Merge branch 'master' into calendar_export
This commit is contained in:
commit
c24752dc1d
|
@ -0,0 +1,21 @@
|
|||
The MIT License
|
||||
|
||||
Copyright (c) 2007 Andy Smith
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
|
@ -0,0 +1,751 @@
|
|||
<?php
|
||||
// vim: foldmethod=marker
|
||||
|
||||
/* Generic exception class
|
||||
*/
|
||||
class OAuthException extends Exception {/*{{{*/
|
||||
// pass
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthConsumer {/*{{{*/
|
||||
public $key;
|
||||
public $secret;
|
||||
|
||||
public function __construct($key, $secret, $callback_url=NULL) {/*{{{*/
|
||||
$this->key = $key;
|
||||
$this->secret = $secret;
|
||||
$this->callback_url = $callback_url;
|
||||
}/*}}}*/
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthToken {/*{{{*/
|
||||
// access tokens and request tokens
|
||||
public $key;
|
||||
public $secret;
|
||||
|
||||
/**
|
||||
* key = the token
|
||||
* secret = the token secret
|
||||
*/
|
||||
function __construct($key, $secret) {/*{{{*/
|
||||
$this->key = $key;
|
||||
$this->secret = $secret;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* generates the basic string serialization of a token that a server
|
||||
* would respond to request_token and access_token calls with
|
||||
*/
|
||||
function to_string() {/*{{{*/
|
||||
return "oauth_token=" . OAuthUtil::urlencodeRFC3986($this->key) .
|
||||
"&oauth_token_secret=" . OAuthUtil::urlencodeRFC3986($this->secret);
|
||||
}/*}}}*/
|
||||
|
||||
function __toString() {/*{{{*/
|
||||
return $this->to_string();
|
||||
}/*}}}*/
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthSignatureMethod {/*{{{*/
|
||||
public function check_signature(&$request, $consumer, $token, $signature) {
|
||||
$built = $this->build_signature($request, $consumer, $token);
|
||||
return $built == $signature;
|
||||
}
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {/*{{{*/
|
||||
function get_name() {/*{{{*/
|
||||
return "HMAC-SHA1";
|
||||
}/*}}}*/
|
||||
|
||||
public function build_signature($request, $consumer, $token, $privKey=NULL) {/*{{{*/
|
||||
$base_string = $request->get_signature_base_string();
|
||||
$request->base_string = $base_string;
|
||||
|
||||
$key_parts = array(
|
||||
$consumer->secret,
|
||||
($token) ? $token->secret : ""
|
||||
);
|
||||
|
||||
$key_parts = array_map(array('OAuthUtil','urlencodeRFC3986'), $key_parts);
|
||||
$key = implode('&', $key_parts);
|
||||
|
||||
return base64_encode( hash_hmac('sha1', $base_string, $key, true));
|
||||
}/*}}}*/
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {/*{{{*/
|
||||
public function get_name() {/*{{{*/
|
||||
return "RSA-SHA1";
|
||||
}/*}}}*/
|
||||
|
||||
protected function fetch_public_cert(&$request) {/*{{{*/
|
||||
// not implemented yet, ideas are:
|
||||
// (1) do a lookup in a table of trusted certs keyed off of consumer
|
||||
// (2) fetch via http using a url provided by the requester
|
||||
// (3) some sort of specific discovery code based on request
|
||||
//
|
||||
// either way should return a string representation of the certificate
|
||||
throw Exception("fetch_public_cert not implemented");
|
||||
}/*}}}*/
|
||||
|
||||
protected function fetch_private_cert($privKey) {//&$request) {/*{{{*/
|
||||
// not implemented yet, ideas are:
|
||||
// (1) do a lookup in a table of trusted certs keyed off of consumer
|
||||
//
|
||||
// either way should return a string representation of the certificate
|
||||
throw Exception("fetch_private_cert not implemented");
|
||||
}/*}}}*/
|
||||
|
||||
public function build_signature(&$request, $consumer, $token, $privKey) {/*{{{*/
|
||||
$base_string = $request->get_signature_base_string();
|
||||
|
||||
// Fetch the private key cert based on the request
|
||||
//$cert = $this->fetch_private_cert($consumer->privKey);
|
||||
|
||||
//Pull the private key ID from the certificate
|
||||
//$privatekeyid = openssl_get_privatekey($cert);
|
||||
|
||||
// hacked in
|
||||
if ($privKey == '') {
|
||||
$fp = fopen($GLOBALS['PRIV_KEY_FILE'], "r");
|
||||
$privKey = fread($fp, 8192);
|
||||
fclose($fp);
|
||||
}
|
||||
$privatekeyid = openssl_get_privatekey($privKey);
|
||||
|
||||
//Check the computer signature against the one passed in the query
|
||||
$ok = openssl_sign($base_string, $signature, $privatekeyid);
|
||||
|
||||
//Release the key resource
|
||||
openssl_free_key($privatekeyid);
|
||||
|
||||
return base64_encode($signature);
|
||||
} /*}}}*/
|
||||
|
||||
public function check_signature(&$request, $consumer, $token, $signature) {/*{{{*/
|
||||
$decoded_sig = base64_decode($signature);
|
||||
|
||||
$base_string = $request->get_signature_base_string();
|
||||
|
||||
// Fetch the public key cert based on the request
|
||||
$cert = $this->fetch_public_cert($request);
|
||||
|
||||
//Pull the public key ID from the certificate
|
||||
$publickeyid = openssl_get_publickey($cert);
|
||||
|
||||
//Check the computer signature against the one passed in the query
|
||||
$ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
|
||||
|
||||
//Release the key resource
|
||||
openssl_free_key($publickeyid);
|
||||
|
||||
return $ok == 1;
|
||||
} /*}}}*/
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthRequest {/*{{{*/
|
||||
private $parameters;
|
||||
private $http_method;
|
||||
private $http_url;
|
||||
// for debug purposes
|
||||
public $base_string;
|
||||
public static $version = '1.0';
|
||||
|
||||
function __construct($http_method, $http_url, $parameters=NULL) {/*{{{*/
|
||||
@$parameters or $parameters = array();
|
||||
$this->parameters = $parameters;
|
||||
$this->http_method = $http_method;
|
||||
$this->http_url = $http_url;
|
||||
}/*}}}*/
|
||||
|
||||
|
||||
/**
|
||||
* attempt to build up a request from what was passed to the server
|
||||
*/
|
||||
public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) {/*{{{*/
|
||||
$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https';
|
||||
@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
||||
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
$request_headers = OAuthRequest::get_headers();
|
||||
|
||||
// let the library user override things however they'd like, if they know
|
||||
// which parameters to use then go for it, for example XMLRPC might want to
|
||||
// do this
|
||||
if ($parameters) {
|
||||
$req = new OAuthRequest($http_method, $http_url, $parameters);
|
||||
}
|
||||
// next check for the auth header, we need to do some extra stuff
|
||||
// if that is the case, namely suck in the parameters from GET or POST
|
||||
// so that we can include them in the signature
|
||||
else if (@substr($request_headers['Authorization'], 0, 5) == "OAuth") {
|
||||
$header_parameters = OAuthRequest::split_header($request_headers['Authorization']);
|
||||
if ($http_method == "GET") {
|
||||
$req_parameters = $_GET;
|
||||
}
|
||||
else if ($http_method = "POST") {
|
||||
$req_parameters = $_POST;
|
||||
}
|
||||
$parameters = array_merge($header_parameters, $req_parameters);
|
||||
$req = new OAuthRequest($http_method, $http_url, $parameters);
|
||||
}
|
||||
else if ($http_method == "GET") {
|
||||
$req = new OAuthRequest($http_method, $http_url, $_GET);
|
||||
}
|
||||
else if ($http_method == "POST") {
|
||||
$req = new OAuthRequest($http_method, $http_url, $_POST);
|
||||
}
|
||||
return $req;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* pretty much a helper function to set up the request
|
||||
*/
|
||||
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {/*{{{*/
|
||||
@$parameters or $parameters = array();
|
||||
$defaults = array("oauth_version" => OAuthRequest::$version,
|
||||
"oauth_nonce" => OAuthRequest::generate_nonce(),
|
||||
"oauth_timestamp" => OAuthRequest::generate_timestamp(),
|
||||
"oauth_consumer_key" => $consumer->key);
|
||||
$parameters = array_merge($defaults, $parameters);
|
||||
|
||||
if ($token) {
|
||||
$parameters['oauth_token'] = $token->key;
|
||||
}
|
||||
|
||||
// oauth v1.0a
|
||||
/*if (isset($_REQUEST['oauth_verifier'])) {
|
||||
$parameters['oauth_verifier'] = $_REQUEST['oauth_verifier'];
|
||||
}*/
|
||||
|
||||
|
||||
return new OAuthRequest($http_method, $http_url, $parameters);
|
||||
}/*}}}*/
|
||||
|
||||
public function set_parameter($name, $value) {/*{{{*/
|
||||
$this->parameters[$name] = $value;
|
||||
}/*}}}*/
|
||||
|
||||
public function get_parameter($name) {/*{{{*/
|
||||
return $this->parameters[$name];
|
||||
}/*}}}*/
|
||||
|
||||
public function get_parameters() {/*{{{*/
|
||||
return $this->parameters;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* Returns the normalized parameters of the request
|
||||
*
|
||||
* This will be all (except oauth_signature) parameters,
|
||||
* sorted first by key, and if duplicate keys, then by
|
||||
* value.
