diff options
| -rw-r--r-- | apps/files/ajax/upload.php | 1 | ||||
| -rw-r--r-- | apps/files/triggerupdate.php | 1 | ||||
| -rwxr-xr-x | apps/files_encryption/tests/crypt.php | 34 | ||||
| -rw-r--r-- | apps/files_encryption/tests/keymanager.php | 4 | ||||
| -rw-r--r-- | apps/files_encryption/tests/proxy.php | 2 | ||||
| -rw-r--r-- | apps/files_encryption/tests/stream.php | 12 | ||||
| -rwxr-xr-x | apps/files_encryption/tests/trashbin.php | 4 | ||||
| -rwxr-xr-x | apps/files_encryption/tests/util.php | 12 | ||||
| -rwxr-xr-x | apps/files_encryption/tests/webdav.php | 2 | ||||
| -rw-r--r-- | apps/files_sharing/ajax/publicpreview.php | 3 | ||||
| -rw-r--r-- | apps/files_sharing/appinfo/update.php | 1 | ||||
| -rw-r--r-- | apps/files_sharing/public.php | 6 | ||||
| -rw-r--r-- | lib/private/json.php | 14 | ||||
| -rw-r--r-- | lib/private/template/cssresourcelocator.php | 2 | ||||
| -rwxr-xr-x | lib/private/util.php | 4 | ||||
| -rw-r--r-- | lib/public/json.php | 10 |
16 files changed, 71 insertions, 41 deletions
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php index 0e905f993ac..bdaf6a77d14 100644 --- a/apps/files/ajax/upload.php +++ b/apps/files/ajax/upload.php @@ -34,6 +34,7 @@ if (empty($_POST['dirToken'])) { // resolve reshares $rootLinkItem = OCP\Share::resolveReShare($linkItem); + OCP\JSON::checkUserExists($rootLinkItem['uid_owner']); // Setup FS with owner OC_Util::tearDownFS(); OC_Util::setupFS($rootLinkItem['uid_owner']); diff --git a/apps/files/triggerupdate.php b/apps/files/triggerupdate.php index 0e29edbba35..a37b9823add 100644 --- a/apps/files/triggerupdate.php +++ b/apps/files/triggerupdate.php @@ -6,6 +6,7 @@ if (OC::$CLI) { if (count($argv) === 2) { $file = $argv[1]; list(, $user) = explode('/', $file); + OCP\JSON::checkUserExists($owner); OC_Util::setupFS($user); $view = new \OC\Files\View(''); /** diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index ca14e3e2ccb..388980ad4fd 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -155,7 +155,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { */ function testSymmetricStreamEncryptShortFileContent() { - $filename = 'tmp-' . time() . '.test'; + $filename = 'tmp-' . uniqid() . '.test'; $util = new Encryption\Util(new \OC_FilesystemView(), $this->userId); @@ -214,7 +214,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { function testSymmetricStreamEncryptLongFileContent() { // Generate a a random filename - $filename = 'tmp-' . time() . '.test'; + $filename = 'tmp-' . uniqid() . '.test'; $util = new Encryption\Util(new \OC_FilesystemView(), $this->userId); @@ -297,7 +297,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { */ function testSymmetricStreamDecryptShortFileContent() { - $filename = 'tmp-' . time(); + $filename = 'tmp-' . uniqid(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt:///'. $this->userId . '/files/' . $filename, $this->dataShort); @@ -327,7 +327,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { */ function testSymmetricStreamDecryptLongFileContent() { - $filename = 'tmp-' . time(); + $filename = 'tmp-' . uniqid(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong); @@ -418,7 +418,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { */ function testRenameFile() { - $filename = 'tmp-' . time(); + $filename = 'tmp-' . uniqid(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong); @@ -431,7 +431,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { $this->assertEquals($this->dataLong, $decrypt); - $newFilename = 'tmp-new-' . time(); + $newFilename = 'tmp-new-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); $view->rename($filename, $newFilename); @@ -449,7 +449,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { */ function testMoveFileIntoFolder() { - $filename = 'tmp-' . time(); + $filename = 'tmp-' . uniqid(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong); @@ -462,8 +462,8 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { $this->assertEquals($this->dataLong, $decrypt); - $newFolder = '/newfolder' . time(); - $newFilename = 'tmp-new-' . time(); + $newFolder = '/newfolder' . uniqid(); + $newFilename = 