Refactor OC_Request into TrustedDomainHelper and IRequest

This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed. This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions. Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though. Fixes #13976 which was requested in #13973 (comment)
owncloud · Feb 11, 2015 · 45294d6 · 45294d6
1 parent 9baf7a0
commit 45294d6
Show file tree

Hide file tree

Showing 37 changed files with 1,493 additions and 819 deletions.
diff --git a/lib/base.php b/lib/base.php
@@ -100,7 +100,7 @@ public static function initPaths() {
 		OC_Config::$object = new \OC\Config(self::$configDir);
 
 		OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT)));
-		$scriptName = OC_Request::scriptName();
+		$scriptName = $_SERVER['SCRIPT_NAME'];
 		if (substr($scriptName, -1) == '/') {
 			$scriptName .= 'index.php';
 			//make sure suburi follows the same rules as scriptName
@@ -230,6 +230,8 @@ public static function checkInstalled() {
 	}
 
 	public static function checkSSL() {
+		$request = \OC::$server->getRequest();
+
 		// redirect to https site if configured
 		if (\OC::$server->getSystemConfig()->getValue('forcessl', false)) {
 			// Default HSTS policy
@@ -241,14 +243,15 @@ public static function checkSSL() {
 			}
 			header($header);
 			ini_set('session.cookie_secure', 'on');
-			if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) {
-				$url = 'https://' . OC_Request::serverHost() . OC_Request::requestUri();
+
+			if ($request->getServerProtocol() <> 'https' && !OC::$CLI) {
+				$url = 'https://' . $request->getServerHost() . $request->getRequestUri();
 				header("Location: $url");
 				exit();
 			}
 		} else {
 			// Invalidate HSTS headers
-			if (OC_Request::serverProtocol() === 'https') {
+			if ($request->getServerProtocol() === 'https') {
 				header('Strict-Transport-Security: max-age=0');
 			}
 		}
@@ -609,18 +612,20 @@ public static function init() {
 			return;
 		}
 
-		$host = OC_Request::insecureServerHost();
+		$trustedDomainHelper = new \OC\Security\TrustedDomainHelper(\OC::$server->getConfig());
+		$request = \OC::$server->getRequest();
+		$host = $request->getInsecureServerHost();
 		// if the host passed in headers isn't trusted
 		if (!OC::$CLI
 			// overwritehost is always trusted
-			&& OC_Request::getOverwriteHost() === null
-			&& !OC_Request::isTrustedDomain($host)
+			&& $request->getOverwriteHost() === null
+			&& !$trustedDomainHelper->isTrustedDomain($host)
 		) {
 			header('HTTP/1.1 400 Bad Request');
 			header('Status: 400 Bad Request');
 
 			$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
-			$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
+			$tmpl->assign('domain', $request->server['SERVER_NAME']);
 			$tmpl->printPage();
 
 			exit();
@@ -716,6 +721,7 @@ protected static function registerAutoloaderCache() {
 	 * Handle the request
 	 */
 	public static function handleRequest() {
+
 		\OC::$server->getEventLogger()->start('handle_request', 'Handle request');
 		$systemConfig = \OC::$server->getSystemConfig();
 		// load all the classpaths from the enabled apps so they are available
@@ -730,7 +736,7 @@ public static function handleRequest() {
 			exit();
 		}
 
-		$request = OC_Request::getPathInfo();
+		$request = \OC::$server->getRequest()->getPathInfo();
 		if (substr($request, -3) !== '.js') { // we need these files during the upgrade
 			self::checkMaintenanceMode();
 			self::checkUpgrade();
@@ -760,7 +766,7 @@ public static function handleRequest() {
 				}
 				self::checkSingleUserMode();
 				OC_Util::setupFS();
-				OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
+				OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
 				return;
 			} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
 				//header('HTTP/1.0 404 Not Found');
@@ -891,7 +897,7 @@ protected static function tryApacheAuth() {
 
 		// if return is true we are logged in -> redirect to the default page
 		if ($return === true) {
-			$_REQUEST['redirect_url'] = \OC_Request::requestUri();
+			$_REQUEST['redirect_url'] = \OC::$server->getRequest()->getRequestUri();
 			OC_Util::redirectToDefaultPage();
 			exit;
 		}

diff --git a/lib/private/app.php b/lib/private/app.php
@@ -679,10 +679,11 @@ public static function getNavigation() {
 	 * @return string
 	 */
 	public static function getCurrentApp() {
-		$script = substr(OC_Request::scriptName(), strlen(OC::$WEBROOT) + 1);
+		$request = \OC::$server->getRequest();
+		$script = substr($request->getScriptName(), strlen(OC::$WEBROOT) + 1);
 		$topFolder = substr($script, 0, strpos($script, '/'));
 		if (empty($topFolder)) {
-			$path_info = OC_Request::getPathInfo();
+			$path_info = $request->getPathInfo();
 			if ($path_info) {
 				$topFolder = substr($path_info, 1, strpos($path_info, '/', 1) - 1);
 			}