From c7a4075aaa133a0ad9a6d84b525924866a8bd9a3 Mon Sep 17 00:00:00 2001 From: Tom Needham Date: Sat, 30 Jun 2012 11:04:35 +0000 Subject: Updates contacts migration provider --- apps/contacts/appinfo/migrate.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/apps/contacts/appinfo/migrate.php b/apps/contacts/appinfo/migrate.php index cceb4406172..02026c5979c 100644 --- a/apps/contacts/appinfo/migrate.php +++ b/apps/contacts/appinfo/migrate.php @@ -30,7 +30,7 @@ class OC_Migration_Provider_Contacts extends OC_Migration_Provider{ } - // Import function for bookmarks + // Import function for contacts function import( ){ switch( $this->appinfo->version ){ default: @@ -39,11 +39,13 @@ class OC_Migration_Provider_Contacts extends OC_Migration_Provider{ $results = $query->execute( array( $this->olduid ) ); $idmap = array(); while( $row = $results->fetchRow() ){ - // Import each bookmark, saving its id into the map + // Import each addressbook $addressbookquery = OCP\DB::prepare( "INSERT INTO *PREFIX*contacts_addressbooks (`userid`, `displayname`, `uri`, `description`, `ctag`) VALUES (?, ?, ?, ?, ?)" ); $addressbookquery->execute( array( $this->uid, $row['displayname'], $row['uri'], $row['description'], $row['ctag'] ) ); // Map the id - $idmap[$row['id']] = OCP\DB::insertid(); + $idmap[$row['id']] = OCP\DB::insertid('*PREFIX*contacts_addressbooks'); + // Make the addressbook active + OC_Contacts_Addressbook::setActive($idmap[$row['id']], true); } // Now tags foreach($idmap as $oldid => $newid){ @@ -51,7 +53,7 @@ class OC_Migration_Provider_Contacts extends OC_Migration_Provider{ $query = $this->content->prepare( "SELECT * FROM contacts_cards WHERE addressbookid LIKE ?" ); $results = $query->execute( array( $oldid ) ); while( $row = $results->fetchRow() ){ - // Import the tags for this bookmark, using the new bookmark id + // Import the contacts $contactquery = OCP\DB::prepare( "INSERT INTO *PREFIX*contacts_cards (`addressbookid`, `fullname`, `carddata`, `uri`, `lastmodified`) VALUES (?, ?, ?, ?, ?)" ); $contactquery->execute( array( $newid, $row['fullname'], $row['carddata'], $row['uri'], $row['lastmodified'] ) ); } -- cgit v1.2.3 From cfc78d44bbde0426337ba6dbacf32a87667f9334 Mon Sep 17 00:00:00 2001 From: Tom Needham Date: Sat, 30 Jun 2012 10:57:47 +0000 Subject: Return correct json response, fix syntax --- lib/migrate.php | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/lib/migrate.php b/lib/migrate.php index 731b6a6839c..f788a637d3c 100644 --- a/lib/migrate.php +++ b/lib/migrate.php @@ -278,7 +278,7 @@ class OC_Migrate{ return json_encode( array( 'success' => false ) ); } // Done - return json_encode( 'success' => true ); + return json_encode( array( 'success' => true ) ); */ break; } @@ -443,21 +443,10 @@ class OC_Migrate{ 'ocversion' => OC_Util::getVersion(), 'exporttime' => time(), 'exportedby' => OC_User::getUser(), - 'exporttype' => self::$exporttype + 'exporttype' => self::$exporttype, + 'exporteduser' => self::$uid ); - // Add hash if user export - if( self::$exporttype == 'user' ){ - $query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid = ?" ); - $result = $query->execute( array( self::$uid ) ); - $row = $result->fetchRow(); - $hash = $row ? $row['password'] : false; - if( !$hash ){ - OC_Log::write( 'migration', 'Failed to get the users password hash', OC_log::ERROR); - return false; - } - $info['hash'] = $hash; - $info['exporteduser'] = self::$uid; - } + if( !is_array( $array ) ){ OC_Log::write( 'migration', 'Supplied $array was not an array in getExportInfo()', OC_Log::ERROR ); } -- cgit v1.2.3 From b2cb7d54d16aa1ae5904b917b3d597763150d04d Mon Sep 17 00:00:00 2001 From: Tom Needham Date: Sat, 30 Jun 2012 10:55:38 +0000 Subject: Fixed app path --- lib/db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/db.php b/lib/db.php index 9e6835adc6f..ffa0d37307a 100644 --- a/lib/db.php +++ b/lib/db.php @@ -528,7 +528,7 @@ class OC_DB { self::removeDBStructure( OC::$SERVERROOT . '/db_structure.xml' ); foreach($apps as $app){ - $path = self::getAppPath($app).'