mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix merge conflicts

This commit is contained in:
Georg Ehrke 2012-06-13 21:40:05 +02:00
parent 9bdad6fdbf b5889d6ffe
commit 7d29bee859
49 changed files with 1219 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
3rdparty/Google/LICENSE.txt vendored Normal file
View File

@ -0,0 +1,21 @@
The MIT License
Copyright (c) 2007 Andy Smith
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

751
3rdparty/Google/OAuth.php vendored Executable file
View File

@ -0,0 +1,751 @@
<?php
// vim: foldmethod=marker
/* Generic exception class
*/
class OAuthException extends Exception {/*{{{*/
// pass
}/*}}}*/
class OAuthConsumer {/*{{{*/
public $key;
public $secret;
public function __construct($key, $secret, $callback_url=NULL) {/*{{{*/
$this->key = $key;
$this->secret = $secret;
$this->callback_url = $callback_url;
}/*}}}*/
}/*}}}*/
class OAuthToken {/*{{{*/
// access tokens and request tokens
public $key;
public $secret;
/**
* key = the token
* secret = the token secret
*/
function __construct($key, $secret) {/*{{{*/
$this->key = $key;
$this->secret = $secret;
}/*}}}*/
/**
* generates the basic string serialization of a token that a server
* would respond to request_token and access_token calls with
*/
function to_string() {/*{{{*/
return "oauth_token=" . OAuthUtil::urlencodeRFC3986($this->key) .
"&oauth_token_secret=" . OAuthUtil::urlencodeRFC3986($this->secret);
}/*}}}*/
function __toString() {/*{{{*/
return $this->to_string();
}/*}}}*/
}/*}}}*/
class OAuthSignatureMethod {/*{{{*/
public function check_signature(&$request, $consumer, $token, $signature) {
$built = $this->build_signature($request, $consumer, $token);
return $built == $signature;
}
}/*}}}*/
class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {/*{{{*/
function get_name() {/*{{{*/
return "HMAC-SHA1";
}/*}}}*/
public function build_signature($request, $consumer, $token, $privKey=NULL) {/*{{{*/
$base_string = $request->get_signature_base_string();
$request->base_string = $base_string;
$key_parts = array(
$consumer->secret,
($token) ? $token->secret : ""
);
$key_parts = array_map(array('OAuthUtil','urlencodeRFC3986'), $key_parts);
$key = implode('&', $key_parts);
return base64_encode( hash_hmac('sha1', $base_string, $key, true));
}/*}}}*/
}/*}}}*/
class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {/*{{{*/
public function get_name() {/*{{{*/
return "RSA-SHA1";
}/*}}}*/
protected function fetch_public_cert(&$request) {/*{{{*/
// not implemented yet, ideas are:
// (1) do a lookup in a table of trusted certs keyed off of consumer
// (2) fetch via http using a url provided by the requester
// (3) some sort of specific discovery code based on request
//
// either way should return a string representation of the certificate
throw Exception("fetch_public_cert not implemented");
}/*}}}*/
protected function fetch_private_cert($privKey) {//&$request) {/*{{{*/
// not implemented yet, ideas are:
// (1) do a lookup in a table of trusted certs keyed off of consumer
//
// either way should return a string representation of the certificate
throw Exception("fetch_private_cert not implemented");
}/*}}}*/
public function build_signature(&$request, $consumer, $token, $privKey) {/*{{{*/
$base_string = $request->get_signature_base_string();
// Fetch the private key cert based on the request
//$cert = $this->fetch_private_cert($consumer->privKey);
//Pull the private key ID from the certificate
//$privatekeyid = openssl_get_privatekey($cert);
// hacked in
if ($privKey == '') {
$fp = fopen($GLOBALS['PRIV_KEY_FILE'], "r");
$privKey = fread($fp, 8192);
fclose($fp);
}
$privatekeyid = openssl_get_privatekey($privKey);
//Check the computer signature against the one passed in the query
$ok = openssl_sign($base_string, $signature, $privatekeyid);
//Release the key resource
openssl_free_key($privatekeyid);
return base64_encode($signature);
} /*}}}*/
public function check_signature(&$request, $consumer, $token, $signature) {/*{{{*/
$decoded_sig = base64_decode($signature);
$base_string = $request->get_signature_base_string();
// Fetch the public key cert based on the request
$cert = $this->fetch_public_cert($request);
//Pull the public key ID from the certificate
$publickeyid = openssl_get_publickey($cert);
//Check the computer signature against the one passed in the query
$ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
//Release the key resource
openssl_free_key($publickeyid);
return $ok == 1;
} /*}}}*/
}/*}}}*/
class OAuthRequest {/*{{{*/
private $parameters;
private $http_method;
private $http_url;
// for debug purposes
public $base_string;
public static $version = '1.0';
function __construct($http_method, $http_url, $parameters=NULL) {/*{{{*/
@$parameters or $parameters = array();
$this->parameters = $parameters;
$this->http_method = $http_method;
$this->http_url = $http_url;
}/*}}}*/
/**
* attempt to build up a request from what was passed to the server
*/
public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) {/*{{{*/
$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https';
@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
$request_headers = OAuthRequest::get_headers();
// let the library user override things however they'd like, if they know
// which parameters to use then go for it, for example XMLRPC might want to
// do this
if ($parameters) {
$req = new OAuthRequest($http_method, $http_url, $parameters);
}
// next check for the auth header, we need to do some extra stuff
// if that is the case, namely suck in the parameters from GET or POST
// so that we can include them in the signature
else if (@substr($request_headers['Authorization'], 0, 5) == "OAuth") {
$header_parameters = OAuthRequest::split_header($request_headers['Authorization']);
if ($http_method == "GET") {
$req_parameters = $_GET;
}
else if ($http_method = "POST") {
$req_parameters = $_POST;
}
$parameters = array_merge($header_parameters, $req_parameters);
$req = new OAuthRequest($http_method, $http_url, $parameters);
}
else if ($http_method == "GET") {
$req = new OAuthRequest($http_method, $http_url, $_GET);
}
else if ($http_method == "POST") {
$req = new OAuthRequest($http_method, $http_url, $_POST);
}
return $req;
}/*}}}*/
/**
* pretty much a helper function to set up the request
*/
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {/*{{{*/
@$parameters or $parameters = array();
$defaults = array("oauth_version" => OAuthRequest::$version,
"oauth_nonce" => OAuthRequest::generate_nonce(),
"oauth_timestamp" => OAuthRequest::generate_timestamp(),
"oauth_consumer_key" => $consumer->key);
$parameters = array_merge($defaults, $parameters);
if ($token) {
$parameters['oauth_token'] = $token->key;
}
// oauth v1.0a
