diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 9 | ||||
| -rw-r--r-- | lib/l10n/hu_HU.js | 5 | ||||
| -rw-r--r-- | lib/l10n/hu_HU.json | 5 | ||||
| -rw-r--r-- | lib/private/app/codechecker/infochecker.php | 15 | ||||
| -rw-r--r-- | lib/private/appframework/db/db.php | 9 | ||||
| -rw-r--r-- | lib/private/db/adapteroci8.php | 1 | ||||
| -rw-r--r-- | lib/private/db/adaptersqlite.php | 1 | ||||
| -rw-r--r-- | lib/private/db/connection.php | 10 | ||||
| -rw-r--r-- | lib/private/files/cache/cache.php | 133 | ||||
| -rw-r--r-- | lib/private/files/fileinfo.php | 20 | ||||
| -rw-r--r-- | lib/private/files/node/node.php | 4 | ||||
| -rw-r--r-- | lib/private/files/view.php | 19 | ||||
| -rw-r--r-- | lib/private/security/securerandom.php | 19 | ||||
| -rw-r--r-- | lib/private/share/share.php | 4 | ||||
| -rw-r--r-- | lib/public/files/fileinfo.php | 8 | ||||
| -rw-r--r-- | lib/public/files/storagenotavailableexception.php | 17 | ||||
| -rw-r--r-- | lib/public/idbconnection.php | 9 | ||||
| -rw-r--r-- | lib/public/security/isecurerandom.php | 8 |
18 files changed, 214 insertions, 82 deletions
diff --git a/lib/base.php b/lib/base.php index f44c4ff5bf2..feaf46e83f1 100644 --- a/lib/base.php +++ b/lib/base.php @@ -673,6 +673,15 @@ class OC { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); + \OC::$server->getLogger()->warning( + 'Trusted domain error. "{remoteAddress}" tried to access using "{host}" as host.', + [ + 'app' => 'core', + 'remoteAddress' => $request->getRemoteAddress(), + 'host' => $host, + ] + ); + $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); $tmpl->assign('domain', $request->server['SERVER_NAME']); $tmpl->printPage(); diff --git a/lib/l10n/hu_HU.js b/lib/l10n/hu_HU.js index 7f4bc21063a..66d53932d38 100644 --- a/lib/l10n/hu_HU.js +++ b/lib/l10n/hu_HU.js @@ -25,10 +25,11 @@ OC.L10N.register( "yesterday" : "tegnap", "_%n day ago_::_%n days ago_" : ["%n napja","%n napja"], "last month" : "múlt hónapban", - "_%n month ago_::_%n months ago_" : ["%n hónappal ezelőtt","%n hónappal ezelőtt"], + "_%n month ago_::_%n months ago_" : ["%n hónapja","%n hónapja"], "last year" : "tavaly", "_%n year ago_::_%n years ago_" : ["%n éve","%n éve"], - "_%n hour ago_::_%n hours ago_" : ["%n órával ezelőtt","%n órával ezelőtt"], + "_%n hour ago_::_%n hours ago_" : ["%n órája","%n órája"], + "_%n minute ago_::_%n minutes ago_" : ["%n perce","%n perce"], "seconds ago" : "pár másodperce", "web services under your control" : "webszolgáltatások saját kézben", "Empty filename is not allowed" : "Üres fájlnév nem engedétlyezett", diff --git a/lib/l10n/hu_HU.json b/lib/l10n/hu_HU.json index 180b65181c2..91a95213444 100644 --- a/lib/l10n/hu_HU.json +++ b/lib/l10n/hu_HU.json @@ -23,10 +23,11 @@ "yesterday" : "tegnap", "_%n day ago_::_%n days ago_" : ["%n napja","%n napja"], "last month" : "múlt hónapban", - "_%n month ago_::_%n months ago_" : ["%n hónappal ezelőtt","%n hónappal ezelőtt"], + "_%n month ago_::_%n months ago_" : ["%n hónapja","%n hónapja"], "last year" : "tavaly", "_%n year ago_::_%n years ago_" : ["%n éve","%n éve"], - "_%n hour ago_::_%n hours ago_" : ["%n órával ezelőtt","%n órával ezelőtt"], + "_%n hour ago_::_%n hours ago_" : ["%n órája","%n órája"], + "_%n minute ago_::_%n minutes ago_" : ["%n perce","%n perce"], "seconds ago" : "pár másodperce", "web services under your control" : "webszolgáltatások saját kézben", "Empty filename is not allowed" : "Üres fájlnév nem engedétlyezett", diff --git a/lib/private/app/codechecker/infochecker.php b/lib/private/app/codechecker/infochecker.php index 91580bde07d..24835d8148f 100644 --- a/lib/private/app/codechecker/infochecker.php +++ b/lib/private/app/codechecker/infochecker.php @@ -77,6 +77,21 @@ class InfoChecker extends BasicEmitter { $info = $this->infoParser->parse($appPath . '/appinfo/info.xml'); + if (isset($info['dependencies']['owncloud']['@attributes']['min-version']) && ($info['requiremin'] || $info['require'])) { + $this->emit('InfoChecker', 