From 637db92e60bfcaa625ec2baf346a11de8981311b Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Wed, 11 Apr 2012 09:20:28 +0200 Subject: increase version to show that we are not the same as stable --- lib/util.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/util.php b/lib/util.php index 722b7404d0c..34f535d2d5c 100644 --- a/lib/util.php +++ b/lib/util.php @@ -66,7 +66,7 @@ class OC_Util { * @return array */ public static function getVersion(){ - return array(3,00,4); + return array(3,80,0); } /** @@ -74,7 +74,7 @@ class OC_Util { * @return string */ public static function getVersionString(){ - return '3'; + return '4 alpha'; } /** -- cgit v1.2.3 From 0466437fa7878fa1681ee01651d7d41cdef7454a Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Thu, 12 Apr 2012 15:55:56 +0200 Subject: tests for oc_filesystem --- lib/filesystem.php | 8 ++++++ tests/lib/filestorage/local.php | 5 +--- tests/lib/filesystem.php | 64 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 4 deletions(-) create mode 100644 tests/lib/filesystem.php (limited to 'lib') diff --git a/lib/filesystem.php b/lib/filesystem.php index b6909f5acdf..dc678fba74c 100644 --- a/lib/filesystem.php +++ b/lib/filesystem.php @@ -248,6 +248,14 @@ class OC_Filesystem{ return self::$defaultInstance->getRoot(); } + /** + * clear all mounts and storage backends + */ + public static function clearMounts(){ + self::$mounts=array(); + self::$storages=array(); + } + /** * mount an OC_Filestorage in our virtual filesystem * @param OC_Filestorage storage diff --git a/tests/lib/filestorage/local.php b/tests/lib/filestorage/local.php index 0a2d46c5ebc..692f05f9fca 100644 --- a/tests/lib/filestorage/local.php +++ b/tests/lib/filestorage/local.php @@ -26,10 +26,7 @@ class Test_Filestorage_Local extends Test_FileStorage { */ private $tmpDir; public function setUp(){ - $this->tmpDir=get_temp_dir().'/filestoragelocal'; - if(!file_exists($this->tmpDir)){ - mkdir($this->tmpDir); - } + $this->tmpDir=OC_Helper::tmpFolder(); $this->instance=new OC_Filestorage_Local(array('datadir'=>$this->tmpDir)); } diff --git a/tests/lib/filesystem.php b/tests/lib/filesystem.php new file mode 100644 index 00000000000..3e28d8c06e5 --- /dev/null +++ b/tests/lib/filesystem.php @@ -0,0 +1,64 @@ +. +* +*/ + +class Test_Filesystem extends UnitTestCase{ + /** + * @var array tmpDirs + */ + private $tmpDirs; + + /** + * @return array + */ + private function getStorageData(){ + $dir=OC_Helper::tmpFolder(); + $this->tmpDirs[]=$dir; + return array('datadir'=>$dir); + } + + public function tearDown(){ + foreach($this->tmpDirs as $dir){ + OC_Helper::rmdirr($dir); + } + } + + public function setUp(){ + OC_Filesystem::clearMounts(); + } + + public function testMount(){ + OC_Filesystem::mount('OC_Filestorage_Local',self::getStorageData(),'/'); + $this->assertEqual('/',OC_Filesystem::getMountPoint('/')); + $this->assertEqual('/',OC_Filesystem::getMountPoint('/some/folder')); + $this->assertEqual('',OC_Filesystem::getInternalPath('/')); + $this->assertEqual('some/folder',OC_Filesystem::getInternalPath('/some/folder')); + + OC_Filesystem::mount('OC_Filestorage_Local',self::getStorageData(),'/some'); + $this->assertEqual('/',OC_Filesystem::getMountPoint('/')); + $this->assertEqual('/some/',OC_Filesystem::getMountPoint('/some/folder')); + $this->assertEqual('/some/',OC_Filesystem::getMountPoint('/some/')); + $this->assertEqual('/',OC_Filesystem::getMountPoint('/some')); + $this->assertEqual('folder',OC_Filesystem::getInternalPath('/some/folder')); + } +} + +?> \ No newline at end of file -- cgit v1.2.3 From 7b5395675d960bfb83470e36a743054e36a33008 Mon Sep 17 00:00:00 2001 From: "Daniele E. Domenichelli" Date: Thu, 12 Apr 2012 14:35:28 +0200 Subject: Add method OC_Helper::serverHost() This method returns the server host, even if the website uses one or more reverse proxies. --- lib/helper.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'lib') diff --git a/lib/helper.php b/lib/helper.php index efff00c2fe6..6d7d1702aa8 100755 --- a/lib/helper.php +++ b/lib/helper.php @@ -59,6 +59,28 @@ class OC_Helper { return $urlLinkTo; } + /** + * @brief Returns the server host + * @returns the server host + * + * Returns the server host, even if the website uses one or more + * reverse proxies + */ + public static function serverHost() { + if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { + if (strpos($_SERVER['HTTP_X_FORWARDED_HOST'], ",") !== false) { + $host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST']))); + } + else{ + $host=$_SERVER['HTTP_X_FORWARDED_HOST']; + } + } + else{ + $host = $_SERVER['HTTP_HOST']; + } + return $host; + } + /** * @brief Creates an absolute url * @param $app app -- cgit v1.2.3 From 156bdae2fe0e305a78c8c8ef16dde5f2d4066c42 Mon Sep 17 00:00:00 2001 From: "Daniele E. Domenichelli" Date: Thu, 12 Apr 2012 14:38:36 +0200 Subject: Use OC_Helper::serverHost() in OC_Helper::linkToAbsolute() --- lib/helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/helper.php b/lib/helper.php index 6d7d1702aa8..f5626bccaa7 100755 --- a/lib/helper.php +++ b/lib/helper.php @@ -93,7 +93,7 @@ class OC_Helper { $urlLinkTo = self::linkTo( $app, $file ); // Checking if the request was made through HTTPS. The last in line is for IIS $protocol = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS']!