From 8a0dc774bc8782874a0b3f6600e3c4a949004128 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Sat, 19 May 2012 18:20:23 +0200 Subject: [PATCH 001/625] 4 --- lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/util.php b/lib/util.php index d8f440c1d2..6e57fc7f8a 100644 --- a/lib/util.php +++ b/lib/util.php @@ -82,7 +82,7 @@ class OC_Util { * @return string */ public static function getVersionString(){ - return '4 RC2'; + return '4'; } /** From d7c09d8bb5abe5b67c95333f1e69490b74db039e Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Sun, 20 May 2012 10:59:37 +0200 Subject: [PATCH 002/625] add a warning --- apps/files_encryption/appinfo/info.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/files_encryption/appinfo/info.xml b/apps/files_encryption/appinfo/info.xml index 06807813ea..ad87763a22 100644 --- a/apps/files_encryption/appinfo/info.xml +++ b/apps/files_encryption/appinfo/info.xml @@ -2,7 +2,7 @@ files_encryption Encryption - Server side encryption of files + Server side encryption of files. Warning: You will lose your data if you enable this App and forget your password. AGPL Robin Appelman 4 From 3b4c47c52e1d8d45949806fd7d248ade7592e6d1 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 20 May 2012 18:49:13 +0200 Subject: [PATCH 003/625] files app is always enabled --- lib/app.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/app.php b/lib/app.php index c4cdd21683..e3e9df0e00 100644 --- a/lib/app.php +++ b/lib/app.php @@ -155,7 +155,7 @@ class OC_App{ * This function checks whether or not an app is enabled. */ public static function isEnabled( $app ){ - if( 'yes' == OC_Appconfig::getValue( $app, 'enabled' )){ + if( 'files'==$app or 'yes' == OC_Appconfig::getValue( $app, 'enabled' )){ return true; } From 3775c0d8b222d1f53ec7759d32fc63f20e99d1e1 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 20 May 2012 18:51:45 +0200 Subject: [PATCH 004/625] dont throw errors when apps dont have types configured --- lib/app.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/app.php b/lib/app.php index e3e9df0e00..8ec042ddd6 100644 --- a/lib/app.php +++ b/lib/app.php @@ -114,7 +114,11 @@ class OC_App{ self::$appTypes=OC_Appconfig::getValues(false,'types'); } - return explode(',',self::$appTypes[$app]); + if(isset(self::$appTypes[$app])){ + return explode(',',self::$appTypes[$app]); + }else{ + return array(); + } } /** From 54a371700554ed21a5cb7db03126b6c95ae4cbd3 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Mon, 21 May 2012 21:49:35 +0200 Subject: [PATCH 005/625] Contacts: Backport XSS fix. --- apps/contacts/lib/vcard.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/apps/contacts/lib/vcard.php b/apps/contacts/lib/vcard.php index 91ae3a7514..2414efe676 100644 --- a/apps/contacts/lib/vcard.php +++ b/apps/contacts/lib/vcard.php @@ -188,6 +188,9 @@ class OC_Contacts_VCard{ if($upgrade && in_array($property->name, $stringprops)) { self::decodeProperty($property); } + if(in_array($property->name, $stringprops)) { + $property->value = strip_tags($property->value); + } // Fix format of type parameters. if($upgrade && in_array($property->name, $typeprops)) { OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. before: '.$property->serialize(),OCP\Util::DEBUG); From 647888eea27442111b12c5f655b0895f8a83dc01 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Tue, 22 May 2012 12:35:28 +0200 Subject: [PATCH 006/625] add a ldap encryption warning --- apps/files_encryption/appinfo/info.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/files_encryption/appinfo/info.xml b/apps/files_encryption/appinfo/info.xml index ad87763a22..8e64b0cafd 100644 --- a/apps/files_encryption/appinfo/info.xml +++ b/apps/files_encryption/appinfo/info.xml @@ -2,7 +2,7 @@ files_encryption Encryption - Server side encryption of files. Warning: You will lose your data if you enable this App and forget your password. + Server side encryption of files. Warning: You will lose your data if you enable this App and forget your password. Encryption is not yet compatible with LDAP. AGPL Robin Appelman 4 From 20e9903396a945676e2107d3497bd152be0f2691 Mon Sep 17 00:00:00 2001 From: Brice Maron Date: Wed, 23 May 2012 21:02:34 +0000 Subject: [PATCH 007/625] Correct small style problem with task app fix #oc-689 --- apps/tasks/css/style.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/tasks/css/style.css b/apps/tasks/css/style.css index d78521bc09..3cf175e646 100644 --- a/apps/tasks/css/style.css +++ b/apps/tasks/css/style.css @@ -32,7 +32,7 @@ .task .completed {position:absolute;left:3em;top:0.3em;} -.task .summary{padding-left:4em;} +.task .summary{padding-left:4em;height:2em;} .task .summary input{position:relative;left:5px;} .task.done .summary{text-decoration:line-through;} From f97f1b4266b92bb0efae7436d7ede1f03a4dbdaf Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Thu, 24 May 2012 00:47:03 +0200 Subject: [PATCH 008/625] use UTC instead of Berlin as default --- lib/base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/base.php b/lib/base.php index fb2d978f44..f6c29a51dd 100644 --- a/lib/base.php +++ b/lib/base.php @@ -321,7 +321,7 @@ class OC{ ini_set('display_errors', 1); } - date_default_timezone_set('Europe/Berlin'); + date_default_timezone_set('UTC'); ini_set('arg_separator.output','&'); //try to configure php to enable big file uploads. From d8ca4f78cf6c09562a46b3b5341e828e1e61b318 Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Wed, 23 May 2012 19:35:29 -0400 Subject: [PATCH 009/625] Fix private link sharing via email, fix for bug oc-750 --- apps/files_sharing/js/share.js | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js index a1fa3bb458..96c9017dbf 100644 --- a/apps/files_sharing/js/share.js +++ b/apps/files_sharing/js/share.js @@ -361,7 +361,6 @@ $(document).ready(function() { }); $('#emailPrivateLink').live('submit', function() { - event.preventDefault(); OC.Share.emailPrivateLink(); }); }); \ No newline at end of file From 2774ff1ad8fac22a0bededeb641fa4c2e3f15186 Mon Sep 17 00:00:00 2001 From: Brice Maron Date: Thu, 24 May 2012 22:48:10 +0000 Subject: [PATCH 010/625] Add HEAD request management for files ajax/download.php --- apps/files/ajax/download.php | 2 +- lib/files.php | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/files/ajax/download.php b/apps/files/ajax/download.php index fd2d9b891f..e9373f5f6a 100644 --- a/apps/files/ajax/download.php +++ b/apps/files/ajax/download.php @@ -33,5 +33,5 @@ OCP\User::checkLoggedIn(); $files = $_GET["files"]; $dir = $_GET["dir"]; -OC_Files::get($dir,$files); +OC_Files::get($dir, $files, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false); ?> diff --git a/lib/files.php b/lib/files.php index b405cf1749..e0c78d22c2 100644 --- a/lib/files.php +++ b/lib/files.php @@ -52,8 +52,9 @@ class OC_Files { * * @param dir $dir * @param file $file ; seperated list of files to download + * @param boolean $only_header ; boolean to only send header of the request */ - public static function get($dir,$files){ + public static function get($dir,$files, $only_header = false){ if(strpos($files,';')){ $files=explode(';',$files); } @@ -118,6 +119,11 @@ class OC_Files { header("HTTP/1.0 403 Forbidden"); die('403 Forbidden'); } + if($only_header){ + if(!$zip) + header("Content-Length: ".OC_Filesystem::filesize($filename)); + return ; + } if($zip){ $handle=fopen($filename,'r'); if ($handle) { From 1645f77aadc0c2f3271175516b2615aab89bea56 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Sat, 26 May 2012 15:23:46 +0200 Subject: [PATCH 011/625] fix share for users with a point within their name --- apps/calendar/js/calendar.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js index f50d0bd009..f24bd4dd92 100644 --- a/apps/calendar/js/calendar.js +++ b/apps/calendar/js/calendar.js @@ -506,10 +506,11 @@ Calendar={ }, dropdown:function(userid, calid){ $('.calendar_share_dropdown').remove(); - $('
').appendTo('#'+userid+'_'+calid); + var element = document.getElementById(userid+'_'+calid); + $('
