aboutsummaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorRobin Appelman <icewind@owncloud.com>2014-02-21 15:51:41 +0100
committerRobin Appelman <icewind@owncloud.com>2014-02-21 15:51:41 +0100
commitf1475671aba59e33442ca5f4121e49782eabe974 (patch)
tree33b049bac3cb2fcf86f7acfcc728e5fb6e2322e1 /apps
parentb060a17b59f7117a670f09550215cb005dd822bc (diff)
parentaa0bcf7ba45d004b0c0226fd07696f9f224f9c1c (diff)
downloadnextcloud-server-f1475671aba59e33442ca5f4121e49782eabe974.tar.gz
nextcloud-server-f1475671aba59e33442ca5f4121e49782eabe974.zip
Merge branch 'master' into extstorage-configclass
Diffstat (limited to 'apps')
-rw-r--r--apps/files/ajax/newfile.php14
-rw-r--r--apps/files/ajax/newfolder.php4
-rw-r--r--apps/files_external/ajax/addRootCertificate.php2
-rwxr-xr-xapps/files_external/lib/config.php6
-rw-r--r--apps/files_external/lib/webdav.php63
-rw-r--r--apps/files_external/tests/config.php6
-rw-r--r--apps/files_external/tests/webdav.php3
-rw-r--r--apps/user_ldap/lib/access.php11
-rw-r--r--apps/user_ldap/lib/helper.php6
-rw-r--r--apps/user_ldap/tests/access.php71
-rw-r--r--apps/user_ldap/tests/user_ldap.php101
-rw-r--r--apps/user_ldap/user_ldap.php3
12 files changed, 259 insertions, 31 deletions
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index 1853098c507..0187b200759 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -50,16 +50,22 @@ $l10n = \OC_L10n::get('files');
$result = array(
'success' => false,
'data' => NULL
- );
+);
+$trimmedFileName = trim($filename);
-if(trim($filename) === '') {
+if($trimmedFileName === '') {
$result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.'));
OCP\JSON::error($result);
exit();
}
+if($trimmedFileName === '.' || $trimmedFileName === '..') {
+ $result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName));
+ OCP\JSON::error($result);
+ exit();
+}
-if(strpos($filename, '/') !== false) {
- $result['data'] = array('message' => (string)$l10n->t('File name must not contain "/". Please choose a different name.'));
+if(!OCP\Util::isValidFileName($filename)) {
+ $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
OCP\JSON::error($result);
exit();
}
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index 4cfcae3090d..b2b4fb27f74 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -23,8 +23,8 @@ if(trim($foldername) === '') {
exit();
}
-if(strpos($foldername, '/') !== false) {
- $result['data'] = array('message' => $l10n->t('Folder name must not contain "/". Please choose a different name.'));
+if(!OCP\Util::isValidFileName($foldername)) {
+ $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
OCP\JSON::error($result);
exit();
}
diff --git a/apps/files_external/ajax/addRootCertificate.php b/apps/files_external/ajax/addRootCertificate.php
index ae349bfcd3a..fcd3a617ada 100644
--- a/apps/files_external/ajax/addRootCertificate.php
+++ b/apps/files_external/ajax/addRootCertificate.php
@@ -4,7 +4,7 @@ OCP\JSON::checkAppEnabled('files_external');
OCP\JSON::callCheck();
if ( ! ($filename = $_FILES['rootcert_import']['name']) ) {
- header("Location: settings/personal.php");
+ header('Location:' . OCP\Util::linkToRoute( "settings_personal" ));
exit;
}
diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php
index cd3e7f3a4a6..9a8b95c14c9 100755
--- a/apps/files_external/lib/config.php
+++ b/apps/files_external/lib/config.php
