Merge branch 'master' into oc_error

This commit is contained in:
Georg Ehrke 2012-06-20 13:29:17 +02:00
commit a054541df4
23 changed files with 155 additions and 121 deletions

View File

@ -1699,5 +1699,7 @@ $(document).ready(function(){
}
$('#contacts_propertymenu_dropdown a').click(propertyMenuItem);
$('#contacts_propertymenu_dropdown a').keydown(propertyMenuItem);
});
Contacts.UI.loadHandlers();
Contacts.UI.Contacts.update();
});

View File

@ -49,6 +49,7 @@ class OC_Filestorage_Archive extends OC_Filestorage_Common{
OC_FakeDirStream::$dirs[$id]=$content;
return opendir('fakedir://'.$id);
}
public function readdir($path){}
public function stat($path){
$ctime=filectime($this->path);
$path=$this->stripPath($path);

View File

@ -139,6 +139,8 @@ class OC_Filestorage_Shared extends OC_Filestorage {
}
}
public function readdir( $path ) {}
public function is_dir($path) {
if ($path == "" || $path == "/") {
return true;

View File

@ -305,46 +305,60 @@ class Storage {
function deleteAll( $directory, $empty = false ) {
if(substr($directory,-1) == "/") {
$directory = substr($directory,0,-1);
// strip leading slash
if( substr( $directory, 0, 1 ) == "/" ) {
$directory = substr( $directory, 1 );
}
if(!file_exists($directory) || !is_dir($directory)) {
// strip trailing slash
if( substr( $directory, -1) == "/" ) {
$directory = substr( $directory, 0, -1 );
}
$view = new \OC_FilesystemView('');
if ( !$view->file_exists( $directory ) || !$view->is_dir( $directory ) ) {
return false;
} elseif(!is_readable($directory)) {
} elseif( !$view->is_readable( $directory ) ) {
return false;
} else {
$directoryHandle = opendir($directory);
$foldername = \OCP\Config::getSystemValue('datadirectory') .'/' . \OCP\USER::getUser() .'/' . $directory; // have to set an absolute path for use with PHP's opendir as OC version doesn't work
while ($contents = readdir($directoryHandle)) {
$directoryHandle = opendir( $foldername );
while ( $contents = $view->readdir( $directoryHandle ) ) {
if ( $contents != '.' && $contents != '..') {
$path = $directory . "/" . $contents;
if( is_dir($path) ) {
if ( $view->is_dir( $path ) ) {
deleteAll( $path );
} else {
unlink($path);
$view->unlink( \OCP\USER::getUser() .'/' . $path ); // TODO: make unlink use same system path as is_dir
}
}
}
closedir( $directoryHandle );
//$view->closedir( $directoryHandle ); // TODO: implement closedir in OC_FSV
if ( $empty == false ) {
if(!rmdir($directory)) {
if ( !$view->rmdir( $directory ) ) {
return false;
@ -357,12 +371,20 @@ class Storage {
}
/*
// FIXME: make this path dynamic
$dir = '/home/samtuke/owncloud/git/oc5/data/admin/versions';
$dir = \OCP\Config::getSystemValue('files_versionsfolder', Storage::DEFAULTFOLDER);
deleteAll( $dir, true );
// if ( deleteAll( $dir, 1 ) ) {
//
// echo "<h1>deleted ok</h1>";
//
// } else {
//
// echo "<h1>not deleted</h1>";
//
// }
( deleteAll( $dir, 1 ) ? return true : return false );
*/
}

View File

@ -97,13 +97,13 @@ Collection={
if(artist.name && artist.songs.length>0){
var tr=template.clone().removeClass('template');
if(artist.songs.length>1){
tr.find('td.title a').text(artist.songs.length+' '+t('media','songs'));
tr.find('td.album a').text(artist.albums.length+' '+t('media','albums'));
tr.find('td.title a').html(artist.songs.length+' '+t('media','songs'));
tr.find('td.album a').html(artist.albums.length+' '+t('media','albums'));
}else{
tr.find('td.title a').text(artist.songs[0].name);
tr.find('td.album a').text(artist.albums[0].name);
tr.find('td.title a').html(artist.songs[0].name);
tr.find('td.album a').html(artist.albums[0].name);
}
tr.find('td.artist a').text(artist.name);
tr.find('td.artist a').html(artist.name);
tr.data('artistData',artist);
tr.find('td.artist a').click(function(event){
event.preventDefault();

