From 754844f5c9884d1889ea29cdf5fd3ecc9ef6fb86 Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Thu, 26 Apr 2012 10:33:06 -0400 Subject: [PATCH 1/3] Add ability to send private links from sharing via email --- apps/files_sharing/ajax/email.php | 15 +++++++++++++++ apps/files_sharing/js/share.js | 21 +++++++++++++++++++-- 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 apps/files_sharing/ajax/email.php diff --git a/apps/files_sharing/ajax/email.php b/apps/files_sharing/ajax/email.php new file mode 100644 index 0000000000..d6d53c49bf --- /dev/null +++ b/apps/files_sharing/ajax/email.php @@ -0,0 +1,15 @@ + \ No newline at end of file diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js index 54d749d833..4125fd14d2 100644 --- a/apps/files_sharing/js/share.js +++ b/apps/files_sharing/js/share.js @@ -163,6 +163,9 @@ $(document).ready(function() { data: data, success: function(){ $('#link').hide('blind'); + $('#emailBreak').remove(); + $('#email').hide('blind'); + $('#emailButton').hide('blind'); } }); } @@ -172,6 +175,14 @@ $(document).ready(function() { $(this).focus(); $(this).select(); }); + + $('#emailButton').live('click', function() { + $('#email').css('font-weight', 'bold'); + $('#email').animate({ fontWeight: 'normal' }, 2000, function() { + $(this).val(''); + }).val('Email sent'); + $.post(OC.filePath('files_sharing','ajax','email.php'), 'toaddress='+$('#email').val()+'&link='+$('#link').val()); + }); }); function createDropdown(filename, files) { @@ -183,10 +194,12 @@ function createDropdown(filename, files) { html += ''; html += ''; html += '
'; - html += ''; + html += ''; //html += ''; html += '
'; html += ''; + html += ''; + html += ''; html += '
'; if (filename) { $('tr').filterAttr('data-file',filename).addClass('mouseOver'); @@ -241,5 +254,9 @@ function showPublicLink(token, file) { $('#makelink').attr('checked', true); $('#link').data('token', token); $('#link').val(parent.location.protocol+'//'+location.host+OC.linkTo('files_sharing','get.php')+'?token='+token+'&f='+file); - $('#link').show('blind'); + $('#link').show('blind', function() { + $('#link').after('
'); + $('#email').show('blind'); + $('#emailButton').show('blind'); + }); } From 127796218314c6b1f19ba86f74caa913375aac8d Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Thu, 26 Apr 2012 16:53:18 +0200 Subject: [PATCH 2/3] a lot of users have problems with big files. So add an explicit button to the documentation --- settings/templates/help.php | 1 + 1 file changed, 1 insertion(+) diff --git a/settings/templates/help.php b/settings/templates/help.php index df640d9746..f9eb861597 100644 --- a/settings/templates/help.php +++ b/settings/templates/help.php @@ -6,6 +6,7 @@
t( 'Documentation' ); ?> + t( 'Managing Big Files' ); ?> t( 'Ask a question' ); ?> Date: Thu, 26 Apr 2012 19:35:33 +0200 Subject: [PATCH 3/3] csrf protection --- core/lostpassword/index.php | 19 +++++++++++++------ core/lostpassword/templates/lostpassword.php | 1 + 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php index b6cdd601d6..2b87a1eb11 100644 --- a/core/lostpassword/index.php +++ b/core/lostpassword/index.php @@ -9,13 +9,14 @@ $RUNTIME_NOAPPS = TRUE; //no apps require_once('../../lib/base.php'); + // Someone lost their password: if (isset($_POST['user'])) { if (OC_User::userExists($_POST['user'])) { $token = sha1($_POST['user'].md5(uniqid(rand(), true))); OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token); $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); - if (!empty($email)) { + if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and ($_POST['sectoken']==$_SESSION['sectoken']) ) { $link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php').'?user='.$_POST['user'].'&token='.$token; $tmpl = new OC_Template('core/lostpassword', 'email'); $tmpl->assign('link', $link); @@ -23,14 +24,20 @@ if (isset($_POST['user'])) { $l = OC_L10N::get('core'); $from = 'lostpassword-noreply@' . $_SERVER['HTTP_HOST']; $r=mail($email, $l->t('Owncloud password reset'), $msg, 'From:' . $from); -//if($r==false) echo('error'); else echo('works!!!!!!!'); - OC_MAIL::send($email,$_POST['user'],$l->t('Owncloud password reset'),$msg,$from,'ownCloud'); + OC_MAIL::send($email,$_POST['user'],$l->t('ownCloud password reset'),$msg,$from,'ownCloud'); + echo('sent'); } - OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true)); + $sectoken=rand(1000000,9999999); + $_SESSION['sectoken']=$sectoken; + OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true, 'sectoken' => $sectoken)); } else { - OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false)); + $sectoken=rand(1000000,9999999); + $_SESSION['sectoken']=$sectoken; + OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false, 'sectoken' => $sectoken)); } } else { - OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false)); + $sectoken=rand(1000000,9999999); + $_SESSION['sectoken']=$sectoken; + OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false, 'sectoken' => $sectoken)); } diff --git a/core/lostpassword/templates/lostpassword.php b/core/lostpassword/templates/lostpassword.php index 4b871963b8..754eabdad6 100644 --- a/core/lostpassword/templates/lostpassword.php +++ b/core/lostpassword/templates/lostpassword.php @@ -10,6 +10,7 @@

+