From 45de7ad221f9e505abdabcc5084dd12c80851469 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Wed, 18 Apr 2012 17:27:34 +0200 Subject: move files to app folder --- apps/files/js/files.js | 591 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 591 insertions(+) create mode 100644 apps/files/js/files.js (limited to 'apps/files/js/files.js') diff --git a/apps/files/js/files.js b/apps/files/js/files.js new file mode 100644 index 00000000000..3ce95f992d0 --- /dev/null +++ b/apps/files/js/files.js @@ -0,0 +1,591 @@ +$(document).ready(function() { + $('#fileList tr').each(function(){ + //little hack to set unescape filenames in attribute + $(this).attr('data-file',decodeURIComponent($(this).attr('data-file'))); + }); + + if($('tr[data-file]').length==0){ + $('.file_upload_filename').addClass('highlight'); + } + + $('#file_action_panel').attr('activeAction', false); + + //drag/drop of files + $('#fileList tr td.filename').draggable(dragOptions); + $('#fileList tr[data-type="dir"][data-write="true"] td.filename').droppable(folderDropOptions); + $('div.crumb:not(.last)').droppable(crumbDropOptions); + $('ul#apps>li:first-child').data('dir',''); + if($('div.crumb').length){ + $('ul#apps>li:first-child').droppable(crumbDropOptions); + } + + // Triggers invisible file input + $('.file_upload_button_wrapper').live('click', function() { + $(this).parent().children('.file_upload_start').trigger('click'); + return false; + }); + + // Sets the file-action buttons behaviour : + $('tr').live('mouseenter',function(event) { + FileActions.display($(this).children('td.filename')); + }); + $('tr').live('mouseleave',function(event) { + FileActions.hide(); + }); + + var lastChecked; + + // Sets the file link behaviour : + $('td.filename a').live('click',function(event) { + event.preventDefault(); + if (event.ctrlKey || event.shiftKey) { + if (event.shiftKey) { + var last = $(lastChecked).parent().parent().prevAll().length; + var first = $(this).parent().parent().prevAll().length; + var start = Math.min(first, last); + var end = Math.max(first, last); + var rows = $(this).parent().parent().parent().children('tr'); + for (var i = start; i < end; i++) { + $(rows).each(function(index) { + if (index == i) { + var checkbox = $(this).children().children('input:checkbox'); + $(checkbox).attr('checked', 'checked'); + $(checkbox).parent().parent().addClass('selected'); + } + }); + } + } + var checkbox = $(this).parent().children('input:checkbox'); + lastChecked = checkbox; + if ($(checkbox).attr('checked')) { + $(checkbox).removeAttr('checked'); + $(checkbox).parent().parent().removeClass('selected'); + $('#select_all').removeAttr('checked'); + } else { + $(checkbox).attr('checked', 'checked'); + $(checkbox).parent().parent().toggleClass('selected'); + var selectedCount=$('td.filename input:checkbox:checked').length; + if (selectedCount == $('td.filename input:checkbox').length) { + $('#select_all').attr('checked', 'checked'); + } + } + procesSelection(); + } else { + var filename=$(this).parent().parent().attr('data-file'); + var tr=$('tr').filterAttr('data-file',filename); + var renaming=tr.data('renaming'); + if(!renaming && !FileList.isLoading(filename)){ + var mime=$(this).parent().parent().data('mime'); + var type=$(this).parent().parent().data('type'); + var action=FileActions.getDefault(mime,type); + if(action){ + action(filename); + } + } + } + + }); + + // Sets the select_all checkbox behaviour : + $('#select_all').click(function() { + if($(this).attr('checked')){ + // Check all + $('td.filename input:checkbox').attr('checked', true); + $('td.filename input:checkbox').parent().parent().addClass('selected'); + }else{ + // Uncheck all + $('td.filename input:checkbox').attr('checked', false); + $('td.filename input:checkbox').parent().parent().removeClass('selected'); + } + procesSelection(); + }); + + $('td.filename input:checkbox').live('change',function(event) { + if (event.shiftKey) { + var last = $(lastChecked).parent().parent().prevAll().length; + var first = $(this).parent().parent().prevAll().length; + var start = Math.min(first, last); + var end = Math.max(first, last); + var rows = $(this).parent().parent().parent().children('tr'); + for (var i = start; i < end; i++) { + $(rows).each(function(index) { + if (index == i) { + var checkbox = $(this).children().children('input:checkbox'); + $(checkbox).attr('checked', 'checked'); + $(checkbox).parent().parent().addClass('selected'); + } + }); + } + } + var selectedCount=$('td.filename input:checkbox:checked').length; + $(this).parent().parent().toggleClass('selected'); + if(!