Fix password authentication for links and fix template problems for links by creating a new base layout

6 files changed, 69 insertions, 14 deletions

diff --git a/apps/files_sharing/css/public.css b/apps/files_sharing/css/public.css
index aa76c06175b..f38afae3dd8 100644
--- a/apps/files_sharing/css/public.css
+++ b/apps/files_sharing/css/public.css
@@ -1,2 +1,7 @@
-#content { position:relative; }
-#preview p { text-align: center; }
\ No newline at end of file
+body { background:#ddd; }
+#header { position:fixed; top:0; left:0; right:0; z-index:100; height:2.5em; line-height:2.5em; padding:.5em; background:#1d2d44; -moz-box-shadow:0 0 10px rgba(0, 0, 0, .5), inset 0 -2px 10px #222; -webkit-box-shadow:0 0 10px rgba(0, 0, 0, .5), inset 0 -2px 10px #222; box-shadow:0 0 10px rgba(0, 0, 0, .5), inset 0 -2px 10px #222; }
+#details { color:#fff; }
+#download { margin-left:2em; font-weight:bold; color:#fff; }
+#preview { min-height:30em; margin:50px auto; border-bottom:1px solid #f8f8f8; background:#eee; text-align:center; }
+p.info { width:22em; text-align: center; margin:2em auto; color:#777; text-shadow:#fff 0 1px 0; }
+p.info a { font-weight:bold; color:#777; }
\ No newline at end of file
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 15dac576d98..a4bf0230a3a 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -5,6 +5,7 @@ if (isset($_GET['file'])) {
 	$pos = strpos($_GET['file'], '/', 1);
 	$uidOwner = substr($_GET['file'], 1, $pos - 1);
 	if (OCP\User::userExists($uidOwner)) {
+		OC_Util::tearDownFS();
 		OC_Util::setupFS($uidOwner);
 		$file = substr($_GET['file'], $pos);
 		$fileSource = OC_Filecache::getId($_GET['file'], '');
@@ -18,14 +19,19 @@ if (isset($_GET['file'])) {
 					$hasher = new PasswordHash(8, $forcePortable);
 					if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash))) {
 						$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
+						$tmpl->assign('URL', OCP\Util::linkToPublic('files').'&file='.$_GET['file']);
 						$tmpl->assign('error', true);
 						$tmpl->printPage();
 						exit();
+					} else {
+						// Save item id in session for future requests
+						$_SESSION['public_link_authenticated'] = $linkItem['id'];
 					}
-					// Continue on if password is valid
-				} else {
+				// Check if item id is set in session
+				} else if (!isset($_SESSION['public_link_authenticated']) || $_SESSION['public_link_authenticated'] !== $linkItem['id']) {
 					// Prompt for password
 					$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
+					$tmpl->assign('URL', OCP\Util::linkToPublic('files').'&file='.$_GET['file']);
 					$tmpl->printPage();
 					exit();
 				}
@@ -45,7 +51,8 @@ if (isset($_GET['file'])) {
 				OCP\Util::addStyle('files_sharing', 'public');
 				OCP\Util::addScript('files_sharing', 'public');
 				OCP\Util::addScript('files', 'fileactions');
-				$tmpl = new OCP\Template('files_sharing', 'public', 'guest');
+				$tmpl = new OCP\Template('files_sharing', 'public', 'base');
+				$tmpl->assign('details', $uidOwner.' shared the file '.basename($path).' with you');
 				$tmpl->assign('owner', $uidOwner);
 				$tmpl->assign('name', basename($path));
 				// Show file list
diff --git a/apps/files_sharing/templates/authenticate.php b/apps/files_sharing/templates/authenticate.php
index 41064d51464..9695caebf18 100644
--- a/apps/files_sharing/templates/authenticate.php
+++ b/apps/files_sharing/templates/authenticate.php
@@ -1,4 +1,4 @@
-<form action="index.php" method="post">
+<form action="<?php echo $_['URL']; ?>" method="post">
 	<fieldset>
 		<p>
 			<label for="password" class="infield"><?php echo $l->t('Password'); ?></label>
diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php
index 065818c2200..36e159dafee 100755
--- a/apps/files_sharing/templates/public.php
+++ b/apps/files_sharing/templates/public.php
