Make uploading possible via select and cleanup CSS

apps/files/ajax/upload.php

@@ -161,6 +161,15 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) {
 			$resolution = null;
 		}
 
+		if(isset($_POST['dirToken'])) {
+			// If it is a read only share the resolution will always be autorename
+			$shareManager = \OC::$server->getShareManager();
+			$share = $shareManager->getShareByToken((string)$_POST['dirToken']);
+			if (!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+				$resolution = 'autorename';
+			}
+		}
+
 		// target directory for when uploading folders
 		$relativePath = '';
 		if(!empty($_POST['file_directory'])) {
@@ -247,6 +256,20 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) {
 }
 
 if ($error === false) {
+	// Do not leak file information if it is a read-only share
+	if(isset($_POST['dirToken'])) {
+		$shareManager = \OC::$server->getShareManager();
+		$share = $shareManager->getShareByToken((string)$_POST['dirToken']);
+		if (!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+			$newResults = [];
+			foreach($result as $singleResult) {
+				$fileName = $singleResult['originalname'];
+				$newResults['filename'] = $fileName;
+				$newResults['mimetype'] = \OC::$server->getMimeTypeDetector()->detectPath($fileName);
+			}
+			$result = $newResults;
+		}
+	}
 	OCP\JSON::encodedPrint($result);
 } else {
 	OCP\JSON::error(array(array('data' => array_merge(array('message' => $error, 'code' => $errorCode), $storageStats))));

apps/files_sharing/css/public.css

@@ -159,36 +159,63 @@ thead {
 	cursor: pointer;
 }
 
-#body-public #emptycontent h2 {
+
+
+#public-upload .avatardiv {
+	margin: 0 auto;
+}
+
+#public-upload #emptycontent h2 {
 	margin: 10px 0 5px 0;
 }
 
-#body-public #emptycontent h2+p {
+#public-upload #emptycontent h2+p {
 	margin-bottom: 30px;
 }
 
-#body-public #emptycontent .icon-folder {
+#public-upload #emptycontent .icon-folder {
 	height: 16px;
 	width: 16px;
 	background-size: 16px;
 	display: inline-block;
 	vertical-align: text-top;
 	margin-bottom: 0;
+	margin-right: 5px;
 	opacity: 1;
 }
 
-#body-public #emptycontent .button {
-	background-size: 32px;
-	height: 32px;
-	width: 32px;
-	background-position: 16px; 
+#public-upload #emptycontent .button {
+	background-size: 16px;
+	height: 16px;
+	width: 16px;
+	background-position: 16px;
 	opacity: .7;
 	font-size: 20px;
 	margin: 20px;
 	padding: 10px 20px;
-	padding-left: 64px;
+	padding-left: 42px;
+	font-weight: normal;
 }
 
-#body-public .avatardiv {
-	margin: 0 auto;
-}
+#public-upload #emptycontent ul {
+	width: 160px;
+	margin: 25px auto;
+	text-align: left;
+}
+
+#public-upload #emptycontent li {
+	overflow: hidden;
+	text-overflow: ellipsis;
+	white-space: nowrap;
+	padding: 7px 0;
+}
+
+#public-upload #emptycontent li img {
+	vertical-align: text-bottom;
+	margin-right: 5px;
+}
+
+#public-upload li span.icon-loading-small {
+	padding-left: 18px;
+	margin-right: 7px;
+}

apps/files_sharing/js/files_drop.js

@@ -15,24 +15,33 @@
 				// Prevent the default browser drop action:
 				e.preventDefault();
 			});
-			$('#publicUploadDiv').fileupload({
+			$('#public-upload').fileupload({
 				url: OC.linkTo('files', 'ajax/upload.php'),
 				dataType: 'json',
-				//maxFileSize: fileUploadContainer.data('maxupload'),
-				messages: {
-					maxFileSize: t('files_sharing', 'File is bigger than allowed.')
-				},
-				dropZone: $('#publicUploadDiv'),
+				dropZone: $('#public-upload'),
 				formData: {
 					dirToken: $('#sharingToken').val()
+				},
+				add: function(e, data) {
+					_.each(data['files'], function(file) {
+						$('#public-upload ul').append('<li data-name="'+escapeHTML(file.name)+'"><span class="icon-loading-small"></span> '+escapeHTML(file.name)+'</li>');
+					});
+					data.submit();
+				},
+				success: function (response) {
+					var mimeTypeUrl = OC.MimeType.getIconUrl(response['mimetype']);
+					$('#public-upload ul li[data-name="'+escapeHTML(response['filename'])+'"]').html('<img src="'+escapeHTML(mimeTypeUrl)+'"/> '+escapeHTML(response['filename']));
 				}
 			});
-
+			$('#public-upload .button.icon-upload').click(function(e) {
+				e.preventDefault();
+				$('#public-upload #emptycontent input').focus().trigger('click');
+			});
 		}
 	};
 