/*if (isset($_REQUEST['oauth_verifier'])) {
$parameters['oauth_verifier'] = $_REQUEST['oauth_verifier'];
}*/
return new OAuthRequest($http_method, $http_url, $parameters);
}/*}}}*/
public function set_parameter($name, $value) {/*{{{*/
$this->parameters[$name] = $value;
}/*}}}*/
public function get_parameter($name) {/*{{{*/
return $this->parameters[$name];
}/*}}}*/
public function get_parameters() {/*{{{*/
return $this->parameters;
}/*}}}*/
/**
* Returns the normalized parameters of the request
*
* This will be all (except oauth_signature) parameters,
* sorted first by key, and if duplicate keys, then by
* value.
*
* The returned string will be all the key=value pairs
* concated by &.
*
* @return string
*/
public function get_signable_parameters() {/*{{{*/
// Grab all parameters
$params = $this->parameters;
// Remove oauth_signature if present
if (isset($params['oauth_signature'])) {
unset($params['oauth_signature']);
}
// Urlencode both keys and values
$keys = array_map(array('OAuthUtil', 'urlencodeRFC3986'), array_keys($params));
$values = array_map(array('OAuthUtil', 'urlencodeRFC3986'), array_values($params));
$params = array_combine($keys, $values);
// Sort by keys (natsort)
uksort($params, 'strnatcmp');
if(isset($params['title']) && isset($params['title-exact'])) {
$temp = $params['title-exact'];
$title = $params['title'];
unset($params['title']);
unset($params['title-exact']);
$params['title-exact'] = $temp;
$params['title'] = $title;
}
// Generate key=value pairs
$pairs = array();
foreach ($params as $key=>$value ) {
if (is_array($value)) {
// If the value is an array, it's because there are multiple
// with the same key, sort them, then add all the pairs
natsort($value);
foreach ($value as $v2) {
$pairs[] = $key . '=' . $v2;
}
} else {
$pairs[] = $key . '=' . $value;
}
}
// Return the pairs, concated with &
return implode('&', $pairs);
}/*}}}*/
/**
* Returns the base string of this request
*
* The base string defined as the method, the url
* and the parameters (normalized), each urlencoded
* and the concated with &.
*/
public function get_signature_base_string() {/*{{{*/
$parts = array(
$this->get_normalized_http_method(),
$this->get_normalized_http_url(),
$this->get_signable_parameters()
);
$parts = array_map(array('OAuthUtil', 'urlencodeRFC3986'), $parts);
return implode('&', $parts);
}/*}}}*/
/**
* just uppercases the http method
*/
public function get_normalized_http_method() {/*{{{*/
return strtoupper($this->http_method);
}/*}}}*/
/**
* parses the url and rebuilds it to be
* scheme://host/path
*/
public function get_normalized_http_url() {
$parts = parse_url($this->http_url);
$scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
$port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
$host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
$path = (isset($parts['path'])) ? $parts['path'] : '';
if (($scheme == 'https' && $port != '443')
|| ($scheme == 'http' && $port != '80')) {
$host = "$host:$port";
}
return "$scheme://$host$path";
}
/**
* builds a url usable for a GET request
*/
public function to_url() {/*{{{*/
$out = $this->get_normalized_http_url() . "?";
$out .= $this->to_postdata();
return $out;
}/*}}}*/
/**
* builds the data one would send in a POST request
*/
public function to_postdata() {/*{{{*/
$total = array();
foreach ($this->parameters as $k => $v) {
$total[] = OAuthUtil::urlencodeRFC3986($k) . "=" . OAuthUtil::urlencodeRFC3986($v);
}
$out = implode("&", $total);
return $out;
}/*}}}*/
/**
* builds the Authorization: header
*/
public function to_header() {/*{{{*/
$out ='Authorization: OAuth ';
$total = array();
/*
$sig = $this->parameters['oauth_signature'];
unset($this->parameters['oauth_signature']);
uksort($this->parameters, 'strnatcmp');
$this->parameters['oauth_signature'] = $sig;
*/
foreach ($this->parameters as $k => $v) {
if (substr($k, 0, 5) != "oauth") continue;
$out .= OAuthUtil::urlencodeRFC3986($k) . '="' . OAuthUtil::urlencodeRFC3986($v) . '", ';
}
$out = substr_replace($out, '', strlen($out) - 2);
return $out;
}/*}}}*/
public function __toString() {/*{{{*/
return $this->to_url();
}/*}}}*/
public function sign_request($signature_method, $consumer, $token, $privKey=NULL) {/*{{{*/
$this->set_parameter("oauth_signature_method", $signature_method->get_name());
$signature = $this->build_signature($signature_method, $consumer, $token, $privKey);
$this->set_parameter("oauth_signature", $signature);
}/*}}}*/
public function build_signature($signature_method, $consumer, $token, $privKey=NULL) {/*{{{*/
$signature = $signature_method->build_signature($this, $consumer, $token, $privKey);
return $signature;
}/*}}}*/
/**
* util function: current timestamp
*/
private static function generate_timestamp() {/*{{{*/
return time();
}/*}}}*/
/**
* util function: current nonce
*/
private static function generate_nonce() {/*{{{*/
$mt = microtime();
$rand = mt_rand();
return md5($mt . $rand); // md5s look nicer than numbers
}/*}}}*/
/**
* util function for turning the Authorization: header into
* parameters, has to do some unescaping
*/
private static function split_header($header) {/*{{{*/
// this should be a regex
// error cases: commas in parameter values
$parts = explode(",", $header);
$out = array();
foreach ($parts as $param) {
$param = ltrim($param);
// skip the "realm" param, nobody ever uses it anyway
if (substr($param, 0, 5) != "oauth") continue;
$param_parts = explode("=", $param);
// rawurldecode() used because urldecode() will turn a "+" in the
// value into a space
$out[$param_parts[0]] = rawurldecode(substr($param_parts[1], 1, -1));
}
return $out;
}/*}}}*/
/**
* helper to try to sort out headers for people who aren't running apache
*/
private static function get_headers() {/*{{{*/
if (function_exists('apache_request_headers')) {
// we need this to get the actual Authorization: header
// because apache tends to tell us it doesn't exist
return apache_request_headers();
}
// otherwise we don't have apache and are just going to have to hope
// that $_SERVER actually contains what we need
$out = array();
foreach ($_SERVER as $key => $value) {
if (substr($key, 0, 5) == "HTTP_") {
// this is chaos, basically it is just there to capitalize the first
// letter of every word that is not an initial HTTP and strip HTTP
// code from przemek
$key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))));
$out[$key] = $value;
}
}
return $out;
}/*}}}*/
}/*}}}*/
class OAuthServer {/*{{{*/
protected $timestamp_threshold = 300; // in seconds, five minutes
protected $version = 1.0; // hi blaine
protected $signature_methods = array();
protected $data_store;
function __construct($data_store) {/*{{{*/
$this->data_store = $data_store;
}/*}}}*/
public function add_signature_method($signature_method) {/*{{{*/
