Merge branch 'master' into fixing-3942-master

Conflicts:
	apps/files/ajax/upload.php

10 files changed, 252 insertions, 155 deletions

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 0a61ff72d41..dde5d3c50af 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -18,7 +18,6 @@ if (empty($_POST['dirToken'])) {
 	}
 } else {
 	$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
-
 	if ($linkItem === false) {
 		OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
 		die();
@@ -31,6 +30,7 @@ if (empty($_POST['dirToken'])) {
 		$rootLinkItem = OCP\Share::resolveReShare($linkItem);
 
 		// Setup FS with owner
+		OC_Util::tearDownFS();
 		OC_Util::setupFS($rootLinkItem['uid_owner']);
 
 		// The token defines the target directory (security reasons)
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index 197982010f9..b2a17f6bca5 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -476,10 +476,19 @@ class Hooks {
 		$util = new Util($view, $userId);

 

 		// Format paths to be relative to user files dir

-		$oldKeyfilePath = \OC\Files\Filesystem::normalizePath(

-			$userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['oldpath']);

-		$newKeyfilePath = \OC\Files\Filesystem::normalizePath(

-			$userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['newpath']);

+		if ($util->isSystemWideMountPoint($params['oldpath'])) {

+			$baseDir = 'files_encryption/';

+			$oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath'];

+		} else {

+			$baseDir = $userId . '/' . 'files_encryption/';

+			$oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath'];

+		}

+

+		if ($util->isSystemWideMountPoint($params['newpath'])) {

+			$newKeyfilePath =  $baseDir . 'keyfiles/' . $params['newpath'];

+		} else {

+			$newKeyfilePath = $baseDir . 'keyfiles/' . $params['newpath'];

+		}

 

 		// add key ext if this is not an folder

 		if (!$view->is_dir($oldKeyfilePath)) {

@@ -487,8 +496,9 @@ class Hooks {
 			$newKeyfilePath .= '.key';

 

 			// handle share-keys

-			$localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $params['oldpath']);

-			$matches = glob(preg_quote($localKeyPath) . '*.shareKey');

+			$localKeyPath = $view->getLocalFile($baseDir . 'share-keys/' . $params['oldpath']);

+			$escapedPath = Helper::escapeGlobPattern($localKeyPath);

+			$matches = glob($escapedPath . '*.shareKey');

 			foreach ($matches as $src) {

 				$dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src));

 

@@ -502,10 +512,8 @@ class Hooks {
 

 		} else {

 			// handle share-keys folders

-			$oldShareKeyfilePath = \OC\Files\Filesystem::normalizePath(

-				$userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['oldpath']);

-			$newShareKeyfilePath = \OC\Files\Filesystem::normalizePath(

-				$userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['newpath']);

+			$oldShareKeyfilePath = $baseDir . 'share-keys/' . $params['oldpath'];

+			$newShareKeyfilePath = $baseDir . 'share-keys/' . $params['newpath'];

 

 			// create destination folder if not exists

 			if (!$view->file_exists(dirname($newShareKeyfilePath))) {

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 31cf48a0393..6eee8fed6a6 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -218,7 +218,6 @@ class Helper {
 		exit();
 	}
 
-
 	/**
 	 * check requirements for encryption app.
 	 * @return bool true if requirements are met
@@ -233,4 +232,14 @@ class Helper {
 
 		return (bool) $result;
 	}
+
+	/**
+	 * @brief glob uses different pattern than regular expressions, escape glob pattern only
+	 * @param unescaped path
+	 * @return escaped path
+	 */
+	public static function escapeGlobPattern($path) {
+		return preg_replace('/(\*|\?|\[)/', '[$1]', $path);
+	}
 }
+
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index e911c1785df..b2fd650f18d 100755
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -126,7 +126,12 @@ class Keymanager {
 		$util = new Util($view, \OCP\User::getUser());
 		list($owner, $filename) = $util->getUidAndFilename($path);
 
-		$basePath = '/' . $owner . '/files_encryption/keyfiles';
+		// in case of system wide mount points the keys are stored directly in the data directory
+		if ($util->isSystemWideMountPoint($filename)) {
+			$basePath = '/files_encryption/keyfiles';
+		} else {
+			$basePath = '/' . $owner . '/files_encryption/keyfiles';
+		}
 
