15 files changed, 176 insertions, 56 deletions
diff --git a/lib/connector/sabre/directory.php b/lib/connector/sabre/directory.php
index e36ac84652c..1e50d4cc7da 100644
--- a/lib/connector/sabre/directory.php
+++ b/lib/connector/sabre/directory.php
@@ -57,6 +57,62 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
 		$path = $this->path . '/' . $name;
 		$node = new OC_Connector_Sabre_File($path);
 		return $node->put($data);
+
+//		if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
+//			$info = OC_FileChunking::decodeName($name);
+//			if (empty($info)) {
+//				throw new Sabre_DAV_Exception_NotImplemented();
+//			}
+//			$chunk_handler = new OC_FileChunking($info);
+//			$chunk_handler->store($info['index'], $data);
+//			if ($chunk_handler->isComplete()) {
+//				$newPath = $this->path . '/' . $info['name'];
+//				$chunk_handler->file_assemble($newPath);
+//				return OC_Connector_Sabre_Node::getETagPropertyForPath($newPath);
+//			}
+//		} else {
+//			$newPath = $this->path . '/' . $name;
+//
+//			// mark file as partial while uploading (ignored by the scanner)
+//			$partpath = $newPath . '.part';
+//
+//			\OC\Files\Filesystem::file_put_contents($partpath, $data);
+//
+//			//detect aborted upload
+//			if (isset ($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PUT' ) {
+//				if (isset($_SERVER['CONTENT_LENGTH'])) {
+//					$expected = $_SERVER['CONTENT_LENGTH'];
+//					$actual = \OC\Files\Filesystem::filesize($partpath);
+//					if ($actual != $expected) {
+//						\OC\Files\Filesystem::unlink($partpath);
+//						throw new Sabre_DAV_Exception_BadRequest(
+//								'expected filesize ' . $expected . ' got ' . $actual);
+//					}
+//				}
+//			}
+//
+//			// rename to correct path
+//			$renameOkay = \OC\Files\Filesystem::rename($partpath, $newPath);
+//			$fileExists = \OC\Files\Filesystem::file_exists($newPath);
+//			if ($renameOkay === false || $fileExists === false) {
+//				\OC_Log::write('webdav', '\OC\Files\Filesystem::rename() failed', \OC_Log::ERROR);
+//				\OC\Files\Filesystem::unlink($partpath);
+//				throw new Sabre_DAV_Exception();
+//			}
+//
+//			// allow sync clients to send the mtime along in a header
+//			$mtime = OC_Request::hasModificationTime();
+//			if ($mtime !== false) {
+//				if(\OC\Files\Filesystem::touch($newPath, $mtime)) {
+//					header('X-OC-MTime: accepted');
+//				}
+//			}
+//
+//			return OC_Connector_Sabre_Node::getETagPropertyForPath($newPath);
+//		}
+//
+//		return null;
+//>>>>>>> master
 	}
 
 	/**
diff --git a/lib/connector/sabre/file.php b/lib/connector/sabre/file.php
index aa4b886429c..b05c9fcb92a 100644
--- a/lib/connector/sabre/file.php
+++ b/lib/connector/sabre/file.php
@@ -28,7 +28,7 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
 	 *
 	 * The data argument is a readable stream resource.
 	 *
-	 * After a succesful put operation, you may choose to return an ETag. The
+	 * After a successful put operation, you may choose to return an ETag. The
 	 * etag must always be surrounded by double-quotes. These quotes must
 	 * appear in the actual string you're returning.
 	 *
@@ -104,7 +104,13 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
 		}
 
 		// rename to correct path
-		$fs->rename($partpath, $this->path);
+		$renameOkay = $fs->rename($partpath, $this->path);
+		$fileExists = $fs->file_exists($this->path);
+		if ($renameOkay === false || $fileExists === false) {
+			\OC_Log::write('webdav', '\OC\Files\Filesystem::rename() failed', \OC_Log::ERROR);
+			$fs->unlink($partpath);
+			throw new Sabre_DAV_Exception();
+		}
 
 		// allow sync clients to send the mtime along in a header
 		$mtime = OC_Request::hasModificationTime();
diff --git a/lib/connector/sabre/node.php b/lib/connector/sabre/node.php
index 28679ef8026..ee864ce7b51 100644
--- a/lib/connector/sabre/node.php
+++ b/lib/connector/sabre/node.php
@@ -85,6 +85,11 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr
 	 */
 	public function setName($name) {
 
