merge master into webdav-injection

15 files changed, 224 insertions, 266 deletions

diff --git a/apps/files_encryption/appinfo/info.xml b/apps/files_encryption/appinfo/info.xml
index ab47de828b9..15a09a29f51 100644
--- a/apps/files_encryption/appinfo/info.xml
+++ b/apps/files_encryption/appinfo/info.xml
@@ -2,7 +2,7 @@
 <info>
 	<id>files_encryption</id>
 	<name>Encryption</name>
-	<description>The ownCloud files encryption system provides server side-encryption. After the app was enabled you need to re-login to initialize your encryption keys. Please note that server side encryption requires that the ownCloud server admin can be trusted. The main purpose of this app is the encryption of files that are stored on externally mounted storages.</description>
+	<description>The ownCloud files encryption system provides server side-encryption. After the app is enabled you need to re-login to initialize your encryption keys. Please note that server side encryption requires that the ownCloud server admin can be trusted. The main purpose of this app is the encryption of files that are stored on externally mounted storages.</description>
 	<licence>AGPL</licence>
 	<author>Sam Tuke, Bjoern Schiessle, Florin Peter</author>
 	<require>4</require>
diff --git a/apps/files_encryption/l10n/ast.php b/apps/files_encryption/l10n/ast.php
new file mode 100644
index 00000000000..7e08e073095
--- /dev/null
+++ b/apps/files_encryption/l10n/ast.php
@@ -0,0 +1,13 @@
+<?php
+$TRANSLATIONS = array(
+"Password successfully changed." => "Contraseña camudada esitosamente.",
+"Could not change the password. Maybe the old password was not correct." => "Nun pue camudase la contraseña. Quiciabes la contraseña vieya nun fore correuta.",
+"personal settings" => "axustes personales",
+"Encryption" => "Cifráu",
+"Enabled" => "Habilitáu",
+"Disabled" => "Deshabilitáu",
+"Change Password" => "Camudar conseña",
+" If you don't remember your old password you can ask your administrator to recover your files." => "Si nun recuerdes la to contraseña vieya pues entrugar al to alministrador pa recuperar los tos ficheros.",
+"Could not update file recovery" => "Nun pue anovase'l ficheru de recuperación"
+);
+$PLURAL_FORMS = "nplurals=2; plural=(n != 1);";
diff --git a/apps/files_encryption/l10n/el.php b/apps/files_encryption/l10n/el.php
index ad8617bc6d2..972d7d7138c 100644
--- a/apps/files_encryption/l10n/el.php
+++ b/apps/files_encryption/l10n/el.php
@@ -16,6 +16,7 @@ $TRANSLATIONS = array(
 "Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled." => "Παρακαλώ επιβεβαιώστε ότι η PHP 5.3.3  ή νεότερη είναι εγκατεστημένη  και ότι το  OpenSSL μαζί με το PHP extension είναι ενεργοποιήμένο και έχει ρυθμιστεί σωστά. Προς το παρόν, η εφαρμογή κρυπτογράφησης είναι απενεργοποιημένη.",
 "Following users are not set up for encryption:" => "Οι κάτωθι χρήστες δεν έχουν ρυθμιστεί για κρυπογράφηση:",
 "Initial encryption started... This can take some time. Please wait." => "Η αρχική κρυπτογράφηση άρχισε... Αυτό μπορεί να πάρει κάποια ώρα. Παρακαλώ περιμένετε.",
+"Initial encryption running... Please try again later." => "Εκτέλεση αρχικής κρυπτογράφησης... Παρακαλώ προσπαθήστε αργότερα.",
 "Go directly to your " => "Πηγαίνε απευθείας στο ",
 "personal settings" => "προσωπικές ρυθμίσεις",
 "Encryption" => "Κρυπτογράφηση",
diff --git a/apps/files_encryption/l10n/et_EE.php b/apps/files_encryption/l10n/et_EE.php
index dcf035289fa..f82f9df9279 100644
--- a/apps/files_encryption/l10n/et_EE.php
+++ b/apps/files_encryption/l10n/et_EE.php
@@ -16,6 +16,7 @@ $TRANSLATIONS = array(
 "Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled." => "Palun veendu, et on paigaldatud PHP 5.3.3 või uuem ning PHP OpenSSL laiendus on lubatud ning seadistatud korrektselt. Hetkel krüpteerimise rakendus on peatatud.",
 "Following users are not set up for encryption:" => "Järgmised kasutajad pole seadistatud krüpteeringuks:",
 "Initial encryption started... This can take some time. Please wait." => "Algne krüpteerimine käivitati... See võib võtta natuke aega. Palun oota.",
+"Initial encryption running... Please try again later." => "Toimub esmane krüpteerimine... Palun proovi hiljem uuesti.",
