diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-06-10 18:38:01 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-06-10 18:38:01 +0200 |
| commit | ef1b04619daa7b72ca1a8427702bd3552b848e6c (patch) | |
| tree | db3f22c8bd0e5cfb3fec2cda403fcaa20fe38214 | |
| parent | c83f418a024190fc7683b45a1009f01f2d039a17 (diff) | |
| parent | c11f6cc3f9121fbb337c248807b802c72b18087b (diff) | |
| download | nextcloud-server-ef1b04619daa7b72ca1a8427702bd3552b848e6c.tar.gz nextcloud-server-ef1b04619daa7b72ca1a8427702bd3552b848e6c.zip | |
fix merge conflicts
61 files changed, 1513 insertions, 100 deletions
diff --git a/3rdparty/Dropbox/API.php b/3rdparty/Dropbox/API.php new file mode 100644 index 00000000000..cff6c35c7fb --- /dev/null +++ b/3rdparty/Dropbox/API.php @@ -0,0 +1,380 @@ +<?php
+
+/**
+ * Dropbox API class
+ *
+ * @package Dropbox
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+class Dropbox_API {
+
+ /**
+ * Sandbox root-path
+ */
+ const ROOT_SANDBOX = 'sandbox';
+
+ /**
+ * Dropbox root-path
+ */
+ const ROOT_DROPBOX = 'dropbox';
+
+ /**
+ * API URl
+ */
+ protected $api_url = 'https://api.dropbox.com/1/';
+
+ /**
+ * Content API URl
+ */
+ protected $api_content_url = 'https://api-content.dropbox.com/1/';
+
+ /**
+ * OAuth object
+ *
+ * @var Dropbox_OAuth
+ */
+ protected $oauth;
+
+ /**
+ * Default root-path, this will most likely be 'sandbox' or 'dropbox'
+ *
+ * @var string
+ */
+ protected $root;
+ protected $useSSL;
+
+ /**
+ * Constructor
+ *
+ * @param Dropbox_OAuth Dropbox_Auth object
+ * @param string $root default root path (sandbox or dropbox)
+ */
+ public function __construct(Dropbox_OAuth $oauth, $root = self::ROOT_DROPBOX, $useSSL = true) {
+
+ $this->oauth = $oauth;
+ $this->root = $root;
+ $this->useSSL = $useSSL;
+ if (!$this->useSSL)
+ {
+ throw new Dropbox_Exception('Dropbox REST API now requires that all requests use SSL');
+ }
+
+ }
+
+ /**
+ * Returns information about the current dropbox account
+ *
+ * @return stdclass
+ */
+ public function getAccountInfo() {
+
+ $data = $this->oauth->fetch($this->api_url . 'account/info');
+ return json_decode($data['body'],true);
+
+ }
+
+ /**
+ * Returns a file's contents
+ *
+ * @param string $path path
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @return string
+ */
+ public function getFile($path = '', $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+ $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+ $result = $this->oauth->fetch($this->api_content_url . 'files/' . $root . '/' . ltrim($path,'/'));
+ return $result['body'];
+
+ }
+
+ /**
+ * Uploads a new file
+ *
+ * @param string $path Target path (including filename)
+ * @param string $file Either a path to a file or a stream resource
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @return bool
+ */
+ public function putFile($path, $file, $root = null) {
+
+ $directory = dirname($path);
+ $filename = basename($path);
+
+ if($directory==='.') $directory = '';
+ $directory = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($directory));
+// $filename = str_replace('~', '%7E', rawurlencode($filename));
+ if (is_null($root)) $root = $this->root;
+
+ if (is_string($file)) {
+
+ $file = fopen($file,'rb');
+
+ } elseif (!is_resource($file)) {
+ throw new Dropbox_Exception('File must be a file-resource or a string');
+ }
+ $result=$this->multipartFetch($this->api_content_url . 'files/' .
+ $root . '/' . trim($directory,'/'), $file, $filename);
+
+ if(!isset($result["httpStatus"]) || $result["httpStatus"] != 200)
+ throw new Dropbox_Exception("Uploading file to Dropbox failed");
+
+ return true;
+ }
+
+
+ /**
+ * Copies a file or directory from one location to another
+ *
+ * This method returns the file information of the newly created file.
+ *
+ * @param string $from source path
+ * @param string $to destination path
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @return stdclass
+ */
+ public function copy($from, $to, $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+ $response = $this->oauth->fetch($this->api_url . 'fileops/copy', array('from_path' => $from, 'to_path' => $to, 'root' => $root));
+
+ return json_decode($response['body'],true);
+
+ }
+
+ /**
+ * Creates a new folder
+ *
+ * This method returns the information from the newly created directory
+ *
+ * @param string $path
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @return stdclass
+ */
+ public function createFolder($path, $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+
+ // Making sure the path starts with a /
+// $path = '/' . ltrim($path,'/');
+
+ $response = $this->oauth->fetch($this->api_url . 'fileops/create_folder', array('path' => $path, 'root' => $root),'POST');
+ return json_decode($response['body'],true);
+
+ }
+
+ /**
+ * Deletes a file or folder.
+ *
+ * This method will return the metadata information from the deleted file or folder, if successful.
+ *
+ * @param string $path Path to new folder
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @return array
+ */
+ public function delete($path, $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+ $response = $this->oauth->fetch($this->api_url . 'fileops/delete', array('path' => $path, 'root' => $root));
+ return json_decode($response['body']);
+
+ }
+
+ /**
+ * Moves a file or directory to a new location
+ *
+ * This method returns the information from the newly created directory
+ *
+ * @param mixed $from Source path
+ * @param mixed $to destination path
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @return stdclass
+ */
+ public function move($from, $to, $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+ $response = $this->oauth->fetch($this->api_url . 'fileops/move', array('from_path' => rawurldecode($from), 'to_path' => rawurldecode($to), 'root' => $root));
+
+ return json_decode($response['body'],true);
+
+ }
+
+ /**
+ * Returns file and directory information
+ *
+ * @param string $path Path to receive information from
+ * @param bool $list When set to true, this method returns information from all files in a directory. When set to false it will only return infromation from the specified directory.
+ * @param string $hash If a hash is supplied, this method simply returns true if nothing has changed since the last request. Good for caching.
+ * @param int $fileLimit Maximum number of file-information to receive
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @return array|true
+ */
+ public function getMetaData($path, $list = true, $hash = null, $fileLimit = null, $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+
+ $args = array(
+ 'list' => $list,
+ );
+
+ if (!is_null($hash)) $args['hash'] = $hash;
+ if (!is_null($fileLimit)) $args['file_limit'] = $fileLimit;
+
+ $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+ $response = $this->oauth->fetch($this->api_url . 'metadata/' . $root . '/' . ltrim($path,'/'), $args);
+
+ /* 304 is not modified */
+ if ($response['httpStatus']==304) {
+ return true;
+ } else {
+ return json_decode($response['body'],true);
+ }
+
+ }
+
+ /**
+ * A way of letting you keep up with changes to files and folders in a user's Dropbox. You can periodically call /delta to get a list of "delta entries", which are instructions on how to update your local state to match the server's state.
+ *
+ * This method returns the information from the newly created directory
+ *
+ * @param string $cursor A string that is used to keep track of your current state. On the next call pass in this value to return delta entries that have been recorded since the cursor was returned.
+ * @return stdclass
+ */
+ public function delta($cursor) {
+
+ $arg['cursor'] = $cursor;
+
+ $response = $this->oauth->fetch($this->api_url . 'delta', $arg, 'POST');
+ return json_decode($response['body'],true);
+
+ }
+
+ /**
+ * Returns a thumbnail (as a string) for a file path.
+ *
+ * @param string $path Path to file
+ * @param string $size small, medium or large
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @return string
+ */
+ public function getThumbnail($path, $size = 'small', $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+ $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+ $response = $this->oauth->fetch($this->api_content_url . 'thumbnails/' . $root . '/' . ltrim($path,'/'),array('size' => $size));
+
+ return $response['body'];
+
+ }
+
+ /**
+ * This method is used to generate multipart POST requests for file upload
+ *
+ * @param string $uri
+ * @param array $arguments
+ * @return bool
+ */
+ protected function multipartFetch($uri, $file, $filename) {
+
+ /* random string */
+ $boundary = 'R50hrfBj5JYyfR3vF3wR96GPCC9Fd2q2pVMERvEaOE3D8LZTgLLbRpNwXek3';
+
+ $headers = array(
+ 'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
+ );
+
+ $body="--" . $boundary . "\r\n";
+ $body.="Content-Disposition: form-data; name=file; filename=".rawurldecode($filename)."\r\n";
+ $body.="Content-type: application/octet-stream\r\n";
+ $body.="\r\n";
+ $body.=stream_get_contents($file);
+ $body.="\r\n";
+ $body.="--" . $boundary . "--";
+
+ // Dropbox requires the filename to also be part of the regular arguments, so it becomes
+ // part of the signature.
+ $uri.='?file=' . $filename;
+
+ return $this->oauth->fetch($uri, $body, 'POST', $headers);
+
+ }
+
+
+ /**
+ * Search
+ *
+ * Returns metadata for all files and folders that match the search query.
+ *
+ * @added by: diszo.sasil
+ *
+ * @param string $query
+ * @param string $root Use this to override the default root path (sandbox/dropbox)
+ * @param string $path
+ * @return array
+ */
+ public function search($query = '', $root = null, $path = ''){
+ if (is_null($root)) $root = $this->root;
+ if(!empty($path)){
+ $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+ }
+ $response = $this->oauth->fetch($this->api_url . 'search/' . $root . '/' . ltrim($path,'/'),array('query' => $query));
+ return json_decode($response['body'],true);
+ }
+
+ /**
+ * Creates and returns a shareable link to files or folders.
+ *
+ * Note: Links created by the /shares API call expire after thirty days.
+ *
+ * @param type $path
+ * @param type $root
+ * @return type
+ */
+ public function share($path, $root = null) {
+ if (is_null($root)) $root = $this->root;
+ $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+ $response = $this->oauth->fetch($this->api_url. 'shares/'. $root . '/' . ltrim($path, '/'), array(), 'POST');
+ return json_decode($response['body'],true);
+
+ }
+
+ /**
+ * Returns a link directly to a file.
+ * Similar to /shares. The difference is that this bypasses the Dropbox webserver, used to provide a preview of the file, so that you can effectively stream the contents of your media.
+ *
+ * Note: The /media link expires after four hours, allotting enough time to stream files, but not enough to leave a connection open indefinitely.
+ *
+ * @param type $path
+ * @param type $root
+ * @return type
+ */
+ public function media($path, $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+ $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+ $response = $this->oauth->fetch($this->api_url. 'media/'. $root . '/' . ltrim($path, '/'), array(), 'POST');
+ return json_decode($response['body'],true);
+
+ }
+
+ /**
+ * Creates and returns a copy_ref to a file. This reference string can be used to copy that file to another user's Dropbox by passing it in as the from_copy_ref parameter on /fileops/copy.