$(this).attr('checked')){ + $('#select_all').attr('checked',false); + }else{ + if(selectedCount==$('td.filename input:checkbox').length){ + $('#select_all').attr('checked',true); + } + } + procesSelection(); + }); + + $('#file_newfolder_name').click(function(){ + if($('#file_newfolder_name').val() == 'New Folder'){ + $('#file_newfolder_name').val(''); + } + }); + + $('.download').click('click',function(event) { + var files=getSelectedFiles('name').join(';'); + var dir=$('#dir').val()||'/'; + $('#notification').text(t('files','generating ZIP-file, it may take some time.')); + $('#notification').fadeIn(); + window.location='ajax/download.php?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir); + return false; + }); + + $('.delete').click(function(event) { + var files=getSelectedFiles('name'); + event.preventDefault(); + FileList.do_delete(files); + return false; + }); + + $('.file_upload_start').live('change',function(){ + var form=$(this).closest('form'); + var that=this; + var uploadId=form.attr('data-upload-id'); + var files=this.files; + var target=form.children('iframe'); + var totalSize=0; + if(files){ + for(var i=0;i$('#max_upload').val()){ + $( "#uploadsize-message" ).dialog({ + modal: true, + buttons: { + Close: function() { + $( this ).dialog( "close" ); + } + } + }); + }else{ + target.load(function(){ + var response=jQuery.parseJSON(target.contents().find('body').text()); + //set mimetype and if needed filesize + if(response){ + if(response[0] != undefined && response[0].status == 'success'){ + for(var i=0;i tr').not('[data-mime]').fadeOut(); + $('#fileList > tr').not('[data-mime]').remove(); + } + } + }); + form.submit(); + var date=new Date(); + if(files){ + for(var i=0;i0){ + var size=files[i].size; + }else{ + var size=t('files','Pending'); + } + if(files){ + FileList.addFile(getUniqueName(files[i].name),size,date,true); + } + } + }else{ + var filename=this.value.split('\\').pop(); //ie prepends C:\fakepath\ in front of the filename + FileList.addFile(getUniqueName(filename),'Pending',date,true); + } + + //clone the upload form and hide the new one to allow users to start a new upload while the old one is still uploading + var clone=form.clone(); + uploadId++; + clone.attr('data-upload-id',uploadId); + clone.attr('target','file_upload_target_'+uploadId); + clone.children('iframe').attr('name','file_upload_target_'+uploadId) + clone.insertBefore(form); + form.hide(); + } + }); + + //add multiply file upload attribute to all browsers except konqueror (which crashes when it's used) + if(navigator.userAgent.search(/konqueror/i)==-1){ + $('.file_upload_start').attr('multiple','multiple') + } + + //if the breadcrumb is to long, start by replacing foldernames with '...' except for the current folder + var crumb=$('div.crumb').first(); + while($('div.controls').height()>40 && crumb.next('div.crumb').length>0){ + crumb.children('a').text('...'); + crumb=crumb.next('div.crumb'); + } + //if that isn't enough, start removing items from the breacrumb except for the current folder and it's parent + var crumb=$('div.crumb').first(); + var next=crumb.next('div.crumb'); + while($('div.controls').height()>40 && next.next('div.crumb').length>0){ + crumb.remove(); + crumb=next; + next=crumb.next('div.crumb'); + } + //still not enough, start shorting down the current folder name + var crumb=$('div.crumb>a').last(); + while($('div.controls').height()>40 && crumb.text().length>6){ + var text=crumb.text() + text=text.substr(0,text.length-6)+'...'; + crumb.text(text); + } + + $(window).click(function(){ + $('#new>ul').hide(); + $('#new').removeClass('active'); + $('button.file_upload_filename').removeClass('active'); + $('#new li').each(function(i,element){ + if($(element).children('p').length==0){ + $(element).children('input').remove(); + $(element).append('

'+$(element).data('text')+'

