From f07180639c5af149447bc573db58ee130575369e Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 22 Apr 2014 20:09:55 +0200 Subject: Add unit tests for arrays and " OC_Util::sanitizeHTML() also supports array but we actually had no unit test for it. Additionally this commit introduces a test for escaping " into " --- tests/lib/template.php | 18 ++++++++++++++---- tests/lib/util.php | 28 +++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 9 deletions(-) (limited to 'tests') diff --git a/tests/lib/template.php b/tests/lib/template.php index b4f1a4c4053..b3d0975b793 100644 --- a/tests/lib/template.php +++ b/tests/lib/template.php @@ -28,13 +28,23 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { } public function testP() { - // FIXME: do we need more testcases? - $htmlString = ""; + $badString = ''; + ob_start(); + p($badString); + $result = ob_get_clean(); + $this->assertEquals('<img onload="alert(1)" />', $result); + + $badString = ""; ob_start(); - p($htmlString); + p($badString); $result = ob_get_clean(); + $this->assertEquals('<script>alert('Hacked!');</script>', $result); - $this->assertEquals("<script>alert('xss');</script>", $result); + $goodString = 'This is a good string without HTML.'; + ob_start(); + p($goodString); + $result = ob_get_clean(); + $this->assertEquals('This is a good string without HTML.', $result); } public function testPNormalString() { diff --git a/tests/lib/util.php b/tests/lib/util.php index ee336aa1118..20f2f7bbeab 100644 --- a/tests/lib/util.php +++ b/tests/lib/util.php @@ -43,15 +43,33 @@ class Test_Util extends PHPUnit_Framework_TestCase { } function testSanitizeHTML() { + $badArray = array( + 'While it is unusual to pass an array', + 'this function actually supports it.', + 'And therefore there needs to be a for it!' + ); + $goodArray = array( + 'While it is unusual to pass an array', + 'this function actually <blink>supports</blink> it.', + 'And therefore there needs to be a <script>alert("Unit"+'test')</script> for it!' + ); + $result = OC_Util::sanitizeHTML($badArray); + $this->assertEquals($goodArray, $result); + + $badString = ''; + $result = OC_Util::sanitizeHTML($badString); + $this->assertEquals('<img onload="alert(1)" />', $result); + $badString = ""; $result = OC_Util::sanitizeHTML($badString); - $this->assertEquals("<script>alert('Hacked!');</script>", $result); + $this->assertEquals('<script>alert('Hacked!');</script>', $result); - $goodString = "This is an harmless string."; + $goodString = 'This is a good string without HTML.'; $result = OC_Util::sanitizeHTML($goodString); - $this->assertEquals("This is an harmless string.", $result); - } - + $this->assertEquals('This is a good string without HTML.', $result); +} + + function testEncodePath(){ $component = '/§#@test%&^ä/-child'; $result = OC_Util::encodePath($component); -- cgit v1.2.3 From 589c74e1761f7450d7aabb0f5cf8391f89c3847d Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 22 Apr 2014 20:10:46 +0200 Subject: Fix indentation --- tests/lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/lib/util.php b/tests/lib/util.php index 20f2f7bbeab..4c0ed920388 100644 --- a/tests/lib/util.php +++ b/tests/lib/util.php @@ -67,7 +67,7 @@ class Test_Util extends PHPUnit_Framework_TestCase { $goodString = 'This is a good string without HTML.'; $result = OC_Util::sanitizeHTML($goodString); $this->assertEquals('This is a good string without HTML.', $result); -} + } function testEncodePath(){ -- cgit v1.2.3 From 9d3b639ce68b1b60845b7bf605f16292fd0a6019 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 22 Apr 2014 20:11:34 +0200 Subject: Remove uneeded newline --- tests/lib/util.php | 1 - 1 file changed, 1 deletion(-) (limited to 'tests') diff --git a/tests/lib/util.php b/tests/lib/util.php index 4c0ed920388..c4780cc5f48 100644 --- a/tests/lib/util.php +++ b/tests/lib/util.php @@ -69,7 +69,6 @@ class Test_Util extends PHPUnit_Framework_TestCase { $this->assertEquals('This is a good string without HTML.', $result); } - function testEncodePath(){ $component = '/§#@test%&^ä/-child'; $result = OC_Util::encodePath($component); -- cgit v1.2.3 From 6650be99136bbeecc39a28cbe9c22de0c5cf08ac Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 23 Apr 2014 12:50:24 +0200 Subject: add setting to set default expire date --- lib/private/share/helper.php | 49 ++++++++++++++++++++++++++++++++++++++++ lib/private/share/share.php | 15 ++++++++++-- settings/admin.php | 4 ++++ settings/css/settings.css | 1 + settings/templates/admin.php | 19 +++++++++++++++- tests/lib/share/helper.php | 54 ++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 139 insertions(+), 3 deletions(-) create mode 100644 tests/lib/share/helper.php (limited to 'tests') diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php index fde55667281..515ec85909a 100644 --- a/lib/private/share/helper.php +++ b/lib/private/share/helper.php @@ -199,4 +199,53 @@ class