').appendTo(element); $.get(OC.filePath('calendar', 'ajax/share', 'dropdown.php') + '?calid=' + calid, function(data){ - $('#'+userid+'_'+calid+' > .calendar_share_dropdown').html(data); - $('#'+userid+'_'+calid+' > .calendar_share_dropdown').show('blind'); + $('.calendar_share_dropdown').html(data); + $('.calendar_share_dropdown').show('blind'); $('#share_user').chosen(); $('#share_group').chosen(); }); From 54c421f384cc53ea9f10ee2eea255b6bfdfcc835 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Sat, 26 May 2012 20:40:12 +0200 Subject: [PATCH 012/625] check during ownCloud upgrade if all the installed apps are compatible with the new ownCloud version. Disable them if not --- lib/app.php | 37 ++++++++++++++++++++++++++++++++++--- settings/js/apps.js | 4 ++-- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/lib/app.php b/lib/app.php index 8ec042ddd6..78de0fa21b 100644 --- a/lib/app.php +++ b/lib/app.php @@ -4,7 +4,7 @@ * * @author Frank Karlitschek * @author Jakob Sack - * @copyright 2010 Frank Karlitschek karlitschek@kde.org + * @copyright 2012 Frank Karlitschek frank@owncloud.org * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE @@ -63,11 +63,14 @@ class OC_App{ // The rest comes here $apps = self::getEnabledApps(); + // prevent app.php from printing output + ob_start(); foreach( $apps as $app ){ if((is_null($types) or self::isType($app,$types))){ self::loadApp($app); } } + ob_end_clean(); self::$init = true; @@ -186,8 +189,16 @@ class OC_App{ } } if($app!==false){ - OC_Appconfig::setValue( $app, 'enabled', 'yes' ); - return true; + // check if the app is compatible with this version of ownCloud + $info=OC_App::getAppInfo($app); + $version=OC_Util::getVersion(); + if(!isset($info['require']) or ($version[0]>$info['require'])){ + OC_Log::write('core','App "'.$info['name'].'" can\'t be installed because it is not compatible with this version of ownCloud',OC_Log::ERROR); + return false; + }else{ + OC_Appconfig::setValue( $app, 'enabled', 'yes' ); + return true; + } }else{ return false; } @@ -514,6 +525,26 @@ class OC_App{ } } } + + // check if the current enabled apps are compatible with the current ownCloud version. disable them if not. + // this is important if you upgrade ownCloud and have non ported 3rd party apps installed + $apps =OC_App::getEnabledApps(); + $version=OC_Util::getVersion(); + foreach($apps as $app) { + + // check if the app is compatible with this version of ownCloud + $info=OC_App::getAppInfo($app); + if(!isset($info['require']) or ($version[0]>$info['require'])){ + OC_Log::write('core','App "'.$info['name'].'" can\'t be used because it is not compatible with this version of ownCloud',OC_Log::ERROR); + OC_App::disable( $app ); + } + + + + } + + + } /** diff --git a/settings/js/apps.js b/settings/js/apps.js index 8aa54463b3..f6e08b608b 100644 --- a/settings/js/apps.js +++ b/settings/js/apps.js @@ -41,7 +41,7 @@ $(document).ready(function(){ if(active){ $.post(OC.filePath('settings','ajax','disableapp.php'),{appid:app},function(result){ if(!result || result.status!='success'){ - OC.dialogs.alert('Error','Error while disabling app'); + OC.dialogs.alert('Error while disabling app','Error'); } else { element.data('active',false); @@ -54,7 +54,7 @@ $(document).ready(function(){ }else{ $.post(OC.filePath('settings','ajax','enableapp.php'),{appid:app},function(result){ if(!result || result.status!='success'){ - OC.dialogs.alert('Error','Error while enabling app'); + OC.dialogs.alert('Error while enabling app','Error'); } else { element.data('active',true); From 3db5fb891cd38736bcb15e859374f0ff81a8c32b Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sat, 26 May 2012 21:50:36 +0200 Subject: [PATCH 013/625] allow longer paths for gallery --- apps/gallery/appinfo/database.xml | 6 +++--- apps/gallery/appinfo/version | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/gallery/appinfo/database.xml b/apps/gallery/appinfo/database.xml index e3b13f7e93..f370e1521e 100644 --- a/apps/gallery/appinfo/database.xml +++ b/apps/gallery/appinfo/database.xml @@ -31,13 +31,13 @@ album_path text true - 100 + 256 parent_path text true - 100 + 256 @@ -63,7 +63,7 @@ file_path text true - 100 + 256 diff --git a/apps/gallery/appinfo/version b/apps/gallery/appinfo/version index 2b7c5ae018..17b2ccd9bf 100644 --- a/apps/gallery/appinfo/version +++ b/apps/gallery/appinfo/version @@ -1 +1 @@ -0.4.2 +0.4.3 From 5b7ef90d3a219cdc2e1c4c3fd52a86df9678c742 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Mon, 28 May 2012 10:49:27 +0200 Subject: [PATCH 014/625] add urlencode for caldav link --- apps/calendar/js/calendar.js | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js index f24bd4dd92..7bf0623d48 100644 --- a/apps/calendar/js/calendar.js +++ b/apps/calendar/js/calendar.js @@ -207,6 +207,7 @@ Calendar={ }, showCalDAVUrl:function(username, calname){ $('#caldav_url').val(totalurl + '/' + username + '/' + calname); + $('#caldav_url').val(encodeURI($('#caldav_url').val())); $('#caldav_url').show(); $("#caldav_url_close").show(); }, From 8bd6d862b8bcdafa136ed944ccc85b565cffdee7 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Mon, 28 May 2012 12:52:18 +0200 Subject: [PATCH 015/625] Please don't tell me I did that :-P --- apps/contacts/lib/vcard.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/contacts/lib/vcard.php b/apps/contacts/lib/vcard.php index 2414efe676..a8ad695f62 100644 --- a/apps/contacts/lib/vcard.php +++ b/apps/contacts/lib/vcard.php @@ -227,7 +227,7 @@ class OC_Contacts_VCard{ $vcard->setString('FN', $fn); OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. Added missing \'FN\' field: '.$fn,OCP\Util::DEBUG); } - if(!$n || $n = ';;;;'){ // Fix missing 'N' field. Ugly hack ahead ;-) + if(!$n || $n == ';;;;'){ // Fix missing 'N' field. Ugly hack ahead ;-) $slice = array_reverse(array_slice(explode(' ', $fn), 0, 2)); // Take 2 first name parts of 'FN' and reverse. if(count($slice) < 2) { // If not enought, add one more... $slice[] = ""; From 53da328aa18038d24738adb28d88ff0e63f2bc20 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Mon, 28 May 2012 12:56:56 +0200 Subject: [PATCH 016/625] Contacts: Double check XSS. --- apps/contacts/templates/part.contacts.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php index 00a61f72fd..5751750540 100644 --- a/apps/contacts/templates/part.contacts.php +++ b/apps/contacts/templates/part.contacts.php @@ -8,5 +8,5 @@ } } ?> -
  • +
  • From cf113409adf82d0834181dbdf4586fd2ad262898 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Mon, 28 May 2012 14:41:48 +0200 Subject: [PATCH 017/625] Contacts: Fix XSS. --- apps/contacts/js/contacts.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/contacts/js/contacts.js b/apps/contacts/js/contacts.js index 256b5ad6d0..34afdcc4e4 100644 --- a/apps/contacts/js/contacts.js +++ b/apps/contacts/js/contacts.js @@ -6,7 +6,7 @@ function ucwords (str) { String.prototype.strip_tags = function(){ tags = this; - stripped = tags.replace(/[\<\>]/gi, ""); + stripped = tags.replace(/<(.|\n)*?>/g, ''); return stripped; }; @@ -159,7 +159,7 @@ Contacts={ // Name has changed. Update it and reorder. $('#fn').change(function(){ - var name = $('#fn').val(); + var name = $('#fn').val().strip_tags(); var item = $('#contacts [data-id="'+Contacts.UI.Card.id+'"]'); $(item).find('a').html(name); var added = false; From 2f8412defc6e6adb3dee4ea81f450176a36527b2 Mon Sep 17 00:00:00 2001 From: Brice Maron Date: Mon, 28 May 2012 20:56:21 +0000 Subject: [PATCH 018/625] Set table prefix if not set in postgresql install --- lib/setup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/setup.php b/lib/setup.php index 8c2d523121..8137eb720e 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -145,7 +145,7 @@ class OC_Setup { $dbpass = $options['dbpass']; $dbname = $options['dbname']; $dbhost = $options['dbhost']; - $dbtableprefix = $options['dbtableprefix']; + $dbtableprefix = isset($options['dbtableprefix']) ? $options['dbtableprefix'] : 'oc_'; OC_CONFIG::setValue('dbname', $dbname); OC_CONFIG::setValue('dbhost', $dbhost); OC_CONFIG::setValue('dbtableprefix', $dbtableprefix); From d1f0261b5da3179acb0bc67c1fdd479b3deb37bc Mon Sep 17 00:00:00 2001 From: Brice Maron Date: Mon, 28 May 2012 20:41:39 +0000 Subject: [PATCH 019/625] Correct typo in last_insert_id for calendar and pg fix #oc-731 --- apps/calendar/lib/calendar.