mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into encryption_check_php_version 

Conflicts:
	apps/files_encryption/files/error.php
This commit is contained in:
Björn Schießle 2013-07-02 13:54:31 +02:00
parent 38ed00398f 29dd7eda2d
commit 3fc5b34247
9 changed files with 180 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
apps/files/ajax/upload.php
View File

@ -8,40 +8,40 @@ OCP\JSON::setContentTypeHeader('text/plain');
// If no token is sent along, rely on login only
$l = OC_L10N::get('files');
if (!$_POST['dirToken']) {
// The standard case, files are uploaded through logged in users :)
OCP\JSON::checkLoggedIn();
$dir = isset($_POST['dir']) ? $_POST['dir'] : "";
if (!$dir || empty($dir) || $dir === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
die();
}
if (empty($_POST['dirToken'])) {
// The standard case, files are uploaded through logged in users :)
OCP\JSON::checkLoggedIn();
$dir = isset($_POST['dir']) ? $_POST['dir'] : "";
if (!$dir || empty($dir) || $dir === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
die();
}
} else {
$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
if ($linkItem === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
die();
}
if ($linkItem === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
die();
}
if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {
OCP\JSON::checkLoggedIn();
} else {
if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {
OCP\JSON::checkLoggedIn();
} else {
// The token defines the target directory (security reasons)
$dir = sprintf(
"/%s/%s",
$linkItem['file_target'],
isset($_POST['subdir']) ? $_POST['subdir'] : ''
);
// The token defines the target directory (security reasons)
$dir = sprintf(
"/%s/%s",
$linkItem['file_target'],
isset($_POST['subdir']) ? $_POST['subdir'] : ''
);
if (!$dir || empty($dir) || $dir === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
die();
}
// Setup FS with owner
OC_Util::setupFS($linkItem['uid_owner']);
}
if (!$dir || empty($dir) || $dir === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
die();
}
// Setup FS with owner
OC_Util::setupFS($linkItem['uid_owner']);
}
}
@ -61,7 +61,7 @@ foreach ($_FILES['files']['error'] as $error) {
$errors = array(
UPLOAD_ERR_OK => $l->t('There is no error, the file uploaded with success'),
UPLOAD_ERR_INI_SIZE => $l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini: ')
. ini_get('upload_max_filesize'),
. ini_get('upload_max_filesize'),
UPLOAD_ERR_FORM_SIZE => $l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'),
UPLOAD_ERR_PARTIAL => $l->t('The uploaded file was only partially uploaded'),
UPLOAD_ERR_NO_FILE => $l->t('No file was uploaded'),
@ -107,7 +107,7 @@ if (strpos($dir, '..') === false) {
'size' => $meta['size'],
'id' => $meta['fileid'],
'name' => basename($target),
'originalname'=>$files['name'][$i],
'originalname' => $files['name'][$i],
'uploadMaxFilesize' => $maxUploadFilesize,
'maxHumanFilesize' => $maxHumanFilesize
);

2
apps/files/js/filelist.js
View File

@ -467,7 +467,7 @@ $(document).ready(function(){
}
var date=new Date();
var param = {};
if ($('#publicUploadRequestToken')) {
if ($('#publicUploadRequestToken').length) {
param.download_url = document.location.href + '&download&path=/' + $('#dir').val() + '/' + uniqueName;
}
// create new file context

2
apps/files_encryption/files/error.php
View File

@ -4,7 +4,7 @@ if (!isset($_)) { //also provide standalone error page
$l = OC_L10N::get('files_encryption');
$errorMsg = $l->t('Your private key is not valid! Maybe your password was changed from outside. You can update your private key password in your personal settings to regain access to your files.');
$errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
if(isset($_GET['p']) && $_GET['p'] === '1') {
header('HTTP/1.0 404 ' . $errorMsg);

