diff options
Diffstat (limited to 'core/ajax')
-rw-r--r-- | core/ajax/appconfig.php | 27 | ||||
-rw-r--r-- | core/ajax/preview.php | 31 | ||||
-rw-r--r-- | core/ajax/share.php | 131 | ||||
-rw-r--r-- | core/ajax/update.php | 9 |
4 files changed, 71 insertions, 127 deletions
diff --git a/core/ajax/appconfig.php b/core/ajax/appconfig.php index 4f26dedc797..05b7572c6d7 100644 --- a/core/ajax/appconfig.php +++ b/core/ajax/appconfig.php @@ -9,28 +9,43 @@ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); $action=isset($_POST['action'])?$_POST['action']:$_GET['action']; + +if(isset($_POST['app']) || isset($_GET['app'])) { + $app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']); +} + +// An admin should not be able to add remote and public services +// on its own. This should only be possible programmatically. +// This change is due the fact that an admin may not be expected +// to execute arbitrary code in every environment. +if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' || substr($_POST['key'],0,7) === 'public_')) { + OC_JSON::error(array('data' => array('message' => 'Unexpected error!'))); + return; +} + $result=false; switch($action) { case 'getValue': - $result=OC_Appconfig::getValue($_GET['app'], $_GET['key'], $_GET['defaultValue']); + $result=OC_Appconfig::getValue($app, $_GET['key'], $_GET['defaultValue']); break; case 'setValue': - $result=OC_Appconfig::setValue($_POST['app'], $_POST['key'], $_POST['value']); + $result=OC_Appconfig::setValue($app, $_POST['key'], $_POST['value']); break; case 'getApps': $result=OC_Appconfig::getApps(); break; case 'getKeys': - $result=OC_Appconfig::getKeys($_GET['app']); + $result=OC_Appconfig::getKeys($app); break; case 'hasKey': - $result=OC_Appconfig::hasKey($_GET['app'], $_GET['key']); + $result=OC_Appconfig::hasKey($app, $_GET['key']); break; case 'deleteKey': - $result=OC_Appconfig::deleteKey($_POST['app'], $_POST['key']); + $result=OC_Appconfig::deleteKey($app, $_POST['key']); break; case 'deleteApp': - $result=OC_Appconfig::deleteApp($_POST['app']); + $result=OC_Appconfig::deleteApp($app); break; } OC_JSON::success(array('data'=>$result)); + diff --git a/core/ajax/preview.php b/core/ajax/preview.php index af0f0493f4c..526719e8a1b 100644 --- a/core/ajax/preview.php +++ b/core/ajax/preview.php @@ -7,34 +7,39 @@ */ \OC_Util::checkLoggedIn(); -$file = array_key_exists('file', $_GET) ? (string) urldecode($_GET['file']) : ''; -$maxX = array_key_exists('x', $_GET) ? (int) $_GET['x'] : '36'; -$maxY = array_key_exists('y', $_GET) ? (int) $_GET['y'] : '36'; -$scalingUp = array_key_exists('scalingup', $_GET) ? (bool) $_GET['scalingup'] : true; +$file = array_key_exists('file', $_GET) ? (string)$_GET['file'] : ''; +$maxX = array_key_exists('x', $_GET) ? (int)$_GET['x'] : '36'; +$maxY = array_key_exists('y', $_GET) ? (int)$_GET['y'] : '36'; +$scalingUp = array_key_exists('scalingup', $_GET) ? (bool)$_GET['scalingup'] : true; +$always = array_key_exists('forceIcon', $_GET) ? (bool)$_GET['forceIcon'] : true; -if($file === '') { +if ($file === '') { //400 Bad Request \OC_Response::setStatus(400); \OC_Log::write('core-preview', 'No file parameter was passed', \OC_Log::DEBUG); exit; } -if($maxX === 0 || $maxY === 0) { +if ($maxX === 0 || $maxY === 0) { //400 Bad Request \OC_Response::setStatus(400); \OC_Log::write('core-preview', 'x and/or y set to 0', \OC_Log::DEBUG); exit; } -try{ +try { $preview = new \OC\Preview(\OC_User::getUser(), 'files'); - $preview->setFile($file); - $preview->setMaxX($maxX); - $preview->setMaxY($maxY); - $preview->setScalingUp($scalingUp); + if (!$always and !$preview->isMimeSupported(\OC\Files\Filesystem::getMimeType($file))) { + \OC_Response::setStatus(404); + } else { + $preview->setFile($file); + $preview->setMaxX($maxX); + $preview->setMaxY($maxY); + $preview->setScalingUp($scalingUp); + } $preview->show(); -}catch(\Exception $e) { +} catch (\Exception $e) { \OC_Response::setStatus(500); \OC_Log::write('core', $e->getmessage(), \OC_Log::DEBUG); -}