='off'); - $urlLinkTo = ($protocol?'https':'http') . '://' . $_SERVER['HTTP_HOST'] . $urlLinkTo; + $urlLinkTo = ($protocol?'https':'http') . '://' . self::serverHost() . $urlLinkTo; return $urlLinkTo; } -- cgit v1.2.3 From 7e7de25710c4f8d4069a63d40ea7497bc93ff82c Mon Sep 17 00:00:00 2001 From: Grundik Date: Sun, 8 Apr 2012 05:30:06 +0400 Subject: UTF8 locale by default --- lib/base.php | 2 +- lib/db.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/base.php b/lib/base.php index 83dd0c98f45..15c90227fec 100644 --- a/lib/base.php +++ b/lib/base.php @@ -265,7 +265,7 @@ class OC{ public static function init(){ // register autoloader spl_autoload_register(array('OC','autoload')); - + setlocale(LC_ALL, 'en_US.UTF-8'); // set some stuff //ob_start(); diff --git a/lib/db.php b/lib/db.php index 9c46a40addb..9364b9e0015 100644 --- a/lib/db.php +++ b/lib/db.php @@ -86,6 +86,7 @@ class OC_DB { $user = OC_Config::getValue( "dbuser", "" ); $pass = OC_Config::getValue( "dbpassword", "" ); $type = OC_Config::getValue( "dbtype", "sqlite" ); + $opts = array(); $datadir=OC_Config::getValue( "datadirectory", OC::$SERVERROOT.'/data' ); // do nothing if the connection already has been established @@ -100,13 +101,14 @@ class OC_DB { break; case 'mysql': $dsn='mysql:dbname='.$name.';host='.$host; + $opts[PDO::MYSQL_ATTR_INIT_COMMAND] = "SET NAMES 'UTF8'"; break; case 'pgsql': $dsn='pgsql:dbname='.$name.';host='.$host; break; } try{ - self::$PDO=new PDO($dsn,$user,$pass); + self::$PDO=new PDO($dsn,$user,$pass,$opts); }catch(PDOException $e){ echo( 'can not connect to database, using '.$type.'. ('.$e->getMessage().')'); die(); -- cgit v1.2.3 From b86f2069ff1f434373c0babe0c28db5ee431498e Mon Sep 17 00:00:00 2001 From: Florian Preinstorfer Date: Tue, 13 Mar 2012 16:00:53 +0100 Subject: Fix a session fixation vulnerability - regenerate the session for every successful login - properly destroy a session Further information can be found on: https://en.wikipedia.org/wiki/session_fixation --- lib/user.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/user.php b/lib/user.php index fda19a33154..8c27ec30cc2 100644 --- a/lib/user.php +++ b/lib/user.php @@ -186,7 +186,7 @@ class OC_User { * @param $password The password of the user * @returns true/false * - * Log in a user - if the password is ok + * Log in a user and regenerate a new session - if the password is ok */ public static function login( $uid, $password ){ $run = true; @@ -195,6 +195,7 @@ class OC_User { if( $run ){ $uid=self::checkPassword( $uid, $password ); if($uid){ + session_regenerate_id(); self::setUserId($uid); OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>$password )); return true; @@ -221,7 +222,8 @@ class OC_User { */ public static function logout(){ OC_Hook::emit( "OC_User", "logout", array()); - $_SESSION['user_id'] = false; + session_unset(); + session_destroy(); OC_User::unsetMagicInCookie(); return true; } -- cgit v1.2.3 From 815649dbd7a8e8d6dfd92ca6ccaa157d1f80a8c1 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Thu, 12 Apr 2012 22:23:42 +0200 Subject: Implement default categories in OC_VCategories --- lib/vcategories.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/vcategories.php b/lib/vcategories.php index 5a7bacd2025..9d272eeabd4 100644 --- a/lib/vcategories.php +++ b/lib/vcategories.php @@ -50,13 +50,12 @@ class OC_VCategories { * parameter should normally be omitted but to make an app able to * update categories for all users it is made possible to provide it. * @param $defcategories An array of default categories to be used if none is stored. - * NOTE: Not implemented. */ - public function __construct($app, $user=null, $defcategories=null) { + public function __construct($app, $user=null, $defcategories=array()) { $this->app = $app; $this->user = is_null($user) ? OC_User::getUser() : $user; $categories = trim(OC_Preferences::getValue($this->user, $app, self::PREF_CATEGORIES_LABEL, '')); - $this->categories = $categories != '' ? unserialize($categories) : array(); + $this->categories = $categories != '' ? unserialize($categories) : $defcategories; } /** -- cgit v1.2.3 From 69d584331d05de0d8732be2799c228b977b626d9 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Thu, 12 Apr 2012 23:02:24 +0200 Subject: OC_VCategories: sort categories in natural order using usort Use usort to sort, so that the json encoding is an array. --- lib/vcategories.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/vcategories.php b/lib/vcategories.php index 9d272eeabd4..b3b6a493c8d 100644 --- a/lib/vcategories.php +++ b/lib/vcategories.php @@ -64,6 +64,7 @@ class OC_VCategories { */ public function categories() { OC_Log::write('core','OC_VCategories::categories: '.print_r($this->categories, true), OC_Log::DEBUG); + usort($this->categories, 'strnatcasecmp'); // usort to also renumber the keys return $this->categories; } @@ -96,7 +97,6 @@ class OC_VCategories { } if(count($newones) > 0) { $this->categories = array_merge($this->categories, $newones); - natcasesort($this->categories); // Dunno if this is necessary if($sync === true) { $this->save(); } @@ -146,6 +146,7 @@ class OC_VCategories { * @brief Save the list with categories */ private function save() { + usort($this->categories, 'strnatcasecmp'); // usort to also renumber