'tmp-new-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); $view->mkdir($newFolder); $view->rename($filename, $newFolder . '/' . $newFilename); @@ -484,8 +484,8 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { $view = new \OC\Files\View('/' . $this->userId . '/files'); - $filename = '/tmp-' . time(); - $folder = '/folder' . time(); + $filename = '/tmp-' . uniqid(); + $folder = '/folder' . uniqid(); $view->mkdir($folder); @@ -500,7 +500,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { $this->assertEquals($this->dataLong, $decrypt); - $newFolder = '/newfolder/subfolder' . time(); + $newFolder = '/newfolder/subfolder' . uniqid(); $view->mkdir('/newfolder'); $view->rename($folder, $newFolder); @@ -519,7 +519,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { * @medium */ function testChangePassphrase() { - $filename = 'tmp-' . time(); + $filename = 'tmp-' . uniqid(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong); @@ -557,7 +557,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { */ function testViewFilePutAndGetContents() { - $filename = '/tmp-' . time(); + $filename = '/tmp-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper @@ -590,7 +590,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { * @large */ function testTouchExistingFile() { - $filename = '/tmp-' . time(); + $filename = '/tmp-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper @@ -614,7 +614,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { * @medium */ function testTouchFile() { - $filename = '/tmp-' . time(); + $filename = '/tmp-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); $view->touch($filename); @@ -638,7 +638,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { * @medium */ function testFopenFile() { - $filename = '/tmp-' . time(); + $filename = '/tmp-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php index 1467979f005..58a57ee5af4 100644 --- a/apps/files_encryption/tests/keymanager.php +++ b/apps/files_encryption/tests/keymanager.php @@ -143,7 +143,7 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $key = $this->randomKey; - $file = 'unittest-' . time() . '.txt'; + $file = 'unittest-' . uniqid() . '.txt'; $util = new Encryption\Util($this->view, $this->userId); @@ -196,7 +196,7 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { function testRecursiveDelShareKeys() { // generate filename - $filename = '/tmp-' . time() . '.txt'; + $filename = '/tmp-' . uniqid() . '.txt'; // create folder structure $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); diff --git a/apps/files_encryption/tests/proxy.php b/apps/files_encryption/tests/proxy.php index 419f95e1a38..c3006274d6d 100644 --- a/apps/files_encryption/tests/proxy.php +++ b/apps/files_encryption/tests/proxy.php @@ -80,7 +80,7 @@ class Test_Encryption_Proxy extends \PHPUnit_Framework_TestCase { // init short data $this->data = 'hats'; - $this->filename = 'enc_proxy_tests-' . time() . '.txt'; + $this->filename = 'enc_proxy_tests-' . uniqid() . '.txt'; } diff --git a/apps/files_encryption/tests/stream.php b/apps/files_encryption/tests/stream.php index 2767bbe512b..fed2e7d89d1 100644 --- a/apps/files_encryption/tests/stream.php +++ b/apps/files_encryption/tests/stream.php @@ -99,7 +99,7 @@ class Test_Encryption_Stream extends \PHPUnit_Framework_TestCase { } function testStreamOptions() { - $filename = '/tmp-' . time(); + $filename = '/tmp-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper @@ -122,7 +122,7 @@ class Test_Encryption_Stream extends \PHPUnit_Framework_TestCase { } function testStreamSetBlocking() { - $filename = '/tmp-' . time(); + $filename = '/tmp-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper @@ -144,7 +144,7 @@ class Test_Encryption_Stream extends \PHPUnit_Framework_TestCase { * @medium */ function testStreamSetTimeout() { - $filename = '/tmp-' . time(); + $filename = '/tmp-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper @@ -163,7 +163,7 @@ class Test_Encryption_Stream extends \PHPUnit_Framework_TestCase { } function testStreamSetWriteBuffer() { - $filename = '/tmp-' . time(); + $filename = '/tmp-' . uniqid(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper @@ -187,9 +187,9 @@ class Test_Encryption_Stream extends \PHPUnit_Framework_TestCase { */ function testStreamFromLocalFile() { - $filename = '/' . $this->userId . '/files/' . 