From c2bdd6134be53dcf822632192af10cf3cf80be1e Mon Sep 17 00:00:00 2001
From: Robin <robin@Amaya.(none)>
Date: Sun, 25 Apr 2010 14:21:04 +0200
Subject: [PATCH] some cleanup/refactoring

---
 files/{rename.php => api.php}     |  29 ++-
 files/get_file.php                | 108 -----------
 files/get_files.php               |  49 ++++-
 files/move.php                    |  35 ----
 files/new.php                     |  38 ----
 inc/lib_files.php                 | 307 ++++++++++++++++++------------
 files/delete.php => js/lib_api.js |  26 ++-
 js/lib_files.js                   |  67 +++----
 8 files changed, 298 insertions(+), 361 deletions(-)
 rename files/{rename.php => api.php} (55%)
 delete mode 100644 files/get_file.php
 delete mode 100644 files/move.php
 delete mode 100644 files/new.php
 rename files/delete.php => js/lib_api.js (67%)

diff --git a/files/rename.php b/files/api.php
similarity index 55%
rename from files/rename.php
rename to files/api.php
index f0f272f018..5a4c8801d4 100644
--- a/files/rename.php
+++ b/files/api.php
@@ -22,13 +22,28 @@
 */
 require_once('../inc/lib_base.php');
 
-$dir=$_GET['dir'];
-$file=$_GET['file'];
-$newname=$_GET['newname'];
-if($file!=$newname and $newname!='' and isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){
-   $source=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
-   $target=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$newname;
-   rename($source,$target);
+$arguments=$_POST;
+
+foreach($arguments as &$argument){
+	$argument=stripslashes($argument);
+}
+ob_clean();
+switch($arguments['action']){
+	case 'delete':
+		OC_FILES::delete($arguments['dir'],$arguments['file']);
+		break;
+	case 'rename':
+		OC_FILES::move($arguments['dir'],$arguments['file'],$arguments['dir'],$arguments['newname']);
+		break;
+	case 'new':
+		OC_FILES::newfile($arguments['dir'],$arguments['name'],$arguments['type']);
+		break;
+	case 'move':
+		OC_FILES::move($arguments['sourcedir'],$arguments['source'],$arguments['targetdir'],$arguments['target']);
+		break;
+	case 'get':
+		OC_FILES::get($arguments['dir'],$arguments['file']);
+		break;
 }
 
