diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/MDB2/Driver/sqlite3.php | 4 | ||||
| -rw-r--r-- | lib/base.php | 31 | ||||
| -rw-r--r-- | lib/files/filesystem.php | 5 | ||||
| -rw-r--r-- | lib/files/mount.php | 3 | ||||
| -rw-r--r-- | lib/files/view.php | 38 | ||||
| -rw-r--r-- | lib/helper.php | 2 | ||||
| -rw-r--r-- | lib/json.php | 2 | ||||
| -rw-r--r-- | lib/l10n/cy_GB.php | 41 | ||||
| -rw-r--r-- | lib/l10n/tr.php | 10 | ||||
| -rw-r--r-- | lib/l10n/zh_TW.php | 32 | ||||
| -rw-r--r-- | lib/mimetypes.list.php | 6 | ||||
| -rwxr-xr-x | lib/request.php | 13 | ||||
| -rw-r--r-- | lib/setup.php | 7 | ||||
| -rw-r--r-- | lib/template.php | 12 | ||||
| -rw-r--r-- | lib/templatelayout.php | 69 | ||||
| -rw-r--r-- | lib/user.php | 2 | ||||
| -rwxr-xr-x | lib/util.php | 23 |
17 files changed, 201 insertions, 99 deletions
diff --git a/lib/MDB2/Driver/sqlite3.php b/lib/MDB2/Driver/sqlite3.php index 8f057cfb6e8..aef0eab9bf1 100644 --- a/lib/MDB2/Driver/sqlite3.php +++ b/lib/MDB2/Driver/sqlite3.php @@ -892,10 +892,10 @@ class MDB2_Driver_sqlite3 extends MDB2_Driver_Common $connection = $this->getConnection(); if (PEAR::isError($connection)) { return $connection; - } + } $statement =$this->connection->prepare($query); if (!$statement) { - return $this->db->raiseError(MDB2_ERROR_NOT_FOUND, null, null, + return $this->raiseError(MDB2_ERROR_NOT_FOUND, null, null, 'unable to prepare statement: '.$query); } diff --git a/lib/base.php b/lib/base.php index cb2193bb7aa..8633ae9b637 100644 --- a/lib/base.php +++ b/lib/base.php @@ -97,8 +97,15 @@ class OC { $path = 'public/' . strtolower(str_replace('\\', '/', substr($className, 3)) . '.php'); } elseif (strpos($className, 'OCA\\') === 0) { foreach (self::$APPSROOTS as $appDir) { - $path = $appDir['path'] . '/' . strtolower(str_replace('\\', '/', substr($className, 3)) . '.php'); - $fullPath = stream_resolve_include_path($path); + $path = strtolower(str_replace('\\', '/', substr($className, 4)) . '.php'); + $fullPath = stream_resolve_include_path($appDir['path'] . '/' . $path); + if (file_exists($fullPath)) { + require_once $fullPath; + return false; + } + // If not found in the root of the app directory, insert '/lib' after app id and try again. + $libpath = substr($path, 0, strpos($path, '/')) . '/lib' . substr($path, strpos($path, '/')); + $fullPath = stream_resolve_include_path($appDir['path'] . '/' . $libpath); if (file_exists($fullPath)) { require_once $fullPath; return false; @@ -324,7 +331,8 @@ class OC { ini_set('session.cookie_httponly', '1;'); // set the cookie path to the ownCloud directory - ini_set('session.cookie_path', OC::$WEBROOT); + $cookie_path = OC::$WEBROOT ?: '/'; + ini_set('session.cookie_path', $cookie_path); // set the session name to the instance id - which is unique session_name(OC_Util::getInstanceId()); @@ -357,7 +365,7 @@ class OC { // session timeout if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) { if (isset($_COOKIE[session_name()])) { - setcookie(session_name(), '', time() - 42000, OC::$WEBROOT); + setcookie(session_name(), '', time() - 42000, $cookie_path); } session_unset(); session_destroy(); @@ -466,11 +474,13 @@ class OC { stream_wrapper_register('close', 'OC\Files\Stream\Close'); stream_wrapper_register('oc', 'OC\Files\Stream\OC'); + self::initTemplateEngine(); self::checkConfig(); self::checkInstalled(); self::checkSSL(); - self::initSession(); - self::initTemplateEngine(); + if ( !self::$CLI ) { + self::initSession(); + } $errors = OC_Util::checkServer(); if (count($errors) > 0) { @@ -630,8 +640,13 @@ class OC { // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); - header('Location: ' . $location); - return; + + // Deny the redirect if the URL contains a @ + // This prevents unvalidated redirects like ?redirect_url=:user@domain.com + if (strpos($location, '@') === FALSE) { + header('Location: ' . $location); + return; + } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { diff --git a/lib/files/filesystem.php b/lib/files/filesystem.php index c0e9d215fb5..09732e67ac6 100644 --- a/lib/files/filesystem.php +++ b/lib/files/filesystem.php @@ -287,9 +287,9 @@ class Filesystem { } /** - * fill in the correct values for $user, and $password placeholders + * fill in the correct values for $user * - * @param string $input + * @param string $user * @param string $input * @return string */ @@ -311,6 +311,7 @@ class Filesystem { */ static public function tearDown() { self::clearMounts(); + self::$defaultInstance = null; } /** diff --git a/lib/files/mount.php b/lib/files/mount.php index 59c98e9dcc8..0030d0ee7a6 100644 --- a/lib/files/mount.php +++ b/lib/files/mount.php @@ -136,6 +136,7 @@ class Mount { * @return Mount */ public static function find($path) { + \OC_Util::setupFS(); $path = self::formatPath($path); if (isset(self::$mounts[$path])) { return self::$mounts[$path]; @@ -163,6 +164,7 @@ class Mount { * @return Mount[] */ public static function findIn($path) { + \OC_Util::setupFS(); $path = self::formatPath($path); $result = array(); $pathLength = strlen($path); @@ -186,6 +188,7 @@ class Mount { * @return Mount[] */ public static function findByStorageId($id) { + \OC_Util::setupFS(); if (strlen($id) > 64) { $id = md5($id); } diff --git a/lib/files/view.php b/lib/files/view.php index f607bb59aac..0da104c107e 100644 --- a/lib/files/view.php +++ b/lib/files/view.php @@ -245,13 +245,13 @@ class View { if (!is_null($mtime) and !is_numeric($mtime)) { $mtime = strtotime($mtime); } - + $hooks = array('touch'); - + if (!$this->file_exists($path)) { $hooks[] = 'write'; } - + return $this->basicOperation('touch', $path, $hooks, $mtime); } @@ -263,11 +263,12 @@ class View { if (is_resource($data)) { //not having to deal with streams in file_put_contents makes life easier $absolutePath = Filesystem::normalizePath($this->getAbsolutePath($path)); if (\OC_FileProxy::runPreProxies('file_put_contents', $absolutePath, $data) - && Filesystem::isValidPath($path)) { + && Filesystem::isValidPath($path) + ) { $path = $this->getRelativePath($absolutePath); $exists = $this->file_exists($path); $run = true; - if ($this->fakeRoot == Filesystem::getRoot() && ! Cache\Scanner::isIgnoredFile($path) ) { + if ($this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isIgnoredFile($path)) { if (!$exists) { \OC_Hook::emit( Filesystem::CLASSNAME, @@ -295,7 +296,7 @@ class View { list ($count, $result) = \OC_Helper::streamCopy($data, $target); fclose($target); fclose($data); - if ($this->fakeRoot == Filesystem::getRoot() && ! Cache\Scanner::isIgnoredFile($path) ) { + if ($this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isIgnoredFile($path)) { if (!