diff options
Diffstat (limited to 'core/ajax')
-rw-r--r-- | core/ajax/appconfig.php | 27 | ||||
-rw-r--r-- | core/ajax/share.php | 112 |
2 files changed, 34 insertions, 105 deletions
diff --git a/core/ajax/appconfig.php b/core/ajax/appconfig.php index 4f26dedc797..05b7572c6d7 100644 --- a/core/ajax/appconfig.php +++ b/core/ajax/appconfig.php @@ -9,28 +9,43 @@ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); $action=isset($_POST['action'])?$_POST['action']:$_GET['action']; + +if(isset($_POST['app']) || isset($_GET['app'])) { + $app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']); +} + +// An admin should not be able to add remote and public services +// on its own. This should only be possible programmatically. +// This change is due the fact that an admin may not be expected +// to execute arbitrary code in every environment. +if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' || substr($_POST['key'],0,7) === 'public_')) { + OC_JSON::error(array('data' => array('message' => 'Unexpected error!'))); + return; +} + $result=false; switch($action) { case 'getValue': - $result=OC_Appconfig::getValue($_GET['app'], $_GET['key'], $_GET['defaultValue']); + $result=OC_Appconfig::getValue($app, $_GET['key'], $_GET['defaultValue']); break; case 'setValue': - $result=OC_Appconfig::setValue($_POST['app'], $_POST['key'], $_POST['value']); + $result=OC_Appconfig::setValue($app, $_POST['key'], $_POST['value']); break; case 'getApps': $result=OC_Appconfig::getApps(); break; case 'getKeys': - $result=OC_Appconfig::getKeys($_GET['app']); + $result=OC_Appconfig::getKeys($app); break; case 'hasKey': - $result=OC_Appconfig::hasKey($_GET['app'], $_GET['key']); + $result=OC_Appconfig::hasKey($app, $_GET['key']); break; case 'deleteKey': - $result=OC_Appconfig::deleteKey($_POST['app'], $_POST['key']); + $result=OC_Appconfig::deleteKey($app, $_POST['key']); break; case 'deleteApp': - $result=OC_Appconfig::deleteApp($_POST['app']); + $result=OC_Appconfig::deleteApp($app); break; } OC_JSON::success(array('data'=>$result)); + diff --git a/core/ajax/share.php b/core/ajax/share.php index c251f8e7bae..86ee018e388 100644 --- a/core/ajax/share.php +++ b/core/ajax/share.php @@ -85,93 +85,32 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo } break; case 'informRecipients': - $l = OC_L10N::get('core'); - $shareType = (int) $_POST['shareType']; $itemType = $_POST['itemType']; $itemSource = $_POST['itemSource']; $recipient = $_POST['recipient']; - $ownerDisplayName = \OCP\User::getDisplayName(); - $from = \OCP\Util::getDefaultEmailAddress('sharing-noreply'); - - $noMail = array(); - $recipientList = array(); if($shareType === \OCP\Share::SHARE_TYPE_USER) { $recipientList[] = $recipient; } elseif ($shareType === \OCP\Share::SHARE_TYPE_GROUP) { $recipientList = \OC_Group::usersInGroup($recipient); } - // don't send a mail to the user who shared the file $recipientList = array_diff($recipientList, array(\OCP\User::getUser())); - // send mail to all recipients with an email address - foreach ($recipientList as $recipient) { - //get correct target folder name - $email = OC_Preferences::getValue($recipient, 'settings', 'email', ''); - - if ($email !== '') { - $displayName = \OCP\User::getDisplayName($recipient); - $items = \OCP\Share::getItemSharedWithUser($itemType, $itemSource, $recipient); - $filename = trim($items[0]['file_target'], '/'); - $subject = (string)$l->t('%s shared »%s« with you', array($ownerDisplayName, $filename)); - $expiration = null; - if (isset($items[0]['expiration'])) { - try { - $date = new DateTime($items[0]['expiration']); - $expiration = $l->l('date', $date->getTimestamp()); - } catch (Exception $e) { - \OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR); - } - } - - if ($itemType === 'folder') { - $foldername = "/Shared/" . $filename; - } else { - // if