 ?>
\ No newline at end of file
diff --git a/files/get_file.php b/files/get_file.php
deleted file mode 100644
index 9ec539ee7e..0000000000
--- a/files/get_file.php
+++ /dev/null
@@ -1,108 +0,0 @@
-<?php
-/**
-* ownCloud - ajax frontend
-*
-* @author Robin Appelman
-* @copyright 2010 Robin Appelman icewind1991@gmail.com
-* 
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either 
-* version 3 of the License, or any later version.
-* 
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*  
-* You should have received a copy of the GNU Lesser General Public 
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-* 
-*/
-
-//note this file is for getting files themselves, get_files.php is for getting a list of files.
-
-require_once('../inc/lib_base.php');
-
-if(!function_exists('sys_get_temp_dir')) {
-    function sys_get_temp_dir() {
-        if( $temp=getenv('TMP') )        return $temp;
-        if( $temp=getenv('TEMP') )        return $temp;
-        if( $temp=getenv('TMPDIR') )    return $temp;
-        $temp=tempnam(__FILE__,'');
-        if (file_exists($temp)) {
-          unlink($temp);
-          return dirname($temp);
-        }
-        return null;
-    }
-}
-
-function addDir($dir,$zip,$internalDir=''){
-    $dirname=basename($dir);
-    $zip->addEmptyDir($internalDir.$dirname);
-    $internalDir.=$dirname.='/';
-    $files=OC_FILES::getdirectorycontent($dir);
-    foreach($files as $file){
-        $filename=$file['name'];
-        $file=$dir.'/'.$filename;
-        if(is_file($file)){
-            $zip->addFile($file,$internalDir.$filename);
-        }elseif(is_dir($file)){
-            addDir($file,$zip,$internalDir);
-        }
-    }
-}
-
-$files=$_GET['files'];
-$dir=(isset($_GET['dir']))?$_GET['dir']:'';
-if(strstr($files,'..') or strstr($dir,'..')){
-    die();
-}
-if(strpos($files,',')){
-    $files=explode(',',$files);
-}
-
-
-if(is_array($files)){
-    $zip = new ZipArchive();
-    $filename = sys_get_temp_dir()."/ownCloud.zip";
-    if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
-        exit("cannot open <$filename>\n");
-    }
-    foreach($files as $file){
-        $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
-        if(is_file($file)){
-            $zip->addFile($file,basename($file));
-        }elseif(is_dir($file)){
-            addDir($file,$zip);
-        }
-    }
-    $zip->close();
-}elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){
-    $zip = new ZipArchive();
-    $filename = sys_get_temp_dir()."/ownCloud.zip";
-    if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
-        exit("cannot open <$filename>\n");
-    }
-    $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
-    addDir($file,$zip);
-    $zip->close();
-}else{
-    $zip=false;
-    $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
-}
-header('Content-Description: File Transfer');
-header('Content-Type: application/octet-stream');
-header('Content-Disposition: attachment; filename='.basename($filename));
-header('Content-Transfer-Encoding: binary');
-header('Expires: 0');
-header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
-header('Pragma: public');
-header('Content-Length: ' . filesize($filename));
-ob_end_clean();
-readfile($filename);
-if($zip){
-    unlink($filename);
-}
-?>
\ No newline at end of file
diff --git a/files/get_files.php b/files/get_files.php
index 287b8cd453..21866dbf63 100644
--- a/files/get_files.php
+++ b/files/get_files.php
@@ -47,12 +47,14 @@ $dirname=(isset($files[0]))?$files[0]['directory']:'';
 $dirname=substr($dirname,strrpos($dirname,'/'));
 $max_upload=min(return_bytes(ini_get('post_max_size')),return_bytes(ini_get('upload_max_filesize')));
 ob_clean();
-echo "<?xml version='1.0' standalone='yes'?>\n";
+echo "<?xml version='1.0' encoding='UTF-8' standalone='yes'?>\n";
 echo "<dir name='$dirname' max_upload='$max_upload'>\n";
 if(is_array($files)){
 	foreach($files as $file){
 	$attributes='';
 	foreach($file as $name=>$data){
+		$data=utf8_encode($data);
+		$data=utf8tohtml($data);
 		$data=str_replace("'",'&#39;',$data);
