diff options
| author | Robin Appelman <icewind@owncloud.com> | 2012-02-05 01:22:29 +0100 |
|---|---|---|
| committer | Robin Appelman <icewind@owncloud.com> | 2012-02-05 01:22:29 +0100 |
| commit | 36bc1a210233ed66ddbc6d5c3b4588b22d24d181 (patch) | |
| tree | 5363ab70404bc35cc44de7f9e697f0bf3efd98c4 | |
| parent | 05d76dcd6768dc0b1417916cd24aa10d84c6eeb0 (diff) | |
| parent | 493ba20734484a29f4cfde5ebbcae06794ea78b9 (diff) | |
| download | nextcloud-server-36bc1a210233ed66ddbc6d5c3b4588b22d24d181.tar.gz nextcloud-server-36bc1a210233ed66ddbc6d5c3b4588b22d24d181.zip | |
Merge branch 'master' into filesystem
25 files changed, 195 insertions, 66 deletions
@@ -3,7 +3,7 @@ A personal cloud which runs on your own server. http://ownCloud.org -Installation instructions: http://owncloud.org/support +Installation instructions: http://owncloud.org/support/setup-and-installation/ Source code: http://gitorious.org/owncloud Mailing list: http://mail.kde.org/mailman/listinfo/owncloud diff --git a/apps/bookmarks/js/bookmarks.js b/apps/bookmarks/js/bookmarks.js index b43c3deb59c..77f767cdb81 100644 --- a/apps/bookmarks/js/bookmarks.js +++ b/apps/bookmarks/js/bookmarks.js @@ -137,7 +137,7 @@ function showBookmark(event) { $('.bookmarks_add').slideToggle(); } $('html, body').animate({ - scrollTop: $('.bookmarks_menu').offset().top + scrollTop: ($('.bookmarks_menu'))?$('.bookmarks_menu').offset().top:0 }, 500); } diff --git a/apps/calendar/ajax/createcalendar.php b/apps/calendar/ajax/createcalendar.php index b719b207c74..8d7b12f9b89 100644 --- a/apps/calendar/ajax/createcalendar.php +++ b/apps/calendar/ajax/createcalendar.php @@ -25,7 +25,7 @@ foreach($calendars as $cal){ } $userid = OC_User::getUser(); -$calendarid = OC_Calendar_Calendar::addCalendar($userid, $_POST['name'], 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']); +$calendarid = OC_Calendar_Calendar::addCalendar($userid, strip_tags($_POST['name']), 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']); OC_Calendar_Calendar::setCalendarActive($calendarid, 1); $calendar = OC_Calendar_Calendar::find($calendarid); diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php index 998991c2fb4..75fac6838d7 100644 --- a/apps/calendar/ajax/events.php +++ b/apps/calendar/ajax/events.php @@ -11,8 +11,8 @@ require_once('../../../3rdparty/when/When.php'); function addoutput($event, $vevent, $return_event){ $return_event['id'] = (int)$event['id']; - $return_event['title'] = $event['summary']; - $return_event['description'] = isset($vevent->DESCRIPTION)?$vevent->DESCRIPTION->value:''; + $return_event['title'] = htmlspecialchars($event['summary']); + $return_event['description'] = isset($vevent->DESCRIPTION)?htmlspecialchars($vevent->DESCRIPTION->value):''; $last_modified = $vevent->__get('LAST-MODIFIED'); if ($last_modified){ $lastmodified = $last_modified->getDateTime()->format('U'); diff --git a/apps/calendar/ajax/updatecalendar.php b/apps/calendar/ajax/updatecalendar.php index 269b7b7ca06..5add6d92bfa 100644 --- a/apps/calendar/ajax/updatecalendar.php +++ b/apps/calendar/ajax/updatecalendar.php @@ -26,7 +26,7 @@ foreach($calendars as $cal){ $calendarid = $_POST['id']; $calendar = OC_Calendar_App::getCalendar($calendarid);//access check -OC_Calendar_Calendar::editCalendar($calendarid, $_POST['name'], null, null, null, $_POST['color']); +OC_Calendar_Calendar::editCalendar($calendarid, strip_tags($_POST['name']), null, null, null, $_POST['color']); OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']); $calendar = OC_Calendar_App::getCalendar($calendarid); diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js index afd1b692dd4..64c029404cb 100644 --- a/apps/calendar/js/calendar.js +++ b/apps/calendar/js/calendar.js @@ -698,6 +698,7 @@ $(document).ready(function(){ eventDrop: Calendar.UI.moveEvent, eventResize: Calendar.UI.resizeEvent, eventRender: function(event, element) { + element.find('span.fc-event-title').html(element.find('span.fc-event-title').text()); element.tipsy({ className: 'tipsy-event', opacity: 0.9, diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php index 1f2073f4bc7..49214aca77c 100644 --- a/apps/calendar/templates/part.eventform.php +++ b/apps/calendar/templates/part.eventform.php @@ -2,7 +2,7 @@ <tr> <th width="75px"><?php echo $l->t("Title");?