the keys $escaped_categories = serialize($this->categories); OC_Log::write('core','OC_VCategories::save: '.print_r($this->categories, true), OC_Log::DEBUG); OC_Preferences::setValue($this->user, $this->app, self::PREF_CATEGORIES_LABEL, $escaped_categories); -- cgit v1.2.3 From 1d8fdf52d52f4a73cb0a59b5d2c3a088ae1e9247 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Fri, 13 Apr 2012 01:58:53 +0200 Subject: allow multiply group backends --- lib/base.php | 2 +- lib/group.php | 161 ++++++++++++++++++++++++------------------- lib/group/backend.php | 119 ++++++++++++++------------------ lib/group/database.php | 4 +- lib/group/dummy.php | 159 ++++++++++++++++++++++++++++++++++++++++++ lib/group/example.php | 102 +++++++++++++++++++++++++++ tests/lib/group.php | 114 ++++++++++++++++++++++++++++++ tests/lib/group/backend.php | 105 ++++++++++++++++++++++++++++ tests/lib/group/database.php | 55 +++++++++++++++ tests/lib/group/dummy.php | 27 ++++++++ 10 files changed, 708 insertions(+), 140 deletions(-) create mode 100644 lib/group/dummy.php create mode 100644 lib/group/example.php create mode 100644 tests/lib/group.php create mode 100644 tests/lib/group/backend.php create mode 100644 tests/lib/group/database.php create mode 100644 tests/lib/group/dummy.php (limited to 'lib') diff --git a/lib/base.php b/lib/base.php index 15c90227fec..f3dacdc0f76 100644 --- a/lib/base.php +++ b/lib/base.php @@ -346,7 +346,7 @@ class OC{ OC_User::useBackend( OC_Config::getValue( "userbackend", "database" )); - OC_Group::setBackend( OC_Config::getValue( "groupbackend", "database" )); + OC_Group::useBackend(new OC_Group_Database()); // Set up file system unless forbidden global $RUNTIME_NOSETUPFS; diff --git a/lib/group.php b/lib/group.php index fbff41e30e9..4ae9302f78b 100644 --- a/lib/group.php +++ b/lib/group.php @@ -34,57 +34,25 @@ * post_removeFromGroup(uid, gid) */ class OC_Group { - // The backend used for user management - private static $_backend; - - // Backends available (except database) - private static $_backends = array(); - - /** - * @brief registers backend - * @param $name name of the backend - * @returns true/false - * - * Makes a list of backends that can be used by other modules - */ - public static function registerBackend( $name ){ - self::$_backends[] = $name; - return true; - } - - /** - * @brief gets available backends - * @returns array of backends - * - * Returns the names of all backends. - */ - public static function getBackends(){ - return self::$_backends; - } + // The backend used for group management + private static $_usedBackends = array(); /** * @brief set the group backend * @param string $backend The backend to use for user managment * @returns true/false */ - public static function setBackend( $backend = 'database' ){ - // You'll never know what happens - if( null === $backend OR !is_string( $backend )){ - $backend = 'database'; + public static function useBackend( $backend ){ + if($backend instanceof OC_Group_Backend){ + self::$_usedBackends[]=$backend; } + } - // Load backend - switch( $backend ){ - case 'database': - case 'mysql': - case 'sqlite': - self::$_backend = new OC_Group_Database(); - break; - default: - $className = 'OC_GROUP_' . strToUpper($backend); - self::$_backend = new $className(); - break; - } + /** + * remove all used backends + */ + public static function clearBackends(){ + self::$_usedBackends=array(); } /** @@ -115,11 +83,18 @@ class OC_Group { $run = true; OC_Hook::emit( "OC_Group", "pre_createGroup", array( "run" => &$run, "gid" => $gid )); - if( $run && self::$_backend->createGroup( $gid )){ - OC_Hook::emit( "OC_Group", "post_createGroup", array( "gid" => $gid )); - return true; - } - else{ + if($run){ + //create the user in the first backend that supports creating users + foreach(self::$_usedBackends as $backend){ + if(!$backend->implementsActions(OC_GROUP_BACKEND_CREATE_GROUP)) + continue; + + $backend->createGroup($gid); + OC_Hook::emit( "OC_User", "post_createGroup", array( "gid" => $gid )); + + return true; + } + }else{ return false; } } @@ -140,11 +115,18 @@ class OC_Group { $run = true; OC_Hook::emit( "OC_Group", "pre_deleteGroup", array( "run" => &$run, "gid" => $gid )); - if( $run && self::$_backend->deleteGroup( $gid )){ - OC_Hook::emit( "OC_Group", "post_deleteGroup", array( "gid" => $gid )); - return true; - } - else{ + if($run){ + //delete the group from all backends + foreach(self::$_usedBackends as $backend){ + if(!$backend->implementsActions(OC_GROUP_BACKEND_DELETE_GROUP)) + continue; + + $backend->deleteGroup($gid); + OC_Hook::emit( "OC_User", "post_deleteGroup", array( "gid" => $gid )); + + return true; + } + }else{ return false; } } @@ -158,7 +140,15 @@ class OC_Group { * Checks whether the user is member of a group or not. */ public static function inGroup( $uid, $gid ){ - return self::$_backend->inGroup($uid, $gid); + foreach(self::$_usedBackends as $backend){ + if(!