@@ -358,9 +358,8 @@ class OC_Mount_Config {
$phpFile = OC_User::getHome(OCP\User::getUser()).'/mount.php';
$jsonFile = OC_User::getHome(OCP\User::getUser()).'/mount.json';
} else {
- $datadir = \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data");
$phpFile = OC::$SERVERROOT.'/config/mount.php';
- $jsonFile = $datadir . '/mount.json';
+ $jsonFile = \OC_Config::getValue("mount_file", \OC::$SERVERROOT . "/data/mount.json");
}
if (is_file($jsonFile)) {
$mountPoints = json_decode(file_get_contents($jsonFile), true);
@@ -386,8 +385,7 @@ class OC_Mount_Config {
if ($isPersonal) {
$file = OC_User::getHome(OCP\User::getUser()).'/mount.json';
} else {
- $datadir = \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data");
- $file = $datadir . '/mount.json';
+ $file = \OC_Config::getValue("mount_file", \OC::$SERVERROOT . "/data/mount.json");
}
$content = json_encode($data);
@file_put_contents($file, $content);
diff --git a/apps/files_external/lib/webdav.php b/apps/files_external/lib/webdav.php
index 7611316a26a..9afe73aebd7 100644
--- a/apps/files_external/lib/webdav.php
+++ b/apps/files_external/lib/webdav.php
@@ -99,7 +99,9 @@ class DAV extends \OC\Files\Storage\Common{
public function rmdir($path) {
$this->init();
- $path=$this->cleanPath($path);
+ $path=$this->cleanPath($path) . '/';
+ // FIXME: some WebDAV impl return 403 when trying to DELETE
+ // a non-empty folder
return $this->simpleResponse('DELETE', $path, null, 204);
}
@@ -107,7 +109,7 @@ class DAV extends \OC\Files\Storage\Common{
$this->init();
$path=$this->cleanPath($path);
try {
- $response=$this->client->propfind($path, array(), 1);
+ $response=$this->client->propfind($this->encodePath($path), array(), 1);
$id=md5('webdav'.$this->root.$path);
$content = array();
$files=array_keys($response);
@@ -127,8 +129,11 @@ class DAV extends \OC\Files\Storage\Common{
$this->init();
$path=$this->cleanPath($path);
try {
- $response=$this->client->propfind($path, array('{DAV:}resourcetype'));
- $responseType=$response["{DAV:}resourcetype"]->resourceType;
+ $response=$this->client->propfind($this->encodePath($path), array('{DAV:}resourcetype'));
+ $responseType = array();
+ if (isset($response["{DAV:}resourcetype"])) {
+ $responseType=$response["{DAV:}resourcetype"]->resourceType;
+ }
return (count($responseType)>0 and $responseType[0]=="{DAV:}collection")?'dir':'file';
} catch(\Exception $e) {
error_log($e->getMessage());
@@ -141,7 +146,7 @@ class DAV extends \OC\Files\Storage\Common{
$this->init();
$path=$this->cleanPath($path);
try {
- $this->client->propfind($path, array('{DAV:}resourcetype'));
+ $this->client->propfind($this->encodePath($path), array('{DAV:}resourcetype'));
return true;//no 404 exception
} catch(\Exception $e) {
return false;
@@ -166,7 +171,7 @@ class DAV extends \OC\Files\Storage\Common{
$curl = curl_init();
$fp = fopen('php://temp', 'r+');
curl_setopt($curl, CURLOPT_USERPWD, $this->user.':'.$this->password);
- curl_setopt($curl, CURLOPT_URL, $this->createBaseUri().str_replace(' ', '%20', $path));
+ curl_setopt($curl, CURLOPT_URL, $this->createBaseUri().$this->encodePath($path));
curl_setopt($curl, CURLOPT_FILE, $fp);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
if ($this->secure === true) {
@@ -178,6 +183,10 @@ class DAV extends \OC\Files\Storage\Common{
}
curl_exec ($curl);