|
||||
*
|
||||
* The returned string will be all the key=value pairs
|
||||
* concated by &.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function get_signable_parameters() {/*{{{*/
|
||||
// Grab all parameters
|
||||
$params = $this->parameters;
|
||||
|
||||
// Remove oauth_signature if present
|
||||
if (isset($params['oauth_signature'])) {
|
||||
unset($params['oauth_signature']);
|
||||
}
|
||||
|
||||
// Urlencode both keys and values
|
||||
$keys = array_map(array('OAuthUtil', 'urlencodeRFC3986'), array_keys($params));
|
||||
$values = array_map(array('OAuthUtil', 'urlencodeRFC3986'), array_values($params));
|
||||
$params = array_combine($keys, $values);
|
||||
|
||||
// Sort by keys (natsort)
|
||||
uksort($params, 'strnatcmp');
|
||||
|
||||
if(isset($params['title']) && isset($params['title-exact'])) {
|
||||
$temp = $params['title-exact'];
|
||||
$title = $params['title'];
|
||||
|
||||
unset($params['title']);
|
||||
unset($params['title-exact']);
|
||||
|
||||
$params['title-exact'] = $temp;
|
||||
$params['title'] = $title;
|
||||
}
|
||||
|
||||
// Generate key=value pairs
|
||||
$pairs = array();
|
||||
foreach ($params as $key=>$value ) {
|
||||
if (is_array($value)) {
|
||||
// If the value is an array, it's because there are multiple
|
||||
// with the same key, sort them, then add all the pairs
|
||||
natsort($value);
|
||||
foreach ($value as $v2) {
|
||||
$pairs[] = $key . '=' . $v2;
|
||||
}
|
||||
} else {
|
||||
$pairs[] = $key . '=' . $value;
|
||||
}
|
||||
}
|
||||
|
||||
// Return the pairs, concated with &
|
||||
return implode('&', $pairs);
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* Returns the base string of this request
|
||||
*
|
||||
* The base string defined as the method, the url
|
||||
* and the parameters (normalized), each urlencoded
|
||||
* and the concated with &.
|
||||
*/
|
||||
public function get_signature_base_string() {/*{{{*/
|
||||
$parts = array(
|
||||
$this->get_normalized_http_method(),
|
||||
$this->get_normalized_http_url(),
|
||||
$this->get_signable_parameters()
|
||||
);
|
||||
|
||||
$parts = array_map(array('OAuthUtil', 'urlencodeRFC3986'), $parts);
|
||||
|
||||
return implode('&', $parts);
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* just uppercases the http method
|
||||
*/
|
||||
public function get_normalized_http_method() {/*{{{*/
|
||||
return strtoupper($this->http_method);
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* parses the url and rebuilds it to be
|
||||
* scheme://host/path
|
||||
*/
|
||||
public function get_normalized_http_url() {
|
||||
$parts = parse_url($this->http_url);
|
||||
|
||||
$scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
|
||||
$port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
|
||||
$host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
|
||||
$path = (isset($parts['path'])) ? $parts['path'] : '';
|
||||
|
||||
if (($scheme == 'https' && $port != '443')
|
||||
|| ($scheme == 'http' && $port != '80')) {
|
||||
$host = "$host:$port";
|
||||
}
|
||||
return "$scheme://$host$path";
|
||||
}
|
||||
|
||||
/**
|
||||
* builds a url usable for a GET request
|
||||
*/
|
||||
public function to_url() {/*{{{*/
|
||||
$out = $this->get_normalized_http_url() . "?";
|
||||
$out .= $this->to_postdata();
|
||||
return $out;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* builds the data one would send in a POST request
|
||||
*/
|
||||
public function to_postdata() {/*{{{*/
|
||||
$total = array();
|
||||
foreach ($this->parameters as $k => $v) {
|
||||
$total[] = OAuthUtil::urlencodeRFC3986($k) . "=" . OAuthUtil::urlencodeRFC3986($v);
|
||||
}
|
||||
$out = implode("&", $total);
|
||||
return $out;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* builds the Authorization: header
|
||||
*/
|
||||
public function to_header() {/*{{{*/
|
||||
$out ='Authorization: OAuth ';
|
||||
$total = array();
|
||||
|
||||
/*
|
||||
$sig = $this->parameters['oauth_signature'];
|
||||
unset($this->parameters['oauth_signature']);
|
||||
uksort($this->parameters, 'strnatcmp');
|
||||
$this->parameters['oauth_signature'] = $sig;
|
||||
*/
|
||||
|
||||
foreach ($this->parameters as $k => $v) {
|
||||
if (substr($k, 0, 5) != "oauth") continue;
|
||||
$out .= OAuthUtil::urlencodeRFC3986($k) . '="' . OAuthUtil::urlencodeRFC3986($v) . '", ';
|
||||
}
|
||||
$out = substr_replace($out, '', strlen($out) - 2);
|
||||
|
||||
return $out;
|
||||
}/*}}}*/
|
||||
|
||||
public function __toString() {/*{{{*/
|
||||
return $this->to_url();
|
||||
}/*}}}*/
|
||||
|
||||
|
||||
public function sign_request($signature_method, $consumer, $token, $privKey=NULL) {/*{{{*/
|
||||
$this->set_parameter("oauth_signature_method", $signature_method->get_name());
|
||||
$signature = $this->build_signature($signature_method, $consumer, $token, $privKey);
|
||||
$this->set_parameter("oauth_signature", $signature);
|
||||
}/*}}}*/
|
||||
|
||||
public function build_signature($signature_method, $consumer, $token, $privKey=NULL) {/*{{{*/
|
||||
$signature = $signature_method->build_signature($this, $consumer, $token, $privKey);
|
||||
return $signature;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* util function: current timestamp
|
||||
*/
|
||||
private static function generate_timestamp() {/*{{{*/
|
||||
return time();
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* util function: current nonce
|
||||
*/
|
||||
private static function generate_nonce() {/*{{{*/
|
||||
$mt = microtime();
|
||||
$rand = mt_rand();
|
||||
|
||||
return md5($mt . $rand); // md5s look nicer than numbers
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* util function for turning the Authorization: header into
|
||||
* parameters, has to do some unescaping
|
||||
*/
|
||||
private static function split_header($header) {/*{{{*/
|
||||
// this should be a regex
|
||||
// error cases: commas in parameter values
|
||||
$parts = explode(",", $header);
|
||||
$out = array();
|
||||
foreach ($parts as $param) {
|
||||
$param = ltrim($param);
|
||||
// skip the "realm" param, nobody ever uses it anyway
|
||||
if (substr($param, 0, 5) != "oauth") continue;
|
||||
|
||||
$param_parts = explode("=", $param);
|
||||
|
||||
// rawurldecode() used because urldecode() will turn a "+" in the
|
||||
// value into a space
|
||||
$out[$param_parts[0]] = rawurldecode(substr($param_parts[1], 1, -1));
|
||||
}
|
||||
return $out;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* helper to try to sort out headers for people who aren't running apache
|
||||
*/
|
||||
private static function get_headers() {/*{{{*/
|
||||
if (function_exists('apache_request_headers')) {
|
||||
// we need this to get the actual Authorization: header
|
||||
// because apache tends to tell us it doesn't exist
|
||||
return apache_request_headers();
|
||||
}
|
||||
// otherwise we don't have apache and are just going to have to hope
|
||||
// that $_SERVER actually contains what we need
|
||||
$out = array();
|
||||
foreach ($_SERVER as $key => $value) {
|
||||
if (substr($key, 0, 5) == "HTTP_") {
|
||||
// this is chaos, basically it is just there to capitalize the first
|
||||
// letter of every word that is not an initial HTTP and strip HTTP
|
||||
// code from przemek
|
||||
$key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))));
|
||||
$out[$key] = $value;
|
||||
}
|
||||
}
|
||||
return $out;
|
||||
}/*}}}*/
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthServer {/*{{{*/
|
||||
protected $timestamp_threshold = 300; // in seconds, five minutes
|
||||
protected $version = 1.0; // hi blaine
|
||||
protected $signature_methods = array();
|
||||
|
||||
protected $data_store;
|
||||
|
||||
function __construct($data_store) {/*{{{*/
|
||||
$this->data_store = $data_store;
|
||||
}/*}}}*/
|
||||
|
||||
public function add_signature_method($signature_method) {/*{{{*/
|
||||
$this->signature_methods[$signature_method->get_name()] =
|
||||
$signature_method;
|
||||
}/*}}}*/
|
||||
|
||||
// high level functions
|
||||
|
||||
/**
|
||||
* process a request_token request
|
||||
* returns the request token on success
|
||||
*/
|
||||
public function fetch_request_token(&$request) {/*{{{*/
|
||||
$this->get_version($request);
|
||||
|
||||
$consumer = $this->get_consumer($request);
|
||||
|
||||
// no token required for the initial token request
|
||||
$token = NULL;
|
||||
|
||||
$this->check_signature($request, $consumer, $token);
|
||||
|
||||
$new_token = $this->data_store->new_request_token($consumer);
|
||||
|
||||
return $new_token;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* process an access_token request
|
||||
* returns the access token on success
|
||||
*/
|
||||
public function fetch_access_token(&$request) {/*{{{*/
|
||||
$this->get_version($request);
|
||||
|
||||
$consumer = $this->get_consumer($request);
|
||||
|
||||
// requires authorized request token