$this->signature_methods[$signature_method->get_name()] =
$signature_method;
}/*}}}*/
// high level functions
/**
* process a request_token request
* returns the request token on success
*/
public function fetch_request_token(&$request) {/*{{{*/
$this->get_version($request);
$consumer = $this->get_consumer($request);
// no token required for the initial token request
$token = NULL;
$this->check_signature($request, $consumer, $token);
$new_token = $this->data_store->new_request_token($consumer);
return $new_token;
}/*}}}*/
/**
* process an access_token request
* returns the access token on success
*/
public function fetch_access_token(&$request) {/*{{{*/
$this->get_version($request);
$consumer = $this->get_consumer($request);
// requires authorized request token
$token = $this->get_token($request, $consumer, "request");
$this->check_signature($request, $consumer, $token);
$new_token = $this->data_store->new_access_token($token, $consumer);
return $new_token;
}/*}}}*/
/**
* verify an api call, checks all the parameters
*/
public function verify_request(&$request) {/*{{{*/
$this->get_version($request);
$consumer = $this->get_consumer($request);
$token = $this->get_token($request, $consumer, "access");
$this->check_signature($request, $consumer, $token);
return array($consumer, $token);
}/*}}}*/
// Internals from here
/**
* version 1
*/
private function get_version(&$request) {/*{{{*/
$version = $request->get_parameter("oauth_version");
if (!$version) {
$version = 1.0;
}
if ($version && $version != $this->version) {
throw new OAuthException("OAuth version '$version' not supported");
}
return $version;
}/*}}}*/
/**
* figure out the signature with some defaults
*/
private function get_signature_method(&$request) {/*{{{*/
$signature_method =
@$request->get_parameter("oauth_signature_method");
if (!$signature_method) {
$signature_method = "PLAINTEXT";
}
if (!in_array($signature_method,
array_keys($this->signature_methods))) {
throw new OAuthException(
"Signature method '$signature_method' not supported try one of the following: " . implode(", ", array_keys($this->signature_methods))
);
}
return $this->signature_methods[$signature_method];
}/*}}}*/
/**
* try to find the consumer for the provided request's consumer key
*/
private function get_consumer(&$request) {/*{{{*/
$consumer_key = @$request->get_parameter("oauth_consumer_key");
if (!$consumer_key) {
throw new OAuthException("Invalid consumer key");
}
$consumer = $this->data_store->lookup_consumer($consumer_key);
if (!$consumer) {
throw new OAuthException("Invalid consumer");
}
return $consumer;
}/*}}}*/
/**
* try to find the token for the provided request's token key
*/
private function get_token(&$request, $consumer, $token_type="access") {/*{{{*/
$token_field = @$request->get_parameter('oauth_token');
$token = $this->data_store->lookup_token(
$consumer, $token_type, $token_field
);
if (!$token) {
throw new OAuthException("Invalid $token_type token: $token_field");
}
return $token;
}/*}}}*/
/**
* all-in-one function to check the signature on a request
* should guess the signature method appropriately
*/
private function check_signature(&$request, $consumer, $token) {/*{{{*/
// this should probably be in a different method
$timestamp = @$request->get_parameter('oauth_timestamp');
$nonce = @$request->get_parameter('oauth_nonce');
$this->check_timestamp($timestamp);
$this->check_nonce($consumer, $token, $nonce, $timestamp);
$signature_method = $this->get_signature_method($request);
$signature = $request->get_parameter('oauth_signature');
$valid_sig = $signature_method->check_signature(
$request,
$consumer,
$token,
$signature
);
if (!$valid_sig) {
throw new OAuthException("Invalid signature");
}
}/*}}}*/
/**
* check that the timestamp is new enough
*/
private function check_timestamp($timestamp) {/*{{{*/
// verify that timestamp is recentish
$now = time();
if ($now - $timestamp > $this->timestamp_threshold) {
throw new OAuthException("Expired timestamp, yours $timestamp, ours $now");
}
}/*}}}*/
/**
* check that the nonce is not repeated
*/
private function check_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
// verify that the nonce is uniqueish
$found = $this->data_store->lookup_nonce($consumer, $token, $nonce, $timestamp);
if ($found) {
throw new OAuthException("Nonce already used: $nonce");
}
}/*}}}*/
}/*}}}*/
class OAuthDataStore {/*{{{*/
function lookup_consumer($consumer_key) {/*{{{*/
// implement me
}/*}}}*/
function lookup_token($consumer, $token_type, $token) {/*{{{*/
// implement me
}/*}}}*/
function lookup_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
// implement me
}/*}}}*/
function fetch_request_token($consumer) {/*{{{*/
// return a new token attached to this consumer
}/*}}}*/
function fetch_access_token($token, $consumer) {/*{{{*/
// return a new access token attached to this consumer
// for the user associated with this token if the request token
// is authorized
// should also invalidate the request token
}/*}}}*/
}/*}}}*/
/* A very naive dbm-based oauth storage
*/
class SimpleOAuthDataStore extends OAuthDataStore {/*{{{*/
private $dbh;
function __construct($path = "oauth.gdbm") {/*{{{*/
$this->dbh = dba_popen($path, 'c', 'gdbm');
}/*}}}*/
function __destruct() {/*{{{*/
dba_close($this->dbh);
}/*}}}*/
function lookup_consumer($consumer_key) {/*{{{*/
$rv = dba_fetch("consumer_$consumer_key", $this->dbh);
if ($rv === FALSE) {
return NULL;
}
$obj = unserialize($rv);
if (!($obj instanceof OAuthConsumer)) {
return NULL;
}
return $obj;
}/*}}}*/
function lookup_token($consumer, $token_type, $token) {/*{{{*/
$rv = dba_fetch("${token_type}_${token}", $this->dbh);
if ($rv === FALSE) {
return NULL;
}
$obj = unserialize($rv);
if (!($obj instanceof OAuthToken)) {
return NULL;
}
return $obj;
}/*}}}*/
function lookup_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
return dba_exists("nonce_$nonce", $this->dbh);
}/*}}}*/
function new_token($consumer, $type="request") {/*{{{*/
$key = md5(time());
$secret = time() + time();
$token = new OAuthToken($key, md5(md5($secret)));
if (!dba_insert("${type}_$key", serialize($token), $this->dbh)) {
throw new OAuthException("doooom!");
}
return $token;
}/*}}}*/
function new_request_token($consumer) {/*{{{*/
return $this->new_token($consumer, "request");
}/*}}}*/
function new_access_token($token, $consumer) {/*{{{*/
$token = $this->new_token($consumer, 'access');
dba_delete("request_" . $token->key, $this->dbh);
return $token;
}/*}}}*/
}/*}}}*/
class OAuthUtil {/*{{{*/
public static function urlencodeRFC3986($string) {/*{{{*/
return str_replace('%7E', '~', rawurlencode($string));
}/*}}}*/
public static function urldecodeRFC3986($string) {/*{{{*/
return rawurldecode($string);
}/*}}}*/
}/*}}}*/
?>

