diff options
-rw-r--r-- | index.php | 3 | ||||
-rw-r--r-- | lib/helper.php | 12 | ||||
-rw-r--r-- | lib/ocs.php | 53 | ||||
-rw-r--r-- | lib/ocsclient.php | 54 | ||||
-rw-r--r-- | plugins/publiclink/db_structure.xml | 47 | ||||
-rw-r--r-- | plugins/publiclink/getfile.php | 10 | ||||
-rw-r--r-- | plugins/publiclink/lib_public.php | 77 | ||||
-rw-r--r-- | plugins/publiclink/makelink.php | 13 | ||||
-rwxr-xr-x | plugins/publiclink/plugin.xml | 17 |
9 files changed, 252 insertions, 34 deletions
diff --git a/index.php b/index.php index c744f094e67..8f5c99fcd85 100644 --- a/index.php +++ b/index.php @@ -27,7 +27,8 @@ require_once( 'template.php' ); if( OC_USER::isLoggedIn()){ if( $_GET["logout"] ){ OC_USER::logout(); - OC_TEMPLATE::printGuestPage( "", "logout" ); + header( "Location: $WEBROOT"); + exit(); } else{ header( "Location: ".OC_APPCONFIG::getValue( "core", "defaultpage", "files/index.php" )); diff --git a/lib/helper.php b/lib/helper.php index c51629f21cb..4fff7c28fea 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -36,12 +36,16 @@ class OC_HELPER { public static function linkTo( $app, $file ){ global $WEBROOT; global $SERVERROOT; - + + if(!empty($app)) { + $app .= '/'; + } + // Check if the app is in the app folder - if( file_exists( "$SERVERROOT/apps/$app/$file" )){ - return "$WEBROOT/apps/$app/$file"; + if( file_exists( $SERVERROOT . '/apps/'. $app . $file )){ + return $WEBROOT . '/apps/' . $app . $file; } - return "$WEBROOT/$app/$file"; + return $WEBROOT . '/' . $app . $file; } /** diff --git a/lib/ocs.php b/lib/ocs.php index 2b1e706462a..4e9e6522e8b 100644 --- a/lib/ocs.php +++ b/lib/ocs.php @@ -400,16 +400,16 @@ class OC_OCS { * @return string xml/json */ private static function activityGet($format,$page,$pagesize) { - global $CONFIG_DBTABLEPREFIX; - $user=OC_OCS::checkpassword(); - - $result = OC_DB::query("select count(*) as co from {$CONFIG_DBTABLEPREFIX}log"); + + $query = OC_DB::prepare('select count(*) as co from *PREFIX*log'); + $result = $query->execute(); $entry=$result->fetchRow(); $totalcount=$entry['co']; - OC_DB::free_result($result); - - $result = OC_DB::select("select id,timestamp,user,type,message from {$CONFIG_DBTABLEPREFIX}log order by timestamp desc limit " . ($page*$pagesize) . ",$pagesize"); + + $query=OC_DB::prepare('select id,timestamp,user,type,message from *PREFIX*log order by timestamp desc limit ?,?'); + $result = $query->execute(array(($page*$pagesize),$pagesize))->fetchAll(); + $itemscount=count($result); $url='http://'.substr($_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'],0,-11).''; @@ -512,24 +512,24 @@ class OC_OCS { * @return array */ public static function getData($user,$app="",$key="",$like=false) { - global $CONFIG_DBTABLEPREFIX; - $user=OC_DB::escape($user); - $key=OC_DB::escape($key); - $app=OC_DB::escape($app); $key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy, needs to be replaced with a seperate user field the next time we break db compatibiliy $compareFunction=($like)?'LIKE':'='; if($app){ if (!trim($key)) { - $result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where app='$app' order by `timestamp` desc"); + $query = OC_DB::prepare('select app, `key`,value,`timestamp` from *PREFIX*privatedata where app=? order by `timestamp` desc'); + $result=$query->execute(array($app))->fetchAll(); } else { - $result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where app='$app' and `key` $compareFunction '$key' order by `timestamp` desc"); + $query = OC_DB::prepare("select app, `key`,value,`timestamp` from *PREFIX*privatedata where app=? and `key` $compareFunction ? order by `timestamp` desc"); + $result=$query->execute(array($app,$key))->fetchAll(); } }else{ if (!trim($key)) { - $result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata order by `timestamp` desc"); + $query = OC_DB::prepare('select app, `key`,value,`timestamp` from *PREFIX*privatedata order by `timestamp` desc'); + $result=$query->execute()->fetchAll(); } else { - $result = OC_DB::select("select app, `key`,value,`timestamp` from {$CONFIG_DBTABLEPREFIX}privatedata where `key` $compareFunction '$key' order by `timestamp` desc"); + $query = OC_DB::prepare("select