diff options
| author | Robin Appelman <icewind@owncloud.com> | 2012-10-01 14:21:49 +0200 |
|---|---|---|
| committer | Robin Appelman <icewind@owncloud.com> | 2012-10-01 14:21:49 +0200 |
| commit | b7eb3f3dff93762483f6b5a6d647d4855595f318 (patch) | |
| tree | 389035167dc9f1928aadd6f8f637adb9ca867ff6 /lib | |
| parent | 88bca9bc49343906b5b498f4d3837002d346b3af (diff) | |
| parent | 804372947ae5cdaeaa8c92250f4efb4ae54e8a3f (diff) | |
| download | nextcloud-server-b7eb3f3dff93762483f6b5a6d647d4855595f318.tar.gz nextcloud-server-b7eb3f3dff93762483f6b5a6d647d4855595f318.zip | |
merge master into filesystem
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 11 | ||||
| -rw-r--r-- | lib/connector/sabre/node.php | 8 | ||||
| -rw-r--r-- | lib/filecache.php | 14 | ||||
| -rw-r--r-- | lib/filecache/update.php | 13 | ||||
| -rw-r--r-- | lib/filesystem.php | 11 | ||||
| -rw-r--r-- | lib/filesystemview.php | 3 | ||||
| -rw-r--r-- | lib/helper.php | 5 | ||||
| -rw-r--r-- | lib/l10n/de.php | 4 | ||||
| -rw-r--r-- | lib/l10n/oc.php | 24 | ||||
| -rw-r--r-- | lib/public/util.php | 2 | ||||
| -rw-r--r-- | lib/search/provider/file.php | 22 | ||||
| -rw-r--r-- | lib/setup.php | 2 | ||||
| -rw-r--r-- | lib/subadmin.php | 2 | ||||
| -rw-r--r-- | lib/template.php | 2 | ||||
| -rwxr-xr-x | lib/util.php | 75 |
15 files changed, 148 insertions, 50 deletions
diff --git a/lib/base.php b/lib/base.php index 8a095cbbb61..0e98cbf38e6 100644 --- a/lib/base.php +++ b/lib/base.php @@ -246,6 +246,8 @@ class OC{ OC_Util::addScript( "jquery-tipsy" ); OC_Util::addScript( "oc-dialogs" ); OC_Util::addScript( "js" ); + // request protection token MUST be defined after the jquery library but before any $('document').ready() + OC_Util::addScript( "requesttoken" ); OC_Util::addScript( "eventsource" ); OC_Util::addScript( "config" ); //OC_Util::addScript( "multiselect" ); @@ -532,11 +534,7 @@ class OC{ } protected static function tryFormLogin() { - if(!isset($_POST["user"]) - || !isset($_POST['password']) - || !isset($_SESSION['sectoken']) - || !isset($_POST['sectoken']) - || ($_SESSION['sectoken']!=$_POST['sectoken']) ) { + if(!isset($_POST["user"]) || !isset($_POST['password'])) { return false; } @@ -557,7 +555,8 @@ class OC{ else { OC_User::unsetMagicInCookie(); } - OC_Util::redirectToDefaultPage(); + header( 'Location: '.$_SERVER['REQUEST_URI'] ); + exit(); } return true; } diff --git a/lib/connector/sabre/node.php b/lib/connector/sabre/node.php index 55fa0dfde66..bdedc030c88 100644 --- a/lib/connector/sabre/node.php +++ b/lib/connector/sabre/node.php @@ -23,8 +23,7 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IProperties { const GETETAG_PROPERTYNAME = '{DAV:}getetag'; - const LASTMODIFIED_PROPERTYNAME_DEPRECIATED = '{DAV:}lastmodified'; // FIXME: keept for the transition period, can be removed for OC 4.5.1 if the sync client update too - const GETLASTMODIFIED_PROPERTYNAME = '{DAV:}getlastmodified'; + const LASTMODIFIED_PROPERTYNAME = '{DAV:}lastmodified'; /** * The path to the current node @@ -151,9 +150,8 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr $query->execute( array( OC_User::getUser(), $this->path, $propertyName )); } } - else { //FIXME: first part of if statement can be removed together with the LASTMODIFIED_PROPERTYNAME_DEPRECIATED const for oc4.5.1 if the sync client was updated too - if( strcmp( $propertyName, self::LASTMODIFIED_PROPERTYNAME_DEPRECIATED) === 0 || - strcmp( $propertyName, self::GETLASTMODIFIED_PROPERTYNAME) === 0 ) { + else { + if( strcmp( $propertyName, self::LASTMODIFIED_PROPERTYNAME) === 0 ) { $this->touch($propertyValue); } else { if(!array_key_exists( $propertyName, $existing )) { diff --git a/lib/filecache.php b/lib/filecache.php index 07099bcccd5..305ba035fb5 100644 --- a/lib/filecache.php +++ b/lib/filecache.php @@ -488,6 +488,20 @@ class OC_FileCache{ $query->execute(); } } + + /** + * trigger an update