/appinfo/database.xml'; + $path = OC_App::getAppPath($app).'/appinfo/database.xml'; if(file_exists($path)){ self::removeDBStructure( $path ); } -- cgit v1.2.3 From 4e63981da9a02d8a6c2393ad6773edf558222530 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Sun, 1 Jul 2012 13:45:20 +0200 Subject: Disable mimesniffing --- lib/json.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/json.php b/lib/json.php index 4eab4fce9f6..7cd9ba371d7 100644 --- a/lib/json.php +++ b/lib/json.php @@ -15,6 +15,8 @@ class OC_JSON{ if (!self::$send_content_type_header){ // We send json data header( 'Content-Type: '.$type ); + // Force download + header( 'Content-Disposition: attachment' ); self::$send_content_type_header = true; } } @@ -94,12 +96,12 @@ class OC_JSON{ * Encode and print $data in json format */ public static function encodedPrint($data,$setContentType=true){ - if(!isset($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '') { + // Disable mimesniffing, don't move this to setContentTypeHeader! + header( 'X-Content-Type-Options: nosniff' ); if($setContentType){ self::setContentTypeHeader(); } array_walk_recursive($data, array('OC_JSON', 'to_string')); echo json_encode($data); - } } } -- cgit v1.2.3 From 7ceba61413ec3cc63112471e89f346ac1613d928 Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Sun, 1 Jul 2012 11:29:02 -0400 Subject: Revert "bugfix for #1098 (assigning a group to a user, the group appears incrementally many times the more you assign it)" This reverts commit 265d7e50f55978a3bebfa077aa8552d5ea1b0c59. --- settings/js/users.js | 1 - 1 file changed, 1 deletion(-) diff --git a/settings/js/users.js b/settings/js/users.js index 90569bcc56b..c04df81d82f 100644 --- a/settings/js/users.js +++ b/settings/js/users.js @@ -221,6 +221,5 @@ $(document).ready(function(){ } } ); - location.reload(); }); }); -- cgit v1.2.3 From eca2e073f812c89712c74f8626816c29a449232f Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Sun, 1 Jul 2012 11:53:29 -0400 Subject: Don't reload the page after sending private link to email address --- apps/files_sharing/js/share.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js index 9194d2240ab..39e6bd78590 100644 --- a/apps/files_sharing/js/share.js +++ b/apps/files_sharing/js/share.js @@ -360,7 +360,8 @@ $(document).ready(function() { $(this).select(); }); - $('#emailPrivateLink').live('submit', function() { + $('#emailPrivateLink').live('submit', function(event) { + event.preventDefault(); OC.Share.emailPrivateLink(); }); }); \ No newline at end of file -- cgit v1.2.3 From 5ff72f2cd7559ba39ad4f0a255debc02f38d4430 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Sun, 1 Jul 2012 21:50:53 +0200 Subject: fix a small PHP fail --- lib/l10n.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/l10n.php b/lib/l10n.php index 4acbc5dcebc..b21829e91fd 100644 --- a/lib/l10n.php +++ b/lib/l10n.php @@ -115,7 +115,7 @@ class OC_L10N{ // (Just no need to define date/time format etc. twice) if(file_exists($i18ndir.$lang.'.php')){ // Include the file, save the data from $CONFIG - include($i18ndir.$lang.'.php'); + include(strip_tags($i18ndir).strip_tags($lang).'.php'); if(isset($TRANSLATIONS) && is_array($TRANSLATIONS)){ $this->translations = $TRANSLATIONS; } -- cgit v1.2.3 From e4960c3bb471d572e6883eb8c5a503e3e7c6ccba Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Sun, 1 Jul 2012 21:50:53 +0200 Subject: fix a small PHP fail --- lib/l10n.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/l10n.php b/lib/l10n.php index 4acbc5dcebc..b21829e91fd 100644 --- a/lib/l10n.php +++ b/lib/l10n.php @@ -115,7 +115,7 @@ class OC_L10N{ // (Just no need to define date/time format etc. twice) if(file_exists($i18ndir.