$backend->implementsActions(OC_GROUP_BACKEND_IN_GROUP)) + continue; + + if($backend->inGroup($uid,$gid)){ + return true; + } + } + return false; } /** @@ -170,10 +160,6 @@ class OC_Group { * Adds a user to a group. */ public static function addToGroup( $uid, $gid ){ - // Does the user exist? - if( !OC_User::userExists($uid)){ - return false; - } // Does the group exist? if( !OC_Group::groupExists($gid)){ return false; @@ -183,11 +169,19 @@ class OC_Group { $run = true; OC_Hook::emit( "OC_Group", "pre_addToGroup", array( "run" => &$run, "uid" => $uid, "gid" => $gid )); - if( $run && self::$_backend->addToGroup( $uid, $gid )){ - OC_Hook::emit( "OC_Group", "post_addToGroup", array( "uid" => $uid, "gid" => $gid )); - return true; - } - else{ + if($run){ + $succes=false; + + //add the user to the all backends that have the group + foreach(self::$_usedBackends as $backend){ + if(!$backend->implementsActions(OC_GROUP_BACKEND_ADD_TO_GROUP)) + continue; + + $succes|=$backend->addToGroup($uid, $gid); + OC_Hook::emit( "OC_User", "post_addToGroup", array( "uid" => $uid, "gid" => $gid )); + } + return $succes; + }else{ return false; } } @@ -204,11 +198,17 @@ class OC_Group { $run = true; OC_Hook::emit( "OC_Group", "pre_removeFromGroup", array( "run" => &$run, "uid" => $uid, "gid" => $gid )); - if( $run && self::$_backend->removeFromGroup( $uid, $gid )){ - OC_Hook::emit( "OC_Group", "post_removeFromGroup", array( "uid" => $uid, "gid" => $gid )); + if($run){ + //remove the user from the all backends that have the group + foreach(self::$_usedBackends as $backend){ + if(!$backend->implementsActions(OC_GROUP_BACKEND_REMOVE_FROM_GOUP)) + continue; + + $backend->removeFromGroup($uid, $gid); + OC_Hook::emit( "OC_User", "post_removeFromGroup", array( "uid" => $uid, "gid" => $gid )); + } return true; - } - else{ + }else{ return false; } } @@ -222,7 +222,14 @@ class OC_Group { * if the user exists at all. */ public static function getUserGroups( $uid ){ - return self::$_backend->getUserGroups($uid); + $groups=array(); + foreach(self::$_usedBackends as $backend){ + if(!$backend->implementsActions(OC_GROUP_BACKEND_GET_USER_GROUPS)) + continue; + + $groups=array_merge($backend->getUserGroups($uid),$groups); + } + return $groups; } /** @@ -232,7 +239,14 @@ class OC_Group { * Returns a list with all groups */ public static function getGroups(){ - return self::$_backend->getGroups(); + $groups=array(); + foreach(self::$_usedBackends as $backend){ + if(!$backend->implementsActions(OC_GROUP_BACKEND_GET_GROUPS)) + continue; + + $groups=array_merge($backend->getGroups(),$groups); + } + return $groups; } /** @@ -249,6 +263,13 @@ class OC_Group { * @returns array with user ids */ public static function usersInGroup($gid){ - return self::$_backend->usersInGroup($gid); + $users=array(); + foreach(self::$_usedBackends as $backend){ + if(!$backend->implementsActions(OC_GROUP_BACKEND_GET_USERS)) + continue; + + $users=array_merge($backend->usersInGroup($gid),$users); + } + return $users; } } diff --git a/lib/group/backend.php b/lib/group/backend.php index 43f94e7ea1a..b3fc06ac9a8 100644 --- a/lib/group/backend.php +++ b/lib/group/backend.php @@ -21,82 +21,65 @@ * */ +/** + * error code for functions not provided by the group backend + */ +define('OC_GROUP_BACKEND_NOT_IMPLEMENTED', -501); +/** + * actions that user backends can define + */ +define('OC_GROUP_BACKEND_CREATE_GROUP', 0x00000001); +define('OC_GROUP_BACKEND_DELETE_GROUP', 0x00000010); +define('OC_GROUP_BACKEND_IN_GROUP', 0x00000100); +define('OC_GROUP_BACKEND_ADD_TO_GROUP', 0x00001000); +define('OC_GROUP_BACKEND_REMOVE_FROM_GOUP', 0x00010000); +define('OC_GROUP_BACKEND_GET_USER_GROUPS', 0x00100000); +define('OC_GROUP_BACKEND_GET_USERS', 0x01000000); +define('OC_GROUP_BACKEND_GET_GROUPS', 0x10000000); /** * Abstract base class for user management */ abstract class OC_Group_Backend { + protected $possibleActions = array( + OC_GROUP_BACKEND_CREATE_GROUP => 'createGroup', + OC_GROUP_BACKEND_DELETE_GROUP => 'deleteGroup', + OC_GROUP_BACKEND_IN_GROUP => 'inGroup', + OC_GROUP_BACKEND_ADD_TO_GROUP => 'addToGroup', + OC_GROUP_BACKEND_REMOVE_FROM_GOUP => 'removeFromGroup', + OC_GROUP_BACKEND_GET_USER_GROUPS => 'getUserGroups', + OC_GROUP_BACKEND_GET_USERS => 'usersInGroup', + OC_GROUP_BACKEND_GET_GROUPS => 'getGroups' + ); + /** - * @brief Try to create a new group - * @param $gid The name of the group to create - * @returns true/false - * - * Trys to create a new group. If the group name already exists, false will - * be returned. - */ - public static function createGroup($gid){} - - /** - * @brief delete a group - * @param $gid gid of the group to delete - * @returns true/false - * - * Deletes a group and removes it from the group_user-table - */ - public static function removeGroup($gid){} - - /** - * @brief is user in group? - * @param $uid uid of the user - * @param $gid gid of the group - * @returns true/false - * - * Checks whether the user is member of a group or not. - */ - public static function inGroup($uid, $gid){} - - /** - * @brief Add a user to a group - * @param $uid Name of the user to add to group - * @param $gid Name of the group in which add the user - * @returns true/false - * - * Adds a user to a group. - */ - public static function addToGroup($uid, $gid){} - - /** - * @brief Removes a user from a group - * @param $uid Name of the user to remove from group - * @param $gid Name of the group from which remove the user - * @returns true/false - * - * removes the user from a group. - */ - public static function removeFromGroup($uid,$gid){} - - /** - * @brief Get all groups a user belongs to - * @param $uid Name of the user - * @returns