From e56c3165764bd79c4067e89d477f9d7007f2818d Mon Sep 17 00:00:00 2001 From: Kees Huiberts Date: Thu, 21 Oct 2010 19:38:01 +0200 Subject: [PATCH 1/8] Fixed small bug, added global $SERVERROOT to OC_UTIL --- inc/lib_base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/lib_base.php b/inc/lib_base.php index 3f7a98d7ac..3afbafc903 100644 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -31,7 +31,6 @@ date_default_timezone_set('Europe/Berlin'); ini_set('arg_separator.output','&'); ini_set('session.cookie_httponly','1;'); session_start(); - // calculate the documentroot $SERVERROOT=substr(__FILE__,0,-17); $DOCUMENTROOT=realpath($_SERVER['DOCUMENT_ROOT']); @@ -119,6 +118,7 @@ class OC_UTIL { if(self::$fsSetup){//setting up the filesystem twice can only lead to trouble return false; } + global $SERVERROOT; global $CONFIG_DATADIRECTORY_ROOT; global $CONFIG_DATADIRECTORY; global $CONFIG_BACKUPDIRECTORY; From b116b2fd4c75cb8ddf722ae13be85bbe4eae33f3 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 24 Oct 2010 13:25:21 +0200 Subject: [PATCH 2/8] fix uploading files to folders with special characters in the name --- files/upload.php | 4 +--- js/filebrowser.js | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) mode change 100644 => 100755 files/upload.php diff --git a/files/upload.php b/files/upload.php old mode 100644 new mode 100755 index 1190b466ea..e84cf8303d --- a/files/upload.php +++ b/files/upload.php @@ -22,11 +22,9 @@ */ require_once('../inc/lib_base.php'); -// sleep(5); //immitate slow internet. - $fileName=$_FILES['file']['name']; $source=$_FILES['file']['tmp_name']; -$target=$_GET['dir'].'/'.$fileName; +$target=stripslashes($_GET['dir']).'/'.$fileName; if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($_GET['dir'],'..')===false){ if(OC_FILESYSTEM::fromTmpFile($source,$target)){ echo 'true'; diff --git a/js/filebrowser.js b/js/filebrowser.js index 1ad37ebcf3..a12a7cd715 100644 --- a/js/filebrowser.js +++ b/js/filebrowser.js @@ -310,7 +310,7 @@ OC_FILES.browser.show_callback=function(content){ OC_FILES.browser.files.show(null,content); } if(OC_FILES.uploadForm){ - OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+dir); + OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+encodeURIComponent(dir)); } } @@ -423,7 +423,7 @@ OC_FILES.browser.showuploader=function(dir,parent,max_upload){ var iframeId=OC_FILES.uploadIFrames.length OC_FILES.uploadForm=document.createElement('form'); OC_FILES.uploadForm.setAttribute('target','uploadIFrame'+iframeId); - OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+dir); + OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+encodeURIComponent(dir)); OC_FILES.uploadForm.method='post'; OC_FILES.uploadForm.setAttribute('enctype','multipart/form-data'); OC_FILES.uploadIFrames[iframeId]=document.createElement('iframe'); From 59250ec6fd27601604570a2d66740053beaa71e0 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 31 Oct 2010 02:41:36 +0200 Subject: [PATCH 3/8] fix some typo's --- inc/templates/adminform.php | 2 +- settings/index.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/templates/adminform.php b/inc/templates/adminform.php index 50ba2a3b64..5a04c4902a 100755 --- a/inc/templates/adminform.php +++ b/inc/templates/adminform.php @@ -88,7 +88,7 @@ echo('
') echo "$CONFIG_ERROR"; } if($FIRSTRUN){?> -Administartor User +Administrator User user name: password: retype password: diff --git a/settings/index.php b/settings/index.php index ba11da08c0..674e42b8d7 100644 --- a/settings/index.php +++ b/settings/index.php @@ -33,8 +33,8 @@ $FIRSTRUN=false; OC_CONFIG::addForm('User Settings','/inc/templates/configform.php'); if(OC_USER::ingroup($_SESSION['username'],'admin')){ OC_CONFIG::addForm('System Settings','/inc/templates/adminform.php'); - OC_CONFIG::addForm('User Managment','/inc/templates/userform.php'); - OC_CONFIG::addForm('Plugin Managment','/inc/templates/pluginform.php'); + OC_CONFIG::addForm('User Management','/inc/templates/userform.php'); + OC_CONFIG::addForm('Plugin Management','/inc/templates/pluginform.php'); } echo('
'); From d565b50ca6983bb2fb7c98fcf4dba8efa9b53e91 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 31 Oct 2010 02:42:39 +0200 Subject: [PATCH 4/8] remove placeholder music plugin --- plugins/music/index.php | 37 ------------------------------------- plugins/music/lib_music.php | 29 ----------------------------- plugins/music/plugin.xml | 14 -------------- 3 files changed, 80 deletions(-) delete mode 100644 plugins/music/index.php delete mode 100644 plugins/music/lib_music.php delete mode 100644 plugins/music/plugin.xml diff --git a/plugins/music/index.php b/plugins/music/index.php deleted file mode 100644 index 737b9ff79c..0000000000 --- a/plugins/music/index.php +++ /dev/null @@ -1,37 +0,0 @@ -. -* -*/ - - -require_once('../../inc/lib_base.php'); - - -OC_UTIL::showheader(); - -echo('