$lang.'.php')){ // Include the file, save the data from $CONFIG - include($i18ndir.$lang.'.php'); + include(strip_tags($i18ndir).strip_tags($lang).'.php'); if(isset($TRANSLATIONS) && is_array($TRANSLATIONS)){ $this->translations = $TRANSLATIONS; } -- cgit v1.2.3 From f8cebed3481d523ff43d438ac97048137f4f9902 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 2 Jul 2012 10:21:38 +0200 Subject: Don't display error messages --- lib/l10n.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/l10n.php b/lib/l10n.php index b21829e91fd..de8514573d3 100644 --- a/lib/l10n.php +++ b/lib/l10n.php @@ -113,13 +113,13 @@ class OC_L10N{ $i18ndir = self::findI18nDir($app); // Localization is in /l10n, Texts are in $i18ndir // (Just no need to define date/time format etc. twice) - if(file_exists($i18ndir.$lang.'.php')){ + if((OC_Helper::issubdirectory($i18ndir.$lang.'.php', OC_App::getAppPath($app).'/l10n/') || OC_Helper::issubdirectory($i18ndir.$lang.'.php', OC::$SERVERROOT.'/core/l10n/') || OC_Helper::issubdirectory($i18ndir.$lang.'.php', OC::$SERVERROOT.'/settings')) && file_exists($i18ndir.$lang.'.php')) { // Include the file, save the data from $CONFIG include(strip_tags($i18ndir).strip_tags($lang).'.php'); if(isset($TRANSLATIONS) && is_array($TRANSLATIONS)){ $this->translations = $TRANSLATIONS; } - } + } if(file_exists(OC::$SERVERROOT.'/core/l10n/l10n-'.$lang.'.php')){ // Include the file, save the data from $CONFIG -- cgit v1.2.3 From 90331a3fa1c2bd7c1ec5efb6b9f55d02d1ffe273 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 2 Jul 2012 12:20:43 +0200 Subject: Remove forced download --- lib/json.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/json.php b/lib/json.php index 7cd9ba371d7..c49b831c12b 100644 --- a/lib/json.php +++ b/lib/json.php @@ -15,8 +15,6 @@ class OC_JSON{ if (!self::$send_content_type_header){ // We send json data header( 'Content-Type: '.$type ); - // Force download - header( 'Content-Disposition: attachment' ); self::$send_content_type_header = true; } } -- cgit v1.2.3 From 515adceaceea8de6e3264f17b2fe24419da10959 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 2 Jul 2012 14:03:16 +0200 Subject: LDAP: reset resource on failed bind check for resource --- apps/user_ldap/lib_ldap.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php index 21c4e57e293..152977ff7f7 100644 --- a/apps/user_ldap/lib_ldap.php +++ b/apps/user_ldap/lib_ldap.php @@ -474,17 +474,16 @@ class OC_LDAP { // See if we have a resource $link_resource = self::getConnectionResource(); - if($link_resource) - { + if(is_resource($link_resource)) { $sr = ldap_search($link_resource, $base, $filter, $attr); $findings = ldap_get_entries($link_resource, $sr ); + // if we're here, probably no connection resource is returned. // to make ownCloud behave nicely, we simply give back an empty array. if(is_null($findings)) { return array(); } - } else - { + } else { // Seems like we didn't find any resource. // Return an empty array just like before. return array(); @@ -690,6 +689,7 @@ class OC_LDAP { $ldapLogin = @ldap_bind(self::$ldapConnectionRes, self::$ldapAgentName, self::$ldapAgentPassword ); if(!$ldapLogin) { OCP\Util::writeLog('ldap', 'Bind failed: ' . ldap_errno(self::$ldapConnectionRes) . ': ' . ldap_error(self::$ldapConnectionRes), OCP\Util::ERROR); + self::$ldapConnectionRes = null; return false; } } -- cgit v1.2.3 From ab036d47645867374cb6f4f2d168f407e96ceda5 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 2 Jul 2012 17:52:51 +0200 Subject: webdav client crashes for secure connections if he doesn't have the right root certificate for ssl verification. For the moment I print at least a useful error message to the OC log and the Apache log --- 3rdparty/Sabre/DAV/Client.php | 1 + apps/files_external/lib/webdav.php | 2 ++ 2 files changed, 3 insertions(+) diff --git a/3rdparty/Sabre/DAV/Client.php b/3rdparty/Sabre/DAV/Client.php index a8320dd9782..23bd7c05394 100644 --- a/3rdparty/Sabre/DAV/Client.php +++ b/3rdparty/Sabre/DAV/Client.php @@ -249,6 +249,7 @@ class Sabre_DAV_Client { // Automatically follow redirects CURLOPT_FOLLOWLOCATION => true, CURLOPT_MAXREDIRS => 5, + //CURLOPT_SSL_VERIFYPEER => false, ); switch ($method) { diff --git a/apps/files_external/lib/webdav.php b/apps/files_external/lib/webdav.php index d0fe2aca854..dda8afe9f2a 100644 --- a/apps/files_external/lib/webdav.php +++ b/apps/files_external/lib/webdav.php @@ -96,6 +96,8 @@ class OC_FileStorage_DAV extends OC_Filestorage_Common{ $responseType=$response["{DAV:}resourcetype"]->resourceType; return (count($responseType)>0 and $responseType[0]=="{DAV:}collection")?'dir':'file'; }catch(Exception $e){ + error_log($e->getMessage()); + \OCP\Util::writeLog("webdav client", \OCP\Util::sanitizeHTML($e->getMessage()), \OCP\Util::ERROR); return false; } } -- cgit v1.2.3 From 52822652bce0466895a6ee139d625439fddc240b Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 2 Jul 2012 20:24:26 +0200 Subject: provide multibyte aware helper functions mb_str_replace, mb_substr_replace and mb_array_change_key_case for handling with UTF 8 --- lib/helper.php | 74 +++++++++++++++++++++++++++++++++++++++++++++++++---- lib/public/util.php | 70 ++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 126 insertions(+), 18 deletions(-) diff --git a/lib/helper.php b/lib/helper.php index b1d2da1452f..0d18098a4e7 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -41,7 +41,7 @@ class OC_Helper { $app_path = OC_App::getAppPath($app); // Check if the app is in the app folder if( $app_path && file_exists( $app_path.'/'.$file )){ - if(substr($file, -3) == 'php' || substr($file, -3) == 'css'){ + if(substr($file, -3) == 'php' || substr($file, -3) == 'css'){ $urlLinkTo = OC::$WEBROOT . '/?app=' . $app; $urlLinkTo .= ($file!='index.php')?'&getfile=' . urlencode($file):''; }else{ @@ -379,7 +379,7 @@ class OC_Helper { //trim the character set from the end of the response $mimeType=substr($reply,0,strrpos($reply,' ')); - //trim ; + //trim ; if (strpos($mimeType, ';') !== false) { $mimeType = strstr($mimeType, ';', true); } @@ -586,11 +586,11 @@ class OC_Helper { return $newpath; } - + /* * checks if $sub is a subdirectory of $parent - * - * @param $sub + * + * @param $sub * @param $parent * @return bool */ @@ -620,4 +620,68 @@ class OC_Helper { exit;*/ return false; } + + /** + * @brief Returns an array with all keys from input lowercased or uppercased. Numbered indices are left as is. + * + * @param $input The array to work on + * @param $case Either MB_CASE_UPPER or MB_CASE_LOWER (default) + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @return array + * + * Returns an array with all keys from input lowercased or uppercased. Numbered indices are left as is. + * based on http://www.php.net/manual/en/function.array-change-key-case.php#107715 + * + */ + public static function mb_array_change_key_case($input, $case = MB_CASE_LOWER, $encoding = 'UTF-8'){ + $case = ($case != MB_CASE_UPPER) ? MB_CASE_LOWER : MB_CASE_UPPER; + $ret = array(); + foreach ($input as $k => $v) { + $ret[mb_convert_case($k, $case, $encoding)] = $v; + } + return $ret; + } + + /** + * @brief replaces a copy of string delimited by the start and (optionally) length parameters with the string given in replacement. + * + * @param $input The input string. .Opposite to the PHP build-in function does not accept an array. + * @param $replacement The replacement string. + * @param $start If start is positive, the replacing will begin at the start'th offset into string. If start is negative, the replacing will begin at the start'th character from the end of string. + * @param $length Length of the part to be replaced + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @return string + * + */ + public static function mb_substr_replace($string, $replacement, $start, $length = null, $encoding = 'UTF-8') { + $start = intval($start); + $length = intval($length); + $string = mb_substr($string, 0, $start, $encoding) . + $replacement . + mb_substr($string, $start+$length, mb_strlen($string, 'UTF-8')-$start, $encoding); + + return $string; + } + + /** + * @brief Replace all occurrences of the search string with the replacement string + * + * @param $search The value being searched for, otherwise known as the needle. String. + * @param $replace The replacement string. + * @param $subject The string or array being searched and replaced on, otherwise known as the haystack. + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @param $count If passed, this will be set to the number of replacements performed. + * @return string + * + */ + public static function mb_str_replace($search, $replace, $subject, $encoding = 'UTF-8', &$count = null) { + $offset = -1; + $length = mb_strlen($search, 'UTF-8'); + while(($i = mb_strrpos($subject, $search, $offset, 'UTF-8'))) { + $subject = OC_Helper::mb_substr_replace($subject, $replace, $i, $length); + $offset = $i - mb_strlen($subject, 'UTF-8') - 1; + $count++; + } + return $subject; + } } diff --git a/lib/public/util.php b/lib/public/util.php index c611d59a533..41121091544 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -26,7 +26,7 @@ * */ -// use OCP namespace for all classes that are considered public. +// use OCP namespace for all classes that are considered public. // This means that they should be used by apps instead of the internal ownCloud classes namespace OCP; @@ -54,7 +54,7 @@ class Util { /** - * @brief send an email + * @brief send an email * @param string $toaddress * @param string $toname * @param string $subject @@ -264,17 +264,61 @@ class Util { public static function callCheck(){ return(\OC_Util::callCheck()); } - - /** - * @brief Used to sanitize HTML - * - * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page. - * - * @param string or array of strings - * @return array with sanitized strings or a single sinitized string, depends on the input parameter. - */ - public static function sanitizeHTML( $value ){ - return(\OC_Util::sanitizeHTML($value)); + + /** + * @brief Used to sanitize HTML + * + * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page. + * + * @param string or array of strings + * @return array with sanitized strings or a single sinitized string, depends on the input parameter. + */ + public static function sanitizeHTML( $value ){ + return(\OC_Util::sanitizeHTML($value)); + } + + /** + * @brief Returns an array with all keys from input lowercased or uppercased. Numbered indices are left as is. + * + * @param $input The array to work on + * @param $case Either MB_CASE_UPPER or MB_CASE_LOWER (default) + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @return array + * + * + */ + public static function mb_array_change_key_case($input, $case = MB_CASE_LOWER, $encoding = 'UTF-8'){ + return(\OC_Helper::mb_array_change_key_case($input, $case, $encoding)); + } + + /** + * @brief replaces a copy of string delimited by the start and (optionally) length parameters with the string given in replacement. + * + * @param $input The input string. .Opposite to the PHP build-in function does not accept an array. + * @param $replacement The replacement string. + * @param $start If start is positive, the replacing will begin at the start'th offset into string. If start is negative, the replacing will begin at the start'th character from the end of string. + * @param $length Length of the part to be replaced + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @return string + * + */ + public static function mb_substr_replace($string, $replacement, $start, $length = null, $encoding = 'UTF-8') { + return(\OC_Helper::mb_substr_replace($string, $replacement, $start, $length, $encoding)); + } + + /** + * @brief Replace all occurrences of the search string with the replacement string + * + * @param $search The value being searched for, otherwise known as the needle. String. + * @param $replace The replacement string. + * @param $subject The string or array being searched and replaced on, otherwise known as the haystack. + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @param $count If passed, this will be set to the number of replacements performed. + * @return string + * + */ + public static function mb_str_replace($search, $replace, $subject, $encoding = 'UTF-8', &$count = null) { + return(\OC_Helper::mb_str_replace($search, $replace, $subject, $encoding, $count)); } } -- cgit v1.2.3 From 0a6f7b33c3b5e0552c041f3d529f577c0b392f40 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 2 Jul 2012 20:31:07 +0200 Subject: LDAP: make it UTF-8 save --- apps/user_ldap/appinfo/update.php | 18 ++++++++++++++++++ apps/user_ldap/appinfo/version | 2 +- apps/user_ldap/group_ldap.php | 2 +- apps/user_ldap/lib_ldap.php | 30 +++++++++++++++--------------- apps/user_ldap/user_ldap.php | 2 +- 5 files changed, 36 insertions(+), 18 deletions(-) diff --git a/apps/user_ldap/appinfo/update.php b/apps/user_ldap/appinfo/update.php index dc437ce21ce..badceb378d1 100644 --- a/apps/user_ldap/appinfo/update.php +++ b/apps/user_ldap/appinfo/update.php @@ -31,3 +31,21 @@ if($state == 'doCheck'){ OCP\Config::setSystemValue('ldapIgnoreNamingRules', true); } } + + +//from version 0.2 to 0.2.1 +$objects = array('user', 'group'); + +foreach($objects as $object) { + $fetchDNSql = 'SELECT ldap_dn from *PREFIX*ldap_'.$object.'_mapping'; + $updateSql = 'UPDATE *PREFIX*ldap_'.$object.'_mapping SET ldap_DN = ? WHERE ldap_dn = ?'; + + $query = OCP\DB::prepare($fetchDNSql); + $res = $query->execute(); + $DNs = $res->fetchAll(); + $updateQuery = OCP\DB::prepare($updateSql); + foreach($DNs as $dn) { + $newDN = mb_strtolower($dn['ldap_dn'], 'UTF-8'); + $updateQuery->execute(array($newDN, $dn['ldap_dn'])); + } +} diff --git a/apps/user_ldap/appinfo/version b/apps/user_ldap/appinfo/version index 2f4536184bc..5f021e960ec 100644 --- a/apps/user_ldap/appinfo/version +++ b/apps/user_ldap/appinfo/version @@ -1 +1 @@ -0.2 \ No newline at end of file +0.2.0.5 \ No newline at end of file diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index a3117b5a41e..d438c7d84df 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -158,7 +158,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend { $isMemberUid = (strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid'); foreach($members as $member) { if($isMemberUid) { - $filter = str_replace('%uid', $member, OC_LDAP::conf('ldapLoginFilter')); + $filter = OCP\Util::mb_str_replace('%uid', $member, OC_LDAP::conf('ldapLoginFilter'), 'UTF-8'); $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn'); if(count($ldap_users) < 1) { continue; diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php index 152977ff7f7..08b09304d78 100644 --- a/apps/user_ldap/lib_ldap.php +++ b/apps/user_ldap/lib_ldap.php @@ -171,7 +171,7 @@ class OC_LDAP { * returns the internal ownCloud name for the given LDAP DN of the group */ static public function dn2groupname($dn, $ldapname = null) { - if(strripos($dn, self::$ldapBaseGroups) !== (strlen($dn)-strlen(self::$ldapBaseGroups))) { + if(mb_strripos($dn, self::$ldapBaseGroups, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen(self::$ldapBaseGroups, 'UTF-8'))) { return false; } return self::dn2ocname($dn, $ldapname, false); @@ -186,7 +186,7 @@ class OC_LDAP { * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN */ static public function dn2username($dn, $ldapname = null) { - if(strripos($dn, self::$ldapBaseUsers) !