185
3rdparty/Google/common.inc.php vendored Executable file
View File

@ -0,0 +1,185 @@
<?php
/* Copyright (c) 2009 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Author: Eric Bidelman <e.bidelman@google.com>
*/
$PRIV_KEY_FILE = '/path/to/your/rsa_private_key.pem';
// OAuth library - http://oauth.googlecode.com/svn/code/php/
require_once('OAuth.php');
// Google's accepted signature methods
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$rsa_method = new OAuthSignatureMethod_RSA_SHA1();
$SIG_METHODS = array($rsa_method->get_name() => $rsa_method,
$hmac_method->get_name() => $hmac_method);
/**
* Makes an HTTP request to the specified URL
*
* @param string $http_method The HTTP method (GET, POST, PUT, DELETE)
* @param string $url Full URL of the resource to access
* @param array $extraHeaders (optional) Additional headers to include in each
* request. Elements are header/value pair strings ('Host: example.com')
* @param string $postData (optional) POST/PUT request body
* @param bool $returnResponseHeaders True if resp. headers should be returned.
* @return string Response body from the server
*/
function send_signed_request($http_method, $url, $extraHeaders=null,
$postData=null, $returnResponseHeaders=true) {
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FAILONERROR, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
// Return request headers in the reponse
// curl_setopt($curl, CURLINFO_HEADER_OUT, true);
// Return response headers ni the response?
if ($returnResponseHeaders) {
curl_setopt($curl, CURLOPT_HEADER, true);
}
$headers = array();
//$headers[] = 'GData-Version: 2.0'; // use GData v2 by default
if (is_array($extraHeaders)) {
$headers = array_merge($headers, $extraHeaders);
}
// Setup default curl options for each type of HTTP request.
// This is also a great place to add additional headers for each request.
switch($http_method) {
case 'GET':
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
break;
case 'POST':
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
break;
case 'PUT':
$headers[] = 'If-Match: *';
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $http_method);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
break;
case 'DELETE':
$headers[] = 'If-Match: *';
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $http_method);
break;
default:
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
}
// Execute the request. If an error occures, fill the response body with it.
$response = curl_exec($curl);
if (!$response) {
$response = curl_error($curl);
}
// Add server's response headers to our response body
$response = curl_getinfo($curl, CURLINFO_HEADER_OUT) . $response;
curl_close($curl);
return $response;
}
/**
* Takes XML as a string and returns it nicely indented
*
* @param string $xml The xml to beautify
* @param boolean $html_output True if returned XML should be escaped for HTML.
* @return string The beautified xml
*/
function xml_pretty_printer($xml, $html_output=false) {
$xml_obj = new SimpleXMLElement($xml);
$level = 2;
// Get an array containing each XML element
$xml = explode("\n", preg_replace('/>\s*</', ">\n<", $xml_obj->asXML()));
// Hold current indentation level
$indent = 0;
$pretty = array();
// Shift off opening XML tag if present
if (count($xml) && preg_match('/^<\?\s*xml/', $xml[0])) {
$pretty[] = array_shift($xml);
}
foreach ($xml as $el) {
if (preg_match('/^<([\w])+[^>\/]*>$/U', $el)) {
// opening tag, increase indent
$pretty[] = str_repeat(' ', $indent) . $el;
$indent += $level;
} else {
if (preg_match('/^<\/.+>$/', $el)) {
$indent -= $level; // closing tag, decrease indent
}
if ($indent < 0) {
$indent += $level;
}
$pretty[] = str_repeat(' ', $indent) . $el;
}
}
$xml = implode("\n", $pretty);
return $html_output ? htmlentities($xml) : $xml;
}
/**
* Joins key/value pairs by $inner_glue and each pair together by $outer_glue.
*
* Example: implode_assoc('=', '&', array('a' => 1, 'b' => 2)) === 'a=1&b=2'
*
* @param string $inner_glue What to implode each key/value pair with
* @param string $outer_glue What to impode each key/value string subset with
* @param array $array Associative array of query parameters
* @return string Urlencoded string of query parameters
*/
function implode_assoc($inner_glue, $outer_glue, $array) {
$output = array();
foreach($array as $key => $item) {
$output[] = $key . $inner_glue . urlencode($item);
}
return implode($outer_glue, $output);
}
/**
* Explodes a string of key/value url parameters into an associative array.
* This method performs the compliment operations of implode_assoc().
*
* Example: explode_assoc('=', '&', 'a=1&b=2') === array('a' => 1, 'b' => 2)
*
* @param string $inner_glue What each key/value pair is joined with
* @param string $outer_glue What each set of key/value pairs is joined with.
* @param array $array Associative array of query parameters
* @return array Urlencoded string of query parameters
*/
function explode_assoc($inner_glue, $outer_glue, $params) {
$tempArr = explode($outer_glue, $params);
foreach($tempArr as $val) {
$pos = strpos($val, $inner_glue);
$key = substr($val, 0, $pos);
$array2[$key] = substr($val, $pos + 1, strlen($val));
}
return $array2;
}
?>

4
apps/calendar/index.php
View File

@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
OCP\Util::addscript('','oc-vcategories');
OCP\App::setActiveNavigationEntry('calendar_index');
$tmpl = new OCP\Template('calendar', 'calendar', 'user');
$tmpl->assign('eventSources', $eventSources);
$tmpl->assign('eventSources', $eventSources,false);
$tmpl->assign('categories', $categories);
if(array_key_exists('showevent', $_GET)){
$tmpl->assign('showevent', $_GET['showevent']);
$tmpl->assign('showevent', $_GET['showevent'], false);
}
$tmpl->printPage();

4
apps/calendar/templates/part.choosecalendar.rowfields.php
View File

@ -1,8 +1,8 @@
<?php
echo '<td width="20px"><input id="active_' . $_['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Calendar.activation(this,' . $_['calendar']['id'] . ')"' . ($_['calendar']['active'] ? ' checked="checked"' : '') . '></td>';
echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . htmlspecialchars($_['calendar']['displayname']) . '</label></td>';
echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . $_['calendar']['displayname'] . '</label></td>';
echo '<td width="20px"><a href="#" onclick="Calendar.UI.Share.dropdown(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['id'] . '\');" title="' . $l->t("Share Calendar") . '" class="action"><img class="svg action" src="' . ((!$_['shared']) ? OCP\Util::imagePath('core', 'actions/share.svg') : OCP\Util::imagePath('core', 'actions/shared.svg')) . '"></a></td>';
echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . htmlentities($_['calendar']['uri']) . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>';
echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['uri'] . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>';
echo '<td width="20px"><a href="?app=calendar&getfile=export.php?calid=' . $_['calendar']['id'] . '" title="' . $l->t('Download') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/download.svg').'"></a></td>';
echo '<td width="20px"><a href="#" title="' . $l->t('Edit') . '" class="action" onclick="Calendar.UI.Calendar.edit(this, ' . $_['calendar']['id'] . ');"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/rename.svg').'"></a></td>';
echo '<td width="20px"><a href="#" onclick="Calendar.UI.Calendar.deleteCalendar(\'' . $_['calendar']['id'] . '\');" title="' . $l->t('Delete') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/delete.svg').'"></a></td>';

2
apps/calendar/templates/part.choosecalendar.rowfields.shared.php
View File

@ -1,4 +1,4 @@
<?php
echo '<td width="20px"><input id="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Share.activation(this,\'' . $_['share']['owner'] . '\',' . $_['share']['calendar']['id'] . ')"' . ($_['share']['active'] ? ' checked="checked"' : '') . '></td>';
echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . htmlspecialchars($_['share']['calendar']['displayname']) . '</label></td>';
echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . $_['share']['calendar']['displayname'] . '</label></td>';
echo '<td style="font-style: italic;">' . $l->t('shared with you by') . ' ' . $_['share']['owner'] . '</td>';

8
apps/calendar/templates/part.eventform.php
View File

@ -18,7 +18,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
<tr>
<th width="75px"><?php echo $l->t("Title");?>:</th>
<td>
<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>" maxlength="100" name="title"/>
<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? $_['title'] : '' ?>" maxlength="100" name="title"/>
</td>
</tr>
</table>
@ -26,7 +26,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
<tr>
<th width="75px"><?php echo $l->t("Category");?>:</th>
<td>
<input id="category" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? htmlspecialchars($_['categories']) : '' ?>">
<input id="category" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? $_['categories'] : '' ?>">
<a class="action edit" onclick="$(this).tipsy('hide');OCCategories.edit();" title="<?php echo $l->t('Edit categories'); ?>"><img alt="<?php echo $l->t('Edit categories'); ?>" src="<?php echo OCP\image_path('core','actions/rename.svg')?>" class="svg action" style="width: 16px; height: 16px;"></a>
</td>
<?php if(count($_['calendar_options']) > 1) { ?>
@ -80,7 +80,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
<tr>
<th width="85px"><?php echo $l->t("Location");?>:</th>
<td>
<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>" maxlength="100" name="location" />
<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? $_['location'] : '' ?>" maxlength="100" name="location" />
</td>
</tr>
</table>
@ -88,7 +88,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
<tr>
<th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
<td>
<textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
<textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? $_['description'] : '' ?></textarea>
</td>
</tr>
</table>