>:</th> <td> - <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? $_['title'] : '' ?>" maxlength="100" name="title"/> + <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>" maxlength="100" name="title"/> </td> </tr> </table> @@ -207,7 +207,7 @@ <tr> <th width="85px"><?php echo $l->t("Location");?>:</th> <td> - <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? $_['location'] : '' ?>" maxlength="100" name="location" /> + <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>" maxlength="100" name="location" /> </td> </tr> </table> @@ -215,7 +215,7 @@ <tr> <th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th> <td> - <textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? $_['description'] : '' ?></textarea> + <textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea> </td> </tr> </table> diff --git a/apps/calendar/templates/settings.php b/apps/calendar/templates/settings.php index fc8e0e061d9..e174378d02d 100644 --- a/apps/calendar/templates/settings.php +++ b/apps/calendar/templates/settings.php @@ -9,6 +9,7 @@ ?> <form id="calendar"> <fieldset class="personalblock"> + <strong><?php echo $l->t('Calendar'); ?></strong> <table class="nostyle"> <tr><td><label for="timezone" class="bold"><?php echo $l->t('Timezone');?></label></td><td><select style="display: none;" id="timezone" name="timezone"> <?php diff --git a/apps/contacts/ajax/addcard.php b/apps/contacts/ajax/addcard.php index 140d6a48095..f15a1685840 100644 --- a/apps/contacts/ajax/addcard.php +++ b/apps/contacts/ajax/addcard.php @@ -77,7 +77,7 @@ foreach( $add as $propname){ ksort($value); // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form! $value = OC_VObject::escapeSemicolons($value); } - $vcard->addProperty($propname, $value); //, $prop_parameters); + $vcard->addProperty($propname, strip_tags($value)); //, $prop_parameters); $line = count($vcard->children) - 1; foreach ($prop_parameters as $key=>$element) { if(is_array($element) && strtoupper($key) == 'TYPE') { diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php index c90af217c87..a00346c7dff 100644 --- a/apps/contacts/ajax/addproperty.php +++ b/apps/contacts/ajax/addproperty.php @@ -67,6 +67,8 @@ foreach($current as $item) { if(is_array($value)) { ksort($value); // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form! +} else { + $value = strip_tags($value); } $property = $vcard->addProperty($name, $value); //, $parameters); diff --git a/apps/contacts/ajax/createaddressbook.php b/apps/contacts/ajax/createaddressbook.php index edcf794f497..3d766b6a60a 100644 --- a/apps/contacts/ajax/createaddressbook.php +++ b/apps/contacts/ajax/createaddressbook.php @@ -15,7 +15,7 @@ OC_JSON::checkLoggedIn(); OC_JSON::checkAppEnabled('contacts'); $userid = OC_User::getUser(); -$bookid = OC_Contacts_Addressbook::add($userid, $_POST['name'], null); +$bookid = OC_Contacts_Addressbook::add($userid, strip_tags($_POST['name']), null); if(!$bookid) { OC_JSON::error(array('data' => array('message' => $l->t('Error adding addressbook.')))); OC_Log::write('contacts','ajax/createaddressbook.php: Error adding addressbook: '.$_POST['name'], OC_Log::ERROR); diff --git a/apps/contacts/ajax/setproperty.php b/apps/contacts/ajax/setproperty.php index cf3fe582247..f9e2a8e8647 100644 --- a/apps/contacts/ajax/setproperty.php +++ b/apps/contacts/ajax/setproperty.php @@ -37,9 +37,13 @@ $line = OC_Contacts_App::getPropertyLineByChecksum($vcard, $checksum); $value = $_POST['value']; if(is_array($value)){ ksort($value); // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form! + foreach(array_keys($value) as $key) { + OC_Log::write('contacts','ajax/setproperty.php: setting: '.$key.': '.$value[$key], OC_Log::DEBUG); + } + $value = OC_VObject::escapeSemicolons($value); } OC_Log::write('contacts','ajax/setproperty.php: setting: '.$vcard->children[$line]->name.': '.$value, OC_Log::DEBUG); -$vcard->children[$line]->setValue($value); +$vcard->children[$line]->setValue(strip_tags($value)); // Add parameters $postparameters = isset($_POST['parameters'])?