Merge branch 'master' into oc_error

16 files changed, 138 insertions, 40 deletions

diff --git a/lib/MDB2/Driver/sqlite3.php b/lib/MDB2/Driver/sqlite3.php
index c1f97e70381..39d3fb6727d 100644
--- a/lib/MDB2/Driver/sqlite3.php
+++ b/lib/MDB2/Driver/sqlite3.php
@@ -478,7 +478,7 @@ class MDB2_Driver_sqlite3 extends MDB2_Driver_Common
      * @return result or error object
      * @access protected
      */
-    function &_doQuery($query, $is_manip = false, $connection = null, $database_name = null)
+    function _doQuery($query, $is_manip = false, $connection = null, $database_name = null)
     {
         $this->last_query = $query;
         $result = $this->debug($query, 'query', array('is_manip' => $is_manip, 'when' => 'pre'));
@@ -816,7 +816,7 @@ class MDB2_Driver_sqlite3 extends MDB2_Driver_Common
      * @access public
      * @see bindParam, execute
      */
-    function &prepare($query, $types = null, $result_types = null, $lobs = array())
+    function prepare($query, $types = null, $result_types = null, $lobs = array())
     {
         if ($this->options['emulate_prepared']
             || $this->supported['prepared_statements'] !== true
@@ -928,7 +928,7 @@ class MDB2_Result_sqlite3 extends MDB2_Result_Common
      * @return int data array on success, a MDB2 error on failure
      * @access public
      */
-    function &fetchRow($fetchmode = MDB2_FETCHMODE_DEFAULT, $rownum = null)
+    function fetchRow($fetchmode = MDB2_FETCHMODE_DEFAULT, $rownum = null)
     {
         if (!is_null($rownum)) {
             $seek = $this->seek($rownum);
@@ -1193,7 +1193,7 @@ class MDB2_Statement_sqlite3 extends MDB2_Statement_Common
      *               a MDB2 error on failure
      * @access private
      */
-    function &_execute($result_class = true, $result_wrap_class = false){
+    function _execute($result_class = true, $result_wrap_class = false){
 		if (is_null($this->statement)) {
             $result =& parent::_execute($result_class, $result_wrap_class);
             return $result;
@@ -1305,7 +1305,7 @@ class MDB2_Statement_sqlite3 extends MDB2_Statement_Common
      *               a MDB2 error on failure
      * @access public
      */
-    function &execute($values = null, $result_class = true, $result_wrap_class = false)
+    function execute($values = null, $result_class = true, $result_wrap_class = false)
     {
         if (is_null($this->positions)) {
             return $this->db->raiseError(MDB2_ERROR, null, null,
diff --git a/lib/app.php b/lib/app.php
index 554724d238b..04fc264d11a 100644
--- a/lib/app.php
+++ b/lib/app.php
@@ -63,11 +63,14 @@ class OC_App{
 
 		// The rest comes here
 		$apps = self::getEnabledApps();
+		// prevent app.php from printing output
+		ob_start();
 		foreach( $apps as $app ){
 			if((is_null($types) or self::isType($app,$types))){
 				self::loadApp($app);
 			}
 		}
+		ob_end_clean();
 
 		self::$init = true;
 
@@ -114,7 +117,11 @@ class OC_App{
 			self::$appTypes=OC_Appconfig::getValues(false,'types');
 		}
 
-		return explode(',',self::$appTypes[$app]);
+		if(isset(self::$appTypes[$app])){
+			return explode(',',self::$appTypes[$app]);
+		}else{
+			return array();
+		}
 	}
 
 	/**
@@ -155,7 +162,7 @@ class OC_App{
 	 * This function checks whether or not an app is enabled.
 	 */
 	public static function isEnabled( $app ){
-		if( 'yes' == OC_Appconfig::getValue( $app, 'enabled' )){
+		if( 'files'==$app or 'yes' == OC_Appconfig::getValue( $app, 'enabled' )){
 			return true;
 		}
 