$exists) { \OC_Hook::emit( Filesystem::CLASSNAME, @@ -335,8 +336,11 @@ class View { $postFix2 = (substr($path2, -1, 1) === '/') ? '/' : ''; $absolutePath1 = Filesystem::normalizePath($this->getAbsolutePath($path1)); $absolutePath2 = Filesystem::normalizePath($this->getAbsolutePath($path2)); - if (\OC_FileProxy::runPreProxies('rename', $absolutePath1, $absolutePath2) - and Filesystem::isValidPath($path2)) { + if ( + \OC_FileProxy::runPreProxies('rename', $absolutePath1, $absolutePath2) + and Filesystem::isValidPath($path2) + and Filesystem::isValidPath($path1) + ) { $path1 = $this->getRelativePath($absolutePath1); $path2 = $this->getRelativePath($absolutePath2); @@ -396,7 +400,11 @@ class View { $postFix2 = (substr($path2, -1, 1) === '/') ? '/' : ''; $absolutePath1 = Filesystem::normalizePath($this->getAbsolutePath($path1)); $absolutePath2 = Filesystem::normalizePath($this->getAbsolutePath($path2)); - if (\OC_FileProxy::runPreProxies('copy', $absolutePath1, $absolutePath2) and Filesystem::isValidPath($path2)) { + if ( + \OC_FileProxy::runPreProxies('copy', $absolutePath1, $absolutePath2) + and Filesystem::isValidPath($path2) + and Filesystem::isValidPath($path1) + ) { $path1 = $this->getRelativePath($absolutePath1); $path2 = $this->getRelativePath($absolutePath2); @@ -627,7 +635,7 @@ class View { private function runHooks($hooks, $path, $post = false) { $prefix = ($post) ? 'post_' : ''; $run = true; - if (Filesystem::$loaded and $this->fakeRoot == Filesystem::getRoot() && ! Cache\Scanner::isIgnoredFile($path) ) { + if (Filesystem::$loaded and $this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isIgnoredFile($path)) { foreach ($hooks as $hook) { if ($hook != 'read') { \OC_Hook::emit( @@ -931,11 +939,11 @@ class View { } /** - * Get the owner for a file or folder - * - * @param string $path - * @return string - */ + * Get the owner for a file or folder + * + * @param string $path + * @return string + */ public function getOwner($path) { return $this->basicOperation('getOwner', $path); } diff --git a/lib/helper.php b/lib/helper.php index 73484ad913f..2ba70294f4b 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -159,7 +159,7 @@ class OC_Helper { */ public static function imagePath( $app, $image ) { // Read the selected theme from the config file - $theme=OC_Config::getValue( "theme" ); + $theme = OC_Util::getTheme(); // Check if the app is in the app folder if( file_exists( OC::$SERVERROOT."/themes/$theme/apps/$app/img/$image" )) { diff --git a/lib/json.php b/lib/json.php index f929e958957..6ba0b13806b 100644 --- a/lib/json.php +++ b/lib/json.php @@ -14,7 +14,7 @@ class OC_JSON{ public static function setContentTypeHeader($type='application/json') { if (!self::$send_content_type_header) { // We send json data - header( 'Content-Type: '.$type ); + header( 'Content-Type: '.$type . '; charset=utf-8'); self::$send_content_type_header = true; } } diff --git a/lib/l10n/cy_GB.php b/lib/l10n/cy_GB.php index 9b087b4a2ef..6cf88c15ccc 100644 --- a/lib/l10n/cy_GB.php +++ b/lib/l10n/cy_GB.php @@ -5,12 +5,51 @@ "Users" => "Defnyddwyr", "Apps" => "Pecynnau", "Admin" => "Gweinyddu", +"ZIP download is turned off." => "Mae llwytho ZIP wedi ei ddiffodd.", +"Files need to be downloaded one by one." => "Mae angen llwytho ffeiliau i lawr fesul un.", +"Back to Files" => "Nôl i Ffeiliau", +"Selected files too large to generate zip file." => "Mae'r ffeiliau ddewiswyd yn rhy fawr i gynhyrchu ffeil zip.", +"couldn't be determined" => "methwyd pennu", +"Application is not enabled" => "Nid yw'r pecyn wedi'i alluogi", +"Authentication error" => "Gwall dilysu", +"Token expired. Please reload page." => "Tocyn wedi dod i ben. Ail-lwythwch y dudalen.", +"Files" => "Ffeiliau", +"Text" => "Testun", +"Images" => "Delweddau", +"Set an admin username." => "Creu enw defnyddiwr i'r gweinyddwr.", +"Set an admin