Permalink
Browse files

Track die() and exit() expressions

  • Loading branch information...
1 parent 355e7e7 commit b576e43cafc0c62398646757b1ade102b4e96197 @cdujeu cdujeu committed Jun 24, 2016
@@ -41,6 +41,10 @@
defined('AJXP_EXEC') or die( 'Access not allowed');
+/**
+ * Class AuthBackendBasic
+ * @package Pydio\Core\Http\Dav
+ */
class AuthBackendBasic extends Sabre\DAV\Auth\Backend\AbstractBasic
{
/**
@@ -61,18 +65,33 @@ public static function detectBasicHeader()
return (strpos(strtolower($value),'basic') ===0) ;
}
+ /**
+ * AuthBackendBasic constructor.
+ * @param ContextInterface $ctx
+ */
public function __construct(ContextInterface $ctx)
{
$this->context = $ctx;
}
+ /**
+ * @param string $username
+ * @param string $password
+ * @return bool|void
+ */
protected function validateUserPass($username, $password)
{
// Warning, this can only work if TRANSMIT_CLEAR_PASS is true;
return UsersService::checkPassword($username, $password, false, -1);
}
+ /**
+ * @param Sabre\DAV\Server $server
+ * @param string $realm
+ * @return bool
+ * @throws Sabre\DAV\Exception\NotAuthenticated
+ */
public function authenticate(Sabre\DAV\Server $server, $realm)
{
$auth = new Sabre\HTTP\BasicAuth();
@@ -27,6 +27,7 @@
use Pydio\Core\Services\RepositoryService;
use Pydio\Log\Core\Logger;
use Sabre\DAV as DAV;
+use Sabre\DAV\Exception\Forbidden;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -45,6 +46,7 @@ class DAVServer
/**
* @param $baseURI
* @param $davRoute
+ * @throws Forbidden
*/
public static function handleRoute($baseURI, $davRoute){
@@ -53,7 +55,7 @@ public static function handleRoute($baseURI, $davRoute){
self::$context = Context::emptyContext();
if (!ConfService::getGlobalConf("WEBDAV_ENABLE")) {
- die('You are not allowed to access this service');
+ throw new Forbidden('You are not allowed to access this service');
}
PluginsService::getInstance(self::$context)->initActivePlugins();
@@ -80,8 +82,7 @@ public static function handleRoute($baseURI, $davRoute){
}
}
if ($repository == null) {
- Logger::debug("not found, dying $repositoryId");
- die('You are not allowed to access this service');
+ throw new Forbidden('You are not allowed to access this service');
}
self::$context->setRepositoryId($repositoryId);
@@ -22,6 +22,7 @@
use Psr\Http\Message\UploadedFileInterface;
+use Pydio\Core\Exception\PydioException;
use Pydio\Core\Model\Context;
use Pydio\Core\Model\ContextInterface;
use Pydio\Core\Model\RepositoryInterface;
@@ -945,7 +946,7 @@ public static function updateI18nFromRef($filename, $reference)
* @param $outputArray
* @param $testedParams
* @param bool $showSkipLink
- * @return void
+ * @return string
*/
public static function testResultsToTable($outputArray, $testedParams, $showSkipLink = true)
{
@@ -975,8 +976,9 @@ public static function testResultsToTable($outputArray, $testedParams, $showSkip
if($result == "dump") $result = "passed";
$ALL_ROWS[$result][$item["name"]] = $item["info"];
}
-
+ ob_start();
include(AJXP_TESTS_FOLDER . "/startup.phtml");
+ return ob_get_flush();
}
/**
@@ -1650,7 +1652,7 @@ public static function runCreateTablesQuery($p, $file)
}
- /*
+ /**
* PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
* $algorithm - The hash algorithm to use. Recommended: SHA256
* $password - The password.
@@ -1664,15 +1666,23 @@ public static function runCreateTablesQuery($p, $file)
*
* This implementation of PBKDF2 was originally created by https://defuse.ca
* With improvements by http://www.variations-of-shadow.com
+ * @param $algorithm
+ * @param $password
+ * @param $salt
+ * @param $count
+ * @param $key_length
+ * @param bool $raw_output
+ * @return string
+ * @throws PydioException
*/
public static function pbkdf2_apply($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if(!in_array($algorithm, hash_algos(), true))
- die('PBKDF2 ERROR: Invalid hash algorithm.');
+ throw new PydioException('PBKDF2 ERROR: Invalid hash algorithm.');
if($count <= 0 || $key_length <= 0)
- die('PBKDF2 ERROR: Invalid parameters.');