'duplicateRequirement', ['min']); + $errors[] = [ + 'type' => 'duplicateRequirement', + 'field' => 'min', + ]; + } + if (isset($info['dependencies']['owncloud']['@attributes']['max-version']) && $info['requiremax']) { + $this->emit('InfoChecker', 'duplicateRequirement', ['max']); + $errors[] = [ + 'type' => 'duplicateRequirement', + 'field' => 'max', + ]; + } + foreach ($info as $key => $value) { if(is_array($value)) { $value = json_encode($value); diff --git a/lib/private/appframework/db/db.php b/lib/private/appframework/db/db.php index 8e3fa6e4197..9f912f9c0a4 100644 --- a/lib/private/appframework/db/db.php +++ b/lib/private/appframework/db/db.php @@ -258,4 +258,13 @@ class Db implements IDb { return $this->connection->tableExists($table); } + /** + * Espace a parameter to be used in a LIKE query + * + * @param string $param + * @return string + */ + public function escapeLikeParameter($param) { + return $this->connection->escapeLikeParameter($param); + } } diff --git a/lib/private/db/adapteroci8.php b/lib/private/db/adapteroci8.php index 15ec5a0677f..6e7857e6620 100644 --- a/lib/private/db/adapteroci8.php +++ b/lib/private/db/adapteroci8.php @@ -36,6 +36,7 @@ class AdapterOCI8 extends Adapter { const UNIX_TIMESTAMP_REPLACEMENT = "(cast(sys_extract_utc(systimestamp) as date) - date'1970-01-01') * 86400"; public function fixupStatement($statement) { + $statement = preg_replace('( LIKE \?)', '$0 ESCAPE \'\\\'', $statement); $statement = preg_replace('/`(\w+)` ILIKE \?/', 'REGEXP_LIKE(`$1`, \'^\' || REPLACE(?, \'%\', \'.*\') || \'$\', \'i\')', $statement); $statement = str_replace('`', '"', $statement); $statement = str_ireplace('NOW()', 'CURRENT_TIMESTAMP', $statement); diff --git a/lib/private/db/adaptersqlite.php b/lib/private/db/adaptersqlite.php index 5add0586da0..e133a20f543 100644 --- a/lib/private/db/adaptersqlite.php +++ b/lib/private/db/adaptersqlite.php @@ -28,6 +28,7 @@ namespace OC\DB; class AdapterSqlite extends Adapter { public function fixupStatement($statement) { + $statement = preg_replace('( I?LIKE \?)', '$0 ESCAPE \'\\\'', $statement); $statement = preg_replace('/`(\w+)` ILIKE \?/', 'LOWER($1) LIKE LOWER(?)', $statement); $statement = str_replace( '`', '"', $statement ); $statement = str_ireplace( 'NOW()', 'datetime(\'now\')', $statement ); diff --git a/lib/private/db/connection.php b/lib/private/db/connection.php index 4d33cd968af..1b86d3d383a 100644 --- a/lib/private/db/connection.php +++ b/lib/private/db/connection.php @@ -301,4 +301,14 @@ class Connection extends \Doctrine\DBAL\Connection implements IDBConnection { public function inTransaction() { return $this->getTransactionNestingLevel() > 0; } + + /** + * Espace a parameter to be used in a LIKE query + * + * @param string $param + * @return string + */ + public function escapeLikeParameter($param) { + return addcslashes($param, '\\_%'); + } } diff --git a/lib/private/files/cache/cache.php b/lib/private/files/cache/cache.php index 71720ac58bf..40477243324 100644 --- a/lib/private/files/cache/cache.php +++ b/lib/private/files/cache/cache.php @@ -35,6 +35,7 @@ namespace OC\Files\Cache; use \OCP\Files\IMimeTypeLoader; +use OCP\IDBConnection; /** * Metadata cache for a storage @@ -71,6 +72,11 @@ class Cache { protected $mimetypeLoader; /** + * @var IDBConnection + */ + protected $connection; + + /** * @param \OC\Files\Storage\Storage|string $storage */ public function __construct($storage) { @@ -85,6 +91,7 @@ class Cache { $this->storageCache = new Storage($storage); $this->mimetypeLoader = \OC::$server->getMimeTypeLoader(); + $this->connection = \OC::$server->getDatabaseConnection(); } /** @@ -101,22 +108,22 @@ class Cache { * * the returned cache entry contains at least the following values: * [ - * 'fileid' => int, the numeric id of a file (see getId) - * 'storage' => int, the numeric id of the storage the file is stored on - * 'path' => string, the path of the file within the storage ('foo/bar.txt') - * 'name' => string, the basename of a file ('bar.txt) - * 'mimetype' => string, the full mimetype of the file ('text/plain') - * 'mimepart' => string, the first half of the mimetype ('text') - * 'size' => int, the size of the file or folder in bytes - * 'mtime' => int, the last modified date of the file as unix timestamp as shown in the ui - * 'storage_mtime' => int, the last modified date of the file as unix timestamp as stored on the storage - * Note that when a file is updated we also update the mtime of all parent folders to make it visible to the user which folder has had updates most recently - * This can differ from the mtime on the underlying storage which usually only changes when a direct child is added, removed or renamed - * 'etag' => string, the etag for the file - * An etag is used for change detection of files and folders, an etag of a file changes whenever the content of the file changes - * Etag for folders change whenever a file in the folder has changed - * 'permissions' int, the permissions for the file stored as bitwise combination of \OCP\PERMISSION_READ, \OCP\PERMISSION_CREATE - * \OCP\PERMISSION_UPDATE, \OCP\PERMISSION_DELETE and \OCP\PERMISSION_SHARE + * 'fileid' => int, the numeric id of a file (see getId) + * 'storage' => int, the numeric id of the storage the file is stored on + * 'path' => string, the path of the file within the storage ('foo/bar.txt') + * 'name' => string, the basename of a file ('bar.txt) + * 'mimetype' => string, the full mimetype of the file ('text/plain') + * 'mimepart' => string, the first half of the mimetype ('text') + * 'size' => int, the size of the file or folder in bytes + * 'mtime' => int, the last modified date of the file as unix timestamp as shown in the ui + * 'storage_mtime' => int, the last modified date of the file as unix timestamp as stored on the storage + * Note that when a file is updated we also update the mtime of all parent folders to make it visible to the user which folder has had updates most recently + * This can differ from the mtime on the underlying storage which usually only changes when a direct child is added, removed or renamed + * 'etag' => string, the etag for the file + * An etag is used for change detection of files and folders, an etag of a file changes whenever the content of the file changes + * Etag for folders change whenever a file in the folder has changed + * 'permissions' int, the permissions for the file stored as bitwise combination of \OCP\PERMISSION_READ, \OCP\PERMISSION_CREATE + * \OCP\PERMISSION_UPDATE, \OCP\PERMISSION_DELETE and \OCP\PERMISSION_SHARE * ] * * @param string | int $file either the path of a file or folder or the file id for a file or folder @@ -136,8 +143,8 @@ class Cache { $sql = 'SELECT `fileid`, `storage`, `path`, `parent`, `name`, `mimetype`, `mimepart`, `size`, `mtime`, `storage_mtime`, `encrypted`, `etag`, `permissions` FROM `*PREFIX*filecache` ' . $where; - $result = \OC_DB::executeAudited($sql, $params); - $data = $result->fetchRow(); + $result = $this->connection->executeQuery($sql, $params); + $data = $result->fetch(); //FIXME hide this HACK in the next database layer, or just use doctrine and get rid of MDB2 and PDO //PDO returns false, MDB2 returns null, oracle always uses MDB2, so convert null to false @@ -191,7 +198,7 @@ class Cache { $sql = 'SELECT `fileid`, `storage`, `path`, `parent`, `name`, `mimetype`, `mimepart`, `size`, `mtime`, `storage_mtime`, `encrypted`, `etag`, `permissions` FROM `*PREFIX*filecache` WHERE `parent` = ? ORDER BY `name` ASC'; - $result = \OC_DB::executeAudited($sql, array($fileId)); + $result = $this->connection->executeQuery($sql, [$fileId]); $files = $result->fetchAll(); foreach ($files as &$file) { $file['mimetype'] = $this->mimetypeLoader->getMimetypeById($file['mimetype']); @@ -248,15 +255,16 @@ class Cache { $queryParts[] = '`storage`'; $params[] = $this->getNumericStorageId(); - $queryParts = array_map(function($item) { + $queryParts = array_map(function ($item) { return trim($item, "`"); }, $queryParts); $values = array_combine($queryParts, $params); if (\OC::$server->getDatabaseConnection()->insertIfNotExist('*PREFIX*filecache', $values, [ 'storage', 'path_hash', - ])) { - return (int)\OC_DB::insertid('*PREFIX*filecache'); + ]) + ) { + return (int)$this->connection->lastInsertId('*PREFIX*filecache'); } // The file was created in the mean time @@ -297,7 +305,7 @@ class Cache { // some databases (Postgres) don't like superfluous updates $sql = 'UPDATE `*PREFIX*filecache` SET ' . implode(' = ?, ', $queryParts) . '=? ' . 'WHERE (' . implode(' <> ? OR ', $queryParts) . ' <> ? ) AND `fileid` = ? '; - \OC_DB::executeAudited($sql, $params); + $this->connection->executeQuery($sql, $params); } @@ -306,8 +314,8 @@ class Cache { * * @param array $data * @return array [$queryParts, $params] - * $queryParts: string[], the (escaped) column names to be set in the query - * $params: mixed[], the new values for the columns, to be passed as params to the query + * $queryParts: string[], the (escaped) column names to be set in the query + * $params: mixed[], the new values for the columns, to be passed as params to the query */ protected function buildParts(array $data) { $fields = array( @@ -365,8 +373,8 @@ class Cache { $pathHash = md5($file); $sql = 'SELECT `fileid` FROM `*PREFIX*filecache` WHERE `storage` = ? AND `path_hash` = ?'; - $result = \OC_DB::executeAudited($sql, array($this->getNumericStorageId(), $pathHash)); - if ($row = $result->fetchRow()) { + $result = $this->connection->executeQuery($sql, array($this->getNumericStorageId(), $pathHash)); + if ($row = $result->fetch()) { return $row['fileid']; } else { return -1; @@ -411,7 +419,7 @@ class Cache { public function remove($file) { $entry = $this->get($file); $sql = 'DELETE FROM `*PREFIX*filecache` WHERE `fileid` = ?'; - \OC_DB::executeAudited($sql, array($entry['fileid'])); + $this->connection->executeQuery($sql, array($entry['fileid'])); if ($entry['mimetype'] === 'httpd/unix-directory') { $this->removeChildren($entry); } @@ -442,7 +450,7 @@ class Cache { $this->removeChildren($folder); } $sql = 'DELETE FROM `*PREFIX*filecache` WHERE `parent` = ?'; - \OC_DB::executeAudited($sql, array($entry['fileid'])); + $this->connection->executeQuery($sql, array($entry['fileid'])); } /** @@ -491,20 +499,20 @@ class Cache { if ($sourceData['mimetype'] === 'httpd/unix-directory') { //find all child entries $sql = 'SELECT `path`, `fileid` FROM `*PREFIX*filecache` WHERE `storage` = ? AND `path` LIKE ?'; - $result = \OC_DB::executeAudited($sql, [$sourceStorageId, $sourcePath . '/%']); + $result = $this->connection->executeQuery($sql, [$sourceStorageId, $this->connection->escapeLikeParameter($sourcePath) . '/%']); $childEntries = $result->fetchAll(); $sourceLength = strlen($sourcePath); - \OC_DB::beginTransaction(); - $query = \OC_DB::prepare('UPDATE `*PREFIX*filecache` SET `storage` = ?, `path` = ?, `path_hash` = ? WHERE `fileid` = ?'); + $this->connection->beginTransaction(); + $query = $this->connection->prepare('UPDATE `*PREFIX*filecache` SET `storage` = ?, `path` = ?, `path_hash` = ? WHERE `fileid` = ?'); foreach ($childEntries as $child) { $newTargetPath = $targetPath . substr($child['path'], $sourceLength); - \OC_DB::executeAudited($query, [$targetStorageId, $newTargetPath, md5($newTargetPath), $child['fileid']]); + $query->execute([$targetStorageId, $newTargetPath, md5($newTargetPath), $child['fileid']]); } - \OC_DB::executeAudited($moveSql, [$targetStorageId, $targetPath, md5($targetPath), basename($targetPath), $newParentId, $sourceId]); - \OC_DB::commit(); + $this->connection->executeQuery($moveSql, [$targetStorageId, $targetPath, md5($targetPath), basename($targetPath), $newParentId, $sourceId]); + $this->connection->commit(); } else { - \OC_DB::executeAudited($moveSql, [$targetStorageId, $targetPath, md5($targetPath), basename($targetPath), $newParentId, $sourceId]); + $this->connection->executeQuery($moveSql, [$targetStorageId, $targetPath, md5($targetPath), basename($targetPath), $newParentId, $sourceId]); } } @@ -514,10 +522,10 @@ class Cache { */ public function clear() { $sql = 'DELETE FROM `*PREFIX*filecache` WHERE `storage` = ?'; - \OC_DB::executeAudited($sql, array($this->getNumericStorageId())); + $this->connection->executeQuery($sql, array($this->getNumericStorageId())); $sql = 'DELETE FROM `*PREFIX*storages` WHERE `id` = ?'; - \OC_DB::executeAudited($sql, array($this->storageId)); + $this->connection->executeQuery($sql, array($this->storageId)); } /** @@ -538,8 +546,8 @@ class Cache { $pathHash = md5($file); $sql = 'SELECT `size` FROM `*PREFIX*filecache` WHERE `storage` = ? AND `path_hash` = ?'; - $result = \OC_DB::executeAudited($sql, array($this->getNumericStorageId(), $pathHash)); - if ($row = $result->fetchRow()) { + $result = $this->connection->executeQuery($sql, array($this->getNumericStorageId(), $pathHash)); + if ($row = $result->fetch()) { if ((int)$row['size'] === -1) { return self::SHALLOW; } else { @@ -571,12 +579,12 @@ class Cache { `etag`, `permissions` FROM `*PREFIX*filecache` WHERE `storage` = ? AND `name` ILIKE ?'; - $result = \OC_DB::executeAudited($sql, - array($this->getNumericStorageId(), $pattern) + $result = $this->connection->executeQuery($sql, + [$this->getNumericStorageId(), $pattern] ); - $files = array(); - while ($row = $result->fetchRow()) { + $files = []; + while ($row = $result->fetch()) { $row['mimetype'] = $this->mimetypeLoader->getMimetypeById($row['mimetype']); $row['mimepart'] = $this->mimetypeLoader->getMimetypeById($row['mimepart']); $files[] = $row; @@ -588,7 +596,7 @@ class Cache { * search for files by mimetype * * @param string $mimetype either a full mimetype to search ('text/plain') or only the first part of a mimetype ('image') - * where it will search for all mimetypes in the group ('image/*') + * where it will search for all mimetypes in the group ('image/*') * @return array an array of cache entries where the mimetype matches the search */ public function searchByMime($mimetype) { @@ -600,9 +608,9 @@ class Cache { $sql = 'SELECT `fileid`, `storage`, `path`, `parent`, `name`, `mimetype`, `mimepart`, `size`, `mtime`, `encrypted`, `etag`, `permissions` FROM `*PREFIX*filecache` WHERE ' . $where . ' AND `storage` = ?'; $mimetype = $this->mimetypeLoader->getId($mimetype); - $result = \OC_DB::executeAudited($sql, array($mimetype, $this->getNumericStorageId())); + $result = $this->connection->executeQuery($sql, array($mimetype, $this->getNumericStorageId())); $files = array(); - while ($row = $result->fetchRow()) { + while ($row = $result->fetch()) { $row['mimetype'] = $this->mimetypeLoader->getMimetypeById($row['mimetype']); $row['mimepart'] = $this->mimetypeLoader->getMimetypeById($row['mimepart']); $files[] = $row; @@ -640,16 +648,16 @@ class Cache { } else { $sql .= 'AND `tag`.`category` = ? '; } - $result = \OC_DB::executeAudited( + $result = $this->connection->executeQuery( $sql, - array( + [ $this->getNumericStorageId(), $userId, $tag - ) + ] ); $files = array(); - while ($row = $result->fetchRow()) { + while ($row = $result->fetch()) { $files[] = $row; } return $files; @@ -689,8 +697,8 @@ class Cache { $sql = 'SELECT SUM(`size`) AS f1, MIN(`size`) AS f2 ' . 'FROM `*PREFIX*filecache` ' . 'WHERE `parent` = ? AND `storage` = ?'; - $result = \OC_DB::executeAudited($sql, array($id, $this->getNumericStorageId())); - if ($row = $result->fetchRow()) { + $result = $this->connection->executeQuery($sql, array($id, $this->getNumericStorageId())); + if ($row = $result->fetch()) { $result->closeCursor(); list($sum, $min) = array_values($row); $sum = 0 + $sum; @@ -721,9 +729,9 @@ class Cache { */ public function getAll() { $sql = 'SELECT `fileid` FROM `*PREFIX*filecache` WHERE `storage` = ?'; - $result = \OC_DB::executeAudited($sql, array($this->getNumericStorageId())); + $result = $this->connection->executeQuery($sql, array($this->getNumericStorageId())); $ids = array(); - while ($row = $result->fetchRow()) { + while ($row = $result->fetch()) { $ids[] = $row['fileid']; } return $ids; @@ -739,10 +747,10 @@ class Cache { * @return string|bool the path of the folder or false when no folder matched */ public function getIncomplete() { - $query = \OC_DB::prepare('SELECT `path` FROM `*PREFIX*filecache`' + $query = $this->connection->prepare('SELECT `path` FROM `*PREFIX*filecache`' . ' WHERE `storage` = ? AND `size` = -1 ORDER BY `fileid` DESC', 1); - $result = \OC_DB::executeAudited($query, array($this->getNumericStorageId())); - if ($row = $result->fetchRow()) { + $query->execute([$this->getNumericStorageId()]); + if ($row = $query->fetch()) { return $row['path']; } else { return false; @@ -757,8 +765,8 @@ class Cache { */ public function getPathById($id) { $sql = 'SELECT `path` FROM `*PREFIX*filecache` WHERE `fileid` = ? AND `storage` = ?'; - $result = \OC_DB::executeAudited($sql, array($id, $this->getNumericStorageId())); - if ($row = $result->fetchRow()) { + $result = $this->connection->executeQuery($sql, array($id, $this->getNumericStorageId())); + if ($row = $result->fetch()) { // Oracle stores empty strings as null... if ($row['path'] === null) { return ''; @@ -779,9 +787,10 @@ class Cache { * @return array first element holding the storage id, second the path */ static public function getById($id) { + $connection = \OC::$server->getDatabaseConnection(); $sql = 'SELECT `storage`, `path` FROM `*PREFIX*filecache` WHERE `fileid` = ?'; - $result = \OC_DB::executeAudited($sql, array($id)); - if ($row = $result->fetchRow()) { + $result = $connection->executeQuery($sql, array($id)); + if ($row = $result->fetch()) { $numericId = $row['storage']; $path = $row['path']; } else { diff --git a/lib/private/files/fileinfo.php b/lib/private/files/fileinfo.php index cf9524241dd..bb810dd45ed 100644 --- a/lib/private/files/fileinfo.php +++ b/lib/private/files/fileinfo.php @@ -28,6 +28,8 @@ namespace OC\Files; +use OCP\IUser; + class FileInfo implements \OCP\Files\FileInfo, \ArrayAccess { /** * @var array $data @@ -55,18 +57,25 @@ class FileInfo implements \OCP\Files\FileInfo, \ArrayAccess { private $mount; /** + * @var IUser + */ + private $owner; + + /** * @param string|boolean $path * @param Storage\Storage $storage * @param string $internalPath * @param array $data * @param \OCP\Files\Mount\IMountPoint $mount + * @param \OCP\IUser|null $owner */ - public function __construct($path, $storage, $internalPath, $data, $mount) { + public function __construct($path, $storage, $internalPath, $data, $mount, $owner= null) { $this->path = $path; $this->storage = $storage; $this->internalPath = $internalPath; $this->data = $data; $this->mount = $mount; + $this->owner = $owner; } public function offsetSet($offset, $value) { @@ -267,4 +276,13 @@ class FileInfo implements \OCP\Files\FileInfo, \ArrayAccess { public function getMountPoint() { return $this->mount; } + + /** + * Get the owner of the file + * + * @return \OCP\IUser + */ + public function getOwner() { + return $this->owner; + } } diff --git a/lib/private/files/node/node.php b/lib/private/files/node/node.php index 943d12122e6..1b52243fcb4 100644 --- a/lib/private/files/node/node.php +++ b/lib/private/files/node/node.php @@ -347,4 +347,8 @@ class Node implements \OCP\Files\Node { public function getMountPoint() { return $this->getFileInfo()->getMountPoint(); } + + public function getOwner() { + return $this->getFileInfo()->getOwner(); + } } diff --git a/lib/private/files/view.php b/lib/private/files/view.php index 887b18530d7..7dd83588ec6 100644 --- a/lib/private/files/view.php +++ b/lib/private/files/view.php @@ -1250,7 +1250,8 @@ class View { $data['permissions'] |= \OCP\Constants::PERMISSION_DELETE; } - return new FileInfo($path, $storage, $internalPath, $data, $mount); + $owner = \OC::$server->getUserManager()->get($storage->getOwner($internalPath)); + return