'tmp-' . time().'.txt'; + $filename = '/' . $this->userId . '/files/' . 'tmp-' . uniqid().'.txt'; - $tmpFilename = "/tmp/" . time() . ".txt"; + $tmpFilename = "/tmp/" . uniqid() . ".txt"; // write an encrypted file $cryptedFile = $this->view->file_put_contents($filename, $this->dataShort); diff --git a/apps/files_encryption/tests/trashbin.php b/apps/files_encryption/tests/trashbin.php index 2a41ace4015..2f9ecfd9d5d 100755 --- a/apps/files_encryption/tests/trashbin.php +++ b/apps/files_encryption/tests/trashbin.php @@ -119,7 +119,7 @@ class Test_Encryption_Trashbin extends \PHPUnit_Framework_TestCase { function testDeleteFile() { // generate filename - $filename = 'tmp-' . time() . '.txt'; + $filename = 'tmp-' . uniqid() . '.txt'; // save file with content $cryptedFile = file_put_contents('crypt:///' .\Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1. '/files/'. $filename, $this->dataShort); @@ -223,7 +223,7 @@ class Test_Encryption_Trashbin extends \PHPUnit_Framework_TestCase { function testPermanentDeleteFile() { // generate filename - $filename = 'tmp-' . time() . '.txt'; + $filename = 'tmp-' . uniqid() . '.txt'; // save file with content $cryptedFile = file_put_contents('crypt:///' .$this->userId. '/files/' . $filename, $this->dataShort); diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php index b1904cbadc7..97e3c518dac 100755 --- a/apps/files_encryption/tests/util.php +++ b/apps/files_encryption/tests/util.php @@ -142,8 +142,8 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { self::loginHelper($this->userId); - $unencryptedFile = '/tmpUnencrypted-' . time() . '.txt'; - $encryptedFile = '/tmpEncrypted-' . time() . '.txt'; + $unencryptedFile = '/tmpUnencrypted-' . uniqid() . '.txt'; + $encryptedFile = '/tmpEncrypted-' . uniqid() . '.txt'; // Disable encryption proxy to write a unencrypted file $proxyStatus = \OC_FileProxy::$enabled; @@ -254,7 +254,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { \OC_User::setUserId(\Test_Encryption_Util::TEST_ENCRYPTION_UTIL_USER1); - $filename = '/tmp-' . time() . '.test'; + $filename = '/tmp-' . uniqid() . '.test'; // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; @@ -282,7 +282,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { function testGetFileSize() { \Test_Encryption_Util::loginHelper(\Test_Encryption_Util::TEST_ENCRYPTION_UTIL_USER1); - $filename = 'tmp-' . time(); + $filename = 'tmp-' . uniqid(); $externalFilename = '/' . $this->userId . '/files/' . $filename; // Test for 0 byte files @@ -318,7 +318,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { function testEncryptAll() { - $filename = "/encryptAll" . time() . ".txt"; + $filename = "/encryptAll" . uniqid() . ".txt"; $util = new Encryption\Util($this->view, $this->userId); // disable encryption to upload a unencrypted file @@ -350,7 +350,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { function testDecryptAll() { - $filename = "/decryptAll" . time() . ".txt"; + $filename = "/decryptAll" . uniqid() . ".txt"; $util = new Encryption\Util($this->view, $this->userId); $this->view->file_put_contents($this->userId . '/files/' . $filename, $this->dataShort); diff --git a/apps/files_encryption/tests/webdav.php b/apps/files_encryption/tests/webdav.php index a2a8ce6e34f..8e8b9c53cee 100755 --- a/apps/files_encryption/tests/webdav.php +++ b/apps/files_encryption/tests/webdav.php @@ -113,7 +113,7 @@ class Test_Encryption_Webdav extends \PHPUnit_Framework_TestCase { function testWebdavPUT() { // generate filename - $filename = '/tmp-' . time() . '.txt'; + $filename = '/tmp-' . uniqid() . '.txt'; // set server vars $_SERVER['REQUEST_METHOD'] = 'OPTIONS'; diff --git a/apps/files_sharing/ajax/publicpreview.php b/apps/files_sharing/ajax/publicpreview.php index 54a9806e8bf..a52f522afac 100644 --- a/apps/files_sharing/ajax/publicpreview.php +++ b/apps/files_sharing/ajax/publicpreview.php @@ -39,6 +39,7 @@ if(!isset($linkedItem['uid_owner']) || !isset($linkedItem['file_source'])) { $rootLinkItem = OCP\Share::resolveReShare($linkedItem); $userId = $rootLinkItem['uid_owner']; +OCP\JSON::checkUserExists($rootLinkItem['uid_owner']); \OC_Util::setupFS($userId); \OC\Files\Filesystem::initMountPoints($userId); $view = new \OC\Files\View('/' . $userId . '/files'); @@ -88,4 +89,4 @@ try{ } catch (\Exception $e) { \OC_Response::setStatus(500); \OC_Log::write('core', $e->getmessage(), \OC_Log::DEBUG); -}