array with group names - * - * This function fetches all groups a user belongs to. It does not check - * if the user exists at all. - */ - public static function getUserGroups($uid){} + * @brief Get all supported actions + * @returns bitwise-or'ed actions + * + * Returns the supported actions as int to be + * compared with OC_USER_BACKEND_CREATE_USER etc. + */ + public function getSupportedActions(){ + $actions = 0; + foreach($this->possibleActions AS $action => $methodName){ + if(method_exists($this, $methodName)) { + $actions |= $action; + } + } - /** - * @brief get a list of all groups - * @returns array with group names - * - * Returns a list with all groups - */ - public static function getGroups(){} + return $actions; + } /** - * @brief get a list of all users in a group - * @returns array with user ids - */ - public static function usersInGroup($gid){} + * @brief Check if backend implements actions + * @param $actions bitwise-or'ed actions + * @returns boolean + * + * Returns the supported actions as int to be + * compared with OC_GROUP_BACKEND_CREATE_GROUP etc. + */ + public function implementsActions($actions){ + return (bool)($this->getSupportedActions() & $actions); + } } diff --git a/lib/group/database.php b/lib/group/database.php index 1afd4b5fe4c..d401acf43b3 100644 --- a/lib/group/database.php +++ b/lib/group/database.php @@ -117,8 +117,10 @@ class OC_Group_Database extends OC_Group_Backend { if( !self::inGroup( $uid, $gid )){ $query = OC_DB::prepare( "INSERT INTO `*PREFIX*group_user` ( `uid`, `gid` ) VALUES( ?, ? )" ); $result = $query->execute( array( $uid, $gid )); + return true; + }else{ + return false; } - return true; } /** diff --git a/lib/group/dummy.php b/lib/group/dummy.php new file mode 100644 index 00000000000..5220237ecbf --- /dev/null +++ b/lib/group/dummy.php @@ -0,0 +1,159 @@ +. +* +*/ + +/** + * dummy group backend, does not keep state, only for testing use + */ +class OC_Group_Dummy extends OC_Group_Backend { + private $groups=array(); + /** + * @brief Try to create a new group + * @param $gid The name of the group to create + * @returns true/false + * + * Trys to create a new group. If the group name already exists, false will + * be returned. + */ + public function createGroup($gid){ + if(!isset($this->groups[$gid])){ + $this->groups[$gid]=array(); + return true; + }else{ + return false; + } + } + + /** + * @brief delete a group + * @param $gid gid of the group to delete + * @returns true/false + * + * Deletes a group and removes it from the group_user-table + */ + public function deleteGroup($gid){ + if(isset($this->groups[$gid])){ + unset($this->groups[$gid]); + return true; + }else{ + return false; + } + } + + /** + * @brief is user in group? + * @param $uid uid of the user + * @param $gid gid of the group + * @returns true/false + * + * Checks whether the user is member of a group or not. + */ + public function inGroup($uid, $gid){ + if(isset($this->groups[$gid])){ + return (array_search($uid,$this->groups[$gid])!==false); + }else{ + return false; + } + } + + /** + * @brief Add a user to a group + * @param $uid Name of the user to add to group + * @param $gid Name of the group in which add the user + * @returns true/false + * + * Adds a user to a group. + */ + public function addToGroup($uid, $gid){ + if(isset($this->groups[$gid])){ + if(array_search($uid,$this->groups[$gid])===false){ + $this->groups[$gid][]=$uid; + return true; + }else{ + return false; + } + }else{ + return false; + } + } + + /** + * @brief Removes a user from a group + * @param $uid NameUSER of the user to remove from group + * @param $gid Name of the group from which remove the user + * @returns true/false + * + * removes the user from a group. + */ + public function removeFromGroup($uid,$gid){ + if(isset($this->groups[$gid])){ + if(($index=array_search($uid,$this->groups[$gid]))!==false){ + unset($this->groups[$gid][$index]); + }else{ + return false; + } + }else{ + return false; + } + } + + /** + * @brief Get all groups a user belongs to + * @param $uid Name of the user + * @returns array with group names + * + * This function fetches all groups a user belongs to. It does not check + * if the user exists at all. + */ + public function getUserGroups($uid){ + $groups=array(); + foreach($this->groups as $group=>$user){ + if($this->inGroup($uid,$group)){ + $groups[]=$group; + } + } + return $groups; + } + + /** + * @brief get a list of all groups + * @returns array with group names + * + * Returns a list with all groups + */ + public function getGroups(){ + return array_keys($this->groups); + } + + /** + * @brief get a list of all users in a group + * @returns array with user ids + */ + public function usersInGroup($gid){ + if(isset($this->groups[$gid])){ + return $this->groups[$gid]; + }else{ + return array(); + } + } + +} diff --git a/lib/group/example.php b/lib/group/example.php new file mode 100644 index 00000000000..a88159f91be --- /dev/null +++ b/lib/group/example.php @@ -0,0 +1,102 @@ +. +* +*/ + +/** + * abstract reference class for group management + * this class should only be used as a reference for method signatures and their descriptions + */ +abstract class OC_Group_Example { + /** + * @brief Try to create a new group + * @param $gid The name of the group to create + * @returns