diff options
-rw-r--r-- | apps/files_sharing/css/public.css | 2 | ||||
-rw-r--r-- | apps/files_sharing/get.php | 88 | ||||
-rw-r--r-- | apps/files_sharing/js/public.js | 18 | ||||
-rw-r--r-- | apps/files_sharing/public.php | 69 | ||||
-rw-r--r-- | apps/files_sharing/templates/authenticate.php | 9 | ||||
-rwxr-xr-x | apps/files_sharing/templates/get.php | 11 | ||||
-rwxr-xr-x | apps/files_sharing/templates/public.php | 13 | ||||
-rw-r--r-- | core/js/js.js | 10 | ||||
-rw-r--r-- | lib/helper.php | 11 | ||||
-rw-r--r-- | lib/public/share.php | 51 | ||||
-rw-r--r-- | lib/public/util.php | 11 |
11 files changed, 178 insertions, 115 deletions
diff --git a/apps/files_sharing/css/public.css b/apps/files_sharing/css/public.css new file mode 100644 index 00000000000..aa76c06175b --- /dev/null +++ b/apps/files_sharing/css/public.css @@ -0,0 +1,2 @@ +#content { position:relative; } +#preview p { text-align: center; }
\ No newline at end of file diff --git a/apps/files_sharing/get.php b/apps/files_sharing/get.php deleted file mode 100644 index bcbe5985fb6..00000000000 --- a/apps/files_sharing/get.php +++ /dev/null @@ -1,88 +0,0 @@ -<?php -// only need authentication apps -$RUNTIME_APPTYPES=array('authentication'); -OC_App::loadApps($RUNTIME_APPTYPES); - -OCP\JSON::checkAppEnabled('files_sharing'); -//FIXME lib_share / OC_Share no longer exists -require_once 'lib_share.php'; - -//get the path of the shared file -if (isset($_GET['token']) && $source = OC_Share::getSource($_GET['token'])) { - $token = $_GET['token']; - // TODO Manipulating the string may not be the best choice. Is there an alternative? - $user = substr($source, 1, strpos($source, "/", 1) - 1); - OC_Util::setupFS($user); - $source = substr($source, strlen("/".$user."/files")); - $subPath = isset( $_GET['path'] ) ? $_GET['path'] : ''; - $root = $source; - $source .= $subPath; - if (!OC_Filesystem::file_exists($source)) { - header("HTTP/1.0 404 Not Found"); - $tmpl = new OCP\Template("", "404", "guest"); - $tmpl->assign("file", $subPath); - $tmpl->printPage(); - exit; - } - if (OC_Filesystem::is_dir($source)) { - $files = array(); - $rootLength = strlen($root); - foreach (OC_Files::getdirectorycontent($source) as $i) { - $i['date'] = OCP\Util::formatDate($i['mtime'] ); - if ($i['type'] == 'file') { - $fileinfo = pathinfo($i['name']); - $i['basename'] = $fileinfo['filename']; - $i['extension'] = isset($fileinfo['extension']) ? ('.'.$fileinfo['extension']) : ''; - } - $i['directory'] = substr($i['directory'], $rootLength); - if ($i['directory'] == "/") { - $i['directory'] = ""; - } - $files[] = $i; - } - // Make breadcrumb - $breadcrumb = array(); - $pathtohere = ""; - foreach (explode("/", $subPath) as $i) { - if ($i != "") { - $pathtohere .= "/$i"; - $breadcrumb[] = array("dir" => $pathtohere, "name" => $i); - } - } - // Load the files we need - OCP\Util::addStyle("files", "files"); - $breadcrumbNav = new OCP\Template("files", "part.breadcrumb", ""); - $breadcrumbNav->assign("breadcrumb", $breadcrumb); - $breadcrumbNav->assign("baseURL", OCP\Util::linkTo("", "public.php")."?service=files&token=".$token."&path="); - $list = new OCP\Template("files", "part.list", ""); - $list->assign("files", $files); - $list->assign("baseURL", OCP\Util::linkTo("", "public.php")."?service=files&token=".$token."&path="); - $list->assign("downloadURL", OCP\Util::linkTo("", "public.php")."?service=files&token=".$token."&path="); - $list->assign("readonly", true); - $tmpl = new OCP\Template("files", "index", "user"); - $tmpl->assign("fileList", $list->fetchPage(), false); - $tmpl->assign("breadcrumb", $breadcrumbNav->fetchPage()); - $tmpl->assign("readonly", true); - $tmpl->assign("allowZipDownload", false); - $tmpl->assign("dir", 'shared dir'); - $tmpl->printPage(); - } else { - //get time mimetype and set the headers - $mimetype = OC_Filesystem::getMimeType($source); - header("Content-Transfer-Encoding: binary"); - OCP\Response::disableCaching(); - header('Content-Disposition: attachment; filename="'.basename($source).'"'); - header("Content-Type: " . $mimetype); - header("Content-Length: " . OC_Filesystem::filesize($source)); - //download the file - @ob_clean(); - //FIXME OC_Share no longer exists - OCP\Util::emitHook('OC_Share', 'public-download', array('source'=>$source, 'token'=>$token)); - OC_Filesystem::readfile($source); - } -} else { - header("HTTP/1.0 404 Not Found"); - $tmpl = new OCP\Template("", "404", "guest"); - $tmpl->printPage(); - die(); -} diff --git a/apps/files_sharing/js/public.js b/apps/files_sharing/js/public.js new file mode 100644 index 00000000000..755382e0736 --- /dev/null +++ b/apps/files_sharing/js/public.js @@ -0,0 +1,18 @@ +// Override download path to files_sharing/public.php +function fileDownloadPath(dir, file) { + return $('#downloadURL').val(); +} + +$(document).ready(function() { + + if (typeof FileActions !