|
||||
$token = $this->get_token($request, $consumer, "request");
|
||||
|
||||
$this->check_signature($request, $consumer, $token);
|
||||
|
||||
$new_token = $this->data_store->new_access_token($token, $consumer);
|
||||
|
||||
return $new_token;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* verify an api call, checks all the parameters
|
||||
*/
|
||||
public function verify_request(&$request) {/*{{{*/
|
||||
$this->get_version($request);
|
||||
$consumer = $this->get_consumer($request);
|
||||
$token = $this->get_token($request, $consumer, "access");
|
||||
$this->check_signature($request, $consumer, $token);
|
||||
return array($consumer, $token);
|
||||
}/*}}}*/
|
||||
|
||||
// Internals from here
|
||||
/**
|
||||
* version 1
|
||||
*/
|
||||
private function get_version(&$request) {/*{{{*/
|
||||
$version = $request->get_parameter("oauth_version");
|
||||
if (!$version) {
|
||||
$version = 1.0;
|
||||
}
|
||||
if ($version && $version != $this->version) {
|
||||
throw new OAuthException("OAuth version '$version' not supported");
|
||||
}
|
||||
return $version;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* figure out the signature with some defaults
|
||||
*/
|
||||
private function get_signature_method(&$request) {/*{{{*/
|
||||
$signature_method =
|
||||
@$request->get_parameter("oauth_signature_method");
|
||||
if (!$signature_method) {
|
||||
$signature_method = "PLAINTEXT";
|
||||
}
|
||||
if (!in_array($signature_method,
|
||||
array_keys($this->signature_methods))) {
|
||||
throw new OAuthException(
|
||||
"Signature method '$signature_method' not supported try one of the following: " . implode(", ", array_keys($this->signature_methods))
|
||||
);
|
||||
}
|
||||
return $this->signature_methods[$signature_method];
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* try to find the consumer for the provided request's consumer key
|
||||
*/
|
||||
private function get_consumer(&$request) {/*{{{*/
|
||||
$consumer_key = @$request->get_parameter("oauth_consumer_key");
|
||||
if (!$consumer_key) {
|
||||
throw new OAuthException("Invalid consumer key");
|
||||
}
|
||||
|
||||
$consumer = $this->data_store->lookup_consumer($consumer_key);
|
||||
if (!$consumer) {
|
||||
throw new OAuthException("Invalid consumer");
|
||||
}
|
||||
|
||||
return $consumer;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* try to find the token for the provided request's token key
|
||||
*/
|
||||
private function get_token(&$request, $consumer, $token_type="access") {/*{{{*/
|
||||
$token_field = @$request->get_parameter('oauth_token');
|
||||
$token = $this->data_store->lookup_token(
|
||||
$consumer, $token_type, $token_field
|
||||
);
|
||||
if (!$token) {
|
||||
throw new OAuthException("Invalid $token_type token: $token_field");
|
||||
}
|
||||
return $token;
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* all-in-one function to check the signature on a request
|
||||
* should guess the signature method appropriately
|
||||
*/
|
||||
private function check_signature(&$request, $consumer, $token) {/*{{{*/
|
||||
// this should probably be in a different method
|
||||
$timestamp = @$request->get_parameter('oauth_timestamp');
|
||||
$nonce = @$request->get_parameter('oauth_nonce');
|
||||
|
||||
$this->check_timestamp($timestamp);
|
||||
$this->check_nonce($consumer, $token, $nonce, $timestamp);
|
||||
|
||||
$signature_method = $this->get_signature_method($request);
|
||||
|
||||
$signature = $request->get_parameter('oauth_signature');
|
||||
$valid_sig = $signature_method->check_signature(
|
||||
$request,
|
||||
$consumer,
|
||||
$token,
|
||||
$signature
|
||||
);
|
||||
|
||||
if (!$valid_sig) {
|
||||
throw new OAuthException("Invalid signature");
|
||||
}
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* check that the timestamp is new enough
|
||||
*/
|
||||
private function check_timestamp($timestamp) {/*{{{*/
|
||||
// verify that timestamp is recentish
|
||||
$now = time();
|
||||
if ($now - $timestamp > $this->timestamp_threshold) {
|
||||
throw new OAuthException("Expired timestamp, yours $timestamp, ours $now");
|
||||
}
|
||||
}/*}}}*/
|
||||
|
||||
/**
|
||||
* check that the nonce is not repeated
|
||||
*/
|
||||
private function check_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
|
||||
// verify that the nonce is uniqueish
|
||||
$found = $this->data_store->lookup_nonce($consumer, $token, $nonce, $timestamp);
|
||||
if ($found) {
|
||||
throw new OAuthException("Nonce already used: $nonce");
|
||||
}
|
||||
}/*}}}*/
|
||||
|
||||
|
||||
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthDataStore {/*{{{*/
|
||||
function lookup_consumer($consumer_key) {/*{{{*/
|
||||
// implement me
|
||||
}/*}}}*/
|
||||
|
||||
function lookup_token($consumer, $token_type, $token) {/*{{{*/
|
||||
// implement me
|
||||
}/*}}}*/
|
||||
|
||||
function lookup_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
|
||||
// implement me
|
||||
}/*}}}*/
|
||||
|
||||
function fetch_request_token($consumer) {/*{{{*/
|
||||
// return a new token attached to this consumer
|
||||
}/*}}}*/
|
||||
|
||||
function fetch_access_token($token, $consumer) {/*{{{*/
|
||||
// return a new access token attached to this consumer
|
||||
// for the user associated with this token if the request token
|
||||
// is authorized
|
||||
// should also invalidate the request token
|
||||
}/*}}}*/
|
||||
|
||||
}/*}}}*/
|
||||
|
||||
|
||||
/* A very naive dbm-based oauth storage
|
||||
*/
|
||||
class SimpleOAuthDataStore extends OAuthDataStore {/*{{{*/
|
||||
private $dbh;
|
||||
|
||||
function __construct($path = "oauth.gdbm") {/*{{{*/
|
||||
$this->dbh = dba_popen($path, 'c', 'gdbm');
|
||||
}/*}}}*/
|
||||
|
||||
function __destruct() {/*{{{*/
|
||||
dba_close($this->dbh);
|
||||
}/*}}}*/
|
||||
|
||||
function lookup_consumer($consumer_key) {/*{{{*/
|
||||
$rv = dba_fetch("consumer_$consumer_key", $this->dbh);
|
||||
if ($rv === FALSE) {
|
||||
return NULL;
|
||||
}
|
||||
$obj = unserialize($rv);
|
||||
if (!($obj instanceof OAuthConsumer)) {
|
||||
return NULL;
|
||||
}
|
||||
return $obj;
|
||||
}/*}}}*/
|
||||
|
||||
function lookup_token($consumer, $token_type, $token) {/*{{{*/
|
||||
$rv = dba_fetch("${token_type}_${token}", $this->dbh);
|
||||
if ($rv === FALSE) {
|
||||
return NULL;
|
||||
}
|
||||
$obj = unserialize($rv);
|
||||
if (!($obj instanceof OAuthToken)) {
|
||||
return NULL;
|
||||
}
|
||||
return $obj;
|
||||
}/*}}}*/
|
||||
|
||||
function lookup_nonce($consumer, $token, $nonce, $timestamp) {/*{{{*/
|
||||
return dba_exists("nonce_$nonce", $this->dbh);
|
||||
}/*}}}*/
|
||||
|
||||
function new_token($consumer, $type="request") {/*{{{*/
|
||||
$key = md5(time());
|
||||
$secret = time() + time();
|
||||
$token = new OAuthToken($key, md5(md5($secret)));
|
||||
if (!dba_insert("${type}_$key", serialize($token), $this->dbh)) {
|
||||
throw new OAuthException("doooom!");
|
||||
}
|
||||
return $token;
|
||||
}/*}}}*/
|
||||
|
||||
function new_request_token($consumer) {/*{{{*/
|
||||
return $this->new_token($consumer, "request");
|
||||
}/*}}}*/
|
||||
|
||||
function new_access_token($token, $consumer) {/*{{{*/
|
||||
|
||||
$token = $this->new_token($consumer, 'access');
|
||||
dba_delete("request_" . $token->key, $this->dbh);
|
||||
return $token;
|
||||
}/*}}}*/
|
||||
}/*}}}*/
|
||||
|
||||
class OAuthUtil {/*{{{*/
|
||||
public static function urlencodeRFC3986($string) {/*{{{*/
|
||||
return str_replace('%7E', '~', rawurlencode($string));
|
||||
}/*}}}*/
|
||||
|
||||
public static function urldecodeRFC3986($string) {/*{{{*/
|
||||
return rawurldecode($string);
|
||||
}/*}}}*/
|
||||
}/*}}}*/
|
||||
|
||||
?>
|
|
@ -0,0 +1,185 @@
|
|||
<?php
|
||||
/* Copyright (c) 2009 Google Inc.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* Author: Eric Bidelman <e.bidelman@google.com>
|
||||
*/
|
||||
|
||||
$PRIV_KEY_FILE = '/path/to/your/rsa_private_key.pem';
|
||||
|
||||
// OAuth library - http://oauth.googlecode.com/svn/code/php/
|
||||
require_once('OAuth.php');
|
||||
|
||||
// Google's accepted signature methods
|
||||
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
|
||||
$rsa_method = new OAuthSignatureMethod_RSA_SHA1();
|
||||
$SIG_METHODS = array($rsa_method->get_name() => $rsa_method,
|
||||
$hmac_method->get_name() => $hmac_method);
|
||||
|
||||
/**
|
||||
* Makes an HTTP request to the specified URL
|
||||
*
|
||||
* @param string $http_method The HTTP method (GET, POST, PUT, DELETE)
|
||||
* @param string $url Full URL of the resource to access
|
||||
* @param array $extraHeaders (optional) Additional headers to include in each
|
||||
* request. Elements are header/value pair strings ('Host: example.com')
|
||||
* @param string $postData (optional) POST/PUT request body
|
||||
* @param bool $returnResponseHeaders True if resp. headers should be returned.