 		$targetPath = self::keySetPreparation($view, $filename, $basePath, $owner);
 
@@ -233,7 +238,12 @@ class Keymanager {
 		list($owner, $filename) = $util->getUidAndFilename($filePath);
 		$filePath_f = ltrim($filename, '/');
 
-		$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
+		// in case of system wide mount points the keys are stored directly in the data directory
+		if ($util->isSystemWideMountPoint($filename)) {
+			$keyfilePath = '/files_encryption/keyfiles/' . $filePath_f . '.key';
+		} else {
+			$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
+		}
 
 		$proxyStatus = \OC_FileProxy::$enabled;
 		\OC_FileProxy::$enabled = false;
@@ -267,7 +277,14 @@ class Keymanager {
 	public static function deleteFileKey(\OC_FilesystemView $view, $userId, $path) {
 
 		$trimmed = ltrim($path, '/');
-		$keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed;
+
+		$util = new Util($view, \OCP\User::getUser());
+
+		if($util->isSystemWideMountPoint($path)) {
+			$keyPath = '/files_encryption/keyfiles/' . $trimmed;
+		} else {
+			$keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed;
+		}
 
 		$result = false;
 
@@ -325,57 +342,26 @@ class Keymanager {
 	 * @brief store share key
 	 *
 	 * @param \OC_FilesystemView $view
-	 * @param string $path relative path of the file, including filename
-	 * @param $userId
+	 * @param string $path where the share key is stored
 	 * @param $shareKey
-	 * @internal param string $key
-	 * @internal param string $dbClassName
 	 * @return bool true/false
 	 * @note The keyfile is not encrypted here. Client code must
 	 * asymmetrically encrypt the keyfile before passing it to this method
 	 */
-	public static function setShareKey(\OC_FilesystemView $view, $path, $userId, $shareKey) {
-
-		// Here we need the currently logged in user, while userId can be a different user
-		$util = new Util($view, \OCP\User::getUser());
-
-		list($owner, $filename) = $util->getUidAndFilename($path);
-
-		$basePath = '/' . $owner . '/files_encryption/share-keys';
-
-		$shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
-
-		// try reusing key file if part file
-		if (self::isPartialFilePath($shareKeyPath)) {
-
-			$writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
-
-		} else {
-
-			$writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey';
-
-		}
+	private static function setShareKey(\OC_FilesystemView $view, $path, $shareKey) {
 
 		$proxyStatus = \OC_FileProxy::$enabled;
 		\OC_FileProxy::$enabled = false;
 
-		$result = $view->file_put_contents($writePath, $shareKey);
+		$result = $view->file_put_contents($path, $shareKey);
 
 		\OC_FileProxy::$enabled = $proxyStatus;
 
-		if (
-			is_int($result)
-			&& $result > 0
-		) {
-
+		if (is_int($result) && $result > 0) {
 			return true;
-
 		} else {
-
 			return false;
-
 		}
-
 	}
 
 	/**
@@ -389,23 +375,40 @@ class Keymanager {
 
 		// $shareKeys must be  an array with the following format:
 		// [userId] => [encrypted key]
+		// Here we need the currently logged in user, while userId can be a different user
+		$util = new Util($view, \OCP\User::getUser());
+
+		list($owner, $filename) = $util->getUidAndFilename($path);
+
+		// in case of system wide mount points the keys are stored directly in the data directory
+		if ($util->isSystemWideMountPoint($filename)) {
+			$basePath = '/files_encryption/share-keys';
+		} else {
+			$basePath = '/' . $owner . '/files_encryption/share-keys';
+		}
+
+		$shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
 
 		$result = true;
 
 		foreach ($shareKeys as $userId => $shareKey) {
 
-			if (!self::setShareKey($view, $path, $userId, $shareKey)) {
+			// try reusing key file if part file
+			if (self::isPartialFilePath($shareKeyPath)) {
+				$writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
+			} else {
+				$writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey';
+			}
+
+			if (!self::setShareKey($view, $writePath, $shareKey)) {
 
 				// If any of the keys are not set, flag false
 				$result = false;
-
 			}
-
 		}
 