+ *
+ * @param type $path
+ * @param type $root
+ * @return type
+ */
+ public function copy_ref($path, $root = null) {
+
+ if (is_null($root)) $root = $this->root;
+ $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+ $response = $this->oauth->fetch($this->api_url. 'copy_ref/'. $root . '/' . ltrim($path, '/'));
+ return json_decode($response['body'],true);
+
+ }
+
+
+}
diff --git a/3rdparty/Dropbox/Exception.php b/3rdparty/Dropbox/Exception.php new file mode 100644 index 00000000000..50cbc4c7915 --- /dev/null +++ b/3rdparty/Dropbox/Exception.php @@ -0,0 +1,15 @@ +<?php + +/** + * Dropbox base exception + * + * @package Dropbox + * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/dropbox-php/wiki/License MIT + */ + +/** + * Base exception class + */ +class Dropbox_Exception extends Exception { } diff --git a/3rdparty/Dropbox/Exception/Forbidden.php b/3rdparty/Dropbox/Exception/Forbidden.php new file mode 100644 index 00000000000..5f0378cfc74 --- /dev/null +++ b/3rdparty/Dropbox/Exception/Forbidden.php @@ -0,0 +1,18 @@ +<?php + +/** + * Dropbox Forbidden exception + * + * @package Dropbox + * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/dropbox-php/wiki/License MIT + */ + +/** + * This exception is thrown when we receive the 403 forbidden response + */ +class Dropbox_Exception_Forbidden extends Dropbox_Exception { + + +} diff --git a/3rdparty/Dropbox/Exception/NotFound.php b/3rdparty/Dropbox/Exception/NotFound.php new file mode 100644 index 00000000000..3deaf90d76b --- /dev/null +++ b/3rdparty/Dropbox/Exception/NotFound.php @@ -0,0 +1,20 @@ +<?php + +/** + * Dropbox Not Found exception + * + * @package Dropbox + * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/dropbox-php/wiki/License MIT + */ + +/** + * This exception is thrown when a non-existant uri is accessed. + * + * Basically, this exception is used when we get back a 404. + */ +class Dropbox_Exception_NotFound extends Dropbox_Exception { + + +} diff --git a/3rdparty/Dropbox/Exception/OverQuota.php b/3rdparty/Dropbox/Exception/OverQuota.php new file mode 100644 index 00000000000..86e5425dbd8 --- /dev/null +++ b/3rdparty/Dropbox/Exception/OverQuota.php @@ -0,0 +1,20 @@ +<?php + +/** + * Dropbox Over Quota exception + * + * @package Dropbox + * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/dropbox-php/wiki/License MIT + */ + +/** + * This exception is thrown when the operation required more space than the available quota. + * + * Basically, this exception is used when we get back a 507. + */ +class Dropbox_Exception_OverQuota extends Dropbox_Exception { + + +} diff --git a/3rdparty/Dropbox/Exception/RequestToken.php b/3rdparty/Dropbox/Exception/RequestToken.php new file mode 100644 index 00000000000..5b117f2c6b0 --- /dev/null +++ b/3rdparty/Dropbox/Exception/RequestToken.php @@ -0,0 +1,18 @@ +<?php + +/** + * Dropbox RequestToken exception + * + * @package Dropbox + * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/dropbox-php/wiki/License MIT + */ + +/** + * This exception is thrown when an error occured during the request_token process. + */ +class Dropbox_Exception_RequestToken extends Dropbox_Exception { + + +} diff --git a/3rdparty/Dropbox/LICENSE.txt b/3rdparty/Dropbox/LICENSE.txt new file mode 100644 index 00000000000..cd3512acee6 --- /dev/null +++ b/3rdparty/Dropbox/LICENSE.txt @@ -0,0 +1,19 @@ +Copyright (c) 2010 Rooftop Solutions + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/3rdparty/Dropbox/OAuth.php b/3rdparty/Dropbox/OAuth.php new file mode 100644 index 00000000000..905cc2da1c6 --- /dev/null +++ b/3rdparty/Dropbox/OAuth.php @@ -0,0 +1,151 @@ +<?php + +/** + * Dropbox OAuth + * + * @package Dropbox + * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/dropbox-php/wiki/License MIT + */ + + +/** + * This class is an abstract OAuth class. + * + * It must be extended by classes who wish to provide OAuth functionality + * using different libraries. + */ +abstract class Dropbox_OAuth { + + /** + * After a user has authorized access, dropbox can redirect the user back + * to this url. + * + * @var string + */ + public $authorizeCallbackUrl = null; + + /** + * Uri used to fetch request tokens + * + * @var string + */ + const URI_REQUEST_TOKEN = 'https://api.dropbox.com/1/oauth/request_token'; + + /** + * Uri used to redirect the user to for authorization. + * + * @var string + */ + const URI_AUTHORIZE = 'https://www.dropbox.com/1/oauth/authorize'; + + /** + * Uri used to + * + * @var string + */ + const URI_ACCESS_TOKEN = 'https://api.dropbox.com/1/oauth/access_token'; + + /** + * An OAuth request token. + * + * @var string + */ + protected $oauth_token = null; + + /** + * OAuth token secret + * + * @var string + */ + protected $oauth_token_secret = null; + + + /** + * Constructor + * + * @param string $consumerKey + * @param string $consumerSecret + */ + abstract public function __construct($consumerKey, $consumerSecret); + + /** + * Sets the request token and secret. + * + * The tokens can also be passed as an array into the first argument. + * The array must have the elements token and token_secret. + * + * @param string|array $token + * @param string $token_secret + * @return void + */ + public function setToken($token, $token_secret = null) { + + if (is_array($token)) { + $this->oauth_token = $token['token']; + $this->oauth_token_secret = $token['token_secret']; + } else { + $this->oauth_token = $token; + $this->oauth_token_secret = $token_secret; + } + + } + + /** + * Returns the oauth request tokens as an associative array. + * + * The array will contain the elements 'token' and 'token_secret'. + * + * @return array + */ + public function getToken() { + + return array( + 'token' => $this->oauth_token, + 'token_secret' => $this->oauth_token_secret, + ); + + } + + /** + * Returns the authorization url + * + * @param string $callBack Specify a callback url to automatically redirect the user back + * @return string + */ + public function getAuthorizeUrl($callBack = null) { + + // Building the redirect uri + $token = $this->getToken(); + $uri = self::URI_AUTHORIZE . '?oauth_token=' . $token['token']; + if ($callBack) $uri.='&oauth_callback=' . $callBack; + return $uri; + } + + /** + * Fetches a secured oauth url and returns the response body. + * + * @param string $uri + * @param mixed $arguments + * @param string $method + * @param array $httpHeaders + * @return string + */ + public abstract function fetch($uri, $arguments = array(), $method = 'GET', $httpHeaders = array()); + + /** + * Requests the OAuth request token. + * + * @return array + */ + abstract public function getRequestToken(); + + /** + * Requests the OAuth access tokens. + * + * @return array + */ + abstract public function getAccessToken(); + +} diff --git a/3rdparty/Dropbox/OAuth/Consumer/Dropbox.php b/3rdparty/Dropbox/OAuth/Consumer/Dropbox.php new file mode 100644 index 00000000000..204a659de00 --- /dev/null +++ b/3rdparty/Dropbox/OAuth/Consumer/Dropbox.php @@ -0,0 +1,37 @@ +<?php +/** + * HTTP OAuth Consumer + * + * Adapted from halldirector's code in + * http://code.google.com/p/dropbox-php/issues/detail?id=36#c5 + * + * @package Dropbox + * @copyright Copyright (C) 2011 Joe Constant / halldirector. All rights reserved. + * @author Joe Constant / halldirector + * @license http://code.google.com/p/dropbox-php/wiki/License MIT + */ + +require_once 'HTTP/OAuth.php'; +require_once 'HTTP/OAuth/Consumer.php'; + +/* + * This class is to help work around aomw ssl issues. + */ +class Dropbox_OAuth_Consumer_Dropbox extends HTTP_OAuth_Consumer +{ + public function getOAuthConsumerRequest() + { + if (!$this->consumerRequest instanceof HTTP_OAuth_Consumer_Request) { + $this->consumerRequest = new HTTP_OAuth_Consumer_Request; + } + + // TODO: Change this and add in code to validate the SSL cert. + // see https://github.com/bagder/curl/blob/master/lib/mk-ca-bundle.pl + $this->consumerRequest->setConfig(array( + 'ssl_verify_peer' => false, + 'ssl_verify_host' => false + )); + + return $this->consumerRequest; + } +} diff --git a/3rdparty/Dropbox/OAuth/Curl.php b/3rdparty/Dropbox/OAuth/Curl.php new file mode 100644 index 00000000000..b75b27bb363 --- /dev/null +++ b/3rdparty/Dropbox/OAuth/Curl.php @@ -0,0 +1,282 @@ +<?php + +/** + * Dropbox OAuth + * + * @package Dropbox + * @copyright Copyright (C) 2011 Daniel Huesken + * @author Daniel Huesken (http://www.danielhuesken.de/) + * @license MIT + */ + +/** + * This class is used to sign all requests to dropbox. + * + * This specific class uses WordPress WP_Http to authenticate. + */ +class Dropbox_OAuth_Curl extends Dropbox_OAuth { + + /** + * + * @var string ConsumerKey + */ + protected $consumerKey = null; + /** + * + * @var string ConsumerSecret + */ + protected $consumerSecret = null; + /** + * + * @var string ProzessCallBack + */ + public $ProgressFunction = false; + + /** + * Constructor + * + * @param string $consumerKey + * @param string $consumerSecret + */ + public function __construct($consumerKey, $consumerSecret) { + if (!function_exists('curl_exec')) + throw new Dropbox_Exception('The PHP curl functions not available!'); + + $this->consumerKey = $consumerKey; + $this->consumerSecret = $consumerSecret; + } + + /** + * Fetches a secured oauth url and returns the response body. + * + * @param string $uri + * @param mixed $arguments + * @param string $method + * @param array $httpHeaders + * @return string + */ + public function fetch($uri, $arguments = array(), $method = 'GET', $httpHeaders = array()) { + + $uri=str_replace('http://', 'https://', $uri); // all https, upload makes problems if not + if (is_string($arguments) and strtoupper($method) == 'POST') { + preg_match("/\?file=(.