 "Go directly to your " => "Liigu otse oma",
 "personal settings" => "isiklikes seadetes",
 "Encryption" => "Krüpteerimine",
diff --git a/apps/files_encryption/l10n/hu_HU.php b/apps/files_encryption/l10n/hu_HU.php
index a80c8d6f36d..22c1fa989bd 100644
--- a/apps/files_encryption/l10n/hu_HU.php
+++ b/apps/files_encryption/l10n/hu_HU.php
@@ -16,6 +16,7 @@ $TRANSLATIONS = array(
 "Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled." => "Kérem gondoskodjon arról, hogy PHP 5.3.3 vagy annál frissebb legyen telepítve, továbbá az OpenSSL a megfelelő PHP-bővítménnyel együtt rendelkezésre álljon és helyesen legyen konfigurálva! A titkosító modul egyelőre kikapcsolásra került.",
 "Following users are not set up for encryption:" => "A következő felhasználók nem állították be a titkosítást:",
 "Initial encryption started... This can take some time. Please wait." => "A titkosítási folyamat megkezdődött... Ez hosszabb ideig is eltarthat. Kérem várjon.",
+"Initial encryption running... Please try again later." => "Kezedeti titkosítás fut... Próbálja később.",
 "Go directly to your " => "Ugrás ide:",
 "personal settings" => "személyes beállítások",
 "Encryption" => "Titkosítás",
diff --git a/apps/files_encryption/l10n/km.php b/apps/files_encryption/l10n/km.php
new file mode 100644
index 00000000000..0defe6c5388
--- /dev/null
+++ b/apps/files_encryption/l10n/km.php
@@ -0,0 +1,11 @@
+<?php
+$TRANSLATIONS = array(
+"Password successfully changed." => "បាន​ប្ដូរ​ពាក្យ​សម្ងាត់​ដោយ​ជោគជ័យ។",
+"Could not change the password. Maybe the old password was not correct." => "មិន​អាច​ប្ដូរ​ពាក្យ​សម្ងាត់​បាន​ទេ។ ប្រហែល​ពាក្យ​សម្ងាត់​ចាស់​មិន​ត្រឹម​ត្រូវ។",
+"personal settings" => "ការ​កំណត់​ផ្ទាល់​ខ្លួន",
+"Encryption" => "កូដនីយកម្ម",
+"Enabled" => "បាន​បើក",
+"Disabled" => "បាន​បិទ",
+"Change Password" => "ប្ដូរ​ពាក្យ​សម្ងាត់"
+);
+$PLURAL_FORMS = "nplurals=1; plural=0;";
diff --git a/apps/files_encryption/l10n/ru.php b/apps/files_encryption/l10n/ru.php
index bce245ce680..ba984868932 100644
--- a/apps/files_encryption/l10n/ru.php
+++ b/apps/files_encryption/l10n/ru.php
@@ -16,6 +16,7 @@ $TRANSLATIONS = array(
 "Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled." => "Пожалуйста, убедитесь, что версия PHP 5.3.3 или новее, а также, что OpenSSL и соответствующее расширение PHP включены и правильно настроены. На данный момент приложение шифрования отключено.",
 "Following users are not set up for encryption:" => "Для следующих пользователей шифрование не настроено:",
 "Initial encryption started... This can take some time. Please wait." => "Начато начальное шифрование... Это может занять какое-то время. Пожалуйста, подождите.",
+"Initial encryption running... Please try again later." => "Работает первоначальное шифрование... Пожалуйста, повторите попытку позже.",
 "Go directly to your " => "Перейти прямо в",
 "personal settings" => "персональные настройки",
 "Encryption" => "Шифрование",
diff --git a/apps/files_encryption/l10n/sv.php b/apps/files_encryption/l10n/sv.php
index 90a9bd73a6f..b17740f2541 100644
--- a/apps/files_encryption/l10n/sv.php
+++ b/apps/files_encryption/l10n/sv.php
@@ -15,6 +15,8 @@ $TRANSLATIONS = array(
 "Missing requirements." => "Krav som saknas",
 "Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled." => "Kontrollera att PHP 5.3.3 eller senare är installerad och att tillägget OpenSSL PHP är aktiverad och korrekt konfigurerad. Kryptering är tillsvidare inaktiverad.",
 "Following users are not set up for encryption:" => "Följande användare har inte aktiverat kryptering:",
+"Initial encryption started... This can take some time. Please wait." => "Initiala krypteringen har påbörjats... Detta kan ta lite tid. Var god vänta.",
+"Initial encryption running... Please try again later." => "Initiala krypteringen körs... Var god försök igen senare.",
 "Go directly to your " => "Gå direkt till din",
 "personal settings" => "personliga inställningar",
 "Encryption" => "Kryptering",
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index caca13acece..a4f7bd35497 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -497,13 +497,13 @@ class Crypt {
 	}

