diff --git a/apps/contacts/js/contacts.js b/apps/contacts/js/contacts.js
index 1408e840f2..2319334c58 100644
--- a/apps/contacts/js/contacts.js
+++ b/apps/contacts/js/contacts.js
@@ -1699,5 +1699,7 @@ $(document).ready(function(){
}
$('#contacts_propertymenu_dropdown a').click(propertyMenuItem);
$('#contacts_propertymenu_dropdown a').keydown(propertyMenuItem);
+
+ Contacts.UI.loadHandlers();
+ Contacts.UI.Contacts.update();
});
-Contacts.UI.Contacts.update();
diff --git a/apps/files_archive/lib/storage.php b/apps/files_archive/lib/storage.php
index 8676166361..2f10d6a3e4 100644
--- a/apps/files_archive/lib/storage.php
+++ b/apps/files_archive/lib/storage.php
@@ -49,6 +49,7 @@ class OC_Filestorage_Archive extends OC_Filestorage_Common{
OC_FakeDirStream::$dirs[$id]=$content;
return opendir('fakedir://'.$id);
}
+ public function readdir($path){}
public function stat($path){
$ctime=filectime($this->path);
$path=$this->stripPath($path);
diff --git a/apps/files_sharing/sharedstorage.php b/apps/files_sharing/sharedstorage.php
index 1a6942ad16..9174334383 100644
--- a/apps/files_sharing/sharedstorage.php
+++ b/apps/files_sharing/sharedstorage.php
@@ -139,6 +139,8 @@ class OC_Filestorage_Shared extends OC_Filestorage {
}
}
+ public function readdir( $path ) {}
+
public function is_dir($path) {
if ($path == "" || $path == "/") {
return true;
diff --git a/apps/files_versions/versions.php b/apps/files_versions/versions.php
index 44ce7c635a..6feb0cbb9c 100644
--- a/apps/files_versions/versions.php
+++ b/apps/files_versions/versions.php
@@ -303,66 +303,88 @@ class Storage {
*/
public static function expireAll() {
- function deleteAll($directory, $empty = false) {
+ function deleteAll( $directory, $empty = false ) {
- if(substr($directory,-1) == "/") {
- $directory = substr($directory,0,-1);
+ // strip leading slash
+ if( substr( $directory, 0, 1 ) == "/" ) {
+
+ $directory = substr( $directory, 1 );
+
+ }
+
+ // strip trailing slash
+ if( substr( $directory, -1) == "/" ) {
+
+ $directory = substr( $directory, 0, -1 );
+
}
- if(!file_exists($directory) || !is_dir($directory)) {
+ $view = new \OC_FilesystemView('');
+
+ if ( !$view->file_exists( $directory ) || !$view->is_dir( $directory ) ) {
return false;
- } elseif(!is_readable($directory)) {
+ } elseif( !$view->is_readable( $directory ) ) {
return false;
} else {
- $directoryHandle = opendir($directory);
-
- while ($contents = readdir($directoryHandle)) {
+ $foldername = \OCP\Config::getSystemValue('datadirectory') .'/' . \OCP\USER::getUser() .'/' . $directory; // have to set an absolute path for use with PHP's opendir as OC version doesn't work
- if( $contents != '.' && $contents != '..') {
+ $directoryHandle = opendir( $foldername );
+
+ while ( $contents = $view->readdir( $directoryHandle ) ) {
+
+ if ( $contents != '.' && $contents != '..') {
$path = $directory . "/" . $contents;
- if( is_dir($path) ) {
+ if ( $view->is_dir( $path ) ) {
- deleteAll($path);
+ deleteAll( $path );
} else {
-
- unlink($path);
+
+ $view->unlink( \OCP\USER::getUser() .'/' . $path ); // TODO: make unlink use same system path as is_dir
}
}
}
- closedir( $directoryHandle );
+ //$view->closedir( $directoryHandle ); // TODO: implement closedir in OC_FSV
- if( $empty == false ) {
+ if ( $empty == false ) {
- if(!rmdir($directory)) {
+ if ( !$view->rmdir( $directory ) ) {
return false;
}
- }
+ }
return true;
}
}
-
- /*
- // FIXME: make this path dynamic
- $dir = '/home/samtuke/owncloud/git/oc5/data/admin/versions';
+
+ $dir = \OCP\Config::getSystemValue('files_versionsfolder', Storage::DEFAULTFOLDER);
+
+ deleteAll( $dir, true );
- ( deleteAll( $dir, 1 ) ? return true : return false );