true/false + * + * Trys to create a new group. If the group name already exists, false will + * be returned. + */ + public static function createGroup($gid){} + + /** + * @brief delete a group + * @param $gid gid of the group to delete + * @returns true/false + * + * Deletes a group and removes it from the group_user-table + */ + public static function deleteGroup($gid){} + + /** + * @brief is user in group? + * @param $uid uid of the user + * @param $gid gid of the group + * @returns true/false + * + * Checks whether the user is member of a group or not. + */ + public static function inGroup($uid, $gid){} + + /** + * @brief Add a user to a group + * @param $uid Name of the user to add to group + * @param $gid Name of the group in which add the user + * @returns true/false + * + * Adds a user to a group. + */ + public static function addToGroup($uid, $gid){} + + /** + * @brief Removes a user from a group + * @param $uid NameUSER of the user to remove from group + * @param $gid Name of the group from which remove the user + * @returns true/false + * + * removes the user from a group. + */ + public static function removeFromGroup($uid,$gid){} + + /** + * @brief Get all groups a user belongs to + * @param $uid Name of the user + * @returns array with group names + * + * This function fetches all groups a user belongs to. It does not check + * if the user exists at all. + */ + public static function getUserGroups($uid){} + + /** + * @brief get a list of all groups + * @returns array with group names + * + * Returns a list with all groups + */ + public static function getGroups(){} + + /** + * @brief get a list of all users in a group + * @returns array with user ids + */ + public static function usersInGroup($gid){} + +} diff --git a/tests/lib/group.php b/tests/lib/group.php new file mode 100644 index 00000000000..922613211bc --- /dev/null +++ b/tests/lib/group.php @@ -0,0 +1,114 @@ +. +* +*/ + +class Test_Group extends UnitTestCase { + function setUp(){ + OC_Group::clearBackends(); + } + + function testSingleBackend(){ + OC_Group::useBackend(new OC_Group_Dummy()); + + $group1=uniqid(); + $group2=uniqid(); + OC_Group::createGroup($group1); + OC_Group::createGroup($group2); + + $user1=uniqid(); + $user2=uniqid(); + + $this->assertFalse(OC_Group::inGroup($user1,$group1)); + $this->assertFalse(OC_Group::inGroup($user2,$group1)); + $this->assertFalse(OC_Group::inGroup($user1,$group2)); + $this->assertFalse(OC_Group::inGroup($user2,$group2)); + + $this->assertTrue(OC_Group::addToGroup($user1,$group1)); + + $this->assertTrue(OC_Group::inGroup($user1,$group1)); + $this->assertFalse(OC_Group::inGroup($user2,$group1)); + $this->assertFalse(OC_Group::inGroup($user1,$group2)); + $this->assertFalse(OC_Group::inGroup($user2,$group2)); + + $this->assertFalse(OC_Group::addToGroup($user1,$group1)); + + $this->assertEqual(array($user1),OC_Group::usersInGroup($group1)); + $this->assertEqual(array(),OC_Group::usersInGroup($group2)); + + $this->assertEqual(array($group1),OC_Group::getUserGroups($user1)); + $this->assertEqual(array(),OC_Group::getUserGroups($user2)); + + OC_Group::deleteGroup($group1); + $this->assertEqual(array(),OC_Group::getUserGroups($user1)); + $this->assertEqual(array(),OC_Group::usersInGroup($group1)); + $this->assertFalse(OC_Group::inGroup($user1,$group1)); + } + + function testMultiBackend(){ + $backend1=new OC_Group_Dummy(); + $backend2=new OC_Group_Dummy(); + OC_Group::useBackend($backend1); + OC_Group::useBackend($backend2); + + $group1=uniqid(); + $group2=uniqid(); + OC_Group::createGroup($group1); + + //groups should be added to the first registered backend + $this->assertEqual(array($group1),$backend1->getGroups()); + $this->assertEqual(array(),$backend2->getGroups()); + + $this->assertEqual(array($group1),OC_Group::getGroups()); + $this->assertTrue(OC_Group::groupExists($group1)); + $this->assertFalse(OC_Group::groupExists($group2)); + + $backend1->createGroup($group2); + + $this->assertEqual(array($group1,$group2),OC_Group::getGroups()); + $this->assertTrue(OC_Group::groupExists($group1)); + $this->assertTrue(OC_Group::groupExists($group2)); + + $user1=uniqid(); + $user2=uniqid(); + + $this->assertFalse(OC_Group::inGroup($user1,$group1)); + $this->assertFalse(OC_Group::inGroup($user2,$group1)); + + + $this->assertTrue(OC_Group::addToGroup($user1,$group1)); + + $this->assertTrue(OC_Group::inGroup($user1,$group1)); + $this->assertFalse(OC_Group::inGroup($user2,$group1)); + $this->assertFalse($backend2->inGroup($user1,$group1)); + + $this->assertFalse(OC_Group::addToGroup($user1,$group1)); + + $this->assertEqual(array($user1),OC_Group::usersInGroup($group1)); + + $this->assertEqual(array($group1),OC_Group::getUserGroups($user1)); + $this->assertEqual(array(),OC_Group::getUserGroups($user2)); + + OC_Group::deleteGroup($group1); + $this->assertEqual(array(),OC_Group::getUserGroups($user1)); + $this->assertEqual(array(),OC_Group::usersInGroup($group1)); + $this->assertFalse(OC_Group::inGroup($user1,$group1)); + } +} diff --git a/tests/lib/group/backend.php b/tests/lib/group/backend.php new file mode 100644 index 00000000000..9405e90aabf --- /dev/null +++ b/tests/lib/group/backend.php @@ -0,0 +1,105 @@ +. +* +*/ + +abstract class Test_Group_Backend extends UnitTestCase { + /** + * @var