== 'undefined') { + var mimetype = $('#mimetype').val(); + // Show file preview if previewer is available, images are already handled by the template + if (mimetype.substr(0, mimetype.indexOf('/')) != 'image') { + // Trigger default action if not download TODO + var action = FileActions.getDefault(mimetype, 'file', FileActions.PERMISSION_READ); + action($('#filename').val()); + } + } + +});
\ No newline at end of file diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php new file mode 100644 index 00000000000..15dac576d98 --- /dev/null +++ b/apps/files_sharing/public.php @@ -0,0 +1,69 @@ +<?php +// Load other apps for file previews +OC_App::loadApps(); +if (isset($_GET['file'])) { + $pos = strpos($_GET['file'], '/', 1); + $uidOwner = substr($_GET['file'], 1, $pos - 1); + if (OCP\User::userExists($uidOwner)) { + OC_Util::setupFS($uidOwner); + $file = substr($_GET['file'], $pos); + $fileSource = OC_Filecache::getId($_GET['file'], ''); + if ($linkItem = OCP\Share::getItemSharedWithByLink('file', $fileSource, $uidOwner)) { + if (isset($linkItem['share_with'])) { + // Check password + if (isset($_POST['password'])) { + $password = $_POST['password']; + $storedHash = $linkItem['share_with']; + $forcePortable = (CRYPT_BLOWFISH != 1); + $hasher = new PasswordHash(8, $forcePortable); + if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash))) { + $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest'); + $tmpl->assign('error', true); + $tmpl->printPage(); + exit(); + } + // Continue on if password is valid + } else { + // Prompt for password + $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest'); + $tmpl->printPage(); + exit(); + } + } + $path = $linkItem['path']; + // Download the file + if (isset($_GET['download'])) { + $mimetype = OC_Filesystem::getMimeType($path); + header('Content-Transfer-Encoding: binary'); + header('Content-Disposition: attachment; filename="'.basename($path).'"'); + header('Content-Type: '.$mimetype); + header('Content-Length: '.OC_Filesystem::filesize($path)); + OCP\Response::disableCaching(); + @ob_clean(); + OC_Filesystem::readfile($path); + } else { + OCP\Util::addStyle('files_sharing', 'public'); + OCP\Util::addScript('files_sharing', 'public'); + OCP\Util::addScript('files', 'fileactions'); + $tmpl = new OCP\Template('files_sharing', 'public', 'guest'); + $tmpl->assign('owner', $uidOwner); + $tmpl->assign('name', basename($path)); + // Show file list + if (OC_Filesystem::is_dir($path)) { + // TODO + } else { + // Show file preview if viewer is available + $tmpl->assign('dir', dirname($path)); + $tmpl->assign('filename', basename($path)); + $tmpl->assign('mimetype', OC_Filesystem::getMimeType($path)); + $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&file='.$_GET['file'].'&download'); + } + $tmpl->printPage(); + } + exit(); + } + } +} +header('HTTP/1.0 404 Not Found'); +$tmpl = new OCP\Template('', '404', 'guest'); +$tmpl->printPage();
\ No newline at end of file diff --git a/apps/files_sharing/templates/authenticate.php b/apps/files_sharing/templates/authenticate.php new file mode 100644 index 00000000000..41064d51464 --- /dev/null +++ b/apps/files_sharing/templates/authenticate.php @@ -0,0 +1,9 @@ +<form action="index.php" method="post"> + <fieldset> + <p> + <label for="password" class="infield"><?php echo $l->t('Password'); ?></label> + <input type="password" name="password" id="password" value="" /> + <input type="submit" value="<?php echo $l->t('Submit'); ?>" /> + </p> + </fieldset> +</form>
\ No newline at end of file diff --git a/apps/files_sharing/templates/get.php b/apps/files_sharing/templates/get.php deleted file mode 100755 index 57275f07a3d..00000000000 --- a/apps/files_sharing/templates/get.php +++ /dev/null @@ -1,11 +0,0 @@ -<table> - <thead> - <tr> - <th id="headerSize"><?php echo $l->t( 'Size' ); ?></th> - <th id="headerDate"><span id="modified"><?php echo $l->t( 'Modified' ); ?></span><span class="selectedActions"><a href="" class="delete"><?php echo $l->t('Delete all')?> <img class="svg" alt="<?php echo $l->t('Delete')?>" src="<?php echo OCP\image_path("core", "actions/delete.svg"); ?>" /></a></span></th> - </tr> - </thead> - <tbody id="fileList" data-readonly="<?php echo $_['readonly'];?>"> - <?php echo($_['fileList']); ?> - </tbody> -</table>