2
apps/calendar/templates/part.import.php
View File

@ -9,7 +9,7 @@
$calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser());
$calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar'));
for($i = 0;$i<count($calendar_options);$i++){
$calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']);
$calendar_options[$i]['displayname'] = $calendar_options[$i]['displayname'];
}
echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname'));
?>

6
apps/calendar/templates/part.showevent.php
View File

@ -10,7 +10,7 @@
<tr>
<th width="75px"><?php echo $l->t("Title");?>:</th>
<td>
<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>
<?php echo isset($_['title']) ? $_['title'] : '' ?>
</td>
</tr>
</table>
@ -79,7 +79,7 @@
<tr>
<th width="85px"><?php echo $l->t("Location");?>:</th>
<td>
<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>
<?php echo isset($_['location']) ? $_['location'] : '' ?>
</td>
</tr>
</table>
@ -87,7 +87,7 @@
<tr>
<th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
<td>
<?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
<?php echo isset($_['description']) ? $_['description'] : '' ?></textarea>
</tr>
</table>
</div>

1
apps/contacts/ajax/activation.php
View File

@ -10,6 +10,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
$bookid = $_POST['bookid'];
$book = OC_Contacts_App::getAddressbook($bookid);// is owner access check

1
apps/contacts/ajax/addcontact.php
View File

@ -23,6 +23,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
$aid = isset($_POST['aid'])?$_POST['aid']:null;
if(!$aid) {

1
apps/contacts/ajax/addproperty.php
View File

@ -23,6 +23,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
function bailOut($msg) {
OCP\JSON::error(array('data' => array('message' => $msg)));

1
apps/contacts/ajax/createaddressbook.php
View File

@ -11,6 +11,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
$userid = OCP\USER::getUser();
$name = trim(strip_tags($_POST['name']));

2
apps/contacts/ajax/cropphoto.php
View File

@ -25,10 +25,12 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
$tmpkey = $_GET['tmpkey'];
$requesttoken = $_GET['requesttoken'];
$id = $_GET['id'];
$tmpl = new OCP\Template("contacts", "part.cropphoto");
$tmpl->assign('tmpkey', $tmpkey);
$tmpl->assign('id', $id);
$tmpl->assign('requesttoken', $requesttoken);
$page = $tmpl->fetchPage();
OCP\JSON::success(array('data' => array( 'page' => $page )));

1
apps/contacts/ajax/deletebook.php
View File

@ -23,6 +23,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
//$id = $_GET['id'];
$id = $_POST['id'];

11
apps/contacts/ajax/deletecard.php
View File

@ -28,6 +28,17 @@ function bailOut($msg) {
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
// foreach($_SERVER as $key=>$value) {
// OCP\Util::writeLog('contacts','ajax/saveproperty.php: _SERVER: '.$key.'=>'.$value, OCP\Util::DEBUG);
// }
foreach($_POST as $key=>$value) {
OCP\Util::writeLog('contacts','ajax/saveproperty.php: _POST: '.$key.'=>'.print_r($value, true), OCP\Util::DEBUG);
}
foreach($_GET as $key=>$value) {
OCP\Util::writeLog('contacts','ajax/saveproperty.php: _GET: '.$key.'=>'.print_r($value, true), OCP\Util::DEBUG);
}
$id = isset($_POST['id'])?$_POST['id']:null;
if(!$id) {

1
apps/contacts/ajax/deleteproperty.php
View File

@ -23,6 +23,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
$id = $_POST['id'];
$checksum = $_POST['checksum'];

1
apps/contacts/ajax/savecrop.php
View File

@ -22,6 +22,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
// Firefox and Konqueror tries to download application/json for me. --Arthur
OCP\JSON::setContentTypeHeader('text/plain');

9
apps/contacts/ajax/saveproperty.php
View File

@ -20,10 +20,6 @@
*
*/
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
function bailOut($msg) {
OCP\JSON::error(array('data' => array('message' => $msg)));
OCP\Util::writeLog('contacts','ajax/saveproperty.php: '.$msg, OCP\Util::DEBUG);
@ -33,6 +29,11 @@ function debug($msg) {
OCP\Util::writeLog('contacts','ajax/saveproperty.php: '.$msg, OCP\Util::DEBUG);
}
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
$id = isset($_POST['id'])?$_POST['id']:null;
$name = isset($_POST['name'])?$_POST['name']:null;
$value = isset($_POST['value'])?$_POST['value']:null;

2
apps/contacts/ajax/uploadphoto.php
View File

@ -23,6 +23,8 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
// Firefox and Konqueror tries to download application/json for me. --Arthur
OCP\JSON::setContentTypeHeader('text/plain');
function bailOut($msg) {

4
apps/contacts/js/contacts.js
View File

@ -622,7 +622,7 @@ Contacts={
q = q + '&id=' + this.id + '&name=' + name;
if(checksum != undefined && checksum != '') { // save
q = q + '&checksum=' + checksum;
//console.log('Saving: ' + q);
console.log('Saving: ' + q);
$(obj).attr('disabled', 'disabled');
$.post(OC.filePath('contacts', 'ajax', 'saveproperty.php'),q,function(jsondata){
if(jsondata.status == 'success'){
@ -640,7 +640,7 @@ Contacts={
}
},'json');
} else { // add
//console.log('Adding: ' + q);
console.log('Adding: ' + q);
$(obj).attr('disabled', 'disabled');
$.post(OC.filePath('contacts', 'ajax', 'addproperty.php'),q,function(jsondata){
if(jsondata.status == 'success'){

2
apps/contacts/templates/part.contact.php
View File

@ -3,6 +3,7 @@ $id = isset($_['id']) ? $_['id'] : '';
?>
<div id="card">
<form class="float" id="file_upload_form" action="<?php echo OCP\Util::linkTo('contacts', 'ajax/uploadphoto.php'); ?>" method="post" enctype="multipart/form-data" target="file_upload_target">
<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>">
<input type="hidden" name="id" value="<?php echo $_['id'] ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
@ -23,6 +24,7 @@ $id = isset($_['id']) ? $_['id'] : '';
<div id="contact_identity" class="contactsection">
<form method="post">
<input type="hidden" name="id" value="<?php echo $_['id'] ?>">
<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>">
<fieldset id="ident" class="contactpart">
<span class="propertycontainer" data-element="N"><input type="hidden" id="n" class="contacts_property" name="value" value="" /></span>
<span id="name" class="propertycontainer" data-element="FN">

2
apps/contacts/templates/part.contacts.php
View File

@ -8,5 +8,5 @@
}
}
?>
<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li>
<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li>
<?php endforeach; ?>

2
apps/contacts/templates/part.cropphoto.php
View File

@ -1,6 +1,7 @@
<?php
$id = $_['id'];
$tmpkey = $_['tmpkey'];
$csrf_token = $_GET['csrf_token'];
OCP\Util::writeLog('contacts','templates/part.cropphoto.php: tmpkey: '.$tmpkey, OCP\Util::DEBUG);
?>
<script language="Javascript">
@ -48,6 +49,7 @@ OCP\Util::writeLog('contacts','templates/part.cropphoto.php: tmpkey: '.$tmpkey,
action="<?php echo OCP\Util::linkToAbsolute('contacts', 'ajax/savecrop.php'); ?>">
<input type="hidden" id="id" name="id" value="<?php echo $id; ?>" />
<input type="hidden" name="requesttoken" value="<?php echo $csrf_token; ?>">
<input type="hidden" id="tmpkey" name="tmpkey" value="<?php echo $tmpkey; ?>" />
<fieldset id="coords">
<input type="hidden" id="x1" name="x1" value="" />

