From cfc78d44bbde0426337ba6dbacf32a87667f9334 Mon Sep 17 00:00:00 2001 From: Tom Needham Date: Sat, 30 Jun 2012 10:57:47 +0000 Subject: Return correct json response, fix syntax --- lib/migrate.php | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) (limited to 'lib') diff --git a/lib/migrate.php b/lib/migrate.php index 731b6a6839c..f788a637d3c 100644 --- a/lib/migrate.php +++ b/lib/migrate.php @@ -278,7 +278,7 @@ class OC_Migrate{ return json_encode( array( 'success' => false ) ); } // Done - return json_encode( 'success' => true ); + return json_encode( array( 'success' => true ) ); */ break; } @@ -443,21 +443,10 @@ class OC_Migrate{ 'ocversion' => OC_Util::getVersion(), 'exporttime' => time(), 'exportedby' => OC_User::getUser(), - 'exporttype' => self::$exporttype + 'exporttype' => self::$exporttype, + 'exporteduser' => self::$uid ); - // Add hash if user export - if( self::$exporttype == 'user' ){ - $query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid = ?" ); - $result = $query->execute( array( self::$uid ) ); - $row = $result->fetchRow(); - $hash = $row ? $row['password'] : false; - if( !$hash ){ - OC_Log::write( 'migration', 'Failed to get the users password hash', OC_log::ERROR); - return false; - } - $info['hash'] = $hash; - $info['exporteduser'] = self::$uid; - } + if( !is_array( $array ) ){ OC_Log::write( 'migration', 'Supplied $array was not an array in getExportInfo()', OC_Log::ERROR ); } -- cgit v1.2.3 From b2cb7d54d16aa1ae5904b917b3d597763150d04d Mon Sep 17 00:00:00 2001 From: Tom Needham Date: Sat, 30 Jun 2012 10:55:38 +0000 Subject: Fixed app path --- lib/db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/db.php b/lib/db.php index 9e6835adc6f..ffa0d37307a 100644 --- a/lib/db.php +++ b/lib/db.php @@ -528,7 +528,7 @@ class OC_DB { self::removeDBStructure( OC::$SERVERROOT . '/db_structure.xml' ); foreach($apps as $app){ - $path = self::getAppPath($app).'/appinfo/database.xml'; + $path = OC_App::getAppPath($app).'/appinfo/database.xml'; if(file_exists($path)){ self::removeDBStructure( $path ); } -- cgit v1.2.3 From 4e63981da9a02d8a6c2393ad6773edf558222530 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Sun, 1 Jul 2012 13:45:20 +0200 Subject: Disable mimesniffing --- lib/json.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/json.php b/lib/json.php index 4eab4fce9f6..7cd9ba371d7 100644 --- a/lib/json.php +++ b/lib/json.php @@ -15,6 +15,8 @@ class OC_JSON{ if (!self::$send_content_type_header){ // We send json data header( 'Content-Type: '.$type ); + // Force download + header( 'Content-Disposition: attachment' ); self::$send_content_type_header = true; } } @@ -94,12 +96,12 @@ class OC_JSON{ * Encode and print $data in json format */ public static function encodedPrint($data,$setContentType=true){ - if(!isset($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '') { + // Disable mimesniffing, don't move this to setContentTypeHeader! + header( 'X-Content-Type-Options: nosniff' ); if($setContentType){ self::setContentTypeHeader(); } array_walk_recursive($data, array('OC_JSON', 'to_string')); echo json_encode($data); - } } } -- cgit v1.2.3 From e4960c3bb471d572e6883eb8c5a503e3e7c6ccba Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Sun, 1 Jul 2012 21:50:53 +0200 Subject: fix a small PHP fail --- lib/l10n.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/l10n.php b/lib/l10n.php index 4acbc5dcebc..b21829e91fd 100644 --- a/lib/l10n.php +++ b/lib/l10n.php @@ -115,7 +115,7 @@ class OC_L10N{ // (Just no need to define date/time format etc. twice) if(file_exists($i18ndir.$lang.'.php')){ // Include the file, save the data from $CONFIG - include($i18ndir.$lang.'.php'); + include(strip_tags($i18ndir).strip_tags($lang).'