+		// rename is only allowed if the update privilege is granted
+		if (!\OC\Files\Filesystem::isUpdatable($this->path)) {
+			throw new \Sabre_DAV_Exception_Forbidden();
+		}
+
 		list($parentPath, ) = Sabre_DAV_URLUtil::splitPath($this->path);
 		list(, $newName) = Sabre_DAV_URLUtil::splitPath($name);
 
@@ -142,6 +147,12 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr
 	 *  Even if the modification time is set to a custom value the access time is set to now.
 	 */
 	public function touch($mtime) {
+
+		// touch is only allowed if the update privilege is granted
+		if (!\OC\Files\Filesystem::isUpdatable($this->path)) {
+			throw new \Sabre_DAV_Exception_Forbidden();
+		}
+
 		\OC\Files\Filesystem::touch($this->path, $mtime);
 	}
 
diff --git a/lib/connector/sabre/objecttree.php b/lib/connector/sabre/objecttree.php
index acff45ed5e2..80c3840b99d 100644
--- a/lib/connector/sabre/objecttree.php
+++ b/lib/connector/sabre/objecttree.php
@@ -11,6 +11,14 @@ namespace OC\Connector\Sabre;
 use OC\Files\Filesystem;
 
 class ObjectTree extends \Sabre_DAV_ObjectTree {
+
+	/**
+	 * keep this public to allow mock injection during unit test
+	 *
+	 * @var \OC\Files\View
+	 */
+	public $fileView;
+
 	/**
 	 * Returns the INode object for the requested path
 	 *
@@ -21,14 +29,16 @@ class ObjectTree extends \Sabre_DAV_ObjectTree {
 	public function getNodeForPath($path) {
 
 		$path = trim($path, '/');
-		if (isset($this->cache[$path])) return $this->cache[$path];
+		if (isset($this->cache[$path])) {
+			return $this->cache[$path];
+		}
 
 		// Is it the root node?
 		if (!strlen($path)) {
 			return $this->rootNode;
 		}
 
-		$info = Filesystem::getFileInfo($path);
+		$info = $this->getFileView()->getFileInfo($path);
 
 		if (!$info) {
 			throw new \Sabre_DAV_Exception_NotFound('File with name ' . $path . ' could not be located');
@@ -64,7 +74,25 @@ class ObjectTree extends \Sabre_DAV_ObjectTree {
 		list($sourceDir,) = \Sabre_DAV_URLUtil::splitPath($sourcePath);
 		list($destinationDir,) = \Sabre_DAV_URLUtil::splitPath($destinationPath);
 
-		Filesystem::rename($sourcePath, $destinationPath);
+		// check update privileges
+		$fs = $this->getFileView();
+		if (!$fs->isUpdatable($sourcePath)) {
+			throw new \Sabre_DAV_Exception_Forbidden();
+		}
+		if ($sourceDir !== $destinationDir) {
+			// for a full move we need update privileges on sourcePath and sourceDir as well as destinationDir
+			if (!$fs->isUpdatable($sourceDir)) {
+				throw new \Sabre_DAV_Exception_Forbidden();
+			}
+			if (!$fs->isUpdatable($destinationDir)) {
+				throw new \Sabre_DAV_Exception_Forbidden();
+			}
+		}
+
+		$renameOkay = $fs->rename($sourcePath, $destinationPath);
+		if (!$renameOkay) {
+			throw new \Sabre_DAV_Exception_Forbidden('');
+		}
 