View File

@ -79,19 +79,19 @@ class OC_MEDIA_SCANNER{
OCP\Util::writeLog('media',"error reading artist tag in '$file'",OCP\Util::WARN);
$artist='unknown';
}else{
$artist=strip_tags(stripslashes($data['comments']['artist'][0]));
$artist=OCP\Util::sanitizeHTML(stripslashes($data['comments']['artist'][0]));
}
if(!isset($data['comments']['album'])){
OCP\Util::writeLog('media',"error reading album tag in '$file'",OCP\Util::WARN);
$album='unknown';
}else{
$album=strip_tags(stripslashes($data['comments']['album'][0]));
$album=OCP\Util::sanitizeHTML(stripslashes($data['comments']['album'][0]));
}
if(!isset($data['comments']['title'])){
OCP\Util::writeLog('media',"error reading title tag in '$file'",OCP\Util::WARN);
$title='unknown';
}else{
$title=strip_tags(stripslashes($data['comments']['title'][0]));
$title=OCP\Util::sanitizeHTML(stripslashes($data['comments']['title'][0]));
}
$size=$data['filesize'];
if (isset($data['comments']['track']))

View File

@ -166,7 +166,9 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
$result[] = OC_LDAP::dn2username($ldap_users[0]);
continue;
} else {
$result[] = OC_LDAP::dn2username($member);
if($ocname = OC_LDAP::dn2username($member)){
$result[] = $ocname;
}
}
}
if(!$isMemberUid) {

View File

@ -166,11 +166,14 @@ class OC_LDAP {
* @brief returns the internal ownCloud name for the given LDAP DN of the group
* @param $dn the dn of the group object
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud
* @returns string with with the name to use in ownCloud, false on DN outside of search DN
*
* returns the internal ownCloud name for the given LDAP DN of the group
*/
static public function dn2groupname($dn, $ldapname = null) {
if(strrpos($dn, self::$ldapBaseGroups) !== (strlen($dn)-strlen(self::$ldapBaseGroups))) {
return false;
}
return self::dn2ocname($dn, $ldapname, false);
}
@ -180,9 +183,12 @@ class OC_LDAP {
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
*/
static public function dn2username($dn, $ldapname = null) {
if(strrpos($dn, self::$ldapBaseUsers) !== (strlen($dn)-strlen(self::$ldapBaseUsers))) {
return false;
}
return self::dn2ocname($dn, $ldapname, true);
}

View File

@ -122,7 +122,7 @@ elseif(OC_User::isLoggedIn()) {
if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
$sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken;
$redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
$redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
}
}

View File

@ -42,10 +42,6 @@ class OC{
* the owncloud root path for http requests (e.g. owncloud/)
*/
public static $WEBROOT = '';
/**
* the folder that stores that data files for the filesystem of the user (e.g. /srv/http/owncloud/data/myusername/files)
*/
public static $CONFIG_DATADIRECTORY = '';
/**
* The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty)
*/
@ -349,19 +345,11 @@ class OC{
exit;
}
// TODO: we should get rid of this one, too
// WARNING: to make everything even more confusing,
// DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT
// stays the same, but is set by "datadirectory".
// Any questions?
OC::$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
// User and Groups
if( !OC_Config::getValue( "installed", false )){
$_SESSION['user_id'] = '';
}
OC_User::useBackend( OC_Config::getValue( "userbackend", "database" ));
OC_Group::useBackend(new OC_Group_Database());

View File

@ -55,6 +55,9 @@ class OC_FileCache_Cached{
$root=OC_Filesystem::getRoot();
}
$parent=OC_FileCache::getId($path,$root);
if($parent==-1){
return array();
}
$query=OC_DB::prepare('SELECT path,name,ctime,mtime,mimetype,size,encrypted,versioned,writable FROM *PREFIX*fscache WHERE parent=? AND (mimetype LIKE ? OR mimetype = ?)');
$result=$query->execute(array($parent, $mimetype_filter.'%', 'httpd/unix-directory'))->fetchAll();
if(is_array($result)){

View File

@ -30,12 +30,9 @@ class OC_Files {
/**
* get the content of a directory
* @param dir $directory
* @param dir $directory path under datadirectory
*/
public static function getDirectoryContent($directory, $mimetype_filter = ''){
if(strpos($directory,OC::$CONFIG_DATADIRECTORY)===0){
$directory=substr($directory,strlen(OC::$CONFIG_DATADIRECTORY));
}
$files=OC_FileCache::getFolderContent($directory, false, $mimetype_filter);
foreach($files as &$file){
$file['directory']=$directory;

View File

@ -28,6 +28,7 @@ abstract class OC_Filestorage{
abstract public function mkdir($path);
abstract public function rmdir($path);
abstract public function opendir($path);
abstract public function readdir($path);
abstract public function is_dir($path);
abstract public function is_file($path);
abstract public function stat($path);

View File

@ -20,6 +20,9 @@ class OC_Filestorage_Local extends OC_Filestorage{
public function opendir($path){
return opendir($this->datadir.$path);
}
public function readdir($handle){
return readdir($handle);
}
public function is_dir($path){
if(substr($path,-1)=='/'){
$path=substr($path,0,-1);