- */
+// if ( deleteAll( $dir, 1 ) ) {
+//
+// echo "
deleted ok
";
+//
+// } else {
+//
+// echo "not deleted
";
+//
+// }
+
}
diff --git a/apps/media/js/collection.js b/apps/media/js/collection.js
index 03d577c7c9..161fc0c681 100644
--- a/apps/media/js/collection.js
+++ b/apps/media/js/collection.js
@@ -97,13 +97,13 @@ Collection={
if(artist.name && artist.songs.length>0){
var tr=template.clone().removeClass('template');
if(artist.songs.length>1){
- tr.find('td.title a').text(artist.songs.length+' '+t('media','songs'));
- tr.find('td.album a').text(artist.albums.length+' '+t('media','albums'));
+ tr.find('td.title a').html(artist.songs.length+' '+t('media','songs'));
+ tr.find('td.album a').html(artist.albums.length+' '+t('media','albums'));
}else{
- tr.find('td.title a').text(artist.songs[0].name);
- tr.find('td.album a').text(artist.albums[0].name);
+ tr.find('td.title a').html(artist.songs[0].name);
+ tr.find('td.album a').html(artist.albums[0].name);
}
- tr.find('td.artist a').text(artist.name);
+ tr.find('td.artist a').html(artist.name);
tr.data('artistData',artist);
tr.find('td.artist a').click(function(event){
event.preventDefault();
diff --git a/apps/media/lib_scanner.php b/apps/media/lib_scanner.php
index 82170e5ca8..a8218c3a4d 100644
--- a/apps/media/lib_scanner.php
+++ b/apps/media/lib_scanner.php
@@ -79,19 +79,19 @@ class OC_MEDIA_SCANNER{
OCP\Util::writeLog('media',"error reading artist tag in '$file'",OCP\Util::WARN);
$artist='unknown';
}else{
- $artist=strip_tags(stripslashes($data['comments']['artist'][0]));
+ $artist=OCP\Util::sanitizeHTML(stripslashes($data['comments']['artist'][0]));
}
if(!isset($data['comments']['album'])){
OCP\Util::writeLog('media',"error reading album tag in '$file'",OCP\Util::WARN);
$album='unknown';
}else{
- $album=strip_tags(stripslashes($data['comments']['album'][0]));
+ $album=OCP\Util::sanitizeHTML(stripslashes($data['comments']['album'][0]));
}
if(!isset($data['comments']['title'])){
OCP\Util::writeLog('media',"error reading title tag in '$file'",OCP\Util::WARN);
$title='unknown';
}else{
- $title=strip_tags(stripslashes($data['comments']['title'][0]));
+ $title=OCP\Util::sanitizeHTML(stripslashes($data['comments']['title'][0]));
}
$size=$data['filesize'];
if (isset($data['comments']['track']))
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 78bc5b4656..a3117b5a41 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -166,7 +166,9 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
$result[] = OC_LDAP::dn2username($ldap_users[0]);
continue;
} else {
- $result[] = OC_LDAP::dn2username($member);
+ if($ocname = OC_LDAP::dn2username($member)){
+ $result[] = $ocname;
+ }
}
}
if(!$isMemberUid) {
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index befdf267bc..aa104eb512 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -166,11 +166,14 @@ class OC_LDAP {
* @brief returns the internal ownCloud name for the given LDAP DN of the group
* @param $dn the dn of the group object
* @param $ldapname optional, the display name of the object
- * @returns string with with the name to use in ownCloud
+ * @returns string with with the name to use in ownCloud, false on DN outside of search DN
*
* returns the internal ownCloud name for the given LDAP DN of the group
*/
static public function dn2groupname($dn, $ldapname = null) {
+ if(strrpos($dn, self::$ldapBaseGroups) !== (strlen($dn)-strlen(self::$ldapBaseGroups))) {
+ return false;
+ }
return self::dn2ocname($dn, $ldapname, false);
}
@@ -180,9 +183,12 @@ class OC_LDAP {
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud
*