password." => "Gosod cyfrinair y gweinyddwr.", +"%s enter the database username." => "%s rhowch enw defnyddiwr y gronfa ddata.", +"%s enter the database name." => "%s rhowch enw'r gronfa ddata.", +"%s you may not use dots in the database name" => "%s does dim hawl defnyddio dot yn enw'r gronfa ddata", +"%s set the database host." => "%s gosod gwesteiwr y gronfa ddata.", +"PostgreSQL username and/or password not valid" => "Enw a/neu gyfrinair PostgreSQL annilys", +"You need to enter either an existing account or the administrator." => "Rhaid i chi naill ai gyflwyno cyfrif presennol neu'r gweinyddwr.", +"Oracle username and/or password not valid" => "Enw a/neu gyfrinair Oracle annilys", +"MySQL username and/or password not valid" => "Enw a/neu gyfrinair MySQL annilys", +"DB Error: \"%s\"" => "Gwall DB: \"%s\"", +"Offending command was: \"%s\"" => "Y gorchymyn wnaeth beri tramgwydd oedd: \"%s\"", +"MySQL user '%s'@'localhost' exists already." => "Defnyddiwr MySQL '%s'@'localhost' yn bodoli eisoes.", +"Drop this user from MySQL" => "Gollwng y defnyddiwr hwn o MySQL", +"MySQL user '%s'@'%%' already exists" => "Defnyddiwr MySQL '%s'@'%%' eisoes yn bodoli", +"Drop this user from MySQL." => "Gollwng y defnyddiwr hwn o MySQL.", +"Offending command was: \"%s\", name: %s, password: %s" => "Y gorchymyn wnaeth beri tramgwydd oedd: \"%s\", enw: %s, cyfrinair: %s", +"MS SQL username and/or password not valid: %s" => "Enw a/neu gyfrinair MS SQL annilys: %s", +"Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken." => "Nid yw eich gweinydd wedi'i gyflunio eto i ganiatáu cydweddu ffeiliau oherwydd bod y rhyngwyneb WebDAV wedi torri.", +"Please double check the <a href='%s'>installation guides</a>." => "Gwiriwch y <a href='%s'>canllawiau gosod</a> eto.", "seconds ago" => "eiliad yn ôl", "1 minute ago" => "1 munud yn ôl", +"%d minutes ago" => "%d munud yn ôl", "1 hour ago" => "1 awr yn ôl", +"%d hours ago" => "%d awr yn ôl", "today" => "heddiw", "yesterday" => "ddoe", +"%d days ago" => "%d diwrnod yn ôl", "last month" => "mis diwethaf", +"%d months ago" => "%d mis yn ôl", "last year" => "y llynedd", -"years ago" => "blwyddyn yn ôl" +"years ago" => "blwyddyn yn ôl", +"%s is available. Get <a href=\"%s\">more information</a>" => "%s ar gael. <a href=\"%s\">Mwy o wybodaeth</a>", +"up to date" => "cyfredol", +"updates check is disabled" => "gwirio am ddiweddariadau wedi'i analluogi", +"Could not find category \"%s\"" => "Methu canfod categori \"%s\"" ); diff --git a/lib/l10n/tr.php b/lib/l10n/tr.php index 84278f6d4c4..4a8292989ab 100644 --- a/lib/l10n/tr.php +++ b/lib/l10n/tr.php @@ -16,6 +16,16 @@ "Files" => "Dosyalar", "Text" => "Metin", "Images" => "Resimler", +"Set an admin username." => "Bir adi kullanici vermek. ", +"Set an admin password." => "Parola yonetici birlemek. ", +"PostgreSQL username and/or password not valid" => "PostgreSQL adi kullanici ve/veya parola yasal degildir. ", +"You need to enter either an existing account or the administrator." => "Bir konto veya kullanici birlemek ihtiyacin. ", +"Oracle username and/or password not valid" => "Adi klullanici ve/veya parola Oracle mantikli değildir. ", +"DB Error: \"%s\"" => "DB Hata: ''%s''", +"Offending command was: \"%s\"" => "Komut rahasiz ''%s''. ", +"MySQL user '%s'@'localhost' exists already." => "MySQL kullanici '%s @local host zatan var. ", +"Drop this user from MySQL" => "Bu kullanici MySQLden list disari koymak. ", +"MySQL user '%s'@'%%' already exists" => "MySQL kullanici '%s @ % % zaten var (zaten yazili)", "Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken." => "Web sunucunuz dosya transferi için düzgün bir şekilde yapılandırılmamış. WevDAV arabirimini sorunlu gözüküyor.", "Please double check the <a href='%s'>installation guides</a>." => "Lütfen <a href='%s'>kurulum kılavuzlarını</a> iki kez kontrol edin.", "seconds ago" => "saniye önce", diff --git a/lib/l10n/zh_TW.php b/lib/l10n/zh_TW.php index 62a55ebbb47..fbcf81ad3a4 100644 --- a/lib/l10n/zh_TW.php +++ b/lib/l10n/zh_TW.php @@ -5,10 +5,10 @@ "Users" => "使用者", "Apps" => "應用程式", "Admin" => "管理", -"ZIP download is turned off." => "ZIP 下載已關閉", -"Files need to be downloaded one by one." => "檔案需要逐一下載", +"ZIP download is turned off." => "ZIP 下載已關閉。", +"Files need to be downloaded one by one." => "檔案需要逐一下載。", "Back to Files" => "回到檔案列表", -"Selected files too large to generate zip file." => "選擇的檔案太大以致於無法產生壓縮檔", +"Selected files too large to generate zip file." => "選擇的檔案太大以致於無法產生壓縮檔。", "couldn't be determined" => "無法判斷", "Application is not enabled" => "應用程式未啟用", "Authentication error" => "認證錯誤", @@ -16,12 +16,24 @@ "Files" => "檔案", "Text" => "文字", "Images" => "圖片", -"Set an admin username." => "設置一個管理員用戶名。", -"Set an admin password." => "設置一個管理員密碼。", -"PostgreSQL username and/or password not valid" => "PostgreSQL用戶名和/或密碼無效", -"You need to enter either an existing account or the administrator." => "您必須輸入一個現有的賬戶或管理員", -"Oracle username and/or password not valid" => "Oracle用戶名和/或密碼無效", -"MySQL username and/or password not valid" => "MySQL用戶名和/或密碼無效", +"Set an admin username." => "設定管理員帳號。", +"Set an admin password." => "設定管理員密碼。", +"%s enter the database username." => "%s 輸入資料庫使用者名稱。", +"%s enter the database name." => "%s 輸入資料庫名稱。", +"%s you may not use dots in the database name" => "%s 資料庫名稱不能包含小數點", +"%s set the database host." => "%s 設定資料庫主機。", +"PostgreSQL username and/or password not valid" => "PostgreSQL 用戶名和/或密碼無效", +"You need to enter either an existing account or the administrator." => "您必須輸入一個現有的帳號或管理員帳號。", +"Oracle username and/or password not valid" => "Oracle 用戶名和/或密碼無效", +"MySQL username and/or password not valid" => "MySQL 用戶名和/或密碼無效", +"DB Error: \"%s\"" => "資料庫錯誤:\"%s\"", +"Offending command was: \"%s\"" => "有問題的指令是:\"%s\"", +"MySQL user '%s'@'localhost' exists already." => "MySQL 使用者 '%s'@'localhost' 已經存在。", +"Drop this user from MySQL" => "在 MySQL 移除這個使用者", +"MySQL user '%s'@'%%' already exists" => "MySQL 使用者 '%s'@'%%' 已經存在", +"Drop this user from MySQL." => "在 MySQL 移除這個使用者。", +"Offending command was: \"%s\", name: %s, password: %s" => "有問題的指令是:\"%s\" ,使用者:\"%s\",密碼:\"%s\"", +"MS SQL username and/or password not valid: %s" => "MS SQL 使用者和/或密碼無效:%s", "Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken." => "您的網頁伺服器尚未被正確設定來進行檔案同步,因為您的 WebDAV 界面似乎無法使用。", "Please double check the <a href='%s'>installation guides</a>." => "請參考<a href='%s'>安裝指南</a>。", "seconds ago" => "幾秒前", @@ -38,6 +50,6 @@ "years ago" => "幾年前", "%s is available. Get <a href=\"%s\">more information</a>" => "%s 已經可用。