 		// Returns false if any of the keys weren't set
 		return $result;
-
 	}
 
 	/**
@@ -440,8 +443,13 @@ class Keymanager {
 		$util = new Util($view, \OCP\User::getUser());
 
 		list($owner, $filename) = $util->getUidAndFilename($filePath);
-		$shareKeyPath = \OC\Files\Filesystem::normalizePath(
-			'/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey');
+
+		// in case of system wide mount points the keys are stored directly in the data directory
+		if ($util->isSystemWideMountPoint($filename)) {
+			$shareKeyPath = '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
+		} else {
+			$shareKeyPath = '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
+		}
 
 		if ($view->file_exists($shareKeyPath)) {
 
@@ -467,11 +475,21 @@ class Keymanager {
 	 */
 	public static function delAllShareKeys(\OC_FilesystemView $view, $userId, $filePath) {
 
+		$util = new util($view, $userId);
+
+		if ($util->isSystemWideMountPoint($filePath)) {
+			$baseDir = '/files_encryption/share-keys/';
+		} else {
+			$baseDir = $userId . '/files_encryption/share-keys/';
+		}
+
+
 		if ($view->is_dir($userId . '/files/' . $filePath)) {
-			$view->unlink($userId . '/files_encryption/share-keys/' . $filePath);
+			$view->unlink($baseDir . $filePath);
 		} else {
-			$localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $filePath);
-			$matches = glob(preg_quote($localKeyPath) . '*.shareKey');
+			$localKeyPath = $view->getLocalFile($baseDir . $filePath);
+			$escapedPath = Helper::escapeGlobPattern($localKeyPath);
+			$matches = glob($escapedPath . '*.shareKey');
 			foreach ($matches as $ma) {
 				$result = unlink($ma);
 				if (!$result) {
@@ -495,7 +513,11 @@ class Keymanager {
 
 		list($owner, $filename) = $util->getUidAndFilename($filePath);
 
-		$shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename);
+		if ($util->isSystemWideMountPoint($filename)) {
+			$shareKeyPath = \OC\Files\Filesystem::normalizePath('/files_encryption/share-keys/' . $filename);
+		} else {
+			$shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename);
+		}
 
 		if ($view->is_dir($shareKeyPath)) {
 
@@ -526,7 +548,10 @@ class Keymanager {
 	 */
 	private static function recursiveDelShareKeys($dir, $userIds) {
 		foreach ($userIds as $userId) {
-			$matches = glob(preg_quote($dir) . '/*' . preg_quote('.' . $userId . '.shareKey'));
+			$extension = '.' . $userId . '.shareKey';
+			$escapedDir = Helper::escapeGlobPattern($dir);
+			$escapedExtension = Helper::escapeGlobPattern($extension);
+			$matches = glob($escapedDir . '/*' . $escapedExtension);
 		}
 		/** @var $matches array */
 		foreach ($matches as $ma) {
@@ -535,7 +560,7 @@ class Keymanager {
 					'Could not delete shareKey; does not exist: "' . $ma . '"', \OCP\Util::ERROR);
 			}
 		}
-		$subdirs = $directories = glob(preg_quote($dir) . '/*', GLOB_ONLYDIR);
+		$subdirs = $directories = glob($escapedDir . '/*', GLOB_ONLYDIR);
 		foreach ($subdirs as $subdir) {
 			self::recursiveDelShareKeys($subdir, $userIds);
 		}
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index b3de85254e2..50e823585d7 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -992,13 +992,9 @@ class Util {
 			\OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled')
 			&& $this->recoveryEnabledForUser()
 		) {
-
 			$recoveryEnabled = true;
-
 		} else {
-
 			$recoveryEnabled = false;
-
 		}
 
 		// Make sure that a share key is generated for the owner too
@@ -1019,20 +1015,25 @@ class Util {
 		// If recovery is enabled, add the 
 		// Admin UID to list of users to share to
 		if ($recoveryEnabled) {
-
 			// Find recoveryAdmin user ID
 			$recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
-
 			// Add recoveryAdmin to list of users sharing
 			$userIds[] = $recoveryKeyId;
-
 		}
 