new FileInfo($path, $storage, $internalPath, $data, $mount, $owner); } /** @@ -1316,7 +1317,8 @@ class View { if (\OCP\Util::isSharingDisabledForUser()) { $content['permissions'] = $content['permissions'] & ~\OCP\Constants::PERMISSION_SHARE; } - $files[] = new FileInfo($path . '/' . $content['name'], $storage, $content['path'], $content, $mount); + $owner = \OC::$server->getUserManager()->get($storage->getOwner($content['path'])); + $files[] = new FileInfo($path . '/' . $content['name'], $storage, $content['path'], $content, $mount, $owner); } //add a folder for any mountpoint in this directory and add the sizes of other mountpoints to the folders @@ -1385,7 +1387,8 @@ class View { $rootEntry['permissions'] = $rootEntry['permissions'] & ~\OCP\Constants::PERMISSION_SHARE; } - $files[] = new FileInfo($path . '/' . $rootEntry['name'], $subStorage, '', $rootEntry, $mount); + $owner = \OC::$server->getUserManager()->get($subStorage->getOwner('')); + $files[] = new FileInfo($path . '/' . $rootEntry['name'], $subStorage, '', $rootEntry, $mount, $owner); } } } @@ -1507,7 +1510,8 @@ class View { $internalPath = $result['path']; $path = $mountPoint . $result['path']; $result['path'] = substr($mountPoint . $result['path'], $rootLength); - $files[] = new FileInfo($path, $storage, $internalPath, $result, $mount); + $owner = \OC::$server->getUserManager()->get($storage->getOwner($internalPath)); + $files[] = new FileInfo($path, $storage, $internalPath, $result, $mount, $owner); } } @@ -1525,7 +1529,8 @@ class View { $internalPath = $result['path']; $result['path'] = rtrim($relativeMountPoint . $result['path'], '/'); $path = rtrim($mountPoint . $internalPath, '/'); - $files[] = new FileInfo($path, $storage, $internalPath, $result, $mount); + $owner = \OC::$server->getUserManager()->get($storage->getOwner($internalPath)); + $files[] = new FileInfo($path, $storage, $internalPath, $result, $mount, $owner); } } } @@ -1666,6 +1671,7 @@ class View { $mount = $this->getMount($path); $storage = $mount->getStorage(); $internalPath = $mount->getInternalPath($this->getAbsolutePath($path)); + $owner = \OC::$server->getUserManager()->get($storage->getOwner($internalPath)); return new FileInfo( $this->getAbsolutePath($path), $storage, @@ -1680,7 +1686,8 @@ class View { 'encrypted' => false, 'permissions' => \OCP\Constants::PERMISSION_ALL ], - $mount + $mount, + $owner ); } diff --git a/lib/private/security/securerandom.php b/lib/private/security/securerandom.php index 409285fd098..87dca68985e 100644 --- a/lib/private/security/securerandom.php +++ b/lib/private/security/securerandom.php @@ -28,7 +28,7 @@ use OCP\Security\ISecureRandom; /** * Class SecureRandom provides a layer around RandomLib to generate - * secure random strings. + * secure random strings. For PHP 7 the native CSPRNG is used. * * Usage: * \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10); @@ -77,16 +77,29 @@ class SecureRandom implements ISecureRandom { /** * Generate a random string of specified length. * @param int $length The length of the generated string - * @param string $characters An optional list of characters to use if no characterlist is + * @param string $characters An optional list of characters to use if no character list is * specified all valid base64 characters are used. * @return string * @throws \Exception If the generator is not initialized. */ - public function generate($length, $characters = '') { + public function generate($length, + $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/') { if(is_null($this->generator)) { throw new \Exception('Generator is not initialized.'); } + if(function_exists('random_int')) { + $maxCharIndex = strlen($characters) - 1; + $randomString = ''; + + while($length > 0) { + $randomNumber = random_int(0, $maxCharIndex); + $randomString .