 		if (is_string($name)) $attributes.=" $name='$data'";
 	}
@@ -60,5 +62,48 @@ if(is_array($files)){
 	echo "<file$attributes/>\n";
 	}
 }
-echo "\n</dir>";
+echo "</dir>";
+
+// converts a UTF8-string into HTML entities
+//  - $utf8:        the UTF8-string to convert
+//  - $encodeTags:  booloean. TRUE will convert "<" to "&lt;"
+//  - return:       returns the converted HTML-string
+function utf8tohtml($utf8, $encodeTags=true) {
+    $result = '';
+    for ($i = 0; $i < strlen($utf8); $i++) {
+        $char = $utf8[$i];
+        $ascii = ord($char);
+        if ($ascii < 128) {
+            // one-byte character
+            $result .= ($encodeTags) ? htmlentities($char) : $char;
+        } else if ($ascii < 192) {
+            // non-utf8 character or not a start byte
+        } else if ($ascii < 224) {
+            // two-byte character
+            $result .= htmlentities(substr($utf8, $i, 2), ENT_QUOTES, 'UTF-8');
+            $i++;
+        } else if ($ascii < 240) {
+            // three-byte character
+            $ascii1 = ord($utf8[$i+1]);
+            $ascii2 = ord($utf8[$i+2]);
+            $unicode = (15 & $ascii) * 4096 +
+                       (63 & $ascii1) * 64 +
+                       (63 & $ascii2);
+            $result .= "&#$unicode;";
+            $i += 2;
+        } else if ($ascii < 248) {
+            // four-byte character
+            $ascii1 = ord($utf8[$i+1]);
+            $ascii2 = ord($utf8[$i+2]);
+            $ascii3 = ord($utf8[$i+3]);
+            $unicode = (15 & $ascii) * 262144 +
+                       (63 & $ascii1) * 4096 +
+                       (63 & $ascii2) * 64 +
+                       (63 & $ascii3);
+            $result .= "&#$unicode;";
+            $i += 3;
+        }
+    }
+    return $result;
+}
 ?>
\ No newline at end of file
diff --git a/files/move.php b/files/move.php
deleted file mode 100644
index 7103662c4a..0000000000
--- a/files/move.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-/**
-* ownCloud - ajax frontend
-*
-* @author Robin Appelman
-* @copyright 2010 Robin Appelman icewind1991@gmail.com
-* 
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either 
-* version 3 of the License, or any later version.
-* 
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*  
-* You should have received a copy of the GNU Lesser General Public 
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-* 
-*/
-require_once('../inc/lib_base.php');
-
-$sourceDir=$_GET['sourcedir'];
-$targetDir=$_GET['targetdir'];
-$source=$_GET['source'];
-$target=$_GET['target'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){
-	$target=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target.'/'.$source;
-	$source=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source;
-	rename($source,$target);
-}
-
-?>
\ No newline at end of file
diff --git a/files/new.php b/files/new.php
deleted file mode 100644
index c5d5608a56..0000000000
--- a/files/new.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-
-/**
-* ownCloud - ajax frontend
-*
-* @author Robin Appelman
-* @copyright 2010 Robin Appelman icewind1991@gmail.com
-* 
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either 
-* version 3 of the License, or any later version.
-* 
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*  
-* You should have received a copy of the GNU Lesser General Public 
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-* 
-*/
-require_once('../inc/lib_base.php');
-
-$dir=$_GET['dir'];
-$name=$_GET['name'];
-$type=$_GET['type'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false and strpos($name,'..')===false){
-	$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name;
-	if($type=='dir'){
-		mkdir($file);
-	}elseif($type=='file'){
-		$fileHandle=fopen($file, 'w') or die("can't open file");
-		fclose($fileHandle);
-	}
-}
-
-?>
\ No newline at end of file
diff --git a/inc/lib_files.php b/inc/lib_files.php
index 9c6cb25346..a4e1c6a5a4 100755
--- a/inc/lib_files.php
+++ b/inc/lib_files.php
@@ -29,132 +29,197 @@
  */
 class OC_FILES {
 