'); + } + }); + }); + $('#new').click(function(event){ + event.stopPropagation(); + }); + $('#new>a').click(function(){ + $('#new>ul').toggle(); + $('#new').toggleClass('active'); + $('button.file_upload_filename').toggleClass('active'); + }); + $('#new li').click(function(){ + if($(this).children('p').length==0){ + return; + } + + $('#new li').each(function(i,element){ + if($(element).children('p').length==0){ + $(element).children('input').remove(); + $(element).append('

'+$(element).data('text')+'

'); + } + }); + + var type=$(this).data('type'); + var text=$(this).children('p').text(); + $(this).data('text',text); + $(this).children('p').remove(); + var input=$(''); + $(this).append(input); + input.focus(); + input.change(function(){ + var name=$(this).val(); + switch(type){ + case 'file': + $.post( + OC.filePath('files','ajax','newfile.php'), + {dir:$('#dir').val(),filename:name,content:" \n"}, + function(data){ + var date=new Date(); + FileList.addFile(name,0,date); + var tr=$('tr').filterAttr('data-file',name); + tr.data('mime','text/plain'); + getMimeIcon('text/plain',function(path){ + tr.find('td.filename').attr('style','background-image:url('+path+')'); + }); + } + ); + break; + case 'folder': + $.post( + OC.filePath('files','ajax','newfolder.php'), + {dir:$('#dir').val(),foldername:name}, + function(data){ + var date=new Date(); + FileList.addDir(name,0,date); + } + ); + break; + case 'web': + if(name.substr(0,8)!='https://' && name.substr(0,7)!='http://'){ + name='http://'.name; + } + var localName=name; + if(localName.substr(localName.length-1,1)=='/'){//strip / + localName=localName.substr(0,localName.length-1) + } + if(localName.indexOf('/')){//use last part of url + localName=localName.split('/').pop(); + }else{//or the domain + localName=(localName.match(/:\/\/(.[^/]+)/)[1]).replace('www.',''); + } + $.post( + OC.filePath('files','ajax','newfile.php'), + {dir:$('#dir').val(),source:name,filename:localName}, + function(result){ + if(result.status == 'success'){ + var date=new Date(); + FileList.addFile(localName,0,date); + var tr=$('tr').filterAttr('data-file',localName); + tr.data('mime',result.data.mime); + getMimeIcon(result.data.mime,function(path){ + tr.find('td.filename').attr('style','background-image:url('+path+')'); + }); + }else{ + + } + } + ); + break; + } + var li=$(this).parent(); + $(this).remove(); + li.append('

'+li.data('text')+'

'); + $('#new>a').click(); + }); + }); + + //check if we need to scan the filesystem + $.get(OC.filePath('files','ajax','scan.php'),{checkonly:'true'}, function(response) { + if(response.data.done){ + scanFiles(); + } + }, "json"); +}); + +function scanFiles(force){ + force=!!force; //cast to bool + scanFiles.scanning=true; + $('#scanning-message').show(); + $('#fileList').remove(); + var scannerEventSource=new OC.EventSource(OC.filePath('files','ajax','scan.php'),{force:force}); + scanFiles.cancel=scannerEventSource.close.bind(scannerEventSource); + scannerEventSource.listen('scanning',function(data){ + $('#scan-count').text(data.count+' files scanned'); + $('#scan-current').text(data.file+'/'); + }); + scannerEventSource.listen('success',function(success){ + scanFiles.scanning=false; + if(success){ + window.location.reload(); + }else{ + alert('error while scanning'); + } + }); +} +scanFiles.scanning=false; + +function boolOperationFinished(data, callback) { + result = jQuery.parseJSON(data.responseText); + if(result.status == 'success'){ + callback.call(); + } else { + alert(result.data.message); + } +} + +function updateBreadcrumb(breadcrumbHtml) { + $('p.nav').empty().html(breadcrumbHtml); +} + +//options for file drag/dropp +var dragOptions={ + distance: 20, revert: 'invalid', opacity: 0.7, + stop: function(event, ui) { + $('#fileList tr td.filename').addClass('ui-draggable'); + } +}; +var folderDropOptions={ + drop: function( event, ui ) { + var file=ui.draggable.parent().data('file'); + var target=$(this).text().trim(); + var dir=$('#dir').val(); + $.ajax({ + url: 'ajax/move.php', + data: "dir="+encodeURIComponent(dir)+"&file="+encodeURIComponent(file)+'&target='+encodeURIComponent(dir)+'/'+encodeURIComponent(target), + complete: function(data){boolOperationFinished(data, function(){ + var el = $('#fileList tr').filterAttr('data-file',file).find('td.filename'); + el.draggable('destroy'); + FileList.remove(file); + });} + }); + } +} +var crumbDropOptions={ + drop: function( event, ui ) { + var file=ui.draggable.text().trim(); + var target=$(this).data('dir'); + var dir=$('#dir').val(); + while(dir.substr(0,1)=='/'){//remove extra leading /'s + dir=dir.substr(1); + } + dir='/'+dir; + if(dir.substr(-1,1)!