diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2011-04-16 14:00:05 +0200 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2011-04-16 14:00:05 +0200 |
| commit | 1c3703477b2cd2b65b35773bbca2d653938f9556 (patch) | |
| tree | b7b268c657ae9e33f9783ba3e47916589602c136 | |
| parent | 627dc95d1949861dd1fe4dfa8bb8ff6ddaa9df5b (diff) | |
| parent | 9a575d1ded1c37fc13ba384cae39feded8af0ddb (diff) | |
| download | nextcloud-server-1c3703477b2cd2b65b35773bbca2d653938f9556.tar.gz nextcloud-server-1c3703477b2cd2b65b35773bbca2d653938f9556.zip | |
Merge branch 'refactoring' of git://anongit.kde.org/owncloud into refactoring
| -rw-r--r-- | index.php | 3 | ||||
| -rw-r--r-- | lib/ocs.php | 53 | ||||
| -rw-r--r-- | plugins/publiclink/db_structure.xml | 47 | ||||
| -rw-r--r-- | plugins/publiclink/getfile.php | 10 | ||||
| -rw-r--r-- | plugins/publiclink/lib_public.php | 77 | ||||
| -rw-r--r-- | plugins/publiclink/makelink.php | 13 | ||||
| -rwxr-xr-x | plugins/publiclink/plugin.xml | 17 |
7 files changed, 190 insertions, 30 deletions
diff --git a/index.php b/index.php index 2f56510bfbb..89c24cac52f 100644 --- a/index.php +++ b/index.php @@ -29,7 +29,8 @@ var_dump( $_SESSION ); if( OC_USER::isLoggedIn()){ if( $_GET["logout"] ){ OC_USER::logout(); - OC_TEMPLATE::printGuestPage( "", "logout" ); + header( "Location: $WEBROOT"); + exit(); } else{ header( "Location: ".OC_APPCONFIG::getValue( "core", "defaultpage", "files/index.php" )); diff --git a/lib/ocs.php b/lib/ocs.php index 2b1e706462a..4e9e6522e8b 100644 --- a/lib/ocs.php +++ b/lib/ocs.php @@ -400,16 +400,16 @@ class OC_OCS { * @return string xml/json */ private static function activityGet($format,$page,$pagesize) { - global $CONFIG_DBTABLEPREFIX; - $user=OC_OCS::checkpassword(); - - $result = OC_DB::query("select count(*) as co from {$CONFIG_DBTABLEPREFIX}log"); + + $query = OC_DB::prepare('select count(*) as co from *PREFIX*log'); + $result = $query->execute(); $entry=$result->fetchRow(); $totalcount=$entry['co']; - OC_DB::free_result($result); - - $result = OC_DB::select("select id,timestamp,user,type,message from {$CONFIG_DBTABLEPREFIX}log order by timestamp desc limit " . ($page*$pagesize) . ",$pagesize"); + + $query=OC_DB::prepare('select id,timestamp,user,type,message from *PREFIX*log order by timestamp desc limit ?,?'); + $result = $query->execute(array(($page*$pagesize),$pagesize))->fetchAll(); + $itemscount=count($result); $url='http://'.substr($_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'],0,-11).''; @@ -512,24 +512,24 @@ class OC_OCS { * @return array */ public static function getData($user,$app="",$key="",$like=false) { - global $CONFIG_DBTABLEPREFIX; - $user=OC_DB::escape($user); - $key=OC_DB::escape($key); - $app=OC_DB::escape($app); $key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy, needs to be replaced with a seperate user field the next time we break db compatibiliy $compareFunction=($like)?'LIKE':'='; if($app){ if (!trim($key)) { - $result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where app='$app' order by `timestamp` desc"); + $query = OC_DB::prepare('select app, `key`,value,`timestamp` from *PREFIX*privatedata where app=? order by `timestamp` desc'); + $result=$query->execute(array($app))->fetchAll(); } else { - $result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where app='$app' and `key` $compareFunction '$key' order by `timestamp` desc"); + $query = OC_DB::prepare("select app, `key`,value,`timestamp` from *PREFIX*privatedata where app=? and `key` $compareFunction ? order by `timestamp` desc"); + $result=$query->execute(array($app,$key))->fetchAll(); } }else{ if (!trim($key)) { - $result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata order by `timestamp` desc"); + $query = OC_DB::prepare('select app, `key`,value,`timestamp` from *PREFIX*privatedata order by `timestamp` desc'); + $result=$query->execute()->fetchAll(); } else { - $result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where `key` $compareFunction '$key' order by `timestamp` desc"); + $query = OC_DB::prepare("select app, `key`,value,`timestamp` from *PREFIX*privatedata where `key` $compareFunction ? order by `timestamp` desc"); + $result=$query->execute(array($key))->fetchAll(); } } $result=self::trimKeys($result,$user); @@ -545,20 +545,18 @@ class OC_OCS { * @return bool */ public static function setData($user, $app, $key, $value) { - global $CONFIG_DBTABLEPREFIX; - $app=OC_DB::escape($app); - $key=OC_DB::escape($key); - $user=OC_DB::escape($user); - $value=OC_DB::escape($value); $key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy - //TODO: prepared statements, locking tables, fancy stuff, error checking/handling - $result=OC_DB::select("select count(*) as co from {$CONFIG_DBTABLEPREFIX}privatedata where `key` = '$key' and app = '$app'"); + //TODO: locking tables, fancy stuff, error checking/handling + $query=OC_DB::prepare("select count(*) as co from *PREFIX*privatedata where `key` = ? and app = ?"); + $result=$query->execute(array($key,$app))->fetchAll(); $totalcount=$result[0]['co']; if ($totalcount != 0) { - $result = OC_DB::query("update {$CONFIG_DBTABLEPREFIX}privatedata set value='$value', `timestamp` = now() where `key` = '$key' and app = '$app'"); + $query=OC_DB::prepare("update *PREFIX*privatedata set value=?, `timestamp` = now() where `key` = ? and app = ?"); + } else { - $result = OC_DB::query("insert into {$CONFIG_DBTABLEPREFIX}privatedata(app, `key`, value, `timestamp`) values('$app', '$key', '$value', now())"); + $result = OC_DB::prepare("insert into *PREFIX*privatedata(value, `key`, app, `timestamp`) values(?, ?, ?, now())"); } + $result = $query->execute(array($value,$key,$app)); if (PEAR::isError($result)){ $entry='DB Error: "'.$result->getMessage().'"<br />'; error_log($entry); @@ -576,13 +574,10 @@ class OC_OCS { * @return string xml/json */ public static function deleteData($user, $app, $key) { - global $CONFIG_DBTABLEPREFIX; - $app=OC_DB::escape($app); - $key=OC_DB::escape($key); - $user=OC_DB::escape($user); $key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy //TODO: prepared statements, locking tables, fancy stuff, error checking/handling - $result = OC_DB::query("delete from {$CONFIG_DBTABLEPREFIX}privatedata where `key` = '$key' and app = '$app'"); + $query=OC_DB::prepare("delete from *PREFIX*privatedata where `key` = ? and app = ?"); + $result = $query->execute(array($key,$app)); if (PEAR::isError($result)){ $entry='DB Error: "'.$result->getMessage().'"<br />'; error_log($entry); diff --git a/plugins/publiclink/db_structure.xml b/plugins/publiclink/db_structure.xml new file mode 100644 index 00000000000..de63b03f445 --- /dev/null +++ b/plugins/publiclink/db_structure.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="ISO-8859-1" ?> +<database> + <name>*dbname*</name> + <create>true</create> + <overwrite>false</overwrite> + <charset>latin1</charset> + <table> + <name>*dbprefix*publiclink</name> + <declaration> + <field> + <name>token</name> + <type>text</type> + <default></default> + <notnull>true</notnull> + <length>40</length> + </field> + <field> + <name>path</name> + <type>text</type> + <default></default> + <notnull>true</notnull> + <length>128</length> + </field> + <field> + <name>user</name> + <type>text</type> + <default> + </default> + <notnull>true</notnull> + <length>64</length> + </field> + <field> + <name>expire_time</name> + <type>timestamp</type> + <notnull>true</notnull> + </field> + <index> + <name>token</name> + <unique>true</unique> + <field> + <name>token</name> + <sorting>ascending</sorting> + </field> + </index> + </declaration> + </table> +</database> diff --git a/plugins/publiclink/getfile.php b/plugins/publiclink/getfile.php new file mode 100644 index 00000000000..c579dc9246c --- /dev/null +++ b/plugins/publiclink/getfile.php @@ -0,0 +1,10 @@ +<?php +$RUNTIME_NOAPPS=true; //no need to load the apps + +require_once '../../lib/base.php'; + +require_once 'lib_public.php'; + +$token=$_GET['token']; +OC_PublicLink::downloadFile($token); +?>
