summaryrefslogtreecommitdiffstats
path: root/core/ajax
diff options
context:
space:
mode:
Diffstat (limited to 'core/ajax')
-rw-r--r--core/ajax/appconfig.php27
-rw-r--r--core/ajax/share.php112
2 files changed, 34 insertions, 105 deletions
diff --git a/core/ajax/appconfig.php b/core/ajax/appconfig.php
index 4f26dedc797..05b7572c6d7 100644
--- a/core/ajax/appconfig.php
+++ b/core/ajax/appconfig.php
@@ -9,28 +9,43 @@ OC_Util::checkAdminUser();
OCP\JSON::callCheck();
$action=isset($_POST['action'])?$_POST['action']:$_GET['action'];
+
+if(isset($_POST['app']) || isset($_GET['app'])) {
+ $app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']);
+}
+
+// An admin should not be able to add remote and public services
+// on its own. This should only be possible programmatically.
+// This change is due the fact that an admin may not be expected
+// to execute arbitrary code in every environment.
+if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' || substr($_POST['key'],0,7) === 'public_')) {
+ OC_JSON::error(array('data' => array('message' => 'Unexpected error!')));
+ return;
+}
+
$result=false;
switch($action) {
case 'getValue':
- $result=OC_Appconfig::getValue($_GET['app'], $_GET['key'], $_GET['defaultValue']);
+ $result=OC_Appconfig::getValue($app, $_GET['key'], $_GET['defaultValue']);
break;
case 'setValue':
- $result=OC_Appconfig::setValue($_POST['app'], $_POST['key'], $_POST['value']);
+ $result=OC_Appconfig::setValue($app, $_POST['key'], $_POST['value']);
break;
case 'getApps':
$result=OC_Appconfig::getApps();
break;
case 'getKeys':
- $result=OC_Appconfig::getKeys($_GET['app']);
+ $result=OC_Appconfig::getKeys($app);
break;
case 'hasKey':
- $result=OC_Appconfig::hasKey($_GET['app'], $_GET['key']);
+ $result=OC_Appconfig::hasKey($app, $_GET['key']);
break;
case 'deleteKey':
- $result=OC_Appconfig::deleteKey($_POST['app'], $_POST['key']);
+ $result=OC_Appconfig::deleteKey($app, $_POST['key']);
break;
case 'deleteApp':
- $result=OC_Appconfig::deleteApp($_POST['app']);
+ $result=OC_Appconfig::deleteApp($app);
break;
}
OC_JSON::success(array('data'=>$result));
+
diff --git a/core/ajax/share.php b/core/ajax/share.php
index c251f8e7bae..86ee018e388 100644
--- a/core/ajax/share.php
+++ b/core/ajax/share.php
@@ -85,93 +85,32 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
}
break;
case 'informRecipients':
-
$l = OC_L10N::get('core');
-
$shareType = (int) $_POST['shareType'];
$itemType = $_POST['itemType'];
$itemSource = $_POST['itemSource'];
$recipient = $_POST['recipient'];
- $ownerDisplayName = \OCP\User::getDisplayName();
- $from = \OCP\Util::getDefaultEmailAddress('sharing-noreply');
-
- $noMail = array();
- $recipientList = array();
if($shareType === \OCP\Share::SHARE_TYPE_USER) {
$recipientList[] = $recipient;
} elseif ($shareType === \OCP\Share::SHARE_TYPE_GROUP) {
$recipientList = \OC_Group::usersInGroup($recipient);
}
-
// don't send a mail to the user who shared the file
$recipientList = array_diff($recipientList, array(\OCP\User::getUser()));
- // send mail to all recipients with an email address
- foreach ($recipientList as $recipient) {
- //get correct target folder name
- $email = OC_Preferences::getValue($recipient, 'settings', 'email', '');
-
- if ($email !== '') {
- $displayName = \OCP\User::getDisplayName($recipient);
- $items = \OCP\Share::getItemSharedWithUser($itemType, $itemSource, $recipient);
- $filename = trim($items[0]['file_target'], '/');
- $subject = (string)$l->t('%s shared »%s« with you', array($ownerDisplayName, $filename));
- $expiration = null;
- if (isset($items[0]['expiration'])) {
- try {
- $date = new DateTime($items[0]['expiration']);
- $expiration = $l->l('date', $date->getTimestamp());
- } catch (Exception $e) {
- \OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR);
- }
- }
-
- if ($itemType === 'folder') {
- $foldername = "/Shared/" . $filename;