\ No newline at end of file diff --git a/apps/files_sharing/templates/public.php b/apps/files_sharing/templates/public.php new file mode 100755 index 00000000000..065818c2200 --- /dev/null +++ b/apps/files_sharing/templates/public.php @@ -0,0 +1,13 @@ +<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir"> +<input type="hidden" name="downloadURL" value="<?php echo $_['downloadURL'] ?>" id="downloadURL"> +<input type="hidden" name="filename" value="<?php echo $_['filename'] ?>" id="filename"> +<input type="hidden" name="mimetype" value="<?php echo $_['mimetype'] ?>" id="mimetype"> +<div id="preview"> + <p><?php echo $_['owner']; ?> shared the file <?php echo $_['name'] ?> with you</p> +</div> +<div id="content"> + <?php if (substr($_['mimetype'], 0 , strpos($_['mimetype'], '/')) == 'image'): ?> + <img src="<?php echo $_['downloadURL']; ?>" /> + <?php endif; ?> +</div> +<a href="<?php echo $_['downloadURL']; ?>">Download</a>
\ No newline at end of file diff --git a/core/js/js.js b/core/js/js.js index 86e802cd348..0c842f05593 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -29,6 +29,16 @@ function t(app,text){ } t.cache={}; +/** +* Get the path to download a file +* @param file The filename +* @param dir The directory the file is in - e.g. $('#dir').val() +* @return string +*/ +function fileDownloadPath(dir, file) { + return OC.filePath('files', 'ajax', 'download.php')+encodeURIComponent('?files='+encodeURIComponent(file)+'&dir='+encodeURIComponent(dir)); +} + OC={ webroot:oc_webroot, appswebroots:oc_appswebroots, diff --git a/lib/helper.php b/lib/helper.php index 8c362747a27..3cf464dfa7b 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -101,6 +101,17 @@ class OC_Helper { } /** + * @brief Creates an absolute url for public use + * @param $service id + * @returns the url + * + * Returns a absolute url to the given service. + */ + public static function linkToPublic($service, $add_slash = false) { + return self::linkToAbsolute( '', 'public.php') . '?service=' . $service . (($add_slash && $service[strlen($service)-1]!='/')?'/':''); + } + + /** * @brief Creates path to an image * @param $app app * @param $image image name diff --git a/lib/public/share.php b/lib/public/share.php index 9ee7ef0516b..15fb73d8d88 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -32,7 +32,7 @@ class Share { const SHARE_TYPE_USER = 0; const SHARE_TYPE_GROUP = 1; - const SHARE_TYPE_PRIVATE_LINK = 3; + const SHARE_TYPE_LINK = 3; const SHARE_TYPE_EMAIL = 4; const SHARE_TYPE_CONTACT = 5; const SHARE_TYPE_REMOTE = 6; @@ -113,6 +113,17 @@ class Share { } /** + * @brief Get the item of item type shared by a link + * @param string Item type + * @param string Item source + * @param string Owner of link + * @return Item + */ + public static function getItemSharedWithByLink($itemType, $itemSource, $uidOwner) { + return self::getItems($itemType, $itemSource, self::SHARE_TYPE_LINK, null, $uidOwner, self::FORMAT_NONE, null, 1); + } + + /** * @brief Get the shared items of item type owned by the current user * @param string Item type * @param int Format (optional) Format type must be defined by the backend @@ -138,7 +149,7 @@ class Share { * @brief Share an item with a user, group, or via private link * @param string Item type * @param string Item source - * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_PRIVATE_LINK + * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK * @param string User or group the item is being shared with * @param int CRUDS permissions * @return bool Returns true on success or false on failure @@ -198,9 +209,14 @@ class Share { $shareWith = array(); $shareWith['group'] = $group; $shareWith['users'] = array_diff(\OC_Group::usersInGroup($group), array($uidOwner)); - } else if ($shareType === self::SHARE_TYPE_PRIVATE_LINK) { - $shareWith = md5(uniqid($itemSource, true)); - return self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions); + } else if ($shareType === self::SHARE_TYPE_LINK) { + // Generate hash of password - same method as user passwords + if (isset($shareWith)) { + $forcePortable = (CRYPT_BLOWFISH != 1); + $hasher = new \PasswordHash(8, $forcePortable); + $shareWith = $hasher->HashPassword($shareWith.