.php'); if(isset($TRANSLATIONS) && is_array($TRANSLATIONS)){ $this->translations = $TRANSLATIONS; } -- cgit v1.2.3 From f8cebed3481d523ff43d438ac97048137f4f9902 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 2 Jul 2012 10:21:38 +0200 Subject: Don't display error messages --- lib/l10n.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/l10n.php b/lib/l10n.php index b21829e91fd..de8514573d3 100644 --- a/lib/l10n.php +++ b/lib/l10n.php @@ -113,13 +113,13 @@ class OC_L10N{ $i18ndir = self::findI18nDir($app); // Localization is in /l10n, Texts are in $i18ndir // (Just no need to define date/time format etc. twice) - if(file_exists($i18ndir.$lang.'.php')){ + if((OC_Helper::issubdirectory($i18ndir.$lang.'.php', OC_App::getAppPath($app).'/l10n/') || OC_Helper::issubdirectory($i18ndir.$lang.'.php', OC::$SERVERROOT.'/core/l10n/') || OC_Helper::issubdirectory($i18ndir.$lang.'.php', OC::$SERVERROOT.'/settings')) && file_exists($i18ndir.$lang.'.php')) { // Include the file, save the data from $CONFIG include(strip_tags($i18ndir).strip_tags($lang).'.php'); if(isset($TRANSLATIONS) && is_array($TRANSLATIONS)){ $this->translations = $TRANSLATIONS; } - } + } if(file_exists(OC::$SERVERROOT.'/core/l10n/l10n-'.$lang.'.php')){ // Include the file, save the data from $CONFIG -- cgit v1.2.3 From 90331a3fa1c2bd7c1ec5efb6b9f55d02d1ffe273 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 2 Jul 2012 12:20:43 +0200 Subject: Remove forced download --- lib/json.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/json.php b/lib/json.php index 7cd9ba371d7..c49b831c12b 100644 --- a/lib/json.php +++ b/lib/json.php @@ -15,8 +15,6 @@ class OC_JSON{ if (!self::$send_content_type_header){ // We send json data header( 'Content-Type: '.$type ); - // Force download - header( 'Content-Disposition: attachment' ); self::$send_content_type_header = true; } } -- cgit v1.2.3 From 52822652bce0466895a6ee139d625439fddc240b Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 2 Jul 2012 20:24:26 +0200 Subject: provide multibyte aware helper functions mb_str_replace, mb_substr_replace and mb_array_change_key_case for handling with UTF 8 --- lib/helper.php | 74 +++++++++++++++++++++++++++++++++++++++++++++++++---- lib/public/util.php | 70 ++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 126 insertions(+), 18 deletions(-) (limited to 'lib') diff --git a/lib/helper.php b/lib/helper.php index b1d2da1452f..0d18098a4e7 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -41,7 +41,7 @@ class OC_Helper { $app_path = OC_App::getAppPath($app); // Check if the app is in the app folder if( $app_path && file_exists( $app_path.'/'.$file )){ - if(substr($file, -3) == 'php' || substr($file, -3) == 'css'){ + if(substr($file, -3) == 'php' || substr($file, -3) == 'css'){ $urlLinkTo = OC::$WEBROOT . '/?app=' . $app; $urlLinkTo .= ($file!='index.php')?'&getfile=' . urlencode($file):''; }else{ @@ -379,7 +379,7 @@ class OC_Helper { //trim the character set from the end of the response $mimeType=substr($reply,0,strrpos($reply,' ')); - //trim ; + //trim ; if (strpos($mimeType, ';') !== false) { $mimeType = strstr($mimeType, ';', true); } @@ -586,11 +586,11 @@ class OC_Helper { return $newpath; } - + /* * checks if $sub is a subdirectory of $parent - * - * @param $sub + * + * @param $sub * @param $parent * @return bool */ @@ -620,4 +620,68 @@ class OC_Helper { exit;*/ return false; } + + /** + * @brief Returns an array with all keys from input lowercased or uppercased. Numbered indices are left as is. + * + * @param $input The array to work on + * @param $case Either MB_CASE_UPPER or MB_CASE_LOWER (default) + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @return array + * + * Returns an array with all keys from input lowercased or uppercased. Numbered indices are left as is. + * based on http://www.php.net/manual/en/function.array-change-key-case.php#107715 + * + */ + public static function mb_array_change_key_case($input, $case = MB_CASE_LOWER, $encoding = 'UTF-8'){ + $case = ($case != MB_CASE_UPPER) ? MB_CASE_LOWER : MB_CASE_UPPER; + $ret = array(); + foreach ($input as $k => $v) { + $ret[mb_convert_case($k, $case, $encoding)] = $v; + } + return $ret; + } + + /** + * @brief replaces a copy of string delimited by the start and (optionally) length parameters with the string given in replacement. + * + * @param $input The input string. .Opposite to the PHP build-in function does not accept an array. + * @param $replacement The replacement string. + * @param $start If start is positive, the replacing will begin at the start'th offset into string. If start is negative, the replacing will begin at the start'th character from the end of string. + * @param $length Length of the part to be replaced + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @return string + * + */ + public static function mb_substr_replace($string, $replacement, $start, $length = null, $encoding = 'UTF-8') { + $start = intval($start); + $length = intval($length); + $string = mb_substr($string, 0, $start, $encoding) . + $replacement . + mb_substr($string, $start+$length, mb_strlen($string, 'UTF-8')-$start, $encoding); + + return $string; + } + + /** + * @brief Replace all occurrences of the search string with the replacement string + * + * @param $search The value being searched for, otherwise known as the needle. String. + * @param $replace The replacement string. + * @param $subject The string or array being searched and replaced on, otherwise known as the haystack. + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @param $count If passed, this will be set to the number of replacements performed. + * @return string + * + */ + public static function mb_str_replace($search, $replace, $subject, $encoding = 'UTF-8', &$count = null) { + $offset = -1; + $length = mb_strlen($search, 'UTF-8'); + while(($i = mb_strrpos($subject, $search, $offset, 'UTF-8'))) { + $subject = OC_Helper::mb_substr_replace($subject, $replace, $i, $length); + $offset = $i - mb_strlen($subject, 'UTF-8') - 1; + $count++; + } + return $subject; + } } diff --git a/lib/public/util.php b/lib/public/util.php index c611d59a533..41121091544 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -26,7 +26,7 @@ * */ -// use OCP namespace for all classes that are considered public. +// use OCP namespace for all classes that are considered public. // This means that they should be used by apps instead of the internal ownCloud classes namespace OCP; @@ -54,7 +54,7 @@ class Util { /** - * @brief send an email + * @brief send an email * @param string $toaddress * @param string $toname * @param string $subject @@ -264,17 +264,61 @@ class Util { public static function callCheck(){ return(\OC_Util::callCheck()); } - - /** - * @brief Used to sanitize HTML - * - * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page. - * - * @param string or array of strings - * @return array with sanitized strings or a single sinitized string, depends on the input parameter. - */ - public static function sanitizeHTML( $value ){ - return(\OC_Util::sanitizeHTML($value)); + + /** + * @brief Used to sanitize HTML + * + * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page. + * + * @param string or array of strings + * @return array with sanitized strings or a single sinitized string, depends on the input parameter. + */ + public static function sanitizeHTML( $value ){ + return(\OC_Util::sanitizeHTML($value)); + } + + /** + * @brief Returns an array with all keys from input lowercased or uppercased. Numbered indices are left as is. + * + * @param $input The array to work on + * @param $case Either MB_CASE_UPPER or MB_CASE_LOWER (default) + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @return array + * + * + */ + public static function mb_array_change_key_case($input, $case = MB_CASE_LOWER, $encoding = 'UTF-8'){ + return(\OC_Helper::mb_array_change_key_case($input, $case, $encoding)); + } + + /** + * @brief replaces a copy of string delimited by the start and (optionally) length parameters with the string given in replacement. + * + * @param $input The input string. .Opposite to the PHP build-in function does not accept an array. + * @param $replacement The replacement string. + * @param $start If start is positive, the replacing will begin at the start'th offset into string. If start is negative, the replacing will begin at the start'th character from the end of string. + * @param $length Length of the part to be replaced + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @return string + * + */ + public static function mb_substr_replace($string, $replacement, $start, $length = null, $encoding = 'UTF-8') { + return(\OC_Helper::mb_substr_replace($string, $replacement, $start, $length, $encoding)); + } + + /** + * @brief Replace all occurrences of the search string with the replacement string + * + * @param $search The value being searched for, otherwise known as the needle. String. + * @param $replace The replacement string. + * @param $subject The string or array being searched and replaced on, otherwise known as the haystack. + * @param $encoding The encoding parameter is the character encoding. Defaults to UTF-8 + * @param $count If passed, this will be set to the number of replacements performed. + * @return string + * + */ + public static function mb_str_replace($search, $replace, $subject, $encoding = 'UTF-8', &$count = null) { + return(\OC_Helper::mb_str_replace($search, $replace, $subject, $encoding, $count)); } } -- cgit v1.2.3 From 8a1c27918319a96a5e801b1e945eb0fce5b489af Mon Sep 17 00:00:00 2001 From: Brice Maron Date: Tue, 3 Jul 2012 09:20:42 +0200 Subject: Escape pg connection string on setup --- lib/setup.php | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/setup.php b/lib/setup.php index 5387a0ef493..bad0f5301c7 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -155,8 +155,11 @@ class OC_Setup { OC_CONFIG::setValue('dbhost', $dbhost); OC_CONFIG::setValue('dbtableprefix', $dbtableprefix); + $e_host = addslashes($dbhost); + $e_user = addslashes($dbuser); + $e_password = addslashes($dbpass); //check if the database user has admin right - $connection_string = "host=$dbhost dbname=postgres user=$dbuser password=$dbpass"; + $connection_string = "host='$e_host' dbname=postgres user='$e_user' password='$e_password'"; $connection = @pg_connect($connection_string); if(!$connection) { $error[] = array( @@ -166,8 +169,9 @@ class OC_Setup { return $error; } else { + $e_user = pg_escape_string($dbuser); //check for roles creation rights in postgresql - $query="SELECT 1 FROM pg_roles WHERE rolcreaterole=TRUE AND rolname='$dbuser'"; + $query="SELECT 1 FROM pg_roles WHERE rolcreaterole=TRUE AND rolname='$e_user'"; $result = pg_query($connection, $query); if($result and pg_num_rows($result) > 0) { //use the admin login data for the new database user @@ -199,7 +203,13 @@ class OC_Setup { // connect to the ownCloud database (dbname=$dbname) an check if it needs to be filled $dbuser = OC_CONFIG::getValue('dbuser'); $dbpass = OC_CONFIG::getValue('dbpassword'); - $connection_string = "host=$dbhost dbname=$dbname user=$dbuser password=$dbpass"; + + $e_host = addslashes($dbhost); + $e_dbname = addslashes($dbname); + $e_user = addslashes($dbuser); + $e_password = addslashes($dbpass); + + $connection_string = "host='$e_host' dbname='$e_dbname' user='$e_user' password='$e_password'"; $connection = @pg_connect($connection_string); if(!$connection) { $error[] = array( -- cgit v1.2.3