+ $statusCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+ if ($statusCode !== 200) {
+ \OCP\Util::writeLog("webdav client", 'curl GET ' . curl_getinfo($curl, CURLINFO_EFFECTIVE_URL) . ' returned status code ' . $statusCode, \OCP\Util::ERROR);
+ }
curl_close ($curl);
rewind($fp);
return $fp;
@@ -220,7 +229,7 @@ class DAV extends \OC\Files\Storage\Common{
$this->init();
$path=$this->cleanPath($path);
try {
- $response=$this->client->propfind($path, array('{DAV:}quota-available-bytes'));
+ $response=$this->client->propfind($this->encodePath($path), array('{DAV:}quota-available-bytes'));
if (isset($response['{DAV:}quota-available-bytes'])) {
return (int)$response['{DAV:}quota-available-bytes'];
} else {
@@ -240,7 +249,12 @@ class DAV extends \OC\Files\Storage\Common{
// if file exists, update the mtime, else create a new empty file
if ($this->file_exists($path)) {
- $this->client->proppatch($path, array('{DAV:}lastmodified' => $mtime));
+ try {
+ $this->client->proppatch($this->encodePath($path), array('{DAV:}lastmodified' => $mtime));
+ }
+ catch (\Sabre_DAV_Exception_NotImplemented $e) {
+ return false;
+ }
} else {
$this->file_put_contents($path, '');
}
@@ -276,13 +290,17 @@ class DAV extends \OC\Files\Storage\Common{
}
}
curl_exec ($curl);
+ $statusCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+ if ($statusCode !== 200) {
+ \OCP\Util::writeLog("webdav client", 'curl GET ' . curl_getinfo($curl, CURLINFO_EFFECTIVE_URL) . ' returned status code ' . $statusCode, \OCP\Util::ERROR);
+ }
curl_close ($curl);
}
public function rename($path1, $path2) {
$this->init();
- $path1=$this->cleanPath($path1);
- $path2=$this->createBaseUri().$this->cleanPath($path2);
+ $path1 = $this->encodePath($this->cleanPath($path1));
+ $path2 = $this->createBaseUri().$this->encodePath($this->cleanPath($path2));
try {
$this->client->request('MOVE', $path1, null, array('Destination'=>$path2));
return true;
@@ -293,8 +311,8 @@ class DAV extends \OC\Files\Storage\Common{
public function copy($path1, $path2) {
$this->init();
- $path1=$this->cleanPath($path1);
- $path2=$this->createBaseUri().$this->cleanPath($path2);
+ $path1 = $this->encodePath($this->cleanPath($path1));
+ $path2 = $this->createBaseUri().$this->encodePath($this->cleanPath($path2));
try {
$this->client->request('COPY', $path1, null, array('Destination'=>$path2));
return true;
@@ -307,7 +325,7 @@ class DAV extends \OC\Files\Storage\Common{
$this->init();
$path=$this->cleanPath($path);
try {
- $response=$this->client->propfind($path, array('{DAV:}getlastmodified', '{DAV:}getcontentlength'));
+ $response = $this->client->propfind($this->encodePath($path), array('{DAV:}getlastmodified', '{DAV:}getcontentlength'));
return array(
'mtime'=>strtotime($response['{DAV:}getlastmodified']),
'size'=>(int)isset($response['{DAV:}getcontentlength']) ? $response['{DAV:}getcontentlength'] : 0,
@@ -321,8 +339,11 @@ class DAV extends \OC\Files\Storage\Common{
$this->init();
$path=$this->cleanPath($path);
try {
- $response=$this->client->propfind($path, array('{DAV:}getcontenttype', '{DAV:}resourcetype'));
- $responseType=$response["{DAV:}resourcetype"]->resourceType;
+ $response=$this->client->propfind($this->encodePath($path), array('{DAV:}getcontenttype', '{DAV:}resourcetype'));
+ $responseType = array();
+ if (isset($response["{DAV:}resourcetype"])) {