5
apps/contacts/templates/part.importaddressbook.php
View File

@ -7,10 +7,6 @@
*/
?>
<td id="importaddressbook_dialog" colspan="6">
<?php
if(OCP\App::isEnabled('files_encryption')) {
echo '<strong>'.$l->t('Currently this import function doesn\'t work while encryption is enabled.<br />Please upload your VCF file with the file manager and click on it to import.').'</strong>';
} else { ?>
<table>
<tr>
<th><?php echo $l->t('Select address book to import to:') ?></th>
@ -33,7 +29,6 @@ if(OCP\App::isEnabled('files_encryption')) {
<input id="close_button" style="float: left;" type="button" onclick="Contacts.UI.Addressbooks.cancel(this);" value="<?php echo $l->t("Cancel"); ?>">
<iframe name="import_upload_target" id='import_upload_target' src=""></iframe>
<?php } ?>
</td>
<script type="text/javascript">
$(document).ready(function(){

2
apps/files/ajax/list.php
View File

@ -38,7 +38,7 @@ foreach( OC_Files::getdirectorycontent( $dir ) as $i ){
}
$list = new OCP\Template( "files", "part.list", "" );
$list->assign( "files", $files );
$list->assign( "files", $files, false );
$data = array('files' => $list->fetchPage());
OCP\JSON::success(array('data' => $data));

14
apps/files/index.php
View File

@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
// make breadcrumb und filelist markup
$list = new OCP\Template( 'files', 'part.list', '' );
$list->assign( 'files', $files );
$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
$list->assign( 'files', $files, false );
$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=', false);
$breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
$breadcrumbNav->assign( 'breadcrumb', $breadcrumb, false );
$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
$upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
$post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
@ -89,8 +89,8 @@ $freeSpace=max($freeSpace,0);
$maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
$tmpl = new OCP\Template( 'files', 'index', 'user' );
$tmpl->assign( 'fileList', $list->fetchPage() );
$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
$tmpl->assign( 'fileList', $list->fetchPage(), false );
$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage(), false );
$tmpl->assign( 'dir', $dir);
$tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
$tmpl->assign( 'files', $files );

2
apps/files/templates/index.php
View File

@ -15,7 +15,7 @@
<form data-upload-id='1' class="file_upload_form" action="<?php echo OCP\Util::linkTo('files', 'ajax/upload.php'); ?>" method="post" enctype="multipart/form-data" target="file_upload_target_1">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
<input type="hidden" name="dir" value="<?php echo htmlentities($_['dir'],ENT_COMPAT,'utf-8') ?>" id="dir">
<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
<button class="file_upload_filename">&nbsp;<img class='svg action' alt="Upload" src="<?php echo OCP\image_path("core", "actions/upload-white.svg"); ?>" /></button>
<input class="file_upload_start" type="file" name='files[]'/>
<a href="#" class="file_upload_button_wrapper" onclick="return false;" title="<?php echo $l->t('Upload'); echo ' max. '.$_['uploadMaxHumanFilesize'] ?>"></a>

51
apps/files_external/ajax/google.php Normal file
View File

@ -0,0 +1,51 @@
<?php
require_once 'Google/common.inc.php';
OCP\JSON::checkAppEnabled('files_external');
OCP\JSON::checkLoggedIn();
$consumer = new OAuthConsumer('anonymous', 'anonymous');
$sigMethod = new OAuthSignatureMethod_HMAC_SHA1();
if (isset($_POST['step'])) {
switch ($_POST['step']) {
case 1:
if (isset($_POST['callback'])) {
$callback = $_POST['callback'];
} else {
$callback = null;
}
$scope = 'https://docs.google.com/feeds/ https://docs.googleusercontent.com/ https://spreadsheets.google.com/feeds/';
$url = 'https://www.google.com/accounts/OAuthGetRequestToken?scope='.urlencode($scope);
$params = array('scope' => $scope, 'oauth_callback' => $callback);
$request = OAuthRequest::from_consumer_and_token($consumer, null, 'GET', $url, $params);
$request->sign_request($sigMethod, $consumer, null);
$response = send_signed_request('GET', $url, array($request->to_header()), null, false);
$token = array();
parse_str($response, $token);
if (isset($token['oauth_token']) && isset($token['oauth_token_secret'])) {
$authUrl = 'https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token='.$token['oauth_token'];
OCP\JSON::success(array('data' => array('url' => $authUrl, 'request_token' => $token['oauth_token'], 'request_token_secret' => $token['oauth_token_secret'])));
} else {
OCP\JSON::error(array('data' => array('message' => 'Fetching request tokens failed. Error: '.$response)));
}
break;
case 2:
if (isset($_POST['oauth_verifier']) && isset($_POST['request_token']) && isset($_POST['request_token_secret'])) {
$token = new OAuthToken($_POST['request_token'], $_POST['request_token_secret']);
$url = 'https://www.google.com/accounts/OAuthGetAccessToken';
$request = OAuthRequest::from_consumer_and_token($consumer, $token, 'GET', $url, array('oauth_verifier' => $_POST['oauth_verifier']));
$request->sign_request($sigMethod, $consumer, $token);
$response = send_signed_request('GET', $url, array($request->to_header()), null, false);
$token = array();
parse_str($response, $token);
if (isset($token['oauth_token']) && isset($token['oauth_token_secret'])) {
OCP\JSON::success(array('access_token' => $token['oauth_token'], 'access_token_secret' => $token['oauth_token_secret']));
} else {
OCP\JSON::error(array('data' => array('message' => 'Fetching access tokens failed. Error: '.$response)));
}
}
break;
}
}
?>

48
apps/files_external/js/google.js Normal file
View File

@ -0,0 +1,48 @@
$(document).ready(function() {
$('#externalStorage tbody tr').each(function() {
if ($(this).find('.backend').data('class') == 'OC_Filestorage_Google') {
var token = $(this).find('[data-parameter="token"]');
var token_secret = $(this).find('[data-parameter="token_secret"]');
if ($(token).val() == '' && $(token).val() == '') {
$(this).find('.configuration').append('<a class="button google">Grant access</a>');
} else {
var params = {};
window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m, key, value) {
params[key] = value;
});
if (params['oauth_token'].length > 1 && decodeURIComponent(params['oauth_token']) == $(token).val() && params['oauth_verifier'].length > 1) {
var tr = $(this);
$.post(OC.filePath('files_external', 'ajax', 'google.php'), { step: 2, oauth_verifier: params['oauth_verifier'], request_token: $(token).val(), request_token_secret: $(token_secret).val() }, function(result) {
if (result && result.status == 'success') {
$(token).val(result.access_token);
$(token_secret).val(result.access_token_secret);
OC.MountConfig.saveStorage(tr);
} else {
OC.dialogs.alert(result.data.message, 'Error configuring Google Drive storage');
}
});
}
}
return false;
}
});
$('.google').live('click', function(event) {
event.preventDefault();
var tr = $(this).parent().parent();
var token = $(this).parent().find('[data-parameter="token"]');
var token_secret = $(this).parent().find('[data-parameter="token_secret"]');
$.post(OC.filePath('files_external', 'ajax', 'google.php'), { step: 1, callback: window.location.href }, function(result) {
if (result && result.status == 'success') {
$(token).val(result.data.request_token);
$(token_secret).val(result.data.request_token_secret);
OC.MountConfig.saveStorage(tr);
window.location = result.data.url;
} else {
OC.dialogs.alert(result.data.message, 'Error configuring Google Drive storage');
}
});
});
});