\OC_Config::getValue('passwordsalt', '')); + } + return self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions); } else if ($shareType === self::SHARE_TYPE_CONTACT) { if (!\OC_App::isEnabled('contacts')) { $message = 'Sharing '.$itemSource.' failed, because the contacts app is not enabled'; @@ -262,7 +278,7 @@ class Share { * @brief Unshare an item from a user, group, or delete a private link * @param string Item type * @param string Item source - * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_PRIVATE_LINK + * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK * @param string User or group the item is being shared with * @return Returns true on success or false on failure */ @@ -298,7 +314,7 @@ class Share { * @brief Set the permissions of an item for a specific user or group * @param string Item type * @param string Item source - * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_PRIVATE_LINK + * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK * @param string User or group the item is being shared with * @param int CRUDS permissions * @return Returns true on success or false on failure @@ -407,7 +423,7 @@ class Share { * @brief Get shared items from the database * @param string Item type * @param string Item source or target (optional) - * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, SHARE_TYPE_PRIVATE_LINK, $shareTypeUserAndGroups, or $shareTypeGroupUserUnique + * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, SHARE_TYPE_LINK, $shareTypeUserAndGroups, or $shareTypeGroupUserUnique * @param string User or group the item is being shared with * @param string User that is the owner of shared items (optional) * @param int Format to convert items to with formatItems() @@ -444,9 +460,9 @@ class Share { $queryArgs = array($itemType); } } - if (isset($shareType) && isset($shareWith)) { + if (isset($shareType)) { // Include all user and group items - if ($shareType == self::$shareTypeUserAndGroups) { + if ($shareType == self::$shareTypeUserAndGroups && isset($shareWith)) { $where .= ' AND `share_type` IN (?,?,?)'; $queryArgs[] = self::SHARE_TYPE_USER; $queryArgs[] = self::SHARE_TYPE_GROUP; @@ -459,9 +475,12 @@ class Share { $where .= ' AND `uid_owner` != ?'; $queryArgs[] = $shareWith; } else { - $where .= ' AND `share_type` = ? AND `share_with` = ?'; + $where .= ' AND `share_type` = ?'; $queryArgs[] = $shareType; - $queryArgs[] = $shareWith; + if (isset($shareWith)) { + $where .= ' AND `share_with` = ?'; + $queryArgs[] = $shareWith; + } } } if (isset($uidOwner)) { @@ -650,7 +669,7 @@ class Share { $column = 'path'; } foreach ($items as $item) { - if ($item['share_type'] == self::SHARE_TYPE_PRIVATE_LINK) { + if ($item['share_type'] == self::SHARE_TYPE_LINK) { $statuses[$item[$column]] = true; } else if (!isset($statuses[$item[$column]])) { $statuses[$item[$column]] = false; @@ -670,7 +689,7 @@ class Share { * @brief Put shared item into the database * @param string Item type * @param string Item source - * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_PRIVATE_LINK + * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK * @param string User or group the item is being shared with * @param int CRUDS permissions * @param bool|array Parent folder target (optional) @@ -827,7 +846,7 @@ class Share { * @brief Generate a unique target for the item * @param string Item type * @param string Item source - * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_PRIVATE_LINK + * @param int SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK * @param string User or group the item is being shared with * @return string Item target * @@ -836,7 +855,7 @@ class Share { */ private static function generateTarget($itemType, $itemSource, $shareType, $shareWith, $uidOwner) { $backend = self::getBackend($itemType); - if ($shareType == self::SHARE_TYPE_PRIVATE_LINK) { + if ($shareType == self::SHARE_TYPE_LINK) { return $backend->generateTarget($itemSource, false); } else { if ($itemType == 'file' || $itemType == 'folder') { diff --git a/lib/public/util.php b/lib/public/util.php index 9f6f6f32e1e..8d7303bf7a4 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -144,6 +144,17 @@ class Util { return(\OC_Helper::linkToRemote( $service )); } + /** + * @brief Creates an absolute url for public use + * @param $service id + * @returns the url + * + * Returns a absolute url to the given app and file. + */ + public static function linkToPublic($service) { + return \OC_Helper::linkToPublic($service); + } + /** * @brief Creates an url |