 		$this->markDirty($sourceDir);
 		$this->markDirty($destinationDir);
@@ -101,4 +129,14 @@ class ObjectTree extends \Sabre_DAV_ObjectTree {
 		list($destinationDir,) = \Sabre_DAV_URLUtil::splitPath($destination);
 		$this->markDirty($destinationDir);
 	}
+
+	/**
+	 * @return \OC\Files\View
+	 */
+	public function getFileView() {
+		if (is_null($this->fileView)) {
+			$this->fileView = \OC\Files\Filesystem::getView();
+		}
+		return $this->fileView;
+	}
 }
diff --git a/lib/l10n/da.php b/lib/l10n/da.php
index 26903142763..05a43f42ed9 100644
--- a/lib/l10n/da.php
+++ b/lib/l10n/da.php
@@ -8,6 +8,9 @@ $TRANSLATIONS = array(
 "Users" => "Brugere",
 "Admin" => "Admin",
 "Failed to upgrade \"%s\"." => "Upgradering af \"%s\" fejlede",
+"Custom profile pictures don't work with encryption yet" => "Personligt profilbillede virker endnu ikke sammen med kryptering",
+"Unknown filetype" => "Ukendt filtype",
+"Invalid image" => "Ugyldigt billede",
 "web services under your control" => "Webtjenester under din kontrol",
 "cannot open \"%s\"" => "Kan ikke åbne \"%s\"",
 "ZIP download is turned off." => "ZIP-download er slået fra.",
diff --git a/lib/l10n/nn_NO.php b/lib/l10n/nn_NO.php
index d5da8c64415..e8bf8dfdef4 100644
--- a/lib/l10n/nn_NO.php
+++ b/lib/l10n/nn_NO.php
@@ -5,6 +5,8 @@ $TRANSLATIONS = array(
 "Settings" => "Innstillingar",
 "Users" => "Brukarar",
 "Admin" => "Administrer",
+"Unknown filetype" => "Ukjend filtype",
+"Invalid image" => "Ugyldig bilete",
 "web services under your control" => "Vev tjenester under din kontroll",
 "Authentication error" => "Feil i autentisering",
 "Files" => "Filer",
diff --git a/lib/preview/txt.php b/lib/preview/txt.php
index a487330691e..77e728eb364 100644
--- a/lib/preview/txt.php
+++ b/lib/preview/txt.php
@@ -9,11 +9,21 @@ namespace OC\Preview;
 
 class TXT extends Provider {
 
+	private static $blacklist = array(
+		'text/calendar',
+		'text/vcard',
+	);
+
 	public function getMimeType() {
 		return '/text\/.*/';
 	}
 
 	public function getThumbnail($path, $maxX, $maxY, $scalingup, $fileview) {
+		$mimetype = $fileview->getMimeType($path);
+		if(in_array($mimetype, self::$blacklist)) {
+			return false;
+		}
+
 		$content = $fileview->fopen($path, 'r');
 		$content = stream_get_contents($content);
 
diff --git a/lib/public/share.php b/lib/public/share.php
index 7a8a183574b..6c5783f1179 100644
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -760,10 +760,10 @@ class Share {
 
 	/**
 	* @brief Get the backend class for the specified item type
-	* @param string Item type
-	* @return Sharing backend object
+	* @param string $itemType
+	* @return Share_Backend
 	*/
-	private static function getBackend($itemType) {
+	public static function getBackend($itemType) {
 		if (isset(self::$backends[$itemType])) {
 			return self::$backends[$itemType];
 		} else if (isset(self::$backendTypes[$itemType]['class'])) {
diff --git a/lib/public/user.php b/lib/public/user.php
index 23ff991642d..576a64d7048 100644
--- a/lib/public/user.php
+++ b/lib/public/user.php
@@ -102,7 +102,7 @@ class User {
 	 * @brief Check if the password is correct
 	 * @param $uid The username
 	 * @param $password The password
-	 * @returns true/false
+	 * @returns mixed username on success, false otherwise
 	 *
 	 * Check if the password is correct without logging in the user
 	 */
diff --git a/lib/user.php b/lib/user.php
index 0f6f40aec9a..ed75b0bc17c 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -177,6 +177,7 @@ class OC_User {
 	 * setup the configured backends in config.php
 	 */
 	public static function setupBackends() {
+		OC_App::loadApps(array('prelogin'));
 		$backends = OC_Config::getValue('user_backends', array());
 		foreach ($backends as $i => $config) {
 			$class = $config['class'];
@@ -410,22 +411,18 @@ class OC_User {
 	 * @brief Check if the password is correct
 	 * @param string $uid The username
 	 * @param string $password The password
-	 * @return bool
+	 * @return mixed user id a string on success, false otherwise
 	 *
 	 * Check if the password is correct without logging in the user
 	 * returns the user id or false
 	 */
 	public static function checkPassword($uid, $password) {
-		$user = self::getManager()->get($uid);
-		if ($user) {
-			if ($user->checkPassword($password)) {
-				return $user->getUID();
-			} else {
-				return false;
-			}
-		} else {
-			return false;
+		$manager = self::getManager();
+		$username = $manager->checkPassword($uid, $password);
+		if ($username !== false) {
+			return $username->getUID();
 		}
+		return false;
 	}
 
