Merge pull request #1321 from owncloud/csp-fixes

Files: CSP fixes
This commit is contained in:
Thomas Müller 2013-01-28 00:29:46 -08:00
commit 31d83fddc4
11 changed files with 12 additions and 46 deletions

View File

@ -21,10 +21,6 @@
*
*/
// Init owncloud
OCP\User::checkAdminUser();
$htaccessWorking=(getenv('htaccessWorking')=='true');

View File

@ -8,7 +8,4 @@
$this->create('download', 'download{file}')
->requirements(array('file' => '.*'))
->actionInclude('files/download.php');
// oC JS config
$this->create('publicListView', 'js/publiclistview.js')
->actionInclude('files/js/publiclistview.php');
->actionInclude('files/download.php');

View File

@ -21,9 +21,6 @@
*
*/
// Init owncloud
// Check if we are a user
OCP\User::checkLoggedIn();

View File

@ -76,6 +76,7 @@ $list = new OCP\Template('files', 'part.list', '');
$list->assign('files', $files, false);
$list->assign('baseURL', OCP\Util::linkTo('files', 'index.php') . '?dir=', false);
$list->assign('downloadURL', OCP\Util::linkTo('files', 'download.php') . '?file=', false);
$list->assign('disableSharing', false);
$breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '');
$breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
$breadcrumbNav->assign('baseURL', OCP\Util::linkTo('files', 'index.php') . '?dir=', false);

View File

@ -1,20 +0,0 @@
<?php
/**
* Copyright (c) 2013 Lukas Reschke <lukas@statuscode.ch>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
// Set the content type to Javascript
header("Content-type: text/javascript");
// Disallow caching
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
if ( array_key_exists('disableSharing', $_) && $_['disableSharing'] == true ) {
echo "var disableSharing = true;";
} else {
echo "var disableSharing = false;";
}

View File

@ -21,10 +21,6 @@
*
*/
// Init owncloud
// Check if we are a user
OCP\User::checkLoggedIn();

View File

@ -1,4 +1,4 @@
<script type="text/javascript" src="<?php echo OC_Helper::linkToRoute('publicListView');?>"></script>
<input type="hidden" id="disableSharing" data-status="<?php echo $_['disableSharing']; ?>">
<?php foreach($_['files'] as $file):
$simple_file_size = OCP\simple_file_size($file['size']);

View File

@ -1,5 +1,7 @@
$(document).ready(function() {
var disableSharing = $('#disableSharing').data('status');
if (typeof OC.Share !== 'undefined' && typeof FileActions !== 'undefined' && !disableSharing) {
FileActions.register('all', 'Share', OC.PERMISSION_READ, OC.imagePath('core', 'actions/share'), function(filename) {

View File

@ -1,5 +1,3 @@
<script type="text/javascript" src="<?php echo OC_Helper::linkToRoute('publicListView');?>"></script>
<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
<input type="hidden" name="downloadURL" value="<?php echo $_['downloadURL'] ?>" id="downloadURL">
<input type="hidden" name="filename" value="<?php echo $_['filename'] ?>" id="filename">

View File

@ -17,11 +17,15 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
$l = OC_L10N::get('core');
// Get the config
$debug = (defined('DEBUG') && DEBUG) ? 'true' : 'false';
$apps_paths = array();
foreach(OC_App::getEnabledApps() as $app) {
$apps_paths[$app] = OC_App::getAppWebPath($app);
}
$array = array(
"oc_debug" => $debug,
"oc_debug" => (defined('DEBUG') && DEBUG) ? 'true' : 'false',
"oc_webroot" => "\"".OC::$WEBROOT."\"",
"oc_appswebroots" => "\"".$_['apps_paths']. "\"",
"oc_appswebroots" => str_replace('\\/', '/', json_encode($apps_paths)), // Ugly unescape slashes waiting for better solution
"oc_current_user" => "\"".OC_User::getUser(). "\"",
"oc_requesttoken" => "\"".OC_Util::callRegister(). "\"",
"datepickerFormatDate" => json_encode($l->l('jsdate', 'jsdate')),

View File

@ -28,11 +28,6 @@ class OC_TemplateLayout extends OC_Template {
break;
}
}
$apps_paths = array();
foreach(OC_App::getEnabledApps() as $app) {
$apps_paths[$app] = OC_App::getAppWebPath($app);
}
$this->assign( 'apps_paths', str_replace('\\/', '/', json_encode($apps_paths)), false ); // Ugly unescape slashes waiting for better solution
} else if ($renderas == 'guest') {
parent::__construct('core', 'layout.guest');
} else {