\ No newline at end of file diff --git a/plugins/publiclink/lib_public.php b/plugins/publiclink/lib_public.php new file mode 100644 index 00000000000..494f84fdb7a --- /dev/null +++ b/plugins/publiclink/lib_public.php @@ -0,0 +1,77 @@ +<?php +class OC_PublicLink{ + /** + * create a new public link + * @param string path + * @param int (optional) expiretime time the link expires, as timestamp + */ + public function __construct($path,$expiretime=0){ + if($path && OC_FILESYSTEM::file_exists($path)){ + $token=sha1("$path-$expiretime"); + $user=$_SESSION['user_id']; + $query=OC_DB::prepare("INSERT INTO *PREFIX*publiclink VALUES(?,?,?,?)"); + $result=$query->execute(array($token,$path,$user,$expiretime)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"<br />'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'<br />'; + error_log( $entry ); + die( $entry ); + } + $this->token=$token; + } + } + + /** + * download a file shared by a public link + * @param string token + */ + public static function downloadFile($token){ + //remove expired links + $query=OC_DB::prepare("DELETE FROM *PREFIX*publiclink WHERE expire_time < NOW() AND expire_time!=0"); + $query->execute(); + + //get the path and the user + $query=OC_DB::prepare("SELECT user,path FROM *PREFIX*publiclink WHERE token=?"); + $result=$query->execute(array($token)); + $data=$result->fetchAll(); + if(count($data)>0){ + $path=$data[0]['path']; + $user=$data[0]['user']; + + //login + $_SESSION['user_id']=$user; + + //prepare the filesystem + OC_UTIL::setupFS(); + + //get time mimetype and set the headers + $mimetype=OC_FILESYSTEM::getMimeType($path); + // header('Content-Disposition: attachment; filename="'.basename($path).'"'); + header('Content-Transfer-Encoding: binary'); + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Pragma: public'); + header('Content-Type: ' . $mimetype); + header('Content-Length: ' . OC_FILESYSTEM::filesize($path)); + + //download the file + ob_clean(); + OC_FILESYSTEM::readfile($path); + }else{ + header("HTTP/1.0 404 Not Found"); + echo '404 Not Found'; + die(); + } + } + + /** + * get the token for the public link + * @return string + */ + public function getToken(){ + return $this->token; + } + + private $token; +} +?>
\ No newline at end of file diff --git a/plugins/publiclink/makelink.php b/plugins/publiclink/makelink.php new file mode 100644 index 00000000000..1de65e7ec6f --- /dev/null +++ b/plugins/publiclink/makelink.php @@ -0,0 +1,13 @@ +<?php +$RUNTIME_NOAPPS=true; //no need to load the apps + +require_once '../../lib/base.php'; + +require_once 'lib_public.php'; + +$path=$_GET['path']; +$expire=(isset($_GET['expire']))?$_GET['expire']:0; + +$link=new OC_PublicLink($path,$expire); +echo $link->getToken(); +?>
\ No newline at end of file diff --git a/plugins/publiclink/plugin.xml b/plugins/publiclink/plugin.xml new file mode 100755 index 00000000000..75abed6cf08 --- /dev/null +++ b/plugins/publiclink/plugin.xml @@ -0,0 +1,17 @@ +<?xml version="1.0"?> +<plugin version="1.0"> + <info> + <id>publiclink</id> + <name>Simple file sharing by creating a public link to a file</name> + <version>0.1</version> + <licence>AGPL</licence> + <author>Robin Appelman</author> + <require>1.1</require> + </info> + <runtime> + <include>lib_public.php</include> + </runtime> + <install> + <database>db_structure.xml</database> + </install> +</plugin> |