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/calendar/lib/calendar.php b/apps/calendar/lib/calendar.php index 1d00850804..869b35e2e1 100644 --- a/apps/calendar/lib/calendar.php +++ b/apps/calendar/lib/calendar.php @@ -109,7 +109,7 @@ class OC_Calendar_Calendar{ $stmt = OCP\DB::prepare( 'INSERT INTO *PREFIX*calendar_calendars (userid,displayname,uri,ctag,calendarorder,calendarcolor,timezone,components) VALUES(?,?,?,?,?,?,?,?)' ); $result = $stmt->execute(array($userid,$name,$uri,1,$order,$color,$timezone,$components)); - return OCP\DB::insertid('*PREFIX*calendar_calendar'); + return OCP\DB::insertid('*PREFIX*calendar_calendars'); } /** From 1c1ed52867123f682c17265ae62958c7d908d325 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Tue, 29 May 2012 13:12:37 +0200 Subject: [PATCH 020/625] fix status of timezone detection --- apps/calendar/ajax/settings/timezonedetection.php | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/apps/calendar/ajax/settings/timezonedetection.php b/apps/calendar/ajax/settings/timezonedetection.php index ba5f2af5fd..5f03f647b3 100644 --- a/apps/calendar/ajax/settings/timezonedetection.php +++ b/apps/calendar/ajax/settings/timezonedetection.php @@ -8,13 +8,9 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('calendar'); -if(array_key_exists('timezonedetection', $_POST)){ - if($_POST['timezonedetection'] == 'on'){ - OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'true'); - }else{ - OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'false'); - } - OCP\JSON::success(); +if(array_key_exists('timezonedetection', $_POST) && $_POST['timezonedetection'] == 'on'){ + OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'true'); }else{ - OCP\JSON::error(); -} \ No newline at end of file + OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'false'); +} +OCP\JSON::success(); \ No newline at end of file From 6515c5c1e77e4abd8e9d504c1cec6455946bf52c Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Tue, 29 May 2012 16:45:52 +0200 Subject: [PATCH 021/625] Contacts: NOTE wasn't saved properly. --- apps/contacts/ajax/saveproperty.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/apps/contacts/ajax/saveproperty.php b/apps/contacts/ajax/saveproperty.php index 1af05682b6..6509ac21f2 100644 --- a/apps/contacts/ajax/saveproperty.php +++ b/apps/contacts/ajax/saveproperty.php @@ -96,12 +96,9 @@ switch($element) { //$value = getOtherValue(); } break; - //case 'CATEGORIES': - /* multi autocomplete triggers an save with empty value - if (!$value) { - $value = $vcard->getAsString('CATEGORIES'); - } - break;*/ + case 'NOTE': + $value = str_replace('\n', '\\n', $value); + break; case 'EMAIL': $value = strtolower($value); break; From 1d983c28aa2c9494420a06fdd1ce2b7d0a56e050 Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Tue, 29 May 2012 12:31:47 -0400 Subject: [PATCH 022/625] Restrict requested app to apps directory --- lib/base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/base.php b/lib/base.php index f6c29a51dd..30d302b391 100644 --- a/lib/base.php +++ b/lib/base.php @@ -430,7 +430,7 @@ class OC{ register_shutdown_function(array('OC_Helper','cleanTmp')); //parse the given parameters - self::$REQUESTEDAPP = (isset($_GET['app'])?str_replace('\0', '', strip_tags($_GET['app'])):OC_Config::getValue('defaultapp', 'files')); + self::$REQUESTEDAPP = (isset($_GET['app'])?str_replace(array('\0', '/', '\\', '..'), '', strip_tags($_GET['app'])):OC_Config::getValue('defaultapp', 'files')); if(substr_count(self::$REQUESTEDAPP, '?') != 0){ $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1); From c1f7d320e8c8b344d48745314614dac8968a79b2 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Tue, 29 May 2012 22:18:07 +0200 Subject: [PATCH 023/625] mark as 4.0.1 pre --- lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/util.php b/lib/util.php index 6e57fc7f8a..e2ca9d0fc1 100644 --- a/lib/util.php +++ b/lib/util.php @@ -82,7 +82,7 @@ class OC_Util { * @return string */ public static function getVersionString(){ - return '4'; + return '4.0.1 pre'; } /** From 4dc7ed139bdc809d468d4d055a86221c8e3b6dd0 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Wed, 30 May 2012 14:18:47 +0200 Subject: [PATCH 024/625] =?UTF-8?q?don=C2=B4t=20hardcode=20/tmp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/contacts/ajax/currentphoto.php | 2 +- apps/contacts/ajax/oc_photo.php | 2 +- apps/contacts/ajax/savecrop.php | 2 +- apps/contacts/ajax/uploadimport.php | 2 +- apps/contacts/ajax/uploadphoto.php | 4 ++-- lib/helper.php | 2 +- lib/migrate.php | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/apps/contacts/ajax/currentphoto.php b/apps/contacts/ajax/currentphoto.php index d8afa060b1..d0654b17d6 100644 --- a/apps/contacts/ajax/currentphoto.php +++ b/apps/contacts/ajax/currentphoto.php @@ -40,7 +40,7 @@ if (!isset($_GET['id'])) { bailOut(OC_Contacts_App::$l10n->t('No contact ID was submitted.')); } -$tmpfname = tempnam("/tmp", "occOrig"); +$tmpfname = tempnam(get_temp_dir(), "occOrig"); $contact = OC_Contacts_App::getContactVCard($_GET['id']); $image = new OC_Image(); if(!$image) { diff --git a/apps/contacts/ajax/oc_photo.php b/apps/contacts/ajax/oc_photo.php index 085d2710f5..184217f2b7 100644 --- a/apps/contacts/ajax/oc_photo.php +++ b/apps/contacts/ajax/oc_photo.php @@ -42,7 +42,7 @@ if(!isset($_GET['path'])) { } $localpath = OC_Filesystem::getLocalFile($_GET['path']); -$tmpfname = tempnam("/tmp", "occOrig"); +$tmpfname = tempnam(get_temp_dir(), "occOrig"); if(!file_exists($localpath)) { bailOut(OC_Contacts_App::$l10n->t('File doesn\'t exist:').$localpath); diff --git a/apps/contacts/ajax/savecrop.php b/apps/contacts/ajax/savecrop.php index cd47030712..fe9e5c5b99 100644 --- a/apps/contacts/ajax/savecrop.php +++ b/apps/contacts/ajax/savecrop.php @@ -71,7 +71,7 @@ if(file_exists($tmp_path)) { OCP\Util::writeLog('contacts','savecrop.php, x: '.$x1.' y: '.$y1.' w: '.$w.' h: '.$h, OCP\Util::DEBUG); if($image->crop($x1, $y1, $w, $h)) { if(($image->width() <= 200 && $image->height() <= 200) || $image->resize(200)) { - $tmpfname = tempnam("/tmp", "occCropped"); // create a new file because of caching issues. + $tmpfname = tempnam(get_temp_dir(), "occCropped"); // create a new file because of caching issues. if($image->save($tmpfname)) { unlink($tmp_path); $card = OC_Contacts_App::getContactVCard($id); diff --git a/apps/contacts/ajax/uploadimport.php b/apps/contacts/ajax/uploadimport.php index f4a13e0a4b..b11f380fa8 100644 --- a/apps/contacts/ajax/uploadimport.php +++ b/apps/contacts/ajax/uploadimport.php @@ -67,7 +67,7 @@ if($error !== UPLOAD_ERR_OK) { } $file=$_FILES['importfile']; -$tmpfname = tempnam("/tmp", "occOrig"); +$tmpfname = tempnam(get_temp_dir(), "occOrig"); if(file_exists($file['tmp_name'])) { if($view->file_put_contents('/'.$tmpfile, file_get_contents($file['tmp_name']))) { debug($fn.' uploaded'); diff --git a/apps/contacts/ajax/uploadphoto.php b/apps/contacts/ajax/uploadphoto.php index 99015e2d50..dca8ede6d6 100644 --- a/apps/contacts/ajax/uploadphoto.php +++ b/apps/contacts/ajax/uploadphoto.php @@ -46,7 +46,7 @@ if ($fn) { exit(); } $id = $_GET['id']; - $tmpfname = tempnam('/tmp', 'occOrig'); + $tmpfname = tempnam(get_temp_dir(), 'occOrig'); file_put_contents($tmpfname, file_get_contents('php://input')); debug($tmpfname.' uploaded'); $image = new OC_Image(); @@ -93,7 +93,7 @@ if($error !== UPLOAD_ERR_OK) { } $file=$_FILES['imagefile']; -$tmpfname = tempnam("/tmp", "occOrig"); +$tmpfname = tempnam(get_temp_dir(), "occOrig"); if(file_exists($file['tmp_name'])) { $image = new OC_Image(); if($image->loadFromFile($file['tmp_name'])) { diff --git a/lib/helper.php b/lib/helper.php index 31819d2e3f..6a2b3a6897 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -514,7 +514,7 @@ class OC_Helper { * remove all files created by self::tmpFile */ public static function cleanTmp(){ - $leftoversFile='/tmp/oc-not-deleted'; + $leftoversFile=get_temp_dir().'/oc-not-deleted'; if(file_exists($leftoversFile)){ $leftovers=file($leftoversFile); foreach($leftovers as $file) { diff --git a/lib/migrate.php b/lib/migrate.php index 8fb949d66e..f9cab915d0 100644 --- a/lib/migrate.php +++ b/lib/migrate.php @@ -146,7 +146,7 @@ class OC_Migrate{ case 'instance': self::$content = new OC_Migration_Content( self::$zip ); // Creates a zip that is compatable with the import function - $dbfile = tempnam( "/tmp", "owncloud_export_data_" ); + $dbfile = tempnam( get_temp_dir(), "owncloud_export_data_" ); OC_DB::getDbStructure( $dbfile, 'MDB2_SCHEMA_DUMP_ALL'); // Now add in *dbname* and *dbprefix* From 93849916bbcc121196702015d7788d6ec226784c Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Sat, 26 May 2012 16:38:37 +0200 Subject: [PATCH 025/625] LDAP: support for 'member' as group-member-association --- apps/user_ldap/group_ldap.php | 3 ++- apps/user_ldap/templates/settings.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index 01aa2220df..b3ff6c5388 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -85,7 +85,8 @@ class OC_GROUP_LDAP extends OC_Group_Backend { } //uniqueMember takes DN, memberuid the uid, so we need to distinguish - if(strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember') { + if((strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember') + || (strtolower($this->ldapGroupMemberAssocAttr) == 'member')) { $uid = $userDN; } else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') { $result = OC_LDAP::readAttribute($userDN, 'uid'); diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index d6c1a8ec0e..ac263ed68c 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -17,7 +17,7 @@