$_POST['parameters']:array(); diff --git a/apps/contacts/templates/part.chooseaddressbook.rowfields.php b/apps/contacts/templates/part.chooseaddressbook.rowfields.php index 0cbfe2bf803..95a4b2362aa 100644 --- a/apps/contacts/templates/part.chooseaddressbook.rowfields.php +++ b/apps/contacts/templates/part.chooseaddressbook.rowfields.php @@ -1,5 +1,5 @@ <?php // FIXME: Make this readable. echo "<td width=\"20px\"><input id=\"active_" . $_['addressbook']["id"] . "\" type=\"checkbox\" onClick=\"Contacts.UI.Addressbooks.activation(this, " . $_['addressbook']["id"] . ")\"" . (OC_Contacts_Addressbook::isActive($_['addressbook']["id"]) ? ' checked="checked"' : '') . "></td>"; - echo "<td><label for=\"active_" . $_['addressbook']["id"] . "\">" . $_['addressbook']["displayname"] . "</label></td>"; + echo "<td><label for=\"active_" . $_['addressbook']["id"] . "\">" . htmlspecialchars($_['addressbook']["displayname"]) . "</label></td>"; echo "<td width=\"20px\"><a href=\"#\" onclick=\"Contacts.UI.showCardDAVUrl('" . OC_User::getUser() . "', '" . $_['addressbook']["uri"] . "');\" title=\"" . $l->t("CardDav Link") . "\" class=\"action\"><img class=\"svg action\" src=\"../../core/img/actions/public.svg\"></a></td><td width=\"20px\"><a href=\"export.php?bookid=" . $_['addressbook']["id"] . "\" title=\"" . $l->t("Download") . "\" class=\"action\"><img class=\"svg action\" src=\"../../core/img/actions/download.svg\"></a></td><td width=\"20px\"><a href=\"#\" title=\"" . $l->t("Edit") . "\" class=\"action\" onclick=\"Contacts.UI.Addressbooks.editAddressbook(this, " . $_['addressbook']["id"] . ");\"><img class=\"svg action\" src=\"../../core/img/actions/rename.svg\"></a></td><td width=\"20px\"><a href=\"#\" onclick=\"Contacts.UI.Addressbooks.deleteAddressbook('" . $_['addressbook']["id"] . "');\" title=\"" . $l->t("Delete") . "\" class=\"action\"><img class=\"svg action\" src=\"../../core/img/actions/delete.svg\"></a></td>"; diff --git a/apps/contacts/templates/part.editaddressbook.php b/apps/contacts/templates/part.editaddressbook.php index 48fe5c3b378..c1c585687c4 100644 --- a/apps/contacts/templates/part.editaddressbook.php +++ b/apps/contacts/templates/part.editaddressbook.php @@ -11,7 +11,7 @@ <tr> <th><?php echo $l->t('Displayname') ?></th> <td> - <input id="displayname_<?php echo $_['addressbook']['id'] ?>" type="text" value="<?php echo $_['addressbook']['displayname'] ?>"> + <input id="displayname_<?php echo $_['addressbook']['id'] ?>" type="text" value="<?php echo htmlspecialchars($_['addressbook']['displayname']) ?>"> </td> </tr> <?php if (!$_['new']): ?> diff --git a/apps/contacts/templates/part.property.FN.php b/apps/contacts/templates/part.property.FN.php index 83cef94e303..c9e21c20e60 100644 --- a/apps/contacts/templates/part.property.FN.php +++ b/apps/contacts/templates/part.property.FN.php @@ -1,9 +1,9 @@ <p id="contacts_details_name" class="contacts_property" data-checksum="<?php echo $_['property']['checksum']; ?>"> - <?php echo $_['property']['value']; ?> + <?php echo htmlspecialchars($_['property']['value']); ?> <span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span> </p> <?php if (!isset($_['details'])): ?> <script> -$('#leftcontent li.active a').text('<?php echo $_['property']['value']; ?>'); +$('#leftcontent li.active a').text('<?php echo htmlspecialchars($_['property']['value']); ?>'); </script> <?php endif ?> diff --git a/apps/contacts/templates/part.property.php b/apps/contacts/templates/part.property.php index e4010397500..7b23fae45b5 100644 --- a/apps/contacts/templates/part.property.php +++ b/apps/contacts/templates/part.property.php @@ -8,21 +8,21 @@ <?php elseif($_['property']['name'] == 'ORG'): ?> <p class="contacts_property_name"><?php echo $l->t('Organization'); ?></p> <p class="contacts_property_data"> - <?php echo $_['property']['value']; ?> + <?php echo htmlspecialchars($_['property']['value']); ?> <span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span> <span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span> </p> <?php elseif($_['property']['name'] == 'EMAIL'): ?> <p class="contacts_property_name"><?php echo $l->t('Email'); ?></p> <p class="contacts_property_data"> - <?php echo $_['property']['value']; ?