+ $responseType=$response["{DAV:}resourcetype"]->resourceType;
+ }
$type=(count($responseType)>0 and $responseType[0]=="{DAV:}collection")?'dir':'file';
if ($type=='dir') {
return 'httpd/unix-directory';
@@ -346,6 +367,16 @@ class DAV extends \OC\Files\Storage\Common{
}
/**
+ * URL encodes the given path but keeps the slashes
+ * @param string $path to encode
+ * @return string encoded path
+ */
+ private function encodePath($path) {
+ // slashes need to stay
+ return str_replace('%2F', '/', rawurlencode($path));
+ }
+
+ /**
* @param string $method
* @param string $path
* @param integer $expected
@@ -353,7 +384,7 @@ class DAV extends \OC\Files\Storage\Common{
private function simpleResponse($method, $path, $body, $expected) {
$path=$this->cleanPath($path);
try {
- $response=$this->client->request($method, $path, $body);
+ $response=$this->client->request($method, $this->encodePath($path), $body);
return $response['statusCode']==$expected;
} catch(\Exception $e) {
return false;
diff --git a/apps/files_external/tests/config.php b/apps/files_external/tests/config.php
index e296bfcb5b2..767c0adf58e 100644
--- a/apps/files_external/tests/config.php
+++ b/apps/files_external/tests/config.php
@@ -21,7 +21,11 @@ return array(
'host'=>'localhost',
'user'=>'test',
'password'=>'test',
- 'root'=>'/owncloud/files/webdav.php',
+ 'root'=>'',
+ // wait delay in seconds after write operations
+ // (only in tests)
+ // set to higher value for lighttpd webdav
+ 'wait'=> 0
),
'owncloud'=>array(
'run'=>true,
diff --git a/apps/files_external/tests/webdav.php b/apps/files_external/tests/webdav.php
index 1f9b767eca6..74e905ccc89 100644
--- a/apps/files_external/tests/webdav.php
+++ b/apps/files_external/tests/webdav.php
@@ -18,6 +18,9 @@ class DAV extends Storage {
if ( ! is_array($this->config) or ! isset($this->config['webdav']) or ! $this->config['webdav']['run']) {
$this->markTestSkipped('WebDAV backend not configured');
}
+ if (isset($this->config['webdav']['wait'])) {
+ $this->waitDelay = $this->config['webdav']['wait'];
+ }
$this->config['webdav']['root'] .= '/' . $id; //make sure we have an new empty folder to work in
$this->instance = new \OC\Files\Storage\DAV($this->config['webdav']);
$this->instance->mkdir('/');
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 6795aecafee..b7e4023dd73 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -922,6 +922,17 @@ class Access extends LDAPUtility {
}
/**
+ * @brief escapes (user provided) parts for LDAP filter
+ * @param String $input, the provided value
+ * @returns the escaped string
+ */
+ public function escapeFilterPart($input) {
+ $search = array('*', '\\', '(', ')');
+ $replace = array('\\*', '\\\\', '\\(', '\\)');
+ return str_replace($search, $replace, $input);
+ }
+
+ /**
* @brief combines the input filters with AND
* @param $filters array, the filters to connect
* @returns the combined filter
diff --git a/apps/user_ldap/lib/helper.php b/apps/user_ldap/lib/helper.php
index 9727d847d27..7de7fe8667f 100644
--- a/apps/user_ldap/lib/helper.php
+++ b/apps/user_ldap/lib/helper.php
@@ -118,10 +118,16 @@ class Helper {
return false;
}
+ $saveOtherConfigurations = '';
+ if(empty($prefix)) {
+ $saveOtherConfigurations = 'AND `Configkey` NOT LIKE \'s%\'';
+ }
+
$query = \OCP\DB::prepare('
DELETE
FROM `*PREFIX*appconfig`
WHERE `configkey` LIKE ?
+ '.$saveOtherConfigurations.'
