From eda9ce4cf8059b88c9c8e65037548357fc792257 Mon Sep 17 00:00:00 2001 From: libasys Date: Wed, 14 Nov 2012 16:05:24 +0100 Subject: [PATCH 1/6] Fixes two issues if you using IE8. IE8 has problems with .bind actions and since jquery 1.7.2 using .bind is old school style for event delegation. the new and better way is using .on() function. The second is using $.each instead of for() to walkthrough an array! Now it works perfect, the events after uploads are triggered. --- apps/files/js/fileactions.js | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js index 40dd9f14a6..80b9c01f83 100644 --- a/apps/files/js/fileactions.js +++ b/apps/files/js/fileactions.js @@ -70,34 +70,43 @@ var FileActions = { } parent.children('a.name').append(''); var defaultAction = FileActions.getDefault(FileActions.getCurrentMimeType(), FileActions.getCurrentType(), FileActions.getCurrentPermissions()); - var actionHandler = function (parent, action, event) { + + var actionHandler = function (event) { event.stopPropagation(); event.preventDefault(); - FileActions.currentFile = parent; - file = FileActions.getCurrentFile(); - action(file); + + FileActions.currentFile = event.data.elem; + var file = FileActions.getCurrentFile(); + + event.data.actionFunc(file); }; - for (name in actions) { + + $.each(actions, function (name, action) { // NOTE: Temporary fix to prevent rename action in root of Shared directory if (name === 'Rename' && $('#dir').val() === '/Shared') { - continue; + return true; } - if ((name === 'Download' || actions[name] !== defaultAction) && name !== 'Delete') { + + if ((name === 'Download' || action !== defaultAction) && name !== 'Delete') { var img = FileActions.icons[name]; if (img.call) { img = img(file); } var html = ''; if (img) { - html += ' '; + html += ' '; } html += t('files', name) + ''; + var element = $(html); element.data('action', name); - element.click(actionHandler.bind(null, parent, actions[name])); + //alert(element); + element.on('click',{a:null, elem:parent, actionFunc:actions[name]},actionHandler); parent.find('a.name>span.fileactions').append(element); } - } + + }); + if (actions['Delete']) { var img = FileActions.icons['Delete']; if (img.call) { @@ -114,7 +123,7 @@ var FileActions = { element.append($('')); } element.data('action', actions['Delete']); - element.click(actionHandler.bind(null, parent, actions['Delete'])); + element.on('click',{a:null, elem:parent, actionFunc:actions['Delete']},actionHandler); parent.parent().children().last().append(element); } }, From 20c24f234f832b326d935b59d1f6c1fa5f854313 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 16 Nov 2012 12:58:24 +0100 Subject: [PATCH 2/6] Do the url encoding once, only in breadcrumbs template fixes issue #438 --- apps/files/ajax/list.php | 2 +- apps/files/index.php | 4 ++-- apps/files/templates/part.breadcrumb.php | 7 ++++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php index 568fe754c0..cade7e872b 100644 --- a/apps/files/ajax/list.php +++ b/apps/files/ajax/list.php @@ -25,7 +25,7 @@ if($doBreadcrumb) { } $breadcrumbNav = new OCP\Template( "files", "part.breadcrumb", "" ); - $breadcrumbNav->assign( "breadcrumb", $breadcrumb ); + $breadcrumbNav->assign( "breadcrumb", $breadcrumb, false ); $data['breadcrumb'] = $breadcrumbNav->fetchPage(); } diff --git a/apps/files/index.php b/apps/files/index.php index 74332a439f..5e644a2a3b 100644 --- a/apps/files/index.php +++ b/apps/files/index.php @@ -36,7 +36,7 @@ if(!isset($_SESSION['timezone'])) { } OCP\App::setActiveNavigationEntry( 'files_index' ); // Load the files -$dir = isset( $_GET['dir'] ) ? rawurldecode(stripslashes($_GET['dir'])) : ''; +$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : ''; // Redirect if directory does not exist if(!OC_Filesystem::is_dir($dir.'/')) { header('Location: '.$_SERVER['SCRIPT_NAME'].''); @@ -67,7 +67,7 @@ $breadcrumb = array(); $pathtohere = ''; foreach( explode( '/', $dir ) as $i ) { if( $i != '' ) { - $pathtohere .= '/'.str_replace('+', '%20', urlencode($i)); + $pathtohere .= '/'.$i; $breadcrumb[] = array( 'dir' => $pathtohere, 'name' => $i ); } } diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php index ead9ab1ed7..ba1432c1b8 100644 --- a/apps/files/templates/part.breadcrumb.php +++ b/apps/files/templates/part.breadcrumb.php @@ -1,6 +1,7 @@ -
svg" data-dir='' style='background-image:url("")'> - "> + $crumb = $_["breadcrumb"][$i]; + $dir = str_replace('+','%20', urlencode($crumb["dir"])); ?> +
svg" data-dir='' style='background-image:url("")'> +