取得 <a href=\"%s\">更多資訊</a>", "up to date" => "最新的", -"updates check is disabled" => "檢查更新已停用", +"updates check is disabled" => "更新檢查已停用", "Could not find category \"%s\"" => "找不到分類:\"%s\"" ); diff --git a/lib/mimetypes.list.php b/lib/mimetypes.list.php index 86ce9c6c237..9135a7e3af2 100644 --- a/lib/mimetypes.list.php +++ b/lib/mimetypes.list.php @@ -98,5 +98,9 @@ return array( 'epub' => 'application/epub+zip', 'mobi' => 'application/x-mobipocket-ebook', 'exe' => 'application', - 'msi' => 'application' + 'msi' => 'application', + 'md' => 'text/markdown', + 'markdown' => 'text/markdown', + 'mdown' => 'text/markdown', + 'mdwn' => 'text/markdown' ); diff --git a/lib/request.php b/lib/request.php index 9f74cf9beb5..4d8380eb9ac 100755 --- a/lib/request.php +++ b/lib/request.php @@ -11,9 +11,10 @@ class OC_Request { * @brief Check overwrite condition * @returns true/false */ - private static function isOverwriteCondition() { + private static function isOverwriteCondition($type = '') { $regex = '/' . OC_Config::getValue('overwritecondaddr', '') . '/'; - return $regex === '//' or preg_match($regex, $_SERVER['REMOTE_ADDR']) === 1; + return $regex === '//' or preg_match($regex, $_SERVER['REMOTE_ADDR']) === 1 + or ($type !== 'protocol' and OC_Config::getValue('forcessl', false)); } /** @@ -27,7 +28,7 @@ class OC_Request { if(OC::$CLI) { return 'localhost'; } - if(OC_Config::getValue('overwritehost', '')<>'' and self::isOverwriteCondition()) { + if(OC_Config::getValue('overwritehost', '') !== '' and self::isOverwriteCondition()) { return OC_Config::getValue('overwritehost'); } if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { @@ -52,7 +53,7 @@ class OC_Request { * Returns the server protocol. It respects reverse proxy servers and load balancers */ public static function serverProtocol() { - if(OC_Config::getValue('overwriteprotocol', '')<>'' and self::isOverwriteCondition()) { + if(OC_Config::getValue('overwriteprotocol', '') !== '' and self::isOverwriteCondition('protocol')) { return OC_Config::getValue('overwriteprotocol'); } if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { @@ -76,7 +77,7 @@ class OC_Request { */ public static function requestUri() { $uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; - if (OC_Config::getValue('overwritewebroot', '') <> '' and self::isOverwriteCondition()) { + if (OC_Config::getValue('overwritewebroot', '') !== '' and self::isOverwriteCondition()) { $uri = self::scriptName() . substr($uri, strlen($_SERVER['SCRIPT_NAME'])); } return $uri; @@ -91,7 +92,7 @@ class OC_Request { */ public static function scriptName() { $name = $_SERVER['SCRIPT_NAME']; - if (OC_Config::getValue('overwritewebroot', '') <> '' and self::isOverwriteCondition()) { + if (OC_Config::getValue('overwritewebroot', '') !== '' and self::isOverwriteCondition()) { $serverroot = str_replace("\\", '/', substr(__DIR__, 0, -4)); $suburi = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen($serverroot))); $name = OC_Config::getValue('overwritewebroot', '') . $suburi; diff --git a/lib/setup.php b/lib/setup.php index 769fae11656..d1197b3ebf3 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -187,6 +187,7 @@ class OC_Setup { unlink("$datadir/owncloud.db"); } //in case of sqlite, we can always fill the database + error_log("creating sqlite db"); OC_DB::createDbFromStructure('db_structure.xml'); } @@ -195,7 +196,7 @@ class OC_Setup { OC_User::createUser($username, $password); } catch(Exception $exception) { - $error[] = $exception->getMessage(); + $error[] = 'Error while trying to create admin user: ' . $exception->getMessage(); } if(count($error) == 0) { @@ -827,6 +828,10 @@ class OC_Setup { $content.= "AddType image/svg+xml svg svgz\n"; $content.= "AddEncoding gzip svgz\n"; $content.= "</IfModule>\n"; + $content.= "<IfModule dir_module>\n"; + $content.= "DirectoryIndex index.php index.html\n"; + $content.= "</IfModule>\n"; + $content.= "AddDefaultCharset utf-8\n"; $content.