Helper extends \OC\Share\Constants { $query->execute(); } } + + /** + * @brief get default expire settings defined by the admin + * @return array contains 'defaultExpireDateSet', 'enforceExpireDate', 'expireAfterDays' + */ + public static function getDefaultExpireSetting() { + + $defaultExpireSettings = array('defaultExpireDateSet' => false); + + // get default expire settings + $defaultExpireDate = \OC_Appconfig::getValue('core', 'shareapi_default_expire_date', 'no'); + if ($defaultExpireDate === 'yes') { + $enforceExpireDate = \OC_Appconfig::getValue('core', 'shareapi_enforce_expire_date', 'no'); + $defaultExpireSettings['defaultExpireDateSet'] = true; + $defaultExpireSettings['expireAfterDays'] = (int)\OC_Appconfig::getValue('core', 'shareapi_expire_after_n_days', '7'); + $defaultExpireSettings['enforceExpireDate'] = $enforceExpireDate === 'yes' ? true : false; + } + + return $defaultExpireSettings; + } + + /** + * @brief calculate expire date + * @param array $defaultExpireSettings contains 'defaultExpireDateSet', 'enforceExpireDate', 'expireAfterDays' + * @param int $creationTime timestamp when the share was created + * @param int $userExpireDate expire timestamp set by the user + * @return mixed integer timestamp or False + */ + public static function calculateExpireDate($defaultExpireSettings, $creationTime, $userExpireDate = null) { + + $expires = false; + + if (isset($defaultExpireSettings['defaultExpireDateSet']) && $defaultExpireSettings['defaultExpireDateSet']) { + $expires = $creationTime + $defaultExpireSettings['expireAfterDays'] * 86400; + } + + + if (isset($userExpireDate)) { + // if the admin decided to enforce the default expire date then we only take + // the user defined expire date of it is before the default expire date + if ($expires && isset($defaultExpireSettings['enforceExpireDate']) && $defaultExpireSettings['enforceExpireDate']) { + $expires = ($userExpireDate < $expires) ? $userExpireDate : $expires; + } else { + $expires = $userExpireDate; + } + } + + return $expires; + } } diff --git a/lib/private/share/share.php b/lib/private/share/share.php index fe756b5ae7f..a18c54af8a3 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -844,9 +844,20 @@ class Share extends \OC\Share\Constants { * @return bool True if item was expired, false otherwise. */ protected static function expireItem(array $item) { + + // get default expire settings + $defaultSettings = Helper::getDefaultExpireSetting(); + // calculate expire date if (!empty($item['expiration'])) { - $now = new \DateTime(); - $expires = new \DateTime($item['expiration']); + $userDefinedExpire = new \DateTime($item['expiration']); + $userDefinedExpireTimestamp = $userDefinedExpire->getTimestamp(); + } else { + $userDefinedExpireTimestamp = null; + } + $expires = Helper::calculateExpireDate($defaultSettings, $item['stime'], $userDefinedExpireTimestamp); + + if (is_int($expires)) { + $now = time(); if ($now > $expires) { self::unshareItem($item); return true; diff --git a/settings/admin.php b/settings/admin.php index bce18b7cf6a..49dde59ce2a 100755 --- a/settings/admin.php +++ b/settings/admin.php @@ -45,6 +45,10 @@ $tmpl->assign('backgroundjobs_mode', OC_Appconfig::getValue('core', 'backgroundj $tmpl->assign('cron_log', OC_Config::getValue('cron_log', true)); $tmpl->assign('lastcron', OC_Appconfig::getValue('core', 'lastcron', false)); $tmpl->assign('shareAPIEnabled', OC_Appconfig::getValue('core', 'shareapi_enabled', 'yes')); +$tmpl->assign('shareDefaultExpireDateSet', OC_Appconfig::getValue('core', 'shareapi_default_expire_date', 'no')); +$tmpl->assign('shareExpireAfterNDays', OC_Appconfig::getValue('core', 'shareapi_expire_after_n_days', '7')); +$tmpl->assign('shareEnforceExpireDate', OC_Appconfig::getValue('core', 'shareapi_enforce_expire_date', 'no')); + // Check if connected using HTTPS if (OC_Request::serverProtocol() === 'https') { diff --git a/settings/css/settings.css b/settings/css/settings.css index a7680aad948..5d8f9a7541c 100644 --- a/settings/css/settings.css +++ b/settings/css/settings.css @@ -132,6 +132,7 @@ table.grid td.date{ span.securitywarning {color:#C33; font-weight:bold; } span.connectionwarning {color:#933; font-weight:bold; } table.shareAPI td { padding-bottom: 0.8em; } +table.shareAPI input#shareapi_expire_after_n_days {width: 25px;} #mail_settings p label:first-child { display: inline-block; diff --git a/settings/templates/admin.php b/settings/templates/admin.php index 07b5ee7860e..8eb1beb9566 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -254,6 +254,23 @@ if (!$_['internetconnectionworking']) { t('Allow users to send mail notification for shared files')); ?> + + + > + /> +
+ t( 'Expire after ' )); ?> + ' /> + t( 'days' )); ?> + /> +
+ t('Expire shares by default after N days')); ?> + + + @@ -296,7 +313,7 @@ if (!$_['internetconnectionworking']) {

t('This is used for sending out notifications.')); ?>

- +