|
||||
* @return string Response body from the server
|
||||
*/
|
||||
function send_signed_request($http_method, $url, $extraHeaders=null,
|
||||
$postData=null, $returnResponseHeaders=true) {
|
||||
$curl = curl_init($url);
|
||||
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($curl, CURLOPT_FAILONERROR, false);
|
||||
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
|
||||
|
||||
// Return request headers in the reponse
|
||||
// curl_setopt($curl, CURLINFO_HEADER_OUT, true);
|
||||
|
||||
// Return response headers ni the response?
|
||||
if ($returnResponseHeaders) {
|
||||
curl_setopt($curl, CURLOPT_HEADER, true);
|
||||
}
|
||||
|
||||
$headers = array();
|
||||
//$headers[] = 'GData-Version: 2.0'; // use GData v2 by default
|
||||
if (is_array($extraHeaders)) {
|
||||
$headers = array_merge($headers, $extraHeaders);
|
||||
}
|
||||
|
||||
// Setup default curl options for each type of HTTP request.
|
||||
// This is also a great place to add additional headers for each request.
|
||||
switch($http_method) {
|
||||
case 'GET':
|
||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
|
||||
break;
|
||||
case 'POST':
|
||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
|
||||
curl_setopt($curl, CURLOPT_POST, 1);
|
||||
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
|
||||
break;
|
||||
case 'PUT':
|
||||
$headers[] = 'If-Match: *';
|
||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
|
||||
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $http_method);
|
||||
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
|
||||
break;
|
||||
case 'DELETE':
|
||||
$headers[] = 'If-Match: *';
|
||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
|
||||
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $http_method);
|
||||
break;
|
||||
default:
|
||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
|
||||
}
|
||||
|
||||
// Execute the request. If an error occures, fill the response body with it.
|
||||
$response = curl_exec($curl);
|
||||
if (!$response) {
|
||||
$response = curl_error($curl);
|
||||
}
|
||||
|
||||
// Add server's response headers to our response body
|
||||
$response = curl_getinfo($curl, CURLINFO_HEADER_OUT) . $response;
|
||||
|
||||
curl_close($curl);
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Takes XML as a string and returns it nicely indented
|
||||
*
|
||||
* @param string $xml The xml to beautify
|
||||
* @param boolean $html_output True if returned XML should be escaped for HTML.
|
||||
* @return string The beautified xml
|
||||
*/
|
||||
function xml_pretty_printer($xml, $html_output=false) {
|
||||
$xml_obj = new SimpleXMLElement($xml);
|
||||
$level = 2;
|
||||
|
||||
// Get an array containing each XML element
|
||||
$xml = explode("\n", preg_replace('/>\s*</', ">\n<", $xml_obj->asXML()));
|
||||
|
||||
// Hold current indentation level
|
||||
$indent = 0;
|
||||
|
||||
$pretty = array();
|
||||
|
||||
// Shift off opening XML tag if present
|
||||
if (count($xml) && preg_match('/^<\?\s*xml/', $xml[0])) {
|
||||
$pretty[] = array_shift($xml);
|
||||
}
|
||||
|
||||
foreach ($xml as $el) {
|
||||
if (preg_match('/^<([\w])+[^>\/]*>$/U', $el)) {
|
||||
// opening tag, increase indent
|
||||
$pretty[] = str_repeat(' ', $indent) . $el;
|
||||
$indent += $level;
|
||||
} else {
|
||||
if (preg_match('/^<\/.+>$/', $el)) {
|
||||
$indent -= $level; // closing tag, decrease indent
|
||||
}
|
||||
if ($indent < 0) {
|
||||
$indent += $level;
|
||||
}
|
||||
$pretty[] = str_repeat(' ', $indent) . $el;
|
||||
}
|
||||
}
|
||||
|
||||
$xml = implode("\n", $pretty);
|
||||
return $html_output ? htmlentities($xml) : $xml;
|
||||
}
|
||||
|
||||
/**
|
||||
* Joins key/value pairs by $inner_glue and each pair together by $outer_glue.
|
||||
*
|
||||
* Example: implode_assoc('=', '&', array('a' => 1, 'b' => 2)) === 'a=1&b=2'
|
||||
*
|
||||
* @param string $inner_glue What to implode each key/value pair with
|
||||
* @param string $outer_glue What to impode each key/value string subset with
|
||||
* @param array $array Associative array of query parameters
|
||||
* @return string Urlencoded string of query parameters
|
||||
*/
|
||||
function implode_assoc($inner_glue, $outer_glue, $array) {
|
||||
$output = array();
|
||||
foreach($array as $key => $item) {
|
||||
$output[] = $key . $inner_glue . urlencode($item);
|
||||
}
|
||||
return implode($outer_glue, $output);
|
||||
}
|
||||
|
||||
/**
|
||||
* Explodes a string of key/value url parameters into an associative array.
|
||||
* This method performs the compliment operations of implode_assoc().
|
||||
*
|
||||
* Example: explode_assoc('=', '&', 'a=1&b=2') === array('a' => 1, 'b' => 2)
|
||||
*
|
||||
* @param string $inner_glue What each key/value pair is joined with
|
||||
* @param string $outer_glue What each set of key/value pairs is joined with.
|
||||
* @param array $array Associative array of query parameters
|
||||
* @return array Urlencoded string of query parameters
|
||||
*/
|
||||
function explode_assoc($inner_glue, $outer_glue, $params) {
|
||||
$tempArr = explode($outer_glue, $params);
|
||||
foreach($tempArr as $val) {
|
||||
$pos = strpos($val, $inner_glue);
|
||||
$key = substr($val, 0, $pos);
|
||||
$array2[$key] = substr($val, $pos + 1, strlen($val));
|
||||
}
|
||||
return $array2;
|
||||
}
|
||||
|
||||
?>
|
|
@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
|
|||
OCP\Util::addscript('','oc-vcategories');
|
||||
OCP\App::setActiveNavigationEntry('calendar_index');
|
||||
$tmpl = new OCP\Template('calendar', 'calendar', 'user');
|
||||
$tmpl->assign('eventSources', $eventSources);
|
||||
$tmpl->assign('eventSources', $eventSources,false);
|
||||
$tmpl->assign('categories', $categories);
|
||||
if(array_key_exists('showevent', $_GET)){
|
||||
$tmpl->assign('showevent', $_GET['showevent']);
|
||||
$tmpl->assign('showevent', $_GET['showevent'], false);
|
||||
}
|
||||
$tmpl->printPage();
|
||||
|
|
|
@ -377,8 +377,8 @@ class OC_Calendar_App{
|
|||
$lastmodified = ($last_modified)?$last_modified->getDateTime()->format('U'):0;
|
||||
|
||||
$output = array('id'=>(int)$event['id'],
|
||||
'title' => htmlspecialchars(($event['summary']!=NULL || $event['summary'] != '')?$event['summary']: self::$l10n->t('unnamed')),
|
||||
'description' => isset($vevent->DESCRIPTION)?htmlspecialchars($vevent->DESCRIPTION->value):'',
|
||||
'title' => ($event['summary']!=NULL || $event['summary'] != '')?$event['summary']: self::$l10n->t('unnamed'),
|
||||
'description' => isset($vevent->DESCRIPTION)?$vevent->DESCRIPTION->value:'',
|
||||
'lastmodified'=>$lastmodified);
|
||||
|
||||
$dtstart = $vevent->DTSTART;
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
<?php
|
||||
echo '<td width="20px"><input id="active_' . $_['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Calendar.activation(this,' . $_['calendar']['id'] . ')"' . ($_['calendar']['active'] ? ' checked="checked"' : '') . '></td>';
|
||||
echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . htmlspecialchars($_['calendar']['displayname']) . '</label></td>';
|
||||
echo '<td id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . $_['calendar']['displayname'] . '</label></td>';
|
||||
echo '<td width="20px"><a href="#" onclick="Calendar.UI.Share.dropdown(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['id'] . '\');" title="' . $l->t("Share Calendar") . '" class="action"><img class="svg action" src="' . ((!$_['shared']) ? OCP\Util::imagePath('core', 'actions/share.svg') : OCP\Util::imagePath('core', 'actions/shared.svg')) . '"></a></td>';
|
||||
echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . htmlentities($_['calendar']['uri']) . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>';
|
||||
echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['uri'] . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>';
|
||||
echo '<td width="20px"><a href="?app=calendar&getfile=export.php?calid=' . $_['calendar']['id'] . '" title="' . $l->t('Download') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/download.svg').'"></a></td>';
|
||||
echo '<td width="20px"><a href="#" title="' . $l->t('Edit') . '" class="action" onclick="Calendar.UI.Calendar.edit(this, ' . $_['calendar']['id'] . ');"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/rename.svg').'"></a></td>';
|
||||
echo '<td width="20px"><a href="#" onclick="Calendar.UI.Calendar.deleteCalendar(\'' . $_['calendar']['id'] . '\');" title="' . $l->t('Delete') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/delete.svg').'"></a></td>';
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<?php
|
||||