OC_Group_Backend $backend + */ + protected $backend; + + /** + * get a new unique group name + * test cases can override this in order to clean up created groups + * @return array + */ + public function getGroupName(){ + return uniqid('test_'); + } + + /** + * get a new unique user name + * test cases can override this in order to clean up created user + * @return array + */ + public function getUserName(){ + return uniqid('test_'); + } + + public function testAddRemove(){ + //get the number of groups we start with, in case there are exising groups + $startCount=count($this->backend->getGroups()); + + $name1=$this->getGroupName(); + $name2=$this->getGroupName(); + $this->backend->createGroup($name1); + $count=count($this->backend->getGroups())-$startCount; + $this->assertEqual(1,$count); + $this->assertTrue((array_search($name1,$this->backend->getGroups())!==false)); + $this->assertFalse((array_search($name2,$this->backend->getGroups())!==false)); + $this->backend->createGroup($name2); + $count=count($this->backend->getGroups())-$startCount; + $this->assertEqual(2,$count); + $this->assertTrue((array_search($name1,$this->backend->getGroups())!==false)); + $this->assertTrue((array_search($name2,$this->backend->getGroups())!==false)); + + $this->backend->deleteGroup($name2); + $count=count($this->backend->getGroups())-$startCount; + $this->assertEqual(1,$count); + $this->assertTrue((array_search($name1,$this->backend->getGroups())!==false)); + $this->assertFalse((array_search($name2,$this->backend->getGroups())!==false)); + } + + public function testUser(){ + $group1=$this->getGroupName(); + $group2=$this->getGroupName(); + $this->backend->createGroup($group1); + $this->backend->createGroup($group2); + + $user1=$this->getUserName(); + $user2=$this->getUserName(); + + $this->assertFalse($this->backend->inGroup($user1,$group1)); + $this->assertFalse($this->backend->inGroup($user2,$group1)); + $this->assertFalse($this->backend->inGroup($user1,$group2)); + $this->assertFalse($this->backend->inGroup($user2,$group2)); + + $this->assertTrue($this->backend->addToGroup($user1,$group1)); + + $this->assertTrue($this->backend->inGroup($user1,$group1)); + $this->assertFalse($this->backend->inGroup($user2,$group1)); + $this->assertFalse($this->backend->inGroup($user1,$group2)); + $this->assertFalse($this->backend->inGroup($user2,$group2)); + + $this->assertFalse($this->backend->addToGroup($user1,$group1)); + + $this->assertEqual(array($user1),$this->backend->usersInGroup($group1)); + $this->assertEqual(array(),$this->backend->usersInGroup($group2)); + + $this->assertEqual(array($group1),$this->backend->getUserGroups($user1)); + $this->assertEqual(array(),$this->backend->getUserGroups($user2)); + + $this->backend->deleteGroup($group1); + $this->assertEqual(array(),$this->backend->getUserGroups($user1)); + $this->assertEqual(array(),$this->backend->usersInGroup($group1)); + $this->assertFalse($this->backend->inGroup($user1,$group1)); + } +} diff --git a/tests/lib/group/database.php b/tests/lib/group/database.php new file mode 100644 index 00000000000..fb51bc8d8d9 --- /dev/null +++ b/tests/lib/group/database.php @@ -0,0 +1,55 @@ +. +* +*/ + +class Test_Group_Database extends Test_Group_Backend { + private $groups=array(); + + /** + * get a new unique group name + * test cases can override this in order to clean up created groups + * @return array + */ + public function getGroupName(){ + $name=uniqid('test_'); + $this->groups[]=$name; + return $name; + } + + /** + * get a new unique user name + * test cases can override this in order to clean up created user + * @return array + */ + public function getUserName(){ + return uniqid('test_'); + } + + public function setUp(){ + $this->backend=new OC_Group_Database(); + } + + public function tearDown(){ + foreach($this->groups as $group){ + $this->backend->deleteGroup($group); + } + } +} diff --git a/tests/lib/group/dummy.php b/tests/lib/group/dummy.php new file mode 100644 index 00000000000..d0b475d3ec5 --- /dev/null +++ b/tests/lib/group/dummy.php @@ -0,0 +1,27 @@ +. +* +*/ + +class Test_Group_Dummy extends Test_Group_Backend { + public function setUp(){ + $this->backend=new OC_Group_Dummy(); + } +} -- cgit v1.2.3 From 1bd27891e2d0f62f4ab9588dec9ca12b79e50030 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 13 Apr 2012 10:43:19 +0200 Subject: make upload size settings work probably. do not replace whole .htaccess, only replace what is needed. Consistent, human readable input on admin settings page. --- files/admin.php | 13 +++++++------ lib/files.php | 41 +++++++++++++++++++++++++++++++++++------ 2 files changed, 42 insertions(+), 12 deletions(-) (limited to 'lib') diff --git a/files/admin.php b/files/admin.php index 289d95cb912..04ef6a4e828 100644 --- a/files/admin.php +++ b/files/admin.php @@ -29,10 +29,14 @@ OC_Util::checkAdminUser(); $htaccessWorking=(getenv('htaccessWorking')=='true'); +$upload_max_filesize = OC_Helper::computerFileSize(ini_get('upload_max_filesize')); +$post_max_size = OC_Helper::computerFileSize(ini_get('post_max_size')); +$maxUploadFilesize = OC_Helper::humanFileSize(min($upload_max_filesize, $post_max_size)); if($_POST) { if(isset($_POST['maxUploadSize'])){ - $maxUploadFilesize=$_POST['maxUploadSize']; - OC_Files::setUploadLimit(OC_Helper::computerFileSize($maxUploadFilesize)); + if(($setMaxSize = OC_Files::setUploadLimit(OC_Helper::computerFileSize($_POST['maxUploadSize']))) !