> + <?php echo htmlspecialchars($_['property']['value']); ?> <span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span> <span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span> </p> <?php elseif($_['property']['name'] == 'TEL'): ?> <p class="contacts_property_name"><?php echo (isset($_['property']['parameters']['PREF']) && $_['property']['parameters']['PREF']) ? $l->t('Preferred').' ' : '' ?><?php echo $l->t('Phone'); ?></p> <p class="contacts_property_data"> - <?php echo $_['property']['value']; ?> + <?php echo htmlspecialchars($_['property']['value']); ?> <?php if(isset($_['property']['parameters']['TYPE']) && !empty($_['property']['parameters']['TYPE'])): ?> <?php foreach($_['property']['parameters']['TYPE'] as $type) { @@ -59,25 +59,25 @@ </p> <p class="contacts_property_data"> <?php if(!empty($_['property']['value'][0])): ?> - <?php echo $_['property']['value'][0]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][0]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][1])): ?> - <?php echo $_['property']['value'][1]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][1]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][2])): ?> - <?php echo $_['property']['value'][2]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][2]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][3])): ?> - <?php echo $_['property']['value'][3]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][3]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][4])): ?> - <?php echo $_['property']['value'][4]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][4]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][5])): ?> - <?php echo $_['property']['value'][5]; ?><br> + <?php echo htmlspecialchars($_['property']['value'][5]); ?><br> <?php endif; ?> <?php if(!empty($_['property']['value'][6])): ?> - <?php echo $_['property']['value'][6]; ?> + <?php echo htmlspecialchars($_['property']['value'][6]); ?> <?php endif; ?> <span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span> <span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span> diff --git a/apps/contacts/templates/part.setpropertyform.php b/apps/contacts/templates/part.setpropertyform.php index 49fa9662146..93ade8faaa7 100644 --- a/apps/contacts/templates/part.setpropertyform.php +++ b/apps/contacts/templates/part.setpropertyform.php @@ -5,18 +5,18 @@ <p class="contacts_property_name"> <dl class="contacts_property_data form"> <dt><label for="n1"><?php echo $l->t('Given name'); ?></label></dt> - <dd><input id="n1" type="text" name="value[1]" value="<?php echo $_['property']['value'][1]; ?>"></dd> + <dd><input id="n1" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]); ?>"></dd> <dt><label for="n0"><?php echo $l->t('Family name'); ?></dt> - <dd><input id="n0" type="text" name="value[0]" value="<?php echo $_['property']['value'][0]; ?>"></dd> + <dd><input id="n0" type="text" name="value[0]" value="<?php echo htmlspecialchars($_['property']['value'][0]); ?>"></dd> <dt><label for="n2"><?php echo $l->t('Additional names'); ?></dt> - <dd><input id="n2" type="text" name="value[2]" value="<?php echo $_['property']['value'][2]; ?>"> - <input id="n3" type="hidden" name="value[3]" value="<?php echo $_['property']['value'][3]; ?>"> - <input id="n4" type="hidden" name="value[4]" value="<?php echo $_['property']['value'][4]; ?>"> + <dd><input id="n2" type="text" name="value[2]" value="<?php echo htmlspecialchars($_['property']['value'][2]); ?>"> + <input id="n3" type="hidden" name="value[3]" value="<?php echo htmlspecialchars($_['property']['value'][3]); ?>"> + <input id="n4" type="hidden" name="value[4]" value="<?php echo htmlspecialchars($_['property']['value'][4]); ?>"> </dd> </dl> </p> <?php elseif($_['property']['name']=='FN'): ?> - <p class="contacts_property_data"><input id="fn" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p> + <p class="contacts_property_data"><input id="fn" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p> <?php elseif($_['property']['name']=='ADR'): ?> <p class="contacts_property_name"><label for="adr_pobox"><?php echo $l->t('Address'); ?