From 76de92477f42a9c52ce5f55fc8e91e19d4b3513d Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 9 Jun 2012 14:37:52 +0200
Subject: fix infinite redirect during setup for windows hosts

---
 lib/base.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/base.php b/lib/base.php
index d86a39966ee..f85710ddfcf 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -124,7 +124,7 @@ class OC{
 		// calculate the documentroot
 		$DOCUMENTROOT=realpath($_SERVER['DOCUMENT_ROOT']);
 		OC::$SERVERROOT=str_replace("\\",'/',substr(__FILE__,0,-13));
-		OC::$SUBURI=substr(realpath($_SERVER["SCRIPT_FILENAME"]),strlen(OC::$SERVERROOT));
+		OC::$SUBURI= str_replace("\\","/",substr(realpath($_SERVER["SCRIPT_FILENAME"]),strlen(OC::$SERVERROOT)));
 		$scriptName=$_SERVER["SCRIPT_NAME"];
 		if(substr($scriptName,-1)=='/'){
 			$scriptName.='index.php';
-- 
cgit v1.2.3


From 014895aeab547ce30b91c291b3d517d2dcc1c047 Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Sat, 9 Jun 2012 14:32:02 +0200
Subject: Check for missing path_info, also use OC_Response for 404 error

---
 remote.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/remote.php b/remote.php
index 7131dfc9407..b1be50f36a7 100644
--- a/remote.php
+++ b/remote.php
@@ -7,13 +7,17 @@ if (array_key_exists('PATH_INFO', $_SERVER)){
 }else{
 	$path_info = substr($_SERVER['PHP_SELF'], strpos($_SERVER['PHP_SELF'], basename(__FILE__)) + strlen(basename(__FILE__)));
 }
+if ($path_info === false) {
+	OC_Response::setStatus(OC_Response::STATUS_NOT_FOUND);
+	exit;
+}
 if (!$pos = strpos($path_info, '/', 1)) {
 	$pos = strlen($path_info);
 }
 $service=substr($path_info, 1, $pos-1);
 $file = OC_AppConfig::getValue('core', 'remote_' . $service);
 if(is_null($file)){
-	header('HTTP/1.0 404 Not Found');
+	OC_Response::setStatus(OC_Response::STATUS_NOT_FOUND);
 	exit;
 }
 
@@ -22,4 +26,4 @@ $app=$parts[2];
 OC_App::loadApp($app);
 
 $baseuri = OC::$WEBROOT . '/remote.php/'.$service.'/';
-require_once(OC::$APPSROOT . $file);
\ No newline at end of file
+require_once(OC::$APPSROOT . $file);
-- 
cgit v1.2.3


From 4aee5a7ce43cb6d4c64838aa20d5f09adeba57ca Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Sat, 9 Jun 2012 14:32:51 +0200
Subject: Tasks: Use POST for ajax calls that change data

---
 apps/tasks/ajax/addtask.php | 2 +-
 apps/tasks/ajax/delete.php  | 2 +-
 apps/tasks/js/tasks.js      | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/tasks/ajax/addtask.php b/apps/tasks/ajax/addtask.php
index d6e313bd089..9f35e7f21ec 100644
--- a/apps/tasks/ajax/addtask.php
+++ b/apps/tasks/ajax/addtask.php
@@ -8,7 +8,7 @@ $calendars = OC_Calendar_Calendar::allCalendars(OCP\User::getUser(), true);
 $first_calendar = reset($calendars);
 $cid = $first_calendar['id'];
 
-$input = $_GET['text'];
+$input = $_POST['text'];
 $request = array();
 $request['summary'] = $input;
 $request["categories"] = null;
diff --git a/apps/tasks/ajax/delete.php b/apps/tasks/ajax/delete.php
index 6d2868748d1..e29add9b556 100644
--- a/apps/tasks/ajax/delete.php
+++ b/apps/tasks/ajax/delete.php
@@ -24,7 +24,7 @@
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
 
-$id = $_GET['id'];
+$id = $_POST['id'];
 $task = OC_Calendar_App::getEventObject( $id );
 
 OC_Calendar_Object::delete($id);
diff --git a/apps/tasks/js/tasks.js b/apps/tasks/js/tasks.js
index 60d2a523be1..d1e3a9969b4 100644
--- a/apps/tasks/js/tasks.js
+++ b/apps/tasks/js/tasks.js
@@ -440,7 +440,7 @@ $(document).ready(function(){
 
 	$('#tasks_delete').live('click',function(){
 		var id = $('#task_details').data('id');
-		$.getJSON('ajax/delete.php',{'id':id},function(jsondata){
+		$.post('ajax/delete.php',{'id':id},function(jsondata){
 			if(jsondata.status == 'success'){
 				$('#tasks [data-id="'+jsondata.data.id+'"]').remove();
 				$('#task_details').data('id','');
@@ -455,7 +455,7 @@ $(document).ready(function(){
 
 	$('#tasks_addtask').click(function(){
 		var input = $('#tasks_newtask').val();
-		$.getJSON(OC.filePath('tasks', 'ajax', 'addtask.php'),{text:input},function(jsondata){
+		$.post(OC.filePath('tasks', 'ajax', 'addtask.php'),{text:input},function(jsondata){
 			if(jsondata.status == 'success'){
 				$('#tasks_list').append(OC.Tasks.create_task_div(jsondata.task));
 			}
-- 
cgit v1.2.3


From 28ab92ee76c3528637f543c45644e26859fcdb60 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Sat, 9 Jun 2012 14:40:15 +0200
Subject: make use of post instead of get

---
 apps/calendar/ajax/calendar/edit.form.php     |  2 +-
 apps/calendar/ajax/changeview.php             |  2 +-
 apps/calendar/ajax/event/edit.form.php        |  2 +-
 apps/calendar/ajax/import/import.php          |  4 ++--
 apps/calendar/ajax/settings/guesstimezone.php |  4 ++--
 apps/calendar/ajax/share/activation.php       |  4 ++--
 apps/calendar/ajax/share/changepermission.php | 10 +++++-----
 apps/calendar/ajax/share/dropdown.php         |  2 +-
 apps/calendar/ajax/share/share.php            |  8 ++++----
 apps/calendar/ajax/share/unshare.php          |  8 ++++----
 apps/calendar/js/calendar.js                  | 16 ++++++++--------
 apps/calendar/js/geo.js                       |  2 +-
 apps/calendar/js/loader.js                    |  2 +-
 13 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/apps/calendar/ajax/calendar/edit.form.php b/apps/calendar/ajax/calendar/edit.form.php
index 77366809311..036ed12bb74 100644
--- a/apps/calendar/ajax/calendar/edit.form.php
+++ b/apps/calendar/ajax/calendar/edit.form.php
@@ -11,7 +11,7 @@ OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
 
 $calendarcolor_options = OC_Calendar_Calendar::getCalendarColorOptions();
-$calendar = OC_Calendar_App::getCalendar($_GET['calendarid']);
+$calendar = OC_Calendar_App::getCalendar($_POST['calendarid']);
 $tmpl = new OCP\Template("calendar", "part.editcalendar");
 $tmpl->assign('new', false);
 $tmpl->assign('calendarcolor_options', $calendarcolor_options);
diff --git a/apps/calendar/ajax/changeview.php b/apps/calendar/ajax/changeview.php
index 2c2d09ccb12..0099fd5ec21 100644
--- a/apps/calendar/ajax/changeview.php
+++ b/apps/calendar/ajax/changeview.php
@@ -7,7 +7,7 @@
  */
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
-$view = $_GET['v'];
+$view = $_POST['v'];
 switch($view){
 	case 'agendaWeek':
 	case 'month';
diff --git a/apps/calendar/ajax/event/edit.form.php b/apps/calendar/ajax/event/edit.form.php
index f2ea84dd205..dbb78edb798 100644
--- a/apps/calendar/ajax/event/edit.form.php
+++ b/apps/calendar/ajax/event/edit.form.php
@@ -13,7 +13,7 @@ if(!OCP\User::isLoggedIn()) {
 }
 OCP\JSON::checkAppEnabled('calendar');
 
-$id = $_GET['id'];
+$id = $_POST['id'];
 $data = OC_Calendar_App::getEventObject($id, true, true);
 
 if(!$data){
diff --git a/apps/calendar/ajax/import/import.php b/apps/calendar/ajax/import/import.php
index a3eaed844a1..6fdad12c085 100644
--- a/apps/calendar/ajax/import/import.php
+++ b/apps/calendar/ajax/import/import.php
@@ -16,9 +16,9 @@ $nl="\r\n";
 $comps = array('VEVENT'=>true, 'VTODO'=>true, 'VJOURNAL'=>true);
 
 global $progresskey;
-$progresskey = 'calendar.import-' . $_GET['progresskey'];
+$progresskey = 'calendar.import-' . $_POST['progresskey'];
 
-if (isset($_GET['progress']) && $_GET['progress']) {
+if (isset($_POST['progress']) && $_POST['progress']) {
 	echo OC_Cache::get($progresskey);
 	die;
 }
diff --git a/apps/calendar/ajax/settings/guesstimezone.php b/apps/calendar/ajax/settings/guesstimezone.php
index 13092777b78..f36f3bf061f 100644
--- a/apps/calendar/ajax/settings/guesstimezone.php
+++ b/apps/calendar/ajax/settings/guesstimezone.php
@@ -12,8 +12,8 @@ OCP\JSON::checkAppEnabled('calendar');
 
 $l = OC_L10N::get('calendar');
 
-$lat = $_GET['lat'];
-$lng = $_GET['long'];
+$lat = $_POST['lat'];
+$lng = $_POST['lng'];
 
 $timezone =  OC_Geo::timezone($lat, $lng);
 
diff --git a/apps/calendar/ajax/share/activation.php b/apps/calendar/ajax/share/activation.php
index 7d6b8fcb16e..bce8693577b 100644
--- a/apps/calendar/ajax/share/activation.php
+++ b/apps/calendar/ajax/share/activation.php
@@ -5,7 +5,7 @@
  * later.
  * See the COPYING-README file.
  */
-$id = strip_tags($_GET['id']);
-$activation = strip_tags($_GET['activation']);
+$id = strip_tags($_POST['id']);
+$activation = strip_tags($_POST['activation']);
 OC_Calendar_Share::set_active(OCP\USER::getUser(), $id, $activation);
 OCP\JSON::success();
diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php
index 2737420c94e..e807c164a23 100644
--- a/apps/calendar/ajax/share/changepermission.php
+++ b/apps/calendar/ajax/share/changepermission.php
@@ -6,9 +6,9 @@
  * See the COPYING-README file.
  */
  
-$id = strip_tags($_GET['id']);
-$idtype = strip_tags($_GET['idtype']);
-$permission = (int) strip_tags($_GET['permission']);
+$id = strip_tags($_POST['id']);
+$idtype = strip_tags($_POST['idtype']);
+$permission = (int) strip_tags($_POST['permission']);
 switch($idtype){
 	case 'calendar':
 	case 'event':
@@ -25,8 +25,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
 	OCP\JSON::error(array('message'=>'permission denied'));
 	exit;
 }
-$sharewith = $_GET['sharewith'];
-$sharetype = strip_tags($_GET['sharetype']);
+$sharewith = $_POST['sharewith'];
+$sharetype = strip_tags($_POST['sharetype']);
 switch($sharetype){
 	case 'user':
 	case 'group':
diff --git a/apps/calendar/ajax/share/dropdown.php b/apps/calendar/ajax/share/dropdown.php
index a3b0faca4bf..86cf4ac090e 100644
--- a/apps/calendar/ajax/share/dropdown.php
+++ b/apps/calendar/ajax/share/dropdown.php
@@ -7,7 +7,7 @@
  */
  
 $user = OCP\USER::getUser();
-$calid = $_GET['calid'];
+$calid = $_POST['calid'];
 $calendar = OC_Calendar_Calendar::find($calid);
 if($calendar['userid'] != $user){
 	OCP\JSON::error();
diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php
index 629a7b6b79f..838db619f62 100644
--- a/apps/calendar/ajax/share/share.php
+++ b/apps/calendar/ajax/share/share.php
@@ -6,8 +6,8 @@
  * See the COPYING-README file.
  */
  
-$id = strip_tags($_GET['id']);
-$idtype = strip_tags($_GET['idtype']);
+$id = strip_tags($_POST['id']);
+$idtype = strip_tags($_POST['idtype']);
 switch($idtype){
 	case 'calendar':
 	case 'event':
@@ -24,8 +24,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
 	OCP\JSON::error(array('message'=>'permission denied'));
 	exit;
 }
-$sharewith = $_GET['sharewith'];
-$sharetype = strip_tags($_GET['sharetype']);
+$sharewith = $_POST['sharewith'];
+$sharetype = strip_tags($_POST['sharetype']);
 switch($sharetype){
 	case 'user':
 	case 'group':
diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php
index fe7c98452d7..1ce04677fb1 100644
--- a/apps/calendar/ajax/share/unshare.php
+++ b/apps/calendar/ajax/share/unshare.php
@@ -6,8 +6,8 @@
  * See the COPYING-README file.
  */
  
