd33ff35599266b0409e48afe03cbe 100755 --- a/lib/util.php +++ b/lib/util.php @@ -420,18 +420,57 @@ class OC_Util { } } - /** - * @brief Public function to sanitize HTML - * + /** + * @brief Public function to sanitize HTML + * * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page. * * @param string or array of strings - * @return array with sanitized strings or a single sinitized string, depends on the input parameter. + * @return array with sanitized strings or a single sinitized string, depends on the input parameter. */ - public static function sanitizeHTML( &$value ){ - if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML'); - else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4 + public static function sanitizeHTML( &$value ){ + if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML'); + else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4 return $value; } + + /** + * Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http + */ + public static function ishtaccessworking() { + + // testdata + $filename='/htaccesstest.txt'; + $testcontent='testcontent'; + + // creating a test file + $testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename; + $fp = @fopen($testfile, 'w'); + @fwrite($fp, $testcontent); + @fclose($fp); + + // accessing the file via http + $url = OC_Helper::serverProtocol(). '://' . OC_Helper::serverHost() . OC::$WEBROOT.'/data'.$filename; + $fp = @fopen($url, 'r'); + $content=@fread($fp, 2048); + @fclose($fp); + + // cleanup + @unlink($testfile); + + // does it work ? + if($content==$testcontent) { + return(false); + }else{ + return(true); + + } + + } + + + + + } diff --git a/settings/admin.php b/settings/admin.php old mode 100644 new mode 100755 index a997bad4e3c8553987a73f0ec87ea4194d057dc5..8369ee64e062f6a506ce01fb25f97e1905fd1ec9 --- a/settings/admin.php +++ b/settings/admin.php @@ -15,6 +15,7 @@ OC_App::setActiveNavigationEntry( "admin" ); $tmpl = new OC_Template( 'settings', 'admin', 'user'); $forms=OC_App::getForms('admin'); +$htaccessworking=OC_Util::ishtaccessworking(); $entries=OC_Log_Owncloud::getEntries(3); function compareEntries($a,$b){ @@ -24,6 +25,7 @@ usort($entries, 'compareEntries'); $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 )); $tmpl->assign('entries',$entries); +$tmpl->assign('htaccessworking',$htaccessworking); $tmpl->assign('forms',array()); foreach($forms as $form){ $tmpl->append('forms',$form); diff --git a/settings/css/settings.css b/settings/css/settings.css index df1e3cfd3c2947bbf0f96d0a58213562d05c0c15..80e96df5e66d57b70e2ce820e1df46c47dc3111f 100644 --- a/settings/css/settings.css +++ b/settings/css/settings.css @@ -48,5 +48,8 @@ li.active { color:#000; } small.externalapp { color:#FFF; background-color:#BBB; font-weight:bold; font-size:6pt; padding:4px; border-radius: 4px;} span.version { margin-left:3em; color:#ddd; } -/* LOF */ +/* LOG */ #log { white-space:normal; } + +/* ADMIN */ +span.securitywarning {color:#C33; font-weight:bold; } diff --git a/settings/templates/admin.php b/settings/templates/admin.php old mode 100644 new mode 100755 index 38c6042c82ae68fa5022b0c6d75d3a4a452a7241..a9f727d6764b4b8f1aacced60ce6c995d5646bbc --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -6,6 +6,21 @@ $levels=array('Debug','Info','Warning','Error','Fatal'); ?> +<?php + +if(!$_['htaccessworking']) { +?> +<fieldset class="personalblock"> + <legend><strong><?php echo $l->t('Security Warning');?></strong></legend> + + <span class="securitywarning">Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.</span> + +</fieldset> +<?php +} +?> + + <?php foreach($_['forms'] as $form){ echo $form; };?>