diff options
Diffstat (limited to 'apps/files/ajax')
| -rw-r--r-- | apps/files/ajax/delete.php | 15 | ||||
| -rw-r--r-- | apps/files/ajax/list.php | 5 | ||||
| -rw-r--r-- | apps/files/ajax/newfile.php | 14 | ||||
| -rw-r--r-- | apps/files/ajax/newfolder.php | 4 | ||||
| -rw-r--r-- | apps/files/ajax/upload.php | 16 |
5 files changed, 41 insertions, 13 deletions
diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php index c69f5a8860c..69f859daa97 100644 --- a/apps/files/ajax/delete.php +++ b/apps/files/ajax/delete.php @@ -9,8 +9,21 @@ OCP\JSON::callCheck(); // Get data $dir = stripslashes($_POST["dir"]); $files = isset($_POST["file"]) ? $_POST["file"] : $_POST["files"]; +$allFiles = isset($_POST["allfiles"]) ? $_POST["allfiles"] : $_POST["allfiles"]; +if ($allFiles === 'true') { + $allFiles = true; +} -$files = json_decode($files); +// delete all files in dir ? +if ($allFiles) { + $files = array(); + $fileList = \OC\Files\Filesystem::getDirectoryContent($dir); + foreach ($fileList as $fileInfo) { + $files[] = $fileInfo['name']; + } +} else { + $files = json_decode($files); +} $filesWithError = ''; $success = true; diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php index 0be38c3b96f..c8286bc15ca 100644 --- a/apps/files/ajax/list.php +++ b/apps/files/ajax/list.php @@ -11,7 +11,8 @@ OCP\JSON::checkLoggedIn(); // Load the files $dir = isset( $_GET['dir'] ) ? $_GET['dir'] : ''; $dir = \OC\Files\Filesystem::normalizePath($dir); -if (!\OC\Files\Filesystem::is_dir($dir . '/')) { +$dirInfo = \OC\Files\Filesystem::getFileInfo($dir); +if (!$dirInfo->getType() === 'dir') { header("HTTP/1.0 404 Not Found"); exit(); } @@ -20,7 +21,7 @@ $doBreadcrumb = isset($_GET['breadcrumb']); $data = array(); $baseUrl = OCP\Util::linkTo('files', 'index.php') . '?dir='; -$permissions = \OCA\Files\Helper::getDirPermissions($dir); +$permissions = $dirInfo->getPermissions(); // Make breadcrumb if($doBreadcrumb) { diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php index 1853098c507..0187b200759 100644 --- a/apps/files/ajax/newfile.php +++ b/apps/files/ajax/newfile.php @@ -50,16 +50,22 @@ $l10n = \OC_L10n::get('files'); $result = array( 'success' => false, 'data' => NULL - ); +); +$trimmedFileName = trim($filename); -if(trim($filename) === '') { +if($trimmedFileName === '') { $result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.')); OCP\JSON::error($result); exit(); } +if($trimmedFileName === '.' || $trimmedFileName === '..') { + $result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName)); + OCP\JSON::error($result); + exit(); +} -if(strpos($filename, '/') !== false) { - $result['data'] = array('message' => (string)$l10n->t('File name must not contain "/". Please choose a different name.')); +if(!OCP\Util::isValidFileName($filename)) { + $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); OCP\JSON::error($result); exit(); } diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php index 4cfcae3090d..b2b4fb27f74 100644 --- a/apps/files/ajax/newfolder.php +++ b/apps/files/ajax/newfolder.php @@ -23,8 +23,8 @@ if(trim($foldername) === '') { exit(); } -if(strpos($foldername, '/') !== false) { - $result['data'] = array('message' => $l10n->t('Folder name must not contain "/". Please choose a different name.')); +if(!OCP\Util::isValidFileName($foldername)) { + $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); OCP\JSON::error($result); exit(); } diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php index 754c34ef088..145f40c50da 100644 --- a/apps/files/ajax/upload.php +++ b/apps/files/ajax/upload.php @@ -22,6 +22,7 @@ if (empty($_POST['dirToken'])) { } else { // return only read permissions for public upload $allowedPermissions = OCP\PERMISSION_READ; + $public_directory = !empty($_POST['subdir']) ? $_POST['subdir'] : '/'; $linkItem = OCP\Share::getShareByToken($_POST['dirToken']); if ($linkItem === false) { @@ -45,7 +46,7 @@ if (empty($_POST['dirToken'])) { $dir = sprintf( "/%s/%s", $path, - isset($_POST['subdir']) ? $_POST['subdir'] : '' + $public_directory ); if (!$dir || empty($dir) || $dir === false) { @@ -112,7 +113,14 @@ if (strpos($dir, '..') === false) { } else { $target = \OC\Files\Filesystem::normalizePath(stripslashes($dir).'/'.$files['name'][$i]); } - + + $directory = \OC\Files\Filesystem::normalizePath(stripslashes($dir)); + if (isset($public_directory)) { + // If we are uploading from the public app, + // we want to send the relative path in the ajax request. + $directory = $public_directory; + } + if ( ! \OC\Files\Filesystem::file_exists($target) || (isset($_POST['resolution']) && $_POST['resolution']==='replace') ) { @@ -140,7 +148,7 @@ if (strpos($dir, '..') === false) { 'uploadMaxFilesize' => $maxUploadFileSize, 'maxHumanFilesize' => $maxHumanFileSize, 'permissions' => $meta['permissions'] & $allowedPermissions, - 'directory' => \OC\Files\Filesystem::normalizePath(stripslashes($dir)), + 'directory' => $directory, ); } @@ -168,7 +176,7 @@ if (strpos($dir, '..') === false) { 'uploadMaxFilesize' => $maxUploadFileSize, 'maxHumanFilesize' => $maxHumanFileSize, 'permissions' => $meta['permissions'] & $allowedPermissions, - 'directory' => \OC\Files\Filesystem::normalizePath(stripslashes($dir)), + 'directory' => $directory, ); } } |