== (strlen($dn)-strlen(self::$ldapBaseUsers))) { + if(mb_strripos($dn, self::$ldapBaseUsers, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen(self::$ldapBaseUsers, 'UTF-8'))) { return false; } return self::dn2ocname($dn, $ldapname, true); @@ -304,7 +304,7 @@ class OC_LDAP { */ static private function alternateOwnCloudName($name, $dn) { $ufn = ldap_dn2ufn($dn); - $name = $name . '@' . trim(substr_replace($ufn, '', 0, strpos($ufn, ','))); + $name = $name . '@' . trim(OCP\Util::mb_substr_replace($ufn, '', 0, mb_strpos($ufn, ',', 0, 'UTF-8'), 'UTF-8')); $name = self::sanitizeUsername($name); return $name; } @@ -419,8 +419,8 @@ class OC_LDAP { $rr = ldap_read($cr, $dn, 'objectClass=*', array($attr)); $er = ldap_first_entry($cr, $rr); //LDAP attributes are not case sensitive - $result = array_change_key_case(ldap_get_attributes($cr, $er)); - $attr = strtolower($attr); + $result = OCP\Util::mb_array_change_key_case(ldap_get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8'); + $attr = mb_strtolower($attr, 'UTF-8'); if(isset($result[$attr]) && $result[$attr]['count'] > 0){ $values = array(); @@ -469,7 +469,7 @@ class OC_LDAP { */ static private function search($filter, $base, $attr = null) { if(!is_null($attr) && !is_array($attr)) { - $attr = array(strtolower($attr)); + $attr = array(mb_strtolower($attr, 'UTF-8')); } // See if we have a resource @@ -500,11 +500,11 @@ class OC_LDAP { if(!is_array($item)) { continue; } - $item = array_change_key_case($item); + $item = OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8'); if($multiarray) { foreach($attr as $key) { - $key = strtolower($key); + $key = mb_strtolower($key, 'UTF-8'); if(isset($item[$key])) { if($key != 'dn'){ $selection[$i][$key] = self::resemblesDN($key) ? self::sanitizeDN($item[$key][0]) : $item[$key][0]; @@ -517,7 +517,7 @@ class OC_LDAP { $i++; } else { //tribute to case insensitivity - $key = strtolower($attr[0]); + $key = mb_strtolower($attr[0], 'UTF-8'); if(isset($item[$key])) { if(self::resemblesDN($key)) { @@ -546,10 +546,10 @@ class OC_LDAP { static private function sanitizeDN($dn) { //OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this! - $dn = preg_replace('/([^\\\]),(\s+)/','\1,',$dn); + $dn = preg_replace('/([^\\\]),(\s+)/u','\1,',$dn); //make comparisons and everything work - $dn = strtolower($dn); + $dn = mb_strtolower($dn, 'UTF-8'); return $dn; } @@ -560,10 +560,10 @@ class OC_LDAP { } //REPLACEMENTS - $name = str_replace(' ', '_', $name); + $name = OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8'); //every remaining unallowed characters will be removed - $name = preg_replace('/[^a-zA-Z0-9_.@-]/', '', $name); + $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name); return $name; } @@ -637,10 +637,10 @@ class OC_LDAP { self::$ldapBaseGroups = OCP\Config::getAppValue('user_ldap', 'ldap_base_groups', self::$ldapBase); self::$ldapTLS = OCP\Config::getAppValue('user_ldap', 'ldap_tls',0); self::$ldapNoCase = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0); - self::$ldapUserDisplayName = strtolower(OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid')); + self::$ldapUserDisplayName = mb_strtolower(OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'), 'UTF-8'); self::$ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter','objectClass=person'); self::$ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)'); - self::$ldapGroupDisplayName = strtolower(OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR)); + self::$ldapGroupDisplayName = mb_strtolower(OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR), 'UTF-8'); self::$ldapIgnoreNamingRules = OCP\Config::getSystemValue('ldapIgnoreNamingRules', false); if(empty(self::$ldapBaseUsers)) { diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 85b3d88973c..b51d9a55cc7 