='/'){ + dir=dir+'/'; + } + if(target==dir || target+'/'==dir){ + return; + } + $.ajax({ + url: 'ajax/move.php', + data: "dir="+encodeURIComponent(dir)+"&file="+encodeURIComponent(file)+'&target='+encodeURIComponent(target), + complete: function(data){boolOperationFinished(data, function(){ + FileList.remove(file); + });} + }); + }, + tolerance: 'pointer' +} + +function procesSelection(){ + var selected=getSelectedFiles(); + var selectedFiles=selected.filter(function(el){return el.type=='file'}); + var selectedFolders=selected.filter(function(el){return el.type=='dir'}); + if(selectedFiles.length==0 && selectedFolders.length==0){ + $('#headerName>span.name').text(t('files','Name')); + $('#headerSize').text(t('files','Size')); + $('#modified').text(t('files','Modified')); + $('th').removeClass('multiselect'); + $('.selectedActions').hide(); + $('thead').removeClass('fixed'); + $('#headerName').css('width','auto'); + $('#headerSize').css('width','auto'); + $('#headerDate').css('width','auto'); + $('table').css('padding-top','0'); + }else{ + var width={name:$('#headerName').css('width'),size:$('#headerSize').css('width'),date:$('#headerDate').css('width')}; + $('#headerName').css('width',width.name); + $('#headerSize').css('width',width.size); + $('#headerDate').css('width',width.date); + $('.selectedActions').show(); + var totalSize=0; + for(var i=0;i0){ + if(selectedFolders.length==1){ + selection+='1 '+t('files','folder'); + }else{ + selection+=selectedFolders.length+' '+t('files','folders'); + } + if(selectedFiles.length>0){ + selection+=' & '; + } + } + if(selectedFiles.length>0){ + if(selectedFiles.length==1){ + selection+='1 '+t('files','file'); + }else{ + selection+=selectedFiles.length+' '+t('files','files'); + } + } + $('#headerName>span.name').text(selection); + $('#modified').text(''); + $('th').addClass('multiselect'); + } +} + +/** + * @brief get a list of selected files + * @param string property (option) the property of the file requested + * @return array + * + * possible values for property: name, mime, size and type + * if property is set, an array with that property for each file is returnd + * if it's ommited an array of objects with all properties is returned + */ +function getSelectedFiles(property){ + var elements=$('td.filename input:checkbox:checked').parent().parent(); + var files=[]; + elements.each(function(i,element){ + var file={ + name:$(element).attr('data-file'), + mime:$(element).data('mime'), + type:$(element).data('type'), + size:$(element).data('size'), + }; + if(property){ + files.push(file[property]); + }else{ + files.push(file); + } + }); + return files; +} + +function relative_modified_date(timestamp) { + var timediff = Math.round((new Date()).getTime() / 1000) - timestamp; + var diffminutes = Math.round(timediff/60); + var diffhours = Math.round(diffminutes/60); + var diffdays = Math.round(diffhours/24); + var diffmonths = Math.round(diffdays/31); + var diffyears = Math.round(diffdays/365); + if(timediff < 60) { return t('files','seconds ago'); } + else if(timediff < 120) { return '1 '+t('files','minute ago'); } + else if(timediff < 3600) { return diffminutes+' '+t('files','minutes ago'); } + //else if($timediff < 7200) { return '1 hour ago'; } + //else if($timediff < 86400) { return $diffhours.' hours ago'; } + else if(timediff < 86400) { return t('files','today'); } + else if(timediff < 172800) { return t('files','yesterday'); } + else if(timediff < 2678400) { return diffdays+' '+t('files','days ago'); } + else if(timediff < 5184000) { return t('files','last month'); } + //else if($timediff < 31556926) { return $diffmonths.' months ago'; } + else if(timediff < 31556926) { return t('files','months ago'); } + else if(timediff < 63113852) { return t('files','last year'); } + else { return diffyears+' '+t('files','years ago'); } +} + +function getMimeIcon(mime, ready){ + if(getMimeIcon.cache[mime]){ + ready(getMimeIcon.cache[mime]); + }else{ + $.get( OC.filePath('files','ajax','mimeicon.php')+'?mime='+mime, function(path){ + getMimeIcon.cache[mime]=path; + ready(getMimeIcon.cache[mime]); + }); + } +} +getMimeIcon.cache={}; + +function getUniqueName(name){ + if($('tr').filterAttr('data-file',name).length>0){ + var parts=name.split('.'); + var extension=parts.pop(); + var base=parts.join('.'); + numMatch=base.match(/\((\d+)\)/); + var num=2; + if(numMatch && numMatch.length>0){ + num=parseInt(numMatch[numMatch.length-1])+1; + base=base.split('(') + base.pop(); + base=base.join('(').trim(); + } + name=base+' ('+num+').'