3
apps/files_external/lib/config.php
View File

@ -41,8 +41,9 @@ class OC_Mount_Config {
return array(
'OC_Filestorage_Local' => array('backend' => 'Local', 'configuration' => array('datadir' => 'Location')),
'OC_Filestorage_AmazonS3' => array('backend' => 'Amazon S3', 'configuration' => array('key' => 'Key', 'secret' => '*Secret', 'bucket' => 'Bucket')),
'OC_Filestorage_Dropbox' => array('backend' => 'Dropbox', 'configuration' => array('app_key' => 'App key', 'app_secret' => 'App secret', 'token' => '#token', 'token_secret' => '#token_secret' ), 'custom' => 'dropbox'),
'OC_Filestorage_Dropbox' => array('backend' => 'Dropbox', 'configuration' => array('app_key' => 'App key', 'app_secret' => 'App secret', 'token' => '#token', 'token_secret' => '#token_secret'), 'custom' => 'dropbox'),
'OC_Filestorage_FTP' => array('backend' => 'FTP', 'configuration' => array('host' => 'URL', 'user' => 'Username', 'password' => '*Password', 'root' => '&Root', 'secure' => '!Secure ftps://')),
'OC_Filestorage_Google' => array('backend' => 'Google Drive', 'configuration' => array('token' => '#token', 'token_secret' => '#token secret'), 'custom' => 'google'),
'OC_Filestorage_SWIFT' => array('backend' => 'OpenStack Swift', 'configuration' => array('host' => 'URL', 'user' => 'Username', 'token' => '*Token', 'root' => '&Root', 'secure' => '!Secure ftps://')),
'OC_Filestorage_SMB' => array('backend' => 'SMB', 'configuration' => array('host' => 'URL', 'user' => 'Username', 'password' => '*Password', 'root' => '&Root')),
'OC_Filestorage_DAV' => array('backend' => 'WebDAV', 'configuration' => array('host' => 'URL', 'user' => 'Username', 'password' => '*Password', 'root' => '&Root', 'secure' => '!Secure https://'))

2
apps/files_external/lib/google.php
View File

@ -20,7 +20,7 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*/
require_once 'common.inc.php';
require_once 'Google/common.inc.php';
class OC_Filestorage_Google extends OC_Filestorage_Common {

2
apps/files_external/templates/settings.php
View File

@ -16,7 +16,7 @@
<?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?>
<?php foreach ($_['mounts'] as $mountPoint => $mount): ?>
<tr <?php if ($mountPoint == '') echo 'id="addMountPoint"'; ?>>
<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo htmlentities($mountPoint); ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo $mountPoint; ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
<?php if ($mountPoint == ''): ?>
<td class="backend">
<select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'>

4
apps/gallery/lib/tiles.php
View File

@ -141,7 +141,7 @@ class TileStack extends TileBase {
}
public function get() {
$r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
$r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
for ($i = 0; $i < count($this->tiles_array); $i++) {
$top = rand(-5, 5);
$left = rand(-5, 5);
@ -168,7 +168,7 @@ class TileStack extends TileBase {
}
public function getOnClickAction() {
return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');';
return 'javascript:openNewGal(\''.$this->stack_name.'\');';
}
private $tiles_array;

2
apps/tasks/templates/part.taskform.php
View File

@ -5,7 +5,7 @@
<input type="text" id="location" name="location" placeholder="<?php echo $l->t('Location of the task');?>" value="<?php echo isset($_['details']->LOCATION) ? $_['details']->LOCATION[0]->value : '' ?>">
<br>
<label for="categories"><?php echo $l->t('Categories'); ?></label>
<input id="categories" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? htmlspecialchars($_['categories']) : '' ?>">
<input id="categories" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? $_['categories'] : '' ?>">
<a class="action edit" onclick="$(this).tipsy('hide');OCCategories.edit();" title="<?php echo $l->t('Edit categories'); ?>"><img alt="<?php echo $l->t('Edit categories'); ?>" src="<?php echo OCP\image_path('core','actions/rename.svg')?>" class="svg action" style="width: 16px; height: 16px;"></a>
<br>
<label for="due"><?php echo $l->t('Due'); ?></label>

2
apps/user_ldap/settings.php
View File

@ -47,7 +47,7 @@ if ($_POST) {
// fill template
$tmpl = new OCP\Template( 'user_ldap', 'settings');
foreach($params as $param){
$value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,''));
$value = OCP\Config::getAppValue('user_ldap', $param,'');
$tmpl->assign($param, $value);
}

2
apps/user_openid/settings.php
View File

@ -2,7 +2,7 @@
$tmpl = new OCP\Template( 'user_openid', 'settings');
$identity=OCP\Config::getUserValue(OCP\USER::getUser(),'user_openid','identity','');
$tmpl->assign('identity',htmlentities($identity));
$tmpl->assign('identity',$identity);
OCP\Util::addscript('user_openid','settings');

2
core/lostpassword/index.php
View File

@ -17,7 +17,7 @@ if (isset($_POST['user'])) {
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and ($_POST['sectoken']==$_SESSION['sectoken']) ) {
$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php').'?user='.$_POST['user'].'&token='.$token;
$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php').'?user='.urlencode($_POST['user']).'&token='.$token;
$tmpl = new OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link);
$msg = $tmpl->fetchPage();

2
core/templates/404.php
View File

@ -10,6 +10,6 @@ if(!isset($_)){//also provide standalone error page
<ul>
<li class='error'>
<?php echo $l->t( 'Cloud not found' ); ?><br/>
<p class='hint'><?php if(isset($_['file'])) echo htmlentities($_['file'])?></p>
<p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
</li>
</ul>

10
core/templates/layout.user.php
View File

@ -30,6 +30,16 @@
echo '/>';
?>
<?php endforeach; ?>
<script type="text/javascript">
$(function() {
var requesttoken = '<?php echo $_['requesttoken']; ?>';
$(document).bind('ajaxSend', function(elm, xhr, s){
if(requesttoken) {
xhr.setRequestHeader('requesttoken', requesttoken);
}
});
});
</script>
</head>
<body id="<?php echo $_['bodyid'];?>">

2
core/templates/login.php
View File

@ -1,7 +1,7 @@
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form action="index.php" method="post">
<fieldset>
<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?>
<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?>
<?php if($_['error']): ?>
<a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a>
<?php endif; ?>

12
lib/json.php
View File

@ -41,6 +41,18 @@ class OC_JSON{
}
}
/**
* @brief Check an ajax get/post call if the request token is valid.
* @return json Error msg if not valid.
*/
public static function callCheck(){
if( !OC_Util::isCallRegistered()){
$l = OC_L10N::get('core');
self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') )));
exit();
}
}
/**
* Check if the user is a admin, send json error msg if not
*/

7
lib/public/json.php
View File

@ -53,6 +53,13 @@ class JSON {
return(\OC_JSON::checkLoggedIn());
}
/**
* @brief Check an ajax get/post call if the request token is valid.
* @return json Error msg if not valid.
*/
public static function callCheck(){
return(\OC_JSON::callCheck());
}
/**
* @brief Send json success msg