= "Options -Indexes\n"; @file_put_contents(OC::$SERVERROOT.'/.htaccess', $content); //supress errors in case we don't have permissions for it diff --git a/lib/template.php b/lib/template.php index 434c1e9e990..2f535335648 100644 --- a/lib/template.php +++ b/lib/template.php @@ -186,10 +186,15 @@ class OC_Template{ $this->l10n = OC_L10N::get($parts[0]); // Some headers to enhance security - header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE + // iFrame Restriction Policy + $xFramePolicy = OC_Config::getValue('xframe_restriction', true); + if($xFramePolicy) { + header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains + } + // Content Security Policy // If you change the standard policy, please also change it in config.sample.php $policy = OC_Config::getValue('custom_csp_policy', @@ -198,7 +203,8 @@ class OC_Template{ .'style-src \'self\' \'unsafe-inline\'; ' .'frame-src *; ' .'img-src *; ' - .'font-src \'self\' data:'); + .'font-src \'self\' data:; ' + .'media-src *'); header('Content-Security-Policy:'.$policy); // Standard $this->findTemplate($name); @@ -272,7 +278,7 @@ class OC_Template{ protected function findTemplate($name) { // Read the selected theme from the config file - $theme=OC_Config::getValue( "theme" ); + $theme = OC_Util::getTheme(); // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); diff --git a/lib/templatelayout.php b/lib/templatelayout.php index 73094232230..686a38a7386 100644 --- a/lib/templatelayout.php +++ b/lib/templatelayout.php @@ -64,25 +64,8 @@ class OC_TemplateLayout extends OC_Template { $root = $info[0]; $web = $info[1]; $file = $info[2]; - $paths = explode('/', $file); - $in_root = false; - foreach(OC::$APPSROOTS as $app_root) { - if($root == $app_root['path']) { - $in_root = true; - break; - } - } - - if($in_root ) { - $app = $paths[0]; - unset($paths[0]); - $path = implode('/', $paths); - $this->append( 'cssfiles', OC_Helper::linkTo($app, $path) . $versionParameter); - } - else { - $this->append( 'cssfiles', $web.'/'.$file); - } + $this->append( 'cssfiles', $web.'/'.$file . $versionParameter); } } @@ -103,7 +86,7 @@ class OC_TemplateLayout extends OC_Template { static public function findStylesheetFiles($styles) { // Read the selected theme from the config file - $theme=OC_Config::getValue( 'theme' ); + $theme = OC_Util::getTheme(); // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); @@ -111,7 +94,8 @@ class OC_TemplateLayout extends OC_Template { $files = array(); foreach($styles as $style) { // is it in 3rdparty? - if(self::appendIfExist($files, OC::$THIRDPARTYROOT, OC::$THIRDPARTYWEBROOT, $style.'.css')) { + if(strpos($style, '3rdparty') === 0 && + self::appendIfExist($files, OC::$THIRDPARTYROOT, OC::$THIRDPARTYWEBROOT, $style.'.css')) { // or in the owncloud root? }elseif(self::appendIfExist($files, OC::$SERVERROOT, OC::$WEBROOT, "$style$fext.css" )) { @@ -122,20 +106,15 @@ class OC_TemplateLayout extends OC_Template { }elseif(self::appendIfExist($files, OC::$SERVERROOT, OC::$WEBROOT, "core/$style.css" )) { }else{ - $append = false; - // or in apps? - foreach( OC::$APPSROOTS as $apps_dir) - { - if(self::appendIfExist($files, $apps_dir['path'], $apps_dir['url'], "$style$fext.css")) { - $append = true; - break; - } - elseif(self::appendIfExist($files, $apps_dir['path'], $apps_dir['url'], "$style.css")) { - $append = true; - break; - } + $app = substr($style, 0, strpos($style, '/')); + $style = substr($style, strpos($style, '/')+1); + $app_path = OC_App::getAppPath($app); + $app_url = OC::$WEBROOT . '/index.php/apps/' . $app; + if(self::appendIfExist($files, $app_path, $app_url, "$style$fext.css")) { } - if(! $append) { + elseif(self::appendIfExist($files, $app_path, $app_url, "$style.css")) { + } + else { echo('css file not found: style:'.