diff options
| -rw-r--r-- | apps/files/ajax/list.php | 2 | ||||
| -rw-r--r-- | apps/files/index.php | 2 | ||||
| -rw-r--r-- | apps/files/js/fileactions.js | 31 | ||||
| -rw-r--r-- | apps/files/js/filelist.js | 3 | ||||
| -rw-r--r-- | apps/files/js/files.js | 16 | ||||
| -rw-r--r-- | apps/files/templates/part.breadcrumb.php | 7 | ||||
| -rw-r--r-- | core/templates/installation.php | 4 |
7 files changed, 44 insertions, 21 deletions
diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php index 92091f42135..878e4cb2159 100644 --- a/apps/files/ajax/list.php +++ b/apps/files/ajax/list.php @@ -25,7 +25,7 @@ if($doBreadcrumb) { } $breadcrumbNav = new OCP\Template( "files", "part.breadcrumb", "" ); - $breadcrumbNav->assign( "breadcrumb", $breadcrumb ); + $breadcrumbNav->assign( "breadcrumb", $breadcrumb, false ); $data['breadcrumb'] = $breadcrumbNav->fetchPage(); } diff --git a/apps/files/index.php b/apps/files/index.php index 54c74167803..a88e1f00741 100644 --- a/apps/files/index.php +++ b/apps/files/index.php @@ -36,7 +36,7 @@ if(!isset($_SESSION['timezone'])) { } OCP\App::setActiveNavigationEntry( 'files_index' ); // Load the files -$dir = isset( $_GET['dir'] ) ? rawurldecode(stripslashes($_GET['dir'])) : ''; +$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : ''; // Redirect if directory does not exist if(!\OC\Files\Filesystem::is_dir($dir.'/')) { header('Location: '.$_SERVER['SCRIPT_NAME'].''); diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js index 40dd9f14a69..80b9c01f838 100644 --- a/apps/files/js/fileactions.js +++ b/apps/files/js/fileactions.js @@ -70,34 +70,43 @@ var FileActions = { } parent.children('a.name').append('<span class="fileactions" />'); var defaultAction = FileActions.getDefault(FileActions.getCurrentMimeType(), FileActions.getCurrentType(), FileActions.getCurrentPermissions()); - var actionHandler = function (parent, action, event) { + + var actionHandler = function (event) { event.stopPropagation(); event.preventDefault(); - FileActions.currentFile = parent; - file = FileActions.getCurrentFile(); - action(file); + + FileActions.currentFile = event.data.elem; + var file = FileActions.getCurrentFile(); + + event.data.actionFunc(file); }; - for (name in actions) { + + $.each(actions, function (name, action) { // NOTE: Temporary fix to prevent rename action in root of Shared directory if (name === 'Rename' && $('#dir').val() === '/Shared') { - continue; + return true; } - if ((name === 'Download' || actions[name] !== defaultAction) && name !== 'Delete') { + + if ((name === 'Download' || action !== defaultAction) && name !== 'Delete') { var img = FileActions.icons[name]; if (img.call) { img = img(file); } var html = '<a href="#" class="action" data-action="'+name+'">'; if (img) { - html += '<img class ="svg" src="' + img + '"/> '; + html += '<img class ="svg" src="' + img + '" /> '; } html += t('files', name) + '</a>'; + var element = $(html); element.data('action', name); - element.click(actionHandler.bind(null, parent, actions[name])); + //alert(element); + element.on('click',{a:null, elem:parent, actionFunc:actions[name]},actionHandler); parent.find('a.name>span.fileactions').append(element); } - } + + }); + if (actions['Delete']) { var img = FileActions.icons['Delete']; if (img.call) { @@ -114,7 +123,7 @@ var FileActions = { element.append($('<img class ="svg" src="' + img + '"/>')); } element.data('action', actions['Delete']); - element.click(actionHandler.bind(null, parent, actions['Delete'])); + element.on('click',{a:null, elem:parent, actionFunc:actions['Delete']},actionHandler); parent.parent().children().last().append(element); } }, diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js index a5550dc9926..5674206632b 100644 --- a/apps/files/js/filelist.js +++ b/apps/files/js/filelist.js @@ -151,6 +151,9 @@ var FileList={ event.stopPropagation(); event.preventDefault(); var newname=input.val(); + if (Files.containsInvalidCharacters(newname)) { + return false; + } if (newname != name) { if (FileList.checkName(name, newname, false)) { newname = name; diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 4307650d4ff..3b33fc19780 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -25,6 +25,18 @@ Files={ delete uploadingFiles[index]; }); procesSelection(); + }, + containsInvalidCharacters:function (name) { + var invalid_characters = ['\\', '/', '<', '>', ':', '"', '|', '?', '*']; + for (var i = 0; i < invalid_characters.length; i++) { + if (name.indexOf(invalid_characters[i]) != -1) { + $('#notification').text(t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); + $('#notification').fadeIn(); + return true; + } + } + $('#notification').fadeOut(); + return false; } }; $(document).ready(function() { @@ -505,9 +517,7 @@ $(document).ready(function() { $(this).append(input); input.focus(); input.change(function(){ - if(type != 'web' && $(this).val().indexOf('/')!=-1){ - $('#notification').text(t('files','Invalid name, \'/\' is not allowed.')); - $('#notification').fadeIn(); + if (type != 'web' && Files.containsInvalidCharacters($(this).val())) { return; } else if( type == 'folder' && $('#dir').val() == '/' && $(this).val() == 'Shared') { $('#notification').text(t('files','Invalid folder name. Usage of "Shared" is reserved by Owncloud')); diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php index ead9ab1ed7d..ba1432c1b8f 100644 --- a/apps/files/templates/part.breadcrumb.php +++ b/apps/files/templates/part.breadcrumb.php @@ -1,6 +1,7 @@ <?php for($i=0; $i<count($_["breadcrumb"]); $i++): - $crumb = $_["breadcrumb"][$i]; ?> - <div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo urlencode($crumb["dir"]);?>' style='background-image:url("<?php echo OCP\image_path('core', 'breadcrumb.png');?>")'> - <a href="<?php echo $_['baseURL'].urlencode($crumb["dir"]); ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a> + $crumb = $_["breadcrumb"][$i]; + $dir = str_replace('+','%20', urlencode($crumb["dir"])); ?> + <div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $dir;?>' style='background-image:url("<?php echo OCP\image_path('core', 'breadcrumb.png');?>")'> + <a href="<?php echo $_['baseURL'].$dir; ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a> </div> <?php endfor;?> diff --git a/core/templates/installation.php b/core/templates/installation.php index a7c4780d5d1..1e7983eae53 100644 --- a/core/templates/installation.php +++ b/core/templates/installation.php @@ -19,7 +19,7 @@ </ul> <?php endif; ?> <?php if(!$_['secureRNG']): ?> - <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;"> + <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7; border-style:solid; border-radius: 5px; border-width:1px; padding:0.5em;"> <legend><strong><?php echo $l->t('Security Warning');?></strong></legend> <span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span> <br/> @@ -27,7 +27,7 @@ </fieldset> <?php endif; ?> <?php if(!$_['htaccessWorking']): ?> - <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;"> + <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7; border-style:solid; border-radius: 5px; border-width:1px; padding:0.5em;"> <legend><strong><?php echo $l->t('Security Warning');?></strong></legend> <span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span> </fieldset> |