for the cache by setting the mtimes to 0 + * @param string $user (optional) + */ + public static function triggerUpdate($user=''){ + if($user) { + $query=OC_DB::prepare('UPDATE `*PREFIX*fscache` SET `mtime`=0 WHERE `user`=? AND `mimetype`="httpd/unix-directory"'); + $query->execute(array($user)); + }else{ + $query=OC_DB::prepare('UPDATE `*PREFIX*fscache` SET `mtime`=0 AND `mimetype`="httpd/unix-directory"'); + $query->execute(); + } + } } //watch for changes and try to keep the cache up to date diff --git a/lib/filecache/update.php b/lib/filecache/update.php index 2b64a2a90ff..1b81f70d77b 100644 --- a/lib/filecache/update.php +++ b/lib/filecache/update.php @@ -81,10 +81,13 @@ class OC_FileCache_Update{ $dh=$view->opendir($path.'/'); if($dh) {//check for changed/new files while (($filename = readdir($dh)) !== false) { - if($filename != '.' and $filename != '..') { + if($filename != '.' and $filename != '..' and $filename != '') { $file=$path.'/'.$filename; - if(self::hasUpdated($file, $root)) { - if($root===false) {//filesystem hooks are only valid for the default root + $isDir=$view->is_dir($file); + if(self::hasUpdated($file, $root, $isDir)) { + if($isDir){ + self::updateFolder($file, $root); + }elseif($root===false) {//filesystem hooks are only valid for the default root OC_Hook::emit('OC_Filesystem', 'post_write', array('path'=>$file)); }else{ self::update($file, $root); @@ -136,7 +139,7 @@ class OC_FileCache_Update{ } /** - * update the filecache according to changes to the fileysystem + * update the filecache according to changes to the filesystem * @param string path * @param string root (optional) */ @@ -211,4 +214,4 @@ class OC_FileCache_Update{ OC_FileCache::increaseSize(dirname($newPath), $oldSize, $root); OC_FileCache::move($oldPath, $newPath); } -}
\ No newline at end of file +} diff --git a/lib/filesystem.php b/lib/filesystem.php index e936dfcce26..0d24b7203bc 100644 --- a/lib/filesystem.php +++ b/lib/filesystem.php @@ -258,7 +258,7 @@ class OC_Filesystem{ $mtime=filemtime(OC::$SERVERROOT.'/config/mount.php'); $previousMTime=OC_Appconfig::getValue('files','mountconfigmtime',0); if($mtime>$previousMTime) {//mount config has changed, filecache needs to be updated - OC_FileCache::clear(); + OC_FileCache::triggerUpdate(); OC_Appconfig::setValue('files','mountconfigmtime',$mtime); } } @@ -539,12 +539,19 @@ class OC_Filesystem{ return self::$defaultInstance->hasUpdated($path,$time); } - static public function removeETagHook($params) { + static public function removeETagHook($params, $root = false) { if (isset($params['path'])) { $path=$params['path']; } else { $path=$params['oldpath']; } + + if ($root) { // reduce path to the required part of it (no 'username/files') + $fakeRootView = new OC_FilesystemView($root); + $count = 1; + $path=str_replace(OC_App::getStorage("files")->getAbsolutePath($path), "", $fakeRootView->getAbsolutePath($path), $count); + } + $path = self::normalizePath($path); OC_Connector_Sabre_Node::removeETagPropertyForPath($path); } diff --git a/lib/filesystemview.php b/lib/filesystemview.php index 210f9dad55a..071fc781f12 100644 --- a/lib/filesystemview.php +++ b/lib/filesystemview.php @@ -451,8 +451,9 @@ class OC_FilesystemView { OC_Filesystem::signal_post_write, array( OC_Filesystem::signal_param_path => $path2) ); - } else { // no real copy, file comes from somewhere else, e.g. version rollback -> just update the file cache without all the other post_write actions + } else { // no real copy, file comes from somewhere else, e.g. version rollback -> just update the file cache and the webdav properties without all the other post_write actions OC_FileCache_Update::update($path2, $this->fakeRoot); + OC_Filesystem::removeETagHook(array("path" => $path2), $this->fakeRoot); } return $result; } diff --git a/lib/helper.php b/lib/helper.php index 3bb30620175..908a61b5a2d 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -33,6 +33,7 @@ class OC_Helper { * @param string $app app * @param string $file file * @param array $args array with param=>value, will be appended to the returned url + * The value of $args will be urlencoded * @return string the url * * Returns a url to the given app and file. @@ -65,7 +66,7 @@ class OC_Helper { if (!empty($args)) { $urlLinkTo .