it is a file we can just link to the Shared folder, - // that's the place where the user will find the file - $foldername = "/Shared"; - } - - $link = \OCP\Util::linkToAbsolute('files', 'index.php', array("dir" => $foldername)); - - $content = new OC_Template("core", "mail", ""); - $content->assign('link', $link); - $content->assign('user_displayname', $ownerDisplayName); - $content->assign('filename', $filename); - $content->assign('expiration', $expiration); - $text = $content->fetchPage(); - - $content = new OC_Template("core", "altmail", ""); - $content->assign('link', $link); - $content->assign('user_displayname', $ownerDisplayName); - $content->assign('filename', $filename); - $content->assign('expiration', $expiration); - $alttext = $content->fetchPage(); - - $default_from = OCP\Util::getDefaultEmailAddress('sharing-noreply'); - $from = OCP\Config::getUserValue(\OCP\User::getUser(), 'settings', 'email', $default_from); - - // send it out now - try { - OCP\Util::sendMail($email, $displayName, $subject, $text, $from, $ownerDisplayName, 1, $alttext); - } catch (Exception $exception) { - $noMail[] = \OCP\User::getDisplayName($recipient); - } - } - } + $mailNotification = new OC\Share\MailNotifications(); + $result = $mailNotification->sendInternalShareMail($recipientList, $itemSource, $itemType); \OCP\Share::setSendMailStatus($itemType, $itemSource, $shareType, true); - if (empty($noMail)) { + if (empty($result)) { OCP\JSON::success(); } else { OCP\JSON::error(array( 'data' => array( 'message' => $l->t("Couldn't send mail to following users: %s ", - implode(', ', $noMail) + implode(', ', $result) ) ) )); @@ -187,56 +126,31 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo break; case 'email': - // enable l10n support - $l = OC_L10N::get('core'); // read post variables - $user = OCP\USER::getUser(); - $displayName = OCP\User::getDisplayName(); - $type = $_POST['itemType']; $link = $_POST['link']; $file = $_POST['file']; $to_address = $_POST['toaddress']; + $mailNotification = new \OC\Share\MailNotifications(); + $expiration = null; if (isset($_POST['expiration']) && $_POST['expiration'] !== '') { try { $date = new DateTime($_POST['expiration']); - $expiration = $l->l('date', $date->getTimestamp()); + $expiration = $date->getTimestamp(); } catch (Exception $e) { \OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR); } } - // setup the email - $subject = (string)$l->t('%s shared »%s« with you', array($displayName, $file)); - - $content = new OC_Template("core", "mail", ""); - $content->assign ('link', $link); - $content->assign ('type', $type); - $content->assign ('user_displayname', $displayName); - $content->assign ('filename', $file); - $content->assign('expiration', $expiration); - $text = $content->fetchPage(); - - $content = new OC_Template("core", "altmail", ""); - $content->assign ('link', $link); - $content->assign ('type', $type); - $content->assign ('user_displayname', $displayName); - $content->assign ('filename', $file); - $content->assign('expiration', $expiration); - $alttext = $content->fetchPage(); - - $default_from = OCP\Util::getDefaultEmailAddress('sharing-noreply'); - $from_address = OCP\Config::getUserValue($user, 'settings', 'email', $default_from ); - - // send it out now - try { - OCP\Util::sendMail($to_address, $to_address, $subject, $text, $from_address, $displayName, 1, $alttext); - OCP\JSON::success(); - } catch (Exception $exception) { - OCP\JSON::error(array('data' => array('message' => OC_Util::sanitizeHTML($exception->getMessage())))); + $result = $mailNotification->sendLinkShareMail($to_address, $file, $link, $expiration); + if($result === true) { + \OCP\JSON::success(); + } else { + \OCP\JSON::error(array('data' => array('message' => OC_Util::sanitizeHTML($result)))); } + break; } } else if (isset($_GET['fetch'])) { |