'); -echo('nothing here yet :-)'); -echo('
'); - - -OC_UTIL::showfooter(); - -?> diff --git a/plugins/music/lib_music.php b/plugins/music/lib_music.php deleted file mode 100644 index e1262737f0..0000000000 --- a/plugins/music/lib_music.php +++ /dev/null @@ -1,29 +0,0 @@ -. -* -*/ - - -OC_UTIL::addnavigationentry('Music','/plugins/music'); - - - -?> diff --git a/plugins/music/plugin.xml b/plugins/music/plugin.xml deleted file mode 100644 index 2ef3c08343..0000000000 --- a/plugins/music/plugin.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - music - Music player for ownCloud - 0.1 - AGPL - 2010 Frank Karlitschek karlitschek@kde.org - 1.1 - - - lib_music.php - - From ad8d6c42604c0aef93f456a2c406ef122f479077 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 31 Oct 2010 02:44:19 +0200 Subject: [PATCH 5/8] set version number to 1.1 --- inc/lib_base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/lib_base.php b/inc/lib_base.php index 3afbafc903..65664ae861 100644 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -172,7 +172,7 @@ class OC_UTIL { * @return array */ public static function getVersion(){ - return array(1,0,60); + return array(1,1,0); } /** From fc5b8679da954078d98748f111a94e64f93e83e4 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Thu, 4 Nov 2010 19:42:51 +0100 Subject: [PATCH 6/8] fix login issue after logging out --- inc/User/database.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/inc/User/database.php b/inc/User/database.php index 6b1310265d..9a39e191f6 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -112,11 +112,14 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * */ public static function logoutLisener() { + global $WEBROOT; if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { OC_LOG::event($_SESSION['username'], 2, ''); $_SESSION['user_id'] = false; $_SESSION['username'] = ''; $_SESSION['username_clean'] = ''; + + header("location: $WEBROOT"); } } From 92d08d513b62d98799579addbb00bf5c42a66287 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20KUBLER?= Date: Tue, 16 Nov 2010 19:21:36 +0100 Subject: [PATCH 7/8] Add support for hosts where open_basedir restriction is in effect. --- inc/lib_filestorage.php | 101 +++++++++++++++++++++++----------------- 1 file changed, 57 insertions(+), 44 deletions(-) diff --git a/inc/lib_filestorage.php b/inc/lib_filestorage.php index 7dbdfe2457..b3dc17ac4c 100644 --- a/inc/lib_filestorage.php +++ b/inc/lib_filestorage.php @@ -3,20 +3,20 @@ /** * ownCloud * -* @author Frank Karlitschek -* @copyright 2010 Frank Karlitschek karlitschek@kde.org -* +* @author Frank Karlitschek +* @copyright 2010 Frank Karlitschek karlitschek@kde.org +* * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either +* License as published by the Free Software Foundation; either * version 3 of the License, or any later version. -* +* * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Lesser General Public +* +* You should have received a copy of the GNU Lesser General Public * License along with this library. If not, see . */ @@ -44,7 +44,7 @@ class OC_FILESTORAGE{ } } } - + public function __construct($parameters){} public function mkdir($path){} public function rmdir($path){} @@ -202,11 +202,11 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ } return $return; } - + public function getMimeType($fspath){ if (@is_dir($this->datadir.$fspath)) { // directories are easy - return "httpd/unix-directory"; + return "httpd/unix-directory"; }elseif (function_exists('finfo_open') and function_exists('finfo_file') and $finfo=finfo_open(FILEINFO_MIME)){ $mimeType =strtolower(finfo_file($finfo,$this->datadir.$fspath)); $mimeType=substr($mimeType,0,strpos($mimeType,';')); @@ -216,15 +216,15 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ // use mime magic extension if available $mime_type = mime_content_type($this->datadir.