-$id = strip_tags($_GET['id']);
-$idtype = strip_tags($_GET['idtype']);
+$id = strip_tags($_POST['id']);
+$idtype = strip_tags($_POST['idtype']);
 switch($idtype){
 	case 'calendar':
 	case 'event':
@@ -24,8 +24,8 @@ if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
 	OCP\JSON::error(array('message'=>'permission denied'));
 	exit;
 }
-$sharewith = $_GET['sharewith'];
-$sharetype = strip_tags($_GET['sharetype']);
+$sharewith = $_POST['sharewith'];
+$sharetype = strip_tags($_POST['sharetype']);
 switch($sharetype){
 	case 'user':
 	case 'group':
diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js
index b5411d3fd95..f869fcf2ad2 100644
--- a/apps/calendar/js/calendar.js
+++ b/apps/calendar/js/calendar.js
@@ -77,7 +77,7 @@ Calendar={
 				$('#event').dialog('destroy').remove();
 			}else{
 				Calendar.UI.loading(true);
-				$('#dialog_holder').load(OC.filePath('calendar', 'ajax/event', 'edit.form.php') + '?id=' + id, Calendar.UI.startEventDialog);
+				$('#dialog_holder').load(OC.filePath('calendar', 'ajax/event', 'edit.form.php'), {id: id}, Calendar.UI.startEventDialog);
 			}
 		},
 		submitDeleteEventForm:function(url){
@@ -413,7 +413,7 @@ Calendar={
 			},
 			edit:function(object, calendarid){
 				var tr = $(document.createElement('tr'))
-					.load(OC.filePath('calendar', 'ajax/calendar', 'edit.form.php') + "?calendarid="+calendarid,
+					.load(OC.filePath('calendar', 'ajax/calendar', 'edit.form.php'), {calendarid: calendarid},
 						function(){Calendar.UI.Calendar.colorPicker(this)});
 				$(object).closest('tr').after(tr).hide();
 			},
@@ -502,14 +502,14 @@ Calendar={
 			currentid: 'false',
 			idtype: '',
 			activation:function(object,owner,id){
-				$.getJSON(OC.filePath('calendar', 'ajax/share', 'activation.php'),{id:id, idtype:'calendar', activation:object.checked?1:0});
+				$.post(OC.filePath('calendar', 'ajax/share', 'activation.php'),{id:id, idtype:'calendar', activation:object.checked?1:0});
 				$('#calendar_holder').fullCalendar('refetchEvents');
 			},
 			dropdown:function(userid, calid){
 				$('.calendar_share_dropdown').remove();
 				var element = document.getElementById(userid+'_'+calid);
 				$('<div class="calendar_share_dropdown"></div>').appendTo(element);
-				$.get(OC.filePath('calendar', 'ajax/share', 'dropdown.php') + '?calid=' + calid, function(data){
+				$.post(OC.filePath('calendar', 'ajax/share', 'dropdown.php'), {calid: calid}, function(data){
 					$('.calendar_share_dropdown').html(data);
 					$('.calendar_share_dropdown').show('blind');
 					$('#share_user').chosen();
@@ -519,7 +519,7 @@ Calendar={
 				Calendar.UI.Share.idtype = 'calendar';
 			},
 			share:function(id, idtype, sharewith, sharetype){
-				$.getJSON(OC.filePath('calendar', 'ajax/share', 'share.php'),{id:id, idtype:idtype, sharewith:sharewith, sharetype:sharetype}, function(data){
+				$.post(OC.filePath('calendar', 'ajax/share', 'share.php'),{id:id, idtype:idtype, sharewith:sharewith, sharetype:sharetype}, function(data){
 					if(sharetype == 'public'){
 						$('#public_token').val(parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service=calendar&t='+data.message);
 						$('#public_token').css('display', 'block');
@@ -527,7 +527,7 @@ Calendar={
 				});
 			},
 			unshare:function(id, idtype, sharewith, sharetype){
-				$.getJSON(OC.filePath('calendar', 'ajax/share', 'unshare.php'),{id:id, idtype:idtype, sharewith:sharewith, sharetype:sharetype}, function(){
+				$.post(OC.filePath('calendar', 'ajax/share', 'unshare.php'),{id:id, idtype:idtype, sharewith:sharewith, sharetype:sharetype}, function(){
 					if(sharetype == 'public'){
 						$('#public_token').val('');
 						$('#public_token').css('display', 'none');
@@ -535,7 +535,7 @@ Calendar={
 				});
 			},
 			changepermission:function(id, idtype, sharewith, sharetype, permission){
-				$.getJSON(OC.filePath('calendar', 'ajax/share', 'changepermission.php'),{id:id, idtype:idtype, sharewith: sharewith, sharetype:sharetype, permission: (permission?1:0)});
+				$.post(OC.filePath('calendar', 'ajax/share', 'changepermission.php'),{id:id, idtype:idtype, sharewith: sharewith, sharetype:sharetype, permission: (permission?1:0)});
 			},
 			init:function(){
 				$('.calendar_share_dropdown').live('mouseleave', function(){
@@ -846,7 +846,7 @@ $(document).ready(function(){
 		viewDisplay: function(view) {
 			$('#datecontrol_date').html(view.title);
 			if (view.name != defaultView) {
-				$.get(OC.filePath('calendar', 'ajax', 'changeview.php') + "?v="+view.name);
+				$.post(OC.filePath('calendar', 'ajax', 'changeview.php'), {v:view.name});
 				defaultView = view.name;
 			}
 			Calendar.UI.setViewActive(view.name);
diff --git a/apps/calendar/js/geo.js b/apps/calendar/js/geo.js
index 092d8547469..99290d940e3 100644
--- a/apps/calendar/js/geo.js
+++ b/apps/calendar/js/geo.js
@@ -6,7 +6,7 @@
  */
 if (navigator.geolocation) { 
 	navigator.geolocation.getCurrentPosition(function(position) {
-		$.getJSON(OC.filePath('calendar', 'ajax/settings', 'guesstimezone.php') + '?lat=' + position.coords.latitude + '&long=' + position.coords.longitude,
+		$.post(OC.filePath('calendar', 'ajax/settings', 'guesstimezone.php'), {lat: position.coords.latitude, lng: position.coords.longitude},
 		function(data){
 			if (data.status == 'success' && typeof(data.message) != 'undefined'){
 				$('#notification').html(data.message);
diff --git a/apps/calendar/js/loader.js b/apps/calendar/js/loader.js
index 838521ec7f5..0fc5018e89c 100644
--- a/apps/calendar/js/loader.js
+++ b/apps/calendar/js/loader.js
@@ -63,7 +63,7 @@ Calendar_Import={
 		});
 	},
 	getimportstatus: function(progresskey){
-		$.get(OC.filePath('calendar', 'ajax/import', 'import.php') + '?progress=1&progresskey=' + progresskey, function(percent){
+		$.post(OC.filePath('calendar', 'ajax/import', 'import.php'), {progress:1,progresskey: progresskey}, function(percent){
 			$('#progressbar').progressbar('option', 'value', parseInt(percent));
 			if(percent < 100){
 				window.setTimeout('Calendar_Import.getimportstatus(\'' + progresskey + '\')', 500);
-- 
cgit v1.2.3


From 88341e5797c09d5cdb3c8b7ff713b4a62d51bd60 Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Sat, 9 Jun 2012 14:53:35 +0200
Subject: Code cleanup.

---
 apps/contacts/ajax/addproperty.php | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php
index 2f932d752a7..42b0c782035 100644
--- a/apps/contacts/ajax/addproperty.php
+++ b/apps/contacts/ajax/addproperty.php
@@ -24,6 +24,12 @@
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('contacts');
 
+function bailOut($msg) {
+	OCP\JSON::error(array('data' => array('message' => $msg)));
+	OCP\Util::writeLog('contacts','ajax/addproperty.php: '.$msg, OCP\Util::DEBUG);
+	exit();
+}
+
 $id = isset($_POST['id'])?$_POST['id']:null;
 $name = isset($_POST['name'])?$_POST['name']:null;
 $value = isset($_POST['value'])?$_POST['value']:null;
@@ -31,11 +37,21 @@ $parameters = isset($_POST['parameters'])?$_POST['parameters']:array();
 
 $vcard = OC_Contacts_App::getContactVCard($id);
 
+if(!$name) {
+	bailOut(OC_Contacts_App::$l10n->t('element name is not set.'));
+}
+if(!$id) {
+	bailOut(OC_Contacts_App::$l10n->t('id is not set.'));
+}
+
+if(!$vcard) {
+	bailOut(OC_Contacts_App::$l10n->t('Could not parse contact: ').$id);
+}
+
 if(!is_array($value)){
 	$value = trim($value);
 	if(!$value && in_array($name, array('TEL', 'EMAIL', 'ORG', 'BDAY', 'URL', 'NICKNAME', 'NOTE'))) {
-		OCP\JSON::error(array('data' => array('message' => OC_Contacts_App::$l10n->t('Cannot add empty property.'))));
-		exit();
+		bailOut(OC_Contacts_App::$l10n->t('Cannot add empty property.'));
 	}
 } elseif($name === 'ADR') { // only add if non-empty elements.
 	$empty = true;
@@ -46,8 +62,7 @@ if(!is_array($value)){
 		}
 	}
 	if($empty) {
-		OCP\JSON::error(array('data' => array('message' => OC_Contacts_App::$l10n->t('At least one of the address fields has to be filled out.'))));
-		exit();
+		bailOut(OC_Contacts_App::$l10n->t('At least one of the address fields has to be filled out.'));
 	}
 }
 
@@ -56,9 +71,7 @@ $current = $vcard->select($name);
 foreach($current as $item) {
 	$tmpvalue = (is_array($value)?implode(';', $value):$value);
 	if($tmpvalue == $item->value) {
-		OCP\JSON::error(array('data' => array('message' => OC_Contacts_App::$l10n->t('Trying to add duplicate property: ').$name.': '.$tmpvalue)));
-		OCP\Util::writeLog('contacts','ajax/addproperty.php: Trying to add duplicate property: '.$name.': '.$tmpvalue, OCP\Util::DEBUG);
-		exit();
+		bailOut(OC_Contacts_App::$l10n->t('Trying to add duplicate property: '.$name.': '.$tmpvalue));
 	}
 }
 
@@ -114,9 +127,7 @@ foreach ($parameters as $key=>$element) {
 $checksum = md5($vcard->children[$line]->serialize());
 
 if(!OC_Contacts_VCard::edit($id,$vcard)) {
-	OCP\JSON::error(array('data' => array('message' => OC_Contacts_App::$l10n->t('Error adding contact property.'))));
-	OCP\Util::writeLog('contacts','ajax/addproperty.php: Error updating contact property: '.$name, OCP\Util::ERROR);
-	exit();
+	bailOut(OC_Contacts_App::$l10n->t('Error adding contact property: '.$name));
 }
 
 OCP\JSON::success(array('data' => array( 'checksum' => $checksum )));
-- 
cgit v1.2.3


From 081e1874cb476a16d7fd2d6ed5dabaeca61fffae Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Sat, 9 Jun 2012 15:00:18 +0200
Subject: Contacts: Use POST instead of GET.

---
 apps/contacts/ajax/deletecard.php     | 2 +-
 apps/contacts/ajax/deleteproperty.php | 4 ++--
 apps/contacts/js/contacts.js          | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/contacts/ajax/deletecard.php b/apps/contacts/ajax/deletecard.php
index 6414fda93cb..e6d0405a240 100644
--- a/apps/contacts/ajax/deletecard.php
+++ b/apps/contacts/ajax/deletecard.php
@@ -29,7 +29,7 @@ function bailOut($msg) {
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('contacts');
 
-$id = isset($_GET['id'])?$_GET['id']:null;
+$id = isset($_POST['id'])?$_POST['id']:null;
 if(!$id) {
 	bailOut(OC_Contacts_App::$l10n->t('id is not set.'));
 }
diff --git a/apps/contacts/ajax/deleteproperty.php b/apps/contacts/ajax/deleteproperty.php
index b0746d18a79..e6c2bd9f803 100644
--- a/apps/contacts/ajax/deleteproperty.php
+++ b/apps/contacts/ajax/deleteproperty.php
@@ -24,8 +24,8 @@
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('contacts');
 
-$id = $_GET['id'];
-$checksum = $_GET['checksum'];
+$id = $_POST['id'];
+$checksum = $_POST['checksum'];
 
 $vcard = OC_Contacts_App::getContactVCard( $id );
 $line = OC_Contacts_App::getPropertyLineByChecksum($vcard, $checksum);
diff --git a/apps/contacts/js/contacts.js b/apps/contacts/js/contacts.js
index 35d4a4a216d..a241856300b 100644
--- a/apps/contacts/js/contacts.js
+++ b/apps/contacts/js/contacts.js
@@ -368,7 +368,7 @@ Contacts={
 				$('#contacts_deletecard').tipsy('hide');
 				OC.dialogs.confirm(t('contacts', 'Are you sure you want to delete this contact?'), t('contacts', 'Warning'), function(answer) {
 					if(answer == true) {
-						$.getJSON(OC.filePath('contacts', 'ajax', 'deletecard.php'),{'id':Contacts.UI.Card.id},function(jsondata){
+						$.post(OC.filePath('contacts', 'ajax', 'deletecard.php'),{'id':Contacts.UI.Card.id},function(jsondata){
 							if(jsondata.status == 'success'){
 								var newid = '';
 								var curlistitem = $('#leftcontent [data-id="'+jsondata.data.id+'"]');
@@ -707,7 +707,7 @@ Contacts={
 				Contacts.UI.loading(obj, true);
 				var checksum = Contacts.UI.checksumFor(obj);
 				if(checksum) {
-					$.getJSON(OC.filePath('contacts', 'ajax', 'deleteproperty.php'),{'id': this.id, 'checksum': checksum },function(jsondata){
+					$.post(OC.filePath('contacts', 'ajax', 'deleteproperty.php'),{'id': this.id, 'checksum': checksum },function(jsondata){
 						if(jsondata.status == 'success'){
 							if(type == 'list') {
 								Contacts.UI.propertyContainerFor(obj).remove();
-- 
cgit v1.2.3


From 344299a074e135140262d051531f723be69c786f Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Sat, 9 Jun 2012 15:05:14 +0200
Subject: add two csrf check calls. Review and lot´s of porting needed.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/public/util.php | 20 +++++++++++++++++++
 lib/util.php        | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 76 insertions(+)

diff --git a/lib/public/util.php b/lib/public/util.php
index 9b499574da1..995161e2abe 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -248,6 +248,26 @@ class Util {
 	}
 
 
+	/**
+ 	 * Register an get/post call. This is important to prevent CSRF attacks
+	 * TODO: write example
+	 */
+	public static function callRegister(){
+		return(\OC_Util::callRegister());
+	}
+
+
+	/**
+	 * Check an ajax get/post call if the request token is valid. exit if not.
+	 * Todo: Write howto
+	 */
+	public static function callCheck(){
+		return(\OC_Util::callCheck());
+	}
+
+
+
+
 }
 