 	/**
diff --git a/lib/user/http.php b/lib/user/http.php
index 1e044ed4188..e99afe59ba7 100644
--- a/lib/user/http.php
+++ b/lib/user/http.php
@@ -79,7 +79,11 @@ class OC_User_HTTP extends OC_User_Backend {
 
 		curl_close($ch);
 
-		return $status==200;
+		if($status === 200) {
+			return $uid;
+		}
+
+		return false;
 	}
 
 	/**
diff --git a/lib/user/manager.php b/lib/user/manager.php
index 8dc9bfe2729..13286bc28a4 100644
--- a/lib/user/manager.php
+++ b/lib/user/manager.php
@@ -119,6 +119,25 @@ class Manager extends PublicEmitter {
 	}
 
 	/**
+	 * Check if the password is valid for the user
+	 *
+	 * @param $loginname
+	 * @param $password
+	 * @return mixed the User object on success, false otherwise
+	 */
+	public function checkPassword($loginname, $password) {
+		foreach ($this->backends as $backend) {
+			if($backend->implementsActions(\OC_USER_BACKEND_CHECK_PASSWORD)) {
+				$uid = $backend->checkPassword($loginname, $password);
+				if ($uid !== false) {
+					return $this->getUserObject($uid, $backend);
+				}
+			}
+		}
+		return false;
+	}
+
+	/**
 	 * search by user id
 	 *
 	 * @param string $pattern
diff --git a/lib/user/session.php b/lib/user/session.php
index 9a6c669e935..b5e9385234d 100644
--- a/lib/user/session.php
+++ b/lib/user/session.php
@@ -121,15 +121,16 @@ class Session implements Emitter {
 	 */
 	public function login($uid, $password) {
 		$this->manager->emit('\OC\User', 'preLogin', array($uid, $password));
-		$user = $this->manager->get($uid);
-		if ($user) {
-			$result = $user->checkPassword($password);
-			if ($result and $user->isEnabled()) {
-				$this->setUser($user);
-				$this->manager->emit('\OC\User', 'postLogin', array($user, $password));
-				return true;
-			} else {
-				return false;
+		$user = $this->manager->checkPassword($uid, $password);
+		if($user !== false) {
+			if (!is_null($user)) {
+				if ($user->isEnabled()) {
+					$this->setUser($user);
+					$this->manager->emit('\OC\User', 'postLogin', array($user, $password));
+					return true;
+				} else {
+					return false;
+				}
 			}
 		} else {
 			return false;
diff --git a/lib/user/user.php b/lib/user/user.php
index 8115c43198c..e5f842944f1 100644
--- a/lib/user/user.php
+++ b/lib/user/user.php
@@ -106,24 +106,6 @@ class User {
 	}
 
 	/**
-	 * Check if the password is valid for the user
-	 *
-	 * @param $password
-	 * @return bool
-	 */
-	public function checkPassword($password) {
-		if ($this->backend->implementsActions(\OC_USER_BACKEND_CHECK_PASSWORD)) {
-			$result = $this->backend->checkPassword($this->uid, $password);
-			if ($result !== false) {
-				$this->uid = $result;
-			}
-			return !($result === false);
-		} else {
-			return false;
-		}
-	}
-
-	/**
 	 * Set the password of the user
 	 *
 	 * @param string $password
diff --git a/lib/util.php b/lib/util.php
index 41f5f1d16be..d4f4eed1ca7 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -730,12 +730,6 @@ class OC_Util {
 			'baseUri' => OC_Helper::linkToRemote('webdav'),
 		);
 
-		// save the old timeout so that we can restore it later
-		$oldTimeout = ini_get("default_socket_timeout");
-
-		// use a 5 sec timeout for the check. Should be enough for local requests.
-		ini_set("default_socket_timeout", 5);
-
 		$client = new \Sabre_DAV_Client($settings);
 
 		// for this self test we don't care if the ssl certificate is self signed and the peer cannot be verified.
@@ -752,9 +746,6 @@ class OC_Util {
 			$return = false;
 		}
 
-		// restore the original timeout
-		ini_set("default_socket_timeout", $oldTimeout);
-
 		return $return;
 	}