180
lib/db.php
View File

@ -180,28 +180,18 @@ class OC_DB {
$dsn = 'oci:dbname=//' . $host . '/' . $name;
}
break;
case 'mssql':
case 'mssql':
if ($port) {
$dsn='sqlsrv:Server='.$host.','.$port.';Database='.$name;
} else {
$dsn='sqlsrv:Server='.$host.';Database='.$name;
}
break;
break;
default:
return false;
}
try{
self::$PDO=new PDO($dsn, $user, $pass, $opts);
}catch(PDOException $e) {
OC_Log::write('core', $e->getMessage(), OC_Log::FATAL);
OC_User::setUserId(null);
// send http status 503
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
OC_Template::printErrorPage('Failed to connect to database');
die();
}
self::$PDO=new PDO($dsn, $user, $pass, $opts);
// We always, really always want associative arrays
self::$PDO->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
self::$PDO->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
@ -299,19 +289,8 @@ class OC_DB {
// Try to establish connection
self::$MDB2 = MDB2::factory( $dsn, $options );
// Die if we could not connect
if( PEAR::isError( self::$MDB2 )) {
OC_Log::write('core', self::$MDB2->getUserInfo(), OC_Log::FATAL);
OC_Log::write('core', self::$MDB2->getMessage(), OC_Log::FATAL);
OC_User::setUserId(null);
// send http status 503
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
OC_Template::printErrorPage('Failed to connect to database');
die();
}
self::raiseExceptionOnError( self::$MDB2 );
// We always, really always want associative arrays
self::$MDB2->setFetchMode(MDB2_FETCHMODE_ASSOC);
@ -803,9 +782,9 @@ class OC_DB {
$query = str_replace( 'now()', 'CURRENT_TIMESTAMP', $query );
$query = str_replace( 'LENGTH(', 'LEN(', $query );
$query = str_replace( 'SUBSTR(', 'SUBSTRING(', $query );
$query = self::fixLimitClauseForMSSQL($query);
}
$query = self::fixLimitClauseForMSSQL($query);
}
// replace table name prefix
$query = str_replace( '*PREFIX*', $prefix, $query );
@ -813,60 +792,60 @@ class OC_DB {
return $query;
}
private static function fixLimitClauseForMSSQL($query) {
$limitLocation = stripos ($query, "LIMIT");
if ( $limitLocation === false ) {
return $query;
}
// total == 0 means all results - not zero results
//
// First number is either total or offset, locate it by first space
//
$offset = substr ($query, $limitLocation + 5);
$offset = substr ($offset, 0, stripos ($offset, ' '));
$offset = trim ($offset);
private static function fixLimitClauseForMSSQL($query) {
$limitLocation = stripos ($query, "LIMIT");
// check for another parameter
if (stripos ($offset, ',') === false) {
// no more parameters
$offset = 0;
$total = intval ($offset);
} else {
// found another parameter
$offset = intval ($offset);
if ( $limitLocation === false ) {
return $query;
}
$total = substr ($query, $limitLocation + 5);
$total = substr ($total, stripos ($total, ','));
// total == 0 means all results - not zero results
//
// First number is either total or offset, locate it by first space
//
$offset = substr ($query, $limitLocation + 5);
$offset = substr ($offset, 0, stripos ($offset, ' '));
$offset = trim ($offset);
$total = substr ($total, 0, stripos ($total, ' '));
$total = intval ($total);
}
// check for another parameter
if (stripos ($offset, ',') === false) {
// no more parameters
$offset = 0;
$total = intval ($offset);
} else {
// found another parameter
$offset = intval ($offset);
$query = trim (substr ($query, 0, $limitLocation));
$total = substr ($query, $limitLocation + 5);
$total = substr ($total, stripos ($total, ','));
if ($offset == 0 && $total !== 0) {
if (strpos($query, "SELECT") === false) {
$query = "TOP {$total} " . $query;
} else {