*)$/i", $uri, $matches); + if (isset($matches[1])) { + $uri = str_replace($matches[0], "", $uri); + $filename = $matches[1]; + $httpHeaders=array_merge($httpHeaders,$this->getOAuthHeader($uri, array("file" => $filename), $method)); + } + } else { + $httpHeaders=array_merge($httpHeaders,$this->getOAuthHeader($uri, $arguments, $method)); + } + $ch = curl_init(); + if (strtoupper($method) == 'POST') { + curl_setopt($ch, CURLOPT_URL, $uri); + curl_setopt($ch, CURLOPT_POST, true); +// if (is_array($arguments)) +// $arguments=http_build_query($arguments); + curl_setopt($ch, CURLOPT_POSTFIELDS, $arguments); +// $httpHeaders['Content-Length']=strlen($arguments); + } else { + curl_setopt($ch, CURLOPT_URL, $uri.'?'.http_build_query($arguments)); + curl_setopt($ch, CURLOPT_POST, false); + } + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_TIMEOUT, 300); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); +// curl_setopt($ch, CURLOPT_CAINFO, "rootca"); + curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); + //Build header + $headers = array(); + foreach ($httpHeaders as $name => $value) { + $headers[] = "{$name}: $value"; + } + curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + if (!ini_get('safe_mode') && !ini_get('open_basedir')) + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); + if (function_exists($this->ProgressFunction) and defined('CURLOPT_PROGRESSFUNCTION')) { + curl_setopt($ch, CURLOPT_NOPROGRESS, false); + curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, $this->ProgressFunction); + curl_setopt($ch, CURLOPT_BUFFERSIZE, 512); + } + $response=curl_exec($ch); + $errorno=curl_errno($ch); + $error=curl_error($ch); + $status=curl_getinfo($ch,CURLINFO_HTTP_CODE); + curl_close($ch); + + + if (!empty($errorno)) + throw new Dropbox_Exception_NotFound('Curl error: ('.$errorno.') '.$error."\n"); + + if ($status>=300) { + $body = json_decode($response,true); + switch ($status) { + // Not modified + case 304 : + return array( + 'httpStatus' => 304, + 'body' => null, + ); + break; + case 403 : + throw new Dropbox_Exception_Forbidden('Forbidden. + This could mean a bad OAuth request, or a file or folder already existing at the target location. + ' . $body["error"] . "\n"); + case 404 : + throw new Dropbox_Exception_NotFound('Resource at uri: ' . $uri . ' could not be found. ' . + $body["error"] . "\n"); + case 507 : + throw new Dropbox_Exception_OverQuota('This dropbox is full. ' . + $body["error"] . "\n"); + } + if (!empty($body["error"])) + throw new Dropbox_Exception_RequestToken('Error: ('.$status.') '.$body["error"]."\n"); + } + + return array( + 'body' => $response, + 'httpStatus' => $status + ); + } + + /** + * Returns named array with oauth parameters for further use + * @return array Array with oauth_ parameters + */ + private function getOAuthBaseParams() { + $params['oauth_version'] = '1.0'; + $params['oauth_signature_method'] = 'HMAC-SHA1'; + + $params['oauth_consumer_key'] = $this->consumerKey; + $tokens = $this->getToken(); + if (isset($tokens['token']) && $tokens['token']) { + $params['oauth_token'] = $tokens['token']; + } + $params['oauth_timestamp'] = time(); + $params['oauth_nonce'] = md5(microtime() . mt_rand()); + return $params; + } + + /** + * Creates valid Authorization header for OAuth, based on URI and Params + * + * @param string $uri + * @param array $params + * @param string $method GET or POST, standard is GET + * @param array $oAuthParams optional, pass your own oauth_params here + * @return array Array for request's headers section like + * array('Authorization' => 'OAuth ...'); + */ + private function getOAuthHeader($uri, $params, $method = 'GET', $oAuthParams = null) { + $oAuthParams = $oAuthParams ? $oAuthParams : $this->getOAuthBaseParams(); + + // create baseString to encode for the sent parameters + $baseString = $method . '&'; + $baseString .= $this->oauth_urlencode($uri) . "&"; + + // OAuth header does not include GET-Parameters + $signatureParams = array_merge($params, $oAuthParams); + + // sorting the parameters + ksort($signatureParams); + + $encodedParams = array(); + foreach ($signatureParams as $key => $value) { + $encodedParams[] = $this->oauth_urlencode($key) . '=' . $this->oauth_urlencode($value); + } + + $baseString .= $this->oauth_urlencode(implode('&', $encodedParams)); + + // encode the signature + $tokens = $this->getToken(); + $hash = $this->hash_hmac_sha1($this->consumerSecret.'&'.$tokens['token_secret'], $baseString); + $signature = base64_encode($hash); + + // add signature to oAuthParams + $oAuthParams['oauth_signature'] = $signature; + + $oAuthEncoded = array(); + foreach ($oAuthParams as $key => $value) { + $oAuthEncoded[] = $key . '="' . $this->oauth_urlencode($value) . '"'; + } + + return array('Authorization' => 'OAuth ' . implode(', ', $oAuthEncoded)); + } + + /** + * Requests the OAuth request token. + * + * @return void + */ + public function getRequestToken() { + $result = $this->fetch(self::URI_REQUEST_TOKEN, array(), 'POST'); + if ($result['httpStatus'] == "200") { + $tokens = array(); + parse_str($result['body'], $tokens); + $this->setToken($tokens['oauth_token'], $tokens['oauth_token_secret']); + return $this->getToken(); + } else { + throw new Dropbox_Exception_RequestToken('We were unable to fetch request tokens. This likely means that your consumer key and/or secret are incorrect.'); + } + } + + /** + * Requests the OAuth access tokens. + * + * This method requires the 'unauthorized' request tokens + * and, if successful will set the authorized request tokens. + * + * @return void + */ + public function getAccessToken() { + $result = $this->fetch(self::URI_ACCESS_TOKEN, array(), 'POST'); + if ($result['httpStatus'] == "200") { + $tokens = array(); + parse_str($result['body'], $tokens); + $this->setToken($tokens['oauth_token'], $tokens['oauth_token_secret']); + return $this->getToken(); + } else { + throw new Dropbox_Exception_RequestToken('We were unable to fetch request tokens. This likely means that your consumer key and/or secret are incorrect.'); + } + } + + /** + * Helper function to properly urlencode parameters. + * See http://php.net/manual/en/function.oauth-urlencode.php + * + * @param string $string + * @return string + */ + private function oauth_urlencode($string) { + return str_replace('%E7', '~', rawurlencode($string)); + } + + /** + * Hash function for hmac_sha1; uses native function if available. + * + * @param string $key + * @param string $data + * @return string + */ + private function hash_hmac_sha1($key, $data) { + if (function_exists('hash_hmac') && in_array('sha1', hash_algos())) { + return hash_hmac('sha1', $data, $key, true); + } else { + $blocksize = 64; + $hashfunc = 'sha1'; + if (strlen($key) > $blocksize) { + $key = pack('H*', $hashfunc($key)); + } + + $key = str_pad($key, $blocksize, chr(0x00)); + $ipad = str_repeat(chr(0x36), $blocksize); + $opad = str_repeat(chr(0x5c), $blocksize); + $hash = pack('H*', $hashfunc(( $key ^ $opad ) . pack('H*', $hashfunc(($key ^ $ipad) . $data)))); + + return $hash; + } + } + + +}
\ No newline at end of file diff --git a/3rdparty/Dropbox/README.md b/3rdparty/Dropbox/README.md new file mode 100644 index 00000000000..54e05db762b --- /dev/null +++ b/3rdparty/Dropbox/README.md @@ -0,0 +1,31 @@ +Dropbox-php +=========== + +This PHP library allows you to easily integrate dropbox with PHP. + +The following PHP extension is required: + +* json + +The library makes use of OAuth. At the moment you can use either of these libraries: + +[PHP OAuth extension](http://pecl.php.net/package/oauth) +[PEAR's HTTP_OAUTH package](http://pear.php.net/package/http_oauth) + +The extension is recommended, but if you can't install php extensions you should go for the pear package. +Installing +---------- + + pear channel-discover pear.dropbox-php.com + pear install dropbox-php/Dropbox-alpha + +Documentation +------------- +Check out the [documentation](http://www.dropbox-php.com/docs). + +Questions? +---------- + +[Dropbox-php Mailing list](http://groups.google.com/group/dropbox-php) +[Official Dropbox developer forum](http://forums.dropbox.com/forum.php?id=5) + diff --git a/3rdparty/Dropbox/autoload.php b/3rdparty/Dropbox/autoload.php new file mode 100644 index 00000000000..5388ea6334a --- /dev/null +++ b/3rdparty/Dropbox/autoload.php @@ -0,0 +1,29 @@ +<?php + +/** + * This file registers a new autoload function using spl_autoload_register. + * + * @package Dropbox + * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/dropbox-php/wiki/License MIT + */ + +/** + * Autoloader function + * + * @param $className string + * @return void + */ +function Dropbox_autoload($className) { + + if(strpos($className,'Dropbox_')===0) { + + include dirname(__FILE__) . '/' . str_replace('_','/',substr($className,8)) . '.php'; + + } + +} + +spl_autoload_register('Dropbox_autoload'); + diff --git a/apps/calendar/ajax/calendar/edit.form.php b/apps/calendar/ajax/calendar/edit.form.php index 77366809311..036ed12bb74 100644 --- a/apps/calendar/ajax/calendar/edit.form.php +++ b/apps/calendar/ajax/calendar/edit.form.php @@ -11,7 +11,7 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('calendar'); $calendarcolor_options = OC_Calendar_Calendar::getCalendarColorOptions(); -$calendar = OC_Calendar_App::getCalendar($_GET['calendarid']); +$calendar = OC_Calendar_App::getCalendar($_POST['calendarid']); $tmpl = new OCP\Template("calendar", "part.editcalendar"); $tmpl->assign('new', false); $tmpl->assign('calendarcolor_options', $calendarcolor_options); diff --git a/apps/calendar/ajax/changeview.php b/apps/calendar/ajax/changeview.php index 2c2d09ccb12..0099fd5ec21 100644 --- a/apps/calendar/ajax/changeview.php +++ b/apps/calendar/ajax/changeview.php @@ -7,7 +7,7 @@ */ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('calendar'); -$view = $_GET['v']; +$view = $_POST['v']; switch($view){ case 'agendaWeek': case 'month'; diff --git a/apps/calendar/ajax/event/edit.form.php b/apps/calendar/ajax/event/edit.form.php index f2ea84dd205..dbb78edb798 100644 --- a/apps/calendar/ajax/event/edit.form.php +++ b/apps/calendar/ajax/event/edit.form.php @@ -13,7 +13,7 @@ if(!OCP\User::isLoggedIn()) { } OCP\JSON::checkAppEnabled('calendar'); -$id = $_GET['id']; +$id = $_POST['id']; $data = OC_Calendar_App::getEventObject($id, true, true); if(!