 ?>
diff --git a/lib/util.php b/lib/util.php
index 20888fa71f4..ef8ba8efe72 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -343,4 +343,60 @@ class OC_Util {
 		}
 		return $id;
 	}
+
+	/**
+	 * Register an get/post call. This is important to prevent CSRF attacks
+	 * Todo: Write howto
+	 */
+	public static function callRegister(){
+		// generate a random token.
+		$token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
+
+		// store the token together with a timestamp in the session.
+		$_SESSION['requesttoken-'.$token]=time();
+
+		// return the token
+		return($token);
+	}
+
+
+	/**
+	 * Check an ajax get/post call if the request token is valid. exit if not.
+	 * Todo: Write howto
+	 */
+	public static function callCheck(){
+		//mamimum time before token exires
+		$maxtime=(60*60);  // 1 hour
+
+		// searches in the get and post arrays for the token.
+		if(isset($_GET['requesttoken'])) {
+			$token=$_GET['requesttoken'];
+		}elseif(isset($_POST['requesttoken'])){
+			$token=$_POST['requesttoken'];
+		}else{
+			//no token found. exiting
+			exit;
+		}
+
+		// check if the token is in the user session and if the timestamp is from the last hour.
+		if(isset($_SESSION['requesttoken-'.$token])) {
+			$timestamp=$_SESSION['requesttoken-'.$token];
+			if($timestamp+$maxtime<time){
+				//token exired. exiting
+				exit;
+
+			}else{
+				//token valid
+				return;
+			}
+		}else{
+			//no token found. exiting
+			exit;
+		}
+	}
+
+
+
+
+
 }
-- 
cgit v1.2.3


From cfe219fbb9f2f734b063041ae420400044f90000 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 9 Jun 2012 15:07:09 +0200
Subject: fix potential xss in multiselect

---
 core/js/multiselect.js | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/core/js/multiselect.js b/core/js/multiselect.js
index 541dddf0f70..5f339006d26 100644
--- a/core/js/multiselect.js
+++ b/core/js/multiselect.js
@@ -57,8 +57,11 @@
 				element=$(element);
 				var item=element.val();
 				var id='ms'+multiSelectId+'-option-'+item;
-				var input=$('<input id="'+id+'" type="checkbox"/>');
-				var label=$('<label for="'+id+'">'+item+'</label>');
+				var input=$('<input type="checkbox"/>');
+				input.attr('id',id);
+				var label=$('<label/>');
+				label.attr('for',id);
+				label.text(item);
 				if(settings.checked.indexOf(item)!=-1 || checked){
 					input.attr('checked',true);
 				}
@@ -130,7 +133,10 @@
 							li.text('+ '+settings.createText);
 							li.before(createItem(this));
 							var select=button.parent().next();
-							select.append($('<option selected="selected" value="'+$(this).val()+'">'+$(this).val()+'</option>'));
+							var option=$('<option selected="selected"/>');
+							option.attr('value',$(this).val());
+							option.text($(this).val());
+							select.append(optione);
 							li.prev().children('input').trigger('click');
 							button.parent().data('preventHide',false);
 							if(settings.createCallback){
-- 
cgit v1.2.3


From 001293a702be1373c327bc8d5222df3924a7f66a Mon Sep 17 00:00:00 2001
From: Bartek Przybylski <bart.p.pl@gmail.com>
Date: Sat, 9 Jun 2012 15:12:28 +0200
Subject: removing app access check, fix title for links in tiles

---
 apps/gallery/lib/managers.php | 3 ---
 apps/gallery/lib/tiles.php    | 2 +-
 lib/image.php                 | 6 +++++-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/apps/gallery/lib/managers.php b/apps/gallery/lib/managers.php
index 41300058936..f9a67b8b117 100644
--- a/apps/gallery/lib/managers.php
+++ b/apps/gallery/lib/managers.php
@@ -4,9 +4,6 @@ namespace OC\Pictures;
 
 require_once('lib/base.php');
 
-\OCP\JSON::checkLoggedIn();
-\OCP\JSON::checkAppEnabled('gallery');
-
 class DatabaseManager {
 	private static $instance = null;
 	const TAG = 'DatabaseManager';
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php
index f1961cb72e5..e43c99bb76a 100644
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -95,7 +95,7 @@ class TileSingle extends TileBase {
 	public function get($extra = '') {
 		//	!HACK! file path needs to be encoded twice because files app decode twice url, so any special chars like + or & in filename
 		//	!HACK! will result in failing of opening them 
-		return '<a rel="images" title="'.basename($this->getPath()).'" href="'.\OCP\Util::linkTo('files', 'download.php').'?file='.urlencode(urlencode($this->getPath())).'"><img rel="images" src="'.\OCP\Util::linkTo('gallery', 'ajax/thumbnail.php').'&filepath='.urlencode($this->getPath()).'" '.$extra.'></a>';
+		return '<a rel="images" title="'.htmlentities(basename($this->getPath())).'" href="'.\OCP\Util::linkTo('files', 'download.php').'?file='.urlencode(urlencode($this->getPath())).'"><img rel="images" src="'.\OCP\Util::linkTo('gallery', 'ajax/thumbnail.php').'&filepath='.urlencode($this->getPath()).'" '.$extra.'></a>';
 	}
 	
 	public function getMiniatureSrc() {
diff --git a/lib/image.php b/lib/image.php
index af61f9424e9..5a2e8202488 100644
--- a/lib/image.php
+++ b/lib/image.php
@@ -407,7 +407,11 @@ class OC_Image {
 				break;
 			*/
 			default:
-				$this->resource = imagecreatefromstring(file_get_contents($imagepath));
+			error_log($imagepath);
+			error_log(\OC_Filesystem::getInternalPath($imagepath));
+			error_log(\OC_Filesystem::getLocalFile($imagepath));
+				// this is mostly file created from encrypted file
+				$this->resource = imagecreatefromstring(\OC_Filesystem::file_get_contents(\OC_Filesystem::getInternalPath($imagepath)));
 				$itype = IMAGETYPE_PNG;
 				OC_Log::write('core','OC_Image->loadFromFile, Default', OC_Log::DEBUG);
 				break;
-- 
cgit v1.2.3


From cfb9c764ca06ad431925aaa4dcf8dc35ed3fb394 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Sat, 9 Jun 2012 15:13:09 +0200
Subject: fix creation of monthly repeated events

---
 apps/calendar/lib/object.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php
index cc80a0bb708..9e4806227b0 100644
--- a/apps/calendar/lib/object.php
+++ b/apps/calendar/lib/object.php
@@ -665,6 +665,9 @@ class OC_Calendar_Object{
 								$byday .= ',' . $weekofmonth . $days[$day];
 							}
 						}
+						if($byday == ''){
+							$byday = 'MO,TU,WE,TH,FR,SA,SU';
+						}
 						$rrule .= ';BYDAY=' . $byday;
 					}
 					break;
-- 
cgit v1.2.3


From 531132d64f7eab2e5f175164b0b0c6d322145d10 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Sat, 9 Jun 2012 15:14:49 +0200
Subject: fix a bug in when

---
 3rdparty/when/When.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/3rdparty/when/When.php b/3rdparty/when/When.php
index 5f97f0eb9bf..185836bf0c5 100644
--- a/3rdparty/when/When.php
+++ b/3rdparty/when/When.php
@@ -586,7 +586,7 @@ class When
 				}
 			}
 		}
-		elseif($this->gobyday || $interval == "month")
+		elseif($this->gobyday && $interval == "month")
 		{
 			$_mdays = range(1, date('t',mktime(0,0,0,$month,1,$year)));
 			foreach($_mdays as $_mday)
@@ -621,7 +621,13 @@ class When
 		
 		if($interval == "month")
 		{
-			$this->try_date->modify('last day of ' . $this->interval . ' ' . $interval);
+			
+			$this->try_date->modify('first day of next month');
+			if((int) date('t', $this->try_date->format('U')) > (int) $this->start_date->format('j')){
+				$this->try_date->modify('+' . (int) $this->start_date->format('j') - 1 . ' day'); 
+			}else{
+				$this->try_date->modify('+' . (int) date('t', $this->try_date->format('U')) - 1 . ' day'); 
+			}
 		}
 		else
 		{
@@ -722,4 +728,4 @@ class When
 			}
 		}
 	}
-}
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 120997112c7acf490171d07ec32cdd6d091db9c2 Mon Sep 17 00:00:00 2001
From: Bartek Przybylski <bart.p.pl@gmail.com>
Date: Sat, 9 Jun 2012 15:22:02 +0200
Subject: handle encrypted images files in oc_image

---
 lib/image.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/image.php b/lib/image.php
index 5a2e8202488..41e8c744d8c 100644
--- a/lib/image.php
+++ b/lib/image.php
@@ -407,11 +407,14 @@ class OC_Image {
 				break;
 			*/
 			default:
-			error_log($imagepath);
-			error_log(\OC_Filesystem::getInternalPath($imagepath));
-			error_log(\OC_Filesystem::getLocalFile($imagepath));
+			
 				// this is mostly file created from encrypted file
-				$this->resource = imagecreatefromstring(\OC_Filesystem::file_get_contents(\OC_Filesystem::getInternalPath($imagepath)));
+				$datadir = \OCP\Config::getSystemValue('datadirectory').'/'.\OC_User::getUser().'/files';
+				$newimgpath = $imagepath;
+				if (strncmp($newimgpath, $datadir, strlen($datadir)) == 0) {
+					$newimgpath = substr($imagepath, strlen($datadir));
+				}
+				$this->resource = imagecreatefromstring(\OC_Filesystem::file_get_contents($newimgpath));
 				$itype = IMAGETYPE_PNG;
 				OC_Log::write('core','OC_Image->loadFromFile, Default', OC_Log::DEBUG);
 				break;
-- 
cgit v1.2.3


From 43501309e336ac0268b6e9b4b3c6f5b0f05f7056 Mon Sep 17 00:00:00 2001
From: Bartek Przybylski <bart.p.pl@gmail.com>
Date: Sat, 9 Jun 2012 15:26:26 +0200
Subject: add function in filesystem to strip webroot

---
 lib/filesystem.php | 14 ++++++++++++++
 lib/image.php      |  7 +------
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/lib/filesystem.php b/lib/filesystem.php
index 337b0f1464b..454bb1aa81a 100644
--- a/lib/filesystem.php
+++ b/lib/filesystem.php
@@ -343,6 +343,20 @@ class OC_Filesystem{
 		return self::$defaultInstance->getLocalFile($path);
 	}
 	
+	/**
+	* return path to file which reflects one visible in browser
+	* @param string path
+	* @return string
+	*/
+	static public function getLocalPath($path) {
+		$datadir = \OCP\Config::getSystemValue('datadirectory').'/'.\OC_User::getUser().'/files';
+		$newpath = $path;
+		if (strncmp($newpath, $datadir, strlen($datadir)) == 0) {
+			$newpath = substr($path, strlen($datadir));
+		}
+		return $newpath;
+	}
+	
 	/**
 	 * check if the requested path is valid
 	 * @param string path
diff --git a/lib/image.php b/lib/image.php
index 41e8c744d8c..d72960101f0 100644
--- a/lib/image.php
+++ b/lib/image.php
@@ -409,12 +409,7 @@ class OC_Image {
 			default:
 			
 				// this is mostly file created from encrypted file
-				$datadir = \OCP\Config::getSystemValue('datadirectory').'/'.\OC_User::getUser().'/files';
-				$newimgpath = $imagepath;
-				if (strncmp($newimgpath, $datadir, strlen($datadir)) == 0) {
-					$newimgpath = substr($imagepath, strlen($datadir));
-				}
-				$this->resource = imagecreatefromstring(\OC_Filesystem::file_get_contents($newimgpath));
+				$this->resource = imagecreatefromstring(\OC_Filesystem::file_get_contents(\OC_Filesystem::getLocalPath($newimgpath)));
 				$itype = IMAGETYPE_PNG;
 				OC_Log::write('core','OC_Image->loadFromFile, Default', OC_Log::DEBUG);
 				break;
-- 
cgit v1.2.3


From ec55eaef5bf5f198dd9fdc46d41fa9e62105f281 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 9 Jun 2012 15:25:00 +0200
Subject: dont load apps when displaying the login page

and only load authentication apps during login
---
 index.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/index.php b/index.php
index d552c149df8..940bb797207 100755
--- a/index.php
+++ b/index.php
@@ -69,10 +69,10 @@ elseif(OC_User::isLoggedIn()) {
 
 // For all others cases, we display the guest page :
 } else {
-	OC_App::loadApps();
 	$error = false;
 	// remember was checked after last login
 	if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {
+		OC_App::loadApps(array('authentication'));
 		if(defined("DEBUG") && DEBUG) {
 			OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG);
 		}
@@ -88,6 +88,7 @@ elseif(OC_User::isLoggedIn()) {
 
 	// Someone wants to log in :
 	} elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {
+		OC_App::loadApps(array('authentication'));
 		if(OC_User::login($_POST["user"], $_POST["password"])) {
 			if(!empty($_POST["remember_login"])){
 				if(defined("DEBUG") && DEBUG) {
@@ -107,6 +108,7 @@ elseif(OC_User::isLoggedIn()) {
 	
 	// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
 	} elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
+		OC_App::loadApps(array('authentication'));
 		if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"]))	{
 			//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
 			OC_User::unsetMagicInCookie();
-- 
cgit v1.2.3


From 6e9fea341b98e4964f404fe5bc773e6f161999ec Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Sat, 9 Jun 2012 15:33:38 +0200
Subject: Changed preferences configvalue to clob. Fixes several bugs e.g.
 oc-825 and oc-743.