@@ -495,7 +502,6 @@ class OC_App{
 	 * check if any apps need updating and update those
 	 */
 	public static function updateApps(){
-		// The rest comes here
 		$versions = self::getAppVersions();
 		//ensure files app is installed for upgrades
 		if(!isset($versions['files'])){
@@ -505,6 +511,7 @@ class OC_App{
 			$currentVersion=OC_App::getAppVersion($app);
 			if ($currentVersion) {
 				if (version_compare($currentVersion, $installedVersion, '>')) {
+					OC_Log::write($app,'starting app upgrade from '.$installedVersion.' to '.$currentVersion,OC_Log::DEBUG);
 					OC_App::updateApp($app);
 					OC_Appconfig::setValue($app,'installed_version',OC_App::getAppVersion($app));
 				}
@@ -533,6 +540,9 @@ class OC_App{
 		if(file_exists(OC::$APPSROOT.'/apps/'.$appid.'/appinfo/database.xml')){
 			OC_DB::updateDbFromStructure(OC::$APPSROOT.'/apps/'.$appid.'/appinfo/database.xml');
 		}
+		if(!self::isEnabled($appid)){
+			return;
+		}
 		if(file_exists(OC::$APPSROOT.'/apps/'.$appid.'/appinfo/update.php')){
 			include OC::$APPSROOT.'/apps/'.$appid.'/appinfo/update.php';
 		}
diff --git a/lib/archive/tar.php b/lib/archive/tar.php
index 07f0ba5bd8a..4ff78779834 100644
--- a/lib/archive/tar.php
+++ b/lib/archive/tar.php
@@ -12,6 +12,8 @@ class OC_Archive_TAR extends OC_Archive{
 	const PLAIN=0;
 	const GZIP=1;
 	const BZIP=2;
+
+	private $fileList;
 	
 	/**
 	 * @var Archive_Tar tar
@@ -64,6 +66,7 @@ class OC_Archive_TAR extends OC_Archive{
 		mkdir($tmpBase.$path);
 		$result=$this->tar->addModify(array($tmpBase.$path),'',$tmpBase);
 		rmdir($tmpBase.$path);
+		$this->fileList=false;
 		return $result;
 	}
 	/**
@@ -84,6 +87,7 @@ class OC_Archive_TAR extends OC_Archive{
 		}else{
 			$result=$this->tar->addString($path,$source);
 		}
+		$this->fileList=false;
 		return $result;
 	}
 
@@ -103,12 +107,14 @@ class OC_Archive_TAR extends OC_Archive{
 		$types=array(null,'gz','bz');
 		$this->tar=new Archive_Tar($this->path,$types[self::getTarType($this->path)]);
 		$this->tar->createModify(array($tmp),'',$tmp.'/');
+		$this->fileList=false;
+		return true;
 	}
 