    -

    +

    >

    >

    From 449b9b92f026b967f261b6c46a99647bfb2b11bd Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 30 May 2012 22:34:51 +0200 Subject: [PATCH 026/625] LDAP: fix wrong value for input type --- apps/user_ldap/templates/settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index ac263ed68c..34c4f8f9d9 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -17,7 +17,7 @@

    -

    +

    >

    >

    From f4577bf00cf24698d63be7312f1330194f98daa5 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Wed, 30 May 2012 23:55:27 +0200 Subject: [PATCH 027/625] fix for pgsql database migration --- 3rdparty/MDB2/Driver/Manager/pgsql.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/3rdparty/MDB2/Driver/Manager/pgsql.php b/3rdparty/MDB2/Driver/Manager/pgsql.php index a7b776cc1b..f2c2137dc8 100644 --- a/3rdparty/MDB2/Driver/Manager/pgsql.php +++ b/3rdparty/MDB2/Driver/Manager/pgsql.php @@ -410,6 +410,9 @@ class MDB2_Driver_Manager_pgsql extends MDB2_Driver_Manager_Common } $db->loadModule('Datatype', null, true); $type = $db->datatype->getTypeDeclaration($field['definition']); + if($type=='SERIAL PRIMARY KEY'){//not correct when altering a table, since serials arent a real type + $type='INTEGER';//use integer instead + } $query = "ALTER $field_name TYPE $type USING CAST($field_name AS $type)"; $result = $db->exec("ALTER TABLE $name $query"); if (PEAR::isError($result)) { From 7ec3e37199c28cd289699e226254b571ca5c5938 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Thu, 31 May 2012 13:06:27 +0200 Subject: [PATCH 028/625] LDAP: make queries compatible also with PostgreSQL --- apps/user_ldap/lib_ldap.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php index 5cd7e0241b..b900a67ec3 100644 --- a/apps/user_ldap/lib_ldap.php +++ b/apps/user_ldap/lib_ldap.php @@ -366,19 +366,24 @@ class OC_LDAP { $table = self::getMapTable($isUser); $dn = self::sanitizeDN($dn); - $sqliteAdjustment = ''; + $sqlAdjustment = ''; $dbtype = OCP\Config::getSystemValue('dbtype'); - if(($dbtype == 'sqlite') || ($dbtype == 'sqlite3')) { - $sqliteAdjustment = 'OR'; + if($dbtype == 'mysql') { + $sqlAdjustment = 'FROM dual'; } $insert = OCP\DB::prepare(' - INSERT '.$sqliteAdjustment.' IGNORE INTO '.$table.' - (ldap_dn, owncloud_name) - VALUES (?,?) + INSERT INTO '.$table.' (ldap_dn, owncloud_name) + SELECT ?,? + '.$sqlAdjustment.' + WHERE NOT EXISTS ( + SELECT 1 + FROM '.$table.' + WHERE ldap_dn = ? + AND owncloud_name = ? ) '); - $res = $insert->execute(array($dn, $ocname)); + $res = $insert->execute(array($dn, $ocname, $dn, $ocname)); return !OCP\DB::isError($res); } From 00595351400523168e18a08e3ffa5c3b1e7c1f6e Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Thu, 31 May 2012 20:00:46 +0200 Subject: [PATCH 029/625] fix potential XSS --- apps/calendar/templates/part.choosecalendar.rowfields.php | 2 +- .../calendar/templates/part.choosecalendar.rowfields.shared.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.php b/apps/calendar/templates/part.choosecalendar.rowfields.php index 965523f847..bad268897b 100644 --- a/apps/calendar/templates/part.choosecalendar.rowfields.php +++ b/apps/calendar/templates/part.choosecalendar.rowfields.php @@ -1,6 +1,6 @@ '; -echo ''; +echo ''; echo ''; echo ''; echo ''; diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.shared.php b/apps/calendar/templates/part.choosecalendar.rowfields.shared.php index a23266da0c..6a212858a2 100644 --- a/apps/calendar/templates/part.choosecalendar.rowfields.shared.php +++ b/apps/calendar/templates/part.choosecalendar.rowfields.shared.php @@ -1,4 +1,4 @@ '; -echo ''; +echo ''; echo '' . $l->t('shared with you by') . ' ' . $_['share']['owner'] . ''; \ No newline at end of file From 5d425a9f799bf385d686d4f08f571509123899f6 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Thu, 31 May 2012 20:16:44 +0200 Subject: [PATCH 030/625] use our own serverHost call so that ownCloud works with reverse proxy servers --- apps/files_sharing/ajax/email.php | 6 +++--- apps/user_openid/phpmyid.php | 2 +- apps/user_openid/user_openid.php | 4 ++-- core/lostpassword/index.php | 2 +- lib/base.php | 8 +++++--- lib/ocs.php | 4 ++-- ocs/providers.php | 2 +- 7 files changed, 15 insertions(+), 13 deletions(-) diff --git a/apps/files_sharing/ajax/email.php b/apps/files_sharing/ajax/email.php index 163683cd0e..bdfa369418 100644 --- a/apps/files_sharing/ajax/email.php +++ b/apps/files_sharing/ajax/email.php @@ -7,7 +7,7 @@ $type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file'; $subject = $user.' shared a '.$type.' with you'; $link = $_POST['link']; $text = $user.' shared the '.$type.' '.$_POST['file'].' with you. It is available for download here: '.$link; -$fromaddress = OCP\Config::getUserValue($user, 'settings', 'email', 'sharing-noreply@'.$_SERVER['HTTP_HOST']); -OC_Mail::send($_POST['toaddress'], $_POST['toaddress'], $subject, $text, $fromaddress, $user); +$fromaddress = OCP\Config::getUserValue($user, 'settings', 'email', 'sharing-noreply@'.OCP\Util::getServerHost()); +OCP\Util::sendMail($_POST['toaddress'], $_POST['toaddress'], $subject, $text, $fromaddress, $user); -?> \ No newline at end of file +?> diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php index 137daa485a..5aaab64285 100644 --- a/apps/user_openid/phpmyid.php +++ b/apps/user_openid/phpmyid.php @@ -1624,7 +1624,7 @@ if (! array_key_exists('idp_url', $profile)) //Determine the requested URL - DO NOT OVERRIDE $profile['req_url'] = sprintf("%s://%s%s", $proto, - $_SERVER['HTTP_HOST'], + OCP\Util::getServerHost(), // $port,//host already includes the path $_SERVER["REQUEST_URI"]); diff --git a/apps/user_openid/user_openid.php b/apps/user_openid/user_openid.php index 8deb42f68c..3267db3fa0 100644 --- a/apps/user_openid/user_openid.php +++ b/apps/user_openid/user_openid.php @@ -39,9 +39,9 @@ class OC_USER_OPENID extends OC_User_Backend { // Get identity from user and redirect browser to OpenID Server $openid = new SimpleOpenID; $openid->SetIdentity($uid); - $openid->SetTrustRoot('http://' . $_SERVER["HTTP_HOST"]); + $openid->SetTrustRoot('http://' . OCP\Util::getServerHost()); if ($openid->GetOpenIDServer()){ - $openid->SetApprovedURL('http://' . $_SERVER["HTTP_HOST"] . OC::$WEBROOT); // Send Response from OpenID server to this script + $openid->SetApprovedURL('http://' . OCP\Util::getServerHost() . OC::$WEBROOT); // Send Response from OpenID server to this script $openid->Redirect(); // This will redirect user to OpenID Server exit; }else{ diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php index 2b87a1eb11..db9f842380 100644 --- a/core/lostpassword/index.php +++ b/core/lostpassword/index.php @@ -22,7 +22,7 @@ if (isset($_POST['user'])) { $tmpl->assign('link', $link); $msg = $tmpl->fetchPage(); $l = OC_L10N::get('core'); - $from = 'lostpassword-noreply@' . $_SERVER['HTTP_HOST']; + $from = 'lostpassword-noreply@' . OC_Helper::serverHost(); $r=mail($email, $l->t('Owncloud password reset'), $msg, 'From:' . $from); OC_MAIL::send($email,$_POST['user'],$l->t('ownCloud password reset'),$msg,$from,'ownCloud'); echo('sent'); diff --git a/lib/base.php b/lib/base.php index 30d302b391..b2ec38ffdb 100644 --- a/lib/base.php +++ b/lib/base.php @@ -211,9 +211,11 @@ class OC{ if( OC_Config::getValue( "forcessl", false )){ ini_set("session.cookie_secure", "on"); if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { - $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - header("Location: $url"); - exit(); + if(!