---
 db_structure.xml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/db_structure.xml b/db_structure.xml
index d29dcb46f8c..94567b4d539 100644
--- a/db_structure.xml
+++ b/db_structure.xml
@@ -432,10 +432,8 @@
 
    <field>
     <name>configvalue</name>
-    <type>text</type>
-    <default></default>
+    <type>clob</type>
     <notnull>true</notnull>
-    <length>255</length>
    </field>
 
   </declaration>
-- 
cgit v1.2.3


From 28627406740e3b9e2aa51006f344d9f0e79b3f93 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Sat, 9 Jun 2012 15:38:03 +0200
Subject: increase height of event dialog

---
 apps/calendar/js/calendar.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js
index f869fcf2ad2..7ae4a3a6eb1 100644
--- a/apps/calendar/js/calendar.js
+++ b/apps/calendar/js/calendar.js
@@ -49,6 +49,7 @@ Calendar={
 			$( "#event" ).tabs({ selected: 0});
 			$('#event').dialog({
 				width : 500,
+				height: 600,
 				close : function(event, ui) {
 					$(this).dialog('destroy').remove();
 				}
-- 
cgit v1.2.3


From ba1dec64c174793a714346871c58387cb2578527 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 9 Jun 2012 15:57:57 +0200
Subject: load all apps when loging in, needed for apps listening to login
 hooks

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 940bb797207..07f8436720d 100755
--- a/index.php
+++ b/index.php
@@ -88,7 +88,7 @@ elseif(OC_User::isLoggedIn()) {
 
 	// Someone wants to log in :
 	} elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {
-		OC_App::loadApps(array('authentication'));
+		OC_App::loadApps();
 		if(OC_User::login($_POST["user"], $_POST["password"])) {
 			if(!empty($_POST["remember_login"])){
 				if(defined("DEBUG") && DEBUG) {
-- 
cgit v1.2.3


From b16136642b7b2629d1105ebe02af6313904bd837 Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Sat, 9 Jun 2012 16:04:47 +0200
Subject: Bump version to trigger db update.

---
 lib/util.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/util.php b/lib/util.php
index ef8ba8efe72..53096f029a2 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -83,7 +83,7 @@ class OC_Util {
 	 * @return array
 	 */
 	public static function getVersion(){
-		return array(4,80,0);
+		return array(4,80,1);
 	}
 
 	/**
-- 
cgit v1.2.3


From c9214afff804ec60f90b514159520355aa6e80c6 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Sat, 9 Jun 2012 16:34:43 +0200
Subject: fix XSS in Calendar

---
 apps/calendar/templates/part.choosecalendar.rowfields.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.php b/apps/calendar/templates/part.choosecalendar.rowfields.php
index bad268897bf..268c3356011 100644
--- a/apps/calendar/templates/part.choosecalendar.rowfields.php
+++ b/apps/calendar/templates/part.choosecalendar.rowfields.php
@@ -2,7 +2,7 @@
 echo '<td width="20px"><input id="active_' . $_['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Calendar.activation(this,' . $_['calendar']['id'] . ')"' . ($_['calendar']['active'] ? ' checked="checked"' : '') . '></td>';
 echo '<td  id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . htmlspecialchars($_['calendar']['displayname']) . '</label></td>';
 echo '<td width="20px"><a href="#" onclick="Calendar.UI.Share.dropdown(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['id'] . '\');" title="' . $l->t("Share Calendar") . '" class="action"><img  class="svg action" src="' . ((!$_['shared']) ? OCP\Util::imagePath('core', 'actions/share.svg') : OCP\Util::imagePath('core', 'actions/shared.svg')) . '"></a></td>';
-echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['uri'] . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img  class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>';
+echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . htmlentities($_['calendar']['uri']) . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img  class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>';
 echo '<td width="20px"><a href="?app=calendar&getfile=export.php?calid=' . $_['calendar']['id'] . '" title="' . $l->t('Download') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/download.svg').'"></a></td>';
 echo '<td width="20px"><a  href="#" title="' . $l->t('Edit') . '" class="action" onclick="Calendar.UI.Calendar.edit(this, ' . $_['calendar']['id'] . ');"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/rename.svg').'"></a></td>';
 echo '<td width="20px"><a href="#" onclick="Calendar.UI.Calendar.deleteCalendar(\'' . $_['calendar']['id'] . '\');" title="' . $l->t('Delete') . '" class="action"><img  class="svg action" src="'.OCP\Util::imagePath('core', 'actions/delete.svg').'"></a></td>';
-- 
cgit v1.2.3


From e7f6f7e452131320a73861ad975c3d7961074190 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Sat, 9 Jun 2012 16:44:48 +0200
Subject: fix another XSS

---
 apps/calendar/templates/part.import.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php
index 39cda29c20d..b966100cc11 100644
--- a/apps/calendar/templates/part.import.php
+++ b/apps/calendar/templates/part.import.php
@@ -8,6 +8,9 @@
 <?php
 $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser());
 $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar'));
+for($i = 0;$i<count($calendar_options);$i++){
+	$calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']);
+}
 echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname'));
 ?>
 </select>
-- 
cgit v1.2.3


From 601bac746d62540425f7a9e13ffbbc61e12eaca2 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 9 Jun 2012 17:33:57 +0200
Subject: use absolute path for file proxies

---
 apps/files_encryption/lib/cryptstream.php |  6 ++++-
 apps/files_encryption/lib/proxy.php       |  2 +-
 apps/files_encryption/tests/proxy.php     | 15 +++++++++++
 lib/filesystemview.php                    | 44 ++++++++++++++++++++++++++++---
 4 files changed, 61 insertions(+), 6 deletions(-)

diff --git a/apps/files_encryption/lib/cryptstream.php b/apps/files_encryption/lib/cryptstream.php
index d6643f32689..a698ee00335 100644
--- a/apps/files_encryption/lib/cryptstream.php
+++ b/apps/files_encryption/lib/cryptstream.php
@@ -35,8 +35,12 @@ class OC_CryptStream{
 	private $meta=array();//header/meta for source stream
 	private $count;
 	private $writeCache;
+	private static $rootView;
 
 	public function stream_open($path, $mode, $options, &$opened_path){
+		if(!self::$rootView){
+			self::$rootView=new OC_FilesystemView('');
+		}
 		$path=str_replace('crypt://','',$path);
 		if(dirname($path)=='streams' and isset(self::$sourceStreams[basename($path)])){
 			$this->source=self::$sourceStreams[basename($path)]['stream'];
@@ -45,7 +49,7 @@ class OC_CryptStream{
 			$this->path=$path;
 			OCP\Util::writeLog('files_encryption','open encrypted '.$path. ' in '.$mode,OCP\Util::DEBUG);
 			OC_FileProxy::$enabled=false;//disable fileproxies so we can open the source file
-			$this->source=OC_FileSystem::fopen($path,$mode);
+			$this->source=self::$rootView->fopen($path,$mode);
 			OC_FileProxy::$enabled=true;
 			if(!is_resource($this->source)){
 				OCP\Util::writeLog('files_encryption','failed to open '.$path,OCP\Util::ERROR);
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index 06f963fc981..9fd57c0f02b 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -59,7 +59,7 @@ class OC_FileProxy_Encryption extends OC_FileProxy{
 	 * @return bool
 	 */
 	private static function isEncrypted($path){
-		$metadata=OC_FileCache::getCached($path);
+		$metadata=OC_FileCache::getCached($path,'');
 		return isset($metadata['encrypted']) and (bool)$metadata['encrypted'];
 	}
 	
diff --git a/apps/files_encryption/tests/proxy.php b/apps/files_encryption/tests/proxy.php
index 0450de82acb..f36b2193430 100644
--- a/apps/files_encryption/tests/proxy.php
+++ b/apps/files_encryption/tests/proxy.php
@@ -30,6 +30,9 @@ class Test_CryptProxy extends UnitTestCase {
 	}
 
 	public function testSimple(){
+		$oldConfig=OCP\Config::getAppValue('files_encryption','enable_encryption','true');
+		OCP\Config::setAppValue('files_encryption','enable_encryption','true');
+	
 		$file=OC::$SERVERROOT.'/3rdparty/MDB2.php';
 		$original=file_get_contents($file);
 
@@ -42,5 +45,17 @@ class Test_CryptProxy extends UnitTestCase {
 		$fromFile=OC_Filesystem::file_get_contents('/file');
 		$this->assertNotEqual($original,$stored);
 		$this->assertEqual($original,$fromFile);
+
+		$rootView=new OC_FilesystemView('');
+		$view=new OC_FilesystemView('/'.OC_User::getUser());
+		$userDir='/'.OC_User::getUser().'/files';
+
+		$fromFile=$rootView->file_get_contents($userDir.'/file');
+		$this->assertEqual($original,$fromFile);
+
+		$fromFile=$view->file_get_contents('files/file');
+		$this->assertEqual($original,$fromFile);
+
+		OCP\Config::setAppValue('files_encryption','enable_encryption',$oldConfig);
 	}
 }
diff --git a/lib/filesystemview.php b/lib/filesystemview.php
index 6e34257a460..58657671b98 100644
--- a/lib/filesystemview.php
+++ b/lib/filesystemview.php
@@ -91,6 +91,23 @@ class OC_FilesystemView {
 		}
 		return $this->internal_path_cache[$path];
 	}
+
+	/**
+	 * get path relative to the root of the view
+	 * @param string path
+	 * @return string
+	 */
+	public function getRelativePath($path){
+		if($this->fakeRoot==''){
+			return $path;
+		}
+		if(strpos($path,$this->fakeRoot)!==0){
+			return null;
+		}else{
+			return substr($path,strlen($this->fakeRoot));
+		}
+	}
+	
 	/**
 	* get the storage object for a path
 	* @param string path
@@ -232,7 +249,14 @@ class OC_FilesystemView {
 		return $this->basicOperation('unlink',$path,array('delete'));
 	}
 	public function rename($path1,$path2){
-		if(OC_FileProxy::runPreProxies('rename',$path1,$path2) and OC_Filesystem::isValidPath($path2)){
+		$absolutePath1=$this->getAbsolutePath($path1);
+		$absolutePath2=$this->getAbsolutePath($path2);
+		if(OC_FileProxy::runPreProxies('rename',$absolutePath1,$absolutePath2) and OC_Filesystem::isValidPath($path2)){
+			$path1=$this->getRelativePath($absolutePath1);
+			$path2=$this->getRelativePath($absolutePath2);
+			if($path1==null or $path2==null){
+				return false;
+			}
 			$run=true;
 			OC_Hook::emit( OC_Filesystem::CLASSNAME, OC_Filesystem::signal_rename, array( OC_Filesystem::signal_param_oldpath => $path1 , OC_Filesystem::signal_param_newpath=>$path2, OC_Filesystem::signal_param_run => &$run));
 			if($run){
@@ -256,7 +280,14 @@ class OC_FilesystemView {
 		}
 	}
 	public function copy($path1,$path2){
-		if(OC_FileProxy::runPreProxies('copy',$path1,$path2) and $this->is_readable($path1) and OC_Filesystem::isValidPath($path2)){
+		$absolutePath1=$this->getAbsolutePath($path1);
+		$absolutePath2=$this->getAbsolutePath($path2);
+		if(OC_FileProxy::runPreProxies('copy',$absolutePath1,$absolutePath2) and OC_Filesystem::isValidPath($path2)){
+			$path1=$this->getRelativePath($absolutePath1);
+			$path2=$this->getRelativePath($absolutePath2);
+			if($path1==null or $path2==null){
+				return false;
+			}
 			$run=true;
 			OC_Hook::emit( OC_Filesystem::CLASSNAME, OC_Filesystem::signal_copy, array( OC_Filesystem::signal_param_oldpath => $path1 , OC_Filesystem::signal_param_newpath=>$path2, OC_Filesystem::signal_param_run => &$run));
 			$exists=$this->file_exists($path2);
@@ -375,7 +406,12 @@ class OC_FilesystemView {
 	 * OC_Filestorage for delegation to a storage backend for execution
 	 */
 	private function basicOperation($operation,$path,$hooks=array(),$extraParam=null){
-		if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and OC_Filesystem::isValidPath($path)){
+		$absolutePath=$this->getAbsolutePath($path);
+		if(OC_FileProxy::runPreProxies($operation,$absolutePath, $extraParam) and OC_Filesystem::isValidPath($path)){
+			$path=$this->getRelativePath($absolutePath);
+			if($path==null){
+				return false;
+			}
 			$internalPath=$this->getInternalPath($path);
 			$run=true;
 			if(OC_Filesystem::$loaded and $this->fakeRoot==OC_Filesystem::getRoot()){
@@ -393,7 +429,7 @@ class OC_FilesystemView {
 				}else{
 					$result=$storage->$operation($internalPath);
 				}
-				$result=OC_FileProxy::runPostProxies($operation,$path,$result);
+				$result=OC_FileProxy::runPostProxies($operation,$this->getAbsolutePath($path),$result);
 				if(OC_Filesystem::$loaded and $this->fakeRoot==OC_Filesystem::getRoot()){
 					if($operation!='fopen'){//no post hooks for fopen, the file stream is still open
 						foreach($hooks as $hook){
-- 
cgit v1.2.3


From d065b2d29edb4bb72492dde46293e77fa03b50d6 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 9 Jun 2012 17:39:14 +0200
Subject: prevent opening non-music files through the media ajax api

---
 apps/media/ajax/api.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/media/ajax/api.php b/apps/media/ajax/api.php
index 6e269f3bb78..a229c17e804 100644
--- a/apps/media/ajax/api.php
+++ b/apps/media/ajax/api.php
@@ -103,6 +103,10 @@ if($arguments['action']){
 			@ob_end_clean();
 			
 			$ftype=OC_Filesystem::getMimeType( $arguments['path'] );
+			if(substr($ftype,0,5)!='audio' and $ftype!='application/ogg'){
+				echo 'Not an audio file';
+				exit();
+			}
 			
 			$songId=OC_MEDIA_COLLECTION::getSongByPath($arguments['path']);
 			OC_MEDIA_COLLECTION::registerPlay($songId);
-- 
cgit v1.2.3


From 897bfa8814eaebe6d0d44b8554b99725819214e7 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Sat, 9 Jun 2012 17:43:02 +0200
Subject: finally fix the updater. next is an automatic updater. but this is a
 bit more tricky.

