Merge remote-tracking branch 'refs/remotes/upstream/master'

6 files changed, 142 insertions, 40 deletions

diff --git a/lib/app.php b/lib/app.php
index 662af56d258..108226fc1a1 100644
--- a/lib/app.php
+++ b/lib/app.php
@@ -63,17 +63,17 @@ class OC_App{
 
 		if (!defined('DEBUG') || !DEBUG) {
 			if (is_null($types)
-			    && empty(OC_Util::$core_scripts)
-			    && empty(OC_Util::$core_styles)) {
+				&& empty(OC_Util::$core_scripts)
+				&& empty(OC_Util::$core_styles)) {
 				OC_Util::$core_scripts = OC_Util::$scripts;
-				OC_Util::$scripts = array();
-				OC_Util::$core_styles = OC_Util::$styles;
-				OC_Util::$styles = array();
-			}
+			OC_Util::$scripts = array();
+			OC_Util::$core_styles = OC_Util::$styles;
+			OC_Util::$styles = array();
 		}
-		// return
-		return true;
 	}
+		// return
+	return true;
+}
 
 	/**
 	 * load a single app
@@ -299,7 +299,7 @@ class OC_App{
 		if(OC_Config::getValue('knowledgebaseenabled', true)==true) {
 			$settings = array(
 				array( "id" => "help", "order" => 1000, "href" => OC_Helper::linkToRoute( "settings_help" ), "name" => $l->t("Help"), "icon" => OC_Helper::imagePath( "settings", "help.svg" ))
-			);
+				);
 		}
 
 		// if the user is logged-in
@@ -519,16 +519,16 @@ class OC_App{
 		$forms=array();
 		switch($type) {
 			case 'settings':
-				$source=self::$settingsForms;
-				break;
+			$source=self::$settingsForms;
+			break;
 			case 'admin':
-				$source=self::$adminForms;
-				break;
+			$source=self::$adminForms;
+			break;
 			case 'personal':
-				$source=self::$personalForms;
-				break;
+			$source=self::$personalForms;
+			break;
 			default:
-				return array();
+			return array();
 		}
 		foreach($source as $form) {
 			$forms[]=include $form;
@@ -589,6 +589,72 @@ class OC_App{
 	}
 
 	/**
+	 * @brief: Lists all apps, this is used in apps.php
+	 * @return array
+	 */
+	public static function listAllApps() {
+		$installedApps = OC_App::getAllApps();
+
+		//TODO which apps do we want to blacklist and how do we integrate blacklisting with the multi apps folder feature?
+
+		$blacklist = array('files');//we dont want to show configuration for these
+		$appList = array();
+
+		foreach ( $installedApps as $app ) {
+			if ( array_search( $app, $blacklist ) === false ) {
+
+				$info=OC_App::getAppInfo($app);
+
+				if (!isset($info['name'])) {
+					OC_Log::write('core', 'App id "'.$app.'" has no name in appinfo', OC_Log::ERROR);
+					continue;
+				}
+
+				if ( OC_Appconfig::getValue( $app, 'enabled', 'no') == 'yes' ) {
+					$active = true;
+				} else {
+					$active = false;
+				}
+
+				$info['active'] = $active;
+
+				if(isset($info['shipped']) and ($info['shipped']=='true')) {
+					$info['internal']=true;
+					$info['internallabel']='Internal App';
+				} else {
+					$info['internal']=false;
+					$info['internallabel']='3rd Party App';
+				}
+
+				$info['preview'] = OC_Helper::imagePath('settings', 'trans.png');
+				$info['version'] = OC_App::getAppVersion($app);
+				$appList[] = $info;
+			}
+		}
+		$remoteApps = OC_App::getAppstoreApps();
+		if ( $remoteApps ) {
+	// Remove duplicates
+			foreach ( $appList as $app ) {
+				foreach ( $remoteApps AS $key => $remote ) {
+					if (
+						$app['name'] == $remote['name']
+			// To set duplicate detection to use OCS ID instead of string name,
+			// enable this code, remove the line of code above,
+			// and add <ocs_id>[ID]</ocs_id> to info.xml of each 3rd party app:
+			// OR $app['ocs_id'] == $remote['ocs_id']
+						) {
+						unset( $remoteApps[$key]);
+				}
+			}
+		}
+		$combinedApps = array_merge( $appList, $remoteApps );
+	} else {
+		$combinedApps = $appList;
+	}	
+	return $combinedApps;	
+}
+
+	/**
 	 * @brief: get a list of all apps on apps.owncloud.com
 	 * @return array, multi-dimensional array of apps. Keys: id, name, type, typename, personid, license, detailpage, preview, changed, description
 	 */
diff --git a/lib/base.php b/lib/base.php
index 4b198c4f784..aff3e1d5a11 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -96,7 +96,14 @@ class OC
 		} elseif (strpos($className, 'OCP\\') === 0) {
 			$path = 'public/' . strtolower(str_replace('\\', '/', substr($className, 3)) . '.php');
 		} elseif (strpos($className, 'OCA\\') === 0) {
-			$path = 'apps/' . strtolower(str_replace('\\', '/', substr($className, 3)) . '.php');
+			foreach(self::$APPSROOTS as $appDir) {
+				$path = $appDir['path'] . '/' . strtolower(str_replace('\\', '/', substr($className, 3)) . '.php');
+				$fullPath = stream_resolve_include_path($path);
+				if (file_exists($fullPath)) {
+					require_once $fullPath;
+					return false;
+				}
+			}
 		} elseif (strpos($className, 'Sabre_') === 0) {
 			$path = str_replace('_', '/', $className) . '.php';
 		} elseif (strpos($className, 'Symfony\\Component\\Routing\\') === 0) {
@@ -268,7 +275,7 @@ class OC
 	{
 		// Add the stuff we need always
 		OC_Util::addScript("jquery-1.7.2.min");
-		OC_Util::addScript("jquery-ui-1.8.16.custom.min");
+		OC_Util::addScript("jquery-ui-1.10.0.custom");
 		OC_Util::addScript("jquery-showpassword");
 		OC_Util::addScript("jquery.infieldlabel");
 		OC_Util::addScript("jquery-tipsy");
@@ -282,8 +289,9 @@ class OC
 