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) or $_SERVER['HTTP_X_FORWARDED_PROTO']=='http') { + $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + header("Location: $url"); + exit(); + } } } } diff --git a/lib/ocs.php b/lib/ocs.php index 536ee754e8..aba29275a9 100644 --- a/lib/ocs.php +++ b/lib/ocs.php @@ -357,11 +357,11 @@ class OC_OCS { */ private static function apiConfig($format) { $user=OC_OCS::checkpassword(false); - $url=substr($_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'],0,-11).''; + $url=substr(OC_Helper::serverHost().$_SERVER['SCRIPT_NAME'],0,-11).''; $xml['version']='1.5'; $xml['website']='ownCloud'; - $xml['host']=$_SERVER['HTTP_HOST']; + $xml['host']=OC_Helper::serverHost(); $xml['contact']=''; $xml['ssl']='false'; echo(OC_OCS::generatexml($format,'ok',100,'',$xml,'config','',1)); diff --git a/ocs/providers.php b/ocs/providers.php index e1d6ef7ee1..0dad624058 100644 --- a/ocs/providers.php +++ b/ocs/providers.php @@ -23,7 +23,7 @@ require_once('../lib/base.php'); -$url='http://'.substr($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],0,-17).'ocs/v1.php/'; +$url='http://'.substr(OC_Helper::serverHost().$_SERVER['REQUEST_URI'],0,-17).'ocs/v1.php/'; echo(' From d56966f14fc80a477371e7eaaf690881e13be5b7 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Thu, 31 May 2012 20:45:39 +0200 Subject: [PATCH 031/625] someone broke this completely. Hope it works again. Please check your apache error log and turn php notices on if you work on ajax call --- apps/files_versions/versions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/files_versions/versions.php b/apps/files_versions/versions.php index 8a88808f54..3decffe949 100644 --- a/apps/files_versions/versions.php +++ b/apps/files_versions/versions.php @@ -96,7 +96,7 @@ class Storage { } // check filesize - if(filesize($filesfoldername.$filename)>\OCP\Config::getSystemValue('files_versionsmaxfilesize', Storage::DEFAULTMAXFILESIZE)){ + if(filesize($filesfoldername.'/'.$filename)>\OCP\Config::getSystemValue('files_versionsmaxfilesize', Storage::DEFAULTMAXFILESIZE)){ return false; } @@ -117,7 +117,7 @@ class Storage { @mkdir($versionsfoldername.$info['dirname'],0700,true); // store a new version of a file - copy($filesfoldername.$filename,$versionsfoldername.$filename.'.v'.time()); + copy($filesfoldername.'/'.$filename,$versionsfoldername.$filename.'.v'.time()); // expire old revisions Storage::expire($filename); From c3ccdbaa791ed20ed0c21718b11ffe110a0a1e6e Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Thu, 31 May 2012 21:14:46 +0200 Subject: [PATCH 032/625] more fixes --- apps/files_versions/versions.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/apps/files_versions/versions.php b/apps/files_versions/versions.php index 3decffe949..c8fc26dfb9 100644 --- a/apps/files_versions/versions.php +++ b/apps/files_versions/versions.php @@ -81,7 +81,7 @@ class Storage { Storage::init(); // check if filename is a directory - if(is_dir($filesfoldername.$filename)){ + if(is_dir($filesfoldername.'/'.$filename)){ return false; } @@ -103,7 +103,7 @@ class Storage { // check mininterval if the file is being modified by the owner (all shared files should be versioned despite mininterval) if ($uid == \OCP\User::getUser()) { - $matches=glob($versionsfoldername.$filename.'.v*'); + $matches=glob($versionsfoldername.'/'.$filename.'.v*'); sort($matches); $parts=explode('.v',end($matches)); if((end($parts)+Storage::DEFAULTMININTERVAL)>time()){ @@ -114,10 +114,10 @@ class Storage { // create all parent folders $info=pathinfo($filename); - @mkdir($versionsfoldername.$info['dirname'],0700,true); + @mkdir($versionsfoldername.'/'.$info['dirname'],0700,true); // store a new version of a file - copy($filesfoldername.'/'.$filename,$versionsfoldername.$filename.'.v'.time()); + copy($filesfoldername.'/'.$filename,$versionsfoldername.'/'.$filename.'.v'.time()); // expire old revisions Storage::expire($filename); @@ -143,7 +143,7 @@ class Storage { $filesfoldername=\OCP\Config::getSystemValue('datadirectory').'/'. $uid .'/files'; // rollback - if ( @copy($versionsfoldername.$filename.'.v'.$revision,$filesfoldername.$filename) ) { + if ( @copy($versionsfoldername.'/'.$filename.'.v'.$revision,$filesfoldername.'/'.$filename) ) { return true; @@ -172,7 +172,7 @@ class Storage { $versionsfoldername=\OCP\Config::getSystemValue('datadirectory').'/'. $uid .'/'.\OCP\Config::getSystemValue('files_versionsfolder', Storage::DEFAULTFOLDER); // check for old versions - $matches=glob($versionsfoldername.$filename.'.v*'); + $matches=glob($versionsfoldername.'/'.$filename.'.v*'); if(count($matches)>1){ return true; }else{ @@ -201,7 +201,7 @@ class Storage { $versions=array(); // fetch for old versions - $matches=glob($versionsfoldername.$filename.'.v*'); + $matches=glob($versionsfoldername.'/'.$filename.'.v*'); sort($matches); foreach($matches as $ma) { $parts=explode('.v',$ma); @@ -238,14 +238,14 @@ class Storage { $versionsfoldername=\OCP\Config::getSystemValue('datadirectory').'/'. $uid .'/'.\OCP\Config::getSystemValue('files_versionsfolder', Storage::DEFAULTFOLDER); // check for old versions - $matches=glob($versionsfoldername.$filename.'.v*'); + $matches=glob($versionsfoldername.'/'.$filename.'.v*'); if(count($matches)>\OCP\Config::getSystemValue('files_versionmaxversions', Storage::DEFAULTMAXVERSIONS)){ $numbertodelete=count($matches-\OCP\Config::getSystemValue('files_versionmaxversions', Storage::DEFAULTMAXVERSIONS)); // delete old versions of a file $deleteitems=array_slice($matches,0,$numbertodelete); foreach($deleteitems as $de){ - unlink($versionsfoldername.$filename.'.v'.$de); + unlink($versionsfoldername.'/'.$filename.'.v'.$de); } } } From 3a6341c8804a6100d0274287ed53c9c0ef61981e Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Thu, 31 May 2012 21:27:46 +0200 Subject: [PATCH 033/625] fix oc-780 --- config/config.sample.php | 2 +- lib/mail.