app, `key`,value,`timestamp` from *PREFIX*privatedata where `key` $compareFunction ? order by `timestamp` desc"); + $result=$query->execute(array($key))->fetchAll(); } } $result=self::trimKeys($result,$user); @@ -545,20 +545,18 @@ class OC_OCS { * @return bool */ public static function setData($user, $app, $key, $value) { - global $CONFIG_DBTABLEPREFIX; - $app=OC_DB::escape($app); - $key=OC_DB::escape($key); - $user=OC_DB::escape($user); - $value=OC_DB::escape($value); $key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy - //TODO: prepared statements, locking tables, fancy stuff, error checking/handling - $result=OC_DB::select("select count(*) as co from {$CONFIG_DBTABLEPREFIX}privatedata where `key` = '$key' and app = '$app'"); + //TODO: locking tables, fancy stuff, error checking/handling + $query=OC_DB::prepare("select count(*) as co from *PREFIX*privatedata where `key` = ? and app = ?"); + $result=$query->execute(array($key,$app))->fetchAll(); $totalcount=$result[0]['co']; if ($totalcount != 0) { - $result = OC_DB::query("update {$CONFIG_DBTABLEPREFIX}privatedata set value='$value', `timestamp` = now() where `key` = '$key' and app = '$app'"); + $query=OC_DB::prepare("update *PREFIX*privatedata set value=?, `timestamp` = now() where `key` = ? and app = ?"); + } else { - $result = OC_DB::query("insert into {$CONFIG_DBTABLEPREFIX}privatedata(app, `key`, value, `timestamp`) values('$app', '$key', '$value', now())"); + $result = OC_DB::prepare("insert into *PREFIX*privatedata(value, `key`, app, `timestamp`) values(?, ?, ?, now())"); } + $result = $query->execute(array($value,$key,$app)); if (PEAR::isError($result)){ $entry='DB Error: "'.$result->getMessage().'"<br />'; error_log($entry); @@ -576,13 +574,10 @@ class OC_OCS { * @return string xml/json */ public static function deleteData($user, $app, $key) { - global $CONFIG_DBTABLEPREFIX; - $app=OC_DB::escape($app); - $key=OC_DB::escape($key); - $user=OC_DB::escape($user); $key="$user::$key";//ugly hack for the sake of keeping database scheme compatibiliy //TODO: prepared statements, locking tables, fancy stuff, error checking/handling - $result = OC_DB::query("delete from {$CONFIG_DBTABLEPREFIX}privatedata where `key` = '$key' and app = '$app'"); + $query=OC_DB::prepare("delete from *PREFIX*privatedata where `key` = ? and app = ?"); + $result = $query->execute(array($key,$app)); if (PEAR::isError($result)){ $entry='DB Error: "'.$result->getMessage().'"<br />'; error_log($entry); diff --git a/lib/ocsclient.php b/lib/ocsclient.php new file mode 100644 index 00000000000..0546ef39897 --- /dev/null +++ b/lib/ocsclient.php @@ -0,0 +1,54 @@ +<?php +/** + * ownCloud + * + * @author Frank Karlitschek + * @author Jakob Sack + * @copyright 2010 Frank Karlitschek karlitschek@kde.org + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/** + * This class provides an easy way for apps to store config values in the + * database. + */ + +class OC_OCSCLIENT{ + + /** + * @brief Get all the categories from the OCS server + * @returns array with category ids + * + * This function returns a list of all the application categories on the OCS server + */ + public static function getCategories(){ + + return true; + } + + /** + * @brief Get all the applications from the OCS server + * @returns array with application data + * + * This function returns a list of all the applications on the OCS server + */ + public static function getApplications(){ + + return true; + } + +} +?> diff --git a/plugins/publiclink/db_structure.xml b/plugins/publiclink/db_structure.xml new file mode 100644 index 00000000000..de63b03f445 --- /dev/null +++ b/plugins/publiclink/db_structure.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="ISO-8859-1" ?