- * returns the internal ownCloud name for the given LDAP DN of the user
+ * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
*/
static public function dn2username($dn, $ldapname = null) {
+ if(strrpos($dn, self::$ldapBaseUsers) !== (strlen($dn)-strlen(self::$ldapBaseUsers))) {
+ return false;
+ }
return self::dn2ocname($dn, $ldapname, true);
}
diff --git a/index.php b/index.php
index 1171c0fe0c..e3c94adf66 100755
--- a/index.php
+++ b/index.php
@@ -122,7 +122,7 @@ elseif(OC_User::isLoggedIn()) {
if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
$sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken;
- $redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
+ $redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
}
}
diff --git a/lib/base.php b/lib/base.php
index db55504117..6e209afebd 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -42,10 +42,6 @@ class OC{
* the owncloud root path for http requests (e.g. owncloud/)
*/
public static $WEBROOT = '';
- /**
- * the folder that stores that data files for the filesystem of the user (e.g. /srv/http/owncloud/data/myusername/files)
- */
- public static $CONFIG_DATADIRECTORY = '';
/**
* The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty)
*/
@@ -349,19 +345,11 @@ class OC{
exit;
}
- // TODO: we should get rid of this one, too
- // WARNING: to make everything even more confusing,
- // DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT
- // stays the same, but is set by "datadirectory".
- // Any questions?
- OC::$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
-
// User and Groups
if( !OC_Config::getValue( "installed", false )){
$_SESSION['user_id'] = '';
}
-
OC_User::useBackend( OC_Config::getValue( "userbackend", "database" ));
OC_Group::useBackend(new OC_Group_Database());
diff --git a/lib/filecache/cached.php b/lib/filecache/cached.php
index a22adad452..17a792a23d 100644
--- a/lib/filecache/cached.php
+++ b/lib/filecache/cached.php
@@ -55,6 +55,9 @@ class OC_FileCache_Cached{
$root=OC_Filesystem::getRoot();
}
$parent=OC_FileCache::getId($path,$root);
+ if($parent==-1){
+ return array();
+ }
$query=OC_DB::prepare('SELECT path,name,ctime,mtime,mimetype,size,encrypted,versioned,writable FROM *PREFIX*fscache WHERE parent=? AND (mimetype LIKE ? OR mimetype = ?)');
$result=$query->execute(array($parent, $mimetype_filter.'%', 'httpd/unix-directory'))->fetchAll();
if(is_array($result)){
diff --git a/lib/files.php b/lib/files.php
index 3ecf08739b..469c3a15b8 100644
--- a/lib/files.php
+++ b/lib/files.php
@@ -30,12 +30,9 @@ class OC_Files {
/**
* get the content of a directory
- * @param dir $directory
+ * @param dir $directory path under datadirectory
*/
public static function getDirectoryContent($directory, $mimetype_filter = ''){
- if(strpos($directory,OC::$CONFIG_DATADIRECTORY)===0){
- $directory=substr($directory,strlen(OC::$CONFIG_DATADIRECTORY));
- }
$files=OC_FileCache::getFolderContent($directory, false, $mimetype_filter);
foreach($files as &$file){
$file['directory']=$directory;
diff --git a/lib/filestorage.php b/lib/filestorage.php
index 71ef4aed00..bf353bb0cc 100644
--- a/lib/filestorage.php
+++ b/lib/filestorage.php
@@ -28,6 +28,7 @@ abstract class OC_Filestorage{
abstract public function mkdir($path);
abstract public function rmdir($path);
abstract public function opendir($path);
+ abstract public function readdir($path);
abstract public function is_dir($path);
abstract public function is_file($path);
abstract public function stat($path);
diff --git a/lib/filestorage/local.php b/lib/filestorage/local.php
index 44a2ab0f63..27794fe17c 100644
--- a/lib/filestorage/local.php
+++ b/lib/filestorage/local.php