 

 	/**

-	 * @brief Generate a pseudo random 1024kb ASCII key, used as file key

+	 * @brief Generate a pseudo random 256-bit ASCII key, used as file key

 	 * @returns $key Generated key

 	 */

 	public static function generateKey() {

 

 		// Generate key

-		if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) {

+		if ($key = base64_encode(openssl_random_pseudo_bytes(32, $strong))) {

 

 			if (!$strong) {

 

diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index bae1fded53d..ae2d8d63e23 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -3,9 +3,10 @@
 /**
  * ownCloud
  *
- * @author Sam Tuke, Robin Appelman
- * @copyright 2012 Sam Tuke samtuke@owncloud.com, Robin Appelman
- * icewind1991@gmail.com
+ * @author Bjoern Schiessle, Sam Tuke, Robin Appelman
+ * @copyright 2012 Sam Tuke <samtuke@owncloud.com>
+ *            2012 Robin Appelman <icewind1991@gmail.com>
+ *            2014 Bjoern Schiessle <schiessle@owncloud.com>
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@@ -36,37 +37,40 @@ namespace OCA\Encryption;
  */
 class Proxy extends \OC_FileProxy {
 
-	private static $blackList = null; //mimetypes blacklisted from encryption
 	private static $unencryptedSizes = array(); // remember unencrypted size
 	private static $fopenMode = array(); // remember the fopen mode
+	private static $enableEncryption = false; // Enable encryption for the given path
 
 	/**
 	 * Check if a file requires encryption
 	 * @param string $path
+	 * @param string $mode type of access
 	 * @return bool
 	 *
-	 * Tests if server side encryption is enabled, and file is allowed by blacklists
+	 * Tests if server side encryption is enabled, and if we should call the
+	 * crypt stream wrapper for the given file
 	 */
-	private static function shouldEncrypt($path) {
+	private static function shouldEncrypt($path, $mode = 'w') {
 
 		$userId = Helper::getUser($path);
 
-		if (\OCP\App::isEnabled('files_encryption') === false || Crypt::mode() !== 'server' ||
-				strpos($path, '/' . $userId . '/files') !== 0) {
+		// don't call the crypt stream wrapper, if...
+		if (
+				\OCP\App::isEnabled('files_encryption') === false // encryption is disabled
+				|| Crypt::mode() !== 'server'   // we are not in server-side-encryption mode
+				|| strpos($path, '/' . $userId . '/files') !== 0 // path is not in files/
+				|| substr($path, 0, 8) === 'crypt://' // we are already in crypt mode
+		) {
 			return false;
 		}
 
-		if (is_null(self::$blackList)) {
-			self::$blackList = explode(',', \OCP\Config::getAppValue('files_encryption', 'type_blacklist', ''));
-		}
-
-		if (Crypt::isCatfileContent($path)) {
-			return true;
-		}
-
-		$extension = substr($path, strrpos($path, '.') + 1);
+		$view = new \OC_FilesystemView('');
+		$util = new Util($view, $userId);
 