= '?'; foreach($args as $k => $v) { - $urlLinkTo .= '&'.$k.'='.$v; + $urlLinkTo .= '&'.$k.'='.urlencode($v); } } @@ -77,6 +78,7 @@ class OC_Helper { * @param string $app app * @param string $file file * @param array $args array with param=>value, will be appended to the returned url + * The value of $args will be urlencoded * @return string the url * * Returns a absolute url to the given app and file. @@ -368,6 +370,7 @@ class OC_Helper { //trim the character set from the end of the response $mimeType=substr($reply,0,strrpos($reply,' ')); + $mimeType=substr($mimeType,0,strrpos($mimeType,"\n")); //trim ; if (strpos($mimeType, ';') !== false) { diff --git a/lib/l10n/de.php b/lib/l10n/de.php index aea631aba28..8c81be16582 100644 --- a/lib/l10n/de.php +++ b/lib/l10n/de.php @@ -11,10 +11,10 @@ "Selected files too large to generate zip file." => "Die gewählten Dateien sind zu groß, um eine ZIP-Datei zu erstellen.", "Application is not enabled" => "Die Anwendung ist nicht aktiviert", "Authentication error" => "Authentifizierungs-Fehler", -"Token expired. Please reload page." => "Token abgelaufen. Bitte laden Sie die Seite neu.", +"Token expired. Please reload page." => "Token abgelaufen. Bitte lade die Seite neu.", "seconds ago" => "Vor wenigen Sekunden", "1 minute ago" => "Vor einer Minute", -"%d minutes ago" => "Vor %d Minute(n)", +"%d minutes ago" => "Vor %d Minuten", "today" => "Heute", "yesterday" => "Gestern", "%d days ago" => "Vor %d Tag(en)", diff --git a/lib/l10n/oc.php b/lib/l10n/oc.php new file mode 100644 index 00000000000..ffc0588becc --- /dev/null +++ b/lib/l10n/oc.php @@ -0,0 +1,24 @@ +<?php $TRANSLATIONS = array( +"Help" => "Ajuda", +"Personal" => "Personal", +"Settings" => "Configuracion", +"Users" => "Usancièrs", +"Apps" => "Apps", +"Admin" => "Admin", +"ZIP download is turned off." => "Avalcargar los ZIP es inactiu.", +"Files need to be downloaded one by one." => "Los fichièrs devan èsser avalcargats un per un.", +"Back to Files" => "Torna cap als fichièrs", +"Authentication error" => "Error d'autentificacion", +"seconds ago" => "segonda a", +"1 minute ago" => "1 minuta a", +"%d minutes ago" => "%d minutas a", +"today" => "uèi", +"yesterday" => "ièr", +"%d days ago" => "%d jorns a", +"last month" => "mes passat", +"months ago" => "meses a", +"last year" => "an passat", +"years ago" => "ans a", +"up to date" => "a jorn", +"updates check is disabled" => "la verificacion de mesa a jorn es inactiva" +); diff --git a/lib/public/util.php b/lib/public/util.php index 747448e62eb..38da7e82171 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -116,6 +116,7 @@ class Util { * @param $app app * @param $file file * @param $args array with param=>value, will be appended to the returned url + * The value of $args will be urlencoded * @returns the url * * Returns a absolute url to the given app and file. @@ -151,6 +152,7 @@ class Util { * @param $app app * @param $file file * @param $args array with param=>value, will be appended to the returned url + * The value of $args will be urlencoded * @returns the url * * Returns a url to the given app and file. diff --git a/lib/search/provider/file.php b/lib/search/provider/file.php index 135e40667b1..e21278f3918 100644 --- a/lib/search/provider/file.php +++ b/lib/search/provider/file.php @@ -5,29 +5,35 @@ class OC_Search_Provider_File extends OC_Search_Provider{ $files=OC_FileCache::search($query,true); $results=array(); foreach($files as $fileData) { - $file=$fileData['path']; - $mime=$fileData['mimetype']; + $path = $fileData['path']; + $mime = $fileData['mimetype']; + + $name = basename($path); + $text = ''; if($mime=='httpd/unix-directory') { - $results[]=new OC_Search_Result(basename($file),'',OC_Helper::linkTo( 'files', 'index.php', array('dir' => $file)),'Files'); + $link = OC_Helper::linkTo( 'files', 'index.php', array('dir' => $path)); + $type = 'Files'; }else{ - $mimeBase=$fileData['mimepart']; + $link = OC_Helper::linkTo( 'files', 'download.php', array('file' => $path)); + $mimeBase = $fileData['mimepart']; switch($mimeBase) { case 'audio': break; case 'text': - $results[]=new OC_Search_Result(basename($file),'',OC_Helper::linkTo( 'files', 'download.php', array('file' => $file) ),'Text'); + $type = 'Text'; break; case 'image': - $results[]=new OC_Search_Result(basename($file),'',OC_Helper::linkTo( 'files', 'download.php', array('file' => $file) ),'Images'); + $type = 'Images'; break; default: if($mime=='application/xml') { - $results[]=new OC_Search_Result(basename($file),'',OC_Helper::linkTo( 'files', 'download.php', array('file' => $file) ),'Text'); + $type = 'Text'; }else{ - $results[]=new OC_Search_Result(basename($file),'',OC_Helper::linkTo( 'files', 'download.php', array('file' => $file) ),'Files'); + $type = 'Files'; } } } + $results[] = new OC_Search_Result($name, $text, $link, $type); } return $results; } diff --git a/lib/setup.php b/lib/setup.php index c21c8be3957..16b9ec68df6 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -79,7 +79,7 @@ class OC_Setup { } //generate a random salt that is used to salt the local user passwords - $salt=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000); + $salt = OC_Util::generate_random_bytes(30); OC_Config::setValue('passwordsalt', $salt); //write the config file diff --git a/lib/subadmin.php b/lib/subadmin.php index 363e4a97cad..9e83e6da430 100644 --- a/lib/subadmin.php +++ b/lib/subadmin.php @@ -172,7 +172,7 @@ class OC_SubAdmin{ } /** - * @brief delete all SubAdmins8 by gid + * @brief delete all SubAdmins by gid * @param $parameters * @return boolean */ diff --git a/lib/template.php b/lib/template.php index 0987d6f0d88..681b3f0b140 100644 --- a/lib/template.php +++ b/lib/template.php @@ -157,6 +157,7 @@ class OC_Template{ $this->vars = array(); if($renderas == 'user') { $this->vars['requesttoken'] = OC_Util::callRegister(); + $this->vars['requestlifespan'] = OC_Util::$callLifespan; } $parts = explode('/', $app); // fix translation when app is something like core/lostpassword $this->l10n = OC_L10N::get($parts[0]); @@ -374,6 +375,7 @@ class OC_Template{ $page = new OC_TemplateLayout($this->renderas); if($this->renderas == 'user') { $page->assign('requesttoken', $this->vars['requesttoken']); + $page->assign('requestlifespan', $this->vars['requestlifespan']); } // Add custom headers diff --git a/lib/util.php b/lib/util.php index a8d2fcedd20..7b3bf1fddb1 100755 --- a/lib/util.php +++ b/lib/util.php @@ -62,7 +62,7 @@ class OC_Util { $mtime=filemtime($user_root.'/mount.php'); $previousMTime=OC_Preferences::getValue($user,'files','mountconfigmtime',0); if($mtime>$previousMTime) {//mount config has changed, filecache needs to be updated - OC_FileCache::clear($user); + OC_FileCache::triggerUpdate($user); OC_Preferences::setValue($user,'files','mountconfigmtime',$mtime); } } @@ -81,7 +81,7 @@ class OC_Util { */ public static function getVersion() { // hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4,9,0. This is not visible to the user - return array(4,84,10); + return array(4,85,11); } /** @@ -89,7 +89,7 @@ class OC_Util { * @return string */ public static function getVersionString() { - return '4.5 beta 4'; + return '4.5 RC 1'; } /** @@ -314,9 +314,6 @@ class OC_Util { $parameters["username"] = ''; $parameters['user_autofocus'] = true; } - $sectoken=rand(1000000,9999999); - $_SESSION['sectoken']=$sectoken; - $parameters["sectoken"] = $sectoken; if (isset($_REQUEST['redirect_url'])) { $redirect_url = OC_Util::sanitizeHTML($_REQUEST['redirect_url']); } else { @@ -344,7 +341,7 @@ class OC_Util { public static function checkLoggedIn() { // Check if we are a user if( !OC_User::isLoggedIn()) { - header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php', array('redirect_url' => urlencode($_SERVER["REQUEST_URI"])))); + header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php', array('redirect_url' => $_SERVER["REQUEST_URI"]))); exit(); } } @@ -416,16 +413,31 @@ class OC_Util { } /** - * @brief Register an get/post call. This is important to prevent CSRF attacks - * Todo: Write howto + * @brief Static lifespan (in seconds) when a request token expires. + * @see OC_Util::callRegister() + * @see OC_Util::isCallRegistered() + * @description + * Also required for the client side to compute the piont in time when to + * request a fresh token. The client will do so when nearly 97% of the + * timespan coded here has expired. + */ + public static $callLifespan = 3600; // 3600 secs = 1 hour + + /** + * @brief Register an get/post call. Important to prevent CSRF attacks. + * @todo Write howto: CSRF protection guide * @return $token Generated token. + * @description + * Creates a 'request token' (random) and stores it inside the session. + * Ever subsequent (ajax) request must use such a valid token to succeed, + * otherwise the request will be denied as a protection against CSRF. + * The tokens expire after a fixed lifespan. + * @see OC_Util::$callLifespan + * @see OC_Util::isCallRegistered() */ public static function callRegister() { - //mamimum time before token exires - $maxtime=(60*60); // 1 hour - // generate a random token. - $token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000); + $token = self::generate_random_bytes(20); // store the token together with a timestamp in the session. $_SESSION['requesttoken-'.$token]=time(); @@ -436,7 +448,8 @@ class OC_Util { foreach($_SESSION as $key=>$value) { // search all tokens in the session if(substr($key,0,12)=='requesttoken') { - if($value+$maxtime<time()) { + // check if static lifespan has expired + if($value+self::$callLifespan<time()) { // remove outdated tokens unset($_SESSION[$key]); } @@ -447,14 +460,13 @@ class OC_Util { return($token); } - /** * @brief Check an ajax get/post call if the request token is valid. * @return boolean False if request token is not set or is invalid. + * @see OC_Util::$callLifespan + * @see OC_Util::calLRegister() */ public static function isCallRegistered() { - //mamimum time before token exires - $maxtime=(60*60); // 1 hour if(isset($_GET['requesttoken'])) { $token=$_GET['requesttoken']; }elseif(isset($_POST['requesttoken'])) { @@ -467,7 +479,8 @@ class OC_Util { } if(isset($_SESSION['requesttoken-'.$token])) { $timestamp=$_SESSION['requesttoken-'.$token]; - if($timestamp+$maxtime<time()) { + // check if static lifespan has expired + if($timestamp+self::$callLifespan<time()) { return false; }else{ //token valid @@ -535,4 +548,30 @@ class OC_Util { } } + /* + * @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl + * Inspired by gorgo on php.net + * @param Int with the length of the random + * @return String with the random bytes + */ + public static function generate_random_bytes($length = 30) { + if(function_exists('openssl_random_pseudo_bytes')) { + $pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong)); + if($strong == TRUE) { + return substr($pseudo_byte, 0, $length); // Truncate it to match the length + } + } + + // fallback to mt_rand() + $characters = '0123456789'; + $characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; + $charactersLength = strlen($characters)-1; + $pseudo_byte = ""; + + // Select some random characters + for ($i = 0; $i < $length; $i++) { + $pseudo_byte .= $characters[mt_rand(0, $charactersLength)]; + } + return $pseudo_byte; + } } |