 		// add current user if given
 		if ($currentUserId !== false) {
-
 			$userIds[] = $currentUserId;
+		}
 
+		// check if it is a group mount
+		if (\OCP\App::isEnabled("files_external")) {
+			$mount = \OC_Mount_Config::getSystemMountPoints();
+			foreach ($mount as $mountPoint => $data) {
+				if ($mountPoint == substr($ownerPath, 1, strlen($mountPoint))) {
+					$userIds = array_merge($userIds, $this->getUserWithAccessToMountPoint($data['applicable']['users'], $data['applicable']['groups']));
+				}
+			}
 		}
 
 		// Remove duplicate UIDs
@@ -1042,6 +1043,20 @@ class Util {
 
 	}
 
+	private function getUserWithAccessToMountPoint($users, $groups) {
+		$result = array();
+		if (in_array('all', $users)) {
+			$result = \OCP\User::getUsers();
+		} else {
+			$result = array_merge($result, $users);
+			foreach ($groups as $group) {
+				$result = array_merge($result, \OC_Group::usersInGroup($group));
+			}
+		}
+
+		return $result;
+	}
+
 	/**
 	 * @brief start migration mode to initially encrypt users data
 	 * @return boolean
@@ -1179,7 +1194,7 @@ class Util {
 
 			return array(
 				$fileOwnerUid,
-				$filename
+				\OC_Filesystem::normalizePath($filename)
 			);
 		}
 
@@ -1547,4 +1562,21 @@ class Util {
 		return $relativePath;
 	}
 
+	/**
+	 * @brief check if the file is stored on a system wide mount point
+	 * @param $path relative to /data/user with leading '/'
+	 * @return boolean
+	 */
+	public function isSystemWideMountPoint($path) {
+		if (\OCP\App::isEnabled("files_external")) {
+			$mount = \OC_Mount_Config::getSystemMountPoints();
+			foreach ($mount as $mountPoint => $data) {
+				if ($mountPoint == substr($path, 1, strlen($mountPoint))) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
+
 }
diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php
index cb10befc8e4..368b7b3dc3f 100755
--- a/apps/files_encryption/tests/util.php
+++ b/apps/files_encryption/tests/util.php
@@ -219,7 +219,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
 
 		\OC_User::setUserId(\Test_Encryption_Util::TEST_ENCRYPTION_UTIL_USER1);
 
-		$filename = 'tmp-' . time() . '.test';
+		$filename = '/tmp-' . time() . '.test';
 
 		// Disable encryption proxy to prevent recursive calls
 		$proxyStatus = \OC_FileProxy::$enabled;
diff --git a/apps/files_sharing/js/public.js b/apps/files_sharing/js/public.js
index 0244f392a0e..294223aa094 100644
--- a/apps/files_sharing/js/public.js
+++ b/apps/files_sharing/js/public.js
@@ -11,6 +11,8 @@ var form_data;
 
 $(document).ready(function() {
 
+	$('#data-upload-form').tipsy({gravity:'ne', fade:true});
+
 	if (typeof FileActions !== 'undefined') {
 		var mimetype = $('#mimetype').val();
 		// Show file preview if previewer is available, images are already handled by the template
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 7c9158d8002..0c3d6fb7b25 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -137,6 +137,9 @@ if (isset($path)) {
 		if (\OCP\App::isEnabled('files_encryption')) {
 			$allowPublicUploadEnabled = false;
 		}
+		if (isset($file)) {
+			$allowPublicUploadEnabled = false;
+		}
 		$tmpl->assign('allowPublicUploadEnabled', $allowPublicUploadEnabled);
 		$tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
 		$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php
index 56ed4ca168e..e8bf80b8720 100644
--- a/apps/files_sharing/templates/public.php
+++ b/apps/files_sharing/templates/public.php
@@ -1,5 +1,5 @@
 <div id="notification-container">
-  <div id="notification" style="display: none;"></div>
+	<div id="notification" style="display: none;"></div>
 </div>
 