$style.' formfactor:'.$fext .' webroot:'.OC::$WEBROOT.' serverroot:'.OC::$SERVERROOT); die(); @@ -161,7 +140,7 @@ class OC_TemplateLayout extends OC_Template { static public function findJavascriptFiles($scripts) { // Read the selected theme from the config file - $theme=OC_Config::getValue( 'theme' ); + $theme = OC_Util::getTheme(); // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); @@ -169,7 +148,8 @@ class OC_TemplateLayout extends OC_Template { $files = array(); foreach($scripts as $script) { // Is it in 3rd party? - if(self::appendIfExist($files, OC::$THIRDPARTYROOT, OC::$THIRDPARTYWEBROOT, $script.'.js')) { + if(strpos($script, '3rdparty') === 0 && + self::appendIfExist($files, OC::$THIRDPARTYROOT, OC::$THIRDPARTYWEBROOT, $script.'.js')) { // Is it in apps and overwritten by the theme? }elseif(self::appendIfExist($files, OC::$SERVERROOT, OC::$WEBROOT, "themes/$theme/apps/$script$fext.js" )) { @@ -193,18 +173,15 @@ class OC_TemplateLayout extends OC_Template { }else{ // Is it part of an app? - $append = false; - foreach( OC::$APPSROOTS as $apps_dir) { - if(self::appendIfExist($files, $apps_dir['path'], OC::$WEBROOT.$apps_dir['url'], "$script$fext.js")) { - $append = true; - break; - } - elseif(self::appendIfExist($files, $apps_dir['path'], OC::$WEBROOT.$apps_dir['url'], "$script.js")) { - $append = true; - break; - } + $app = substr($script, 0, strpos($script, '/')); + $script = substr($script, strpos($script, '/')+1); + $app_path = OC_App::getAppPath($app); + $app_url = OC_App::getAppWebPath($app); + if(self::appendIfExist($files, $app_path, $app_url, "$script$fext.js")) { + } + elseif(self::appendIfExist($files, $app_path, $app_url, "$script.js")) { } - if(! $append) { + else { echo('js file not found: script:'.$script.' formfactor:'.$fext .' webroot:'.OC::$WEBROOT.' serverroot:'.OC::$SERVERROOT); die(); diff --git a/lib/user.php b/lib/user.php index b19af940795..226b716188d 100644 --- a/lib/user.php +++ b/lib/user.php @@ -527,7 +527,7 @@ class OC_User { foreach (self::$_usedBackends as $backend) { $backendDisplayNames = $backend->getDisplayNames($search, $limit, $offset); if (is_array($backendDisplayNames)) { - $displayNames = array_merge($displayNames, $backendDisplayNames); + $displayNames = $displayNames + $backendDisplayNames; } } asort($displayNames); diff --git a/lib/util.php b/lib/util.php index 34ed4a2a96a..810593358a5 100755 --- a/lib/util.php +++ b/lib/util.php @@ -595,7 +595,7 @@ class OC_Util { } catch(\Sabre_DAV_Exception_NotAuthenticated $e) { $return = true; } catch(\Exception $e) { - OC_Log::write('core', 'isWebDAVWorking: NO - Reason: '.$e, OC_Log::WARN); + OC_Log::write('core', 'isWebDAVWorking: NO - Reason: '.$e->getMessage(). ' ('.get_class($e).')', OC_Log::WARN); $return = false; } @@ -795,4 +795,25 @@ class OC_Util { return (substr(PHP_OS, 0, 3) === "WIN"); } + + /** + * Handles the case that there may not be a theme, then check if a "default" + * theme exists and take that one + * @return string the theme + */ + public static function getTheme() { + $theme = OC_Config::getValue("theme"); + + if(is_null($theme)) { + + if(is_dir(OC::$SERVERROOT . '/themes/default')) { + $theme = 'default'; + } + + } + + return $theme; + } + + } |