+ throw new PydioException('PBKDF2 ERROR: Invalid parameters.');
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
@@ -1700,7 +1710,12 @@ public static function pbkdf2_apply($algorithm, $password, $salt, $count, $key_l
}
- // Compares two strings $a and $b in length-constant time.
+ /**
+ * Compares two strings $a and $b in length-constant time.
+ * @param $a
+ * @param $b
+ * @return bool
+ */
public static function pbkdf2_slow_equals($a, $b)
{
$diff = strlen($a) ^ strlen($b);
@@ -1711,6 +1726,12 @@ public static function pbkdf2_slow_equals($a, $b)
return $diff === 0;
}
+ /**
+ * @param $password
+ * @param $correct_hash
+ * @return bool
+ * @throws PydioException
+ */
public static function pbkdf2_validate_password($password, $correct_hash)
{
$params = explode(":", $correct_hash);
@@ -1737,6 +1758,11 @@ public static function pbkdf2_validate_password($password, $correct_hash)
}
+ /**
+ * @param $password
+ * @return string
+ * @throws PydioException
+ */
public static function pbkdf2_create_hash($password)
{
// format: algorithm:iterations:salt:hash
@@ -439,7 +439,7 @@ public function switchAction($action, $httpVars, $fileVars, ContextInterface $ct
XMLWriter::close();
}
$this->closeDbLink($link);
- exit(1);
+ return null;
break;
}
@@ -160,7 +160,6 @@ public function switchAction($action, $httpVars, $filesVars, \Pydio\Core\Model\C
header("Content-Length: ".filesize($file));
header('Cache-Control: public');
readfile($file);
- exit(1);
} else if ($action == "delete_imagick_data" && !$selection->isEmpty()) {
/*
@@ -36,6 +36,7 @@
use Pydio\Core\Controller\HTMLWriter;
use Pydio\Core\PluginFramework\Plugin;
use Pydio\Core\PluginFramework\PluginsService;
+use Zend\Diactoros\Response\HtmlResponse;
use Zend\Diactoros\Response\JsonResponse;
defined('AJXP_EXEC') or die( 'Access not allowed');
@@ -116,8 +117,9 @@ public function getBootGui(ServerRequestInterface &$request, ResponseInterface &
$testedParams = array();
$passed = Utils::runTests($outputArray, $testedParams);
if (!$passed && !isset($httpVars["ignore_tests"])) {
- Utils::testResultsToTable($outputArray, $testedParams);
- die();
+ $html = Utils::testResultsToTable($outputArray, $testedParams);
+ $response = new HtmlResponse($html);
+ return;
} else {
Utils::testResultsToFile($outputArray, $testedParams);
}
@@ -539,8 +539,7 @@ public function xmlListLogFiles($nodeName = "file", $year = null, $month = null,
}
}
} catch (DibiException $e) {
- echo get_class($e), ': ', $e->getMessage(), "\n";
- exit(1);
+ throw $e;
}
if ($print) {
@@ -231,7 +231,7 @@ public function switchAction($actionName, $httpVars, $filesVars, ContextInterfac
$realFile = escapeshellarg($realFile);
$revision = escapeshellarg($revision);
system( (SVNLIB_PATH!=""?SVNLIB_PATH."/":"") ."svn cat -r$revision $realFile");
- exit(0);
+ return;
} else if ($actionName == "revert_file") {
$revision = escapeshellarg($httpVars["revision"]);
@@ -77,8 +77,8 @@ public function preProcess(\Psr\Http\Message\ServerRequestInterface &$request, \
if ($request->getAttribute("action") == "upload" &&
($loggedUser == null || !$loggedUser->canWrite($ctx->getRepositoryId().""))
&& isSet($request->getUploadedFiles()['Filedata'])) {
- header('HTTP/1.0 ' . '410 Not authorized');
- die('Error 410 Not authorized!');
+ $response = $response->withStatus(410, "Not authorized");
+ return;
}
}
@@ -28,6 +28,7 @@
use Pydio\Core\Controller\XMLWriter;
use Pydio\Core\PluginFramework\Plugin;
use Pydio\Core\Utils\TextEncoder;
+use Zend\Diactoros\Response\TextResponse;
defined('AJXP_EXEC') or die( 'Access not allowed');
@@ -92,7 +93,7 @@ public function preProcess(\Psr\Http\Message\ServerRequestInterface &$request, \
// Checking headers
if (isSet($serverData['HTTP_X_FILE_SIZE'])) {
if ($serverData['CONTENT_LENGTH'] != $serverData['HTTP_X_FILE_SIZE']) {
- exit('Warning, wrong headers');
+ $response = new TextResponse("Warning, wrong headers");
}
}
Oops, something went wrong.

0 comments on commit b576e43

Please sign in to comment.