From ccd9b56609ceb0d5f8470c386702751acfb49994 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind1991@gmail.com>
Date: Sun, 11 Dec 2011 23:23:59 +0100
Subject: [PATCH 1/4] after editing a user quota, set the value of the quota
 field to how the server parsed the input, not the user input

this way the user can see when an invalid input is given
---
 settings/ajax/setquota.php | 2 +-
 settings/js/users.js       | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index edbf5b7451..5c07285cfc 100644
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -10,6 +10,6 @@ $quota= OC_Helper::computerFileSize($_POST["quota"]);
 
 // Return Success story
 OC_Preferences::setValue($username,'files','quota',$quota);
-OC_JSON::success(array("data" => array( "username" => $username ,'quota'=>$quota)));
+OC_JSON::success(array("data" => array( "username" => $username ,'quota'=>OC_Helper::humanFileSize($quota))));
 
 ?>
diff --git a/settings/js/users.js b/settings/js/users.js
index 684fee21c6..18e7a9df10 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -101,8 +101,11 @@ $(document).ready(function(){
 				if($(this).val().length>0){
 					$.post(
 						OC.filePath('settings','ajax','setquota.php'),
-						   {username:uid,quota:$(this).val()},
-						   function(result){}
+						{username:uid,quota:$(this).val()},
+						function(result){
+							img.parent().children('span').text(result.data.quota)
+							alert(result.data.quota);
+						}
 					);
 					input.blur();
 				}else{

From 9c6d3a83fd0541ec95f13cef40f1030455391b13 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind1991@gmail.com>
Date: Sun, 11 Dec 2011 23:32:57 +0100
Subject: [PATCH 2/4] also update the data attribute holding the quota

---
 settings/js/users.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings/js/users.js b/settings/js/users.js
index 18e7a9df10..4fea52e4a1 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -104,7 +104,7 @@ $(document).ready(function(){
 						{username:uid,quota:$(this).val()},
 						function(result){
 							img.parent().children('span').text(result.data.quota)
-							alert(result.data.quota);
+							$(this).parent().attr('data-quota',result.data.quota);
 						}
 					);
 					input.blur();

From 5e711f37ca3f009317a3c8cd0e47ed4f15922142 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind1991@gmail.com>
Date: Sun, 11 Dec 2011 23:33:24 +0100
Subject: [PATCH 3/4] make filesize parsing case insensitive

---
 lib/helper.php | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/lib/helper.php b/lib/helper.php
index 5b3e394caf..24d436225b 100644
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -160,24 +160,25 @@ class OC_Helper {
 	 */
 	public static function computerFileSize( $str ){
 		$bytes = 0;
+		$str=strtolower($str);
 
 		$bytes_array = array(
-			'B' => 1,
-			'K' => 1024,
-			'KB' => 1024,
-			'MB' => 1024 * 1024,
-			'M'  => 1024 * 1024,
-			'GB' => 1024 * 1024 * 1024,
-			'G'  => 1024 * 1024 * 1024,
-			'TB' => 1024 * 1024 * 1024 * 1024,
-			'T'  => 1024 * 1024 * 1024 * 1024,
-			'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
-			'P'  => 1024 * 1024 * 1024 * 1024 * 1024,
+			'b' => 1,
+			'k' => 1024,
+			'kb' => 1024,
+			'mb' => 1024 * 1024,
+			'm'  => 1024 * 1024,
+			'gb' => 1024 * 1024 * 1024,
+			'g'  => 1024 * 1024 * 1024,
+			'tb' => 1024 * 1024 * 1024 * 1024,
+			't'  => 1024 * 1024 * 1024 * 1024,
+			'pb' => 1024 * 1024 * 1024 * 1024 * 1024,
+			'p'  => 1024 * 1024 * 1024 * 1024 * 1024,
 		);
 
 		$bytes = floatval($str);
 
-		if (preg_match('#([KMGTP]?B?)$#si', $str, $matches) && !empty($bytes_array[$matches[1]])) {
+		if (preg_match('#([kmgtp]?b?)$#si', $str, $matches) && !empty($bytes_array[$matches[1]])) {
 			$bytes *= $bytes_array[$matches[1]];
 		}
 

From a862fec9a329c449b808e8d888764cbc9cc0bc19 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind1991@gmail.com>
Date: Wed, 14 Dec 2011 13:26:34 +0100
Subject: [PATCH 4/4] make remember login token also dependent on password to
 protect against some brute force attacks on this token

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 558733e1cd..2d759d68d7 100644
--- a/index.php
+++ b/index.php
@@ -88,7 +88,7 @@ else {
 				if(defined("DEBUG") && DEBUG) {
 					OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG);
 				}
-				$token = md5($_POST["user"].time());
+				$token = md5($_POST["user"].time().$_POST['password']);
 				OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
 				OC_User::setMagicInCookie($_POST["user"], $token);
 			}