- } else {
- // if it is a file we can just link to the Shared folder,
- // that's the place where the user will find the file
- $foldername = "/Shared";
- }
-
- $link = \OCP\Util::linkToAbsolute('files', 'index.php', array("dir" => $foldername));
-
- $content = new OC_Template("core", "mail", "");
- $content->assign('link', $link);
- $content->assign('user_displayname', $ownerDisplayName);
- $content->assign('filename', $filename);
- $content->assign('expiration', $expiration);
- $text = $content->fetchPage();
-
- $content = new OC_Template("core", "altmail", "");
- $content->assign('link', $link);
- $content->assign('user_displayname', $ownerDisplayName);
- $content->assign('filename', $filename);
- $content->assign('expiration', $expiration);
- $alttext = $content->fetchPage();
-
- $default_from = OCP\Util::getDefaultEmailAddress('sharing-noreply');
- $from = OCP\Config::getUserValue(\OCP\User::getUser(), 'settings', 'email', $default_from);
-
- // send it out now
- try {
- OCP\Util::sendMail($email, $displayName, $subject, $text, $from, $ownerDisplayName, 1, $alttext);
- } catch (Exception $exception) {
- $noMail[] = \OCP\User::getDisplayName($recipient);
- }
- }
- }
+ $mailNotification = new OC\Share\MailNotifications();
+ $result = $mailNotification->sendInternalShareMail($recipientList, $itemSource, $itemType);
\OCP\Share::setSendMailStatus($itemType, $itemSource, $shareType, true);
- if (empty($noMail)) {
+ if (empty($result)) {
OCP\JSON::success();
} else {
OCP\JSON::error(array(
'data' => array(
'message' => $l->t("Couldn't send mail to following users: %s ",
- implode(', ', $noMail)
+ implode(', ', $result)
)
)
));
@@ -187,56 +126,31 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
break;
case 'email':
- // enable l10n support
- $l = OC_L10N::get('core');
// read post variables
- $user = OCP\USER::getUser();
- $displayName = OCP\User::getDisplayName();
- $type = $_POST['itemType'];
$link = $_POST['link'];
$file = $_POST['file'];
$to_address = $_POST['toaddress'];
+ $mailNotification = new \OC\Share\MailNotifications();
+
$expiration = null;
if (isset($_POST['expiration']) && $_POST['expiration'] !== '') {
try {
$date = new DateTime($_POST['expiration']);
- $expiration = $l->l('date', $date->getTimestamp());
+ $expiration = $date->getTimestamp();
} catch (Exception $e) {
\OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR);
}
}
- // setup the email
- $subject = (string)$l->t('%s shared »%s« with you', array($displayName, $file));
-
- $content = new OC_Template("core", "mail", "");
- $content->assign ('link', $link);
- $content->assign ('type', $type);
- $content->assign ('user_displayname', $displayName);
- $content->assign ('filename', $file);
- $content->assign('expiration', $expiration);
- $text = $content->fetchPage();
-
- $content = new OC_Template("core", "altmail", "");
- $content->assign ('link', $link);
- $content->assign ('type', $type);
- $content->assign ('user_displayname', $displayName);
- $content->assign ('filename', $file);
- $content->assign('expiration', $expiration);
- $alttext = $content->fetchPage();
-
- $default_from = OCP\Util::getDefaultEmailAddress('sharing-noreply');
- $from_address = OCP\Config::getUserValue($user, 'settings', 'email', $default_from );
-
- // send it out now
- try {
- OCP\Util::sendMail($to_address, $to_address, $subject, $text, $from_address, $displayName, 1, $alttext);
- OCP\JSON::success();
- } catch (Exception $exception) {
- OCP\JSON::error(array('data' => array('message' => OC_Util::sanitizeHTML($exception->getMessage()))));
+ $result = $mailNotification->sendLinkShareMail($to_address, $file, $link, $expiration);
+ if($result === true) {
+ \OCP\JSON::success();
+ } else {
+ \OCP\JSON::error(array('data' => array('message' => OC_Util::sanitizeHTML($result))));
}
+
break;
}
} else if (isset($_GET['fetch'])) {