></label></p> <dl class="contacts_property_data form" id="contacts_addresspart"> @@ -32,60 +32,60 @@ <label for="adr_pobox"><?php echo $l->t('PO Box'); ?></label> </dt> <dd> - <input id="adr_pobox" type="text" name="value[0]" value="<?php echo $_['property']['value'][0] ?>"> + <input id="adr_pobox" type="text" name="value[0]" value="<?php echo htmlspecialchars($_['property']['value'][0]) ?>"> </dd> <!-- dt> <label for="adr_extended"><?php echo $l->t('Extended'); ?></label> </dt> <dd> - <input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo $_['property']['value'][1] ?>"> + <input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]) ?>"> </dd --> <dt> <label for="adr_street"><?php echo $l->t('Street'); ?></label> </dt> <dd> - <input style="width: 12em;" id="adr_street" type="text" name="value[2]" value="<?php echo $_['property']['value'][2] ?>"> - <label for="adr_extended"><?php echo $l->t('Extended'); ?></label><input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo $_['property']['value'][1] ?>"> + <input style="width: 12em;" id="adr_street" type="text" name="value[2]" value="<?php echo htmlspecialchars($_['property']['value'][2]) ?>"> + <label for="adr_extended"><?php echo $l->t('Extended'); ?></label><input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]) ?>"> </dd> <dt> <label for="adr_city"><?php echo $l->t('City'); ?></label> </dt> <dd> - <input style="width: 12em;" id="adr_city" type="text" name="value[3]" value="<?php echo $_['property']['value'][3] ?>"> + <input style="width: 12em;" id="adr_city" type="text" name="value[3]" value="<?php echo htmlspecialchars($_['property']['value'][3]) ?>"> <label for="adr_zipcode"><?php echo $l->t('Zipcode'); ?></label> - <input style="width: 5em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo $_['property']['value'][5] ?>"> + <input style="width: 5em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo htmlspecialchars($_['property']['value'][5]) ?>"> </dd> <dt> <label for="adr_region"><?php echo $l->t('Region'); ?></label> </dt> <dd> - <input id="adr_region" type="text" name="value[4]" value="<?php echo $_['property']['value'][4] ?>"> + <input id="adr_region" type="text" name="value[4]" value="<?php echo htmlspecialchars($_['property']['value'][4]) ?>"> </dd> <!-- dt> <label for="adr_zipcode"><?php echo $l->t('Zipcode'); ?></label> </dt> <dd> - <input style="width: 7em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo $_['property']['value'][5] ?>"> + <input style="width: 7em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo htmlspecialchars($_['property']['value'][5]) ?>"> </dd --> <dt> <label for="adr_country"><?php echo $l->t('Country'); ?></label> </dt> <dd> - <input style="width: 25em;" id="adr_country" type="text" name="value[6]" value="<?php echo $_['property']['value'][6] ?>"> + <input style="width: 25em;" id="adr_country" type="text" name="value[6]" value="<?php echo htmlspecialchars($_['property']['value'][6]) ?>"> </dd> </dl> <?php elseif($_['property']['name']=='TEL'): ?> <p class="contacts_property_name"><label for="tel"><?php echo $l->t('Phone'); ?></label></p> - <p class="contacts_property_data"><input id="tel" type="phone" name="value" value="<?php echo $_['property']['value'] ?>"> + <p class="contacts_property_data"><input id="tel" type="phone" name="value" value="<?php echo htmlspecialchars($_['property']['value']) ?>"> <select id="tel_type<?php echo $_['property']['checksum'] ?>" name="parameters[TYPE][]" multiple="multiple" data-placeholder="<?php echo $l->t('Type') ?>"> <?php echo html_select_options($_['phone_types'], isset($_['property']['parameters']['TYPE'])?$_['property']['parameters']['TYPE']:array()) ?> </select></p> <?php elseif($_['property']['name']=='EMAIL'): ?> <p class="contacts_property_name"><label for="email"><?php echo $l->t('Email'); ?></label></p> - <p class="contacts_property_data"><input id="email" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p> + <p class="contacts_property_data"><input id="email" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p> <?php elseif($_['property']['name']=='ORG'): ?> <p class="contacts_property_name"><label for="org"><?php echo $l->t('Organization'); ?