= $characters[$randomNumber]; + $length--; + } + return $randomString; + } + return $this->generator->generateString($length, $characters); } } diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 0693a9c08fb..4503818a9ec 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -697,8 +697,8 @@ class Share extends Constants { if (empty($inGroup)) { $message = 'Sharing %s failed, because the user ' .'%s is not a member of any groups that %s is a member of'; - $message_t = $l->t('Sharing %s failed, because the user %s is not a member of any groups that %s is a member of', array($itemSourceName, $shareWith, $uidOwner)); - \OCP\Util::writeLog('OCP\Share', sprintf($message, $itemSourceName, $shareWith, $uidOwner), \OCP\Util::DEBUG); + $message_t = $l->t('Sharing %s failed, because the user %s is not a member of any groups that %s is a member of', array($itemName, $shareWith, $uidOwner)); + \OCP\Util::writeLog('OCP\Share', sprintf($message, $itemName, $shareWith, $uidOwner), \OCP\Util::DEBUG); throw new \Exception($message_t); } } diff --git a/lib/public/files/fileinfo.php b/lib/public/files/fileinfo.php index accbe04e044..1af13302af0 100644 --- a/lib/public/files/fileinfo.php +++ b/lib/public/files/fileinfo.php @@ -229,4 +229,12 @@ interface FileInfo { * @since 8.0.0 */ public function getMountPoint(); + + /** + * Get the owner of the file + * + * @return \OCP\IUser + * @since 9.0.0 + */ + public function getOwner(); } diff --git a/lib/public/files/storagenotavailableexception.php b/lib/public/files/storagenotavailableexception.php index 842867ba567..a6665b38ce1 100644 --- a/lib/public/files/storagenotavailableexception.php +++ b/lib/public/files/storagenotavailableexception.php @@ -28,10 +28,25 @@ // use OCP namespace for all classes that are considered public. // This means that they should be used by apps instead of the internal ownCloud classes namespace OCP\Files; +use OC\HintException; /** * Storage is temporarily not available * @since 6.0.0 + * @changed 8.2.1 based on HintException */ -class StorageNotAvailableException extends \Exception { +class StorageNotAvailableException extends HintException { + + /** + * StorageNotAvailableException constructor. + * + * @param string $message + * @param int $code + * @param \Exception $previous + * @since 6.0.0 + */ + public function __construct($message = '', $code = 0, \Exception $previous = null) { + $l = \OC::$server->getL10N('core'); + parent::__construct($message, $l->t('Storage not available'), $code, $previous); + } } diff --git a/lib/public/idbconnection.php b/lib/public/idbconnection.php index 6a4373583fa..945ca142163 100644 --- a/lib/public/idbconnection.php +++ b/lib/public/idbconnection.php @@ -206,4 +206,13 @@ interface IDBConnection { * @since 8.0.0 */ public function tableExists($table); + + /** + * Escape a parameter to be used in a LIKE query + * + * @param string $param + * @return string + * @since 9.0.0 + */ + public function escapeLikeParameter($param); } diff --git a/lib/public/security/isecurerandom.php b/lib/public/security/isecurerandom.php index cbe2d4e0d56..1b72e4f4377 100644 --- a/lib/public/security/isecurerandom.php +++ b/lib/public/security/isecurerandom.php @@ -24,7 +24,7 @@ namespace OCP\Security; /** * Class SecureRandom provides a layer around RandomLib to generate - * secure random numbers. + * secure random strings. For PHP 7 the native CSPRNG is used. * * Usage: * $rng = new \OC\Security\SecureRandom(); @@ -70,11 +70,13 @@ interface ISecureRandom { /** * Generate a random string of specified length. * @param int $length The length of the generated string - * @param string $characters An optional list of characters to use if no characterlist is + * @param string $characters An optional list of characters to use if no character list is * specified all valid base64 characters are used. * @return string * @throws \Exception If the generator is not initialized. * @since 8.0.0 */ - public function generate($length, $characters = ''); + public function generate($length, + $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'); + } |