echo '<td width="20px"><input id="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Share.activation(this,\'' . $_['share']['owner'] . '\',' . $_['share']['calendar']['id'] . ')"' . ($_['share']['active'] ? ' checked="checked"' : '') . '></td>';
|
||||
echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . htmlspecialchars($_['share']['calendar']['displayname']) . '</label></td>';
|
||||
echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . $_['share']['calendar']['displayname'] . '</label></td>';
|
||||
echo '<td style="font-style: italic;">' . $l->t('shared with you by') . ' ' . $_['share']['owner'] . '</td>';
|
|
@ -18,7 +18,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
|
|||
<tr>
|
||||
<th width="75px"><?php echo $l->t("Title");?>:</th>
|
||||
<td>
|
||||
<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>" maxlength="100" name="title"/>
|
||||
<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? $_['title'] : '' ?>" maxlength="100" name="title"/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
@ -26,7 +26,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
|
|||
<tr>
|
||||
<th width="75px"><?php echo $l->t("Category");?>:</th>
|
||||
<td>
|
||||
<input id="category" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? htmlspecialchars($_['categories']) : '' ?>">
|
||||
<input id="category" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? $_['categories'] : '' ?>">
|
||||
<a class="action edit" onclick="$(this).tipsy('hide');OCCategories.edit();" title="<?php echo $l->t('Edit categories'); ?>"><img alt="<?php echo $l->t('Edit categories'); ?>" src="<?php echo OCP\image_path('core','actions/rename.svg')?>" class="svg action" style="width: 16px; height: 16px;"></a>
|
||||
</td>
|
||||
<?php if(count($_['calendar_options']) > 1) { ?>
|
||||
|
@ -80,7 +80,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
|
|||
<tr>
|
||||
<th width="85px"><?php echo $l->t("Location");?>:</th>
|
||||
<td>
|
||||
<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>" maxlength="100" name="location" />
|
||||
<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? $_['location'] : '' ?>" maxlength="100" name="location" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
@ -88,7 +88,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
|
|||
<tr>
|
||||
<th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
|
||||
<td>
|
||||
<textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
|
||||
<textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? $_['description'] : '' ?></textarea>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
$calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser());
|
||||
$calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar'));
|
||||
for($i = 0;$i<count($calendar_options);$i++){
|
||||
$calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']);
|
||||
$calendar_options[$i]['displayname'] = $calendar_options[$i]['displayname'];
|
||||
}
|
||||
echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname'));
|
||||
?>
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
<tr>
|
||||
<th width="75px"><?php echo $l->t("Title");?>:</th>
|
||||
<td>
|
||||
<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>
|
||||
<?php echo isset($_['title']) ? $_['title'] : '' ?>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
@ -79,7 +79,7 @@
|
|||
<tr>
|
||||
<th width="85px"><?php echo $l->t("Location");?>:</th>
|
||||
<td>
|
||||
<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>
|
||||
<?php echo isset($_['location']) ? $_['location'] : '' ?>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
@ -87,7 +87,7 @@
|
|||
<tr>
|
||||
<th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
|
||||
<td>
|
||||
<?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
|
||||
<?php echo isset($_['description']) ? $_['description'] : '' ?></textarea>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$bookid = $_POST['bookid'];
|
||||
$book = OC_Contacts_App::getAddressbook($bookid);// is owner access check
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$aid = isset($_POST['aid'])?$_POST['aid']:null;
|
||||
if(!$aid) {
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
function bailOut($msg) {
|
||||
OCP\JSON::error(array('data' => array('message' => $msg)));
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$userid = OCP\USER::getUser();
|
||||
$name = trim(strip_tags($_POST['name']));
|
||||
|
|
|
@ -25,10 +25,12 @@ OCP\JSON::checkLoggedIn();
|
|||
OCP\JSON::checkAppEnabled('contacts');
|
||||
|
||||
$tmpkey = $_GET['tmpkey'];
|
||||
$requesttoken = $_GET['requesttoken'];
|
||||
$id = $_GET['id'];
|
||||
$tmpl = new OCP\Template("contacts", "part.cropphoto");
|
||||
$tmpl->assign('tmpkey', $tmpkey);
|
||||
$tmpl->assign('id', $id);
|
||||
$tmpl->assign('requesttoken', $requesttoken);
|
||||
$page = $tmpl->fetchPage();
|
||||
|
||||
OCP\JSON::success(array('data' => array( 'page' => $page )));
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
//$id = $_GET['id'];
|
||||
$id = $_POST['id'];
|
||||
|
|
|
@ -28,6 +28,17 @@ function bailOut($msg) {
|
|||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
// foreach($_SERVER as $key=>$value) {
|
||||
// OCP\Util::writeLog('contacts','ajax/saveproperty.php: _SERVER: '.$key.'=>'.$value, OCP\Util::DEBUG);
|
||||
// }
|
||||
foreach($_POST as $key=>$value) {
|
||||
OCP\Util::writeLog('contacts','ajax/saveproperty.php: _POST: '.$key.'=>'.print_r($value, true), OCP\Util::DEBUG);
|
||||
}
|
||||
foreach($_GET as $key=>$value) {
|
||||
OCP\Util::writeLog('contacts','ajax/saveproperty.php: _GET: '.$key.'=>'.print_r($value, true), OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
$id = isset($_POST['id'])?$_POST['id']:null;
|
||||
if(!$id) {
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$id = $_POST['id'];
|
||||
$checksum = $_POST['checksum'];
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
// Firefox and Konqueror tries to download application/json for me. --Arthur
|
||||
OCP\JSON::setContentTypeHeader('text/plain');
|
||||
|
|
|
@ -20,10 +20,6 @@
|
|||
*
|
||||
*/
|
||||
|
||||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
|
||||
function bailOut($msg) {
|
||||
OCP\JSON::error(array('data' => array('message' => $msg)));
|
||||
OCP\Util::writeLog('contacts','ajax/saveproperty.php: '.$msg, OCP\Util::DEBUG);
|
||||
|
@ -33,6 +29,11 @@ function debug($msg) {
|
|||
OCP\Util::writeLog('contacts','ajax/saveproperty.php: '.$msg, OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$id = isset($_POST['id'])?$_POST['id']:null;
|
||||
$name = isset($_POST['name'])?$_POST['name']:null;
|
||||
$value = isset($_POST['value'])?$_POST['value']:null;
|
||||
|
|
|
@ -23,6 +23,8 @@
|
|||
// Check if we are a user
|
||||
OCP\JSON::checkLoggedIn();
|
||||
OCP\JSON::checkAppEnabled('contacts');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
// Firefox and Konqueror tries to download application/json for me. --Arthur
|
||||
OCP\JSON::setContentTypeHeader('text/plain');
|
||||
function bailOut($msg) {
|
||||
|
|
|
@ -622,7 +622,7 @@ Contacts={
|
|||
q = q + '&id=' + this.id + '&name=' + name;
|
||||
if(checksum != undefined && checksum != '') { // save
|
||||
q = q + '&checksum=' + checksum;
|
||||
//console.log('Saving: ' + q);
|
||||
console.log('Saving: ' + q);
|
||||
$(obj).attr('disabled', 'disabled');
|
||||
$.post(OC.filePath('contacts', 'ajax', 'saveproperty.php'),q,function(jsondata){
|
||||
if(jsondata.status == 'success'){
|
||||
|
@ -640,7 +640,7 @@ Contacts={
|
|||
}
|
||||
},'json');
|
||||
} else { // add
|
||||
//console.log('Adding: ' + q);
|
||||
console.log('Adding: ' + q);
|
||||
$(obj).attr('disabled', 'disabled');
|
||||
$.post(OC.filePath('contacts', 'ajax', 'addproperty.php'),q,function(jsondata){
|
||||
if(jsondata.status == 'success'){
|
||||
|
|
|
@ -3,6 +3,7 @@ $id = isset($_['id']) ? $_['id'] : '';
|
|||
?>
|
||||
<div id="card">
|
||||
<form class="float" id="file_upload_form" action="<?php echo OCP\Util::linkTo('contacts', 'ajax/uploadphoto.php'); ?>" method="post" enctype="multipart/form-data" target="file_upload_target">
|
||||
<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>">
|
||||
<input type="hidden" name="id" value="<?php echo $_['id'] ?>">
|
||||
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
|
||||
<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
|
||||
|
@ -23,6 +24,7 @@ $id = isset($_['id']) ? $_['id'] : '';
|
|||
<div id="contact_identity" class="contactsection">
|
||||
<form method="post">
|
||||
<input type="hidden" name="id" value="<?php echo $_['id'] ?>">
|
||||
<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>">
|
||||
<fieldset id="ident" class="contactpart">
|
||||
<span class="propertycontainer" data-element="N"><input type="hidden" id="n" class="contacts_property" name="value" value="" /></span>