-		if (array_search($extension, self::$blackList) === false) {
+		// for write operation we always encrypt the files, for read operations
+		// we check if the existing file is encrypted or not decide if it needs to
+		// decrypt it.
+		if (($mode !== 'r' && $mode !== 'rb') || $util->isEncryptedPath($path)) {
 			return true;
 		}
 
@@ -128,6 +132,8 @@ class Proxy extends \OC_FileProxy {
 
 					// re-enable proxy - our work is done
 					\OC_FileProxy::$enabled = $proxyStatus;
+				} else {
+					return false;
 				}
 			}
 		}
@@ -205,22 +211,15 @@ class Proxy extends \OC_FileProxy {
 	}
 
 	/**
-	 * @param $path
-	 * @return bool
-	 */
-	public function postTouch($path) {
-		$this->handleFile($path);
-
-		return true;
-	}
-
-	/**
 	 * @brief remember initial fopen mode because sometimes it gets changed during the request
 	 * @param string $path path
 	 * @param string $mode type of access
 	 */
 	public function preFopen($path, $mode) {
+
 		self::$fopenMode[$path] = $mode;
+		self::$enableEncryption = self::shouldEncrypt($path, $mode);
+
 	}
 
 
@@ -233,26 +232,14 @@ class Proxy extends \OC_FileProxy {
 
 		$path = \OC\Files\Filesystem::normalizePath($path);
 
-		if (!$result) {
+		if (!$result || self::$enableEncryption === false) {
 
 			return $result;
 
 		}
 
-		// split the path parts
-		$pathParts = explode('/', $path);
-
-		// don't try to encrypt/decrypt cache chunks or files in the trash bin
-		if (isset($pathParts[2]) && ($pathParts[2] === 'cache' || $pathParts[2] === 'files_trashbin')) {
-			return $result;
-		}
-
-		// Disable encryption proxy to prevent recursive calls
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
 		// if we remember the mode from the pre proxy we re-use it
-		// oterwise we fall back to stream_get_meta_data()
+		// otherwise we fall back to stream_get_meta_data()
 		if (isset(self::$fopenMode[$path])) {
 			$mode = self::$fopenMode[$path];
 			unset(self::$fopenMode[$path]);
@@ -261,35 +248,12 @@ class Proxy extends \OC_FileProxy {
 			$mode = $meta['mode'];
 		}
 
-		$view = new \OC_FilesystemView('');
-
-		$userId = Helper::getUser($path);
-		$util = new Util($view, $userId);
-
-		// If file is already encrypted, decrypt using crypto protocol
-		if (
-			Crypt::mode() === 'server'
-			&& $util->isEncryptedPath($path)
-		) {
-
-			// Close the original encrypted file
-			fclose($result);
+		// Close the original encrypted file
+		fclose($result);
 
-			// Open the file using the crypto stream wrapper
-			// protocol and let it do the decryption work instead
-			$result = fopen('crypt://' . $path, $mode);
-
-		} elseif (
-				self::shouldEncrypt($path)
-				and $mode !== 'r'
-				and $mode !== 'rb'
-
-		) {
-			$result = fopen('crypt://' . $path, $mode);
-		}
-
-		// Re-enable the proxy
-		\OC_FileProxy::$enabled = $proxyStatus;
+		// Open the file using the crypto stream wrapper
+		// protocol and let it do the decryption work instead
+		$result = fopen('crypt://' . $path, $mode);
 
 		return $result;
 
@@ -402,39 +366,4 @@ class Proxy extends \OC_FileProxy {
 		return $size;
 	}
 
-	/**
-	 * @param $path
-	 */
-	public function handleFile($path) {
-
-		// Disable encryption proxy to prevent recursive calls
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		$view = new \OC_FilesystemView('/');
-		$session = new \OCA\Encryption\Session($view);
-		$userId = Helper::getUser($path);
-		$util = new Util($view, $userId);
-
-		// split the path parts
-		$pathParts = explode('/', $path);
-
-		// get relative path
-		$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
-
-		// only if file is on 'files' folder fix file size and sharing
-		if (isset($pathParts[2]) && $pathParts[2] === 'files' && $util->fixFileSize($path)) {
-
-			// get sharing app state
-			$sharingEnabled = \OCP\Share::isEnabled();
-
-			// get users
-			$usersSharing = $util->getSharingUsersArray($sharingEnabled, $relativePath);
-
-			// update sharing-keys
-			$util->setSharedFileKeyfiles($session, $usersSharing, $relativePath);
-		}
-
-		\OC_FileProxy::$enabled = $proxyStatus;
-	}
 }
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 58ac03373a7..df5de558867 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -545,7 +545,7 @@ class Stream {
 				$util = new Util($this->rootView, $this->userId);
 