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/config.sample.php b/config/config.sample.php index e46c3cacd7..e86dc05cb0 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -22,7 +22,7 @@ $CONFIG = array( "appstoreurl" => "", "mail_smtpmode" => "sendmail", "mail_smtphost" => "127.0.0.1", -"mail_smtpauth" => "false", +"mail_smtpauth" => false, "mail_smtpname" => "", "mail_smtppassword" => "", "appcodechecker" => "", diff --git a/lib/mail.php b/lib/mail.php index 0045f8de6d..b46f73bd94 100644 --- a/lib/mail.php +++ b/lib/mail.php @@ -31,7 +31,7 @@ class OC_Mail { $SMTPMODE = OC_Config::getValue( 'mail_smtpmode', 'sendmail' ); $SMTPHOST = OC_Config::getValue( 'mail_smtphost', '127.0.0.1' ); - $SMTPAUTH = OC_Config::getValue( 'mail_smtpauth', 'false' ); + $SMTPAUTH = OC_Config::getValue( 'mail_smtpauth', false ); $SMTPUSERNAME = OC_Config::getValue( 'mail_smtpname', '' ); $SMTPPASSWORD = OC_Config::getValue( 'mail_smtppassword', '' ); From 670022cc8af93f685892d73ac53e8d62a6c6dbf5 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Thu, 31 May 2012 21:43:07 +0200 Subject: [PATCH 034/625] fix the breadcrumb --- apps/files/index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/files/index.php b/apps/files/index.php index a2fae12d94..60a3836cb5 100644 --- a/apps/files/index.php +++ b/apps/files/index.php @@ -74,11 +74,11 @@ foreach( explode( '/', $dir ) as $i ){ // make breadcrumb und filelist markup $list = new OCP\Template( 'files', 'part.list', '' ); $list->assign( 'files', $files ); -$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'?dir='); +$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); $list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file='); $breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' ); $breadcrumbNav->assign( 'breadcrumb', $breadcrumb ); -$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'?dir='); +$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir='); $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize')); $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size')); From 0d2d613f596ad8bbff36c851c9f0232cd17c2348 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 11:06:49 +0200 Subject: [PATCH 035/625] added a serverProtocol function that correctly returns the used protocol even if the ssl connection is terminated at a reverse_proxy or at a load balancer --- lib/base.php | 16 +++++++--------- lib/helper.php | 24 +++++++++++++++++++++--- lib/public/util.php | 12 ++++++++++++ 3 files changed, 40 insertions(+), 12 deletions(-) diff --git a/lib/base.php b/lib/base.php index b2ec38ffdb..96215410ad 100644 --- a/lib/base.php +++ b/lib/base.php @@ -210,12 +210,10 @@ class OC{ // redirect to https site if configured if( OC_Config::getValue( "forcessl", false )){ ini_set("session.cookie_secure", "on"); - if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { - if(!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) or $_SERVER['HTTP_X_FORWARDED_PROTO']=='http') { - $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - header("Location: $url"); - exit(); - } + if(OC_Helper::serverProtocol()<>'https') { + $url = "https://". OC_Helper::serverHost() . $_SERVER['REQUEST_URI']; + header("Location: $url"); + exit(); } } } @@ -373,10 +371,10 @@ class OC{ // CSRF protection if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer=''; - if(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']<>'') $protocol='https://'; else $protocol='http://'; - $server=$protocol.$_SERVER['SERVER_NAME']; + $protocol=OC_Helper::serverProtocol().'://'; + $server=$protocol.OC_Helper::serverHost(); if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) { - $url = $protocol.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php'; + $url = $protocol.OC_Helper::serverProtocol().OC::$WEBROOT.'/index.php'; header("Location: $url"); exit(); } diff --git a/lib/helper.php b/lib/helper.php index 6a2b3a6897..3de7b3fdc1 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -89,6 +89,26 @@ class OC_Helper { return $host; } + /** + * @brief Returns the server protocol + * @returns the server protocol + * + * Returns the server protocol. It respects reverse proxy servers and load balancers + */ + public static function serverProtocol() { + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']); + }else{ + if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) { + $proto = 'https'; + }else{ + $proto = 'http'; + } + } + return($proto); + } + + /** * @brief Creates an absolute url * @param $app app @@ -99,9 +119,7 @@ class OC_Helper { */ public static function linkToAbsolute( $app, $file ) { $urlLinkTo = self::linkTo( $app, $file ); - // Checking if the request was made through HTTPS. The last in line is for IIS - $protocol = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS']!='off'); - $urlLinkTo = ($protocol?'https':'http') . '://' . self::serverHost() . $urlLinkTo; + $urlLinkTo = OC_Helper::serverProtocol(). '://' . self::serverHost() . $urlLinkTo; return $urlLinkTo; } diff --git a/lib/public/util.php b/lib/public/util.php index 3d20c5a463..2abffba4c4 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -168,6 +168,18 @@ class Util { return(\OC_Helper::serverHost()); } + + /** + * @brief Returns the server protocol + * @returns the server protocol + * + * Returns the server protocol. It respects reverse proxy servers and load balancers + */ + public static function getServerProtocol() { + return(\OC_Helper::serverProtocol()); + } + + /** * @brief Creates path to an image * @param $app app From 8ed13e627eab45c895c0bfc6312d5297b3aebeac Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 11:08:40 +0200 Subject: [PATCH 036/625] =?UTF-8?q?don=C2=B4t=20do=20warnings.=20Not=20sur?= =?UTF-8?q?e=20if=20this=20start=5Fsession=20call=20is=20really=20needed?= =?UTF-8?q?=20here.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/files/ajax/timezone.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/files/ajax/timezone.php b/apps/files/ajax/timezone.php index 8e1d2aa1ec..268ae59483 100644 --- a/apps/files/ajax/timezone.php +++ b/apps/files/ajax/timezone.php @@ -1,6 +1,6 @@ From e44f9ab46e37ccfa5c21fd42b450d09fc0ffa1f4 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 11:47:14 +0200 Subject: [PATCH 037/625] correctly detect https --- apps/user_openid/templates/settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/user_openid/templates/settings.php b/apps/user_openid/templates/settings.php index 731a2c57e9..b2bbe5a46a 100644 --- a/apps/user_openid/templates/settings.php +++ b/apps/user_openid/templates/settings.php @@ -1,7 +1,7 @@