$query = preg_replace('/SELECT(\s*DISTINCT)?/Dsi', 'SELECT$1 TOP '.$total, $query);
}
} else if ($offset > 0) {
$query = preg_replace('/SELECT(\s*DISTINCT)?/Dsi', 'SELECT$1 TOP(10000000) ', $query);
$query = 'SELECT *
FROM (SELECT sub2.*, ROW_NUMBER() OVER(ORDER BY sub2.line2) AS line3
FROM (SELECT 1 AS line2, sub1.* FROM (' . $query . ') AS sub1) as sub2) AS sub3';
$total = substr ($total, 0, stripos ($total, ' '));
$total = intval ($total);
}
$query = trim (substr ($query, 0, $limitLocation));
if ($offset == 0 && $total !== 0) {
if (strpos($query, "SELECT") === false) {
$query = "TOP {$total} " . $query;
} else {
$query = preg_replace('/SELECT(\s*DISTINCT)?/Dsi', 'SELECT$1 TOP '.$total, $query);
}
} else if ($offset > 0) {
$query = preg_replace('/SELECT(\s*DISTINCT)?/Dsi', 'SELECT$1 TOP(10000000) ', $query);
$query = 'SELECT *
FROM (SELECT sub2.*, ROW_NUMBER() OVER(ORDER BY sub2.line2) AS line3
FROM (SELECT 1 AS line2, sub1.* FROM (' . $query . ') AS sub1) as sub2) AS sub3';
if ($total > 0) {
$query .= ' WHERE line3 BETWEEN ' . ($offset + 1) . ' AND ' . ($offset + $total);
} else {
$query .= ' WHERE line3 > ' . $offset;
}
}
return $query;
}
if ($total > 0) {
$query .= ' WHERE line3 BETWEEN ' . ($offset + 1) . ' AND ' . ($offset + $total);
} else {
$query .= ' WHERE line3 > ' . $offset;
}
}
return $query;
}
/**
* @brief drop a table
* @param string $tableName the table to drop
@ -962,18 +941,21 @@ class OC_DB {
* @return bool
*/
public static function isError($result) {
if(self::$backend==self::BACKEND_PDO and $result === false) {
//MDB2 returns an MDB2_Error object
if (class_exists('PEAR') === true && PEAR::isError($result)) {
return true;
}elseif(self::$backend==self::BACKEND_MDB2 and PEAR::isError($result)) {
return true;
}else{
return false;
}
//PDO returns false on error (and throws an exception)
if (self::$backend===self::BACKEND_PDO and $result === false) {
return true;
}
return false;
}
/**
* check if a result is an error and throws an exception, works with MDB2 and PDOException
* @param mixed $result
* @param string message
* @param string $message
* @return void
* @throws DatabaseException
*/
@ -989,12 +971,15 @@ class OC_DB {
}
public static function getErrorCode($error) {
if ( self::$backend==self::BACKEND_MDB2 and PEAR::isError($error) ) {
$code = $error->getCode();
} elseif ( self::$backend==self::BACKEND_PDO and self::$PDO ) {
$code = self::$PDO->errorCode();
if ( class_exists('PEAR') === true && PEAR::isError($error) ) {
/** @var $error PEAR_Error */
return $error->getCode();
}
return $code;
if ( self::$backend==self::BACKEND_PDO and self::$PDO ) {
return self::$PDO->errorCode();
}
return -1;
}
/**
* returns the error code and message as a string for logging
@ -1003,23 +988,24 @@ class OC_DB {
* @return string
*/
public static function getErrorMessage($error) {
if ( self::$backend==self::BACKEND_MDB2 and PEAR::isError($error) ) {
if ( class_exists('PEAR') === true && PEAR::isError($error) ) {
$msg = $error->getCode() . ': ' . $error->getMessage();
$msg .= ' (' . $error->getDebugInfo() . ')';
} elseif (self::$backend==self::BACKEND_PDO and self::$PDO) {
return $msg;
}
if (self::$backend==self::BACKEND_PDO and self::$PDO) {
$msg = self::$PDO->errorCode() . ': ';
$errorInfo = self::$PDO->errorInfo();
if (is_array($errorInfo)) {
$msg .= 'SQLSTATE = '.$errorInfo[0] . ', ';
$msg .= 'Driver Code = '.$errorInfo[1] . ', ';
$msg .= 'Driver Message = '.$errorInfo[2];
}else{
$msg = '';
}
}else{
$msg = '';
return $msg;
}
return $msg;
return '';
}
/**
@ -1172,7 +1158,7 @@ class PDOStatementWrapper{
die ($entry);
}
}
/**
* provide numRows
*/