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -84,7 +84,7 @@ class OC_USER_LDAP extends OC_User_Backend { */ public function checkPassword($uid, $password){ //find out dn of the user name - $filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter')); + $filter = OCP\Util::mb_str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'), 'UTF-8'); $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn'); if(count($ldap_users) < 1) { return false; -- cgit v1.2.3 From 88cbbc86b84984946b80f6dd18e5a6a88b47f936 Mon Sep 17 00:00:00 2001 From: Tom Needham Date: Mon, 2 Jul 2012 19:06:40 +0000 Subject: Text editor: Always use UTF-8 to keep Ace happy. --- apps/files_texteditor/ajax/loadfile.php | 1 + apps/files_texteditor/ajax/savefile.php | 1 + 2 files changed, 2 insertions(+) diff --git a/apps/files_texteditor/ajax/loadfile.php b/apps/files_texteditor/ajax/loadfile.php index c263306e719..5a5affa46be 100644 --- a/apps/files_texteditor/ajax/loadfile.php +++ b/apps/files_texteditor/ajax/loadfile.php @@ -43,6 +43,7 @@ if(!empty($filename)) { $mtime = OC_Filesystem::filemtime($path); $filecontents = OC_Filesystem::file_get_contents($path); + $filecontents = iconv(mb_detect_encoding($filecontents), "UTF-8", $filecontents); OCP\JSON::success(array('data' => array('filecontents' => $filecontents, 'write' => 'false', 'mtime' => $mtime))); } } else { diff --git a/apps/files_texteditor/ajax/savefile.php b/apps/files_texteditor/ajax/savefile.php index f789112d7d7..961db7105e3 100644 --- a/apps/files_texteditor/ajax/savefile.php +++ b/apps/files_texteditor/ajax/savefile.php @@ -48,6 +48,7 @@ if($path != '' && $mtime != '' && $filecontents) // Save file if(OC_Filesystem::is_writable($path)) { + $filecontents = iconv(mb_detect_encoding($filecontents), "UTF-8", $filecontents); OC_Filesystem::file_put_contents($path, $filecontents); // Clear statcache clearstatcache(); -- cgit v1.2.3 From 8a1c27918319a96a5e801b1e945eb0fce5b489af Mon Sep 17 00:00:00 2001 From: Brice Maron Date: Tue, 3 Jul 2012 09:20:42 +0200 Subject: Escape pg connection string on setup --- lib/setup.php | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/setup.php b/lib/setup.php index 5387a0ef493..bad0f5301c7 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -155,8 +155,11 @@ class OC_Setup { OC_CONFIG::setValue('dbhost', $dbhost); OC_CONFIG::setValue('dbtableprefix', $dbtableprefix); + $e_host = addslashes($dbhost); + $e_user = addslashes($dbuser); + $e_password = addslashes($dbpass); //check if the database user has admin right - $connection_string = "host=$dbhost dbname=postgres user=$dbuser password=$dbpass"; + $connection_string = "host='$e_host' dbname=postgres user='$e_user' password='$e_password'"; $connection = @pg_connect($connection_string); if(!$connection) { $error[] = array( @@ -166,8 +169,9 @@ class OC_Setup { return $error; } else { + $e_user = pg_escape_string($dbuser); //check for roles creation rights in postgresql - $query="SELECT 1 FROM pg_roles WHERE rolcreaterole=TRUE AND rolname='$dbuser'"; + $query="SELECT 1 FROM pg_roles WHERE rolcreaterole=TRUE AND rolname='$e_user'"; $result = pg_query($connection, $query); if($result and pg_num_rows($result) > 0) { //use the admin login data for the new database user @@ -199,7 +203,13 @@ class OC_Setup { // connect to the ownCloud database (dbname=$dbname) an check if it needs to be filled $dbuser = OC_CONFIG::getValue('dbuser'); $dbpass = OC_CONFIG::getValue('dbpassword'); - $connection_string = "host=$dbhost dbname=$dbname user=$dbuser password=$dbpass"; + + $e_host = addslashes($dbhost); + $e_dbname = addslashes($dbname); + $e_user = addslashes($dbuser); + $e_password = addslashes($dbpass); + + $connection_string = "host='$e_host' dbname='$e_dbname' user='$e_user' password='$e_password'"; $connection = @pg_connect($connection_string); if(!$connection) { $error[] = array( -- cgit v1.2.3