\ No newline at end of file +} diff --git a/apps/files_sharing/appinfo/update.php b/apps/files_sharing/appinfo/update.php index 0d827da28ea..4b716e764f4 100644 --- a/apps/files_sharing/appinfo/update.php +++ b/apps/files_sharing/appinfo/update.php @@ -44,6 +44,7 @@ if (version_compare($installedVersion, '0.3', '<')) { $shareType = OCP\Share::SHARE_TYPE_USER; $shareWith = $row['uid_shared_with']; } + OCP\JSON::checkUserExists($row['uid_owner']); OC_User::setUserId($row['uid_owner']); //we need to setup the filesystem for the user, otherwise OC_FileSystem::getRoot will fail and break OC_Util::setupFS($row['uid_owner']); diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php index d050efd5b32..80dd708ee51 100644 --- a/apps/files_sharing/public.php +++ b/apps/files_sharing/public.php @@ -43,10 +43,10 @@ if (isset($_GET['t'])) { $shareOwner = $linkItem['uid_owner']; $path = null; $rootLinkItem = OCP\Share::resolveReShare($linkItem); - $fileOwner = $rootLinkItem['uid_owner']; - if (isset($fileOwner)) { + if (isset($rootLinkItem['uid_owner'])) { + OCP\JSON::checkUserExists($rootLinkItem['uid_owner']); OC_Util::tearDownFS(); - OC_Util::setupFS($fileOwner); + OC_Util::setupFS($rootLinkItem['uid_owner']); $path = \OC\Files\Filesystem::getPath($linkItem['file_source']); } } diff --git a/lib/private/json.php b/lib/private/json.php index 6a9e5a2df5e..5c5d7e3a3da 100644 --- a/lib/private/json.php +++ b/lib/private/json.php @@ -65,6 +65,20 @@ class OC_JSON{ } /** + * Check is a given user exists - send json error msg if not + * @param string $user + */ + public static function checkUserExists($user) { + if (!OCP\User::userExists($user)) { + $l = OC_L10N::get('lib'); + OCP\JSON::error(array('data' => array('message' => $l->t('Unknown user')))); + exit; + } + } + + + + /** * Check if the user is a subadmin, send json error msg if not */ public static function checkSubAdminUser() { diff --git a/lib/private/template/cssresourcelocator.php b/lib/private/template/cssresourcelocator.php index e26daa25827..8e7831ca549 100644 --- a/lib/private/template/cssresourcelocator.php +++ b/lib/private/template/cssresourcelocator.php @@ -22,7 +22,7 @@ class CSSResourceLocator extends ResourceLocator { $app = substr($style, 0, strpos($style, '/')); $style = substr($style, strpos($style, '/')+1); $app_path = \OC_App::getAppPath($app); - $app_url = \OC_App::getAppWebPath($app); + $app_url = $this->webroot . '/index.php/apps/' . $app; if ($this->appendIfExist($app_path, $style.$this->form_factor.'.css', $app_url) || $this->appendIfExist($app_path, $style.'.css', $app_url) ) { diff --git a/lib/private/util.php b/lib/private/util.php index 72afa6f9478..8aa7a074d0d 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -51,6 +51,10 @@ class OC_Util { self::$rootMounted = true; } + if ($user != '' && !OCP\User::userExists($user)) { + return false; + } + //if we aren't logged in, there is no use to set up the filesystem if( $user != "" ) { \OC\Files\Filesystem::addStorageWrapper(function($mountPoint, $storage){ diff --git a/lib/public/json.php b/lib/public/json.php index 831e3ef1cf6..cd5d233ef90 100644 --- a/lib/public/json.php +++ b/lib/public/json.php @@ -167,7 +167,7 @@ class JSON { * @return string json formatted string if not admin user. */ public static function checkAdminUser() { - return(\OC_JSON::checkAdminUser()); + \OC_JSON::checkAdminUser(); } /** @@ -177,4 +177,12 @@ class JSON { public static function encode($data) { return(\OC_JSON::encode($data)); } + + /** + * Check is a given user exists - send json error msg if not + * @param string $user + */ + public static function checkUserExists($user) { + \OC_JSON::checkUserExists($user); + } } |