== false) { + $maxUploadFilesize = OC_Helper::humanFileSize($setMaxSize); + } } if(isset($_POST['maxZipInputSize'])) { $maxZipInputSize=$_POST['maxZipInputSize']; @@ -42,10 +46,7 @@ if($_POST) { OC_Config::setValue('allowZipDownload', isset($_POST['allowZipDownload'])); } } -$upload_max_filesize = OC_Helper::computerFileSize(ini_get('upload_max_filesize')); -$post_max_size = OC_Helper::computerFileSize(ini_get('post_max_size')); -$maxUploadFilesize = min($upload_max_filesize, $post_max_size); -$maxZipInputSize = OC_Helper::humanfilesize(OC_Config::getValue('maxZipInputSize', OC_Helper::computerFileSize('800 MB'))); +$maxZipInputSize = OC_Helper::humanFileSize(OC_Config::getValue('maxZipInputSize', OC_Helper::computerFileSize('800 MB'))); $allowZipDownload = intval(OC_Config::getValue('allowZipDownload', true)); OC_App::setActiveNavigationEntry( "files_administration" ); diff --git a/lib/files.php b/lib/files.php index a68c29ad989..473be51fdd1 100644 --- a/lib/files.php +++ b/lib/files.php @@ -317,17 +317,46 @@ class OC_Files { /** * set the maximum upload size limit for apache hosts using .htaccess * @param int size filesisze in bytes + * @return mixed false on failure, size on success */ static function setUploadLimit($size){ $size=OC_Helper::humanFileSize($size); $size=substr($size,0,-1);//strip the B $size=str_replace(' ','',$size); //remove the space between the size and the postfix - $content = "ErrorDocument 404 /".OC::$WEBROOT."/core/templates/404.php\n";//custom 404 error page - $content.= "php_value upload_max_filesize $size\n";//upload limit - $content.= "php_value post_max_size $size\n"; - $content.= "SetEnv htaccessWorking true\n"; - $content.= "Options -Indexes\n"; - @file_put_contents(OC::$SERVERROOT.'/.htaccess', $content); //supress errors in case we don't have permissions for it + + //don't allow user to break his config + if(intval($size) == 0) { + return false; + } + + $htaccess = @file_get_contents(OC::$SERVERROOT.'/.htaccess'); //supress errors in case we don't have permissions for + if(!$htaccess) { + return false; + } + + $phpValueKeys = array( + 'upload_max_filesize', + 'post_max_size' + ); + + foreach($phpValueKeys as $key) { + $pattern = '/php_value '.$key.' (\S)*/'; + $setting = 'php_value '.$key.' '.$size; + $hasReplaced = 0; + $content = preg_replace($pattern, $setting, $htaccess, 1, $hasReplaced); + if($content !== NULL) { + $htaccess = $content; + } + if($hasReplaced == 0) { + $htaccess .= "\n" . $setting; + } + } + + //supress errors in case we don't have permissions for it + if(@file_put_contents(OC::$SERVERROOT.'/.htaccess', $htaccess)) { + return OC_Helper::computerFileSize($size); + } + return false; } /** -- cgit v1.2.3 From b95f561bf29094421b827bb1fcae96122ebf8f4a Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 13 Apr 2012 11:25:38 +0200 Subject: file settings: let people set no more than upper boundary for file uploads, but they should can really go up to the limit --- files/admin.php | 1 + files/templates/admin.php | 2 +- lib/files.php | 18 +++++++++++++----- 3 files changed, 15 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/files/admin.php b/files/admin.php index 04ef6a4e828..4ae3ee51236 100644 --- a/files/admin.php +++ b/files/admin.php @@ -54,6 +54,7 @@ OC_App::setActiveNavigationEntry( "files_administration" ); $tmpl = new OC_Template( 'files', 'admin' ); $tmpl->assign( 'htaccessWorking', $htaccessWorking ); $tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize); +$tmpl->assign( 'maxPossibleUploadSize', OC_Helper::humanFileSize(PHP_INT_MAX)); $tmpl->assign( 'allowZipDownload', $allowZipDownload); $tmpl->assign( 'maxZipInputSize', $maxZipInputSize); return $tmpl->fetchPage(); \ No newline at end of file diff --git a/files/templates/admin.php b/files/templates/admin.php index 730f55f2768..9bcc40e9361 100644 --- a/files/templates/admin.php +++ b/files/templates/admin.php @@ -4,7 +4,7 @@
t('File handling');?> - '/>
+ '/>(t('max. possible: '); echo $_['maxPossibleUploadSize'] ?>)
/>
diff --git a/lib/files.php b/lib/files.php index 473be51fdd1..051cfd4b81c 100644 --- a/lib/files.php +++ b/lib/files.php @@ -317,14 +317,22 @@ class OC_Files { /** * set the maximum upload size limit for apache hosts using .htaccess * @param int size filesisze in bytes - * @return mixed false on failure, size on success + * @return false on failure, size on success */ static function setUploadLimit($size){ - $size=OC_Helper::humanFileSize($size); - $size=substr($size,0,-1);//strip the B - $size=str_replace(' ','',$size); //remove the space between the size and the postfix + //don't allow user to break his config -- upper boundary + if($size > PHP_INT_MAX) { + //max size is always 1 byte lower than computerFileSize returns + if($size > PHP_INT_MAX+1) + return false; + $size -=1; + } else { + $size=OC_Helper::humanFileSize($size); + $size=substr($size,0,-1);//strip the B + $size=str_replace(' ','',$size); //remove the space between the size and the postfix + } - //don't allow user to break his config + //don't allow user to break his config -- broken or malicious size input if(intval($size) == 0) { return false; } -- cgit v1.2.3