 	private function getHeader($file){
 		$headers=$this->tar->listContent();
 		foreach($headers as $header){
-			if($file==$header['filename'] or $file.'/'==$header['filename']){
+			if($file==$header['filename'] or $file.'/'==$header['filename'] or '/'.$file.'/'==$header['filename'] or '/'.$file==$header['filename']){
 				return $header;
 			}
 		}
@@ -144,9 +150,16 @@ class OC_Archive_TAR extends OC_Archive{
 		$folderContent=array();
 		$pathLength=strlen($path);
 		foreach($files as $file){
+			if(substr($file,0,1)=='/'){
+				$file=substr($file,1);
+			}
 			if(substr($file,0,$pathLength)==$path and $file!=$path){
-				if(strrpos(substr($file,0,-1),'/')<=$pathLength){
-					$folderContent[]=substr($file,$pathLength);
+				$result=substr($file,$pathLength);
+				if($pos=strpos($result,'/')){
+					$result=substr($result,0,$pos+1);
+				}
+				if(array_search($result,$folderContent)===false){
+					$folderContent[]=$result;
 				}
 			}
 		}
@@ -157,11 +170,15 @@ class OC_Archive_TAR extends OC_Archive{
 	 * @return array
 	 */
 	function getFiles(){
+		if($this->fileList){
+			return $this->fileList;
+		}
 		$headers=$this->tar->listContent();
 		$files=array();
 		foreach($headers as $header){
 			$files[]=$header['filename'];
 		}
+		$this->fileList=$files;
 		return $files;
 	}
 	/**
@@ -183,7 +200,11 @@ class OC_Archive_TAR extends OC_Archive{
 		if(!$this->fileExists($path)){
 			return false;
 		}
-		$success=$this->tar->extractList(array($path),$tmp);
+		if($this->fileExists('/'.$path)){
+			$success=$this->tar->extractList(array('/'.$path),$tmp);
+		}else{
+			$success=$this->tar->extractList(array($path),$tmp);
+		}
 		if($success){
 			rename($tmp.$path,$dest);
 		}
@@ -205,7 +226,26 @@ class OC_Archive_TAR extends OC_Archive{
 	 * @return bool
 	 */
 	function fileExists($path){
-		return $this->getHeader($path)!==null;
+		$files=$this->getFiles();
+		if((array_search($path,$files)!==false) or (array_search($path.'/',$files)!==false)){
+			return true;
+		}else{
+			$folderPath=$path;
+			if(substr($folderPath,-1,1)!='/'){
+				$folderPath.='/';
+			}
+			$pathLength=strlen($folderPath);
+			foreach($files as $file){
+				if(strlen($file)>$pathLength and substr($file,0,$pathLength)==$folderPath){
+					return true;
+				}
+			}
+		}
+		if(substr($path,0,1)!='/'){//not all programs agree on the use of a leading /
+			return $this->fileExists('/'.$path);
+		}else{
+			return false;
+		}
 	}
 	
 	/**
@@ -217,6 +257,7 @@ class OC_Archive_TAR extends OC_Archive{
 		if(!$this->fileExists($path)){
 			return false;
 		}
+		$this->fileList=false;
 		//no proper way to delete, extract entire archive, delete file and remake archive
 		$tmp=OCP\Files::tmpFolder();
 		$this->tar->extract($tmp);
diff --git a/lib/base.php b/lib/base.php
index 52a497e076d..f4540853ba4 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -79,6 +79,10 @@ class OC{
 	 */
 	public static $REQUESTEDFILE = '';
 	/**
+	 * check if owncloud runs in cli mode
+	 */
+	public static $CLI = false;
+	/**
 	 * SPL autoload
 	 */
 	public static function autoload($className){
@@ -223,6 +227,7 @@ class OC{
 			$installedVersion=OC_Config::getValue('version','0.0.0');
 			$currentVersion=implode('.',OC_Util::getVersion());
 			if (version_compare($currentVersion, $installedVersion, '>')) {
+				OC_Log::write('core','starting upgrade from '.$installedVersion.' to '.$currentVersion,OC_Log::DEBUG);
 				$result=OC_DB::updateDbFromStructure(OC::$SERVERROOT.'/db_structure.xml');
 				if(!$result){
 					echo 'Error while upgrading the database';
@@ -319,8 +324,9 @@ class OC{
 		if (defined('DEBUG') && DEBUG){
 			ini_set('display_errors', 1);
 		}
+		self::$CLI=(php_sapi_name() == 'cli');
 
-		date_default_timezone_set('Europe/Berlin');
+		date_default_timezone_set('UTC');
 		ini_set('arg_separator.output','&amp;');
 
 		//try to configure php to enable big file uploads.
@@ -368,15 +374,17 @@ class OC{
 		self::checkInstalled();
 		self::checkSSL();
 