|
||||
<span id="name" class="propertycontainer" data-element="FN">
|
||||
|
|
|
@ -8,5 +8,5 @@
|
|||
}
|
||||
}
|
||||
?>
|
||||
<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li>
|
||||
<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li>
|
||||
<?php endforeach; ?>
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
<?php
|
||||
$id = $_['id'];
|
||||
$tmpkey = $_['tmpkey'];
|
||||
$csrf_token = $_GET['csrf_token'];
|
||||
OCP\Util::writeLog('contacts','templates/part.cropphoto.php: tmpkey: '.$tmpkey, OCP\Util::DEBUG);
|
||||
?>
|
||||
<script language="Javascript">
|
||||
|
@ -48,6 +49,7 @@ OCP\Util::writeLog('contacts','templates/part.cropphoto.php: tmpkey: '.$tmpkey,
|
|||
action="<?php echo OCP\Util::linkToAbsolute('contacts', 'ajax/savecrop.php'); ?>">
|
||||
|
||||
<input type="hidden" id="id" name="id" value="<?php echo $id; ?>" />
|
||||
<input type="hidden" name="requesttoken" value="<?php echo $csrf_token; ?>">
|
||||
<input type="hidden" id="tmpkey" name="tmpkey" value="<?php echo $tmpkey; ?>" />
|
||||
<fieldset id="coords">
|
||||
<input type="hidden" id="x1" name="x1" value="" />
|
||||
|
|
|
@ -7,10 +7,6 @@
|
|||
*/
|
||||
?>
|
||||
<td id="importaddressbook_dialog" colspan="6">
|
||||
<?php
|
||||
if(OCP\App::isEnabled('files_encryption')) {
|
||||
echo '<strong>'.$l->t('Currently this import function doesn\'t work while encryption is enabled.<br />Please upload your VCF file with the file manager and click on it to import.').'</strong>';
|
||||
} else { ?>
|
||||
<table>
|
||||
<tr>
|
||||
<th><?php echo $l->t('Select address book to import to:') ?></th>
|
||||
|
@ -33,7 +29,6 @@ if(OCP\App::isEnabled('files_encryption')) {
|
|||
|
||||
<input id="close_button" style="float: left;" type="button" onclick="Contacts.UI.Addressbooks.cancel(this);" value="<?php echo $l->t("Cancel"); ?>">
|
||||
<iframe name="import_upload_target" id='import_upload_target' src=""></iframe>
|
||||
<?php } ?>
|
||||
</td>
|
||||
<script type="text/javascript">
|
||||
$(document).ready(function(){
|
||||
|
|
|
@ -38,7 +38,7 @@ foreach( OC_Files::getdirectorycontent( $dir ) as $i ){
|
|||
}
|
||||
|
||||
$list = new OCP\Template( "files", "part.list", "" );
|
||||
$list->assign( "files", $files );
|
||||
$list->assign( "files", $files, false );
|
||||
$data = array('files' => $list->fetchPage());
|
||||
|
||||
OCP\JSON::success(array('data' => $data));
|
||||
|
|
|
@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
|
|||
|
||||
// make breadcrumb und filelist markup
|
||||
$list = new OCP\Template( 'files', 'part.list', '' );
|
||||
$list->assign( 'files', $files );
|
||||
$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
|
||||
$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
|
||||
$list->assign( 'files', $files, false );
|
||||
$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
|
||||
$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=', false);
|
||||
$breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
|
||||
$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
|
||||
$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
|
||||
$breadcrumbNav->assign( 'breadcrumb', $breadcrumb, false );
|
||||
$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
|
||||
|
||||
$upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
|
||||
$post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
|
||||
|
@ -89,8 +89,8 @@ $freeSpace=max($freeSpace,0);
|
|||
$maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
|
||||
|
||||
$tmpl = new OCP\Template( 'files', 'index', 'user' );
|
||||
$tmpl->assign( 'fileList', $list->fetchPage() );
|
||||
$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
|
||||
$tmpl->assign( 'fileList', $list->fetchPage(), false );
|
||||
$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage(), false );
|
||||
$tmpl->assign( 'dir', $dir);
|
||||
$tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
|
||||
$tmpl->assign( 'files', $files );
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<form data-upload-id='1' class="file_upload_form" action="<?php echo OCP\Util::linkTo('files', 'ajax/upload.php'); ?>" method="post" enctype="multipart/form-data" target="file_upload_target_1">
|
||||
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
|
||||
<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
|
||||
<input type="hidden" name="dir" value="<?php echo htmlentities($_['dir'],ENT_COMPAT,'utf-8') ?>" id="dir">
|
||||
<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
|
||||
<button class="file_upload_filename"> <img class='svg action' alt="Upload" src="<?php echo OCP\image_path("core", "actions/upload-white.svg"); ?>" /></button>
|
||||
<input class="file_upload_start" type="file" name='files[]'/>
|
||||
<a href="#" class="file_upload_button_wrapper" onclick="return false;" title="<?php echo $l->t('Upload'); echo ' max. '.$_['uploadMaxHumanFilesize'] ?>"></a>
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
<?php
|
||||
|
||||
require_once 'Google/common.inc.php';
|
||||
|
||||
OCP\JSON::checkAppEnabled('files_external');
|
||||
OCP\JSON::checkLoggedIn();
|
||||
$consumer = new OAuthConsumer('anonymous', 'anonymous');
|
||||
$sigMethod = new OAuthSignatureMethod_HMAC_SHA1();
|
||||
if (isset($_POST['step'])) {
|
||||
switch ($_POST['step']) {
|
||||
case 1:
|
||||
if (isset($_POST['callback'])) {
|
||||
$callback = $_POST['callback'];
|
||||
} else {
|
||||
$callback = null;
|
||||
}
|
||||
$scope = 'https://docs.google.com/feeds/ https://docs.googleusercontent.com/ https://spreadsheets.google.com/feeds/';
|
||||
$url = 'https://www.google.com/accounts/OAuthGetRequestToken?scope='.urlencode($scope);
|
||||
$params = array('scope' => $scope, 'oauth_callback' => $callback);
|
||||
$request = OAuthRequest::from_consumer_and_token($consumer, null, 'GET', $url, $params);
|
||||
$request->sign_request($sigMethod, $consumer, null);
|
||||
$response = send_signed_request('GET', $url, array($request->to_header()), null, false);
|
||||
$token = array();
|
||||
parse_str($response, $token);
|
||||
if (isset($token['oauth_token']) && isset($token['oauth_token_secret'])) {
|
||||
$authUrl = 'https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token='.$token['oauth_token'];
|
||||
OCP\JSON::success(array('data' => array('url' => $authUrl, 'request_token' => $token['oauth_token'], 'request_token_secret' => $token['oauth_token_secret'])));
|
||||
} else {
|
||||
OCP\JSON::error(array('data' => array('message' => 'Fetching request tokens failed. Error: '.$response)));
|
||||
}
|
||||
break;
|
||||
case 2:
|
||||
if (isset($_POST['oauth_verifier']) && isset($_POST['request_token']) && isset($_POST['request_token_secret'])) {
|
||||
$token = new OAuthToken($_POST['request_token'], $_POST['request_token_secret']);
|
||||
$url = 'https://www.google.com/accounts/OAuthGetAccessToken';
|
||||
$request = OAuthRequest::from_consumer_and_token($consumer, $token, 'GET', $url, array('oauth_verifier' => $_POST['oauth_verifier']));
|
||||
$request->sign_request($sigMethod, $consumer, $token);
|
||||
$response = send_signed_request('GET', $url, array($request->to_header()), null, false);
|
||||
$token = array();
|
||||
parse_str($response, $token);
|
||||
if (isset($token['oauth_token']) && isset($token['oauth_token_secret'])) {
|
||||
OCP\JSON::success(array('access_token' => $token['oauth_token'], 'access_token_secret' => $token['oauth_token_secret']));
|
||||
} else {
|
||||
OCP\JSON::error(array('data' => array('message' => 'Fetching access tokens failed. Error: '.$response)));
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -0,0 +1,48 @@
|
|||
$(document).ready(function() {
|
||||
|
||||
$('#externalStorage tbody tr').each(function() {
|
||||
if ($(this).find('.backend').data('class') == 'OC_Filestorage_Google') {
|
||||
var token = $(this).find('[data-parameter="token"]');
|
||||
var token_secret = $(this).find('[data-parameter="token_secret"]');
|
||||
if ($(token).val() == '' && $(token).val() == '') {
|
||||
$(this).find('.configuration').append('<a class="button google">Grant access</a>');
|
||||
} else {
|
||||
var params = {};
|
||||
window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m, key, value) {
|
||||
params[key] = value;
|
||||
});
|
||||
if (params['oauth_token'].length > 1 && decodeURIComponent(params['oauth_token']) == $(token).val() && params['oauth_verifier'].length > 1) {
|
||||
var tr = $(this);
|
||||
$.post(OC.filePath('files_external', 'ajax', 'google.php'), { step: 2, oauth_verifier: params['oauth_verifier'], request_token: $(token).val(), request_token_secret: $(token_secret).val() }, function(result) {
|
||||
