Merge git://gitorious.org/owncloud/owncloud into oc_image

4 files changed, 25 insertions, 22 deletions

diff --git a/core/js/setup.js b/core/js/setup.js
index b765d41ba35..94097785e42 100644
--- a/core/js/setup.js
+++ b/core/js/setup.js
@@ -7,7 +7,9 @@ $(document).ready(function() {
 		$('#dbhost').hide();
 		$('#dbhostlabel').hide();
 	}
-
+	$('#adminlogin').change(function(){
+		$('#adminlogin').val($.trim($('#adminlogin').val()));
+	});
 	$('#sqlite').click(function() {
 		$('#use_other_db').slideUp(250);
 		$('#dbhost').hide(250);
diff --git a/lib/filesystem.php b/lib/filesystem.php
index 1205a6aa51b..627f494c937 100644
--- a/lib/filesystem.php
+++ b/lib/filesystem.php
@@ -199,11 +199,26 @@ class OC_Filesystem{
 	*/
 	static public function getLocalFile($path){
 		$parent=substr($path,0,strrpos($path,'/'));
-		if(self::is_readable($parent) and $storage=self::getStorage($path)){
+		if(self::isValidPath($parent) and $storage=self::getStorage($path)){
 			return $storage->getLocalFile(self::getInternalPath($path));
 		}
 	}
 	
+	/**
+	 * check if the requested path is valid
+	 * @param string path
+	 * @return bool
+	 */
+	static public function isValidPath($path){
+		if(substr($path,0,1)!=='/'){
+			$path='/'.$path;
+		}
+		if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){
+			return false;
+		}
+		return true;
+	}
+	
 	static public function mkdir($path){
 		return self::basicOperation('mkdir',$path,array('create','write'));
 	}
@@ -238,24 +253,10 @@ class OC_Filesystem{
 		return self::basicOperation('readfile',$path,array('read'));
 	}
 	static public function is_readable($path){
-		if(substr($path,0,1)!=='/'){
-			$path='/'.$path;
-		}
-		if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){
-			return false;
-		}
-		$storage=self::getStorage($path);
-		return $storage->is_readable(self::getInternalPath($path));
+		return self::basicOperation('is_readable',$path);
 	}
 	static public function is_writeable($path){
-		if(substr($path,0,1)!=='/'){
-			$path='/'.$path;
-		}
-		if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){
-			return false;
-		}
-		$storage=self::getStorage($path);
-		return $storage->is_writeable(self::getInternalPath($path));
+		return self::basicOperation('is_writeable',$path);
 	}
 	static public function file_exists($path){
 		if($path=='/'){
@@ -358,7 +359,7 @@ class OC_Filesystem{
 		return self::basicOperation('fopen',$path,$hooks,$mode);
 	}
 	static public function toTmpFile($path){
-		if(OC_FileProxy::runPreProxies('toTmpFile',$path) and self::is_readable($path) and $storage=self::getStorage($path)){
+		if(OC_FileProxy::runPreProxies('toTmpFile',$path) and self::isValidPath($path) and $storage=self::getStorage($path)){
 			OC_Hook::emit( 'OC_Filesystem', 'read', array( 'path' => $path));
 			return $storage->toTmpFile(self::getInternalPath($path));
 		}
@@ -447,7 +448,7 @@ class OC_Filesystem{
 	 * @return mixed
 	 */
 	private static function basicOperation($operation,$path,$hooks=array(),$extraParam=null){
-		if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and self::is_readable($path) and $storage=self::getStorage($path)){
+		if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and self::isValidPath($path) and $storage=self::getStorage($path)){
 			$interalPath=self::getInternalPath($path);
 			$run=true;
 			foreach($hooks as $hook){
diff --git a/lib/user.php b/lib/user.php
index 241d9aa8b10..0a5881ec0f8 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -120,7 +120,7 @@ class OC_User {
 			return false;
 		}
 		// No empty username
-		if( !$uid ){
+		if(trim($uid) == ''){
 			return false;
 		}
 		// Check if user already exists
diff --git a/settings/js/users.js b/settings/js/users.js
index 4fea52e4a1f..79b4e80870a 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -126,7 +126,7 @@ $(document).ready(function(){
 	$('#newuser').submit(function(event){
 		event.preventDefault();
 		var username=$('#newusername').val();
-		if(username == '') {
+		if($.trim(username) == '') {
 			alert('Please provide a username!');
 			return false;
 		}