 <?php $defaults = new OCP\Defaults(); // initialize themable default strings and urls ?>
@@ -9,88 +9,92 @@
 <input type="hidden" name="filename" value="<?php p($_['filename']) ?>" id="filename">
 <input type="hidden" name="mimetype" value="<?php p($_['mimetype']) ?>" id="mimetype">
 <header><div id="header">
-	<a href="<?php print_unescaped(link_to('', 'index.php')); ?>" title="" id="owncloud"><img class="svg"
-		src="<?php print_unescaped(image_path('', 'logo-wide.svg')); ?>" alt="ownCloud" /></a>
-	<div id="logo-claim" style="display:none;"><?php p($defaults->getLogoClaim()); ?></div>
-	<div class="header-right">
-	<?php if (isset($_['folder'])): ?>
-		<span id="details"><?php p($l->t('%s shared the folder %s with you',
-			array($_['displayName'], $_['fileTarget']))) ?></span>
-	<?php else: ?>
-		<span id="details"><?php p($l->t('%s shared the file %s with you',
-			array($_['displayName'], $_['fileTarget']))) ?></span>
-	<?php endif; ?>
-
-
-		<?php if (!isset($_['folder']) || $_['allowZipDownload']): ?>
-			<a href="<?php p($_['downloadURL']); ?>" class="button" id="download"><img
-				class="svg" alt="Download" src="<?php print_unescaped(OCP\image_path("core", "actions/download.svg")); ?>"
-				/><span><?php p($l->t('Download'))?></span></a>
-		<?php endif; ?>
-
-        <?php if ($_['allowPublicUploadEnabled']):?>
-
-
-          <input type="hidden" id="publicUploadRequestToken" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
-          <input type="hidden" id="dirToken" name="dirToken" value="<?php p($_['dirToken']) ?>" />
-          <input type="hidden" id="uploadMaxFilesize" name="uploadMaxFilesize" value="<?php p($_['uploadMaxFilesize']) ?>" />
-          <input type="hidden" id="uploadMaxHumanFilesize" name="uploadMaxHumanFilesize" value="<?php p($_['uploadMaxHumanFilesize']) ?>" />
-          <input type="hidden" id="directory_path" name="directory_path" value="<?php p($_['directory_path']) ?>" />
-
-
-          <div id="data-upload-form" class="button">
-            <input id="file_upload_start" type="file" name="files[]" data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" multiple>
-            <a href="#" id="publicUploadButtonMock" class="svg">
-              <span><?php p($l->t('Upload'))?></span>
-            </a>
-          </div>
+		<a href="<?php print_unescaped(link_to('', 'index.php')); ?>" title="" id="owncloud"><img class="svg"
+		                                                                                          src="<?php print_unescaped(image_path('', 'logo-wide.svg')); ?>" alt="ownCloud" /></a>
+		<div id="logo-claim" style="display:none;"><?php p($defaults->getLogoClaim()); ?></div>
+		<div class="header-right">
+			<?php if (isset($_['folder'])): ?>
+				<span id="details"><?php p($l->t('%s shared the folder %s with you',
+						array($_['displayName'], $_['fileTarget']))) ?></span>
+			<?php else: ?>
+				<span id="details"><?php p($l->t('%s shared the file %s with you',
+						array($_['displayName'], $_['fileTarget']))) ?></span>
+			<?php endif; ?>
+
+
+			<?php if (!isset($_['folder']) || $_['allowZipDownload']): ?>
+				<a href="<?php p($_['downloadURL']); ?>" class="button" id="download"><img
+						class="svg" alt="Download" src="<?php print_unescaped(OCP\image_path("core", "actions/download.svg")); ?>"
+						/><span><?php p($l->t('Download'))?></span></a>
+			<?php endif; ?>
+
+			<?php if ($_['allowPublicUploadEnabled']):?>
+
+
+			<input type="hidden" id="publicUploadRequestToken" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
+			<input type="hidden" id="dirToken" name="dirToken" value="<?php p($_['dirToken']) ?>" />
+			<input type="hidden" id="uploadMaxFilesize" name="uploadMaxFilesize" value="<?php p($_['uploadMaxFilesize']) ?>" />
+			<input type="hidden" id="uploadMaxHumanFilesize" name="uploadMaxHumanFilesize" value="<?php p($_['uploadMaxHumanFilesize']) ?>" />
+			<input type="hidden" id="directory_path" name="directory_path" value="<?php p($_['directory_path']) ?>" />
+			<?php if($_['uploadMaxFilesize'] >= 0):?>
+				<input type="hidden" name="MAX_FILE_SIZE" id="max_upload"
+				       value="<?php p($_['uploadMaxFilesize']) ?>">
+			<?php endif;?>
+
+
+			<div id="data-upload-form" class="button" title="<?php p($l->t('Upload') . ' max. '.$_['uploadMaxHumanFilesize']) ?>">
+				<input id="file_upload_start" type="file" name="files[]" data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" multiple>
+				<a href="#" id="publicUploadButtonMock" class="svg">
+					<span><?php p($l->t('Upload'))?></span>
+				</a>
+			</div>
 