 	$(document).ready(function() {
-		if($('#uploadOnlyInterface').val() === "1") {
+		if($('#upload-only-interface').val() === "1") {
 			$('.avatardiv').avatar($('#sharingUserId').val(), 128, true);
 		}
 

apps/files_sharing/js/public.js

@@ -238,11 +238,6 @@ OCA.Sharing.PublicApp = {
 			$(this).select();
 		});
 
-		$(document).on('click', '.content-wrapper-upload', function (e) {
-			//e.preventDefault();
-			$('#file_upload_start').focus().trigger('click');
-		});
-
 		$('.save-form').submit(function (event) {
 			event.preventDefault();
 
@@ -307,9 +302,7 @@ OCA.Sharing.PublicApp = {
 				$('#save-button-confirm')
 				.removeClass("icon-loading-small")
 				.addClass("icon-confirm");
-
-			}
-			else {
+			} else {
 				$('#save-button-confirm')
 				.removeClass("icon-confirm")
 				.addClass("icon-loading-small");
@@ -319,7 +312,6 @@ OCA.Sharing.PublicApp = {
 
 		toggleLoading();
 		var location = window.location.protocol + '//' + window.location.host + OC.webroot;
-
 		if(remote.substr(-1) !== '/') {
 			remote += '/'
 		};

apps/files_sharing/templates/public.php

@@ -41,7 +41,9 @@ OCP\Util::addscript('files', 'keyboardshortcuts');
 <input type="hidden" name="mimetype" value="<?php p($_['mimetype']) ?>" id="mimetype">
 <input type="hidden" name="previewSupported" value="<?php p($_['previewSupported'] ? 'true' : 'false'); ?>" id="previewSupported">
 <input type="hidden" name="mimetypeIcon" value="<?php p(\OC::$server->getMimeTypeDetector()->mimeTypeIcon($_['mimetype'])); ?>" id="mimetypeIcon">
-<input type="hidden" name="filesize" value="<?php p($_['nonHumanFileSize']); ?>" id="filesize">
+<?php if (!isset($_['hideFileList']) || (isset($_['hideFileList']) && $_['hideFileList'] === false)): ?>
+	<input type="hidden" name="filesize" value="<?php p($_['nonHumanFileSize']); ?>" id="filesize">
+<?php endif; ?>
 <input type="hidden" name="maxSizeAnimateGif" value="<?php p($_['maxSizeAnimateGif']); ?>" id="maxSizeAnimateGif">
 
 
@@ -89,7 +91,7 @@ OCP\Util::addscript('files', 'keyboardshortcuts');
 		</div>
 	</div></header>
 <div id="content-wrapper" <?php if(isset($_['hideFileList']) && $_['hideFileList'] === true){ print_unescaped(" class=\"content-wrapper-upload\"");} ?>>
-		<?php if (!isset($_['hideFileList']) || (isset($_['hideFileList']) && $_['hideFileList'] === false)) { ?>
+	<?php if (!isset($_['hideFileList']) || (isset($_['hideFileList']) && $_['hideFileList'] === false)) { ?>
 		<div id="preview">
 			<?php if (isset($_['folder'])): ?>
 				<?php print_unescaped($_['folder']); ?>
@@ -117,13 +119,17 @@ OCP\Util::addscript('files', 'keyboardshortcuts');
 			<?php endif; ?>
 		</div>
 		<?php } else { ?>
-		<input type="hidden" id="uploadOnlyInterface" value="1"/>
-			<div id="publicUploadDiv">
+		<input type="hidden" id="upload-only-interface" value="1"/>
+			<div id="public-upload">
 				<div id="emptycontent" class="">
 					<div id="displayavatar"><div class="avatardiv"></div></div>
 					<h2><?php p($l->t('Upload files to %s', [$_['shareOwner']])) ?></h2>
 					<p><span class="icon-folder"></span> <?php p($_['filename']) ?></p>
+					<input type="file" name="files[]" class="hidden" multiple>
+
 					<a href="#" class="button icon-upload"><?php p($l->t('Select')) ?></a>
+					<ul>
+					</ul>
 				</div>
 			</div>
 		<?php } ?>