$data){ diff --git a/apps/calendar/ajax/import/import.php b/apps/calendar/ajax/import/import.php index a3eaed844a1..6fdad12c085 100644 --- a/apps/calendar/ajax/import/import.php +++ b/apps/calendar/ajax/import/import.php @@ -16,9 +16,9 @@ $nl="\r\n"; $comps = array('VEVENT'=>true, 'VTODO'=>true, 'VJOURNAL'=>true); global $progresskey; -$progresskey = 'calendar.import-' . $_GET['progresskey']; +$progresskey = 'calendar.import-' . $_POST['progresskey']; -if (isset($_GET['progress']) && $_GET['progress']) { +if (isset($_POST['progress']) && $_POST['progress']) { echo OC_Cache::get($progresskey); die; } diff --git a/apps/calendar/ajax/settings/guesstimezone.php b/apps/calendar/ajax/settings/guesstimezone.php index 13092777b78..f36f3bf061f 100644 --- a/apps/calendar/ajax/settings/guesstimezone.php +++ b/apps/calendar/ajax/settings/guesstimezone.php @@ -12,8 +12,8 @@ OCP\JSON::checkAppEnabled('calendar'); $l = OC_L10N::get('calendar'); -$lat = $_GET['lat']; -$lng = $_GET['long']; +$lat = $_POST['lat']; +$lng = $_POST['lng']; $timezone = OC_Geo::timezone($lat, $lng); diff --git a/apps/calendar/ajax/share/activation.php b/apps/calendar/ajax/share/activation.php index 7d6b8fcb16e..bce8693577b 100644 --- a/apps/calendar/ajax/share/activation.php +++ b/apps/calendar/ajax/share/activation.php @@ -5,7 +5,7 @@ * later. * See the COPYING-README file. */ -$id = strip_tags($_GET['id']); -$activation = strip_tags($_GET['activation']); +$id = strip_tags($_POST['id']); +$activation = strip_tags($_POST['activation']); OC_Calendar_Share::set_active(OCP\USER::getUser(), $id, $activation); OCP\JSON::success(); diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php index 2737420c94e..e807c164a23 100644 --- a/apps/calendar/ajax/share/changepermission.php +++ b/apps/calendar/ajax/share/changepermission.php @@ -6,9 +6,9 @@ * See the COPYING-README file. */ -$id = strip_tags($_GET['id']); -$idtype = strip_tags($_GET['idtype']); -$permission = (int) strip_tags($_GET['permission']); +$id = strip_tags($_POST['id']); +$idtype = strip_tags($_POST['idtype']); +$permission = (int) strip_tags($_POST['permission']); switch($idtype){ case 'calendar': case 'event': @@ -25,8 +25,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){ OCP\JSON::error(array('message'=>'permission denied')); exit; } -$sharewith = $_GET['sharewith']; -$sharetype = strip_tags($_GET['sharetype']); +$sharewith = $_POST['sharewith']; +$sharetype = strip_tags($_POST['sharetype']); switch($sharetype){ case 'user': case 'group': diff --git a/apps/calendar/ajax/share/dropdown.php b/apps/calendar/ajax/share/dropdown.php index a3b0faca4bf..86cf4ac090e 100644 --- a/apps/calendar/ajax/share/dropdown.php +++ b/apps/calendar/ajax/share/dropdown.php @@ -7,7 +7,7 @@ */ $user = OCP\USER::getUser(); -$calid = $_GET['calid']; +$calid = $_POST['calid']; $calendar = OC_Calendar_Calendar::find($calid); if($calendar['userid'] != $user){ OCP\JSON::error(); diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php index 629a7b6b79f..838db619f62 100644 --- a/apps/calendar/ajax/share/share.php +++ b/apps/calendar/ajax/share/share.php @@ -6,8 +6,8 @@ * See the COPYING-README file. */ -$id = strip_tags($_GET['id']); -$idtype = strip_tags($_GET['idtype']); +$id = strip_tags($_POST['id']); +$idtype = strip_tags($_POST['idtype']); switch($idtype){ case 'calendar': case 'event': @@ -24,8 +24,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){ OCP\JSON::error(array('message'=>'permission denied')); exit; } -$sharewith = $_GET['sharewith']; -$sharetype = strip_tags($_GET['sharetype']); +$sharewith = $_POST['sharewith']; +$sharetype = strip_tags($_POST['sharetype']); switch($sharetype){ case 'user': case 'group': diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php index fe7c98452d7..1ce04677fb1 100644 --- a/apps/calendar/ajax/share/unshare.php +++ b/apps/calendar/ajax/share/unshare.php @@ -6,8 +6,8 @@ * See the COPYING-README file. */ -$id = strip_tags($_GET['id']); -$idtype = strip_tags($_GET['idtype']); +$id = strip_tags($_POST['id']); +$idtype = strip_tags($_POST['idtype']); switch($idtype){ case 'calendar': case 'event': @@ -24,8 +24,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){ OCP\JSON::error(array('message'=>'permission denied')); exit; } -$sharewith = $_GET['sharewith']; -$sharetype = strip_tags($_GET['sharetype']); +$sharewith = $_POST['sharewith']; +$sharetype = strip_tags($_POST['sharetype']); switch($sharetype){ case 'user': case 'group': diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js index b5411d3fd95..7ae4a3a6eb1 100644 --- a/apps/calendar/js/calendar.js +++ b/apps/calendar/js/calendar.js @@ -49,6 +49,7 @@ Calendar={ $( "#event" ).tabs({ selected: 0}); $('#event').dialog({ width : 500, + height: 600, close : function(event, ui) { $(this).dialog('destroy').remove(); } @@ -77,7 +78,7 @@ Calendar={ $('#event').dialog('destroy').remove(); }else{ Calendar.UI.loading(true); - $('#dialog_holder').load(OC.filePath('calendar', 'ajax/event', 'edit.form.php') + '?id=' + id, Calendar.UI.startEventDialog); + $('#dialog_holder').load(OC.filePath('calendar', 'ajax/event', 'edit.form.php'), {id: id}, Calendar.UI.startEventDialog); } }, submitDeleteEventForm:function(url){ @@ -413,7 +414,7 @@ Calendar={ }, edit:function(object, calendarid){ var tr = $(document.createElement('tr')) - .load(OC.filePath('calendar', 'ajax/calendar', 'edit.form.php') + "?calendarid="+calendarid, + .load(OC.filePath('calendar', 'ajax/calendar', 'edit.form.php'), {calendarid: calendarid}, function(){Calendar.UI.Calendar.colorPicker(this)}); $(object).closest('tr').after(tr).hide(); }, @@ -502,14 +503,14 @@ Calendar={ currentid: 'false', idtype: '', activation:function(object,owner,id){ - $.getJSON(OC.filePath('calendar', 'ajax/share', 'activation.php'),{id:id, idtype:'calendar', activation:object.checked?1:0}); + $.post(OC.filePath('calendar', 'ajax/share', 'activation.php'),{id:id, idtype:'calendar', activation:object.checked?1:0}); $('#calendar_holder').fullCalendar('refetchEvents'); }, dropdown:function(userid, calid){ $('.calendar_share_dropdown').remove(); var element = document.getElementById(userid+'_'+calid); $('<div class="calendar_share_dropdown"></div>').appendTo(element); - $.get(OC.filePath('calendar', 'ajax/share', 'dropdown.php') + '?calid=' + calid, function(data){ + $.post(OC.filePath('calendar', 'ajax/share', 'dropdown.php'), {calid: calid}, function(data){ $('.calendar_share_dropdown').html(data); $('.calendar_share_dropdown').show('blind'); $('#share_user').chosen(); @@ -519,7 +520,7 @@ Calendar={ Calendar.UI.Share.idtype = 'calendar'; }, share:function(id, idtype, sharewith, sharetype){ - $.getJSON(OC.filePath('calendar', 'ajax/share', 'share.php'),{id:id, idtype:idtype, sharewith:sharewith, sharetype:sharetype}, function(data){ + $.post(OC.filePath('calendar', 'ajax/share', 'share.php'),{id:id, idtype:idtype, sharewith:sharewith, sharetype:sharetype}, function(data){ if(sharetype == 'public'){ $('#public_token').val(parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service=calendar&t='+data.message); $('#public_token').css('display', 'block'); @@ -527,7 +528,7 @@ Calendar={ }); }, unshare:function(id, idtype, sharewith, sharetype){ - $.getJSON(OC.filePath('calendar', 'ajax/share', 'unshare.php'),{id:id, idtype:idtype, sharewith:sharewith, sharetype:sharetype}, function(){ + $.post(OC.filePath('calendar', 'ajax/share', 'unshare.php'),{id:id, idtype:idtype, sharewith:sharewith, sharetype:sharetype}, function(){ if(sharetype == 'public'){ $('#public_token').val(''); $('#public_token').css('display', 'none'); @@ -535,7 +536,7 @@ Calendar={ }); }, changepermission:function(id, idtype, sharewith, sharetype, permission){ - $.getJSON(OC.filePath('calendar', 'ajax/share', 'changepermission.php'),{id:id, idtype:idtype, sharewith: sharewith, sharetype:sharetype, permission: (permission?1:0)}); + $.post(OC.filePath('calendar', 'ajax/share', 'changepermission.php'),{id:id, idtype:idtype, sharewith: sharewith, sharetype:sharetype, permission: (permission?1:0)}); }, init:function(){ $('.calendar_share_dropdown').live('mouseleave', function(){ @@ -846,7 +847,7 @@ $(document).ready(function(){ viewDisplay: function(view) { $('#datecontrol_date').html(view.title); if (view.name != defaultView) { - $.get(OC.filePath('calendar', 'ajax', 'changeview.php') + "?v="+view.name); + $.post(OC.filePath('calendar', 'ajax', 'changeview.php'), {v:view.name}); defaultView = view.name; } Calendar.UI.setViewActive(view.name); diff --git a/apps/calendar/js/geo.js b/apps/calendar/js/geo.js index 092d8547469..99290d940e3 100644 --- a/apps/calendar/js/geo.js +++ b/apps/calendar/js/geo.js @@ -6,7 +6,7 @@ */ if (navigator.geolocation) { navigator.geolocation.getCurrentPosition(function(position) { - $.getJSON(OC.filePath('calendar', 'ajax/settings', 'guesstimezone.php') + '?lat=' + position.coords.latitude + '&long=' + position.coords.longitude, + $.post(OC.filePath('calendar', 'ajax/settings', 'guesstimezone.php'), {lat: position.coords.latitude, lng: position.coords.longitude}, function(data){ if (data.status == 'success' && typeof(data.message) != 'undefined'){ $('#notification').html(data.message); diff --git a/apps/calendar/js/loader.js b/apps/calendar/js/loader.js index 838521ec7f5..0fc5018e89c 100644 --- a/apps/calendar/js/loader.js +++ b/apps/calendar/js/loader.js @@ -63,7 +63,7 @@ Calendar_Import={ }); }, getimportstatus: function(progresskey){ - $.get(OC.filePath('calendar', 'ajax/import', 'import.php') + '?progress=1&progresskey=' + progresskey, function(percent){ + $.post(OC.filePath('calendar', 'ajax/import', 'import.php'), {progress:1,progresskey: progresskey}, function(percent){ $('#progressbar').progressbar('option', 'value', parseInt(percent)); if(percent < 100){ window.setTimeout('Calendar_Import.getimportstatus(\'' + progresskey + '\')', 500); diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php index 8b0d6093b65..546cc4a509d 100644 --- a/apps/calendar/lib/object.php +++ b/apps/calendar/lib/object.php @@ -671,6 +671,9 @@ class OC_Calendar_Object{ $byday .