-        </div>
+		</div>
 
-        <div id="additional_controls" style="display:none">
-          <div id="uploadprogresswrapper">
-	    <div id="uploadprogressbar"></div>
-	    <input id="cancel_upload_button" type="button" class="stop" style="display:none"
-		   value="<?php p($l->t('Cancel upload'));?>"
-		   />
-	  </div>
+		<div id="additional_controls" style="display:none">
+			<div id="uploadprogresswrapper">
+				<div id="uploadprogressbar"></div>
+				<input id="cancel_upload_button" type="button" class="stop" style="display:none"
+				       value="<?php p($l->t('Cancel upload'));?>"
+					/>
+			</div>
 
 
 
 
-        <?php endif; ?>
+			<?php endif; ?>
 
-	</div>
-</div></header>
+		</div>
+	</div></header>
 <div id="content">
-<div id="preview">
-	<?php if (isset($_['folder'])): ?>
-		<?php print_unescaped($_['folder']); ?>
-	<?php else: ?>
-		<?php if (substr($_['mimetype'], 0, strpos($_['mimetype'], '/')) == 'image'): ?>
-			<div id="imgframe">
-				<img src="<?php p($_['downloadURL']); ?>" />
-			</div>
-		<?php elseif (substr($_['mimetype'], 0, strpos($_['mimetype'], '/')) == 'video'): ?>
-			<div id="imgframe">
-				<video tabindex="0" controls="" autoplay="">
-				<source src="<?php p($_['downloadURL']); ?>" type="<?php p($_['mimetype']); ?>" />
-				</video>
-			</div>
+	<div id="preview">
+		<?php if (isset($_['folder'])): ?>
+			<?php print_unescaped($_['folder']); ?>
 		<?php else: ?>
-		<ul id="noPreview">
-			<li class="error">
-				<?php p($l->t('No preview available for').' '.$_['fileTarget']); ?><br />
-				<a href="<?php p($_['downloadURL']); ?>" id="download"><img class="svg" alt="Download"
-					src="<?php print_unescaped(OCP\image_path("core", "actions/download.svg")); ?>"
-					/><?php p($l->t('Download'))?></a>
-			</li>
-		</ul>
+			<?php if (substr($_['mimetype'], 0, strpos($_['mimetype'], '/')) == 'image'): ?>
+				<div id="imgframe">
+					<img src="<?php p($_['downloadURL']); ?>" />
+				</div>
+			<?php elseif (substr($_['mimetype'], 0, strpos($_['mimetype'], '/')) == 'video'): ?>
+				<div id="imgframe">
+					<video tabindex="0" controls="" autoplay="">
+						<source src="<?php p($_['downloadURL']); ?>" type="<?php p($_['mimetype']); ?>" />
+					</video>
+				</div>
+			<?php else: ?>
+				<ul id="noPreview">
+					<li class="error">
+						<?php p($l->t('No preview available for').' '.$_['fileTarget']); ?><br />
+						<a href="<?php p($_['downloadURL']); ?>" id="download"><img class="svg" alt="Download"
+						                                                            src="<?php print_unescaped(OCP\image_path("core", "actions/download.svg")); ?>"
+								/><?php p($l->t('Download'))?></a>
+					</li>
+				</ul>
+			<?php endif; ?>
 		<?php endif; ?>
-	<?php endif; ?>
-</div>
-<footer>
-	<p class="info">
-		<?php print_unescaped($defaults->getLongFooter()); ?>
-	</p>
-</footer>
+	</div>
+	<footer>
+		<p class="info">
+			<?php print_unescaped($defaults->getLongFooter()); ?>
+		</p>
+	</footer>
diff --git a/apps/files_trashbin/lib/trash.php b/apps/files_trashbin/lib/trash.php
index 1235d9d2ee0..b9d900dfab4 100644
--- a/apps/files_trashbin/lib/trash.php
+++ b/apps/files_trashbin/lib/trash.php
@@ -171,13 +171,19 @@ class Trashbin {
 
 			list($owner, $ownerPath) = self::getUidAndFilename($file_path);
 