    OpenID -
    t('you can authenticate to other sites with this address');?>
    +
    t('you can authenticate to other sites with this address');?>
    From 1b34bda76b659a3105c58ba4d344cfbaceb24e58 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 12:16:04 +0200 Subject: [PATCH 038/625] fix oc-874 --- lib/vcategories.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vcategories.php b/lib/vcategories.php index d6351e2858..64c99b1bad 100644 --- a/lib/vcategories.php +++ b/lib/vcategories.php @@ -136,7 +136,7 @@ class OC_VCategories { if(!is_null($vobject)) { $this->loadFromVObject($vobject, $sync); } else { - OC_Log::write('core','OC_VCategories::rescan, unable to parse. ID: '.$value[0].', '.substr($value[1], 0, 50).'(...)', OC_Log::DEBUG); + OC_Log::write('core','OC_VCategories::rescan, unable to parse. ID: '.', '.substr($object, 0, 100).'(...)', OC_Log::DEBUG); } } $this->save(); From 0468f53f7311291ce78125d684184c1c7ae0756f Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 12:42:50 +0200 Subject: [PATCH 039/625] switch magic quotes off. they are evil and deprecated --- lib/base.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/base.php b/lib/base.php index 96215410ad..8647705de8 100644 --- a/lib/base.php +++ b/lib/base.php @@ -324,6 +324,11 @@ class OC{ date_default_timezone_set('UTC'); ini_set('arg_separator.output','&'); + // try to switch magic quotes off. + if(function_exists('set_magic_quotes_runtime')) { + @set_magic_quotes_runtime(false); + } + //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways From 86279bc192d72318540e312e637f9ecceb339a77 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 1 Jun 2012 13:49:11 +0200 Subject: [PATCH 040/625] LDAP group backend: If a group filter is not configured, do not do anything. Fixes oc-867 --- apps/user_ldap/group_ldap.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index b3ff6c5388..2c16bf312f 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -25,10 +25,15 @@ class OC_GROUP_LDAP extends OC_Group_Backend { // //group specific settings protected $ldapGroupFilter; protected $ldapGroupMemberAssocAttr; + protected $configured = false; public function __construct() { $this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)'); $this->ldapGroupMemberAssocAttr = OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'); + + if(empty($this->ldapGroupFilter) || empty($this->ldapGroupMemberAssocAttr)) { + $this->configured = false; + } } /** @@ -40,6 +45,9 @@ class OC_GROUP_LDAP extends OC_Group_Backend { * Checks whether the user is member of a group or not. */ public function inGroup($uid, $gid) { + if(!$this->configured) { + return false; + } $dn_user = OC_LDAP::username2dn($uid); $dn_group = OC_LDAP::groupname2dn($gid); // just in case @@ -79,6 +87,9 @@ class OC_GROUP_LDAP extends OC_Group_Backend { * if the user exists at all. */ public function getUserGroups($uid) { + if(!$this->configured) { + return array(); + } $userDN = OC_LDAP::username2dn($uid); if(!$userDN) { return array(); @@ -111,6 +122,10 @@ class OC_GROUP_LDAP extends OC_Group_Backend { * @returns array with user ids */ public function usersInGroup($gid) { + if(!$this->configured) { + return array(); + } + $groupDN = OC_LDAP::groupname2dn($gid); if(!$groupDN) { return array(); @@ -149,6 +164,10 @@ class OC_GROUP_LDAP extends OC_Group_Backend { * Returns a list with all groups */ public function getGroups() { + if(!$this->configured) { + return array(); + } + $ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn')); $groups = OC_LDAP::ownCloudGroupNames($ldap_groups); return $groups; From aa88ec81c792830d91771512d719dfc5f1a2893e Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 14:21:24 +0200 Subject: [PATCH 041/625] sort users and groups. fixes oc-779 --- lib/group.php | 2 ++ lib/user.php | 1 + 2 files changed, 3 insertions(+) diff --git a/lib/group.php b/lib/group.php index 1e0216a932..91772d510f 100644 --- a/lib/group.php +++ b/lib/group.php @@ -233,6 +233,7 @@ class OC_Group { $groups=array_merge($backend->getUserGroups($uid),$groups); } + asort($groups); return $groups; } @@ -250,6 +251,7 @@ class OC_Group { $groups=array_merge($backend->getGroups(),$groups); } + asort($groups); return $groups; } diff --git a/lib/user.php b/lib/user.php index 056d130754..a62b0f9683 100644 --- a/lib/user.php +++ b/lib/user.php @@ -336,6 +336,7 @@ class OC_User { } } } + asort($users); return $users; } From 34464b1f8b691a2b2cb9f2d2fb14731712d204b1 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 1 Jun 2012 16:02:04 +0200 Subject: [PATCH 042/625] LDAP group backend: Set configured true when it is... fixe oc-887 --- apps/user_ldap/group_ldap.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index 2c16bf312f..baca1d32ba 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -31,8 +31,8 @@ class OC_GROUP_LDAP extends OC_Group_Backend { $this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)'); $this->ldapGroupMemberAssocAttr = OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'); - if(empty($this->ldapGroupFilter) || empty($this->ldapGroupMemberAssocAttr)) { - $this->configured = false; + if(!empty($this->ldapGroupFilter) && !empty($this->ldapGroupMemberAssocAttr)) { + $this->configured = true; } } From aa9824d35b6e50a1deb4523b252733dad556a193 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 16:33:24 +0200 Subject: [PATCH 043/625] fix proper error reporting --- lib/setup.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/setup.php b/lib/setup.php index 8137eb720e..4c8c567048 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -94,6 +94,7 @@ class OC_Setup { 'error' => 'MySQL username and/or password not valid', 'hint' => 'You need to enter either an existing account or the administrator.' ); + return($error); } else { $oldUser=OC_Config::getValue('dbuser', false); From 60b8e172d5971004ff4180e4d0dd4ca21fe5de2b Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 16:49:14 +0200 Subject: [PATCH 044/625] prevent a division by zero problem --- settings/personal.php | 1 + 1 file changed, 1 insertion(+) diff --git a/settings/personal.php b/settings/personal.php index 41499657ac..64e08be89e 100644 --- a/settings/personal.php +++ b/settings/personal.php @@ -20,6 +20,7 @@ $rootInfo=OC_FileCache::get(''); $used=$rootInfo['size']; $free=OC_Filesystem::free_space(); $total=$free+$used; +if($total==0) $total=1; // prevent division by zero $relative=round(($used/$total)*10000)/100; $email=OC_Preferences::getValue(OC_User::getUser(), 'settings','email',''); From 3ef944521e22848066577f031bba886728557d3d Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 19:52:45 +0200 Subject: [PATCH 045/625] add check if apps folder is writable. needed to install 3rd party apps --- lib/util.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/util.php b/lib/util.php index e2ca9d0fc1..13ca23d065 100644 --- a/lib/util.php +++ b/lib/util.php @@ -12,8 +12,8 @@ class OC_Util { private static $fsSetup=false; // Can be set up - public static function setupFS( $user = "", $root = "files" ){// configure the initial filesystem based on the configuration - if(self::$fsSetup){//setting up the filesystem twice can only lead to trouble + public static function setupFS( $user = "", $root = "files" ){ // configure the initial filesystem based on the configuration + if(self::$fsSetup){ //setting up the filesystem twice can only lead to trouble return false; } @@ -27,6 +27,15 @@ class OC_Util { $tmpl->printPage(); exit; } + + // Check if apps folder is writable. + if(!is_writable(OC::$SERVERROOT."/apps/")) { + $tmpl = new OC_Template( '', 'error', 'guest' ); + $tmpl->assign('errors',array(1=>array('error'=>"Can't write into apps directory 'apps'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud"))); + $tmpl->printPage(); + exit; + } + // Create root dir. if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){ From 52b3305892ff2100431cdd898914284edc861fd3 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Fri, 1 Jun 2012 20:01:23 +0200 Subject: [PATCH 046/625] add a pdo check --- lib/util.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/util.php b/lib/util.php index 13ca23d065..8f91a9e830 100644 --- a/lib/util.php +++ b/lib/util.php @@ -265,6 +265,9 @@ class OC_Util { if(floatval(phpversion())<5.3){ $errors[]=array('error'=>'PHP 5.3 is required.
    ','hint'=>'Please ask your server administrator to update PHP to version 5.3 or higher. PHP 5.2 is no longer supported by ownCloud and the PHP community.'); } + if(!defined('PDO::ATTR_DRIVER_NAME')){ + $errors[]=array('error'=>'PHP PDO module is not installed.
    ','hint'=>'Please ask your server administrator to install the module.'); + } return $errors; } From 4db5481ad53d37c8b82aeac926a0278a0c5c9e69 Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Fri, 1 Jun 2012 14:38:25 -0400 Subject: [PATCH 047/625] Improve efficiency of retrieving log file entries --- lib/log/owncloud.php | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/lib/log/owncloud.php b/lib/log/owncloud.php index 0b7a231d30..5913d8b5b8 100644 --- a/lib/log/owncloud.php +++ b/lib/log/owncloud.php @@ -62,23 +62,26 @@ class OC_Log_Owncloud { public static function getEntries($limit=50, $offset=0){ self::init(); $minLevel=OC_Config::getValue( "loglevel", OC_Log::WARN ); - $entries=array(); - if(!file_exists(self::$logFile)) { - return array(); - } - $contents=file(self::$logFile); - if(!$contents) {//error while reading log - return array(); - } - $end=max(count($contents)-$offset-1, 0); - $start=max($end-$limit,0); - $i=$end; - while($i>$start){ - $entry=json_decode($contents[$i]); - if($entry->level>=$minLevel){ - $entries[]=$entry; + $entries = array(); + $handle = fopen(self::$logFile, 'r'); + if ($handle) { + // Just a guess to set the file pointer to the right spot + $maxLineLength = 150; + fseek($handle, -($limit * $maxLineLength + $offset * $maxLineLength), SEEK_END); + // Skip first line, because it is most likely a partial line + fgets($handle); + while (!feof($handle)) { + $line = fgets($handle); + if (!empty($line)) { + $entry = json_decode($line); + if ($entry->level >= $minLevel) { + $entries[] = $entry; + } + } } - $i--; + fclose($handle); + // Extract the needed entries and reverse the order + $entries = array_reverse(array_slice($entries, -($limit + $offset), $limit)); } return $entries; } From 0145c65bf3e90f17d0bda6d466922c6ef14c4918 Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Sat, 2 Jun 2012 20:06:52 -0400 Subject: [PATCH 048/625] Verify user exists when checking if logged in, fix for bug oc-863 --- lib/user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/user.php b/lib/user.php index a62b0f9683..99c6add9bb 100644 --- a/lib/user.php +++ b/lib/user.php @@ -240,7 +240,7 @@ class OC_User { * Checks if the user is logged in */ public static function isLoggedIn(){ - if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ){ + if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] AND self::userExists($_SESSION['user_id']) ){ return true; } else{ From 300f6894e0a7a77300c049dcbc574a5ea97f92aa Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Sun, 3 Jun 2012 21:06:07 +0200 Subject: [PATCH 049/625] 4.0.1 --- lib/util.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/util.php b/lib/util.php index 8f91a9e830..6707139957 100644 --- a/lib/util.php +++ b/lib/util.php @@ -83,7 +83,7 @@ class OC_Util { * @return array */ public static function getVersion(){ - return array(4,00,0); + return array(4,00,1); } /** @@ -91,7 +91,7 @@ class OC_Util { * @return string */ public static function getVersionString(){ - return '4.0.1 pre'; + return '4.0.1'; } /** From 64fe06710aba6a512e19a3a8a896278e503389b0 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Mon, 4 Jun 2012 12:49:33 +0200 Subject: [PATCH 050/625] add deprecated warning --- lib/public/app.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/public/app.php b/lib/public/app.php index 1a46180bb9..0df665f9bc 100644 --- a/lib/public/app.php +++ b/lib/public/app.php @@ -36,7 +36,8 @@ namespace OCP; class App { /** - * @brief makes owncloud aware of this app + * @brief Makes owncloud aware of this app + * @brief This call is deprecated and not necessary to use. * @param $data array with all information * @returns true/false * From b48228ae3d27b277003b7baee39ca7711d4a5f7f Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 4 Jun 2012 13:04:18 +0200 Subject: [PATCH 051/625] LDAP: link to documentation on settings page --- apps/user_ldap/templates/settings.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index 34c4f8f9d9..a0e5c15f3a 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -4,6 +4,7 @@
  • LDAP Basic
  • Advanced
  • +