= ',' . $weekofmonth . $days[$day]; } } + if($byday == ''){ + $byday = 'MO,TU,WE,TH,FR,SA,SU'; + } $rrule .= ';BYDAY=' . $byday; } break; diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.php b/apps/calendar/templates/part.choosecalendar.rowfields.php index bad268897bf..268c3356011 100644 --- a/apps/calendar/templates/part.choosecalendar.rowfields.php +++ b/apps/calendar/templates/part.choosecalendar.rowfields.php @@ -2,7 +2,7 @@ echo '<td width="20px"><input id="active_' . $_['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Calendar.activation(this,' . $_['calendar']['id'] . ')"' . ($_['calendar']['active'] ? ' checked="checked"' : '') . '></td>'; echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . htmlspecialchars($_['calendar']['displayname']) . '</label></td>'; echo '<td width="20px"><a href="#" onclick="Calendar.UI.Share.dropdown(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['id'] . '\');" title="' . $l->t("Share Calendar") . '" class="action"><img class="svg action" src="' . ((!$_['shared']) ? OCP\Util::imagePath('core', 'actions/share.svg') : OCP\Util::imagePath('core', 'actions/shared.svg')) . '"></a></td>'; -echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['uri'] . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>'; +echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . htmlentities($_['calendar']['uri']) . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>'; echo '<td width="20px"><a href="?app=calendar&getfile=export.php?calid=' . $_['calendar']['id'] . '" title="' . $l->t('Download') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/download.svg').'"></a></td>'; echo '<td width="20px"><a href="#" title="' . $l->t('Edit') . '" class="action" onclick="Calendar.UI.Calendar.edit(this, ' . $_['calendar']['id'] . ');"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/rename.svg').'"></a></td>'; echo '<td width="20px"><a href="#" onclick="Calendar.UI.Calendar.deleteCalendar(\'' . $_['calendar']['id'] . '\');" title="' . $l->t('Delete') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/delete.svg').'"></a></td>'; diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php index 39cda29c20d..b966100cc11 100644 --- a/apps/calendar/templates/part.import.php +++ b/apps/calendar/templates/part.import.php @@ -8,6 +8,9 @@ <?php $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser()); $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar')); +for($i = 0;$i<count($calendar_options);$i++){ + $calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']); +} echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname')); ?> </select> diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php index 2f932d752a7..42b0c782035 100644 --- a/apps/contacts/ajax/addproperty.php +++ b/apps/contacts/ajax/addproperty.php @@ -24,6 +24,12 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('contacts'); +function bailOut($msg) { + OCP\JSON::error(array('data' => array('message' => $msg))); + OCP\Util::writeLog('contacts','ajax/addproperty.php: '.$msg, OCP\Util::DEBUG); + exit(); +} + $id = isset($_POST['id'])?$_POST['id']:null; $name = isset($_POST['name'])?$_POST['name']:null; $value = isset($_POST['value'])?$_POST['value']:null; @@ -31,11 +37,21 @@ $parameters = isset($_POST['parameters'])?$_POST['parameters']:array(); $vcard = OC_Contacts_App::getContactVCard($id); +if(!$name) { + bailOut(OC_Contacts_App::$l10n->t('element name is not set.')); +} +if(!$id) { + bailOut(OC_Contacts_App::$l10n->t('id is not set.')); +} + +if(!$vcard) { + bailOut(OC_Contacts_App::$l10n->t('Could not parse contact: ').$id); +} + if(!is_array($value)){ $value = trim($value); if(!$value && in_array($name, array('TEL', 'EMAIL', 'ORG', 'BDAY', 'URL', 'NICKNAME', 'NOTE'))) { - OCP\JSON::error(array('data' => array('message' => OC_Contacts_App::$l10n->t('Cannot add empty property.')))); - exit(); + bailOut(OC_Contacts_App::$l10n->t('Cannot add empty property.')); } } elseif($name === 'ADR') { // only add if non-empty elements. $empty = true; @@ -46,8 +62,7 @@ if(!is_array($value)){ } } if($empty) { - OCP\JSON::error(array('data' => array('message' => OC_Contacts_App::$l10n->t('At least one of the address fields has to be filled out.')))); - exit(); + bailOut(OC_Contacts_App::$l10n->t('At least one of the address fields has to be filled out.')); } } @@ -56,9 +71,7 @@ $current = $vcard->select($name); foreach($current as $item) { $tmpvalue = (is_array($value)?implode(';', $value):$value); if($tmpvalue == $item->value) { - OCP\JSON::error(array('data' => array('message' => OC_Contacts_App::$l10n->t('Trying to add duplicate property: ').$name.': '.$tmpvalue))); - OCP\Util::writeLog('contacts','ajax/addproperty.php: Trying to add duplicate property: '.$name.': '.$tmpvalue, OCP\Util::DEBUG); - exit(); + bailOut(OC_Contacts_App::$l10n->t('Trying to add duplicate property: '.$name.': '.$tmpvalue)); } } @@ -114,9 +127,7 @@ foreach ($parameters as $key=>$element) { $checksum = md5($vcard->children[$line]->serialize()); if(!OC_Contacts_VCard::edit($id,$vcard)) { - OCP\JSON::error(array('data' => array('message' => OC_Contacts_App::$l10n->t('Error adding contact property.')))); - OCP\Util::writeLog('contacts','ajax/addproperty.php: Error updating contact property: '.$name, OCP\Util::ERROR); - exit(); + bailOut(OC_Contacts_App::$l10n->t('Error adding contact property: '.$name)); } OCP\JSON::success(array('data' => array( 'checksum' => $checksum ))); diff --git a/apps/contacts/ajax/deletecard.php b/apps/contacts/ajax/deletecard.php index 6414fda93cb..e6d0405a240 100644 --- a/apps/contacts/ajax/deletecard.php +++ b/apps/contacts/ajax/deletecard.php @@ -29,7 +29,7 @@ function bailOut($msg) { OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('contacts'); -$id = isset($_GET['id'])?$_GET['id']:null; +$id = isset($_POST['id'])?$_POST['id']:null; if(!$id) { bailOut(OC_Contacts_App::$l10n->t('id is not set.')); } diff --git a/apps/contacts/ajax/deleteproperty.php b/apps/contacts/ajax/deleteproperty.php index b0746d18a79..e6c2bd9f803 100644 --- a/apps/contacts/ajax/deleteproperty.php +++ b/apps/contacts/ajax/deleteproperty.php @@ -24,8 +24,8 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('contacts'); -$id = $_GET['id']; -$checksum = $_GET['checksum']; +$id = $_POST['id']; +$checksum = $_POST['checksum']; $vcard = OC_Contacts_App::getContactVCard( $id ); $line = OC_Contacts_App::getPropertyLineByChecksum($vcard, $checksum); diff --git a/apps/contacts/js/contacts.js b/apps/contacts/js/contacts.js index 35d4a4a216d..a241856300b 100644 --- a/apps/contacts/js/contacts.js +++ b/apps/contacts/js/contacts.js @@ -368,7 +368,7 @@ Contacts={ $('#contacts_deletecard').tipsy('hide'); OC.dialogs.confirm(t('contacts', 'Are you sure you want to delete this contact?'), t('contacts', 'Warning'), function(answer) { if(answer == true) { - $.getJSON(OC.filePath('contacts', 'ajax', 'deletecard.php'),{'id':Contacts.UI.Card.id},function(jsondata){ + $.post(OC.filePath('contacts', 'ajax', 'deletecard.php'),{'id':Contacts.UI.Card.id},function(jsondata){ if(jsondata.status == 'success'){ var newid = ''; var curlistitem = $('#leftcontent [data-id="'+jsondata.data.id+'"]'); @@ -707,7 +707,7 @@ Contacts={ Contacts.UI.loading(obj, true); var checksum = Contacts.UI.checksumFor(obj); if(checksum) { - $.getJSON(OC.filePath('contacts', 'ajax', 'deleteproperty.php'),{'id': this.id, 'checksum': checksum },function(jsondata){ + $.post(OC.filePath('contacts', 'ajax', 'deleteproperty.php'),{'id': this.id, 'checksum': checksum },function(jsondata){ if(jsondata.status == 'success'){ if(type == 'list') { Contacts.UI.propertyContainerFor(obj).remove(); diff --git a/apps/contacts/js/loader.js b/apps/contacts/js/loader.js index 961e0f425c9..577ad103064 100644 --- a/apps/contacts/js/loader.js +++ b/apps/contacts/js/loader.js @@ -42,20 +42,20 @@ Contacts_Import={ }
$('#newaddressbook').attr('readonly', 'readonly');
$('#contacts').attr('disabled', 'disabled');
- var progresskey = $('#progresskey').val(); - $.post(OC.filePath('contacts', '', 'import.php') + '?progresskey='+progresskey, {method: String (method), addressbookname: String (addressbookname), path: String (path), file: String (filename), id: String (addressbookid)}, function(jsondata){ + var progresskey = $('#progresskey').val();
+ $.post(OC.filePath('contacts', '', 'import.php') + '?progresskey='+progresskey, {method: String (method), addressbookname: String (addressbookname), path: String (path), file: String (filename), id: String (addressbookid)}, function(jsondata){
if(jsondata.status == 'success'){
$('#progressbar').progressbar('option', 'value', 100);
$('#import_done').find('p').html(t('contacts', 'Result: ') + jsondata.data.imported + t('contacts', ' imported, ') + jsondata.data.failed + t('contacts', ' failed.'));
} else {
- $('#import_done').find('p').html(jsondata.data.message);
+ $('#import_done').find('p').html(jsondata.message);
}
$('#import_done').show().find('p').addClass('bold');
$('#progressbar').fadeOut('slow');
});
$('#form_container').css('display', 'none');
$('#progressbar_container').css('display', 'block');
- window.setTimeout('Contacts_Import.getimportstatus(\'' + progresskey + '\')', 500); + window.setTimeout('Contacts_Import.getimportstatus(\'' + progresskey + '\')', 500);
});
$('#contacts').change(function(){
if($('#contacts option:selected').val() == 'newaddressbook'){
@@ -65,11 +65,11 @@ Contacts_Import={ }
});
},
- getimportstatus: function(progresskey){ - $.get(OC.filePath('contacts', '', 'import.php') + '?progress=1&progresskey=' + progresskey, function(percent){ + getimportstatus: function(progresskey){