if (result && result.status == 'success') {
|
||||
$(token).val(result.access_token);
|
||||
$(token_secret).val(result.access_token_secret);
|
||||
OC.MountConfig.saveStorage(tr);
|
||||
} else {
|
||||
OC.dialogs.alert(result.data.message, 'Error configuring Google Drive storage');
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
});
|
||||
|
||||
$('.google').live('click', function(event) {
|
||||
event.preventDefault();
|
||||
var tr = $(this).parent().parent();
|
||||
var token = $(this).parent().find('[data-parameter="token"]');
|
||||
var token_secret = $(this).parent().find('[data-parameter="token_secret"]');
|
||||
$.post(OC.filePath('files_external', 'ajax', 'google.php'), { step: 1, callback: window.location.href }, function(result) {
|
||||
if (result && result.status == 'success') {
|
||||
$(token).val(result.data.request_token);
|
||||
$(token_secret).val(result.data.request_token_secret);
|
||||
OC.MountConfig.saveStorage(tr);
|
||||
window.location = result.data.url;
|
||||
} else {
|
||||
OC.dialogs.alert(result.data.message, 'Error configuring Google Drive storage');
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
});
|
|
@ -41,8 +41,9 @@ class OC_Mount_Config {
|
|||
return array(
|
||||
'OC_Filestorage_Local' => array('backend' => 'Local', 'configuration' => array('datadir' => 'Location')),
|
||||
'OC_Filestorage_AmazonS3' => array('backend' => 'Amazon S3', 'configuration' => array('key' => 'Key', 'secret' => '*Secret', 'bucket' => 'Bucket')),
|
||||
'OC_Filestorage_Dropbox' => array('backend' => 'Dropbox', 'configuration' => array('app_key' => 'App key', 'app_secret' => 'App secret', 'token' => '#token', 'token_secret' => '#token_secret' ), 'custom' => 'dropbox'),
|
||||
'OC_Filestorage_Dropbox' => array('backend' => 'Dropbox', 'configuration' => array('app_key' => 'App key', 'app_secret' => 'App secret', 'token' => '#token', 'token_secret' => '#token_secret'), 'custom' => 'dropbox'),
|
||||
'OC_Filestorage_FTP' => array('backend' => 'FTP', 'configuration' => array('host' => 'URL', 'user' => 'Username', 'password' => '*Password', 'root' => '&Root', 'secure' => '!Secure ftps://')),
|
||||
'OC_Filestorage_Google' => array('backend' => 'Google Drive', 'configuration' => array('token' => '#token', 'token_secret' => '#token secret'), 'custom' => 'google'),
|
||||
'OC_Filestorage_SWIFT' => array('backend' => 'OpenStack Swift', 'configuration' => array('host' => 'URL', 'user' => 'Username', 'token' => '*Token', 'root' => '&Root', 'secure' => '!Secure ftps://')),
|
||||
'OC_Filestorage_SMB' => array('backend' => 'SMB', 'configuration' => array('host' => 'URL', 'user' => 'Username', 'password' => '*Password', 'root' => '&Root')),
|
||||
'OC_Filestorage_DAV' => array('backend' => 'WebDAV', 'configuration' => array('host' => 'URL', 'user' => 'Username', 'password' => '*Password', 'root' => '&Root', 'secure' => '!Secure https://'))
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
require_once 'common.inc.php';
|
||||
require_once 'Google/common.inc.php';
|
||||
|
||||
class OC_Filestorage_Google extends OC_Filestorage_Common {
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
<?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?>
|
||||
<?php foreach ($_['mounts'] as $mountPoint => $mount): ?>
|
||||
<tr <?php if ($mountPoint == '') echo 'id="addMountPoint"'; ?>>
|
||||
<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo htmlentities($mountPoint); ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
|
||||
<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo $mountPoint; ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
|
||||
<?php if ($mountPoint == ''): ?>
|
||||
<td class="backend">
|
||||
<select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'>
|
||||
|
|
|
@ -141,7 +141,7 @@ class TileStack extends TileBase {
|
|||
}
|
||||
|
||||
public function get() {
|
||||
$r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
|
||||
$r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
|
||||
for ($i = 0; $i < count($this->tiles_array); $i++) {
|
||||
$top = rand(-5, 5);
|
||||
$left = rand(-5, 5);
|
||||
|
@ -168,7 +168,7 @@ class TileStack extends TileBase {
|
|||
}
|
||||
|
||||
public function getOnClickAction() {
|
||||
return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');';
|
||||
return 'javascript:openNewGal(\''.$this->stack_name.'\');';
|
||||
}
|
||||
|
||||
private $tiles_array;
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<input type="text" id="location" name="location" placeholder="<?php echo $l->t('Location of the task');?>" value="<?php echo isset($_['details']->LOCATION) ? $_['details']->LOCATION[0]->value : '' ?>">
|
||||
<br>
|
||||
<label for="categories"><?php echo $l->t('Categories'); ?></label>
|
||||
<input id="categories" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? htmlspecialchars($_['categories']) : '' ?>">
|
||||
<input id="categories" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? $_['categories'] : '' ?>">
|
||||
<a class="action edit" onclick="$(this).tipsy('hide');OCCategories.edit();" title="<?php echo $l->t('Edit categories'); ?>"><img alt="<?php echo $l->t('Edit categories'); ?>" src="<?php echo OCP\image_path('core','actions/rename.svg')?>" class="svg action" style="width: 16px; height: 16px;"></a>
|
||||
<br>
|
||||
<label for="due"><?php echo $l->t('Due'); ?></label>
|
||||
|
|
|
@ -47,7 +47,7 @@ if ($_POST) {
|
|||
// fill template
|
||||
$tmpl = new OCP\Template( 'user_ldap', 'settings');
|
||||
foreach($params as $param){
|
||||
$value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,''));
|
||||
$value = OCP\Config::getAppValue('user_ldap', $param,'');
|
||||
$tmpl->assign($param, $value);
|
||||
}
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
$tmpl = new OCP\Template( 'user_openid', 'settings');
|
||||
$identity=OCP\Config::getUserValue(OCP\USER::getUser(),'user_openid','identity','');
|
||||
$tmpl->assign('identity',htmlentities($identity));
|
||||
$tmpl->assign('identity',$identity);
|
||||
|
||||
OCP\Util::addscript('user_openid','settings');
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ if (isset($_POST['user'])) {
|
|||
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
|
||||
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
|
||||
if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and ($_POST['sectoken']==$_SESSION['sectoken']) ) {
|
||||
$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php').'?user='.$_POST['user'].'&token='.$token;
|
||||
$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php').'?user='.urlencode($_POST['user']).'&token='.$token;
|
||||
$tmpl = new OC_Template('core/lostpassword', 'email');
|
||||
$tmpl->assign('link', $link);
|
||||
$msg = $tmpl->fetchPage();
|
||||
|
|
|
@ -10,6 +10,6 @@ if(!isset($_)){//also provide standalone error page
|
|||
<ul>
|
||||
<li class='error'>
|
||||
<?php echo $l->t( 'Cloud not found' ); ?><br/>
|
||||
<p class='hint'><?php if(isset($_['file'])) echo htmlentities($_['file'])?></p>
|
||||
<p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
|
||||
</li>
|
||||
</ul>
|
||||
|
|
|
@ -30,6 +30,16 @@
|
|||
echo '/>';
|
||||
?>
|
||||
<?php endforeach; ?>
|
||||
<script type="text/javascript">
|
||||
$(function() {
|
||||
var requesttoken = '<?php echo $_['requesttoken']; ?>';
|
||||
$(document).bind('ajaxSend', function(elm, xhr, s){
|
||||
if(requesttoken) {
|
||||
xhr.setRequestHeader('requesttoken', requesttoken);
|
||||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body id="<?php echo $_['bodyid'];?>">
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
|
||||
<form action="index.php" method="post">
|
||||
<fieldset>
|
||||
<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?>
|
||||
<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?>
|
||||
<?php if($_['error']): ?>
|
||||
<a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a>
|
||||
<?php endif; ?>
|
||||
|
|
12
lib/json.php
12
lib/json.php
|
@ -41,6 +41,18 @@ class OC_JSON{
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Check an ajax get/post call if the request token is valid.
|
||||
* @return json Error msg if not valid.
|
||||
*/
|
||||
public static function callCheck(){
|
||||
if( !OC_Util::isCallRegistered()){
|
||||
$l = OC_L10N::get('core');
|
||||
self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') )));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user is a admin, send json error msg if not
|
||||
*/
|
||||
|
|
|
@ -53,6 +53,13 @@ class JSON {
|
|||
return(\OC_JSON::checkLoggedIn());
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Check an ajax get/post call if the request token is valid.
|
||||
* @return json Error msg if not valid.