> +<database> + <name>*dbname*</name> + <create>true</create> + <overwrite>false</overwrite> + <charset>latin1</charset> + <table> + <name>*dbprefix*publiclink</name> + <declaration> + <field> + <name>token</name> + <type>text</type> + <default></default> + <notnull>true</notnull> + <length>40</length> + </field> + <field> + <name>path</name> + <type>text</type> + <default></default> + <notnull>true</notnull> + <length>128</length> + </field> + <field> + <name>user</name> + <type>text</type> + <default> + </default> + <notnull>true</notnull> + <length>64</length> + </field> + <field> + <name>expire_time</name> + <type>timestamp</type> + <notnull>true</notnull> + </field> + <index> + <name>token</name> + <unique>true</unique> + <field> + <name>token</name> + <sorting>ascending</sorting> + </field> + </index> + </declaration> + </table> +</database> diff --git a/plugins/publiclink/getfile.php b/plugins/publiclink/getfile.php new file mode 100644 index 00000000000..c579dc9246c --- /dev/null +++ b/plugins/publiclink/getfile.php @@ -0,0 +1,10 @@ +<?php +$RUNTIME_NOAPPS=true; //no need to load the apps + +require_once '../../lib/base.php'; + +require_once 'lib_public.php'; + +$token=$_GET['token']; +OC_PublicLink::downloadFile($token); +?>
\ No newline at end of file diff --git a/plugins/publiclink/lib_public.php b/plugins/publiclink/lib_public.php new file mode 100644 index 00000000000..494f84fdb7a --- /dev/null +++ b/plugins/publiclink/lib_public.php @@ -0,0 +1,77 @@ +<?php +class OC_PublicLink{ + /** + * create a new public link + * @param string path + * @param int (optional) expiretime time the link expires, as timestamp + */ + public function __construct($path,$expiretime=0){ + if($path && OC_FILESYSTEM::file_exists($path)){ + $token=sha1("$path-$expiretime"); + $user=$_SESSION['user_id']; + $query=OC_DB::prepare("INSERT INTO *PREFIX*publiclink VALUES(?,?,?,?)"); + $result=$query->execute(array($token,$path,$user,$expiretime)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"<br />'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'<br />'; + error_log( $entry ); + die( $entry ); + } + $this->token=$token; + } + } + + /** + * download a file shared by a public link + * @param string token + */ + public static function downloadFile($token){ + //remove expired links + $query=OC_DB::prepare("DELETE FROM *PREFIX*publiclink WHERE expire_time < NOW() AND expire_time!=0"); + $query->execute(); + + //get the path and the user + $query=OC_DB::prepare("SELECT user,path FROM *PREFIX*publiclink WHERE token=?"); + $result=$query->execute(array($token)); + $data=$result->fetchAll(); + if(count($data)>0){ + $path=$data[0]['path']; + $user=$data[0]['user']; + + //login + $_SESSION['user_id']=$user; + + //prepare the filesystem + OC_UTIL::setupFS(); + + //get time mimetype and set the headers + $mimetype=OC_FILESYSTEM::getMimeType($path); + // header('Content-Disposition: attachment; filename="'.basename($path).'"'); + header('Content-Transfer-Encoding: binary'); + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Pragma: public'); + header('Content-Type: ' . $mimetype); + header('Content-Length: ' . OC_FILESYSTEM::filesize($path)); + + //download the file + ob_clean(); + OC_FILESYSTEM::readfile($path); + }else{ + header("HTTP/1.0 404 Not Found"); + echo '404 Not Found'; + die(); + } + } + + /** + * get the token for the public link + * @return string + */ + public function getToken(){ + return $this->token; + } + + private $token; +} +?>
\ No newline at end of file diff --git a/plugins/publiclink/makelink.php b/plugins/publiclink/makelink.php new file mode 100644 index 00000000000..1de65e7ec6f --- /dev/null +++ b/plugins/publiclink/makelink.php @@ -0,0 +1,13 @@ +<?php +$RUNTIME_NOAPPS=true; //no need to load the apps + +require_once '../../lib/base.php'; + +require_once 'lib_public.php'; + +$path=$_GET['path']; +$expire=(isset($_GET['expire']))?$_GET['expire']:0; + +$link=new OC_PublicLink($path,$expire); +echo $link->getToken(); +?>
\ No newline at end of file diff --git a/plugins/publiclink/plugin.xml b/plugins/publiclink/plugin.xml new file mode 100755 index 00000000000..75abed6cf08 --- /dev/null +++ b/plugins/publiclink/plugin.xml @@ -0,0 +1,17 @@ +<?xml version="1.0"?> +<plugin version="1.0"> + <info> + <id>publiclink</id> + <name>Simple file sharing by creating a public link to a file</name> + <version>0.1</version> + <licence>AGPL</licence> + <author>Robin Appelman</author> + <require>1.1</require> + </info> + <runtime> + <include>lib_public.php</include> + </runtime> + <install> + <database>db_structure.xml</database> + </install> +</plugin> |