+ $.get(OC.filePath('contacts', '', 'import.php') + '?progress=1&progresskey=' + progresskey, function(percent){
$('#progressbar').progressbar('option', 'value', parseInt(percent));
if(percent < 100){
- window.setTimeout('Contacts_Import.getimportstatus(\'' + progresskey + '\')', 500); + window.setTimeout('Contacts_Import.getimportstatus(\'' + progresskey + '\')', 500);
}else{
$('#import_done').css('display', 'block');
}
diff --git a/apps/files_encryption/lib/cryptstream.php b/apps/files_encryption/lib/cryptstream.php index d6643f32689..a698ee00335 100644 --- a/apps/files_encryption/lib/cryptstream.php +++ b/apps/files_encryption/lib/cryptstream.php @@ -35,8 +35,12 @@ class OC_CryptStream{ private $meta=array();//header/meta for source stream private $count; private $writeCache; + private static $rootView; public function stream_open($path, $mode, $options, &$opened_path){ + if(!self::$rootView){ + self::$rootView=new OC_FilesystemView(''); + } $path=str_replace('crypt://','',$path); if(dirname($path)=='streams' and isset(self::$sourceStreams[basename($path)])){ $this->source=self::$sourceStreams[basename($path)]['stream']; @@ -45,7 +49,7 @@ class OC_CryptStream{ $this->path=$path; OCP\Util::writeLog('files_encryption','open encrypted '.$path. ' in '.$mode,OCP\Util::DEBUG); OC_FileProxy::$enabled=false;//disable fileproxies so we can open the source file - $this->source=OC_FileSystem::fopen($path,$mode); + $this->source=self::$rootView->fopen($path,$mode); OC_FileProxy::$enabled=true; if(!is_resource($this->source)){ OCP\Util::writeLog('files_encryption','failed to open '.$path,OCP\Util::ERROR); diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 06f963fc981..9fd57c0f02b 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -59,7 +59,7 @@ class OC_FileProxy_Encryption extends OC_FileProxy{ * @return bool */ private static function isEncrypted($path){ - $metadata=OC_FileCache::getCached($path); + $metadata=OC_FileCache::getCached($path,''); return isset($metadata['encrypted']) and (bool)$metadata['encrypted']; } diff --git a/apps/files_encryption/tests/proxy.php b/apps/files_encryption/tests/proxy.php index 0450de82acb..f36b2193430 100644 --- a/apps/files_encryption/tests/proxy.php +++ b/apps/files_encryption/tests/proxy.php @@ -30,6 +30,9 @@ class Test_CryptProxy extends UnitTestCase { } public function testSimple(){ + $oldConfig=OCP\Config::getAppValue('files_encryption','enable_encryption','true'); + OCP\Config::setAppValue('files_encryption','enable_encryption','true'); + $file=OC::$SERVERROOT.'/3rdparty/MDB2.php'; $original=file_get_contents($file); @@ -42,5 +45,17 @@ class Test_CryptProxy extends UnitTestCase { $fromFile=OC_Filesystem::file_get_contents('/file'); $this->assertNotEqual($original,$stored); $this->assertEqual($original,$fromFile); + + $rootView=new OC_FilesystemView(''); + $view=new OC_FilesystemView('/'.OC_User::getUser()); + $userDir='/'.OC_User::getUser().'/files'; + + $fromFile=$rootView->file_get_contents($userDir.'/file'); + $this->assertEqual($original,$fromFile); + + $fromFile=$view->file_get_contents('files/file'); + $this->assertEqual($original,$fromFile); + + OCP\Config::setAppValue('files_encryption','enable_encryption',$oldConfig); } } diff --git a/apps/files_external/appinfo/app.php b/apps/files_external/appinfo/app.php index b7a07b4aacb..837d35c9c63 100644 --- a/apps/files_external/appinfo/app.php +++ b/apps/files_external/appinfo/app.php @@ -13,6 +13,7 @@ OC::$CLASSPATH['OC_Filestorage_Google']='apps/files_external/lib/google.php'; OC::$CLASSPATH['OC_Filestorage_SWIFT']='apps/files_external/lib/swift.php'; OC::$CLASSPATH['OC_Filestorage_SMB']='apps/files_external/lib/smb.php'; OC::$CLASSPATH['OC_Filestorage_AmazonS3']='apps/files_external/lib/amazons3.php'; +OC::$CLASSPATH['OC_Filestorage_Dropbox']='apps/files_external/lib/dropbox.php'; OC::$CLASSPATH['OC_Mount_Config']='apps/files_external/lib/config.php'; OCP\App::registerAdmin('files_external', 'settings'); diff --git a/apps/files_external/lib/dropbox.php b/apps/files_external/lib/dropbox.php new file mode 100755 index 00000000000..5e94277c6d4 --- /dev/null +++ b/apps/files_external/lib/dropbox.php @@ -0,0 +1,203 @@ +<?php + +/** +* ownCloud +* +* @author Michael Gapczynski +* @copyright 2012 Michael Gapczynski mtgap@owncloud.com +* +* This library is free software; you can redistribute it and/or +* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE +* License as published by the Free Software Foundation; either +* version 3 of the License, or any later version. +* +* This library is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU AFFERO GENERAL PUBLIC LICENSE for more details. +* +* You should have received a copy of the GNU Affero General Public +* License along with this library. If not, see <http://www.gnu.org/licenses/>. +*/ + +require_once 'Dropbox/autoload.php'; + +class OC_Filestorage_Dropbox extends OC_Filestorage_Common { + + private $dropbox; + private $metaData = array(); + + private static $tempFiles = array(); + + public function __construct($params) { + $oauth = new Dropbox_OAuth_Curl($params['app_key'], $params['app_secret']); + $oauth->setToken($params['token'], $params['token_secret']); + $this->dropbox = new Dropbox_API($oauth, 'dropbox'); + + } + + private function getMetaData($path, $list = false) { + if (!$list && isset($this->metaData[$path])) { + return $this->metaData[$path]; + } else { + if ($list) { + $response = $this->dropbox->getMetaData($path); + if ($response && isset($response['contents'])) { + $contents = $response['contents']; + // Cache folder's contents + foreach ($contents as $file) { + $this->metaData[$path.'/'.basename($file['path'])] = $file; + } + unset($response['contents']); + $this->metaData[$path] = $response; + } + $this->metaData[$path] = $response; + // Return contents of folder only + return $contents; + } else { + try { + $response = $this->dropbox->getMetaData($path, 'false'); + $this->metaData[$path] = $response; + return $response; + } catch (Exception $exception) { + return false; + } + } + } + } + + public function mkdir($path) { + return $this->dropbox->createFolder($path); + } + + public function rmdir($path) { + return $this->dropbox->delete($path); + } + + public function opendir($path) { + if ($contents = $this->getMetaData($path, true)) { + $files = array(); + foreach ($contents as $file) { + $files[] = basename($file['path']); + } + OC_FakeDirStream::$dirs['dropbox'] = $files; + return opendir('fakedir://dropbox'); + } + return false; + } + + public function stat($path) { + if ($metaData = $this->getMetaData($path)) { + $stat['size'] = $metaData['bytes']; + $stat['atime'] = time(); + $stat['mtime'] = strtotime($metaData['modified']); + $stat['ctime'] = $stat['mtime']; + return $stat; + } + return false; + } + + public function filetype($path) { + if ($path == '' || $path == '/') { + return 'dir'; + } else if ($metaData = $this->getMetaData($path)) { + if ($metaData['is_dir'] == 'true') { + return 'dir'; + } else { + return 'file'; + } + } + return false; + } + + public function is_readable($path) { + return true; + } + + public function is_writable($path) { + return true; + } + + public function file_exists($path) { + if ($path == '' || $path == '/') { + return true; + } + if ($this->getMetaData($path)) { + return true; + } + return false; + } + + public function unlink($path) { + return $this->dropbox->delete($path); + } + + public function fopen($path, $mode) { + switch ($mode) { + case 'r': + case 'rb': + $tmpFile = OC_Helper::tmpFile(); + file_put_contents($tmpFile, $this->dropbox->getFile($path)); + return fopen($tmpFile, 'r'); + case 'w': + case 'wb': + case 'a': + case 'ab': + case 'r+': + case 'w+': + case 'wb+': + case 'a+': + case 'x': + case 'x+': + case 'c': + case 'c+': + if (strrpos($path, '.') !== false) { + $ext = substr($path, strrpos($path, '.')); + } else { + $ext = ''; + } + $tmpFile = OC_Helper::tmpFile($ext); + OC_CloseStreamWrapper::$callBacks[$tmpFile] = array($this, 'writeBack'); + if ($this->file_exists($path)) { + $source = $this->fopen($path, 'r'); + file_put_contents($tmpFile, $source); + } + self::$tempFiles[$tmpFile] = $path; + return fopen('close://'.$tmpFile, $mode); + } + return false; + } + + public function writeBack($tmpFile) { + if (isset(self::$tempFiles[$tmpFile])) { + $handle = fopen($tmpFile, 'r'); + $response = $this->dropbox->putFile(self::$tempFiles[$tmpFile], $handle); + if ($response) { + unlink($tmpFile); + } + } + } + + public function getMimeType($path) { + if ($this->filetype($path) == 'dir') { + return 'httpd/unix-directory'; + } else if ($metaData = $this->getMetaData($path)) { + return $metaData['mime_type']; + } + return false; + } + + public function free_space($path) { + if ($info = $this->dropbox->getAccountInfo()) { + return $info['quota_info']['quota'] - $info['quota_info']['normal']; + } + return false; + } + + public function touch($path, $mtime = null) { + return false; + } + +} + +?>
