Track die() and exit() expressions

core/src/core/src/pydio/Core/Http/Dav/AuthBackendBasic.php

@@ -41,6 +41,10 @@
 defined('AJXP_EXEC') or die( 'Access not allowed');
 
 
+/**
+ * Class AuthBackendBasic
+ * @package Pydio\Core\Http\Dav
+ */
 class AuthBackendBasic extends Sabre\DAV\Auth\Backend\AbstractBasic
 {
     /**
@@ -61,18 +65,33 @@ public static function detectBasicHeader()
         return  (strpos(strtolower($value),'basic') ===0) ;
     }
 
+    /**
+     * AuthBackendBasic constructor.
+     * @param ContextInterface $ctx
+     */
     public function __construct(ContextInterface $ctx)
     {
         $this->context = $ctx;
     }
 
 
+    /**
+     * @param string $username
+     * @param string $password
+     * @return bool|void
+     */
     protected function validateUserPass($username, $password)
     {
         // Warning, this can only work if TRANSMIT_CLEAR_PASS is true;
         return UsersService::checkPassword($username, $password, false, -1);
     }
 
+    /**
+     * @param Sabre\DAV\Server $server
+     * @param string $realm
+     * @return bool
+     * @throws Sabre\DAV\Exception\NotAuthenticated
+     */
     public function authenticate(Sabre\DAV\Server $server, $realm)
     {
         $auth = new Sabre\HTTP\BasicAuth();

core/src/core/src/pydio/Core/Http/Dav/DAVServer.php

@@ -27,6 +27,7 @@
 use Pydio\Core\Services\RepositoryService;
 use Pydio\Log\Core\Logger;
 use Sabre\DAV as DAV;
+use Sabre\DAV\Exception\Forbidden;
 
 defined('AJXP_EXEC') or die('Access not allowed');
 
@@ -45,6 +46,7 @@ class DAVServer
     /**
      * @param $baseURI
      * @param $davRoute
+     * @throws Forbidden
      */
     public static function handleRoute($baseURI, $davRoute){
 
@@ -53,7 +55,7 @@ public static function handleRoute($baseURI, $davRoute){
         self::$context = Context::emptyContext();
 
         if (!ConfService::getGlobalConf("WEBDAV_ENABLE")) {
-            die('You are not allowed to access this service');
+            throw new Forbidden('You are not allowed to access this service');
         }
 
         PluginsService::getInstance(self::$context)->initActivePlugins();
@@ -80,8 +82,7 @@ public static function handleRoute($baseURI, $davRoute){
                 }
             }
             if ($repository == null) {
-                Logger::debug("not found, dying $repositoryId");
-                die('You are not allowed to access this service');
+                throw new Forbidden('You are not allowed to access this service');
             }
 
             self::$context->setRepositoryId($repositoryId);

core/src/core/src/pydio/Core/Utils/Utils.php

@@ -22,6 +22,7 @@
 
 use Psr\Http\Message\UploadedFileInterface;
 
+use Pydio\Core\Exception\PydioException;
 use Pydio\Core\Model\Context;
 use Pydio\Core\Model\ContextInterface;
 use Pydio\Core\Model\RepositoryInterface;
@@ -945,7 +946,7 @@ public static function updateI18nFromRef($filename, $reference)
      * @param $outputArray
      * @param $testedParams
      * @param bool $showSkipLink
-     * @return void
+     * @return string
      */
     public static function testResultsToTable($outputArray, $testedParams, $showSkipLink = true)
     {
@@ -975,8 +976,9 @@ public static function testResultsToTable($outputArray, $testedParams, $showSkip
             if($result == "dump") $result = "passed";
             $ALL_ROWS[$result][$item["name"]] = $item["info"];
         }
-
+        ob_start();
         include(AJXP_TESTS_FOLDER . "/startup.phtml");
+        return ob_get_flush();
     }
 
     /**
@@ -1650,7 +1652,7 @@ public static function runCreateTablesQuery($p, $file)
     }
 
 
-    /*
+    /**
      * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
      * $algorithm - The hash algorithm to use. Recommended: SHA256
      * $password - The password.
@@ -1664,15 +1666,23 @@ public static function runCreateTablesQuery($p, $file)
      *
      * This implementation of PBKDF2 was originally created by https://defuse.ca
      * With improvements by http://www.variations-of-shadow.com
+     * @param $algorithm
+     * @param $password
+     * @param $salt
+     * @param $count
+     * @param $key_length
+     * @param bool $raw_output
+     * @return string
+     * @throws PydioException
      */
     public static function pbkdf2_apply($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
     {
         $algorithm = strtolower($algorithm);
 
         if(!in_array($algorithm, hash_algos(), true))
-            die('PBKDF2 ERROR: Invalid hash algorithm.');
+            throw new PydioException('PBKDF2 ERROR: Invalid hash algorithm.');
         if($count <= 0 || $key_length <= 0)
-            die('PBKDF2 ERROR: Invalid parameters.');
+            throw new PydioException('PBKDF2 ERROR: Invalid parameters.');
 
         $hash_length = strlen(hash($algorithm, "", true));
         $block_count = ceil($key_length / $hash_length);
@@ -1700,7 +1710,12 @@ public static function pbkdf2_apply($algorithm, $password, $salt, $count, $key_l
     }
 
