diff options
| -rwxr-xr-x | apps/user_webdavauth/templates/settings.php | 2 | ||||
| -rwxr-xr-x | apps/user_webdavauth/user_webdavauth.php | 10 | ||||
| -rw-r--r-- | lib/connector/sabre/locks.php | 30 | ||||
| -rw-r--r-- | lib/db.php | 13 | ||||
| -rw-r--r-- | lib/public/share.php | 12 | ||||
| -rw-r--r-- | lib/setup.php | 11 | ||||
| -rw-r--r-- | tests/lib/dbschema.php | 7 |
7 files changed, 56 insertions, 29 deletions
diff --git a/apps/user_webdavauth/templates/settings.php b/apps/user_webdavauth/templates/settings.php index ec6524ee4f7..e199c32675c 100755 --- a/apps/user_webdavauth/templates/settings.php +++ b/apps/user_webdavauth/templates/settings.php @@ -1,7 +1,7 @@ <form id="webdavauth" action="#" method="post"> <fieldset class="personalblock"> <legend><strong><?php p($l->t('WebDAV Authentication'));?></strong></legend> - <p><label for="webdav_url"><?php p($l->t('URL: http://'));?><input type="text" id="webdav_url" name="webdav_url" value="<?php p($_['webdav_url']); ?>"></label> + <p><label for="webdav_url"><?php p($l->t('URL: '));?><input type="url" placeholder="https://example.com/webdav" id="webdav_url" name="webdav_url" value="<?php p($_['webdav_url']); ?>"></label> <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" id="requesttoken"> <input type="submit" value="Save" /> <br /><?php p($l->t('ownCloud will send the user credentials to this URL. This plugin checks the response and will interpret the HTTP statuscodes 401 and 403 as invalid credentials, and all other responses as valid credentials.')); ?> diff --git a/apps/user_webdavauth/user_webdavauth.php b/apps/user_webdavauth/user_webdavauth.php index 6417e45434d..146034a5d43 100755 --- a/apps/user_webdavauth/user_webdavauth.php +++ b/apps/user_webdavauth/user_webdavauth.php @@ -41,10 +41,16 @@ class OC_USER_WEBDAVAUTH extends OC_User_Backend { } public function checkPassword( $uid, $password ) { - $url= 'http://'.urlencode($uid).':'.urlencode($password).'@'.$this->webdavauth_url; + $arr = explode('://', $this->webdavauth_url, 2); + if( ! isset($arr) OR count($arr) !== 2) { + OC_Log::write('OC_USER_WEBDAVAUTH', 'Invalid Url: "'.$this->webdavauth_url.'" ', 3); + return false; + } + list($webdavauth_protocol, $webdavauth_url_path) = $arr; + $url= $webdavauth_protocol.'://'.urlencode($uid).':'.urlencode($password).'@'.$webdavauth_url_path; $headers = get_headers($url); if($headers==false) { - OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to connect to WebDAV Url: "'.$this->webdavauth_url.'" ', 3); + OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to connect to WebDAV Url: "'.$webdavauth_protocol.'://'.$webdavauth_url_path.'" ', 3); return false; } diff --git a/lib/connector/sabre/locks.php b/lib/connector/sabre/locks.php index 745523c7a5b..cbc495dec19 100644 --- a/lib/connector/sabre/locks.php +++ b/lib/connector/sabre/locks.php @@ -88,9 +88,8 @@ class OC_Connector_Sabre_Locks extends Sabre_DAV_Locks_Backend_Abstract { } $query.