@@ -2,12 +2,16 @@
 <input type="hidden" name="downloadURL" value="<?php echo $_['downloadURL'] ?>" id="downloadURL">
 <input type="hidden" name="filename" value="<?php echo $_['filename'] ?>" id="filename">
 <input type="hidden" name="mimetype" value="<?php echo $_['mimetype'] ?>" id="mimetype">
+<header><div id="header">
+	<a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg" src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a>
+	<div class="header-right">
+		<span id="details"><?php echo $_['details']; ?></span>
+		<a href="<?php echo $_['downloadURL']; ?>" id="download"><img class="svg" alt="Download" src="<?php echo OCP\image_path("core", "actions/download.svg"); ?>" /><?php echo $l->t('Download')?></a>
+	</div>
+</div></header>
 <div id="preview">
-	<p><?php echo $_['owner']; ?> shared the file <?php echo $_['name'] ?> with you</p>
-</div>
-<div id="content">
 	<?php if (substr($_['mimetype'], 0 , strpos($_['mimetype'], '/')) == 'image'): ?>
 		<img src="<?php echo $_['downloadURL']; ?>" />
 	<?php endif; ?>
 </div>
-<a href="<?php echo $_['downloadURL']; ?>">Download</a>
\ No newline at end of file
+<footer><p class="info"><a href="http://owncloud.org/">ownCloud</a> &ndash; <?php echo $l->t('web services under your control'); ?></p></footer>
\ No newline at end of file
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
new file mode 100644
index 00000000000..bfd23a9ce97
--- /dev/null
+++ b/core/templates/layout.base.php
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<title>ownCloud</title>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+		<link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" /><link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
+		<?php if (!empty(OC_Util::$core_styles)): ?>
+			<link rel="stylesheet" href="<?php echo OC_Helper::linkToRemote('core.css', false) ?>" type="text/css" media="screen" />
+		<?php endif ?>
+		<?php foreach ($_['cssfiles'] as $cssfile): ?>
+			<link rel="stylesheet" href="<?php echo $cssfile; ?>" type="text/css" media="screen" />
+		<?php endforeach; ?>
+		<script type="text/javascript">
+			var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
+			var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
+		</script>
+		<?php if (!empty(OC_Util::$core_scripts)): ?>
+			<script type="text/javascript" src="<?php echo OC_Helper::linkToRemote('core.js', false) ?>"></script>
+		<?php endif ?>
+		<?php foreach ($_['jsfiles'] as $jsfile): ?>
+			<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
+		<?php endforeach; ?>
+		<?php foreach ($_['headers'] as $header): ?>
+			<?php
+				echo '<'.$header['tag'].' ';
+				foreach ($header['attributes'] as $name => $value) {
+					echo "$name='$value' ";
+				};
+				echo '/>';
+			?>
+		<?php endforeach; ?>
+	</head>
+
+	<body>
+		<?php echo $_['content']; ?>
+	</body>
+</html>
diff --git a/lib/templatelayout.php b/lib/templatelayout.php
index 588a7845997..18fd23aac95 100644
--- a/lib/templatelayout.php
+++ b/lib/templatelayout.php
@@ -29,14 +29,16 @@ class OC_TemplateLayout extends OC_Template {
 					break;
 				}
 			}
-		}else{
-			parent::__construct( 'core', 'layout.guest' );
+		} else if ($renderas == 'guest') {
+			parent::__construct('core', 'layout.guest');
+		} else {
+			parent::__construct('core', 'layout.base');
 		}
 
 		$apps_paths = array();
 		foreach(OC_App::getEnabledApps() as $app){
 			$apps_paths[$app] = OC_App::getAppWebPath($app);
-    }
+		}
 		$this->assign( 'apps_paths', str_replace('\\/', '/',json_encode($apps_paths)),false ); // Ugly unescape slashes waiting for better solution
 
 		// Add the js files
@@ -63,7 +65,7 @@ class OC_TemplateLayout extends OC_Template {
 			foreach(OC::$APPSROOTS as $app_root) {
 				if($root == $app_root['path']) {
 					$in_root = true;
-          break;
+					break;
 				}
 			}