---
 config/config.sample.php |  3 +++
 lib/updater.php          | 17 +++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index 0c0ace521ec..bb13b1f8ea3 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -74,6 +74,9 @@ $CONFIG = array(
 /* Check 3rdparty apps for malicious code fragments */
 "appcodechecker" => "",
 
+/* Check if ownCloud is up to date */
+"updatechecker" => true,
+
 /* Place to log to, can be owncloud and syslog (owncloud is log menu item in admin menu) */
 "log_type" => "owncloud",
 
diff --git a/lib/updater.php b/lib/updater.php
index bc5ee00b6a3..5d97178c30e 100644
--- a/lib/updater.php
+++ b/lib/updater.php
@@ -30,11 +30,12 @@ class OC_Updater{
 	 */
 	public static function check(){
 		OC_Appconfig::setValue('core', 'lastupdatedat',microtime(true));
+		if(OC_Appconfig::getValue('core', 'installedat','')=='') OC_Appconfig::setValue('core', 'installedat',microtime(true));
 
 		$updaterurl='http://apps.owncloud.com/updater.php';
 		$version=OC_Util::getVersion();
-		$version['installed']=OC_Config::getValue('installedat');
-		$version['updated']=OC_Appconfig::getValue('core', 'lastupdatedat', OC_Config::getValue( 'lastupdatedat'));
+		$version['installed']=OC_Appconfig::getValue('core', 'installedat');
+		$version['updated']=OC_Appconfig::getValue('core', 'lastupdatedat');
 		$version['updatechannel']='stable';
 		$version['edition']=OC_Util::getEditionString();
 		$versionstring=implode('x',$version);
@@ -57,11 +58,15 @@ class OC_Updater{
 	}
 
 	public static function ShowUpdatingHint(){
-		$data=OC_Updater::check();
-		if(isset($data['version']) and $data['version']<>'') {
-			$txt='<span style="color:#AA0000; font-weight:bold;">'.$data['versionstring'].' is available. Get <a href="'.$data['web'].'">more information</a></span>';
+		if(OC_Config::getValue('updatechecker', true)==true){
+			$data=OC_Updater::check();
+			if(isset($data['version']) and $data['version']<>'') {
+				$txt='<span style="color:#AA0000; font-weight:bold;">'.$data['versionstring'].' is available. Get <a href="'.$data['web'].'">more information</a></span>';
+			}else{
+				$txt='up to date';
+			}
 		}else{
-			$txt='up to date';
+			$txt='updates check is disabled';
 		}
 		return($txt);
 	}
-- 
cgit v1.2.3


From b46903fa767eae1152bcd285250556ebf13130b9 Mon Sep 17 00:00:00 2001
From: Michiel de Jong <michiel@unhosted.org>
Date: Sat, 9 Jun 2012 20:39:24 +0200
Subject: sanitize  when logged in as another user

---
 apps/remoteStorage/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
index ac0e83bb373..f508983d052 100644
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -112,7 +112,7 @@ if($userId && $appUrl && $categories) {
 		}//end 'need to click Allow still'
 	} else {//login not ok
 		if($currUser) {
-			die('You are logged in as '.$currUser.' instead of '.$userId);
+			die('You are logged in as '.$currUser.' instead of '.htmlentities($userId));
 		} else {
 			header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING']));
 		}
-- 
cgit v1.2.3


From ab41b57f6266200e1b1c94d45487975163deb560 Mon Sep 17 00:00:00 2001
From: Michael Gapczynski <GapczynskiM@gmail.com>
Date: Sat, 9 Jun 2012 15:02:26 -0400
Subject: Add Dropbox storage backend

---
 3rdparty/Dropbox/API.php                    | 380 ++++++++++++++++++++++++++++
 3rdparty/Dropbox/Exception.php              |  15 ++
 3rdparty/Dropbox/Exception/Forbidden.php    |  18 ++
 3rdparty/Dropbox/Exception/NotFound.php     |  20 ++
 3rdparty/Dropbox/Exception/OverQuota.php    |  20 ++
 3rdparty/Dropbox/Exception/RequestToken.php |  18 ++
 3rdparty/Dropbox/LICENSE.txt                |  19 ++
 3rdparty/Dropbox/OAuth.php                  | 151 +++++++++++
 3rdparty/Dropbox/OAuth/Consumer/Dropbox.php |  37 +++
 3rdparty/Dropbox/OAuth/Curl.php             | 282 +++++++++++++++++++++
 3rdparty/Dropbox/README.md                  |  31 +++
 3rdparty/Dropbox/autoload.php               |  29 +++
 apps/files_external/appinfo/app.php         |   1 +
 apps/files_external/lib/dropbox.php         | 203 +++++++++++++++
 14 files changed, 1224 insertions(+)
 create mode 100644 3rdparty/Dropbox/API.php
 create mode 100644 3rdparty/Dropbox/Exception.php
 create mode 100644 3rdparty/Dropbox/Exception/Forbidden.php
 create mode 100644 3rdparty/Dropbox/Exception/NotFound.php
 create mode 100644 3rdparty/Dropbox/Exception/OverQuota.php
 create mode 100644 3rdparty/Dropbox/Exception/RequestToken.php
 create mode 100644 3rdparty/Dropbox/LICENSE.txt
 create mode 100644 3rdparty/Dropbox/OAuth.php
 create mode 100644 3rdparty/Dropbox/OAuth/Consumer/Dropbox.php
 create mode 100644 3rdparty/Dropbox/OAuth/Curl.php
 create mode 100644 3rdparty/Dropbox/README.md
 create mode 100644 3rdparty/Dropbox/autoload.php
 create mode 100755 apps/files_external/lib/dropbox.php