\ No newline at end of file diff --git a/apps/gallery/appinfo/app.php b/apps/gallery/appinfo/app.php index 2aa6a9e8f92..e3a8dbd588b 100644 --- a/apps/gallery/appinfo/app.php +++ b/apps/gallery/appinfo/app.php @@ -50,6 +50,6 @@ class OC_GallerySearchProvider extends OC_Search_Provider{ } } -OC_Search::registerProvider('OC_GallerySearchProvider'); +//OC_Search::registerProvider('OC_GallerySearchProvider'); require_once('apps/gallery/lib/hooks_handlers.php'); diff --git a/apps/gallery/lib/managers.php b/apps/gallery/lib/managers.php index 41300058936..9a2dbd3bae2 100644 --- a/apps/gallery/lib/managers.php +++ b/apps/gallery/lib/managers.php @@ -4,9 +4,6 @@ namespace OC\Pictures; require_once('lib/base.php'); -\OCP\JSON::checkLoggedIn(); -\OCP\JSON::checkAppEnabled('gallery'); - class DatabaseManager { private static $instance = null; const TAG = 'DatabaseManager'; @@ -29,10 +26,8 @@ class DatabaseManager { if (!$image->loadFromFile($path)) { return false; } - \OCP\DB::beginTransaction(); $stmt = \OCP\DB::prepare('INSERT INTO *PREFIX*pictures_images_cache (uid_owner, path, width, height) VALUES (?, ?, ?, ?)'); $stmt->execute(array(\OCP\USER::getUser(), $path, $image->width(), $image->height())); - \OCP\DB::commit(); $ret = array('path' => $path, 'width' => $image->width(), 'height' => $image->height()); unset($image); return $ret; @@ -81,9 +76,14 @@ class ThumbnailsManager { public function getThumbnailInfo($path) { $arr = DatabaseManager::getInstance()->getFileData($path); + if (!$arr) { + $thubnail = $this->getThumbnail($path); + unset($thubnail); + $arr = DatabaseManager::getInstance()->getFileData($path); + } $ret = array('filepath' => $arr['path'], - 'width' => $arr['width'], - 'height' => $arr['height']); + 'width' => $arr['width'], + 'height' => $arr['height']); return $ret; } diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php index f1961cb72e5..e43c99bb76a 100644 --- a/apps/gallery/lib/tiles.php +++ b/apps/gallery/lib/tiles.php @@ -95,7 +95,7 @@ class TileSingle extends TileBase { public function get($extra = '') { // !HACK! file path needs to be encoded twice because files app decode twice url, so any special chars like + or & in filename // !HACK! will result in failing of opening them - return '<a rel="images" title="'.basename($this->getPath()).'" href="'.\OCP\Util::linkTo('files', 'download.php').'?file='.urlencode(urlencode($this->getPath())).'"><img rel="images" src="'.\OCP\Util::linkTo('gallery', 'ajax/thumbnail.php').'&filepath='.urlencode($this->getPath()).'" '.$extra.'></a>'; + return '<a rel="images" title="'.htmlentities(basename($this->getPath())).'" href="'.\OCP\Util::linkTo('files', 'download.php').'?file='.urlencode(urlencode($this->getPath())).'"><img rel="images" src="'.\OCP\Util::linkTo('gallery', 'ajax/thumbnail.php').'&filepath='.urlencode($this->getPath()).'" '.$extra.'></a>'; } public function getMiniatureSrc() { diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php index e761cb54725..fd83490d60c 100644 --- a/apps/gallery/templates/index.php +++ b/apps/gallery/templates/index.php @@ -82,7 +82,7 @@ sort($images); $arr = array(); $tl = new \OC\Pictures\TilesLine(); $ts = new \OC\Pictures\TileStack(array(), ''); -$previous_element = $images[0]; +$previous_element = @$images[0]; for($i = 0; $i < count($images); $i++) { $prev_dir_arr = explode('/', $previous_element); $dir_arr = explode('/', $images[$i]); diff --git a/apps/media/ajax/api.php b/apps/media/ajax/api.php index 6e269f3bb78..a229c17e804 100644 --- a/apps/media/ajax/api.php +++ b/apps/media/ajax/api.php @@ -103,6 +103,10 @@ if($arguments['action']){ @ob_end_clean(); $ftype=OC_Filesystem::getMimeType( $arguments['path'] ); + if(substr($ftype,0,5)!='audio' and $ftype!='application/ogg'){ + echo 'Not an audio file'; + exit(); + } $songId=OC_MEDIA_COLLECTION::getSongByPath($arguments['path']); OC_MEDIA_COLLECTION::registerPlay($songId); diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index ac0e83bb373..99e2272d3ab 100644 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -25,6 +25,7 @@ * */ +header("X-Frame-Options: Sameorigin"); // Do not load FS ... $RUNTIME_NOSETUPFS = true; @@ -43,9 +44,9 @@ foreach($_GET as $k => $v) { $userId=$v; } else if($k=='redirect_uri'){ $appUrlParts=explode('/', $v); - $appUrl = $appUrlParts[2];//bit dodgy i guess + $appUrl = htmlentities($appUrlParts[2]);//TODO: check if this is equal to client_id } else if($k=='scope'){ - $categories=$v; + $categories=htmlentities($v); } } $currUser = OCP\USER::getUser(); @@ -112,7 +113,7 @@ if($userId && $appUrl && $categories) { }//end 'need to click Allow still' } else {//login not ok if($currUser) { - die('You are logged in as '.$currUser.' instead of '.$userId); + die('You are logged in as '.$currUser.' instead of '.htmlentities($userId)); } else { header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING'])); } diff --git a/apps/tasks/ajax/addtask.php b/apps/tasks/ajax/addtask.php index d6e313bd089..9f35e7f21ec 100644 --- a/apps/tasks/ajax/addtask.php +++ b/apps/tasks/ajax/addtask.php @@ -8,7 +8,7 @@ $calendars = OC_Calendar_Calendar::allCalendars(OCP\User::getUser(), true); $first_calendar = reset($calendars); $cid = $first_calendar['id']; -$input = $_GET['text']; +$input = $_POST['text']; $request = array(); $request['summary'] = $input; $request["categories"] = null; diff --git a/apps/tasks/ajax/delete.php b/apps/tasks/ajax/delete.php index 6d2868748d1..e29add9b556 100644 --- a/apps/tasks/ajax/delete.php +++ b/apps/tasks/ajax/delete.php @@ -24,7 +24,7 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('tasks'); -$id = $_GET['id']; +$id = $_POST['id']; $task = OC_Calendar_App::getEventObject( $id ); OC_Calendar_Object::delete($id); diff --git a/apps/tasks/js/tasks.js b/apps/tasks/js/tasks.js index 60d2a523be1..d1e3a9969b4 100644 --- a/apps/tasks/js/tasks.js +++ b/apps/tasks/js/tasks.js @@ -440,7 +440,7 @@ $(document).ready(function(){ $('#tasks_delete').live('click',function(){ var id = $('#task_details').data('id'); - $.getJSON('ajax/delete.php',{'id':id},function(jsondata){ + $.post('ajax/delete.php',{'id':id},function(jsondata){ if(jsondata.status == 'success'){ $('#tasks [data-id="'+jsondata.data.id+'"]').remove(); $('#task_details').data('id',''); @@ -455,7 +455,7 @@ $(document).ready(function(){ $('#tasks_addtask').click(function(){ var input = $('#tasks_newtask').val(); - $.getJSON(OC.filePath('tasks', 'ajax', 'addtask.php'),{text:input},function(jsondata){ + $.post(OC.filePath('tasks', 'ajax', 'addtask.php'),{text:input},function(jsondata){ if(jsondata.status == 'success'){ $('#tasks_list').append(OC.Tasks.create_task_div(jsondata.task)); } diff --git a/config/config.sample.php b/config/config.sample.php index 0c0ace521ec..bb13b1f8ea3 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -74,6 +74,9 @@ $CONFIG = array( /* Check 3rdparty apps for malicious code fragments */ "appcodechecker" => "", +/* Check if ownCloud is up to date */ +"updatechecker" => true, + /* Place to log to, can be owncloud and syslog (owncloud is log menu item in admin menu) */ "log_type" => "owncloud", diff --git a/core/js/multiselect.js b/core/js/multiselect.js index 541dddf0f70..5f339006d26 100644 --- a/core/js/multiselect.js +++ b/core/js/multiselect.js @@ -57,8 +57,11 @@ element=$(element); var item=element.val(); var id='ms'+multiSelectId+'-option-'+item; - var input=$('<input id="'+id+'" type="checkbox"/>'); - var label=$('<label for="'+id+'">'+item+'</label>'); + var input=$('<input type="checkbox"/>'); + input.attr('id',id); + var label=$('<label/>'); + label.attr('for',id); + label.text(item); if(settings.checked.indexOf(item)!=-1 || checked){ input.attr('checked',true); } @@ -130,7 +133,10 @@ li.text('+ '+settings.createText); li.before(createItem(this)); var select=button.parent().next(); - select.append($('<option selected="selected" value="'+$(this).val()+'">'+$(this).val()+'</option>')); + var option=$('<option selected="selected"/>'); + option.attr('value',$(this).val()); + option.text($(this).val()); + select.append(optione); li.prev().children('input').trigger('click'); button.parent().data('preventHide',false); if(settings.createCallback){ diff --git a/db_structure.xml b/db_structure.xml index d29dcb46f8c..94567b4d539 100644 --- a/db_structure.xml +++ b/db_structure.xml @@ -432,10 +432,8 @@ <field> <name>configvalue</name> - <type>text</type> - <default></default> + <type>clob</type> <notnull>true</notnull> - <length>255</length> </field> </declaration> diff --git a/index.php b/index.php index d552c149df8..07f8436720d 100755 --- a/index.php +++ b/index.php @@ -69,10 +69,10 @@ elseif(OC_User::isLoggedIn()) { // For all others cases, we display the guest page : } else { - OC_App::loadApps(); $error = false; // remember was checked after last login if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) { + OC_App::loadApps(array('authentication')); if(defined("DEBUG") && DEBUG) { OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG); } @@ -88,6 +88,7 @@ elseif(OC_User::isLoggedIn()) { // Someone wants to log in : } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) { + OC_App::loadApps(); if(OC_User::login($_POST["user"], $_POST["password"])) { if(!empty($_POST["remember_login"])){ if(defined("DEBUG") && DEBUG) { @@ -107,6 +108,7 @@ elseif(OC_User::isLoggedIn()) { // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP } elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){ + OC_App::loadApps(array('authentication')); if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); OC_User::unsetMagicInCookie(); diff --git a/lib/base.php b/lib/base.php index d86a39966ee..f85710ddfcf 100644 --- a/lib/base.php +++ b/lib/base.php @@ -124,7 +124,7 @@ class OC{ // calculate the documentroot $DOCUMENTROOT=realpath($_SERVER['DOCUMENT_ROOT']); OC::$SERVERROOT=str_replace("\\",'/',substr(__FILE__,0,-13)); - OC::$SUBURI=substr(realpath($_SERVER["SCRIPT_FILENAME"]),strlen(OC::$SERVERROOT)); + OC::$SUBURI= str_replace("\\","/",substr(realpath($_SERVER["SCRIPT_FILENAME"]),strlen(OC::$SERVERROOT))); $scriptName=$_SERVER["SCRIPT_NAME"]; if(substr($scriptName,-1)=='/'){ $scriptName.='index.php'; diff --git a/lib/filesystem.php b/lib/filesystem.php index 337b0f1464b..454bb1aa81a 100644 --- a/lib/filesystem.php +++ b/lib/filesystem.php @@ -344,6 +344,20 @@ class OC_Filesystem{ } /** + * return path to file which reflects one visible in browser + * @param string path + * @return string + */ + static public function getLocalPath($path) { + $datadir = \OCP\Config::getSystemValue('datadirectory').'/'.\OC_User::getUser().'