=')'; - $stmt = OC_DB::prepare( $query ); - $result = $stmt->execute( $params ); - + $result = OC_DB::executeAudited( $query, $params ); + $lockList = array(); while( $row = $result->fetchRow()) { @@ -127,14 +126,17 @@ class OC_Connector_Sabre_Locks extends Sabre_DAV_Locks_Backend_Abstract { $locks = $this->getLocks($uri, false); $exists = false; foreach($locks as $lock) { - if ($lock->token == $lockInfo->token) $exists = true; + if ($lock->token == $lockInfo->token) { + $exists = true; + break; + } } if ($exists) { - $query = OC_DB::prepare( 'UPDATE `*PREFIX*locks`' - .' SET `owner` = ?, `timeout` = ?, `scope` = ?, `depth` = ?, `uri` = ?, `created` = ?' - .' WHERE `userid` = ? AND `token` = ?' ); - $result = $query->execute( array( + $sql = 'UPDATE `*PREFIX*locks`' + .' SET `owner` = ?, `timeout` = ?, `scope` = ?, `depth` = ?, `uri` = ?, `created` = ?' + .' WHERE `userid` = ? AND `token` = ?'; + $result = OC_DB::executeAudited( $sql, array( $lockInfo->owner, $lockInfo->timeout, $lockInfo->scope, @@ -145,10 +147,10 @@ class OC_Connector_Sabre_Locks extends Sabre_DAV_Locks_Backend_Abstract { $lockInfo->token) ); } else { - $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*locks`' - .' (`userid`,`owner`,`timeout`,`scope`,`depth`,`uri`,`created`,`token`)' - .' VALUES (?,?,?,?,?,?,?,?)' ); - $result = $query->execute( array( + $sql = 'INSERT INTO `*PREFIX*locks`' + .' (`userid`,`owner`,`timeout`,`scope`,`depth`,`uri`,`created`,`token`)' + .' VALUES (?,?,?,?,?,?,?,?)'; + $result = OC_DB::executeAudited( $sql, array( OC_User::getUser(), $lockInfo->owner, $lockInfo->timeout, @@ -173,8 +175,8 @@ class OC_Connector_Sabre_Locks extends Sabre_DAV_Locks_Backend_Abstract { */ public function unlock($uri, Sabre_DAV_Locks_LockInfo $lockInfo) { - $query = OC_DB::prepare( 'DELETE FROM `*PREFIX*locks` WHERE `userid` = ? AND `uri` = ? AND `token` = ?' ); - $result = $query->execute( array(OC_User::getUser(), $uri, $lockInfo->token)); + $sql = 'DELETE FROM `*PREFIX*locks` WHERE `userid` = ? AND `uri` = ? AND `token` = ?'; + $result = OC_DB::executeAudited( $sql, array(OC_User::getUser(), $uri, $lockInfo->token)); return $result->numRows() === 1; diff --git a/lib/db.php b/lib/db.php index cd96bcf9d31..a6b81aaba69 100644 --- a/lib/db.php +++ b/lib/db.php @@ -460,7 +460,7 @@ class OC_DB { $row = $result->fetchRow(); self::raiseExceptionOnError($row, 'fetching row for insertid failed'); return $row['id']; - } else if( $type === 'mssql') { + } else if( $type === 'mssql' || $type === 'oci') { if($table !== null) { $prefix = OC_Config::getValue( "dbtableprefix", "oc_" ); $table = str_replace( '*PREFIX*', $prefix, $table ); @@ -594,6 +594,11 @@ class OC_DB { $CONFIG_DBTYPE = OC_Config::getValue( "dbtype", "sqlite" ); self::connectScheme(); + + if(OC_Config::getValue('dbtype', 'sqlite')==='oci') { + //set dbname, it is unset because oci uses 'service' to connect + self::$schema->db->database_name=self::$schema->db->dsn['username']; + } // read file $content = file_get_contents( $file ); @@ -617,6 +622,12 @@ class OC_DB { $content = str_replace( '<default>0000-00-00 00:00:00</default>', '<default>CURRENT_TIMESTAMP</default>', $content ); } + if(OC_Config::getValue('dbtype', 'sqlite')==='oci') { + unset($previousSchema['charset']); //or MDB2 tries SHUTDOWN IMMEDIATE + $oldname = $previousSchema['name']; + $previousSchema['name']=OC_Config::getValue( "dbuser", $oldname ); + //TODO check identifiers are at most 30 chars long + } file_put_contents( $file2, $content ); $op = self::$schema->updateDatabase($file2, $previousSchema, array(), false); diff --git a/lib/public/share.php b/lib/public/share.php index 6a26101a1ce..122ab3fa030 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -1586,10 +1586,10 @@ class Share { public static function post_removeFromGroup($arguments) { // TODO Don't call if user deleted? - $query = \OC_DB::prepare('SELECT `id`, `share_type` FROM `*PREFIX*share`' - .' WHERE (`share_type` = ? AND `share_with` = ?) OR (`share_type` = ? AND `share_with` = ?)'); - $result = $query->execute(array(self::SHARE_TYPE_GROUP, $arguments['gid'], self::$shareTypeGroupUserUnique, - $arguments['uid'])); + $sql = 'SELECT `id`, `share_type` FROM `*PREFIX*share`' + .' WHERE (`share_type` = ? AND `share_with` = ?) OR (`share_type` = ? AND `share_with` = ?)'; + $result = \OC_DB::executeAudited($sql, array(self::SHARE_TYPE_GROUP, $arguments['gid'], + self::$shareTypeGroupUserUnique, $arguments['uid'])); while ($item = $result->fetchRow()) { if ($item['share_type'] == self::SHARE_TYPE_GROUP) { // Delete all reshares by this user of the group share @@ -1601,8 +1601,8 @@ class Share { } public static function post_deleteGroup($arguments) { - $query = \OC_DB::prepare('SELECT id FROM `*PREFIX*share` WHERE `share_type` = ? AND `share_with` = ?'); - $result = $query->execute(array(self::SHARE_TYPE_GROUP, $arguments['gid'])); + $sql = 'SELECT `id` FROM `*PREFIX*share` WHERE `share_type` = ? AND `share_with` = ?'; + $result = \OC_DB::executeAudited($sql, array(self::SHARE_TYPE_GROUP, $arguments['gid'])); while ($item = $result->fetchRow()) { self::delete($item['id']); } diff --git a/lib/setup.php b/lib/setup.php index 1cbc83eed9a..61ef7d22b11 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -4,7 +4,7 @@ class DatabaseSetupException extends Exception { private $hint; - public function __construct($message, $hint, $code = 0, Exception $previous = null) { + public function __construct($message, $hint = '', $code = 0, Exception $previous = null) { $this->hint = $hint; parent::__construct($message, $code, $previous); } @@ -133,12 +133,15 @@ class OC_Setup { $dbuser = $options['dbuser']; $dbpass = $options['dbpass']; $dbname = $options['dbname']; - $dbtablespace = $options['dbtablespace']; + if (array_key_exists('dbtablespace', $options)) { + $dbtablespace = $options['dbtablespace']; + } else { + $dbtablespace = 'USERS'; + } $dbhost = isset($options['dbhost'])?$options['dbhost']:''; $dbtableprefix = isset($options['dbtableprefix']) ? $options['dbtableprefix'] : 'oc_'; OC_Config::setValue('dbname', $dbname); - OC_Config::setValue('dbtablespace', $dbtablespace); OC_Config::setValue('dbhost', $dbhost); OC_Config::setValue('dbtableprefix', $dbtableprefix); @@ -446,7 +449,7 @@ class OC_Setup { } private static function setupOCIDatabase($dbhost, $dbuser, $dbpass, $dbname, $dbtableprefix, $dbtablespace, - $username) { + $username) { $l = self::getTrans(); $e_host = addslashes($dbhost); $e_dbname = addslashes($dbname); diff --git a/tests/lib/dbschema.php b/tests/lib/dbschema.php index 6631c929cf2..59f203993ef 100644 --- a/tests/lib/dbschema.php +++ b/tests/lib/dbschema.php @@ -94,13 +94,18 @@ class Test_DBSchema extends PHPUnit_Framework_TestCase { break; case 'pgsql': $sql = "SELECT tablename AS table_name, schemaname AS schema_name " - . "FROM pg_tables WHERE schemaname NOT LIKE 'pg_%' " + . "FROM pg_tables WHERE schemaname NOT LIKE 'pg_%' " . "AND schemaname != 'information_schema' " . "AND tablename = '".$table."'"; $query = OC_DB::prepare($sql); $result = $query->execute(array()); $exists = $result && $result->fetchOne(); break; + case 'oci': + $sql = 'SELECT table_name FROM user_tables WHERE table_name = ?'; + $result = \OC_DB::executeAudited($sql, array($table)); + $exists = (bool)$result->fetchOne(); //oracle uses MDB2 and returns null + break; case 'mssql': $sql = "SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '{$table}'"; $query = OC_DB::prepare($sql); |