diff --git a/3rdparty/Dropbox/API.php b/3rdparty/Dropbox/API.php
new file mode 100644
index 00000000000..cff6c35c7fb
--- /dev/null
+++ b/3rdparty/Dropbox/API.php
@@ -0,0 +1,380 @@
+<?php
+
+/**
+ * Dropbox API class 
+ * 
+ * @package Dropbox 
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+class Dropbox_API {
+
+    /**
+     * Sandbox root-path
+     */
+    const ROOT_SANDBOX = 'sandbox';
+
+    /**
+     * Dropbox root-path
+     */
+    const ROOT_DROPBOX = 'dropbox';
+    
+    /**
+     * API URl
+     */
+    protected $api_url = 'https://api.dropbox.com/1/';
+    
+    /**
+     * Content API URl
+     */
+    protected $api_content_url = 'https://api-content.dropbox.com/1/';
+
+    /**
+     * OAuth object 
+     * 
+     * @var Dropbox_OAuth
+     */
+    protected $oauth;
+    
+    /**
+     * Default root-path, this will most likely be 'sandbox' or 'dropbox' 
+     * 
+     * @var string 
+     */
+    protected $root;
+    protected $useSSL;
+
+    /**
+     * Constructor 
+     * 
+     * @param Dropbox_OAuth Dropbox_Auth object
+     * @param string $root default root path (sandbox or dropbox) 
+     */
+    public function __construct(Dropbox_OAuth $oauth, $root = self::ROOT_DROPBOX, $useSSL = true) {
+
+        $this->oauth = $oauth;
+        $this->root = $root;
+        $this->useSSL = $useSSL;
+        if (!$this->useSSL)
+        {
+            throw new Dropbox_Exception('Dropbox REST API now requires that all requests use SSL');
+        }
+
+    }
+
+    /**
+     * Returns information about the current dropbox account 
+     * 
+     * @return stdclass 
+     */
+    public function getAccountInfo() {
+
+        $data = $this->oauth->fetch($this->api_url . 'account/info');
+        return json_decode($data['body'],true);
+
+    }
+
+    /**
+     * Returns a file's contents 
+     * 
+     * @param string $path path 
+     * @param string $root Use this to override the default root path (sandbox/dropbox) 
+     * @return string 
+     */
+    public function getFile($path = '', $root = null) {
+
+        if (is_null($root)) $root = $this->root;
+        $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+        $result = $this->oauth->fetch($this->api_content_url . 'files/' . $root . '/' . ltrim($path,'/'));
+        return $result['body'];
+
+    }
+
+    /**
+     * Uploads a new file
+     *
+     * @param string $path Target path (including filename) 
+     * @param string $file Either a path to a file or a stream resource 
+     * @param string $root Use this to override the default root path (sandbox/dropbox)  
+     * @return bool 
+     */
+    public function putFile($path, $file, $root = null) {
+
+        $directory = dirname($path);
+        $filename = basename($path);
+
+        if($directory==='.') $directory = '';
+        $directory = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($directory));
+//         $filename = str_replace('~', '%7E', rawurlencode($filename));
+        if (is_null($root)) $root = $this->root;
+
+        if (is_string($file)) {
+
+            $file = fopen($file,'rb');
+
+        } elseif (!is_resource($file)) {
+            throw new Dropbox_Exception('File must be a file-resource or a string');
+        }
+        $result=$this->multipartFetch($this->api_content_url . 'files/' . 
+                $root . '/' . trim($directory,'/'), $file, $filename);
+        
+        if(!isset($result["httpStatus"]) || $result["httpStatus"] != 200) 
+            throw new Dropbox_Exception("Uploading file to Dropbox failed");
+
+        return true;
+    }
+
+
+    /**
+     * Copies a file or directory from one location to another 
+     *
+     * This method returns the file information of the newly created file.
+     *
+     * @param string $from source path 
+     * @param string $to destination path 
+     * @param string $root Use this to override the default root path (sandbox/dropbox)  
+     * @return stdclass 
+     */
+    public function copy($from, $to, $root = null) {
+
+        if (is_null($root)) $root = $this->root;
+        $response = $this->oauth->fetch($this->api_url . 'fileops/copy', array('from_path' => $from, 'to_path' => $to, 'root' => $root));
+
+        return json_decode($response['body'],true);
+
+    }
+
+    /**
+     * Creates a new folder 
+     *
+     * This method returns the information from the newly created directory
+     *
+     * @param string $path 
+     * @param string $root Use this to override the default root path (sandbox/dropbox)  
+     * @return stdclass 
+     */
+    public function createFolder($path, $root = null) {
+
+        if (is_null($root)) $root = $this->root;
+
+        // Making sure the path starts with a /
+//         $path = '/' . ltrim($path,'/');
+
+        $response = $this->oauth->fetch($this->api_url . 'fileops/create_folder', array('path' => $path, 'root' => $root),'POST');
+        return json_decode($response['body'],true);
+
+    }
+
+    /**
+     * Deletes a file or folder.
+     *
+     * This method will return the metadata information from the deleted file or folder, if successful.
+     * 
+     * @param string $path Path to new folder 
+     * @param string $root Use this to override the default root path (sandbox/dropbox)  
+     * @return array 
+     */
+    public function delete($path, $root = null) {
+
+        if (is_null($root)) $root = $this->root;
+        $response = $this->oauth->fetch($this->api_url . 'fileops/delete', array('path' => $path, 'root' => $root));
+        return json_decode($response['body']);
+
+    }
+
+    /**
+     * Moves a file or directory to a new location 
+     *
+     * This method returns the information from the newly created directory
+     *
+     * @param mixed $from Source path 
+     * @param mixed $to destination path
+     * @param string $root Use this to override the default root path (sandbox/dropbox) 
+     * @return stdclass 
+     */
+    public function move($from, $to, $root = null) {
+
+        if (is_null($root)) $root = $this->root;
+        $response = $this->oauth->fetch($this->api_url . 'fileops/move', array('from_path' => rawurldecode($from), 'to_path' => rawurldecode($to), 'root' => $root));
+
+        return json_decode($response['body'],true);
+
+    }
+
+    /**
+     * Returns file and directory information
+     * 
+     * @param string $path Path to receive information from 
+     * @param bool $list When set to true, this method returns information from all files in a directory. When set to false it will only return infromation from the specified directory.
+     * @param string $hash If a hash is supplied, this method simply returns true if nothing has changed since the last request. Good for caching.
+     * @param int $fileLimit Maximum number of file-information to receive 
+     * @param string $root Use this to override the default root path (sandbox/dropbox) 
+     * @return array|true 
+     */
+    public function getMetaData($path, $list = true, $hash = null, $fileLimit = null, $root = null) {
+
+        if (is_null($root)) $root = $this->root;
+
+        $args = array(
+            'list' => $list,
+        );
+
+        if (!is_null($hash)) $args['hash'] = $hash; 
+        if (!is_null($fileLimit)) $args['file_limit'] = $fileLimit; 
+
+        $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+        $response = $this->oauth->fetch($this->api_url . 'metadata/' . $root . '/' . ltrim($path,'/'), $args);
+
+        /* 304 is not modified */
+        if ($response['httpStatus']==304) {
+            return true; 
+        } else {
+            return json_decode($response['body'],true);
+        }
+
+    } 
+
+    /**
+    * A way of letting you keep up with changes to files and folders in a user's Dropbox. You can periodically call /delta to get a list of "delta entries", which are instructions on how to update your local state to match the server's state.
+    *
+    * This method returns the information from the newly created directory
+    *
+    * @param string $cursor A string that is used to keep track of your current state. On the next call pass in this value to return delta entries that have been recorded since the cursor was returned.
+    * @return stdclass
+    */
+    public function delta($cursor) {
+    
+    	$arg['cursor'] = $cursor;
+    
+    	$response = $this->oauth->fetch($this->api_url . 'delta', $arg, 'POST');
+    	return json_decode($response['body'],true);
+    
+    }
+
+    /**
+     * Returns a thumbnail (as a string) for a file path. 
+     * 
+     * @param string $path Path to file 
+     * @param string $size small, medium or large 
+     * @param string $root Use this to override the default root path (sandbox/dropbox)  
+     * @return string 
+     */
+    public function getThumbnail($path, $size = 'small', $root = null) {
+
+        if (is_null($root)) $root = $this->root;
+        $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+        $response = $this->oauth->fetch($this->api_content_url . 'thumbnails/' . $root . '/' . ltrim($path,'/'),array('size' => $size));
+
+        return $response['body'];
+
+    }
+
+    /**
+     * This method is used to generate multipart POST requests for file upload 
+     * 
+     * @param string $uri 
+     * @param array $arguments 
+     * @return bool 
+     */
+    protected function multipartFetch($uri, $file, $filename) {
+
+        /* random string */
+        $boundary = 'R50hrfBj5JYyfR3vF3wR96GPCC9Fd2q2pVMERvEaOE3D8LZTgLLbRpNwXek3';
+
+        $headers = array(
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
+        );
+
+        $body="--" . $boundary . "\r\n";
+        $body.="Content-Disposition: form-data; name=file; filename=".rawurldecode($filename)."\r\n";
+        $body.="Content-type: application/octet-stream\r\n";
+        $body.="\r\n";
+        $body.=stream_get_contents($file);
+        $body.="\r\n";
+        $body.="--" . $boundary . "--";
+
+        // Dropbox requires the filename to also be part of the regular arguments, so it becomes
+        // part of the signature. 
+        $uri.='?file=' . $filename;
+
+        return $this->oauth->fetch($uri, $body, 'POST', $headers);
+
+    }
+	
+	
+	/**
+     * Search
+     *
+     * Returns metadata for all files and folders that match the search query.
+     *
+	 * @added by: diszo.sasil 
+	 *
+     * @param string $query	 
+     * @param string $root Use this to override the default root path (sandbox/dropbox)
+	 * @param string $path
+     * @return array
+     */
+	public function search($query = '', $root = null, $path = ''){
+		if (is_null($root)) $root = $this->root;
+		if(!empty($path)){
+			$path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+		}
+        $response = $this->oauth->fetch($this->api_url . 'search/' . $root . '/' . ltrim($path,'/'),array('query' => $query));
+        return json_decode($response['body'],true);
+	}
+
+    /**
+     * Creates and returns a shareable link to files or folders.
+     * 
+     * Note: Links created by the /shares API call expire after thirty days.
+     * 
+     * @param type $path
+     * @param type $root
+     * @return type 
+     */
+    public function share($path, $root = null) {
+        if (is_null($root)) $root = $this->root;
+        $path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+        $response = $this->oauth->fetch($this->api_url.  'shares/'. $root . '/' . ltrim($path, '/'), array(), 'POST');
+        return json_decode($response['body'],true);
+
+    }
+
+    /**
+    * Returns a link directly to a file.
+    * Similar to /shares. The difference is that this bypasses the Dropbox webserver, used to provide a preview of the file, so that you can effectively stream the contents of your media.
+    *
+    * Note: The /media link expires after four hours, allotting enough time to stream files, but not enough to leave a connection open indefinitely.
+    *
+    * @param type $path
+    * @param type $root
+    * @return type
+    */
+    public function media($path, $root = null) {
+
+    	if (is_null($root)) $root = $this->root;
+    	$path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+    	$response = $this->oauth->fetch($this->api_url.  'media/'. $root . '/' . ltrim($path, '/'), array(), 'POST');
+    	return json_decode($response['body'],true);
+    
+    }
+
+    /**
+    * Creates and returns a copy_ref to a file. This reference string can be used to copy that file to another user's Dropbox by passing it in as the from_copy_ref parameter on /fileops/copy.
+    *
+    * @param type $path
+    * @param type $root
+    * @return type
+    */
+    public function copy_ref($path, $root = null) {
+
+    	if (is_null($root)) $root = $this->root;
+    	$path = str_replace(array('%2F','~'), array('/','%7E'), rawurlencode($path));
+    	$response = $this->oauth->fetch($this->api_url.  'copy_ref/'. $root . '/' . ltrim($path, '/'));
+    	return json_decode($response['body'],true);
+    
+    }
+    
+
+}
diff --git a/3rdparty/Dropbox/Exception.php b/3rdparty/Dropbox/Exception.php
new file mode 100644
index 00000000000..50cbc4c7915
--- /dev/null
+++ b/3rdparty/Dropbox/Exception.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * Dropbox base exception 
+ * 
+ * @package Dropbox 
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+
+/**
+ * Base exception class
+ */
+class Dropbox_Exception extends Exception { }
diff --git a/3rdparty/Dropbox/Exception/Forbidden.php b/3rdparty/Dropbox/Exception/Forbidden.php
new file mode 100644
index 00000000000..5f0378cfc74
--- /dev/null
+++ b/3rdparty/Dropbox/Exception/Forbidden.php
@@ -0,0 +1,18 @@
+<?php
+
+/**
+ * Dropbox Forbidden exception
+ * 
+ * @package Dropbox 
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+
+/**
+ * This exception is thrown when we receive the 403 forbidden response
+ */
+class Dropbox_Exception_Forbidden extends Dropbox_Exception {
+
+
+}
diff --git a/3rdparty/Dropbox/Exception/NotFound.php b/3rdparty/Dropbox/Exception/NotFound.php
new file mode 100644
index 00000000000..3deaf90d76b
--- /dev/null
+++ b/3rdparty/Dropbox/Exception/NotFound.php
@@ -0,0 +1,20 @@
+<?php
+
+/**
+ * Dropbox Not Found exception
+ * 
+ * @package Dropbox 
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+
+/**
+ * This exception is thrown when a non-existant uri is accessed.
+ * 
+ * Basically, this exception is used when we get back a 404.
+ */
+class Dropbox_Exception_NotFound extends Dropbox_Exception {
+
+
+}
diff --git a/3rdparty/Dropbox/Exception/OverQuota.php b/3rdparty/Dropbox/Exception/OverQuota.php
new file mode 100644
index 00000000000..86e5425dbd8
--- /dev/null
+++ b/3rdparty/Dropbox/Exception/OverQuota.php
@@ -0,0 +1,20 @@
+<?php
+
+/**
+ * Dropbox Over Quota exception
+ * 
+ * @package Dropbox 
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+
+/**
+ * This exception is thrown when the operation required more space than the available quota.
+ * 
+ * Basically, this exception is used when we get back a 507.
+ */
+class Dropbox_Exception_OverQuota extends Dropbox_Exception {
+
+
+}
diff --git a/3rdparty/Dropbox/Exception/RequestToken.php b/3rdparty/Dropbox/Exception/RequestToken.php
new file mode 100644
index 00000000000..5b117f2c6b0
--- /dev/null
+++ b/3rdparty/Dropbox/Exception/RequestToken.php
@@ -0,0 +1,18 @@
+<?php
+
+/**
+ * Dropbox RequestToken exception
+ * 
+ * @package Dropbox 
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+
+/**
+ * This exception is thrown when an error occured during the request_token process.
+ */
+class Dropbox_Exception_RequestToken extends Dropbox_Exception {
+
+
+}
diff --git a/3rdparty/Dropbox/LICENSE.txt b/3rdparty/Dropbox/LICENSE.txt
new file mode 100644
index 00000000000..cd3512acee6
--- /dev/null
+++ b/3rdparty/Dropbox/LICENSE.txt
@@ -0,0 +1,19 @@
+Copyright (c) 2010 Rooftop Solutions
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/3rdparty/Dropbox/OAuth.php b/3rdparty/Dropbox/OAuth.php
new file mode 100644
index 00000000000..905cc2da1c6
--- /dev/null
+++ b/3rdparty/Dropbox/OAuth.php
@@ -0,0 +1,151 @@
+<?php
+
+/**
+ * Dropbox OAuth
+ * 
+ * @package Dropbox 
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+
+
+/**
+ * This class is an abstract OAuth class.
+ *
+ * It must be extended by classes who wish to provide OAuth functionality
+ * using different libraries.
+ */
+abstract class Dropbox_OAuth {
+
+    /**
+     * After a user has authorized access, dropbox can redirect the user back
+     * to this url.
+     * 
+     * @var string
+     */
+    public $authorizeCallbackUrl = null; 
+   
+    /**
+     * Uri used to fetch request tokens 
+     * 
+     * @var string
+     */
+    const URI_REQUEST_TOKEN = 'https://api.dropbox.com/1/oauth/request_token';
+
+    /**
+     * Uri used to redirect the user to for authorization.
+     * 
+     * @var string
+     */
+    const URI_AUTHORIZE = 'https://www.dropbox.com/1/oauth/authorize';
+
+    /**
+     * Uri used to 
+     * 
+     * @var string
+     */
+    const URI_ACCESS_TOKEN = 'https://api.dropbox.com/1/oauth/access_token';
+
+    /**
+     * An OAuth request token. 
+     * 
+     * @var string 
+     */
+    protected $oauth_token = null;
+
+    /**
+     * OAuth token secret 
+     * 
+     * @var string 
+     */
+    protected $oauth_token_secret = null;
+
+
+    /**
+     * Constructor
+     * 
+     * @param string $consumerKey 
+     * @param string $consumerSecret 
+     */
+    abstract public function __construct($consumerKey, $consumerSecret);
+
+    /**
+     * Sets the request token and secret.
+     *
+     * The tokens can also be passed as an array into the first argument.
+     * The array must have the elements token and token_secret.
+     * 
+     * @param string|array $token 
+     * @param string $token_secret 
+     * @return void
+     */
+    public function setToken($token, $token_secret = null) {
+
+        if (is_array($token)) {
+            $this->oauth_token = $token['token'];
+            $this->oauth_token_secret = $token['token_secret'];
+        } else {
+            $this->oauth_token = $token;
+            $this->oauth_token_secret = $token_secret;
+        }
+
+    }
+
+    /**
+     * Returns the oauth request tokens as an associative array.
+     *
+     * The array will contain the elements 'token' and 'token_secret'.
+     * 
+     * @return array 
+     */
+    public function getToken() {
+
+        return array(
+            'token' => $this->oauth_token,
+            'token_secret' => $this->oauth_token_secret,
+        );
+
+    }
+
+    /**
+     * Returns the authorization url
+     * 
+     * @param string $callBack Specify a callback url to automatically redirect the user back 
+     * @return string 
+     */
+    public function getAuthorizeUrl($callBack = null) {
+        
+        // Building the redirect uri
+        $token = $this->getToken();
+        $uri = self::URI_AUTHORIZE . '?oauth_token=' . $token['token'];
+        if ($callBack) $uri.='&oauth_callback=' . $callBack;
+        return $uri;
+    }
+
+    /**
+     * Fetches a secured oauth url and returns the response body. 
+     * 
+     * @param string $uri 
+     * @param mixed $arguments 
+     * @param string $method 
+     * @param array $httpHeaders 
+     * @return string 
+     */
+    public abstract function fetch($uri, $arguments = array(), $method = 'GET', $httpHeaders = array()); 
+
+    /**
+     * Requests the OAuth request token.
+     * 
+     * @return array 
+     */
+    abstract public function getRequestToken(); 
+
+    /**
+     * Requests the OAuth access tokens.
+     *
+     * @return array
+     */
+    abstract public function getAccessToken(); 
+
+}
diff --git a/3rdparty/Dropbox/OAuth/Consumer/Dropbox.php b/3rdparty/Dropbox/OAuth/Consumer/Dropbox.php
new file mode 100644
index 00000000000..204a659de00
--- /dev/null
+++ b/3rdparty/Dropbox/OAuth/Consumer/Dropbox.php
@@ -0,0 +1,37 @@
+<?php
+/**
+ * HTTP OAuth Consumer
+ * 
+ * Adapted from halldirector's code in 
+ * http://code.google.com/p/dropbox-php/issues/detail?id=36#c5
+ * 
+ * @package Dropbox
+ * @copyright Copyright (C) 2011 Joe Constant / halldirector. All rights reserved.
+ * @author Joe Constant / halldirector
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+
+require_once 'HTTP/OAuth.php';
+require_once 'HTTP/OAuth/Consumer.php';
+
+/* 
+ * This class is to help work around aomw ssl issues.
+ */
+class Dropbox_OAuth_Consumer_Dropbox extends  HTTP_OAuth_Consumer
+{
+    public function getOAuthConsumerRequest()
+    {
+        if (!$this->consumerRequest instanceof HTTP_OAuth_Consumer_Request) {
+            $this->consumerRequest = new HTTP_OAuth_Consumer_Request;
+        }
+        
+        // TODO: Change this and add in code to validate the SSL cert.
+        // see https://github.com/bagder/curl/blob/master/lib/mk-ca-bundle.pl
+        $this->consumerRequest->setConfig(array(
+                    'ssl_verify_peer' => false, 
+                    'ssl_verify_host' => false
+                ));
+        
+        return $this->consumerRequest;
+    }
+}
diff --git a/3rdparty/Dropbox/OAuth/Curl.php b/3rdparty/Dropbox/OAuth/Curl.php
new file mode 100644
index 00000000000..b75b27bb363
--- /dev/null
+++ b/3rdparty/Dropbox/OAuth/Curl.php
@@ -0,0 +1,282 @@
+<?php
+
+/**
+ * Dropbox OAuth
+ * 
+ * @package Dropbox 
+ * @copyright Copyright (C) 2011 Daniel Huesken
+ * @author Daniel Huesken (http://www.danielhuesken.de/)
+ * @license MIT
+ */
+
+/**
+ * This class is used to sign all requests to dropbox.
+ *
+ * This specific class uses WordPress WP_Http to authenticate.
+ */
+class Dropbox_OAuth_Curl extends Dropbox_OAuth {
+
+    /**
+     *
+     * @var string ConsumerKey
+     */
+    protected $consumerKey = null;
+    /**
+     *
+     * @var string ConsumerSecret
+     */
+    protected $consumerSecret = null;
+    /**
+     *
+     * @var string ProzessCallBack
+     */
+    public $ProgressFunction = false;
+	
+    /**
+     * Constructor
+     * 
+     * @param string $consumerKey 
+     * @param string $consumerSecret 
+     */
+    public function __construct($consumerKey, $consumerSecret) {
+        if (!function_exists('curl_exec')) 
+            throw new Dropbox_Exception('The PHP curl functions not available!');
+
+        $this->consumerKey = $consumerKey;
+        $this->consumerSecret = $consumerSecret;
+    }
+
+    /**
+     * Fetches a secured oauth url and returns the response body. 
+     * 
+     * @param string $uri 
+     * @param mixed $arguments 
+     * @param string $method 
+     * @param array $httpHeaders 
+     * @return string 
+     */
+    public function fetch($uri, $arguments = array(), $method = 'GET', $httpHeaders = array()) {
+		
+		$uri=str_replace('http://', 'https://', $uri); // all https, upload makes problems if not
+		if (is_string($arguments) and strtoupper($method) == 'POST') {
+		    preg_match("/\?file=(.*)$/i", $uri, $matches);
+			if (isset($matches[1])) {
+                $uri = str_replace($matches[0], "", $uri);
+                $filename = $matches[1];
+				$httpHeaders=array_merge($httpHeaders,$this->getOAuthHeader($uri, array("file" => $filename), $method));
+            }
+		} else {
+			$httpHeaders=array_merge($httpHeaders,$this->getOAuthHeader($uri, $arguments, $method));
+		}
+		$ch = curl_init();	
+		if (strtoupper($method) == 'POST') {
+			curl_setopt($ch, CURLOPT_URL, $uri);
+			curl_setopt($ch, CURLOPT_POST, true);
+// 			if (is_array($arguments))
+// 				$arguments=http_build_query($arguments);
+			curl_setopt($ch, CURLOPT_POSTFIELDS, $arguments);
+// 			$httpHeaders['Content-Length']=strlen($arguments);
+		} else {
+			curl_setopt($ch, CURLOPT_URL, $uri.'?'.http_build_query($arguments));
+			curl_setopt($ch, CURLOPT_POST, false);
+		}
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($ch, CURLOPT_TIMEOUT, 300);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+//         curl_setopt($ch, CURLOPT_CAINFO, "rootca");
+		curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
+		//Build header
+		$headers = array();
+		foreach ($httpHeaders as $name => $value) {
+			$headers[] = "{$name}: $value";
+		}
+		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+		if (!ini_get('safe_mode') && !ini_get('open_basedir'))
+			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
+		if (function_exists($this->ProgressFunction) and defined('CURLOPT_PROGRESSFUNCTION')) {
+			curl_setopt($ch, CURLOPT_NOPROGRESS, false);
+			curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, $this->ProgressFunction);
+			curl_setopt($ch, CURLOPT_BUFFERSIZE, 512);
+		}
+		$response=curl_exec($ch);
+		$errorno=curl_errno($ch);
+		$error=curl_error($ch);
+		$status=curl_getinfo($ch,CURLINFO_HTTP_CODE);
+		curl_close($ch);
+		
+		
+		if (!empty($errorno))
+			throw new Dropbox_Exception_NotFound('Curl error: ('.$errorno.') '.$error."\n");
+						
+		if ($status>=300) {
+			$body = json_decode($response,true);
+			switch ($status) {
+				// Not modified
+				case 304 :
+					return array(
+						'httpStatus' => 304,
+						'body' => null,
+					);
+					break;
+				case 403 :
+					throw new Dropbox_Exception_Forbidden('Forbidden.
+						This could mean a bad OAuth request, or a file or folder already existing at the target location.
+						' . $body["error"] . "\n");
+				case 404 :
+					throw new Dropbox_Exception_NotFound('Resource at uri: ' . $uri . ' could not be found. ' .
+							$body["error"] . "\n");
+				case 507 :
+					throw new Dropbox_Exception_OverQuota('This dropbox is full. ' .
+							$body["error"] . "\n");
+			}
+			if (!empty($body["error"]))
+				throw new Dropbox_Exception_RequestToken('Error: ('.$status.') '.$body["error"]."\n");	
+		}
+
+		return array(
+			'body' => $response,
+            'httpStatus' => $status
+        );
+    }
+
+    /**
+     * Returns named array with oauth parameters for further use
+     * @return array Array with oauth_ parameters
+     */
+    private function getOAuthBaseParams() {
+        $params['oauth_version'] = '1.0';
+        $params['oauth_signature_method'] = 'HMAC-SHA1';
+
+        $params['oauth_consumer_key'] = $this->consumerKey;
+        $tokens = $this->getToken();
+        if (isset($tokens['token']) && $tokens['token']) {
+            $params['oauth_token'] = $tokens['token'];
+        }
+        $params['oauth_timestamp'] = time();
+        $params['oauth_nonce'] = md5(microtime() . mt_rand());
+        return $params;
+    }
+
+    /**
+     * Creates valid Authorization header for OAuth, based on URI and Params
+     *
+     * @param string $uri
+     * @param array $params
+     * @param string $method GET or POST, standard is GET
+     * @param array $oAuthParams optional, pass your own oauth_params here
+     * @return array Array for request's headers section like
+     * array('Authorization' => 'OAuth ...');
+     */
+    private function getOAuthHeader($uri, $params, $method = 'GET', $oAuthParams = null) {
+        $oAuthParams = $oAuthParams ? $oAuthParams : $this->getOAuthBaseParams();
+
+        // create baseString to encode for the sent parameters
+        $baseString = $method . '&';
+        $baseString .= $this->oauth_urlencode($uri) . "&";
+
+        // OAuth header does not include GET-Parameters
+        $signatureParams = array_merge($params, $oAuthParams);
+
+        // sorting the parameters
+        ksort($signatureParams);
+
+        $encodedParams = array();
+        foreach ($signatureParams as $key => $value) {
+            $encodedParams[] = $this->oauth_urlencode($key) . '=' . $this->oauth_urlencode($value);
+        }
+
+        $baseString .= $this->oauth_urlencode(implode('&', $encodedParams));
+
+        // encode the signature
+        $tokens = $this->getToken();
+        $hash = $this->hash_hmac_sha1($this->consumerSecret.'&'.$tokens['token_secret'], $baseString);
+        $signature = base64_encode($hash);
+
+        // add signature to oAuthParams
+        $oAuthParams['oauth_signature'] = $signature;
+
+        $oAuthEncoded = array();
+        foreach ($oAuthParams as $key => $value) {
+            $oAuthEncoded[] = $key . '="' . $this->oauth_urlencode($value) . '"';
+        }
+
+        return array('Authorization' => 'OAuth ' . implode(', ', $oAuthEncoded));
+    }
+
+    /**
+     * Requests the OAuth request token.
+     *
+     * @return void 
+     */
+    public function getRequestToken() {
+        $result = $this->fetch(self::URI_REQUEST_TOKEN, array(), 'POST');
+        if ($result['httpStatus'] == "200") {
+            $tokens = array();
+            parse_str($result['body'], $tokens);
+            $this->setToken($tokens['oauth_token'], $tokens['oauth_token_secret']);
+            return $this->getToken();
+        } else {
+            throw new Dropbox_Exception_RequestToken('We were unable to fetch request tokens. This likely means that your consumer key and/or secret are incorrect.');
+        }
+    }
+
+    /**
+     * Requests the OAuth access tokens.
+     *
+     * This method requires the 'unauthorized' request tokens
+     * and, if successful will set the authorized request tokens.
+     * 
+     * @return void 
+     */
+    public function getAccessToken() {
+        $result = $this->fetch(self::URI_ACCESS_TOKEN, array(), 'POST');
+        if ($result['httpStatus'] == "200") {
+            $tokens = array();
+            parse_str($result['body'], $tokens);
+            $this->setToken($tokens['oauth_token'], $tokens['oauth_token_secret']);
+            return $this->getToken();
+        } else {
+            throw new Dropbox_Exception_RequestToken('We were unable to fetch request tokens. This likely means that your consumer key and/or secret are incorrect.');
+        }
+    }
+
+    /**
+     * Helper function to properly urlencode parameters.
+     * See http://php.net/manual/en/function.oauth-urlencode.php
+     *
+     * @param string $string
+     * @return string
+     */
+    private function oauth_urlencode($string) {
+        return str_replace('%E7', '~', rawurlencode($string));
+    }
+
+    /**
+     * Hash function for hmac_sha1; uses native function if available.
+     *
+     * @param string $key
+     * @param string $data
+     * @return string
+     */
+    private function hash_hmac_sha1($key, $data) {
+        if (function_exists('hash_hmac') && in_array('sha1', hash_algos())) {
+            return hash_hmac('sha1', $data, $key, true);
+        } else {
+            $blocksize = 64;
+            $hashfunc = 'sha1';
+            if (strlen($key) > $blocksize) {
+                $key = pack('H*', $hashfunc($key));
+            }
+
+            $key = str_pad($key, $blocksize, chr(0x00));
+            $ipad = str_repeat(chr(0x36), $blocksize);
+            $opad = str_repeat(chr(0x5c), $blocksize);
+            $hash = pack('H*', $hashfunc(( $key ^ $opad ) . pack('H*', $hashfunc(($key ^ $ipad) . $data))));
+
+            return $hash;
+        }
+    }
+	
+
+}
\ No newline at end of file
diff --git a/3rdparty/Dropbox/README.md b/3rdparty/Dropbox/README.md
new file mode 100644
index 00000000000..54e05db762b
--- /dev/null
+++ b/3rdparty/Dropbox/README.md
@@ -0,0 +1,31 @@
+Dropbox-php
+===========
+
+This PHP library allows you to easily integrate dropbox with PHP.
+
+The following PHP extension is required:
+
+* json
+
+The library makes use of OAuth. At the moment you can use either of these libraries:
+
+[PHP OAuth extension](http://pecl.php.net/package/oauth)  
+[PEAR's HTTP_OAUTH package](http://pear.php.net/package/http_oauth)  
+
+The extension is recommended, but if you can't install php extensions you should go for the pear package.  
+Installing
+----------
+
+    pear channel-discover pear.dropbox-php.com
+    pear install dropbox-php/Dropbox-alpha
+
+Documentation
+-------------
+Check out the [documentation](http://www.dropbox-php.com/docs).  
+
+Questions?
+----------
+
+[Dropbox-php Mailing list](http://groups.google.com/group/dropbox-php)  
+[Official Dropbox developer forum](http://forums.dropbox.com/forum.php?id=5)
+ 
diff --git a/3rdparty/Dropbox/autoload.php b/3rdparty/Dropbox/autoload.php
new file mode 100644
index 00000000000..5388ea6334a
--- /dev/null
+++ b/3rdparty/Dropbox/autoload.php
@@ -0,0 +1,29 @@
+<?php
+
+/**
+ * This file registers a new autoload function using spl_autoload_register. 
+ *
+ * @package Dropbox 
+ * @copyright Copyright (C) 2010 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/dropbox-php/wiki/License MIT
+ */
+
+/**
+ * Autoloader function
+ *
+ * @param $className string
+ * @return void
+ */
+function Dropbox_autoload($className) {
+
+    if(strpos($className,'Dropbox_')===0) {
+
+        include dirname(__FILE__) . '/' . str_replace('_','/',substr($className,8)) . '.php';
+
+    }
+
+}
+
+spl_autoload_register('Dropbox_autoload');
+
diff --git a/apps/files_external/appinfo/app.php b/apps/files_external/appinfo/app.php
index b7a07b4aacb..837d35c9c63 100644
--- a/apps/files_external/appinfo/app.php
+++ b/apps/files_external/appinfo/app.php
@@ -13,6 +13,7 @@ OC::$CLASSPATH['OC_Filestorage_Google']='apps/files_external/lib/google.php';
 OC::$CLASSPATH['OC_Filestorage_SWIFT']='apps/files_external/lib/swift.php';
 OC::$CLASSPATH['OC_Filestorage_SMB']='apps/files_external/lib/smb.php';
 OC::$CLASSPATH['OC_Filestorage_AmazonS3']='apps/files_external/lib/amazons3.php';
+OC::$CLASSPATH['OC_Filestorage_Dropbox']='apps/files_external/lib/dropbox.php';
 OC::$CLASSPATH['OC_Mount_Config']='apps/files_external/lib/config.php';
 