/files'; + $newpath = $path; + if (strncmp($newpath, $datadir, strlen($datadir)) == 0) { + $newpath = substr($path, strlen($datadir)); + } + return $newpath; + } + + /** * check if the requested path is valid * @param string path * @return bool diff --git a/lib/filesystemview.php b/lib/filesystemview.php index 6e34257a460..58657671b98 100644 --- a/lib/filesystemview.php +++ b/lib/filesystemview.php @@ -91,6 +91,23 @@ class OC_FilesystemView { } return $this->internal_path_cache[$path]; } + + /** + * get path relative to the root of the view + * @param string path + * @return string + */ + public function getRelativePath($path){ + if($this->fakeRoot==''){ + return $path; + } + if(strpos($path,$this->fakeRoot)!==0){ + return null; + }else{ + return substr($path,strlen($this->fakeRoot)); + } + } + /** * get the storage object for a path * @param string path @@ -232,7 +249,14 @@ class OC_FilesystemView { return $this->basicOperation('unlink',$path,array('delete')); } public function rename($path1,$path2){ - if(OC_FileProxy::runPreProxies('rename',$path1,$path2) and OC_Filesystem::isValidPath($path2)){ + $absolutePath1=$this->getAbsolutePath($path1); + $absolutePath2=$this->getAbsolutePath($path2); + if(OC_FileProxy::runPreProxies('rename',$absolutePath1,$absolutePath2) and OC_Filesystem::isValidPath($path2)){ + $path1=$this->getRelativePath($absolutePath1); + $path2=$this->getRelativePath($absolutePath2); + if($path1==null or $path2==null){ + return false; + } $run=true; OC_Hook::emit( OC_Filesystem::CLASSNAME, OC_Filesystem::signal_rename, array( OC_Filesystem::signal_param_oldpath => $path1 , OC_Filesystem::signal_param_newpath=>$path2, OC_Filesystem::signal_param_run => &$run)); if($run){ @@ -256,7 +280,14 @@ class OC_FilesystemView { } } public function copy($path1,$path2){ - if(OC_FileProxy::runPreProxies('copy',$path1,$path2) and $this->is_readable($path1) and OC_Filesystem::isValidPath($path2)){ + $absolutePath1=$this->getAbsolutePath($path1); + $absolutePath2=$this->getAbsolutePath($path2); + if(OC_FileProxy::runPreProxies('copy',$absolutePath1,$absolutePath2) and OC_Filesystem::isValidPath($path2)){ + $path1=$this->getRelativePath($absolutePath1); + $path2=$this->getRelativePath($absolutePath2); + if($path1==null or $path2==null){ + return false; + } $run=true; OC_Hook::emit( OC_Filesystem::CLASSNAME, OC_Filesystem::signal_copy, array( OC_Filesystem::signal_param_oldpath => $path1 , OC_Filesystem::signal_param_newpath=>$path2, OC_Filesystem::signal_param_run => &$run)); $exists=$this->file_exists($path2); @@ -375,7 +406,12 @@ class OC_FilesystemView { * OC_Filestorage for delegation to a storage backend for execution */ private function basicOperation($operation,$path,$hooks=array(),$extraParam=null){ - if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and OC_Filesystem::isValidPath($path)){ + $absolutePath=$this->getAbsolutePath($path); + if(OC_FileProxy::runPreProxies($operation,$absolutePath, $extraParam) and OC_Filesystem::isValidPath($path)){ + $path=$this->getRelativePath($absolutePath); + if($path==null){ + return false; + } $internalPath=$this->getInternalPath($path); $run=true; if(OC_Filesystem::$loaded and $this->fakeRoot==OC_Filesystem::getRoot()){ @@ -393,7 +429,7 @@ class OC_FilesystemView { }else{ $result=$storage->$operation($internalPath); } - $result=OC_FileProxy::runPostProxies($operation,$path,$result); + $result=OC_FileProxy::runPostProxies($operation,$this->getAbsolutePath($path),$result); if(OC_Filesystem::$loaded and $this->fakeRoot==OC_Filesystem::getRoot()){ if($operation!='fopen'){//no post hooks for fopen, the file stream is still open foreach($hooks as $hook){ diff --git a/lib/image.php b/lib/image.php index af61f9424e9..e5c59bacdc5 100644 --- a/lib/image.php +++ b/lib/image.php @@ -407,7 +407,9 @@ class OC_Image { break; */ default: - $this->resource = imagecreatefromstring(file_get_contents($imagepath)); + + // this is mostly file created from encrypted file + $this->resource = imagecreatefromstring(\OC_Filesystem::file_get_contents(\OC_Filesystem::getLocalPath($imagepath))); $itype = IMAGETYPE_PNG; OC_Log::write('core','OC_Image->loadFromFile, Default', OC_Log::DEBUG); break; diff --git a/lib/ocsclient.php b/lib/ocsclient.php index 8e976171e93..2888569ad13 100644 --- a/lib/ocsclient.php +++ b/lib/ocsclient.php @@ -85,7 +85,7 @@ class OC_OCSClient{ * * This function returns a list of all the applications on the OCS server */ - public static function getApplications($categories){ + public static function getApplications($categories,$page){ if(OC_Config::getValue('appstoreenabled', true)==false){ return(array()); } @@ -95,7 +95,7 @@ class OC_OCSClient{ }else{ $categoriesstring=$categories; } - $url=OC_OCSClient::getAppStoreURL().'/content/data?categories='.urlencode($categoriesstring).'&sortmode=new&page=0&pagesize=10'; + $url=OC_OCSClient::getAppStoreURL().'/content/data?categories='.urlencode($categoriesstring).'&sortmode=new&page='.urlencode($page).'&pagesize=100'; $apps=array(); $xml=@file_get_contents($url); if($xml==FALSE){ diff --git a/lib/public/util.php b/lib/public/util.php index 9b499574da1..995161e2abe 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -248,6 +248,26 @@ class Util { } + /** + * Register an get/post call. This is important to prevent CSRF attacks + * TODO: write example + */ + public static function callRegister(){ + return(\OC_Util::callRegister()); + } + + + /** + * Check an ajax get/post call if the request token is valid. exit if not. + * Todo: Write howto + */ + public static function callCheck(){ + return(\OC_Util::callCheck()); + } + + + + } ?> diff --git a/lib/updater.php b/lib/updater.php index bc5ee00b6a3..5d97178c30e 100644 --- a/lib/updater.php +++ b/lib/updater.php @@ -30,11 +30,12 @@ class OC_Updater{ */ public static function check(){ OC_Appconfig::setValue('core', 'lastupdatedat',microtime(true)); + if(OC_Appconfig::getValue('core', 'installedat','')=='') OC_Appconfig::setValue('core', 'installedat',microtime(true)); $updaterurl='http://apps.owncloud.com/updater.php'; $version=OC_Util::getVersion(); - $version['installed']=OC_Config::getValue('installedat'); - $version['updated']=OC_Appconfig::getValue('core', 'lastupdatedat', OC_Config::getValue( 'lastupdatedat')); + $version['installed']=OC_Appconfig::getValue('core', 'installedat'); + $version['updated']=OC_Appconfig::getValue('core', 'lastupdatedat'); $version['updatechannel']='stable'; $version['edition']=OC_Util::getEditionString(); $versionstring=implode('x',$version); @@ -57,11 +58,15 @@ class OC_Updater{ } public static function ShowUpdatingHint(){ - $data=OC_Updater::check(); - if(isset($data['version']) and $data['version']<>'') { - $txt='<span style="color:#AA0000; font-weight:bold;">'.$data['versionstring'].' is available. Get <a href="'.$data['web'].'">more information</a></span>'; + if(OC_Config::getValue('updatechecker', true)==true){ + $data=OC_Updater::check(); + if(isset($data['version']) and $data['version']<>'') { + $txt='<span style="color:#AA0000; font-weight:bold;">'.$data['versionstring'].' is available. Get <a href="'.$data['web'].'">more information</a></span>'; + }else{ + $txt='up to date'; + } }else{ - $txt='up to date'; + $txt='updates check is disabled'; } return($txt); } diff --git a/lib/util.php b/lib/util.php index 20888fa71f4..53096f029a2 100644 --- a/lib/util.php +++ b/lib/util.php @@ -83,7 +83,7 @@ class OC_Util { * @return array */ public static function getVersion(){ - return array(4,80,0); + return array(4,80,1); } /** @@ -343,4 +343,60 @@ class OC_Util { } return $id; } + + /** + * Register an get/post call. This is important to prevent CSRF attacks + * Todo: Write howto + */ + public static function callRegister(){ + // generate a random token. + $token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000); + + // store the token together with a timestamp in the session. + $_SESSION['requesttoken-'.$token]=time(); + + // return the token + return($token); + } + + + /** + * Check an ajax get/post call if the request token is valid. exit if not. + * Todo: Write howto + */ + public static function callCheck(){ + //mamimum time before token exires + $maxtime=(60*60); // 1 hour + + // searches in the get and post arrays for the token. + if(isset($_GET['requesttoken'])) { + $token=$_GET['requesttoken']; + }elseif(isset($_POST['requesttoken'])){ + $token=$_POST['requesttoken']; + }else{ + //no token found. exiting + exit; + } + + // check if the token is in the user session and if the timestamp is from the last hour. + if(isset($_SESSION['requesttoken-'.$token])) { + $timestamp=$_SESSION['requesttoken-'.$token]; + if($timestamp+$maxtime<time){ + //token exired. exiting + exit; + + }else{ + //token valid + return; + } + }else{ + //no token found. exiting + exit; + } + } + + + + + } diff --git a/remote.php b/remote.php index 7131dfc9407..b1be50f36a7 100644 --- a/remote.php +++ b/remote.php @@ -7,13 +7,17 @@ if (array_key_exists('PATH_INFO', $_SERVER)){ }else{ $path_info = substr($_SERVER['PHP_SELF'], strpos($_SERVER['PHP_SELF'], basename(__FILE__)) + strlen(basename(__FILE__))); } +if ($path_info === false) { + OC_Response::setStatus(OC_Response::STATUS_NOT_FOUND); + exit; +} if (!$pos = strpos($path_info, '/', 1)) { $pos = strlen($path_info); } $service=substr($path_info, 1, $pos-1); $file = OC_AppConfig::getValue('core', 'remote_' . $service); if(is_null($file)){ - header('HTTP/1.0 404 Not Found'); + OC_Response::setStatus(OC_Response::STATUS_NOT_FOUND); exit; } @@ -22,4 +26,4 @@ $app=$parts[2]; OC_App::loadApp($app); $baseuri = OC::$WEBROOT . '/remote.php/'.$service.'/'; -require_once(OC::$APPSROOT . $file);
\ No newline at end of file +require_once(OC::$APPSROOT . $file); diff --git a/settings/apps.php b/settings/apps.php index 1a829d371a6..7908e6cc18b 100644 --- a/settings/apps.php +++ b/settings/apps.php @@ -63,7 +63,8 @@ usort($apps, 'app_sort'); $catagoryNames=OC_OCSClient::getCategories(); if(is_array($catagoryNames)){ $categories=array_keys($catagoryNames); - $externalApps=OC_OCSClient::getApplications($categories); + $page=0; + $externalApps=OC_OCSClient::getApplications($categories,$page); foreach($externalApps as $app){ // show only external apps that are not exist yet $local=false; |