-  /**
-   * show a web GUI filebrowser
-   *
-   * @param basedir $basedir
-   * @param dir $dir
-   */
- public static function showbrowser($basedir,$dir){/*
-    global $CONFIG_DATEFORMAT;
-    global $WEBROOT;
+	/**
+	* show a web GUI filebrowser
+	*
+	* @param basedir $basedir
+	* @param dir $dir
+	*/
+	public static function showbrowser($basedir,$dir){
+	echo '<div id="content"></div>';
+	}
 
-    $directory=$basedir.'/'.$dir;
-
-    // exit if try to access files outside our directory
-    if(strstr($dir,'..')<>false) exit();
-    $directory=realpath($directory);
-
-    $dirs=explode('/',$dir);
-
-    // breadcrumb
-    if(count($dirs)>1) {
-      echo('<div class="center"><table cellpadding="2" cellspacing="0" border="0"><tr>');
-      echo('<td class="nametext"><a href="'.$WEBROOT.'/">home</a></td>');
-      $currentdir='';
-      foreach($dirs as $d) {
-        $currentdir.='/'.$d.'';
-        if($d<>'') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$currentdir.'"><img src="'.$WEBROOT.'/img/arrow.png" />&nbsp;'.$d.'</a></td>');
-      }
-      echo('</tr></table></div>');
-    }
-
-    // files and directories
-    echo('<div class="center"><table cellpadding="6" cellspacing="0" border="0" class="browser">');
-    $filesfound=false;
-    $content=self::getdirectorycontent($directory);
-    if($content){
-       foreach($content as $file){
-          echo('<tr class="browserline">');
-          OC_UTIL::showicon($file['type']);
-          if($file['type']=='dir') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$dir.'/'.$file['name'].'">'.$file['name'].'</a></td>');
-          if($file['type']<>'dir') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$dir.'&file='.$file['name'].'">'.$file['name'].'</a></td>');
-          if($file['type']<>'dir') echo('<td class="sizetext">'.$file['size'].' byte</td>'); else echo('<td></td>');
-          echo('<td class="sizetext">'.date($CONFIG_DATEFORMAT,$file['mtime']).'</td>');
-          echo('</tr>');
-       }
-    }
-    echo('</table>');
-    if(!$content) echo('<p>no files here</p>');
-    echo('</div>');*/
-    echo '<div id="content"></div>';
-  }
-  
-  /**
-   * get the content of a directory
-   * @param dir $directory
-   */
-  public static function getdirectorycontent($directory){
-     $filesfound=true;
-     $content=array();
-     $dirs=array();
-     $file=array();
-     $files=array();
-     if (is_dir($directory)) {
-      if ($dh = opendir($directory)) {
-        while (($filename = readdir($dh)) !== false) {
-          if($filename<>'.' and $filename<>'..'){
-            $file=array();
-            $filesfound=true;
-            $file['name']=$filename;
-            $file['directory']=$directory;
-            $stat=stat($directory.'/'.$filename);
-            $file=array_merge($file,$stat);
-            $file['type']=filetype($directory .'/'. $filename);
-            if($file['type']=='dir'){
-               $dirs[$file['name']]=$file;
-            }else{
-               $files[$file['name']]=$file;
-            }
-          }
-        }
-      closedir($dh);
-      }
-    }
-    ksort($dirs);
-    ksort($files);
-    $content=array_merge($dirs,$files);
-    if($filesfound){
-       return $content;
-    }else{
-       return false;
-    }
-  }
+	/**
+	* get the content of a directory
+	* @param dir $directory
+	*/
+	public static function getdirectorycontent($directory){
+		$filesfound=true;
+		$content=array();
+		$dirs=array();
+		$file=array();
+		$files=array();
+		if (is_dir($directory)) {
+			if ($dh = opendir($directory)) {
+			while (($filename = readdir($dh)) !== false) {
+				if($filename<>'.' and $filename<>'..'){
+				$file=array();
+				$filesfound=true;
+				$file['name']=$filename;
+				$file['directory']=$directory;
+				$stat=stat($directory.'/'.$filename);
+				$file=array_merge($file,$stat);
+				$file['type']=filetype($directory .'/'. $filename);
+				if($file['type']=='dir'){
+					$dirs[$file['name']]=$file;
+				}else{
+					$files[$file['name']]=$file;
+				}
+				}
+			}
+			closedir($dh);
+			}
+		}
+		ksort($dirs);
+		ksort($files);
+		$content=array_merge($dirs,$files);
+		if($filesfound){
+			return $content;
+		}else{
+			return false;
+		}
+	}
 
 
 