 OCP\App::registerAdmin('files_external', 'settings');
diff --git a/apps/files_external/lib/dropbox.php b/apps/files_external/lib/dropbox.php
new file mode 100755
index 00000000000..5e94277c6d4
--- /dev/null
+++ b/apps/files_external/lib/dropbox.php
@@ -0,0 +1,203 @@
+<?php
+
+/**
+* ownCloud
+*
+* @author Michael Gapczynski
+* @copyright 2012 Michael Gapczynski mtgap@owncloud.com
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+require_once 'Dropbox/autoload.php';
+
+class OC_Filestorage_Dropbox extends OC_Filestorage_Common {
+
+	private $dropbox;
+	private $metaData = array();
+
+	private static $tempFiles = array();
+
+	public function __construct($params) {
+		$oauth = new Dropbox_OAuth_Curl($params['app_key'], $params['app_secret']);
+		$oauth->setToken($params['token'], $params['token_secret']);
+		$this->dropbox = new Dropbox_API($oauth, 'dropbox');
+		
+	}
+
+	private function getMetaData($path, $list = false) {
+		if (!$list && isset($this->metaData[$path])) {
+			return $this->metaData[$path];
+		} else {
+			if ($list) {
+				$response = $this->dropbox->getMetaData($path);
+				if ($response && isset($response['contents'])) {
+					$contents = $response['contents'];
+					// Cache folder's contents
+					foreach ($contents as $file) {
+						$this->metaData[$path.'/'.basename($file['path'])] = $file;
+					}
+					unset($response['contents']);
+					$this->metaData[$path] = $response;
+				}
+				$this->metaData[$path] = $response;
+				// Return contents of folder only
+				return $contents;
+			} else {
+				try {
+					$response = $this->dropbox->getMetaData($path, 'false');
+					$this->metaData[$path] = $response;
+					return $response;
+				} catch (Exception $exception) {
+					return false;
+				}
+			}
+		}
+	}
+
+	public function mkdir($path) {
+		return $this->dropbox->createFolder($path);
+	}
+
+	public function rmdir($path) {
+		return $this->dropbox->delete($path);
+	}
+
+	public function opendir($path) {
+		if ($contents = $this->getMetaData($path, true)) {
+			$files = array();
+			foreach ($contents as $file) {
+				$files[] = basename($file['path']);
+			}
+			OC_FakeDirStream::$dirs['dropbox'] = $files;
+			return opendir('fakedir://dropbox');
+		}
+		return false;
+	}
+
+	public function stat($path) {
+		if ($metaData = $this->getMetaData($path)) {
+			$stat['size'] = $metaData['bytes'];
+			$stat['atime'] = time();
+			$stat['mtime'] = strtotime($metaData['modified']);
+			$stat['ctime'] = $stat['mtime'];
+			return $stat;
+		}
+		return false;
+	}
+
+	public function filetype($path) {
+		if ($path == '' || $path == '/') {
+			return 'dir';
+		} else if ($metaData = $this->getMetaData($path)) {
+			if ($metaData['is_dir'] == 'true') {
+				return 'dir';
+			} else {
+				return 'file';
+			}
+		}
+		return false;
+	}
+
+	public function is_readable($path) {
+		return true;
+	}
+
+	public function is_writable($path) {
+		return true;
+	}
+
+	public function file_exists($path) {
+		if ($path == '' || $path == '/') {
+			return true;
+		}
+		if ($this->getMetaData($path)) {
+			return true;
+		}
+		return false;
+	}
+
+	public function unlink($path) {
+		return $this->dropbox->delete($path);
+	}
+
+	public function fopen($path, $mode) {
+		switch ($mode) {
+			case 'r':
+			case 'rb':
+				$tmpFile = OC_Helper::tmpFile();
+				file_put_contents($tmpFile, $this->dropbox->getFile($path));
+				return fopen($tmpFile, 'r');
+			case 'w':
+			case 'wb':
+			case 'a':
+			case 'ab':
+			case 'r+':
+			case 'w+':
+			case 'wb+':
+			case 'a+':
+			case 'x':
+			case 'x+':
+			case 'c':
+			case 'c+':
+				if (strrpos($path, '.') !== false) {
+					$ext = substr($path, strrpos($path, '.'));
+				} else {
+					$ext = '';
+				}
+				$tmpFile = OC_Helper::tmpFile($ext);
+				OC_CloseStreamWrapper::$callBacks[$tmpFile] = array($this, 'writeBack');
+				if ($this->file_exists($path)) {
+					$source = $this->fopen($path, 'r');
+					file_put_contents($tmpFile, $source);
+				}
+				self::$tempFiles[$tmpFile] = $path;
+				return fopen('close://'.$tmpFile, $mode);
+		}
+		return false;
+	}
+
+	public function writeBack($tmpFile) {
+		if (isset(self::$tempFiles[$tmpFile])) {
+			$handle = fopen($tmpFile, 'r');
+			$response = $this->dropbox->putFile(self::$tempFiles[$tmpFile], $handle);
+			if ($response) {
+				unlink($tmpFile);
+			}
+		}
+	}
+
+	public function getMimeType($path) {
+		if ($this->filetype($path) == 'dir') {
+			return 'httpd/unix-directory';
+		} else if ($metaData = $this->getMetaData($path)) {
+			return $metaData['mime_type'];
+		}
+		return false;
+	}
+
+	public function free_space($path) {
+		if ($info = $this->dropbox->getAccountInfo()) {
+			return $info['quota_info']['quota'] - $info['quota_info']['normal'];
+		}
+		return false;
+	}
+
+	public function touch($path, $mtime = null) {
+		return false;
+	}
+
+}
+
+?>
\ No newline at end of file
-- 
cgit v1.2.3