    How to configure the LDAP backend

    @@ -26,7 +27,7 @@ bytes

    - + t('Help');?> From 74ac2ac63ac08d71178ac9184a07fa7ba41e04f7 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Mon, 4 Jun 2012 13:13:43 +0200 Subject: [PATCH 052/625] Contacts: When editing photo on a newly created contact the name in the contact list was cleared. --- apps/contacts/js/contacts.js | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/contacts/js/contacts.js b/apps/contacts/js/contacts.js index 34afdcc4e4..452ad2b361 100644 --- a/apps/contacts/js/contacts.js +++ b/apps/contacts/js/contacts.js @@ -162,6 +162,7 @@ Contacts={ var name = $('#fn').val().strip_tags(); var item = $('#contacts [data-id="'+Contacts.UI.Card.id+'"]'); $(item).find('a').html(name); + Contacts.UI.Card.fn = name; var added = false; $('#contacts li').each(function(){ if ($(this).text().toLowerCase() > name.toLowerCase()) { From 8983c6dd6b13c6de5859a29c1effb32ed3f5cb7f Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 4 Jun 2012 13:27:55 +0200 Subject: [PATCH 053/625] commited a bit too much before --- apps/user_ldap/templates/settings.php | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index a0e5c15f3a..3462f2473f 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -4,7 +4,6 @@
  • LDAP Basic
  • Advanced
  • -

    How to configure the LDAP backend

    From c8f670dfab1a3f34349f197b16d25f04d26dbb4f Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 4 Jun 2012 10:42:09 +0200 Subject: [PATCH 054/625] Don't allow user to delete, rename and re-share the "Shared" directory --- apps/files/js/fileactions.js | 6 ++++-- apps/files/js/files.js | 2 +- lib/files.php | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js index 68268a7d3a..085f53945a 100644 --- a/apps/files/js/fileactions.js +++ b/apps/files/js/fileactions.js @@ -51,7 +51,7 @@ FileActions={ var actions=this.get(mime,type); return actions[name]; }, - display:function(parent){ + display:function(parent, filename, type){ FileActions.currentFile=parent; $('#fileList span.fileactions, #fileList td.date a.action').remove(); var actions=FileActions.get(FileActions.getCurrentMimeType(),FileActions.getCurrentType()); @@ -62,6 +62,8 @@ FileActions={ parent.children('a.name').append(''); var defaultAction=FileActions.getDefault(FileActions.getCurrentMimeType(),FileActions.getCurrentType()); for(name in actions){ + // no rename and share action for the 'Shared' dir + if((name=='Rename' || name =='Share') && type=='dir' && filename=='Shared') { continue; } if((name=='Download' || actions[name]!=defaultAction) && name!='Delete'){ var img=FileActions.icons[name]; if(img.call){ @@ -84,7 +86,7 @@ FileActions={ parent.find('a.name>span.fileactions').append(element); } } - if(actions['Delete']){ + if(actions['Delete'] && (type!='dir' || filename != 'Shared')){ // no delete action for the 'Shared' dir var img=FileActions.icons['Delete']; if(img.call){ img=img(file); diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 35d80b3cff..40d5be2214 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -56,7 +56,7 @@ $(document).ready(function() { // Sets the file-action buttons behaviour : $('tr').live('mouseenter',function(event) { - FileActions.display($(this).children('td.filename')); + FileActions.display($(this).children('td.filename'), $(this).attr('data-file'), $(this).attr('data-type')); }); $('tr').live('mouseleave',function(event) { FileActions.hide(); diff --git a/lib/files.php b/lib/files.php index e0c78d22c2..77f6d7f3d6 100644 --- a/lib/files.php +++ b/lib/files.php @@ -224,7 +224,7 @@ class OC_Files { * @param file $name */ public static function delete($dir,$file){ - if(OC_User::isLoggedIn()){ + if(OC_User::isLoggedIn() && ($dir!= '' || $file != 'Shared')) { $file=$dir.'/'.$file; return OC_Filesystem::unlink($file); } From 7fbe306990ce8afd89d5ac7cc1a921c0adda887a Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 4 Jun 2012 11:04:05 +0200 Subject: [PATCH 055/625] no move (rename) operation for "Shared" directory --- lib/files.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/files.php b/lib/files.php index 77f6d7f3d6..bb128a8e44 100644 --- a/lib/files.php +++ b/lib/files.php @@ -170,7 +170,7 @@ class OC_Files { * @param file $target */ public static function move($sourceDir,$source,$targetDir,$target){ - if(OC_User::isLoggedIn()){ + if(OC_User::isLoggedIn() && ($sourceDir != '' || $source != 'Shared')){ $targetFile=self::normalizePath($targetDir.'/'.$target); $sourceFile=self::normalizePath($sourceDir.'/'.$source); return OC_Filesystem::rename($sourceFile,$targetFile); From ca64a4080f48c0656c0be7aadd6fe91d43e40f83 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 4 Jun 2012 18:03:16 +0200 Subject: [PATCH 056/625] don't allow user to delete Shared dir via webdav and sync client (bug #774) --- lib/connector/sabre/directory.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/connector/sabre/directory.php b/lib/connector/sabre/directory.php index 935d3b0abe..e74d832cb0 100644 --- a/lib/connector/sabre/directory.php +++ b/lib/connector/sabre/directory.php @@ -118,8 +118,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function delete() { - foreach($this->getChildren() as $child) $child->delete(); - OC_Filesystem::rmdir($this->path); + if ($this->path != "/Shared") { + foreach($this->getChildren() as $child) $child->delete(); + OC_Filesystem::rmdir($this->path); + } } From d5566d026745da8fbfc6648184b5b7890956faf9 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 4 Jun 2012 16:20:03 +0200 Subject: [PATCH 057/625] prevent xss attacks by manipulating text file names --- apps/files_texteditor/js/editor.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/files_texteditor/js/editor.js b/apps/files_texteditor/js/editor.js index 9d168c1c4f..70bb74a910 100644 --- a/apps/files_texteditor/js/editor.js +++ b/apps/files_texteditor/js/editor.js @@ -67,7 +67,7 @@ function setSyntaxMode(ext){ function showControls(filename,writeperms){ // Loads the control bar at the top. // Load the new toolbar. - var editorbarhtml = '