53
lib/template.php
View File

@ -155,6 +155,9 @@ class OC_Template{
$this->renderas = $renderas;
$this->application = $app;
$this->vars = array();
if($renderas == 'user') {
$this->vars['requesttoken'] = OC_Util::callRegister();
}
$this->l10n = OC_L10N::get($app);
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
@ -259,6 +262,7 @@ class OC_Template{
* @brief Assign variables
* @param $key key
* @param $value value
* @param $sanitizeHTML false, if data shouldn't get passed through htmlentities
* @returns true
*
* This function assigns a variable. It can be accessed via $_[$key] in
@ -266,11 +270,29 @@ class OC_Template{
*
* If the key existed before, it will be overwritten
*/
public function assign( $key, $value ){
public function assign( $key, $value, $sanitizeHTML=true ){
if($sanitizeHTML == true) {
if(is_array($value)) {
array_walk_recursive($value,'OC_Template::sanitizeHTML');
} else {
$value = OC_Template::sanitizeHTML($value);
}
}
$this->vars[$key] = $value;
return true;
}
/**
* @brief Internaly used to sanitze HTML
*
* This function is internally used to sanitize HTML.
*/
private static function sanitizeHTML( &$value ){
$value = htmlentities( $value );
return $value;
}
/**
* @brief Appends a variable
* @param $key key
@ -354,20 +376,21 @@ class OC_Template{
// Decide which page we show
if( $this->renderas == "user" ){
$page = new OC_Template( "core", "layout.user" );
$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ), false);
$page->assign('requesttoken', $this->vars['requesttoken']);
if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){
$page->assign('bodyid','body-settings');
$page->assign('bodyid','body-settings', false);
}else{
$page->assign('bodyid','body-user');
$page->assign('bodyid','body-user', false);
}
// Add navigation entry
$navigation = OC_App::getNavigation();
$page->assign( "navigation", $navigation);
$page->assign( "settingsnavigation", OC_App::getSettingsNavigation());
$page->assign( "navigation", $navigation, false);
$page->assign( "settingsnavigation", OC_App::getSettingsNavigation(), false);
foreach($navigation as $entry) {
if ($entry['active']) {
$page->assign( 'application', $entry['name'] );
$page->assign( 'application', $entry['name'], false );
break;
}
}
@ -381,7 +404,7 @@ class OC_Template{
// Read the detected formfactor and use the right file name.
$fext = self::getFormFactorExtension();
$page->assign('jsfiles', array());
$page->assign('jsfiles', array(), false);
// Add the core js files or the js files provided by the selected theme
foreach(OC_Util::$scripts as $script){
// Is it in 3rd party?
@ -456,13 +479,13 @@ class OC_Template{
}
// Add custom headers
$page->assign('headers',$this->headers);
$page->assign('headers',$this->headers, false);
foreach(OC_Util::$headers as $header){
$page->append('headers',$header);
}
// Add css files and js files
$page->assign( "content", $data );
$page->assign( "content", $data, false );
return $page->fetchPage();
}
else{
@ -507,13 +530,13 @@ class OC_Template{
$_ = array_merge( $additionalparams, $this->vars );
}
// Einbinden
// Include
ob_start();
include( $this->path.$file.'.php' );
$data = ob_get_contents();
@ob_end_clean();
// Daten zurückgeben
// Return data
return $data;
}
@ -527,7 +550,7 @@ class OC_Template{
public static function printUserPage( $application, $name, $parameters = array() ){
$content = new OC_Template( $application, $name, "user" );
foreach( $parameters as $key => $value ){
$content->assign( $key, $value );
$content->assign( $key, $value, false );
}
print $content->printPage();
}
@ -542,7 +565,7 @@ class OC_Template{
public static function printAdminPage( $application, $name, $parameters = array() ){
$content = new OC_Template( $application, $name, "admin" );
foreach( $parameters as $key => $value ){
$content->assign( $key, $value );
$content->assign( $key, $value, false );
}
return $content->printPage();
}
@ -557,7 +580,7 @@ class OC_Template{
public static function printGuestPage( $application, $name, $parameters = array() ){
$content = new OC_Template( $application, $name, "guest" );
foreach( $parameters as $key => $value ){
$content->assign( $key, $value );
$content->assign( $key, $value,false );
}
return $content->printPage();
}

45
lib/util.php
View File

@ -355,8 +355,9 @@ class OC_Util {
}
/**
* Register an get/post call. This is important to prevent CSRF attacks
* @brief Register an get/post call. This is important to prevent CSRF attacks
* Todo: Write howto
* @return $token Generated token.
*/
public static function callRegister(){
//mamimum time before token exires
@ -381,50 +382,48 @@ class OC_Util {
}
}
}
// return the token
return($token);
}
/**
* Check an ajax get/post call if the request token is valid. exit if not.
* Todo: Write howto
* @brief Check an ajax get/post call if the request token is valid.
* @return boolean False if request token is not set or is invalid.
*/
public static function callCheck(){
public static function isCallRegistered(){
//mamimum time before token exires
$maxtime=(60*60); // 1 hour
// searches in the get and post arrays for the token.
if(isset($_GET['requesttoken'])) {
$token=$_GET['requesttoken'];
}elseif(isset($_POST['requesttoken'])){
$token=$_POST['requesttoken'];
}elseif(isset($_SERVER['HTTP_REQUESTTOKEN'])){
$token=$_SERVER['HTTP_REQUESTTOKEN'];
}else{
//no token found. exiting
exit;
//no token found.
return false;
}
// check if the token is in the user session and if the timestamp is from the last hour.
if(isset($_SESSION['requesttoken-'.$token])) {
$timestamp=$_SESSION['requesttoken-'.$token];
if($timestamp+$maxtime<time){
//token exired. exiting
exit;
if($timestamp+$maxtime<time()){
return false;
}else{
//token valid
return;
return true;
}
}else{
//no token found. exiting
exit;
return false;
}
}
/**
* @brief Check an ajax get/post call if the request token is valid. exit if not.
* Todo: Write howto
*/
public static function callCheck(){
if(!OC_Util::isCallRegistered()) {
exit;
}
}
}

2
settings/admin.php
View File

@ -23,7 +23,7 @@ function compareEntries($a,$b){
usort($entries, 'compareEntries');
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
$tmpl->assign('entries',$entries);
$tmpl->assign('entries',$entries,false);
$tmpl->assign('forms',array());
foreach($forms as $form){
$tmpl->append('forms',$form);

2
settings/apps.php
View File

@ -92,7 +92,7 @@ usort($apps, 'app_sort');
$tmpl = new OC_Template( "settings", "apps", "user" );
$tmpl->assign('apps',$apps);
$tmpl->assign('apps',$apps, false);
$tmpl->printPage();

2
settings/templates/admin.php
View File

@ -29,7 +29,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal');
<?php echo $entry->app;?>
</td>
<td>
<?php echo htmlentities($entry->message);?>
<?php echo $entry->message;?>
</td>
<td>
<?php echo OC_Util::formatDate($entry->time);?>

6
settings/templates/help.php
View File

@ -26,9 +26,9 @@
<?php foreach($_["kbe"] as $kb): ?>
<div class="helpblock">
<?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?>
<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?>
<p><?php echo htmlentities($kb['description']);?></p>
<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?>
<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?>
<p><?php echo $kb['description'];?></p>
<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?>
</div>
<?php endforeach;
endif?>