></label></p> - <p class="contacts_property_data"><input id="org" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p> + <p class="contacts_property_data"><input id="org" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p> <?php endif; ?> <input id="contacts_setproperty_button" type="submit" value="<?php echo $l->t('Update'); ?>"> </form> diff --git a/apps/gallery/ajax/galleryOp.php b/apps/gallery/ajax/galleryOp.php index 0c2674f8859..f819d87f666 100644 --- a/apps/gallery/ajax/galleryOp.php +++ b/apps/gallery/ajax/galleryOp.php @@ -54,9 +54,11 @@ function handleGalleryScanning() { OC_JSON::success(array('albums' => OC_Gallery_Scanner::scan('/'))); } -function handleFilescan() { +function handleFilescan($cleanup) { OC_JSON::checkLoggedIn(); - $pathlist = OC_Gallery_Scanner::find_paths('/'); + if ($cleanup) OC_Gallery_Album::cleanup(); + $root = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'root', '').'/'; + $pathlist = OC_Gallery_Scanner::find_paths($root); sort($pathlist); OC_JSON::success(array('paths' => $pathlist)); } @@ -72,6 +74,25 @@ function handlePartialCreate($path) { OC_JSON::success(array('album_details' => $albums)); } +function handleStoreSettings($root, $order) { + OC_JSON::checkLoggedIn(); + if (!OC_Filesystem::file_exists($root)) { + OC_JSON::error(array('cause' => 'No such file or directory')); + return; + } + if (!OC_Filesystem::is_dir($root)) { + OC_JSON::error(array('cause' => $root . ' is not a directory')); + return; + } + + $current_root = OC_Preferences::getValue(OC_User::getUser(),'gallery', 'root', '/'); + $root = trim(rtrim($root, '/')); + $rescan = $current_root==$root?'no':'yes'; + OC_Preferences::setValue(OC_User::getUser(), 'gallery', 'root', $root); + OC_Preferences::setValue(OC_User::getUser(), 'gallery', 'order', $order); + OC_JSON::success(array('rescan' => $rescan)); +} + if ($_GET['operation']) { switch($_GET['operation']) { case 'rename': @@ -83,16 +104,19 @@ if ($_GET['operation']) { OC_JSON::success(); break; case 'get_covers': - handleGetThumbnails($_GET['albumname']); + handleGetThumbnails(urldecode($_GET['albumname'])); break; case 'scan': handleGalleryScanning(); break; case 'filescan': - handleFilescan(); + handleFilescan($_GET['cleanup']); break; case 'partial_create': - handlePartialCreate($_GET['path']); + handlePartialCreate(urldecode($_GET['path'])); + break; + case 'store_settings': + handleStoreSettings($_GET['root'], $_GET['order']); break; default: OC_JSON::error(array('cause' => 'Unknown operation')); diff --git a/apps/gallery/css/styles.css b/apps/gallery/css/styles.css index 7872b6445ca..c039cd5ec02 100644 --- a/apps/gallery/css/styles.css +++ b/apps/gallery/css/styles.css @@ -12,3 +12,6 @@ div.gallery_control_overlay a { color:white; } #gallery_images.rightcontent { padding:10px 5px; bottom: 0px; overflow: auto; right:0px} #scan { position:absolute; right:13.5em; top:0em; } #scan #scanprogressbar { position:relative; display:inline-block; width:10em; height:1.5em; top:.4em; } +#g-settings {position: absolute; left 13.5em; top: 0;} +input[type=button] { -webkit-transition: opacity 0.5s ease-in-out; -moz-transition: opacity 0.5s ease-in-out; -o-transition: opacity 0.5s ease-in-out; opacity: 1} +input[type=button]:disabled { opacity: 0.5 } diff --git a/apps/gallery/js/album_cover.js b/apps/gallery/js/album_cover.js index e78db221cff..4ddac2f2111 100644 --- a/apps/gallery/js/album_cover.js +++ b/apps/gallery/js/album_cover.js @@ -38,10 +38,12 @@ function createNewAlbum() { var albumCounter = 0; var totalAlbums = 0; -function scanForAlbums() { +function scanForAlbums(cleanup) { + cleanup = cleanup?true:false; var albumCounter = 0; var totalAlbums = 0; - $.getJSON('ajax/galleryOp.php?operation=filescan', function(r) { + $('#g-scan-button').attr('disabled', 'true'); + $.getJSON('ajax/galleryOp.php?operation=filescan', {cleanup: cleanup}, function(r) { if (r.status == 'success') { totalAlbums = r.paths.length; @@ -68,6 +70,7 @@ function scanForAlbums() { } else { alert('Error occured: no such layer `gallery_list`'); } + $('#g-scan-button').attr('disabled', null); } }); } @@ -125,13 +128,13 @@ function galleryRename(name) { $(this).dialog("close"); return; } - $.getJSON("ajax/galleryOp.php", {operation: "rename", oldname: name, newname: newname}, function(r) { + $.getJSON('ajax/galleryOp.php', {operation: 'rename', oldname: name, newname: newname}, function(r) { if (r.status == "success") { Albums.rename($(".gallery_album_box").filterAttr('data-album',name), newname); } else { alert("Error: " + r.cause); } - $('#dialog-form').dialog("close"); + $('#dialog-form').dialog('close'); }); } @@ -139,10 +142,49 @@ function galleryRename(name) { { text: t('gallery', 'Cancel'), click: function() { - $( this ).dialog( "close" ); + $( this ).dialog('close'); } } ], }); } +function settings() { + $( '#g-dialog-settings' ).dialog({ + height: 180, + width: 350, + modal: false, + buttons: [{ + text: t('gallery', 'Apply'), + click: function() { + var scanning_root = $('#g-scanning-root').val(); + var disp_order = $('#g-display-order option:selected').val(); + if (scanning_root == '') { + alert('Scanning root cannot be empty'); + return; + } + $.getJSON('ajax/galleryOp.php', {operation: 'store_settings', root: scanning_root, order: disp_order}, function(r) { + if (r.status == 'success') { + if (r.rescan == 'yes') { + $('#g-dialog-settings').dialog('close'); + Albums.clear(document.getElementById('gallery_list')); + scanForAlbums(true); + return; + } + } else { + alert('Error: ' + r.cause); + return; + } + $('#g-dialog-settings').dialog('close'); + }); + } + }, + { + text: t('gallery', 'Cancel'), + click: function() { + $(this).dialog('close'); + } + } + ], + }); +} diff --git a/apps/gallery/js/albums.js b/apps/gallery/js/albums.js index d2b4d858b55..987412f28e0 100644 --- a/apps/gallery/js/albums.js +++ b/apps/gallery/js/albums.js @@ -52,14 +52,14 @@ Albums={ }); $(".gallery_album_decoration a.remove", local).bind('click', {name: a.name},function(event){ event.preventDefault(); - galleryRemove(a.data.name); + galleryRemove(event.data.name); }); - $("a.view", local).attr('href','?view='+a.name); + $("a.view", local).attr('href','?view='+escape(a.name)); $('h1',local).text(a.name); $(".gallery_album_cover", local).attr('title',a.name); $(".gallery_album_cover", local).css('background-repeat', 'no-repeat'); $(".gallery_album_cover", local).css('background-position', '0'); - $(".gallery_album_cover", local).css('background-image','url("ajax/galleryOp.php?operation=get_covers&albumname='+a.name+'")'); + $(".gallery_album_cover", local).css('background-image','url("ajax/galleryOp.php?operation=get_covers&albumname='+escape(a.name)+'")'); $(".gallery_album_cover", local).mousemove(function(e) { var albumMetadata = Albums.find(this.title); @@ -80,6 +80,10 @@ Albums={ $("a.view", element).attr("href", "?view="+new_name); $("h1", element).text(new_name); } + }, + clear: function(element) { + Albums.albums = new Array(); + element.innerHTML = ''; } } diff --git a/apps/gallery/lib/album.php b/apps/gallery/lib/album.php index 4eb12cc0b81..d1405333ac7 100644 --- a/apps/gallery/lib/album.php +++ b/apps/gallery/lib/album.php @@ -31,6 +31,14 @@ class OC_Gallery_Album { $stmt = OC_DB::prepare('UPDATE *PREFIX*gallery_albums SET album_name=? WHERE uid_owner=? AND album_name=?'); $stmt->execute(array($newname, $owner, $oldname)); } + + public static function cleanup() { + $albums = self::find(OC_User::getUser()); + while ($r = $albums->fetchRow()) { + OC_Gallery_Photo::removeByAlbumId($r['album_id']); + self::remove(OC_User::getUser(), $r['album_name']); + } + } public static function remove($owner, $name=null) { $sql = 'DELETE FROM *PREFIX*gallery_albums WHERE uid_owner = ?'; @@ -69,7 +77,8 @@ class OC_Gallery_Album { $sql .= ' AND album_path = ?'; $args[] = $path; } - $sql .= ' ORDER BY album_name ASC'; + $order = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'order', 'ASC'); + $sql .