AND `appid` = \'user_ldap\'
AND `configkey` NOT IN (\'enabled\', \'installed_version\', \'types\', \'bgjUpdateGroupsLastRun\')
');
diff --git a/apps/user_ldap/tests/access.php b/apps/user_ldap/tests/access.php
new file mode 100644
index 00000000000..9beb2b97336
--- /dev/null
+++ b/apps/user_ldap/tests/access.php
@@ -0,0 +1,71 @@
+<?php
+/**
+* ownCloud
+*
+* @author Arthur Schiwon
+* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library. If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+namespace OCA\user_ldap\tests;
+
+use \OCA\user_ldap\lib\Access;
+use \OCA\user_ldap\lib\Connection;
+use \OCA\user_ldap\lib\ILDAPWrapper;
+
+class Test_Access extends \PHPUnit_Framework_TestCase {
+ private function getConnecterAndLdapMock() {
+ static $conMethods;
+ static $accMethods;
+
+ if(is_null($conMethods) || is_null($accMethods)) {
+ $conMethods = get_class_methods('\OCA\user_ldap\lib\Connection');
+ $accMethods = get_class_methods('\OCA\user_ldap\lib\Access');
+ }
+ $lw = $this->getMock('\OCA\user_ldap\lib\ILDAPWrapper');
+ $connector = $this->getMock('\OCA\user_ldap\lib\Connection',
+ $conMethods,
+ array($lw, null, null));
+
+ return array($lw, $connector);
+ }
+
+ public function testEscapeFilterPartValidChars() {
+ list($lw, $con) = $this->getConnecterAndLdapMock();
+ $access = new Access($con, $lw);
+
+ $input = 'okay';
+ $this->assertTrue($input === $access->escapeFilterPart($input));
+ }
+
+ public function testEscapeFilterPartEscapeWildcard() {
+ list($lw, $con) = $this->getConnecterAndLdapMock();
+ $access = new Access($con, $lw);
+
+ $input = '*';
+ $expected = '\\\\*';
+ $this->assertTrue($expected === $access->escapeFilterPart($input));
+ }
+
+ public function testEscapeFilterPartEscapeWildcard2() {
+ list($lw, $con) = $this->getConnecterAndLdapMock();
+ $access = new Access($con, $lw);
+
+ $input = 'foo*bar';
+ $expected = 'foo\\\\*bar';
+ $this->assertTrue($expected === $access->escapeFilterPart($input));
+ }
+} \ No newline at end of file
diff --git a/apps/user_ldap/tests/user_ldap.php b/apps/user_ldap/tests/user_ldap.php
index 9193a005ae5..8c8d85b3c33 100644
--- a/apps/user_ldap/tests/user_ldap.php
+++ b/apps/user_ldap/tests/user_ldap.php
@@ -83,6 +83,12 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
* @return void
*/
private function prepareAccessForCheckPassword(&$access) {
+ $access->expects($this->once())
+ ->method('escapeFilterPart')
+ ->will($this->returnCallback(function($uid) {
+ return $uid;
+ }));
+
$access->connection->expects($this->any())
->method('__get')
->will($this->returnCallback(function($name) {
@@ -116,17 +122,34 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
}));
}
- public function testCheckPassword() {
+ public function testCheckPasswordUidReturn() {
$access = $this->getAccessMock();
+
$this->prepareAccessForCheckPassword($access);
$backend = new UserLDAP($access);
\OC_User::useBackend($backend);
$result = $backend->checkPassword('roland', 'dt19');
$this->assertEquals('gunslinger', $result);
+ }
+
+ public function testCheckPasswordWrongPassword() {
+ $access = $this->getAccessMock();
+
+ $this->prepareAccessForCheckPassword($access);
+ $backend = new UserLDAP($access);
+ \OC_User::useBackend($backend);
$result = $backend->checkPassword('roland', 'wrong');
$this->assertFalse($result);
+ }
+
+ public function testCheckPasswordWrongUser() {
+ $access = $this->getAccessMock();
+
+ $this->prepareAccessForCheckPassword($access);
+ $backend = new UserLDAP($access);
+ \OC_User::useBackend($backend);
$result = $backend->checkPassword('mallory', 'evil');
$this->assertFalse($result);
@@ -140,9 +163,23 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
$result = \OCP\User::checkPassword('roland', 'dt19');
$this->assertEquals('gunslinger', $result);
+ }
+
+ public function testCheckPasswordPublicAPIWrongPassword() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForCheckPassword($access);
+ $backend = new UserLDAP($access);
+ \OC_User::useBackend($backend);
$result = \OCP\User::checkPassword('roland', 'wrong');
$this->assertFalse($result);
+ }
+
+ public function testCheckPasswordPublicAPIWrongUser() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForCheckPassword($access);