-                // CSRF protection
-                if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
-                if(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']<>'') $protocol='https://'; else $protocol='http://';
-                $server=$protocol.$_SERVER['SERVER_NAME'];
-                if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) {
-                        $url = $protocol.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php';
-                        header("Location: $url");
-                        exit();
-                } 
+		// CSRF protection
+		if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
+		if(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']<>'') $protocol='https://'; else $protocol='http://';
+		if(!self::$CLI){
+			$server=$protocol.$_SERVER['SERVER_NAME'];
+			if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) {
+				$url = $protocol.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php';
+				header("Location: $url");
+				exit();
+			}
+		}
 
 		self::initSession();
 		self::initTemplateEngine();
diff --git a/lib/files.php b/lib/files.php
index b405cf1749f..e0c78d22c24 100644
--- a/lib/files.php
+++ b/lib/files.php
@@ -52,8 +52,9 @@ class OC_Files {
 	*
 	* @param dir  $dir
 	* @param file $file ; seperated list of files to download
+	* @param boolean $only_header ; boolean to only send header of the request
 	*/
-	public static function get($dir,$files){
+	public static function get($dir,$files, $only_header = false){
 		if(strpos($files,';')){
 			$files=explode(';',$files);
 		}
@@ -118,6 +119,11 @@ class OC_Files {
 			header("HTTP/1.0 403 Forbidden");
 			die('403 Forbidden');
 		}
+		if($only_header){
+			if(!$zip)
+				header("Content-Length: ".OC_Filesystem::filesize($filename));
+			return ;
+		}
 		if($zip){
 			$handle=fopen($filename,'r');
 			if ($handle) {
diff --git a/lib/installer.php b/lib/installer.php
index 731eaaa9030..6417ed1c7a8 100644
--- a/lib/installer.php
+++ b/lib/installer.php
@@ -130,10 +130,19 @@ class OC_Installer{
 
                 // check the code for not allowed calls
                 if(!OC_Installer::checkCode($info['id'],$extractDir)){
+			OC_Log::write('core','App can\'t be installed because of not allowed code in the App',OC_Log::ERROR);
 			OC_Helper::rmdirr($extractDir);
                         return false;
 		}
-		
+
+                // check if the app is compatible with this version of ownCloud
+		$version=OC_Util::getVersion();	
+                if(!isset($info['require']) or ($version[0]>$info['require'])){
+			OC_Log::write('core','App can\'t be installed because it is not compatible with this version of ownCloud',OC_Log::ERROR);
+			OC_Helper::rmdirr($extractDir);
+                        return false;
+		}
+
 		//check if an app with the same id is already installed
 		if(self::isInstalled( $info['id'] )){
 			OC_Log::write('core','App already installed',OC_Log::WARN);
@@ -336,7 +345,7 @@ class OC_Installer{
         public static function checkCode($appname,$folder){
 
 		$blacklist=array(
-			'fopen(',
+			'exec(',
 			'eval('
 			// more evil pattern will go here later
 			// will will also check if an app is using private api once the public api is in place
diff --git a/lib/public/app.php b/lib/public/app.php
index 618ea03ad0f..1a46180bb96 100644
--- a/lib/public/app.php
+++ b/lib/public/app.php
@@ -30,6 +30,9 @@
 // This means that they should be used by apps instead of the internal ownCloud classes
 namespace OCP;
 
+/**
+ * This class provides functions to manage apps in ownCloud
+ */
 class App {
 
         /**
@@ -153,15 +156,6 @@ class App {
 	}
 
 
-        /**
-         * @param string appid
-         * @param $app app
-         * @return OC_FilesystemView
-         */
-        public static function getStorage( $app ){
-		return \OC_App::getStorage( $app );
-	}
-
 
 }
 
diff --git a/lib/public/config.php b/lib/public/config.php
index eb42277292d..762fb6b1800 100644
--- a/lib/public/config.php
+++ b/lib/public/config.php
@@ -34,6 +34,9 @@
  */
 namespace OCP;
 
+/**
+ * This class provides functions to read and write configuration data. configuration can be on a system, application or user level
+ */
 class Config {
 
 
diff --git a/lib/public/db.php b/lib/public/db.php
index 7ba98e2851e..af2e46c9da2 100644
--- a/lib/public/db.php
+++ b/lib/public/db.php
@@ -30,6 +30,9 @@
 // This means that they should be used by apps instead of the internal ownCloud classes
 namespace OCP;
 