+extension; + return getUniqueName(name); + } + return name; +} -- cgit v1.2.3 From 0249a72caba9f1a4eeaf51f382a74fe61b66c284 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Thu, 26 Apr 2012 17:35:12 +0200 Subject: fix downloading of files in files app --- apps/files/js/fileactions.js | 2 +- apps/files/js/files.js | 6 +++--- core/js/js.js | 5 +++-- 3 files changed, 7 insertions(+), 6 deletions(-) (limited to 'apps/files/js/files.js') diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js index 80e918a455c..fc6c99262ef 100644 --- a/apps/files/js/fileactions.js +++ b/apps/files/js/fileactions.js @@ -135,7 +135,7 @@ $(document).ready(function(){ var downloadScope = 'file'; } FileActions.register(downloadScope,'Download',function(){return OC.imagePath('core','actions/download')},function(filename){ - window.location='ajax/download.php?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val()); + window.location=OC.filePath('files', 'ajax', 'download.php?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val())); }); }); diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 3ce95f992d0..4637d3cb64d 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -140,7 +140,7 @@ $(document).ready(function() { var dir=$('#dir').val()||'/'; $('#notification').text(t('files','generating ZIP-file, it may take some time.')); $('#notification').fadeIn(); - window.location='ajax/download.php?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir); + window.location=OC.filePath('files', 'ajax', 'download.php?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir)); return false; }); @@ -418,7 +418,7 @@ var folderDropOptions={ var target=$(this).text().trim(); var dir=$('#dir').val(); $.ajax({ - url: 'ajax/move.php', + url: OC.filePath('files', 'ajax', 'move.php'), data: "dir="+encodeURIComponent(dir)+"&file="+encodeURIComponent(file)+'&target='+encodeURIComponent(dir)+'/'+encodeURIComponent(target), complete: function(data){boolOperationFinished(data, function(){ var el = $('#fileList tr').filterAttr('data-file',file).find('td.filename'); @@ -444,7 +444,7 @@ var crumbDropOptions={ return; } $.ajax({ - url: 'ajax/move.php', + url: OC.filePath('files', 'ajax', 'move.php'), data: "dir="+encodeURIComponent(dir)+"&file="+encodeURIComponent(file)+'&target='+encodeURIComponent(target), complete: function(data){boolOperationFinished(data, function(){ FileList.remove(file); diff --git a/core/js/js.js b/core/js/js.js index 12303d7dd91..84875ca162f 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -53,12 +53,13 @@ OC={ filePath:function(app,type,file){ var isCore=OC.coreApps.indexOf(app)!=-1; var link=OC.webroot; - if((file.substring(file.length-3) == 'php' || file.substring(file.length-3) == 'css') && !isCore){ + var splitted = file.split('?'); + if((splitted[0].substring(splitted[0].length-3) == 'php' || splitted[0].substring(splitted[0].length-3) == 'css') && !isCore){ link+='/?app=' + app + '&getfile='; if(type){ link+=encodeURI(type + '/'); } - link+= file; + link+= file + '?' + splitted[1]; }else if(file.substring(file.length-3) != 'php' && !isCore){ link=OC.appswebroot; link+='/'; -- cgit v1.2.3 From 40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Thu, 26 Apr 2012 17:55:00 +0200 Subject: fix security check for the path of the requested file --- apps/files/js/fileactions.js | 2 +- apps/files/js/files.js | 2 +- core/js/js.js | 5 ++--- lib/base.php | 14 +++++++++++--- lib/helper.php | 19 ++++++++++++++++++- 5 files changed, 33 insertions(+), 9 deletions(-) (limited to 'apps/files/js/files.js') diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js index fc6c99262ef..481802e0d63 100644 --- a/apps/files/js/fileactions.js +++ b/apps/files/js/fileactions.js @@ -135,7 +135,7 @@ $(document).ready(function(){ var downloadScope = 'file'; } FileActions.register(downloadScope,'Download',function(){return OC.imagePath('core','actions/download')},function(filename){ - window.location=OC.filePath('files', 'ajax', 'download.php?