From 322fd512612d569c75ebbf515e5d5d9d9d5578ea Mon Sep 17 00:00:00 2001
From: Michiel de Jong <michiel@unhosted.org>
Date: Sat, 9 Jun 2012 21:01:12 +0200
Subject: avoid clickjacking

---
 apps/remoteStorage/auth.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
index f508983d052..8cbd4aa20f1 100644
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -25,6 +25,7 @@
 *
 */
 
+header("X-Frame-Options: Sameorigin");
 
 // Do not load FS ...
 $RUNTIME_NOSETUPFS = true;
-- 
cgit v1.2.3


From 995f9c7348fcc6dd25a95f81030e7d3b6f04d6c3 Mon Sep 17 00:00:00 2001
From: Michiel de Jong <michiel@unhosted.org>
Date: Sat, 9 Jun 2012 21:03:50 +0200
Subject: sanitize scope and host

---
 apps/remoteStorage/auth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
index 8cbd4aa20f1..99e2272d3ab 100644
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -44,9 +44,9 @@ foreach($_GET as $k => $v) {
     $userId=$v;
   } else if($k=='redirect_uri'){
     $appUrlParts=explode('/', $v);
-    $appUrl = $appUrlParts[2];//bit dodgy i guess
+    $appUrl = htmlentities($appUrlParts[2]);//TODO: check if this is equal to client_id
   } else if($k=='scope'){
-    $categories=$v;
+    $categories=htmlentities($v);
   }
 }
 $currUser = OCP\USER::getUser();
-- 
cgit v1.2.3


From 3947aa3ef7320805545e5339c605cf8cb81475dd Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Sat, 9 Jun 2012 22:00:28 +0200
Subject: apps paging is not yet implemented. increase pagesize to 100 as a
 quickfix

---
 lib/ocsclient.php | 4 ++--
 settings/apps.php | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/ocsclient.php b/lib/ocsclient.php
index 8e976171e93..2888569ad13 100644
--- a/lib/ocsclient.php
+++ b/lib/ocsclient.php
@@ -85,7 +85,7 @@ class OC_OCSClient{
 	 *
 	 * This function returns a list of all the applications on the OCS server
 	 */
-	public static function getApplications($categories){
+	public static function getApplications($categories,$page){
 		if(OC_Config::getValue('appstoreenabled', true)==false){
 			return(array());
 		}
@@ -95,7 +95,7 @@ class OC_OCSClient{
 		}else{
 			$categoriesstring=$categories;
 		}
-		$url=OC_OCSClient::getAppStoreURL().'/content/data?categories='.urlencode($categoriesstring).'&sortmode=new&page=0&pagesize=10';
+		$url=OC_OCSClient::getAppStoreURL().'/content/data?categories='.urlencode($categoriesstring).'&sortmode=new&page='.urlencode($page).'&pagesize=100';
 		$apps=array();
 		$xml=@file_get_contents($url);
 		if($xml==FALSE){
diff --git a/settings/apps.php b/settings/apps.php
index 1a829d371a6..7908e6cc18b 100644
--- a/settings/apps.php
+++ b/settings/apps.php
@@ -63,7 +63,8 @@ usort($apps, 'app_sort');
  $catagoryNames=OC_OCSClient::getCategories();
  if(is_array($catagoryNames)){
  	$categories=array_keys($catagoryNames);
- 	$externalApps=OC_OCSClient::getApplications($categories);
+	$page=0;
+ 	$externalApps=OC_OCSClient::getApplications($categories,$page);
  	foreach($externalApps as $app){
 		// show only external apps that are not exist yet
 		$local=false;
-- 
cgit v1.2.3


From 0838b4c22597156dba8744a7d5de99043fe539d4 Mon Sep 17 00:00:00 2001
From: Bartek Przybylski <bart.p.pl@gmail.com>
Date: Sun, 10 Jun 2012 09:52:01 +0200
Subject: gallery: removing search provider for now

---
 apps/gallery/appinfo/app.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/gallery/appinfo/app.php b/apps/gallery/appinfo/app.php
index 2aa6a9e8f92..e3a8dbd588b 100644
--- a/apps/gallery/appinfo/app.php
+++ b/apps/gallery/appinfo/app.php
@@ -50,6 +50,6 @@ class OC_GallerySearchProvider extends OC_Search_Provider{
 	}
 }
 
-OC_Search::registerProvider('OC_GallerySearchProvider');
+//OC_Search::registerProvider('OC_GallerySearchProvider');
 
 require_once('apps/gallery/lib/hooks_handlers.php');
-- 
cgit v1.2.3


From f90c8738ab79a6fc76d9482f44a199963fb27ba1 Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Sun, 10 Jun 2012 12:47:47 +0200
Subject: Contacts: Used non-existent var.

---
 apps/contacts/js/loader.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/contacts/js/loader.js b/apps/contacts/js/loader.js
index 961e0f425c9..577ad103064 100644
--- a/apps/contacts/js/loader.js
+++ b/apps/contacts/js/loader.js
@@ -42,20 +42,20 @@ Contacts_Import={
 			}
 			$('#newaddressbook').attr('readonly', 'readonly');
 			$('#contacts').attr('disabled', 'disabled');
-			var progresskey = $('#progresskey').val();
-			$.post(OC.filePath('contacts', '', 'import.php') + '?progresskey='+progresskey, {method: String (method), addressbookname: String (addressbookname), path: String (path), file: String (filename), id: String (addressbookid)}, function(jsondata){
+			var progresskey = $('#progresskey').val();
+			$.post(OC.filePath('contacts', '', 'import.php') + '?progresskey='+progresskey, {method: String (method), addressbookname: String (addressbookname), path: String (path), file: String (filename), id: String (addressbookid)}, function(jsondata){
 				if(jsondata.status == 'success'){
 					$('#progressbar').progressbar('option', 'value', 100);
 					$('#import_done').find('p').html(t('contacts', 'Result: ') + jsondata.data.imported + t('contacts', ' imported, ') + jsondata.data.failed + t('contacts', ' failed.'));
 				} else {
-					$('#import_done').find('p').html(jsondata.data.message);
+					$('#import_done').find('p').html(jsondata.message);
 				}
 				$('#import_done').show().find('p').addClass('bold');
 				$('#progressbar').fadeOut('slow');
 			});
 			$('#form_container').css('display', 'none');
 			$('#progressbar_container').css('display', 'block');
-			window.setTimeout('Contacts_Import.getimportstatus(\'' + progresskey + '\')', 500);
+			window.setTimeout('Contacts_Import.getimportstatus(\'' + progresskey + '\')', 500);
 		});
 		$('#contacts').change(function(){
 			if($('#contacts option:selected').val() == 'newaddressbook'){
@@ -65,11 +65,11 @@ Contacts_Import={
 			}
 		});
 	},
-	getimportstatus: function(progresskey){
-		$.get(OC.filePath('contacts', '', 'import.php') + '?progress=1&progresskey=' + progresskey, function(percent){
+	getimportstatus: function(progresskey){
+		$.get(OC.filePath('contacts', '', 'import.php') + '?progress=1&progresskey=' + progresskey, function(percent){
 			$('#progressbar').progressbar('option', 'value', parseInt(percent));
 			if(percent < 100){
-				window.setTimeout('Contacts_Import.getimportstatus(\'' + progresskey + '\')', 500);
+				window.setTimeout('Contacts_Import.getimportstatus(\'' + progresskey + '\')', 500);
 			}else{
 				$('#import_done').css('display', 'block');
 			}
-- 
cgit v1.2.3


From 76f20eb57c4089b51ee506a000a21ab95727da43 Mon Sep 17 00:00:00 2001
From: Bartek Przybylski <bart.p.pl@gmail.com>
Date: Sun, 10 Jun 2012 13:04:42 +0200
Subject: fix first time image loading error

---
 apps/gallery/lib/managers.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/apps/gallery/lib/managers.php b/apps/gallery/lib/managers.php
index f9a67b8b117..9a2dbd3bae2 100644
--- a/apps/gallery/lib/managers.php
+++ b/apps/gallery/lib/managers.php
@@ -26,10 +26,8 @@ class DatabaseManager {
 		if (!$image->loadFromFile($path)) {
 			return false;
 		}
-		\OCP\DB::beginTransaction();
 		$stmt = \OCP\DB::prepare('INSERT INTO *PREFIX*pictures_images_cache (uid_owner, path, width, height) VALUES (?, ?, ?, ?)');
 		$stmt->execute(array(\OCP\USER::getUser(), $path, $image->width(), $image->height()));
-		\OCP\DB::commit();
 		$ret = array('path' => $path, 'width' => $image->width(), 'height' => $image->height());
 		unset($image);
 		return $ret;
@@ -78,9 +76,14 @@ class ThumbnailsManager {
 	
 	public function getThumbnailInfo($path) {
 		$arr = DatabaseManager::getInstance()->getFileData($path);
+		if (!$arr) {
+			$thubnail = $this->getThumbnail($path);
+			unset($thubnail);
+			$arr = DatabaseManager::getInstance()->getFileData($path);
+		}
 		$ret = array('filepath' => $arr['path'],
-								 'width' => $arr['width'],
-								 'height' => $arr['height']);
+					 'width' => $arr['width'],
+					 'height' => $arr['height']);
 		return $ret;
 	}
 	
-- 
cgit v1.2.3


From c11f6cc3f9121fbb337c248807b802c72b18087b Mon Sep 17 00:00:00 2001
From: Bartek Przybylski <bart.p.pl@gmail.com>
Date: Sun, 10 Jun 2012 17:25:19 +0200
Subject: fix variable name and undefined index notice

---
 apps/gallery/templates/index.php | 2 +-
 lib/image.php                    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php
index e761cb54725..fd83490d60c 100644
--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
@@ -82,7 +82,7 @@ sort($images);
 $arr = array();
 $tl = new \OC\Pictures\TilesLine();
 $ts = new \OC\Pictures\TileStack(array(), '');
-$previous_element = $images[0];
+$previous_element = @$images[0];
 for($i = 0; $i < count($images); $i++) {
 	$prev_dir_arr = explode('/', $previous_element);
 	$dir_arr = explode('/', $images[$i]);
diff --git a/lib/image.php b/lib/image.php
index d72960101f0..e5c59bacdc5 100644
--- a/lib/image.php
+++ b/lib/image.php
@@ -409,7 +409,7 @@ class OC_Image {
 			default:
 			
 				// this is mostly file created from encrypted file
-				$this->resource = imagecreatefromstring(\OC_Filesystem::file_get_contents(\OC_Filesystem::getLocalPath($newimgpath)));
+				$this->resource = imagecreatefromstring(\OC_Filesystem::file_get_contents(\OC_Filesystem::getLocalPath($imagepath)));
 				$itype = IMAGETYPE_PNG;
 				OC_Log::write('core','OC_Image->loadFromFile, Default', OC_Log::DEBUG);
 				break;
-- 
cgit v1.2.3