-  /**
-   * return the cntent of a file
-   *
-   * @param dir  $dir
-   * @param file $file
-   */
-  public static function get($dir,$file){
-    if(isset($_SESSION['username']) and $_SESSION['username']<>'') {
-      global $CONFIG_DATADIRECTORY;
-      $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
-
-      // exit if try to access files outside our directory
-      if(strstr($filename,'..')<>false) exit();
-
-      OC_LOG::event($_SESSION['username'],3,$dir.'/'.$file);
-
-      header('Content-Description: File Transfer');
-      header('Content-Type: application/octet-stream');
-      header('Content-Disposition: attachment; filename='.basename($file));
-      header('Content-Transfer-Encoding: binary');
-      header('Expires: 0');
-      header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
-      header('Pragma: public');
-      header('Content-Length: ' . filesize($filename));
-      readfile($filename);
-    }
-    exit;
-  }
-
-
+	/**
+	* return the content of a file or return a zip file containning multiply files
+	*
+	* @param dir  $dir
+	* @param file $file
+	*/
+	public static function get($dir,$files){
+		global $CONFIG_DATADIRECTORY;
+		if(strstr($files,'..') or strstr($dir,'..')){
+			die();
+		}
+		if(is_array($files)){
+			$zip = new ZipArchive();
+			$filename = sys_get_temp_dir()."/ownCloud.zip";
+			if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
+				exit("cannot open <$filename>\n");
+			}
+			foreach($files as $file){
+				$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
+				if(is_file($file)){
+					$zip->addFile($file,basename($file));
+				}elseif(is_dir($file)){
+					zipAddDir($file,$zip);
+				}
+			}
+			$zip->close();
+		}elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){
+			$zip = new ZipArchive();
+			$filename = sys_get_temp_dir()."/ownCloud.zip";
+			if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
+				exit("cannot open <$filename>\n");
+			}
+			$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
+			zipAddDir($file,$zip);
+			$zip->close();
+		}else{
+			$zip=false;
+			$filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
+		}
+		header('Content-Description: File Transfer');
+		header('Content-Type: application/octet-stream');
+		header('Content-Disposition: attachment; filename='.basename($filename));
+		header('Content-Transfer-Encoding: binary');
+		header('Expires: 0');
+		header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+		header('Pragma: public');
+		header('Content-Length: ' . filesize($filename));
+		ob_end_clean();
+		readfile($filename);
+		if($zip){
+			unlink($filename);
+		}
+	}
+	
+	/**
+	* move a file or folder
+	*
+	* @param dir  $sourceDir
+	* @param file $source
+	* @param dir  $targetDir
+	* @param file $target
+	*/
+	public static function move($sourceDir,$source,$targetDir,$target){
+		global $CONFIG_DATADIRECTORY;
+		if(OC_USER::isLoggedIn() and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){
+			$targetFile=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target;
+			$sourceFile=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source;
+			rename($sourceFile,$targetFile);
+		}
+	}
+	
+	/**
+	* create a new file or folder
+	*
+	* @param dir  $dir
+	* @param file $name
+	* @param type $type
+	*/
+	public static function newfile($dir,$name,$type){
+		global $CONFIG_DATADIRECTORY;
+		if(OC_USER::isLoggedIn() and strpos($dir,'..')===false and strpos($name,'..')===false){
+			$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name;
+			if($type=='dir'){
+				mkdir($file);
+			}elseif($type=='file'){
+				$fileHandle=fopen($file, 'w') or die("can't open file");
+				fclose($fileHandle);
+			}
+		}
+	}
+	
+	/**
+	* deletes a file or folder
+	*
+	* @param dir  $dir
+	* @param file $name
+	*/
+	public static function delete($dir,$file){
+		global $CONFIG_DATADIRECTORY;
+		if(OC_USER::isLoggedIn() and strpos($dir,'..')===false){
+			$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
+			if(is_file($file)){
+				unlink($file);
+			}elseif(is_dir($file)){
+				rmdir($file);
+			}
+		}
+	}
 }
 
+function zipAddDir($dir,$zip,$internalDir=''){
+    $dirname=basename($dir);
+    $zip->addEmptyDir($internalDir.$dirname);
+    $internalDir.=$dirname.='/';
+    $files=OC_FILES::getdirectorycontent($dir);
+    foreach($files as $file){
+        $filename=$file['name'];
+        $file=$dir.'/'.$filename;
+        if(is_file($file)){
+            $zip->addFile($file,$internalDir.$filename);
+        }elseif(is_dir($file)){
+            zipAddDir($file,$zip,$internalDir);
+        }
+    }
+}
 
+if(!function_exists('sys_get_temp_dir')) {
+    function sys_get_temp_dir() {
+        if( $temp=getenv('TMP') )        return $temp;
+        if( $temp=getenv('TEMP') )        return $temp;
+        if( $temp=getenv('TMPDIR') )    return $temp;
+        $temp=tempnam(__FILE__,'');
+        if (file_exists($temp)) {
+          unlink($temp);
+          return dirname($temp);
+        }
+        return null;
+    }
+}
 