@@ -20,6 +20,9 @@ class OC_Filestorage_Local extends OC_Filestorage{
public function opendir($path){
return opendir($this->datadir.$path);
}
+ public function readdir($handle){
+ return readdir($handle);
+ }
public function is_dir($path){
if(substr($path,-1)=='/'){
$path=substr($path,0,-1);
diff --git a/lib/filesystem.php b/lib/filesystem.php
index 89de533d72..0d0943d363 100644
--- a/lib/filesystem.php
+++ b/lib/filesystem.php
@@ -399,6 +399,9 @@ class OC_Filesystem{
static public function opendir($path){
return self::$defaultInstance->opendir($path);
}
+ static public function readdir($path){
+ return self::$defaultInstance->readdir($path);
+ }
static public function is_dir($path){
return self::$defaultInstance->is_dir($path);
}
diff --git a/lib/filesystemview.php b/lib/filesystemview.php
index 813a87cd74..da622bcf92 100644
--- a/lib/filesystemview.php
+++ b/lib/filesystemview.php
@@ -158,6 +158,10 @@ class OC_FilesystemView {
public function opendir($path){
return $this->basicOperation('opendir',$path,array('read'));
}
+ public function readdir($handle){
+ $fsLocal= new OC_Filestorage_Local( array( 'datadir' => '/' ) );
+ return $fsLocal->readdir( $handle );
+ }
public function is_dir($path){
if($path=='/'){
return true;
diff --git a/lib/public/util.php b/lib/public/util.php
index d79d3f26b1..7c0cb66607 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -264,6 +264,18 @@ class Util {
public static function callCheck(){
return(\OC_Util::callCheck());
}
+
+ /**
+ * @brief Used to sanitize HTML
+ *
+ * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
+ *
+ * @param string or array of strings
+ * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+ */
+ public static function sanitizeHTML( $value ){
+ return(\OC_Util::sanitizeHTML($value)); //Specify encoding for PHP<5.4
+ }
}
?>
diff --git a/lib/template.php b/lib/template.php
index 77e9332d5b..8fb0133b28 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -308,28 +308,11 @@ class OC_Template{
* If the key existed before, it will be overwritten
*/
public function assign( $key, $value, $sanitizeHTML=true ){
- if($sanitizeHTML == true) {
- if(is_array($value)) {
- array_walk_recursive($value,'OC_Template::sanitizeHTML');
- } else {
- $value = OC_Template::sanitizeHTML($value);
- }
- }
+ if($sanitizeHTML == true) $value=OC_Util::sanitizeHTML($value);
$this->vars[$key] = $value;
return true;
}
-
- /**
- * @brief Internaly used to sanitze HTML
- *
- * This function is internally used to sanitize HTML.
- */
- private static function sanitizeHTML( &$value ){
- $value = htmlentities( $value , ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
- return $value;
- }
-
/**
* @brief Appends a variable
* @param $key key
diff --git a/lib/user.php b/lib/user.php
index f1903093d6..23b88aa1d0 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -240,13 +240,17 @@ class OC_User {
* Checks if the user is logged in
*/
public static function isLoggedIn(){
+ static $is_login_checked = null;
+ if (!is_null($is_login_checked)) {
+ return $is_login_checked;
+ }
if( isset($_SESSION['user_id']) AND $_SESSION['user_id']) {
OC_App::loadApps(array('authentication'));
if (self::userExists($_SESSION['user_id']) ){
- return true;
+ return $is_login_checked = true;
}
}
- return false;
+ return $is_login_checked = false;
}
/**
diff --git a/lib/util.php b/lib/util.php
index 0266a8ecc5..5492587862 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -19,50 +19,21 @@ class OC_Util {
return false;
}
- $CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
- $CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
-
- // Check if config folder is writable.