+/**
+ * This class provides access to the internal database system. Use this class exlusively if you want to access databases
+ */
 class DB {
 
 
diff --git a/lib/public/files.php b/lib/public/files.php
index e11ab81e16f..24c0193e8a7 100644
--- a/lib/public/files.php
+++ b/lib/public/files.php
@@ -30,6 +30,9 @@
 // This means that they should be used by apps instead of the internal ownCloud classes
 namespace OCP;
 
+/**
+ * This class provides access to the internal filesystem abstraction layer. Use this class exlusively if you want to access files
+ */
 class Files {
 
 
@@ -99,6 +102,15 @@ class Files {
 		return(\OC_Helper::buildNotExistingFileName( $path, $filename ));
 	}
 
+        /**
+         * @param string appid
+         * @param $app app
+         * @return OC_FilesystemView
+         */
+        public static function getStorage( $app ){
+		return \OC_App::getStorage( $app );
+	}
+
 
 
 
diff --git a/lib/public/json.php b/lib/public/json.php
index 7fc6a0b01d4..439721ac6ce 100644
--- a/lib/public/json.php
+++ b/lib/public/json.php
@@ -30,6 +30,9 @@
 // This means that they should be used by apps instead of the internal ownCloud classes
 namespace OCP;
 
+/**
+ * This class provides convinient functions to generate and send JSON data. Usefull for Ajax calls
+ */
 class JSON {
 
 
diff --git a/lib/public/response.php b/lib/public/response.php
index 5049b0c54cf..c35c2654965 100644
--- a/lib/public/response.php
+++ b/lib/public/response.php
@@ -30,6 +30,9 @@
 // This means that they should be used by apps instead of the internal ownCloud classes
 namespace OCP;
 
+/**
+ * This class provides convinient functions to send the correct http response headers
+ */
 class Response {
 
 
diff --git a/lib/public/template.php b/lib/public/template.php
index 3d1ab2c7c2e..33eefea3b80 100644
--- a/lib/public/template.php
+++ b/lib/public/template.php
@@ -99,7 +99,7 @@ function html_select_options($options, $selected, $params=array()) {
 
 
 /**
- * This class provides the templates for owncloud.
+ * This class provides the template system for owncloud. You can use it to load specific templates, add data and generate the html code
  */
 class Template extends \OC_Template {
 
diff --git a/lib/public/user.php b/lib/public/user.php
index 53ff8d25fc5..d351b001e8f 100644
--- a/lib/public/user.php
+++ b/lib/public/user.php
@@ -30,6 +30,9 @@
 // This means that they should be used by apps instead of the internal ownCloud classes
 namespace OCP;
 
+/**
+ * This class provides access to the user management. You can get information about the currently logged in user and the permissions for example
+ */
 class User {
 
 
diff --git a/lib/public/util.php b/lib/public/util.php
index 749531feafd..3d20c5a4635 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -30,6 +30,9 @@
 // This means that they should be used by apps instead of the internal ownCloud classes
 namespace OCP;
 
+/**
+ * This class provides different helper functions to make the life of a developer easier
+ */
 class Util {
 
 
diff --git a/lib/util.php b/lib/util.php
index 3c5eae2c0ad..be7fc00da8f 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -74,7 +74,7 @@ class OC_Util {
 	 * @return array
 	 */
 	public static function getVersion(){
-		return array(3,91,0);
+		return array(4,80,0);
 	}
 
 	/**
@@ -82,7 +82,7 @@ class OC_Util {
 	 * @return string
 	 */
 	public static function getVersionString(){
-		return '4 RC';
+		return '5 pre alpha';
 	}
 
         /**
@@ -311,8 +311,8 @@ class OC_Util {
 	* Redirect to the user default page
 	*/
 	public static function redirectToDefaultPage(){
-		if(isset($_REQUEST['redirect_url'])) {
-			header( 'Location: '.htmlentities($_REQUEST['redirect_url']));
+		if(isset($_REQUEST['redirect_url']) && substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT) {
+			header( 'Location: '.$_REQUEST['redirect_url']);
 		} else {
 			header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
 		}