22
lib/request.php
View File

@ -9,7 +9,7 @@
class OC_Request {
/**
* @brief Check overwrite condition
* @returns true/false
* @returns bool
*/
private static function isOverwriteCondition($type = '') {
$regex = '/' . OC_Config::getValue('overwritecondaddr', '') . '/';
@ -19,7 +19,7 @@ class OC_Request {
/**
* @brief Returns the server host
* @returns the server host
* @returns string the server host
*
* Returns the server host, even if the website uses one or more
* reverse proxies
@ -40,7 +40,13 @@ class OC_Request {
}
}
else{
$host = $_SERVER['HTTP_HOST'];
if (isset($_SERVER['HTTP_HOST'])) {
return $_SERVER['HTTP_HOST'];
}
if (isset($_SERVER['SERVER_NAME'])) {
return $_SERVER['SERVER_NAME'];
}
return 'localhost';
}
return $host;
}
@ -48,7 +54,7 @@ class OC_Request {
/**
* @brief Returns the server protocol
* @returns the server protocol
* @returns string the server protocol
*
* Returns the server protocol. It respects reverse proxy servers and load balancers
*/
@ -70,7 +76,7 @@ class OC_Request {
/**
* @brief Returns the request uri
* @returns the request uri
* @returns string the request uri
*
* Returns the request uri, even if the website uses one or more
* reverse proxies
@ -85,7 +91,7 @@ class OC_Request {
/**
* @brief Returns the script name
* @returns the script name
* @returns string the script name
*
* Returns the script name, even if the website uses one or more
* reverse proxies
@ -139,7 +145,7 @@ class OC_Request {
/**
* @brief Check if this is a no-cache request
* @returns true for no-cache
* @returns boolean true for no-cache
*/
static public function isNoCache() {
if (!isset($_SERVER['HTTP_CACHE_CONTROL'])) {
@ -150,7 +156,7 @@ class OC_Request {
/**
* @brief Check if the requestor understands gzip
* @returns true for gzip encoding supported
* @returns boolean true for gzip encoding supported
*/
static public function acceptGZip() {
if (!isset($_SERVER['HTTP_ACCEPT_ENCODING'])) {

11
settings/js/apps.js
View File

@ -20,6 +20,11 @@ OC.Settings.Apps = OC.Settings.Apps || {
page.find('span.score').html(app.score);
page.find('p.description').text(app.description);
page.find('img.preview').attr('src', app.preview);
if (app.preview && app.preview.length) {
page.find('img.preview').show();
} else {
page.find('img.preview').hide();
}
page.find('small.externalapp').attr('style', 'visibility:visible');
page.find('span.author').text(app.author);
page.find('span.licence').text(app.licence);
@ -142,12 +147,16 @@ OC.Settings.Apps = OC.Settings.Apps || {
li.attr('data-id', entry.id);
var img= $('<img class="icon"/>').attr({ src: entry.icon});
var a=$('<a></a>').attr('href', entry.href);
var filename=$('<span></span>')
var filename=$('<span></span>');
filename.text(entry.name);
a.prepend(filename);
a.prepend(img);
li.append(a);
container.append(li);
if (!SVGSupport() && entry.icon.match(/\.svg$/i)) {
$(img).addClass('svg');
replaceSVG();
}
}
}
}

2
settings/templates/apps.php
View File

@ -34,7 +34,7 @@
class="version"></span><small class="externalapp" style="visibility:hidden;"></small></h3>
<span class="score"></span>
<p class="description"></p>
<img src="" class="preview" />
<img src="" class="preview hidden" />
<p class="appslink hidden"><a href="#" target="_blank"><?php
p($l->t('See application page at apps.owncloud.com'));?></a></p>
<p class="license hidden"><?php

3
tests/data/db_structure2.xml
View File

@ -49,8 +49,9 @@
<field>
<name>description</name>
<type>clob</type>
<type>text</type>
<notnull>false</notnull>
<length>1024</length>
</field>
<field>