- if(!is_writable(OC::$SERVERROOT."/config/")) {
- $tmpl = new OC_Template( '', 'error', 'guest' );
- $tmpl->assign('errors',array(1=>array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud")));
- $tmpl->printPage();
- exit;
- }
-
- // Check if apps folder is writable.
- if(OC_Config::getValue('writable_appsdir', true) && !is_writable(OC::$SERVERROOT."/apps/")) {
- $tmpl = new OC_Template( '', 'error', 'guest' );
- $tmpl->assign('errors',array(1=>array('error'=>"Can't write into apps directory 'apps'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud")));
- $tmpl->printPage();
- exit;
- }
-
- // Create root dir.
- if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){
- $success=@mkdir($CONFIG_DATADIRECTORY_ROOT);
- if(!$success) {
- $tmpl = new OC_Template( '', 'error', 'guest' );
- $tmpl->assign('errors',array(1=>array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY_ROOT.")",'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ")));
- $tmpl->printPage();
- exit;
- }
- }
-
// If we are not forced to load a specific user we load the one that is logged in
if( $user == "" && OC_User::isLoggedIn()){
$user = OC_User::getUser();
}
+ $CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
//first set up the local "root" storage
if(!self::$rootMounted){
- OC_Filesystem::mount('OC_Filestorage_Local',array('datadir'=>$CONFIG_DATADIRECTORY_ROOT),'/');
+ OC_Filesystem::mount('OC_Filestorage_Local',array('datadir'=>$CONFIG_DATADIRECTORY),'/');
self::$rootMounted=true;
}
if( $user != "" ){ //if we aren't logged in, there is no use to set up the filesystem
- OC::$CONFIG_DATADIRECTORY = $CONFIG_DATADIRECTORY_ROOT."/$user/$root";
- if( !is_dir( OC::$CONFIG_DATADIRECTORY )){
- mkdir( OC::$CONFIG_DATADIRECTORY, 0755, true );
+ $userdirectory = $CONFIG_DATADIRECTORY."/$user/$root";
+ if( !is_dir( $userdirectory )){
+ mkdir( $userdirectory, 0755, true );
}
//jail the user into his "home" directory
@@ -71,8 +42,8 @@ class OC_Util {
OC_FileProxy::register($quotaProxy);
self::$fsSetup=true;
// Load personal mount config
- if (is_file($CONFIG_DATADIRECTORY_ROOT.'/'.$user.'/mount.php')) {
- $mountConfig = include($CONFIG_DATADIRECTORY_ROOT.'/'.$user.'/mount.php');
+ if (is_file($CONFIG_DATADIRECTORY.'/'.$user.'/mount.php')) {
+ $mountConfig = include($CONFIG_DATADIRECTORY.'/'.$user.'/mount.php');
if (isset($mountConfig['user'][$user])) {
foreach ($mountConfig['user'][$user] as $mountPoint => $options) {
OC_Filesystem::mount($options['class'], $options['options'], $mountPoint);
@@ -209,9 +180,6 @@ class OC_Util {
* @return array arrays with error messages and hints
*/
public static function checkServer(){
- $CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
- $CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
- $CONFIG_INSTALLED = OC_Config::getValue( "installed", false );
$errors=array();
//check for database drivers
@@ -224,19 +192,31 @@ class OC_Util {
//common hint for all file permissons error messages
$permissionsHint="Permissions can usually be fixed by giving the webserver write access to the ownCloud directory";
+ // Check if config folder is writable.
+ if(!is_writable(OC::$SERVERROOT."/config/")) {
+ $errors[]=array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
+ }
+
+ // Check if apps folder is writable.