-?>
+?>
\ No newline at end of file
diff --git a/files/delete.php b/js/lib_api.js
similarity index 67%
rename from files/delete.php
rename to js/lib_api.js
index 7d19a45a73..51fc843967 100644
--- a/files/delete.php
+++ b/js/lib_api.js
@@ -1,5 +1,3 @@
-<?php
-
 /**
 * ownCloud - ajax frontend
 *
@@ -20,17 +18,17 @@
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
-require_once('../inc/lib_base.php');
 
-$dir=$_GET['dir'];
-$file=$_GET['file'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){
-	$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
-	if(is_file($file)){
-		unlink($file);
-	}elseif(is_dir($file)){
-		rmdir($file);
+OC_API=new Object();
+
+OC_API.run=function(action,params,callback,callbackparams){
+	var xmlloader=new OCXMLLoader();
+	xmlloader.setCallBack(callback);
+	xmlloader.method="POST";
+	var paramString='action='+action;
+	for(name in params){
+		paramString+='&'+name+'='+encodeURIComponent(params[name]);
 	}
-}
-
-?>
\ No newline at end of file
+	xmlloader.arg=callbackparams;
+	xmlloader.load('files/api.php',paramString);
+}
\ No newline at end of file
diff --git a/js/lib_files.js b/js/lib_files.js
index c231af2f03..7c23ee16a9 100644
--- a/js/lib_files.js
+++ b/js/lib_files.js
@@ -87,6 +87,10 @@ OC_FILES.getdirectorycontent=function(dir,callback,refresh){
 
 OC_FILES.dir='';
 
+OC_FILES.get=function(dir,file){
+	window.location='files/get_file.php?dir='+encodeURIComponent(dir)+'&files='+encodeURIComponent(file);
+}
+
 OC_FILES.upload=function(dir,iframeId){
 	var file=new Object;
 	var fileSelector=document.getElementById('fileSelector');
@@ -133,7 +137,7 @@ OC_FILES.upload_callback=function(iframeId){
 	if(OC_FILES.cache.incomplete[file.dir][file.name]){
 		OC_FILES.browser.files.remove(file.name);
 		OC_FILES.cache.files[file.name]=OC_FILES.cache.incomplete[file.dir][file.name]
-		delete OC_FILES.cache.incomplete[file.dir][file.name];
+		OC_FILES.cache.incomplete[file.dir][file.name]=null;
 		OC_FILES.cache.files[file.name]['type']=file.type;
 		this.uploadForm.parentNode.removeChild(this.uploadForm);
 		this.parentNode.removeChild(this);
@@ -154,14 +158,12 @@ OC_FILES.rename=function(dir,file,event){
 		OC_FILES.browser.show(OC_FILES.dir);
 		return false;
 	}
-	xmlloader=new OCXMLLoader();
-	xmlloader.setCallBack(OC_FILES.rename_callback);
-	xmlloader.arg=new Object;
-	xmlloader.arg.oldname=file;
-	xmlloader.arg.newname=newname;
-	xmlloader.arg.dir=dir;
-	xmlloader.arg.type=OC_FILES.cache.files[file]['type'];
-	xmlloader.load('files/rename.php?dir='+dir+'&file='+file+'&newname='+newname);
+	arg=new Object;
+	arg.oldname=file;
+	arg.newname=newname;
+	arg.dir=dir;
+	arg.type=OC_FILES.cache.files[file]['type'];
+	OC_API.run('rename',{dir:dir,file:file,newname:newname},OC_FILES.rename_callback,arg)
 	if(!OC_FILES.cache.incomplete[dir]){
 		OC_FILES.cache.incomplete[dir]=Array();
 	}
@@ -184,12 +186,9 @@ OC_FILES.rename_callback=function(req,file){
 }
 
 OC_FILES.remove=function(dir,file){
-	remove=confirm('remove file \''+file+'\'?');
+	remove=confirm('delete file \''+file+'\'?');
 	if(remove){
-		xmlloader=new OCXMLLoader();
-		xmlloader.setCallBack(OC_FILES.remove_callback);
-		xmlloader.arg=file;
-		xmlloader.load('files/delete.php?dir='+dir+'&file='+file);
+		OC_API.run('delete',{dir:dir,file:file},OC_FILES.remove_callback,file)
 		OC_FILES.browser.files.remove(file);
 		delete OC_FILES.cache.files[file];
 	}
@@ -212,13 +211,11 @@ OC_FILES.getSelected=function(){
 }
 