View File

@ -399,6 +399,9 @@ class OC_Filesystem{
static public function opendir($path){
return self::$defaultInstance->opendir($path);
}
static public function readdir($path){
return self::$defaultInstance->readdir($path);
}
static public function is_dir($path){
return self::$defaultInstance->is_dir($path);
}

View File

@ -158,6 +158,10 @@ class OC_FilesystemView {
public function opendir($path){
return $this->basicOperation('opendir',$path,array('read'));
}
public function readdir($handle){
$fsLocal= new OC_Filestorage_Local( array( 'datadir' => '/' ) );
return $fsLocal->readdir( $handle );
}
public function is_dir($path){
if($path=='/'){
return true;

View File

@ -264,6 +264,18 @@ class Util {
public static function callCheck(){
return(\OC_Util::callCheck());
}
/**
* @brief Used to sanitize HTML
*
* This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
*
* @param string or array of strings
* @return array with sanitized strings or a single sinitized string, depends on the input parameter.
*/
public static function sanitizeHTML( $value ){
return(\OC_Util::sanitizeHTML($value)); //Specify encoding for PHP<5.4
}
}
?>

View File

@ -308,28 +308,11 @@ class OC_Template{
* If the key existed before, it will be overwritten
*/
public function assign( $key, $value, $sanitizeHTML=true ){
if($sanitizeHTML == true) {
if(is_array($value)) {
array_walk_recursive($value,'OC_Template::sanitizeHTML');
} else {
$value = OC_Template::sanitizeHTML($value);
}
}
if($sanitizeHTML == true) $value=OC_Util::sanitizeHTML($value);
$this->vars[$key] = $value;
return true;
}
/**
* @brief Internaly used to sanitze HTML
*
* This function is internally used to sanitize HTML.
*/
private static function sanitizeHTML( &$value ){
$value = htmlentities( $value , ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
return $value;
}
/**
* @brief Appends a variable
* @param $key key

View File

@ -240,13 +240,17 @@ class OC_User {
* Checks if the user is logged in
*/
public static function isLoggedIn(){
static $is_login_checked = null;
if (!is_null($is_login_checked)) {
return $is_login_checked;
}
if( isset($_SESSION['user_id']) AND $_SESSION['user_id']) {
OC_App::loadApps(array('authentication'));
if (self::userExists($_SESSION['user_id']) ){
return true;
return $is_login_checked = true;
}
}
return false;
return $is_login_checked = false;
}
/**