|
||||
*/
|
||||
public static function callCheck(){
|
||||
return(\OC_JSON::callCheck());
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Send json success msg
|
||||
|
|
|
@ -155,6 +155,9 @@ class OC_Template{
|
|||
$this->renderas = $renderas;
|
||||
$this->application = $app;
|
||||
$this->vars = array();
|
||||
if($renderas == 'user') {
|
||||
$this->vars['requesttoken'] = OC_Util::callRegister();
|
||||
}
|
||||
$this->l10n = OC_L10N::get($app);
|
||||
header('X-Frame-Options: Sameorigin');
|
||||
header('X-XSS-Protection: 1; mode=block');
|
||||
|
@ -259,6 +262,7 @@ class OC_Template{
|
|||
* @brief Assign variables
|
||||
* @param $key key
|
||||
* @param $value value
|
||||
* @param $sanitizeHTML false, if data shouldn't get passed through htmlentities
|
||||
* @returns true
|
||||
*
|
||||
* This function assigns a variable. It can be accessed via $_[$key] in
|
||||
|
@ -266,11 +270,29 @@ class OC_Template{
|
|||
*
|
||||
* If the key existed before, it will be overwritten
|
||||
*/
|
||||
public function assign( $key, $value ){
|
||||
public function assign( $key, $value, $sanitizeHTML=true ){
|
||||
if($sanitizeHTML == true) {
|
||||
if(is_array($value)) {
|
||||
array_walk_recursive($value,'OC_Template::sanitizeHTML');
|
||||
} else {
|
||||
$value = OC_Template::sanitizeHTML($value);
|
||||
}
|
||||
}
|
||||
$this->vars[$key] = $value;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief Internaly used to sanitze HTML
|
||||
*
|
||||
* This function is internally used to sanitize HTML.
|
||||
*/
|
||||
private static function sanitizeHTML( &$value ){
|
||||
$value = htmlentities( $value );
|
||||
return $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Appends a variable
|
||||
* @param $key key
|
||||
|
@ -354,20 +376,21 @@ class OC_Template{
|
|||
// Decide which page we show
|
||||
if( $this->renderas == "user" ){
|
||||
$page = new OC_Template( "core", "layout.user" );
|
||||
$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
|
||||
$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ), false);
|
||||
$page->assign('requesttoken', $this->vars['requesttoken']);
|
||||
if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){
|
||||
$page->assign('bodyid','body-settings');
|
||||
$page->assign('bodyid','body-settings', false);
|
||||
}else{
|
||||
$page->assign('bodyid','body-user');
|
||||
$page->assign('bodyid','body-user', false);
|
||||
}
|
||||
|
||||
// Add navigation entry
|
||||
$navigation = OC_App::getNavigation();
|
||||
$page->assign( "navigation", $navigation);
|
||||
$page->assign( "settingsnavigation", OC_App::getSettingsNavigation());
|
||||
$page->assign( "navigation", $navigation, false);
|
||||
$page->assign( "settingsnavigation", OC_App::getSettingsNavigation(), false);
|
||||
foreach($navigation as $entry) {
|
||||
if ($entry['active']) {
|
||||
$page->assign( 'application', $entry['name'] );
|
||||
$page->assign( 'application', $entry['name'], false );
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -381,7 +404,7 @@ class OC_Template{
|
|||
// Read the detected formfactor and use the right file name.
|
||||
$fext = self::getFormFactorExtension();
|
||||
|
||||
$page->assign('jsfiles', array());
|
||||
$page->assign('jsfiles', array(), false);
|
||||
// Add the core js files or the js files provided by the selected theme
|
||||
foreach(OC_Util::$scripts as $script){
|
||||
// Is it in 3rd party?
|
||||
|
@ -456,13 +479,13 @@ class OC_Template{
|
|||
}
|
||||
|
||||
// Add custom headers
|
||||
$page->assign('headers',$this->headers);
|
||||
$page->assign('headers',$this->headers, false);
|
||||
foreach(OC_Util::$headers as $header){
|
||||
$page->append('headers',$header);
|
||||
}
|
||||
|
||||
// Add css files and js files
|
||||
$page->assign( "content", $data );
|
||||
$page->assign( "content", $data, false );
|
||||
return $page->fetchPage();
|
||||
}
|
||||
else{
|
||||
|
@ -507,13 +530,13 @@ class OC_Template{
|
|||
$_ = array_merge( $additionalparams, $this->vars );
|
||||
}
|
||||
|
||||
// Einbinden
|
||||
// Include
|
||||
ob_start();
|
||||
include( $this->path.$file.'.php' );
|
||||
$data = ob_get_contents();
|
||||
@ob_end_clean();
|
||||
|
||||
// Daten zurückgeben
|
||||
// Return data
|
||||
return $data;
|
||||
}
|
||||
|
||||
|
@ -527,7 +550,7 @@ class OC_Template{
|
|||
public static function printUserPage( $application, $name, $parameters = array() ){
|
||||
$content = new OC_Template( $application, $name, "user" );
|
||||
foreach( $parameters as $key => $value ){
|
||||
$content->assign( $key, $value );
|
||||
$content->assign( $key, $value, false );
|
||||
}
|
||||
print $content->printPage();
|
||||
}
|
||||
|
@ -542,7 +565,7 @@ class OC_Template{
|
|||
public static function printAdminPage( $application, $name, $parameters = array() ){
|
||||
$content = new OC_Template( $application, $name, "admin" );
|
||||
foreach( $parameters as $key => $value ){
|
||||
$content->assign( $key, $value );
|
||||
$content->assign( $key, $value, false );
|
||||
}
|
||||
return $content->printPage();
|
||||
}
|
||||
|
@ -557,7 +580,7 @@ class OC_Template{
|
|||
public static function printGuestPage( $application, $name, $parameters = array() ){
|
||||
$content = new OC_Template( $application, $name, "guest" );
|
||||
foreach( $parameters as $key => $value ){
|
||||
$content->assign( $key, $value );
|
||||
$content->assign( $key, $value,false );
|
||||
}
|
||||
return $content->printPage();
|
||||
}
|
||||
|
|
45
lib/util.php
45
lib/util.php
|
@ -355,8 +355,9 @@ class OC_Util {
|
|||
}
|
||||
|
||||
/**
|
||||
* Register an get/post call. This is important to prevent CSRF attacks
|
||||
* @brief Register an get/post call. This is important to prevent CSRF attacks
|
||||
* Todo: Write howto
|
||||
* @return $token Generated token.
|
||||
*/
|
||||
public static function callRegister(){
|
||||
//mamimum time before token exires
|
||||
|
@ -381,50 +382,48 @@ class OC_Util {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// return the token
|
||||
return($token);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check an ajax get/post call if the request token is valid. exit if not.
|
||||
* Todo: Write howto
|
||||
* @brief Check an ajax get/post call if the request token is valid.
|
||||
* @return boolean False if request token is not set or is invalid.
|
||||
*/
|
||||
public static function callCheck(){
|
||||
public static function isCallRegistered(){
|
||||
//mamimum time before token exires
|
||||
$maxtime=(60*60); // 1 hour
|
||||
|
||||
// searches in the get and post arrays for the token.
|
||||
if(isset($_GET['requesttoken'])) {
|
||||
$token=$_GET['requesttoken'];
|
||||
}elseif(isset($_POST['requesttoken'])){
|
||||
$token=$_POST['requesttoken'];
|
||||
}elseif(isset($_SERVER['HTTP_REQUESTTOKEN'])){
|
||||
$token=$_SERVER['HTTP_REQUESTTOKEN'];
|
||||
}else{
|
||||
//no token found. exiting
|
||||
exit;
|
||||
//no token found.
|
||||
return false;
|
||||
}
|
||||
|
||||
// check if the token is in the user session and if the timestamp is from the last hour.
|
||||
if(isset($_SESSION['requesttoken-'.$token])) {
|
||||
$timestamp=$_SESSION['requesttoken-'.$token];
|
||||
if($timestamp+$maxtime<time){
|
||||
//token exired. exiting
|
||||
exit;
|
||||
|
||||
if($timestamp+$maxtime<time()){
|
||||
return false;
|
||||
}else{
|
||||
//token valid
|
||||
return;
|
||||
return true;
|
||||
}
|
||||
}else{
|
||||
//no token found. exiting
|
||||
exit;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @brief Check an ajax get/post call if the request token is valid. exit if not.
|
||||
* Todo: Write howto
|
||||
*/
|
||||
public static function callCheck(){
|
||||
if(!OC_Util::isCallRegistered()) {
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ function compareEntries($a,$b){
|
|||
usort($entries, 'compareEntries');
|
||||
|
||||
$tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
|
||||
$tmpl->assign('entries',$entries);
|
||||
$tmpl->assign('entries',$entries,false);
|
||||
$tmpl->assign('forms',array());
|
||||
foreach($forms as $form){
|
||||
$tmpl->append('forms',$form);
|
||||
|
|
|
@ -92,7 +92,7 @@ usort($apps, 'app_sort');
|
|||
|
||||
|
||||
$tmpl = new OC_Template( "settings", "apps", "user" );
|
||||
$tmpl->assign('apps',$apps);
|
||||
$tmpl->assign('apps',$apps, false);
|
||||
|
||||
$tmpl->printPage();
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal');
|
|||
<?php echo $entry->app;?>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo htmlentities($entry->message);?>
|
||||
<?php echo $entry->message;?>
|
||||
</td>
|
||||
<td>
|
||||
<?php echo OC_Util::formatDate($entry->time);?>
|
||||
|
|
|
@ -26,9 +26,9 @@
|
|||
<?php foreach($_["kbe"] as $kb): ?>
|
||||
<div class="helpblock">
|
||||
<?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?>
|
||||
<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?>
|
||||
<p><?php echo htmlentities($kb['description']);?></p>
|
||||
<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?>
|
||||
<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?>
|
||||
<p><?php echo $kb['description'];?></p>
|
||||
<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?>
|
||||
</div>
|
||||
<?php endforeach;
|
||||
endif?>
|
||||
|
|
Loading…
Reference in New Issue