 		OC_Util::addStyle("styles");
 		OC_Util::addStyle("multiselect");
-		OC_Util::addStyle("jquery-ui-1.8.16.custom");
+		OC_Util::addStyle("jquery-ui-1.10.0.custom");
 		OC_Util::addStyle("jquery-tipsy");
+		OC_Util::addScript("oc-requesttoken");
 	}
 
 	public static function initSession()
@@ -540,22 +548,6 @@ class OC
 	 */
 	public static function handleRequest()
 	{
-		if (!OC_Config::getValue('installed', false)) {
-			require_once 'core/setup.php';
-			exit();
-		}
-		// Handle redirect URL for logged in users
-		if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
-			$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
-			header('Location: ' . $location);
-			return;
-		}
-		// Handle WebDAV
-		if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
-			header('location: ' . OC_Helper::linkToRemote('webdav'));
-			return;
-		}
-
 		// load all the classpaths from the enabled apps so they are available
 		// in the routing files of each app
 		OC::loadAppClassPaths();
@@ -577,6 +569,24 @@ class OC
 			self::loadCSSFile($param);
 			return;
 		}
+
+		if (!OC_Config::getValue('installed', false)) {
+			require_once 'core/setup.php';
+			exit();
+		}
+		
+		// Handle redirect URL for logged in users
+		if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
+			$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
+			header('Location: ' . $location);
+			return;
+		}
+		// Handle WebDAV
+		if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
+			header('location: ' . OC_Helper::linkToRemote('webdav'));
+			return;
+		}
+
 		// Someone is logged in :
 		if (OC_User::isLoggedIn()) {
 			OC_App::loadApps();
diff --git a/lib/helper.php b/lib/helper.php
index 1a634075bd1..425dc138c5a 100644
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -782,4 +782,23 @@ class OC_Helper {
 		}
 		return true;
 	}
+
+	/**
+	 * Calculate the disc space
+	 */
+	public static function getStorageInfo() {
+		$rootInfo = OC_FileCache::get('');
+		$used = $rootInfo['size'];
+		if ($used < 0) {
+			$used = 0;
+		}
+		$free = OC_Filesystem::free_space();
+		$total = $free + $used;
+		if ($total == 0) {
+			$total = 1; // prevent division by zero
+		}
+		$relative = round(($used / $total) * 10000) / 100;
+
+		return array('free' => $free, 'used' => $used, 'total' => $total, 'relative' => $relative);
+	}
 }
diff --git a/lib/l10n/hu_HU.php b/lib/l10n/hu_HU.php
index c95358011f0..e25de3e1ed6 100644
--- a/lib/l10n/hu_HU.php
+++ b/lib/l10n/hu_HU.php
@@ -5,11 +5,11 @@
 "Users" => "Felhasználók",
 "Apps" => "Alkalmazások",
 "Admin" => "Admin",
-"ZIP download is turned off." => "A ZIP-letöltés nem engedélyezett.",
+"ZIP download is turned off." => "A ZIP-letöltés nincs engedélyezve.",
 "Files need to be downloaded one by one." => "A fájlokat egyenként kell letölteni",
 "Back to Files" => "Vissza a Fájlokhoz",
 "Selected files too large to generate zip file." => "A kiválasztott fájlok túl nagyok a zip tömörítéshez.",
-"couldn't be determined" => "nem sikerült azonosítani",
+"couldn't be determined" => "nem határozható meg",
 "Application is not enabled" => "Az alkalmazás nincs engedélyezve",
 "Authentication error" => "Hitelesítési hiba",
 "Token expired. Please reload page." => "A token lejárt. Frissítse az oldalt.",
diff --git a/lib/l10n/ro.php b/lib/l10n/ro.php
index d3ce066c8c1..3f8e59cdac2 100644
--- a/lib/l10n/ro.php
+++ b/lib/l10n/ro.php
@@ -9,6 +9,7 @@
 "Files need to be downloaded one by one." => "Fișierele trebuie descărcate unul câte unul.",
 "Back to Files" => "Înapoi la fișiere",
 "Selected files too large to generate zip file." => "Fișierele selectate sunt prea mari pentru a genera un fișier zip.",
+"couldn't be determined" => "nu poate fi determinat",
 "Application is not enabled" => "Aplicația nu este activată",
 "Authentication error" => "Eroare la autentificare",
 "Token expired. Please reload page." => "Token expirat. Te rugăm să reîncarci pagina.",
diff --git a/lib/template.php b/lib/template.php
index f7124ebc09c..238d8a8ad0f 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -186,9 +186,15 @@ class OC_Template{
 		$this->l10n = OC_L10N::get($parts[0]);
 
 		// Some headers to enhance security
-		header('X-Frame-Options: Sameorigin');
-		header('X-XSS-Protection: 1; mode=block');
-		header('X-Content-Type-Options: nosniff');
+		header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
+		header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
+		header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
+
+		// Content Security Policy
+		// If you change the standard policy, please also change it in config.sample.php
+		$policy = OC_Config::getValue('custom_csp_policy',  'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *');
+		header('Content-Security-Policy:'.$policy); // Standard
+		header('X-WebKit-CSP:'.$policy); // Older webkit browsers
 
 		$this->findTemplate($name);
 	}