= ' ORDER BY album_name ' . $order; $stmt = OC_DB::prepare($sql); return $stmt->execute($args); diff --git a/apps/gallery/lib/hooks_handlers.php b/apps/gallery/lib/hooks_handlers.php index 236a4b96a07..046866e5c5d 100644 --- a/apps/gallery/lib/hooks_handlers.php +++ b/apps/gallery/lib/hooks_handlers.php @@ -58,12 +58,18 @@ class OC_Gallery_Hooks_Handlers { return OC_Gallery_Album::find(OC_User::getUser(), null, $path); } + public static function pathInRoot($path) { + $root = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'root', '/'); + return substr($path, 0, strlen($path)>strlen($root)?strlen($root):strlen($path)) == $root; + } + public static function addPhotoFromPath($params) { $fullpath = $params[OC_Filesystem::signal_param_path]; if (!self::isPhoto($fullpath)) return; $path = substr($fullpath, 0, strrpos($fullpath, '/')); + if (!self::pathInRoot($path)) return; OC_Gallery_Scanner::scanDir($path, $albums); } @@ -71,8 +77,8 @@ class OC_Gallery_Hooks_Handlers { public static function removePhoto($params) { $path = $params[OC_Filesystem::signal_param_path]; if (OC_Filesystem::is_dir($path) && self::directoryContainsPhotos($path)) { - OC_Gallery_Album::removeByPath($path, OC_User::getUser()); - OC_Gallery_Photo::removeByPath($path.'/%'); + if(!self::pathInRoot($path)) return; + OC_Gallery_Album::removeByPath($path.'/', OC_User::getUser()); } elseif (self::isPhoto($path)) { OC_Gallery_Photo::removeByPath($path); } diff --git a/apps/gallery/lib/scanner.php b/apps/gallery/lib/scanner.php index dfb9edebfea..3aae94d1a4f 100644 --- a/apps/gallery/lib/scanner.php +++ b/apps/gallery/lib/scanner.php @@ -39,12 +39,19 @@ class OC_Gallery_Scanner { $stmt->execute(array()); } + public static function createName($name) { + $root = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'root', '/'); + $name = str_replace('/', '.', str_replace(OC::$CONFIG_DATADIRECTORY, '', $name)); + if (substr($name, 0, strlen($root)) == str_replace('/','.',$root)) { + $name = substr($name, strlen($root)); + } + $name = ($name==='.') ? 'main' : trim($name,'.'); + return $name; + } + public static function scanDir($path, &$albums) { $current_album = array('name'=> $path, 'imagesCount' => 0, 'images' => array()); - $current_album['name'] = str_replace('/', '.', str_replace(OC::$CONFIG_DATADIRECTORY, '', $current_album['name'])); - $current_album['name'] = ($current_album['name']==='.') ? - 'main' : - trim($current_album['name'],'.'); + $current_album['name'] = self::createName($current_album['name']); if ($dh = OC_Filesystem::opendir($path)) { while (($filename = readdir($dh)) !== false) { @@ -106,7 +113,7 @@ class OC_Gallery_Scanner { if (self::isPhoto($path.$file)) $addpath = TRUE; } - if ($addpath) $ret[] = $path; + if ($addpath) $ret[] = urlencode($path); return $ret; } diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php index 4c2fbcfe6c6..7cc7dad3ac6 100644 --- a/apps/gallery/templates/index.php +++ b/apps/gallery/templates/index.php @@ -9,7 +9,10 @@ $l = new OC_L10N('gallery'); <div id="controls"> <div id="scan"> <div id="scanprogressbar"></div> - <input type="button" value="<?php echo $l->t('Rescan');?>" onclick="javascript:scanForAlbums();" /> + <input type="button" id="g-scan-button" value="<?php echo $l->t('Rescan');?>" onclick="javascript:scanForAlbums();" /> + </div> + <div id="g-settings"> + <input type="button" id="g-settings-button" value="<?php echo $l->t('Settings');?>" onclick="javascript:settings();"/> </div> </div> <div id="gallery_list"> @@ -28,3 +31,26 @@ $l = new OC_L10N('gallery'); </form> </div> +<div id="g-dialog-settings" title="<?php echo $l->t('Settings');?>" style="display:none"> + <form> + <fieldset><?php $root = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'root', '/'); $order = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'order', 'ASC');?> + <label for="name"><?php echo $l->t('Scanning root');?></label> + <input type="text" name="g-scanning-root" id="g-scanning-root" class="text ui-widget-content ui-corner-all" value="<?php echo $root;?>" /><br/> + + <label for="sort"><?php echo $l->t('Default sorting'); ?></label> + <select id="g-display-order"> + <option value="ASC"<?php echo $order=='ASC'?'selected':'';?>><?php echo $l->t('Ascending'); ?></option> + <option value="DESC"<?php echo $order=='DESC'?'selected':'';?>><?php echo $l->t('Descending'); ?></option> + </select><br/> +<!-- + <label for="sort"><?php echo $l->t('Thumbnails size'); ?></label> + <select> + <option value="100">100px</option> + <option value="150">150px</option> + <option value="200">200px</option> + </select> + --> + </fieldset> + </form> +</div> + |