fix: update index.php

Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>

index.php

@@ -21,6 +21,7 @@
  *
  */
 
+
 class UpdateException extends \Exception {
 	protected $data;
 
@@ -47,7 +48,13 @@ public function accept(): bool {
 			'data',
 			'..',
 		];
-		return !(in_array($this->current()->getFilename(), $excludes, true) || $this->current()->isDir());
+
+		$current = $this->current();
+		if (!$current) {
+			return false;
+		}
+
+		return !(in_array($current->getFilename(), $excludes, true) || $current->isDir());
 	}
 }
 
@@ -465,7 +472,7 @@ public function createBackup() {
 		$this->silentLog('[info] end of createBackup()');
 	}
 
-	private function getChangelogURL($versionString) {
+	private function getChangelogURL(string $versionString) {
 		$this->silentLog('[info] getChangelogURL()');
 		$changelogWebsite = 'https://nextcloud.com/changelog/';
 		$changelogURL = $changelogWebsite . '#' . str_replace('.', '-', $versionString);
@@ -1436,10 +1443,6 @@ public function isAuthenticated() {
 
 $updater->log('[info] show HTML page');
 $updater->logVersion();
-$updaterUrl = explode('?', $_SERVER['REQUEST_URI'], 2)[0];
-if (strpos($updaterUrl, 'index.php') === false) {
-	$updaterUrl = rtrim($updaterUrl, '/') . '/index.php';
-}
 ?>
 
 <html>
@@ -1726,7 +1729,6 @@ public function isAuthenticated() {
 	<h1 class="header-appname">Updater</h1>
 </div>
 <input type="hidden" id="updater-access-key" value="<?php echo htmlentities($password) ?>"/>
-<input type="hidden" id="updater-endpoint" value="<?php echo htmlentities($updaterUrl) ?>"/>
 <input type="hidden" id="updater-step-start" value="<?php echo $stepNumber ?>" />
 <div id="content-wrapper">
 	<div id="content">
@@ -1825,17 +1827,17 @@ public function isAuthenticated() {
 				}?>">
 					<h2>Done</h2>
 					<div class="output hidden">
-						<a class="button" href="<?php echo htmlspecialchars(str_replace('/index.php', '/../', $updaterUrl), ENT_QUOTES); ?>">Go back to your Nextcloud instance to finish the update</a>
+						<a id="back-to-nextcloud" class="button">Go back to your Nextcloud instance to finish the update</a>
 					</div>
 				</li>
 			</ul>
-		<?php else : ?>
+		<?php else: ?>
 			<div id="login" class="section">
 				<h2>Authentication</h2>
 				<p>To login you need to provide the unhashed value of "updater.secret" in your config file.</p>
 				<p>If you don't know that value, you can access this updater directly via the Nextcloud admin screen or generate
 				your own secret:</p>
-				<code>php -r '$password = trim(shell_exec("openssl rand -base64 48")); if (strlen($password) === 64) {$hash = password_hash($password, PASSWORD_DEFAULT) . "\n"; echo "Insert as \"updater.secret\": ".$hash; echo "The plaintext value is: ".$password."\n";} else {echo "Could not execute OpenSSL.\n";};'</code>
+				<code>php -r '$password = trim(shell_exec("openssl rand -base64 48"));if(strlen($password) === 64) {$hash = password_hash($password, PASSWORD_DEFAULT) . "\n"; echo "Insert as \"updater.secret\": ".$hash; echo "The plaintext value is: ".$password."\n";}else{echo "Could not execute OpenSSL.\n";};'</code>
 				<form method="post" name="login">
 					<fieldset>
 						<input type="password" name="updater-secret-input" value=""
@@ -1854,9 +1856,15 @@ public function isAuthenticated() {
 </div>
 
 </body>
-
-<?php if ($auth->isAuthenticated()) : ?>
+<?php if ($auth->isAuthenticated()): ?>
 	<script>
+        var nextcloudUrl = window.location.href.replace('updater/', '').replace('index.php', '');
+
+        var backToButton = document.getElementById('back-to-nextcloud');
+        if (backToButton) {
+            backToButton.href = nextcloudUrl;
+        }
+
 		function escapeHTML(s) {
 			return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('>').join('&gt;').split('"').join('&quot;').split('\'').join('&#039;');
 		}
@@ -1924,7 +1932,7 @@ function waitingStep(id) {
 		function performStep(number, callback) {
 			started = true;
 			var httpRequest = new XMLHttpRequest();
-			httpRequest.open('POST', document.getElementById('updater-endpoint').value);
+			httpRequest.open('POST', window.location.href);
 			httpRequest.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
 			httpRequest.setRequestHeader('X-Updater-Auth', document.getElementById('updater-access-key').value);
 			httpRequest.onreadystatechange = function () {
@@ -2165,7 +2173,7 @@ function performStep(number, callback) {
 					el.classList.remove('hidden');
 
 					// above is the fallback if the Javascript redirect doesn't work
-					window.location.href = "<?php echo htmlspecialchars(str_replace('/index.php', '/../', $updaterUrl), ENT_QUOTES); ?>";
+					window.location.href = nextcloudUrl;
 				} else {
 					errorStep('step-done', 12);
 					var text = escapeHTML(response.response);
@@ -2243,3 +2251,4 @@ function confirmExit() {
 <?php endif; ?>
 
 </html>
+