+			$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $user);
 
 			// disable proxy to prevent recursive calls
 			$proxyStatus = \OC_FileProxy::$enabled;
 			\OC_FileProxy::$enabled = false;
 
-			// retain key files
-			$keyfile = \OC\Files\Filesystem::normalizePath($owner . '/files_encryption/keyfiles/' . $ownerPath);
+			if ($util->isSystemWideMountPoint($ownerPath)) {
+				$baseDir = '/files_encryption/';
+			} else {
+				$baseDir = $owner . '/files_encryption/';
+			}
+
+			$keyfile = \OC\Files\Filesystem::normalizePath($baseDir . '/keyfiles/' . $ownerPath);
 
 			if ($rootView->is_dir($keyfile) || $rootView->file_exists($keyfile . '.key')) {
 				// move keyfiles
@@ -191,7 +197,7 @@ class Trashbin {
 			}
 
 			// retain share keys
-			$sharekeys = \OC\Files\Filesystem::normalizePath($owner . '/files_encryption/share-keys/' . $ownerPath);
+			$sharekeys = \OC\Files\Filesystem::normalizePath($baseDir . '/share-keys/' . $ownerPath);
 
 			if ($rootView->is_dir($sharekeys)) {
 				$size += self::calculateSize(new \OC\Files\View($sharekeys));
@@ -403,6 +409,14 @@ class Trashbin {
 
 			list($owner, $ownerPath) = self::getUidAndFilename($target);
 
+			$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $user);
+
+			if ($util->isSystemWideMountPoint($ownerPath)) {
+				$baseDir = '/files_encryption/';
+			} else {
+				$baseDir = $owner . '/files_encryption/';
+			}
+
 			$path_parts = pathinfo($file);
 			$source_location = $path_parts['dirname'];
 
@@ -432,18 +446,18 @@ class Trashbin {
 
 					// handle keyfiles
 					$size += self::calculateSize(new \OC\Files\View($keyfile));
-					$rootView->rename($keyfile, $owner . '/files_encryption/keyfiles/' . $ownerPath);
+					$rootView->rename($keyfile, $baseDir . '/keyfiles/' . $ownerPath);
 
 					// handle share-keys
 					if ($timestamp) {
 						$sharekey .= '.d' . $timestamp;
 					}
 					$size += self::calculateSize(new \OC\Files\View($sharekey));
-					$rootView->rename($sharekey, $owner . '/files_encryption/share-keys/' . $ownerPath);
+					$rootView->rename($sharekey, $baseDir . '/share-keys/' . $ownerPath);
 				} else {
 					// handle keyfiles
 					$size += $rootView->filesize($keyfile);
-					$rootView->rename($keyfile, $owner . '/files_encryption/keyfiles/' . $ownerPath . '.key');
+					$rootView->rename($keyfile, $baseDir . '/keyfiles/' . $ownerPath . '.key');
 
 					// handle share-keys
 					$ownerShareKey = \OC\Files\Filesystem::normalizePath($user . '/files_trashbin/share-keys/' . $source_location . '/' . $filename . '.' . $user . '.shareKey');
@@ -454,7 +468,7 @@ class Trashbin {
 					$size += $rootView->filesize($ownerShareKey);
 
 					// move only owners key
-					$rootView->rename($ownerShareKey, $owner . '/files_encryption/share-keys/' . $ownerPath . '.' . $user . '.shareKey');
+					$rootView->rename($ownerShareKey, $baseDir . '/share-keys/' . $ownerPath . '.' . $user . '.shareKey');
 
 					// try to re-share if file is shared
 					$filesystemView = new \OC_FilesystemView('/');