 				// Get all users sharing the file includes current user
-				$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId);
+				$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath);
 				$checkedUserIds = $util->filterShareReadyUsers($uniqueUserIds);
 
 				// Fetch public keys for all sharing users
@@ -568,21 +568,25 @@ class Stream {
 			// part file.
 			$path = Helper::stripPartialFileExtension($this->rawPath);
 
-			// get file info
-			$fileInfo = $this->rootView->getFileInfo($path);
-			if ($fileInfo) {
-				// set encryption data
-				$fileInfo['encrypted'] = true;
-				$fileInfo['size'] = $this->size;
-				$fileInfo['unencrypted_size'] = $this->unencryptedSize;
+			$fileInfo = array(
+				'encrypted' => true,
+				'size' => $this->size,
+				'unencrypted_size' => $this->unencryptedSize,
+			);
 
-				// set fileinfo
-				$this->rootView->putFileInfo($path, $fileInfo);
-			}
+			// set fileinfo
+			$this->rootView->putFileInfo($path, $fileInfo);
+
+		}
 
+		$result = fclose($this->handle);
+
+		if ($result === false) {
+			\OCP\Util::writeLog('Encryption library', 'Could not close stream, file could be corrupted', \OCP\Util::FATAL);
 		}
 
-		return fclose($this->handle);
+		return $result;
+
 	}
 
 }
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 3db5a423478..b86815021a8 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -432,25 +432,28 @@ class Util {
 		$proxyStatus = \OC_FileProxy::$enabled;
 		\OC_FileProxy::$enabled = false;
 
-		// we only need 24 byte from the last chunk
 		$data = '';
-		$handle = $this->view->fopen($path, 'r');
-		if (is_resource($handle)) {
-			// suppress fseek warining, we handle the case that fseek doesn't
-			// work in the else branch
-			if (@fseek($handle, -24, SEEK_END) === 0) {
-				$data = fgets($handle);
-			} else {
-				// if fseek failed on the storage we create a local copy from the file
-				// and read this one
-				fclose($handle);
-				$localFile = $this->view->getLocalFile($path);
-				$handle = fopen($localFile, 'r');
-				if (is_resource($handle) && fseek($handle, -24, SEEK_END) === 0) {
+
+		// we only need 24 byte from the last chunk
+		if ($this->view->file_exists($path)) {
+			$handle = $this->view->fopen($path, 'r');
+			if (is_resource($handle)) {
+				// suppress fseek warining, we handle the case that fseek doesn't
+				// work in the else branch
+				if (@fseek($handle, -24, SEEK_END) === 0) {
 					$data = fgets($handle);
+				} else {
+					// if fseek failed on the storage we create a local copy from the file
+					// and read this one
+					fclose($handle);
+					$localFile = $this->view->getLocalFile($path);
+					$handle = fopen($localFile, 'r');
+					if (is_resource($handle) && fseek($handle, -24, SEEK_END) === 0) {
+						$data = fgets($handle);
+					}
 				}
+				fclose($handle);
 			}
-			fclose($handle);
 		}
 
 		// re-enable proxy
@@ -1124,8 +1127,9 @@ class Util {
 	 * @brief Find, sanitise and format users sharing a file
 	 * @note This wraps other methods into a portable bundle
 	 * @param boolean $sharingEnabled
+	 * @param string $filePath path relativ to current users files folder
 	 */
-	public function getSharingUsersArray($sharingEnabled, $filePath, $currentUserId = false) {
+	public function getSharingUsersArray($sharingEnabled, $filePath) {
 
 		$appConfig = \OC::$server->getAppConfig();
 