+ $backend = new UserLDAP($access);
+ \OC_User::useBackend($backend);
$result = \OCP\User::checkPassword('mallory', 'evil');
$this->assertFalse($result);
@@ -154,6 +191,12 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
* @return void
*/
private function prepareAccessForGetUsers(&$access) {
+ $access->expects($this->once())
+ ->method('escapeFilterPart')
+ ->will($this->returnCallback(function($search) {
+ return $search;
+ }));
+
$access->expects($this->any())
->method('getFilterPartForUserSearch')
->will($this->returnCallback(function($search) {
@@ -191,28 +234,52 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
->will($this->returnArgument(0));
}
- public function testGetUsers() {
+ public function testGetUsersNoParam() {
$access = $this->getAccessMock();
$this->prepareAccessForGetUsers($access);
$backend = new UserLDAP($access);
$result = $backend->getUsers();
$this->assertEquals(3, count($result));
+ }
+
+ public function testGetUsersLimitOffset() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForGetUsers($access);
+ $backend = new UserLDAP($access);
$result = $backend->getUsers('', 1, 2);
$this->assertEquals(1, count($result));
+ }
+
+ public function testGetUsersLimitOffset2() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForGetUsers($access);
+ $backend = new UserLDAP($access);
$result = $backend->getUsers('', 2, 1);
$this->assertEquals(2, count($result));
+ }
+
+ public function testGetUsersSearchWithResult() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForGetUsers($access);
+ $backend = new UserLDAP($access);
$result = $backend->getUsers('yo');
$this->assertEquals(2, count($result));
+ }
+
+ public function testGetUsersSearchEmptyResult() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForGetUsers($access);
+ $backend = new UserLDAP($access);
$result = $backend->getUsers('nix');
$this->assertEquals(0, count($result));
}
- public function testGetUsersViaAPI() {
+ public function testGetUsersViaAPINoParam() {
$access = $this->getAccessMock();
$this->prepareAccessForGetUsers($access);
$backend = new UserLDAP($access);
@@ -220,15 +287,43 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
$result = \OCP\User::getUsers();
$this->assertEquals(3, count($result));
+ }
+
+ public function testGetUsersViaAPILimitOffset() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForGetUsers($access);
+ $backend = new UserLDAP($access);
+ \OC_User::useBackend($backend);
$result = \OCP\User::getUsers('', 1, 2);
$this->assertEquals(1, count($result));
+ }
+
+ public function testGetUsersViaAPILimitOffset2() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForGetUsers($access);
+ $backend = new UserLDAP($access);
+ \OC_User::useBackend($backend);
$result = \OCP\User::getUsers('', 2, 1);
$this->assertEquals(2, count($result));
+ }
+
+ public function testGetUsersViaAPISearchWithResult() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForGetUsers($access);
+ $backend = new UserLDAP($access);
+ \OC_User::useBackend($backend);
$result = \OCP\User::getUsers('yo');
$this->assertEquals(2, count($result));
+ }
+
+ public function testGetUsersViaAPISearchEmptyResult() {
+ $access = $this->getAccessMock();
+ $this->prepareAccessForGetUsers($access);
+ $backend = new UserLDAP($access);
+ \OC_User::useBackend($backend);
$result = \OCP\User::getUsers('nix');
$this->assertEquals(0, count($result));
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 4a147cf9884..757de6b60f4 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -163,6 +163,8 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
* Check if the password is correct without logging in the user
*/
public function checkPassword($uid, $password) {
+ $uid = $this->access->escapeFilterPart($uid);
+
//find out dn of the user name
$filter = \OCP\Util::mb_str_replace(
'%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8');
@@ -203,6 +205,7 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
* Get a list of all users.
*/
public function getUsers($search = '', $limit = 10, $offset = 0) {
+ $search = $this->access->escapeFilterPart($search);
$cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset;
//check if users are cached, if so return