View File

@ -19,50 +19,21 @@ class OC_Util {
return false;
}
$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
// Check if config folder is writable.
if(!is_writable(OC::$SERVERROOT."/config/")) {
$tmpl = new OC_Template( '', 'error', 'guest' );
$tmpl->assign('errors',array(1=>array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud")));
$tmpl->printPage();
exit;
}
// Check if apps folder is writable.
if(OC_Config::getValue('writable_appsdir', true) && !is_writable(OC::$SERVERROOT."/apps/")) {
$tmpl = new OC_Template( '', 'error', 'guest' );
$tmpl->assign('errors',array(1=>array('error'=>"Can't write into apps directory 'apps'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud")));
$tmpl->printPage();
exit;
}
// Create root dir.
if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){
$success=@mkdir($CONFIG_DATADIRECTORY_ROOT);
if(!$success) {
$tmpl = new OC_Template( '', 'error', 'guest' );
$tmpl->assign('errors',array(1=>array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY_ROOT.")",'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ")));
$tmpl->printPage();
exit;
}
}
// If we are not forced to load a specific user we load the one that is logged in
if( $user == "" && OC_User::isLoggedIn()){
$user = OC_User::getUser();
}
$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
//first set up the local "root" storage
if(!self::$rootMounted){
OC_Filesystem::mount('OC_Filestorage_Local',array('datadir'=>$CONFIG_DATADIRECTORY_ROOT),'/');
OC_Filesystem::mount('OC_Filestorage_Local',array('datadir'=>$CONFIG_DATADIRECTORY),'/');
self::$rootMounted=true;
}
if( $user != "" ){ //if we aren't logged in, there is no use to set up the filesystem
OC::$CONFIG_DATADIRECTORY = $CONFIG_DATADIRECTORY_ROOT."/$user/$root";
if( !is_dir( OC::$CONFIG_DATADIRECTORY )){
mkdir( OC::$CONFIG_DATADIRECTORY, 0755, true );
$userdirectory = $CONFIG_DATADIRECTORY."/$user/$root";
if( !is_dir( $userdirectory )){
mkdir( $userdirectory, 0755, true );
}
//jail the user into his "home" directory
@ -71,8 +42,8 @@ class OC_Util {
OC_FileProxy::register($quotaProxy);
self::$fsSetup=true;
// Load personal mount config
if (is_file($CONFIG_DATADIRECTORY_ROOT.'/'.$user.'/mount.php')) {
$mountConfig = include($CONFIG_DATADIRECTORY_ROOT.'/'.$user.'/mount.php');
if (is_file($CONFIG_DATADIRECTORY.'/'.$user.'/mount.php')) {
$mountConfig = include($CONFIG_DATADIRECTORY.'/'.$user.'/mount.php');
if (isset($mountConfig['user'][$user])) {
foreach ($mountConfig['user'][$user] as $mountPoint => $options) {
OC_Filesystem::mount($options['class'], $options['options'], $mountPoint);
@ -209,9 +180,6 @@ class OC_Util {
* @return array arrays with error messages and hints
*/
public static function checkServer(){
$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
$CONFIG_INSTALLED = OC_Config::getValue( "installed", false );
$errors=array();
//check for database drivers
@ -224,19 +192,31 @@ class OC_Util {
//common hint for all file permissons error messages
$permissionsHint="Permissions can usually be fixed by giving the webserver write access to the ownCloud directory";
// Check if config folder is writable.
if(!is_writable(OC::$SERVERROOT."/config/")) {
$errors[]=array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
}
// Check if apps folder is writable.
if(OC_Config::getValue('writable_appsdir', true) && !is_writable(OC::$SERVERROOT."/apps/")) {
$errors[]=array('error'=>"Can't write into apps directory 'apps'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
}
$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
//check for correct file permissions
if(!stristr(PHP_OS, 'WIN')){
$permissionsModHint="Please change the permissions to 0770 so that the directory cannot be listed by other users.";
$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY_ROOT)),-3);
$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)),-3);
if(substr($prems,-1)!='0'){
OC_Helper::chmodr($CONFIG_DATADIRECTORY_ROOT,0770);
OC_Helper::chmodr($CONFIG_DATADIRECTORY,0770);
clearstatcache();
$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY_ROOT)),-3);
$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)),-3);
if(substr($prems,2,1)!='0'){
$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') is readable for other users<br/>','hint'=>$permissionsModHint);
$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') is readable for other users<br/>','hint'=>$permissionsModHint);
}
}
if( OC_Config::getValue( "enablebackup", false )){
$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
$prems=substr(decoct(@fileperms($CONFIG_BACKUPDIRECTORY)),-3);
if(substr($prems,-1)!='0'){
OC_Helper::chmodr($CONFIG_BACKUPDIRECTORY,0770);
@ -250,8 +230,14 @@ class OC_Util {
}else{
//TODO: permissions checks for windows hosts
}
if(is_dir($CONFIG_DATADIRECTORY_ROOT) and !is_writable($CONFIG_DATADIRECTORY_ROOT)){
$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') not writable by ownCloud<br/>','hint'=>$permissionsHint);
// Create root dir.
if(!is_dir($CONFIG_DATADIRECTORY)){
$success=@mkdir($CONFIG_DATADIRECTORY);
if(!$success) {
$errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")",'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ");
}
} else if(!is_writable($CONFIG_DATADIRECTORY)){
$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud<br/>','hint'=>$permissionsHint);
}
// check if all required php modules are present
@ -370,7 +356,7 @@ class OC_Util {
$_SESSION['requesttoken-'.$token]=time();
// cleanup old tokens garbage collector
// only run every 20th time so we don´t waste cpu cycles
// only run every 20th time so we don't waste cpu cycles
if(rand(0,20)==0) {
foreach($_SESSION as $key=>$value) {
// search all tokens in the session
@ -426,4 +412,19 @@ class OC_Util {
exit;
}
}
/**
* @brief Public function to sanitize HTML
*
* This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
*
* @param string or array of strings
* @return array with sanitized strings or a single sinitized string, depends on the input parameter.
*/
public static function sanitizeHTML( &$value ){
if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
return $value;
}
}

View File

@ -23,7 +23,7 @@ function compareEntries($a,$b){
usort($entries, 'compareEntries');
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
$tmpl->assign('entries',$entries,false);
$tmpl->assign('entries',$entries);
$tmpl->assign('forms',array());
foreach($forms as $form){
$tmpl->append('forms',$form);

View File

@ -14,4 +14,4 @@ $count=(isset($_GET['count']))?$_GET['count']:50;
$offset=(isset($_GET['offset']))?$_GET['offset']:0;
$entries=OC_Log_Owncloud::getEntries($count,$offset);
OC_JSON::success(array("data" => $entries));
OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries)));

View File

@ -39,7 +39,7 @@ OC.Log={
row.append(appTd);
var messageTd=$('<td/>');
messageTd.text(entry.message.replace(/</, "&lt;").replace(/>/, "&gt;"));
messageTd.text(entry.message);
row.append(messageTd);
var timeTd=$('<td/>');