@@ -1144,12 +1148,14 @@ class Util {
 
 		$ownerPath = \OCA\Encryption\Helper::stripPartialFileExtension($ownerPath);
 
-		$userIds = array();
+		// always add owner to the list of users with access to the file
+		$userIds = array($owner);
+
 		if ($sharingEnabled) {
 
 			// Find out who, if anyone, is sharing the file
-			$result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true);
-			$userIds = $result['users'];
+			$result = \OCP\Share::getUsersSharingFile($ownerPath, $owner);
+			$userIds = \array_merge($userIds, $result['users']);
 			if ($result['public']) {
 				$userIds[] = $this->publicShareKeyId;
 			}
@@ -1165,11 +1171,6 @@ class Util {
 			$userIds[] = $recoveryKeyId;
 		}
 
-		// add current user if given
-		if ($currentUserId !== false) {
-			$userIds[] = $currentUserId;
-		}
-
 		// check if it is a group mount
 		if (\OCP\App::isEnabled("files_external")) {
 			$mount = \OC_Mount_Config::getSystemMountPoints();
diff --git a/apps/files_encryption/templates/settings-admin.php b/apps/files_encryption/templates/settings-admin.php
index 231a68b6a58..cf676c445ce 100644
--- a/apps/files_encryption/templates/settings-admin.php
+++ b/apps/files_encryption/templates/settings-admin.php
@@ -1,63 +1,60 @@
-<form id="encryption">
-	<fieldset class="personalblock">
+<form id="encryption" class="section">
+	<h2><?php p($l->t('Encryption')); ?></h2>
 
-		<h2><?php p($l->t('Encryption')); ?></h2>
+	<p>
+		<?php p($l->t("Enable recovery key (allow to recover users files in case of password loss):")); ?>
+		<br/>
+		<br/>
+		<input type="password" name="encryptionRecoveryPassword" id="encryptionRecoveryPassword"/>
+		<label for="recoveryPassword"><?php p($l->t("Recovery key password")); ?></label>
+		<br/>
+		<input type="password" name="encryptionRecoveryPassword" id="repeatEncryptionRecoveryPassword"/>
+		<label for="repeatEncryptionRecoveryPassword"><?php p($l->t("Repeat Recovery key password")); ?></label>
+		<br/>
+		<input
+			type='radio'
+			name='adminEnableRecovery'
+			value='1'
+			<?php echo($_["recoveryEnabled"] === '1' ? 'checked="checked"' : 'disabled'); ?> />
+		<?php p($l->t("Enabled")); ?>
+		<br/>
 
-		<p>
-			<?php p($l->t("Enable recovery key (allow to recover users files in case of password loss):")); ?>
-			<br/>
-			<br/>
-			<input type="password" name="encryptionRecoveryPassword" id="encryptionRecoveryPassword"/>
-			<label for="recoveryPassword"><?php p($l->t("Recovery key password")); ?></label>
-			<br/>
-			<input type="password" name="encryptionRecoveryPassword" id="repeatEncryptionRecoveryPassword"/>
-			<label for="repeatEncryptionRecoveryPassword"><?php p($l->t("Repeat Recovery key password")); ?></label>
-			<br/>
-			<input
-				type='radio'
-				name='adminEnableRecovery'
-				value='1'
-				<?php echo($_["recoveryEnabled"] === '1' ? 'checked="checked"' : 'disabled'); ?> />
-			<?php p($l->t("Enabled")); ?>
-			<br/>
+		<input
+			type='radio'
+			name='adminEnableRecovery'
+			value='0'
+			<?php echo($_["recoveryEnabled"] === '0' ? 'checked="checked"' : 'disabled'); ?> />
+		<?php p($l->t("Disabled")); ?>
+	</p>
+	<br/><br/>
 