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val())); + window.location=OC.filePath('files', 'ajax', 'download.php') + '?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val()); }); }); diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 4637d3cb64d..9d83e5e6d26 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -140,7 +140,7 @@ $(document).ready(function() { var dir=$('#dir').val()||'/'; $('#notification').text(t('files','generating ZIP-file, it may take some time.')); $('#notification').fadeIn(); - window.location=OC.filePath('files', 'ajax', 'download.php?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir)); + window.location=OC.filePath('files', 'ajax', 'download.php') + '?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir); return false; }); diff --git a/core/js/js.js b/core/js/js.js index 84875ca162f..12303d7dd91 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -53,13 +53,12 @@ OC={ filePath:function(app,type,file){ var isCore=OC.coreApps.indexOf(app)!=-1; var link=OC.webroot; - var splitted = file.split('?'); - if((splitted[0].substring(splitted[0].length-3) == 'php' || splitted[0].substring(splitted[0].length-3) == 'css') && !isCore){ + if((file.substring(file.length-3) == 'php' || file.substring(file.length-3) == 'css') && !isCore){ link+='/?app=' + app + '&getfile='; if(type){ link+=encodeURI(type + '/'); } - link+= file + '?' + splitted[1]; + link+= file; }else if(file.substring(file.length-3) != 'php' && !isCore){ link=OC.appswebroot; link+='/'; diff --git a/lib/base.php b/lib/base.php index bb6dc3d8d70..74693641f6e 100644 --- a/lib/base.php +++ b/lib/base.php @@ -276,7 +276,7 @@ class OC{ } public static function loadapp(){ - if(file_exists(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP)){ + if(file_exists(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/index.php')){ require_once(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/index.php'); }else{ trigger_error('The requested App was not found.', E_USER_ERROR);//load default app instead? @@ -414,7 +414,7 @@ class OC{ register_shutdown_function(array('OC_Helper','cleanTmp')); self::$REQUESTEDAPP = (isset($_GET['app'])?strip_tags($_GET['app']):'files'); - self::$REQUESTEDFILE = $_GET['getfile']; + self::$REQUESTEDFILE = (isset($_GET['getfile'])?$_GET['getfile']:null); if(substr_count(self::$REQUESTEDFILE, '?') != 0){ $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); @@ -423,7 +423,15 @@ class OC{ self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } - self::$REQUESTEDFILE = (isset($_GET['getfile'])?(OC_Helper::issubdirectory(OC::$APPSROOT . '/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE, OC::$APPSROOT . '/' . self::$REQUESTEDAPP)?self::$REQUESTEDFILE:null):null); + if(!is_null(self::$REQUESTEDFILE)){ + $subdir = OC::$APPSROOT . '/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE; + $parent = OC::$APPSROOT . '/' . self::$REQUESTEDAPP; + if(!OC_Helper::issubdirectory($subdir, $parent)){ + self::$REQUESTEDFILE = null; + //header('HTTP/1.0 404 Not Found'); + exit; + } + } } } diff --git a/lib/helper.php b/lib/helper.php index a89aa4d37fc..1d9862bf8b1 100755 --- a/lib/helper.php +++ b/lib/helper.php @@ -560,6 +560,23 @@ class OC_Helper { * @return bool */ public static function issubdirectory($sub, $parent){ - return (substr(realpath($sub), 0, strlen(realpath($parent))) == realpath($parent))?true:false; + if($sub == null || $sub == '' || $parent == null || $parent == ''){ + return false; + } + $realpath_sub = realpath($sub); + $realpath_parent = realpath($parent); + if(($realpath_sub == false && substr_count($realpath_sub, './') != 0) || ($realpath_parent == false && substr_count($realpath_parent, './') != 0)){ //it checks for both ./ and ../ + return false; + } + if($realpath_sub && $realpath_sub != '' && $realpath_parent && $realpath_parent != ''){ + if(substr($sub, 0, strlen($parent)) == $parent){ + return true; + } + }else{ + if(substr($realpath_sub, 0, strlen($realpath_parent)) == $realpath_parent){ + return true; + } + } + return false; } } -- cgit v1.2.3