 OC_FILES.newFile=function(type,name,dir){
-	xmlloader=new OCXMLLoader();
-	xmlloader.arg=new Object;
-	xmlloader.arg.name=name;
-	xmlloader.arg.dir=dir;
-	xmlloader.arg.type=type;
-	xmlloader.setCallBack(OC_FILES.new_callback);
-	xmlloader.load('files/new.php?type='+type+'&dir='+dir+'&name='+name);
+	arg=new Object;
+	arg.name=name;
+	arg.dir=dir;
+	arg.type=type;
+	OC_API.run('new',{dir:dir,name:name,type:type},OC_FILES.new_callback,arg)
 	if(!OC_FILES.cache.incomplete[dir]){
 		OC_FILES.cache.incomplete[dir]=Array();
 	}
@@ -248,17 +245,15 @@ OC_FILES.move=function(source,target,sourceDir,targetDir){
 		if(!OC_FILES.cache.incomplete[targetDir+'/'+target]){
 			OC_FILES.cache.incomplete[targetDir+'/'+target]=Array();
 		}
-		xmlloader=new OCXMLLoader();
-		xmlloader.arg=new Object;
-		xmlloader.arg.source=source;
-		xmlloader.arg.target=target;
-		xmlloader.arg.sourceDir=sourceDir;
-		xmlloader.arg.targetDir=targetDir;
-		xmlloader.arg.type=OC_FILES.cache.files[source]['type'];
+		arg=new Object;
+		arg.source=source;
+		arg.target=target;
+		arg.sourceDir=sourceDir;
+		arg.targetDir=targetDir;
+		arg.type=OC_FILES.cache.files[source]['type'];
 		OC_FILES.cache.files[source]['type']='incomplete';
-		OC_FILES.cache.incomplete[targetDir+'/'+target][source]=OC_FILES.cache.files[source]
-		xmlloader.setCallBack(OC_FILES.move_callback);
-		xmlloader.load('files/move.php?sourcedir='+sourceDir+'&targetdir='+targetDir+'&source='+source+'&target='+target);
+		OC_FILES.cache.incomplete[targetDir+'/'+target][source]=OC_FILES.cache.files[source];
+		OC_API.run('move',{sourcedir:sourceDir,source:source,targetdir:targetDir,target:target},OC_FILES.move_callback,arg);
 	}
 }
 
@@ -293,11 +288,12 @@ OC_FILES.actions_selected.download=function(){
     if(files.length==0){
         return false;
     }else if(files.length>1){
-        files.join(';');
+        files=files.join(';');
     }else{
         files=files[0];
     }
-    window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files;
+    OC_FILES.get(dir,files);
+//     window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files;
 }
 
 OC_FILES.actions_selected['delete']=function(){
@@ -361,7 +357,7 @@ OC_FILES.fileActions.all.rename=function(){
     OC_FILES.browser.show_rename(this.dir,this.file);
 }
 OC_FILES.fileActions.all.download=function(){
-    window.location=WEBROOT+'/files/get_file.php?dir='+this.dir+'&files='+this.file;
+	OC_FILES.get(this.dir,this.file);
 }
 OC_FILES.fileActions.all['default']=OC_FILES.fileActions.all.download;
 
@@ -373,13 +369,12 @@ OC_FILES.fileActions.dir.open=function(){
 OC_FILES.fileActions.dir['default']=OC_FILES.fileActions.dir.open;
 
 OC_FILES.fileActions.dir.dropOn=function(file){
-	OC_FILES.move(file.file,this.file,file.dir,this.dir);
+	OC_FILES.move(file.file,file.file,file.dir,this.dir+'/'+this.file);
 }
 
 OC_FILES.fileActions.jpg=new Object()
 
 OC_FILES.fileActions.jpg.show=function(){
-//     window.open(WEBROOT+'/files/open_file.php?dir='+this.dir+'&file='+this.file);
 	OC_FILES.browser.showImage(this.dir,this.file);
 }