-			<input
-				type='radio'
-				name='adminEnableRecovery'
-				value='0'
-				<?php echo($_["recoveryEnabled"] === '0' ? 'checked="checked"' : 'disabled'); ?> />
-			<?php p($l->t("Disabled")); ?>
-		</p>
+	<p name="changeRecoveryPasswordBlock" <?php if ($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
+		<strong><?php p($l->t("Change recovery key password:")); ?></strong>
 		<br/><br/>
-
-		<p name="changeRecoveryPasswordBlock" <?php if ($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
-			<strong><?php p($l->t("Change recovery key password:")); ?></strong>
-			<br/><br/>
-			<input
-				type="password"
-				name="changeRecoveryPassword"
-				id="oldEncryptionRecoveryPassword"
-			<label for="oldEncryptionRecoveryPassword"><?php p($l->t("Old Recovery key password")); ?></label>
-			<br/>
-			<br/>
-			<input
-				type="password"
-				name="changeRecoveryPassword"
-				id="newEncryptionRecoveryPassword"
-			<label for="newEncryptionRecoveryPassword"><?php p($l->t("New Recovery key password")); ?></label>
-			<br/>
-			<input
-				type="password"
-				name="changeRecoveryPassword"
-				id="repeatedNewEncryptionRecoveryPassword"
-			<label for="repeatEncryptionRecoveryPassword"><?php p($l->t("Repeat New Recovery key password")); ?></label>
-			<br/>
-			<button
-				type="button"
-				name="submitChangeRecoveryKey"
-				disabled><?php p($l->t("Change Password")); ?>
-			</button>
-			<span class="msg"></span>
-		</p>
-	</fieldset>
+		<input
+			type="password"
+			name="changeRecoveryPassword"
+			id="oldEncryptionRecoveryPassword"
+		<label for="oldEncryptionRecoveryPassword"><?php p($l->t("Old Recovery key password")); ?></label>
+		<br/>
+		<br/>
+		<input
+			type="password"
+			name="changeRecoveryPassword"
+			id="newEncryptionRecoveryPassword"
+		<label for="newEncryptionRecoveryPassword"><?php p($l->t("New Recovery key password")); ?></label>
+		<br/>
+		<input
+			type="password"
+			name="changeRecoveryPassword"
+			id="repeatedNewEncryptionRecoveryPassword"
+		<label for="repeatEncryptionRecoveryPassword"><?php p($l->t("Repeat New Recovery key password")); ?></label>
+		<br/>
+		<button
+			type="button"
+			name="submitChangeRecoveryKey"
+			disabled><?php p($l->t("Change Password")); ?>
+		</button>
+		<span class="msg"></span>
+	</p>
 </form>
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php
index 1b4239d82cd..8139ece1950 100644
--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@@ -1,66 +1,63 @@
-<form id="encryption">

-	<fieldset class="personalblock">

-		<h2><?php p( $l->t( 'Encryption' ) ); ?></h2>

+<form id="encryption" class="section">

+	<h2><?php p( $l->t( 'Encryption' ) ); ?></h2>

 

-		<?php if ( $_["initialized"] === '1' ): ?>

-			<p>

-				<a name="changePKPasswd" />

-				<label for="changePrivateKeyPasswd">

-					<?php p( $l->t( "Your private key password no longer match your log-in password:" ) ); ?>

-				</label>

-				<br />

-				<em><?php p( $l->t( "Set your old private key password to your current log-in password." ) ); ?>

-				<?php if (  $_["recoveryEnabledForUser"] ):

-						p( $l->t( " If you don't remember your old password you can ask your administrator to recover your files." ) );

-				endif; ?>

-				</em>

-				<br />

-				<input

-					type="password"

-					name="changePrivateKeyPassword"

-					id="oldPrivateKeyPassword" />

-				<label for="oldPrivateKeyPassword"><?php p($l->t( "Old log-in password" )); ?></label>

-				<br />

-				<input

-					type="password"

-					name="changePrivateKeyPassword"

-					id="newPrivateKeyPassword" />

-				<label for="newRecoveryPassword"><?php p($l->t( "Current log-in password" )); ?></label>

-				<br />

-				<button

-					type="button"

-					name="submitChangePrivateKeyPassword"

-					disabled><?php p($l->t( "Update Private Key Password" )); ?>

-				</button>

-				<span class="msg"></span>

-			</p>

-		<?php endif; ?>

-

-		<?php if ( $_["recoveryEnabled"] && $_["privateKeySet"] ): ?>

+	<?php if ( $_["initialized"] === '1' ): ?>

+		<p>

+			<a name="changePKPasswd" />

+			<label for="changePrivateKeyPasswd">

+				<?php p( $l->t( "Your private key password no longer match your log-in password:" ) ); ?>