80
tests/lib/dbschema.php
View File

@ -7,9 +7,8 @@
*/
class Test_DBSchema extends PHPUnit_Framework_TestCase {
protected static $schema_file = 'static://test_db_scheme';
protected static $schema_file2 = 'static://test_db_scheme2';
protected $test_prefix;
protected $schema_file = 'static://test_db_scheme';
protected $schema_file2 = 'static://test_db_scheme2';
protected $table1;
protected $table2;
@ -20,19 +19,20 @@ class Test_DBSchema extends PHPUnit_Framework_TestCase {
$r = '_'.OC_Util::generate_random_bytes('4').'_';
$content = file_get_contents( $dbfile );
$content = str_replace( '*dbprefix*', '*dbprefix*'.$r, $content );
file_put_contents( self::$schema_file, $content );
file_put_contents( $this->schema_file, $content );
$content = file_get_contents( $dbfile2 );
$content = str_replace( '*dbprefix*', '*dbprefix*'.$r, $content );
file_put_contents( self::$schema_file2, $content );
file_put_contents( $this->schema_file2, $content );
$this->test_prefix = $r;
$this->table1 = $this->test_prefix.'cntcts_addrsbks';
$this->table2 = $this->test_prefix.'cntcts_cards';
$prefix = OC_Config::getValue( "dbtableprefix", "oc_" );
$this->table1 = $prefix.$r.'cntcts_addrsbks';
$this->table2 = $prefix.$r.'cntcts_cards';
}
public function tearDown() {
unlink(self::$schema_file);
unlink(self::$schema_file2);
unlink($this->schema_file);
unlink($this->schema_file2);
}
// everything in one test, they depend on each other
@ -47,13 +47,13 @@ class Test_DBSchema extends PHPUnit_Framework_TestCase {
}
public function doTestSchemaCreating() {
OC_DB::createDbFromStructure(self::$schema_file);
OC_DB::createDbFromStructure($this->schema_file);
$this->assertTableExist($this->table1);
$this->assertTableExist($this->table2);
}
public function doTestSchemaChanging() {
OC_DB::updateDbFromStructure(self::$schema_file2);
OC_DB::updateDbFromStructure($this->schema_file2);
$this->assertTableExist($this->table2);
}
@ -66,67 +66,61 @@ class Test_DBSchema extends PHPUnit_Framework_TestCase {
}
public function doTestSchemaRemoving() {
OC_DB::removeDBStructure(self::$schema_file);
OC_DB::removeDBStructure($this->schema_file);
$this->assertTableNotExist($this->table1);
$this->assertTableNotExist($this->table2);
}
public function tableExist($table) {
$table = '*PREFIX*' . $table;
switch (OC_Config::getValue( 'dbtype', 'sqlite' )) {
case 'sqlite':
case 'sqlite3':
$sql = "SELECT name FROM sqlite_master "
. "WHERE type = 'table' AND name != 'sqlite_sequence' "
. "AND name != 'geometry_columns' AND name != 'spatial_ref_sys' "
. "UNION ALL SELECT name FROM sqlite_temp_master "
. "WHERE type = 'table' AND name = '".$table."'";
$query = OC_DB::prepare($sql);
$result = $query->execute(array());
$exists = $result && $result->fetchOne();
. "WHERE type = 'table' AND name = ? "
. "UNION ALL SELECT name FROM sqlite_temp_master "
. "WHERE type = 'table' AND name = ?";
$result = \OC_DB::executeAudited($sql, array($table, $table));
break;
case 'mysql':
$sql = 'SHOW TABLES LIKE "'.$table.'"';
$query = OC_DB::prepare($sql);
$result = $query->execute(array());
$exists = $result && $result->fetchOne();
$sql = 'SHOW TABLES LIKE ?';
$result = \OC_DB::executeAudited($sql, array($table));
break;
case 'pgsql':
$sql = "SELECT tablename AS table_name, schemaname AS schema_name "
. "FROM pg_tables WHERE schemaname NOT LIKE 'pg_%' "
. "AND schemaname != 'information_schema' "
. "AND tablename = '".$table."'";
$query = OC_DB::prepare($sql);
$result = $query->execute(array());
$exists = $result && $result->fetchOne();
$sql = 'SELECT tablename AS table_name, schemaname AS schema_name '
. 'FROM pg_tables WHERE schemaname NOT LIKE \'pg_%\' '
. 'AND schemaname != \'information_schema\' '
. 'AND tablename = ?';
$result = \OC_DB::executeAudited($sql, array($table));
break;
case 'oci':
$sql = 'SELECT table_name FROM user_tables WHERE table_name = ?';
$sql = 'SELECT TABLE_NAME FROM USER_TABLES WHERE TABLE_NAME = ?';
$result = \OC_DB::executeAudited($sql, array($table));
$exists = (bool)$result->fetchOne(); //oracle uses MDB2 and returns null
break;
case 'mssql':
$sql = "SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '{$table}'";
$query = OC_DB::prepare($sql);
$result = $query->execute(array());
$exists = $result && $result->fetchOne();
$sql = 'SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = ?';
$result = \OC_DB::executeAudited($sql, array($table));
break;
}
return $exists;
$name = $result->fetchOne(); //FIXME checking with '$result->numRows() === 1' does not seem to work?
if ($name === $table) {
return true;
} else {
return false;
}
}
public function assertTableExist($table) {
$this->assertTrue($this->tableExist($table));
$this->assertTrue($this->tableExist($table), 'Table ' . $table . ' does not exist');
}
public function assertTableNotExist($table) {
$type=OC_Config::getValue( "dbtype", "sqlite" );
if( $type == 'sqlite' || $type == 'sqlite3' ) {
// sqlite removes the tables after closing the DB
}
else {
$this->assertFalse($this->tableExist($table));
} else {
$this->assertFalse($this->tableExist($table), 'Table ' . $table . ' exists.');
}
}
}