$fspath); } else if (self::canExecute("file")) { - // it looks like we have a 'file' command, + // it looks like we have a 'file' command, // lets see it it does have mime support $fp = popen("file -i -b '{$this->datadir}$fspath' 2>/dev/null", "r"); $reply = fgets($fp); pclose($fp); - + //trim the character set from the end of the response $mime_type=substr($reply,0,strrpos($reply,' ')); - } + } if (empty($mime_type)) { // Fallback solution: try to guess the type by the file extension // TODO: add more ... @@ -290,53 +290,66 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ break; } } - + return $mime_type; } - + /** * detect if a given program is found in the search PATH * - * helper function used by _mimetype() to detect if the + * helper function used by _mimetype() to detect if the * external 'file' utility is available * * @param string program name * @param string optional search path, defaults to $PATH * @return bool true if executable program found in path */ - private function canExecute($name, $path = false) + private function canExecute($name, $path = false) { // path defaults to PATH from environment if not set if ($path === false) { $path = getenv("PATH"); } - + // check method depends on operating system if (!strncmp(PHP_OS, "WIN", 3)) { // on Windows an appropriate COM or EXE file needs to exist $exts = array(".exe", ".com"); $check_fn = "file_exists"; - } else { + } else { // anywhere else we look for an executable file of that name $exts = array(""); $check_fn = "is_executable"; } - - // now check the directories in the path for the program - foreach (explode(PATH_SEPARATOR, $path) as $dir) { - // skip invalid path entries - if (!file_exists($dir)) continue; - if (!is_dir($dir)) continue; - // and now look for the file - foreach ($exts as $ext) { - if ($check_fn("$dir/$name".$ext)) return true; - } - } + // Default check will be done with $path directories : + $dirs = explode(PATH_SEPARATOR, $path); + + // WARNING : We have to check if open_basedir is enabled : + $obd = ini_get('open_basedir'); + + if($obd != "none") + $obd_values = explode(PATH_SEPARATOR, $obd); + + if(count($obd_values) > 0) + { + // open_basedir is in effect ! + // We need to check if the program is in one of these dirs : + $dirs = $obd_values; + } + + foreach($dirs as $dir) + { + foreach($exts as $ext) + { + if($check_fn("$dir/$name".$ext)) + return true; + } + } return false; } - + public function toTmpFile($path){ $tmpFolder=sys_get_temp_dir(); $filename=tempnam($tmpFolder,'OC_TEMP_FILE_'.substr($path,strrpos($path,'.'))); @@ -347,7 +360,7 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ return false; } } - + public function fromTmpFile($tmpFile,$path){ if(rename($tmpFile,$this->datadir.$path)){ $this->notifyObservers($path,OC_FILEACTION_CREATE); @@ -356,21 +369,21 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ return false; } } - + public function delTree($dir) { $dirRelative=$dir; $dir=$this->datadir.$dir; - if (!file_exists($dir)) return true; - if (!is_dir($dir) || is_link($dir)) return unlink($dir); - foreach (scandir($dir) as $item) { - if ($item == '.' || $item == '..') continue; + if (!file_exists($dir)) return true; + if (!is_dir($dir) || is_link($dir)) return unlink($dir); + foreach (scandir($dir) as $item) { + if ($item == '.' || $item == '..') continue; if(is_file($dir.'/'.$item)){ if(unlink($dir.'/'.$item)){ $this->notifyObservers($dir.'/'.$item,OC_FILEACTION_DELETE); } }elseif(is_dir($dir.'/'.$item)){ - if (!$this->delTree($dirRelative. "/" . $item)){ - return false; + if (!$this->delTree($dirRelative. "/" . $item)){ + return false; }; } } @@ -379,7 +392,7 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ } return $return; } - + public function find($path){ $return=System::find($this->datadir.$path); foreach($return as &$file){ @@ -387,7 +400,7 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ } return $return; } - + public function getTree($dir) { if(substr($dir,-1,1)=='/'){ $dir=substr($dir,0,-1); @@ -396,9 +409,9 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ $tree[]=$dir; $dirRelative=$dir; $dir=$this->datadir.$dir; - if (!file_exists($dir)) return true; - foreach (scandir($dir) as $item) { - if ($item == '.' || $item == '..') continue; + if (!file_exists($dir)) return true; + foreach (scandir($dir) as $item) { + if ($item == '.' || $item == '..') continue; if(is_file($dir.'/'.$item)){ $tree[]=$dirRelative.'/'.$item; }elseif(is_dir($dir.'/'.$item)){ From e18898dfe140b091840107aa47ac4ece7a68edd6 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Tue, 16 Nov 2010 21:20:23 +0100 Subject: [PATCH 8/8] fix warning message that sometimes broke webdav --- inc/MDB2/Driver/sqlite.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/MDB2/Driver/sqlite.php b/inc/MDB2/Driver/sqlite.php index 63b66bf3fb..abde86d596 100644 --- a/inc/MDB2/Driver/sqlite.php +++ b/inc/MDB2/Driver/sqlite.php @@ -926,7 +926,7 @@ class MDB2_Result_sqlite extends MDB2_Result_Common if ($object_class == 'stdClass') { $row = (object) $row; } else { - $row = &new $object_class($row); + $row = new $object_class($row); } } ++$this->rownum;