+			</label>

+			<br />

+			<em><?php p( $l->t( "Set your old private key password to your current log-in password." ) ); ?>

+			<?php if (  $_["recoveryEnabledForUser"] ):

+					p( $l->t( " If you don't remember your old password you can ask your administrator to recover your files." ) );

+			endif; ?>

+			</em>

+			<br />

+			<input

+				type="password"

+				name="changePrivateKeyPassword"

+				id="oldPrivateKeyPassword" />

+			<label for="oldPrivateKeyPassword"><?php p($l->t( "Old log-in password" )); ?></label>

+			<br />

+			<input

+				type="password"

+				name="changePrivateKeyPassword"

+				id="newPrivateKeyPassword" />

+			<label for="newRecoveryPassword"><?php p($l->t( "Current log-in password" )); ?></label>

 			<br />

-			<p>

-				<label for="userEnableRecovery"><?php p( $l->t( "Enable password recovery:" ) ); ?></label>

-				<br />

-				<em><?php p( $l->t( "Enabling this option will allow you to reobtain access to your encrypted files in case of password loss" ) ); ?></em>

-				<br />

-				<input

-				type='radio'

-				name='userEnableRecovery'

-				value='1'

-				<?php echo ( $_["recoveryEnabledForUser"] == 1 ? 'checked="checked"' : '' ); ?> />

-				<?php p( $l->t( "Enabled" ) ); ?>

-				<br />

+			<button

+				type="button"

+				name="submitChangePrivateKeyPassword"

+				disabled><?php p($l->t( "Update Private Key Password" )); ?>

+			</button>

+			<span class="msg"></span>

+		</p>

+	<?php endif; ?>

 

-				<input

-				type='radio'

-				name='userEnableRecovery'

-				value='0'

-				<?php echo ( $_["recoveryEnabledForUser"] == 0 ? 'checked="checked"' : '' ); ?> />

-				<?php p( $l->t( "Disabled" ) ); ?>

-				<div id="recoveryEnabledSuccess"><?php p( $l->t( 'File recovery settings updated' ) ); ?></div>

-				<div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div>

-			</p>

-		<?php endif; ?>

+	<?php if ( $_["recoveryEnabled"] && $_["privateKeySet"] ): ?>

+		<br />

+		<p>

+			<label for="userEnableRecovery"><?php p( $l->t( "Enable password recovery:" ) ); ?></label>

+			<br />

+			<em><?php p( $l->t( "Enabling this option will allow you to reobtain access to your encrypted files in case of password loss" ) ); ?></em>

+			<br />

+			<input

+			type='radio'

+			name='userEnableRecovery'

+			value='1'

+			<?php echo ( $_["recoveryEnabledForUser"] == 1 ? 'checked="checked"' : '' ); ?> />

+			<?php p( $l->t( "Enabled" ) ); ?>

+			<br />

 

-	</fieldset>

+			<input

+			type='radio'

+			name='userEnableRecovery'

+			value='0'

+			<?php echo ( $_["recoveryEnabledForUser"] == 0 ? 'checked="checked"' : '' ); ?> />

+			<?php p( $l->t( "Disabled" ) ); ?>

+			<div id="recoveryEnabledSuccess"><?php p( $l->t( 'File recovery settings updated' ) ); ?></div>

+			<div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div>

+		</p>

+	<?php endif; ?>

 </form>

diff --git a/apps/files_encryption/tests/share.php b/apps/files_encryption/tests/share.php
index be56968ac09..1f57d7cb635 100755
--- a/apps/files_encryption/tests/share.php
+++ b/apps/files_encryption/tests/share.php
@@ -100,11 +100,11 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase {
 
 		$this->filename = 'share-tmp.test';
 
-		// we don't want to tests with app files_trashbin enabled
-		\OC_App::disable('files_trashbin');
-
 		// remember files_trashbin state
 		$this->stateFilesTrashbin = OC_App::isEnabled('files_trashbin');
+
+		// we don't want to tests with app files_trashbin enabled
+		\OC_App::disable('files_trashbin');
 	}
 
 	function tearDown() {