\ No newline at end of file +} diff --git a/core/ajax/share.php b/core/ajax/share.php index 8b48effb458..3f04e1e4ad1 100644 --- a/core/ajax/share.php +++ b/core/ajax/share.php @@ -80,98 +80,45 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo break; case 'setExpirationDate': if (isset($_POST['date'])) { + $l = OC_L10N::get('core'); + $date = new \DateTime($_POST['date']); + $today = new \DateTime('now'); + + if ($date < $today) { + OC_JSON::error(array('data' => array('message' => $l->t('Expiration date is in the past.')))); + return; + } $return = OCP\Share::setExpirationDate($_POST['itemType'], $_POST['itemSource'], $_POST['date']); ($return) ? OC_JSON::success() : OC_JSON::error(); } break; case 'informRecipients': - $l = OC_L10N::get('core'); - $shareType = (int) $_POST['shareType']; $itemType = $_POST['itemType']; $itemSource = $_POST['itemSource']; $recipient = $_POST['recipient']; - $ownerDisplayName = \OCP\User::getDisplayName(); - $from = \OCP\Util::getDefaultEmailAddress('sharing-noreply'); - - $noMail = array(); - $recipientList = array(); if($shareType === \OCP\Share::SHARE_TYPE_USER) { $recipientList[] = $recipient; } elseif ($shareType === \OCP\Share::SHARE_TYPE_GROUP) { $recipientList = \OC_Group::usersInGroup($recipient); } - // don't send a mail to the user who shared the file $recipientList = array_diff($recipientList, array(\OCP\User::getUser())); - // send mail to all recipients with an email address - foreach ($recipientList as $recipient) { - //get correct target folder name - $email = OC_Preferences::getValue($recipient, 'settings', 'email', ''); - - if ($email !== '') { - $displayName = \OCP\User::getDisplayName($recipient); - $items = \OCP\Share::getItemSharedWithUser($itemType, $itemSource, $recipient); - $filename = trim($items[0]['file_target'], '/'); - $subject = (string)$l->t('%s shared »%s« with you', array($ownerDisplayName, $filename)); - $expiration = null; - if (isset($items[0]['expiration'])) { - try { - $date = new DateTime($items[0]['expiration']); - $expiration = $l->l('date', $date->getTimestamp()); - } catch (Exception $e) { - \OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR); - } - } - - if ($itemType === 'folder') { - $foldername = "/Shared/" . $filename; - } else { - // if it is a file we can just link to the Shared folder, - // that's the place where the user will find the file - $foldername = "/Shared"; - } - - $link = \OCP\Util::linkToAbsolute('files', 'index.php', array("dir" => $foldername)); - - $content = new OC_Template("core", "mail", ""); - $content->assign('link', $link); - $content->assign('user_displayname', $ownerDisplayName); - $content->assign('filename', $filename); - $content->assign('expiration', $expiration); - $text = $content->fetchPage(); - - $content = new OC_Template("core", "altmail", ""); - $content->assign('link', $link); - $content->assign('user_displayname', $ownerDisplayName); - $content->assign('filename', $filename); - $content->assign('expiration', $expiration); - $alttext = $content->fetchPage(); - - $default_from = OCP\Util::getDefaultEmailAddress('sharing-noreply'); - $from = OCP\Config::getUserValue(\OCP\User::getUser(), 'settings', 'email', $default_from); - - // send it out now - try { - OCP\Util::sendMail($email, $displayName, $subject, $text, $from, $ownerDisplayName, 1, $alttext); - } catch (Exception $exception) { - $noMail[] = \OCP\User::getDisplayName($recipient); - } - } - } + $mailNotification = new OC\Share\MailNotifications(); + $result = $mailNotification->sendInternalShareMail($recipientList, $itemSource, $itemType); \OCP\Share::setSendMailStatus($itemType, $itemSource, $shareType, true); - if (empty($noMail)) { + if (empty($result)) { OCP\JSON::success(); } else { OCP\JSON::error(array( 'data' => array( 'message' => $l->t("Couldn't send mail to following users: %s ", - implode(', ', $noMail) + implode(', ', $result) ) ) )); @@ -187,56 +134,38 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo break; case 'email': - // enable l10n support - $l = OC_L10N::get('core'); // read post variables - $user = OCP\USER::getUser(); - $displayName = OCP\User::getDisplayName(); - $type = $_POST['itemType']; $link = $_POST['link']; $file = $_POST['file']; $to_address = $_POST['toaddress']; + $mailNotification = new \OC\Share\MailNotifications(); + $expiration = null; if (isset($_POST['expiration']) && $_POST['expiration'] !== '') { try { $date = new DateTime($_POST['expiration']); - $expiration = $l->l('date', $date->getTimestamp()); + $expiration = $date->getTimestamp(); } catch (Exception $e) { \OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR); } } - // setup the email - $subject = (string)$l->t('%s shared »%s« with you', array($displayName, $file)); - - $content = new OC_Template("core", "mail", ""); - $content->assign ('link', $link); - $content->assign ('type', $type); - $content->assign ('user_displayname', $displayName); - $content->assign ('filename', $file); - $content->assign('expiration', $expiration); - $text = $content->fetchPage(); - - $content = new OC_Template("core", "altmail", ""); - $content->assign ('link', $link); - $content->assign ('type', $type); - $content->assign ('user_displayname', $displayName); - $content->assign ('filename', $file); - $content->assign('expiration', $expiration); - $alttext = $content->fetchPage(); - - $default_from = OCP\Util::getDefaultEmailAddress('sharing-noreply'); - $from_address = OCP\Config::getUserValue($user, 'settings', 'email', $default_from ); - - // send it out now - try { - OCP\Util::sendMail($to_address, $to_address, $subject, $text, $from_address, $displayName, 1, $alttext); - OCP\JSON::success(); - } catch (Exception $exception) { - OCP\JSON::error(array('data' => array('message' => OC_Util::sanitizeHTML($exception->getMessage())))); + $result = $mailNotification->sendLinkShareMail($to_address, $file, $link, $expiration); + if(empty($result)) { + \OCP\JSON::success(); + } else { + $l = OC_L10N::get('core'); + OCP\JSON::error(array( + 'data' => array( + 'message' => $l->t("Couldn't send mail to following users: %s ", + implode(', ', $result) + ) + ) + )); } + break; } } else if (isset($_GET['fetch'])) { @@ -354,6 +283,10 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo break; } } + $sorter = new \OC\Share\SearchResultSorter($_GET['search'], + 'label', + new \OC\Log()); + usort($shareWith, array($sorter, 'sort')); OC_JSON::success(array('data' => $shareWith)); } break; diff --git a/core/ajax/update.php b/core/ajax/update.php index 99e8f275316..55e8ab15ec2 100644 --- a/core/ajax/update.php +++ b/core/ajax/update.php @@ -15,15 +15,6 @@ if (OC::checkUpgrade(false)) { $updater->listen('\OC\Updater', 'dbUpgrade', function () use ($eventSource, $l) { $eventSource->send('success', (string)$l->t('Updated database')); }); - $updater->listen('\OC\Updater', 'filecacheStart', function () use ($eventSource, $l) { - $eventSource->send('success', (string)$l->t('Updating filecache, this may take really long...')); - }); - $updater->listen('\OC\Updater', 'filecacheDone', function () use ($eventSource, $l) { - $eventSource->send('success', (string)$l->t('Updated filecache')); - }); - $updater->listen('\OC\Updater', 'filecacheProgress', function ($out) use ($eventSource, $l) { - $eventSource->send('success', (string)$l->t('... %d%% done ...', array('percent' => $out))); - }); $updater->listen('\OC\Updater', 'failure', function ($message) use ($eventSource) { $eventSource->send('failure', $message); $eventSource->close(); |