+ if(OC_Config::getValue('writable_appsdir', true) && !is_writable(OC::$SERVERROOT."/apps/")) {
+ $errors[]=array('error'=>"Can't write into apps directory 'apps'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
+ }
+
+ $CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
//check for correct file permissions
if(!stristr(PHP_OS, 'WIN')){
$permissionsModHint="Please change the permissions to 0770 so that the directory cannot be listed by other users.";
- $prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY_ROOT)),-3);
+ $prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)),-3);
if(substr($prems,-1)!='0'){
- OC_Helper::chmodr($CONFIG_DATADIRECTORY_ROOT,0770);
+ OC_Helper::chmodr($CONFIG_DATADIRECTORY,0770);
clearstatcache();
- $prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY_ROOT)),-3);
+ $prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)),-3);
if(substr($prems,2,1)!='0'){
- $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') is readable for other users
','hint'=>$permissionsModHint);
+ $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') is readable for other users
','hint'=>$permissionsModHint);
}
}
if( OC_Config::getValue( "enablebackup", false )){
+ $CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
$prems=substr(decoct(@fileperms($CONFIG_BACKUPDIRECTORY)),-3);
if(substr($prems,-1)!='0'){
OC_Helper::chmodr($CONFIG_BACKUPDIRECTORY,0770);
@@ -250,8 +230,14 @@ class OC_Util {
}else{
//TODO: permissions checks for windows hosts
}
- if(is_dir($CONFIG_DATADIRECTORY_ROOT) and !is_writable($CONFIG_DATADIRECTORY_ROOT)){
- $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') not writable by ownCloud
','hint'=>$permissionsHint);
+ // Create root dir.
+ if(!is_dir($CONFIG_DATADIRECTORY)){
+ $success=@mkdir($CONFIG_DATADIRECTORY);
+ if(!$success) {
+ $errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")",'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ");
+ }
+ } else if(!is_writable($CONFIG_DATADIRECTORY)){
+ $errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud
','hint'=>$permissionsHint);
}
// check if all required php modules are present
@@ -370,7 +356,7 @@ class OC_Util {
$_SESSION['requesttoken-'.$token]=time();
// cleanup old tokens garbage collector
- // only run every 20th time so we donīt waste cpu cycles
+ // only run every 20th time so we don't waste cpu cycles
if(rand(0,20)==0) {
foreach($_SESSION as $key=>$value) {
// search all tokens in the session
@@ -426,4 +412,19 @@ class OC_Util {
exit;
}
}
+
+ /**
+ * @brief Public function to sanitize HTML
+ *
+ * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
+ *
+ * @param string or array of strings
+ * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+ */
+ public static function sanitizeHTML( &$value ){
+ if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
+ else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
+ return $value;
+ }
+
}
diff --git a/settings/admin.php b/settings/admin.php
index 4cbd67c367..a997bad4e3 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -23,7 +23,7 @@ function compareEntries($a,$b){
usort($entries, 'compareEntries');
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
-$tmpl->assign('entries',$entries,false);
+$tmpl->assign('entries',$entries);
$tmpl->assign('forms',array());
foreach($forms as $form){
$tmpl->append('forms',$form);
diff --git a/settings/ajax/getlog.php b/settings/ajax/getlog.php
index ed48b2cae1..d9e80de37b 100644
--- a/settings/ajax/getlog.php
+++ b/settings/ajax/getlog.php
@@ -14,4 +14,4 @@ $count=(isset($_GET['count']))?$_GET['count']:50;
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
$entries=OC_Log_Owncloud::getEntries($count,$offset);
-OC_JSON::success(array("data" => $entries));
+OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries)));
diff --git a/settings/js/log.js b/settings/js/log.js
index bde8b8b104..6063c7d9a9 100644
--- a/settings/js/log.js
+++ b/settings/js/log.js
@@ -39,7 +39,7 @@ OC.Log={
row.append(appTd);
var messageTd=$(' | ');
- messageTd.text(entry.message.replace(/, "<").replace(/>/, ">"));
+ messageTd.text(entry.message);
row.append(messageTd);
var timeTd=$(' | ');