 
-    // Compares two strings $a and $b in length-constant time.
+    /**
+     * Compares two strings $a and $b in length-constant time.
+     * @param $a
+     * @param $b
+     * @return bool
+     */
     public static function pbkdf2_slow_equals($a, $b)
     {
         $diff = strlen($a) ^ strlen($b);
@@ -1711,6 +1726,12 @@ public static function pbkdf2_slow_equals($a, $b)
         return $diff === 0;
     }
 
+    /**
+     * @param $password
+     * @param $correct_hash
+     * @return bool
+     * @throws PydioException
+     */
     public static function pbkdf2_validate_password($password, $correct_hash)
     {
         $params = explode(":", $correct_hash);
@@ -1737,6 +1758,11 @@ public static function pbkdf2_validate_password($password, $correct_hash)
     }
 
 
+    /**
+     * @param $password
+     * @return string
+     * @throws PydioException
+     */
     public static function pbkdf2_create_hash($password)
     {
         // format: algorithm:iterations:salt:hash

core/src/plugins/access.mysql/MysqlAccessDriver.php

@@ -439,7 +439,7 @@ public function switchAction($action, $httpVars, $fileVars, ContextInterface $ct
                     XMLWriter::close();
                 }
                 $this->closeDbLink($link);
-                exit(1);
+                return null;
 
             break;
         }

core/src/plugins/editor.imagick/IMagickPreviewer.php

@@ -160,7 +160,6 @@ public function switchAction($action, $httpVars, $filesVars, \Pydio\Core\Model\C
             header("Content-Length: ".filesize($file));
             header('Cache-Control: public');
             readfile($file);
-            exit(1);
 
         } else if ($action == "delete_imagick_data" && !$selection->isEmpty()) {
             /*

core/src/plugins/gui.ajax/RichClient.php

@@ -36,6 +36,7 @@
 use Pydio\Core\Controller\HTMLWriter;
 use Pydio\Core\PluginFramework\Plugin;
 use Pydio\Core\PluginFramework\PluginsService;
+use Zend\Diactoros\Response\HtmlResponse;
 use Zend\Diactoros\Response\JsonResponse;
 
 defined('AJXP_EXEC') or die( 'Access not allowed');
@@ -116,8 +117,9 @@ public function getBootGui(ServerRequestInterface &$request, ResponseInterface &
             $testedParams = array();
             $passed = Utils::runTests($outputArray, $testedParams);
             if (!$passed && !isset($httpVars["ignore_tests"])) {
-                Utils::testResultsToTable($outputArray, $testedParams);
-                die();
+                $html = Utils::testResultsToTable($outputArray, $testedParams);
+                $response = new HtmlResponse($html);
+                return;
             } else {
                 Utils::testResultsToFile($outputArray, $testedParams);
             }

core/src/plugins/log.sql/SqlLogDriver.php

@@ -539,8 +539,7 @@ public function xmlListLogFiles($nodeName = "file", $year = null, $month = null,
                 }
             }
         } catch (DibiException $e) {
-            echo get_class($e), ': ', $e->getMessage(), "\n";
-            exit(1);
+            throw $e;
         }
 
         if ($print) {

core/src/plugins/meta.svn/SvnManager.php

@@ -231,7 +231,7 @@ public function switchAction($actionName, $httpVars, $filesVars, ContextInterfac
             $realFile = escapeshellarg($realFile);
             $revision = escapeshellarg($revision);
             system( (SVNLIB_PATH!=""?SVNLIB_PATH."/":"") ."svn cat -r$revision $realFile");
-            exit(0);
+            return;
         } else if ($actionName == "revert_file") {
 
             $revision = escapeshellarg($httpVars["revision"]);

core/src/plugins/uploader.flex/FlexUpload.php

@@ -77,8 +77,8 @@ public function preProcess(\Psr\Http\Message\ServerRequestInterface &$request, \
             if ($request->getAttribute("action") == "upload" &&
                 ($loggedUser == null || !$loggedUser->canWrite($ctx->getRepositoryId().""))
                 && isSet($request->getUploadedFiles()['Filedata'])) {
-                header('HTTP/1.0 ' . '410 Not authorized');
-                die('Error 410 Not authorized!');
+                $response = $response->withStatus(410, "Not authorized");
+                return;
             }
         }
 

core/src/plugins/uploader.html/SimpleUpload.php

@@ -28,6 +28,7 @@
 use Pydio\Core\Controller\XMLWriter;
 use Pydio\Core\PluginFramework\Plugin;
 use Pydio\Core\Utils\TextEncoder;
+use Zend\Diactoros\Response\TextResponse;
 
 defined('AJXP_EXEC') or die( 'Access not allowed');
 
@@ -92,7 +93,7 @@ public function preProcess(\Psr\Http\Message\ServerRequestInterface &$request, \
             // Checking headers
             if (isSet($serverData['HTTP_X_FILE_SIZE'])) {
                 if ($serverData['CONTENT_LENGTH'] != $serverData['HTTP_X_FILE_SIZE']) {
-                    exit('Warning, wrong headers');
+                    $response = new TextResponse("Warning, wrong headers");
                 }
             }