From 1793e85a523174f66575ca4c40ceecbbe2b1c09d Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 16 Nov 2012 12:16:23 +0100 Subject: [PATCH 3/6] Also reject names with \ in the name fixes issues #435 and #437 --- apps/files/js/files.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/files/js/files.js b/apps/files/js/files.js index bb80841055..b8972bed6b 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -505,8 +505,8 @@ $(document).ready(function() { $(this).append(input); input.focus(); input.change(function(){ - if(type != 'web' && $(this).val().indexOf('/')!=-1){ - $('#notification').text(t('files','Invalid name, \'/\' is not allowed.')); + if(type != 'web' && ($(this).val().indexOf('/')!=-1 || $(this).val().indexOf('\\')!=-1)) { + $('#notification').text(t('files', 'Invalid name, \'/\' or \'\\\' is not allowed.')); $('#notification').fadeIn(); return; } From cd495bf9ba47b606c1258f2ab07907b65f5951b7 Mon Sep 17 00:00:00 2001 From: Thomas Mueller Date: Thu, 22 Nov 2012 11:22:16 +0100 Subject: [PATCH 4/6] some more invalid characters have been added --- apps/files/js/files.js | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/apps/files/js/files.js b/apps/files/js/files.js index b8972bed6b..8d0f9e06ad 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -505,12 +505,17 @@ $(document).ready(function() { $(this).append(input); input.focus(); input.change(function(){ - if(type != 'web' && ($(this).val().indexOf('/')!=-1 || $(this).val().indexOf('\\')!=-1)) { - $('#notification').text(t('files', 'Invalid name, \'/\' or \'\\\' is not allowed.')); - $('#notification').fadeIn(); - return; - } - var name = getUniqueName($(this).val()); + if (type != 'web') { + var invalid_characters = ['\\', '/', '<', '>', ':', '"', '|', '?', '*']; + for (var i = 0; i < invalid_characters.length; i++) { + if ($(this).val().indexOf(invalid_characters[i]) != -1) { + $('#notification').text(t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); + $('#notification').fadeIn(); + return; + } + } + } + var name = getUniqueName($(this).val()); if (name != $(this).val()) { FileList.checkName(name, $(this).val(), true); var hidden = true; From a81d7cd79ff78122521dc0c8db864a9654710863 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Thu, 22 Nov 2012 13:03:17 +0100 Subject: [PATCH 5/6] introduce Files.containsInvalidCharacters(), use when creating or renaming files --- apps/files/js/filelist.js | 3 +++ apps/files/js/files.js | 27 ++++++++++++++++----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js index a5550dc992..5674206632 100644 --- a/apps/files/js/filelist.js +++ b/apps/files/js/filelist.js @@ -151,6 +151,9 @@ var FileList={ event.stopPropagation(); event.preventDefault(); var newname=input.val(); + if (Files.containsInvalidCharacters(newname)) { + return false; + } if (newname != name) { if (FileList.checkName(name, newname, false)) { newname = name; diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 8d0f9e06ad..9fa2a384b5 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -25,6 +25,18 @@ Files={ delete uploadingFiles[index]; }); procesSelection(); + }, + containsInvalidCharacters:function (name) { + var invalid_characters = ['\\', '/', '<', '>', ':', '"', '|', '?', '*']; + for (var i = 0; i < invalid_characters.length; i++) { + if (name.indexOf(invalid_characters[i]) != -1) { + $('#notification').text(t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); + $('#notification').fadeIn(); + return true; + } + } + $('#notification').fadeOut(); + return false; } }; $(document).ready(function() { @@ -505,17 +517,10 @@ $(document).ready(function() { $(this).append(input); input.focus(); input.change(function(){ - if (type != 'web') { - var invalid_characters = ['\\', '/', '<', '>', ':', '"', '|', '?', '*']; - for (var i = 0; i < invalid_characters.length; i++) { - if ($(this).val().indexOf(invalid_characters[i]) != -1) { - $('#notification').text(t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); - $('#notification').fadeIn(); - return; - } - } - } - var name = getUniqueName($(this).val()); + if (type != 'web' && Files.containsInvalidCharacters($(this).val())) { + return; + } + var name = getUniqueName($(this).val()); if (name != $(this).val()) { FileList.checkName(name, $(this).val(), true); var hidden = true; From 19797ee7db0fbaf47eb08c17dd997bcca4d4c2ca Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 23 Nov 2012 14:22:57 +0100 Subject: [PATCH 6/6] even error messages have the right to look a bit pretty --- core/templates/installation.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/templates/installation.php b/core/templates/installation.php index a7c4780d5d..1e7983eae5 100644 --- a/core/templates/installation.php +++ b/core/templates/installation.php @@ -19,7 +19,7 @@ -
+
t('Security Warning');?> t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?>
@@ -27,7 +27,7 @@
-
+
t('Security Warning');?> t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?>