Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4

apps/calendar/ajax/event/edit.form.php

@@ -28,7 +28,7 @@ $dtstart = $vevent->DTSTART;
 $dtend = OC_Calendar_Object::getDTEndFromVEvent($vevent);
 switch($dtstart->getDateType()) {
 	case Sabre_VObject_Property_DateTime::UTC:
-		$timeOffset = OC_Calendar_App::$tz*60;
+		$timeOffset = $_SESSION['timezone']*60;
 		$newDT      = $dtstart->getDateTime(); 
 		$newDT->add(new DateInterval("PT" . $timeOffset . "M"));
 		$dtstart->setDateTime($newDT); 

apps/calendar/js/calendar.js

@@ -661,10 +661,12 @@ function ListView(element, calendar) {
 		if (delta) {
 			if (delta < 0){
 				addDays(t.start, -7);
+				addDays(t.end, -7);
 				if (!opt('weekends')) {
 					skipWeekend(t.start, delta < 0 ? -1 : 1);
 				}
 			}else{
+				addDays(t.start, 7);
 				addDays(t.end, 7);
 				if (!opt('weekends')) {
 					skipWeekend(t.end, delta < 0 ? -1 : 1);

apps/files_texteditor/css/style.css

@@ -1,22 +1,11 @@
 #editor{
 	position: fixed;
 	display: block;
-	top: 6.5em;
+	top: 6.8em;
 	left: 12.5em;
-}
-#editorwrapper{
-	position: absolute;
-	height: 0;
-	width: 0;
-	top: 41px;
-	left: 160px;
-	display: none;
+	z-index: 20;
 }
 #editor_save{
 	margin-left: 7px;
 	float: left;
 }
-#saving_icon{
-	margin-top: 3px;
-	float: left;
-}

apps/gallery/lib/managers.php

@@ -88,7 +88,10 @@ class ThumbnailsManager {
 	}
 	
 	public function delete($path) {
-		unlink(\OCP\Config::getSystemValue('datadirectory').'/'.\OC_User::getUser()."/gallery".$path);
+		$thumbnail = \OCP\Config::getSystemValue('datadirectory').'/'.\OC_User::getUser()."/gallery".$path;
+		if (file_exists($thumbnail)) {
+			unlink($thumbnail);
+		}
 	}
 	
 	private function __construct() {}

apps/gallery/lib/tiles.php

@@ -141,7 +141,7 @@ class TileStack extends TileBase {
 	}
 
 	public function get() {
-		$r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
+		$r = '<div class="title gallery_div">'. \OCP\Util::sanitizeHTML($this->stack_name).'</div>';
 		for ($i = 0; $i < count($this->tiles_array); $i++) {
 			$top = rand(-5, 5);
 			$left = rand(-5, 5);

apps/gallery/templates/index.php

@@ -14,7 +14,7 @@ div.visible { opacity: 0.8;}
 </style>
 <script type="text/javascript">
 
-var root = "<?php echo htmlentities($root); ?>";
+var root = "<?php echo $root; ?>";
 
 function explode(element) {
 	$('div', element).each(function(index, elem) {
@@ -64,7 +64,7 @@ $(document).ready(function() {
 		for ($i = 0; $i < count($paths); $i++) {
 			$path .= urlencode($paths[$i]).'/';
 			$classess = 'crumb'.($i == count($paths)-1?' last':'');
-			echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.$paths[$i].'</a></div>';
+			echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.\OCP\Util::sanitizeHTML($paths[$i]).'</a></div>';
 		}
 	}
 		

apps/media/lib_collection.php

@@ -104,7 +104,7 @@ class OC_MEDIA_COLLECTION{
 			return self::$albumIdCache[$artistId][$albumId][$name];
 		}else{
 			$uid=$_SESSION['user_id'];
-			$query=OCP\DB::prepare("SELECT song_id FROM *PREFIX*media_songs WHERE song_user=? AND song_name LIKE ? AND song_artist=? AND song_album=?");
+			$query=OCP\DB::prepare("SELECT song_id FROM *PREFIX*media_songs WHERE song_user=? AND lower(song_name) LIKE ? AND song_artist=? AND song_album=?");
 			$songs=$query->execute(array($uid,$name,$artistId,$albumId))->fetchAll();
 			if(is_array($songs) and isset($songs[0])){
 				self::$albumIdCache[$artistId][$albumId][$name]=$songs[0]['song_id'];
@@ -277,7 +277,7 @@ class OC_MEDIA_COLLECTION{
 				$query=self::$queries['addsong'];
 			}
 			$query->execute(array($name,$artist,$album,$path,$uid,$length,$track,$size));
-			$songId=OCP\DB::insertid('*PREFIX*media_songs');
+			$songId=OCP\DB::insertid('*PREFIX*media_songs_song');
 // 			self::setLastUpdated();
 			return self::getSongId($name,$artist,$album);
 		}

apps/user_ldap/lib_ldap.php

@@ -449,7 +449,7 @@ class OC_LDAP {
 		if(isset($result[$attr]) && $result[$attr]['count'] > 0){
 			$values = array();
 			for($i=0;$i<$result[$attr]['count'];$i++) {
-				$values[] = $result[$attr][$i];
+				$values[] = self::resemblesDN($attr) ? self::sanitizeDN($result[$attr][$i]) : $result[$attr][$i];
 			}
 			return $values;
 		}
@@ -521,7 +521,7 @@ class OC_LDAP {
 						$key = strtolower($key);
 						if(isset($item[$key])) {
 							if($key != 'dn'){
-								$selection[$i][$key] = $item[$key][0];
+								$selection[$i][$key] = self::resemblesDN($key) ? self::sanitizeDN($item[$key][0]) : $item[$key][0];
 							} else {
 								$selection[$i][$key] = self::sanitizeDN($item[$key]);
 							}
@@ -534,7 +534,7 @@ class OC_LDAP {
 					$key = strtolower($attr[0]);
 
 					if(isset($item[$key])) {
-						if($key == 'dn') {
+						if(self::resemblesDN($key)) {
 							$selection[] = self::sanitizeDN($item[$key]);
 						} else {
 							$selection[] = $item[$key];
@@ -549,6 +549,15 @@ class OC_LDAP {
 		return $findings;
 	}
 
+	static private function resemblesDN($attr) {
+		$resemblingAttributes = array(
+			'dn',
+			'uniquemember',
+			'member'
+		);
+		return in_array($attr, $resemblingAttributes);
+	}
+
 	static private function sanitizeDN($dn) {
 		//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
 		$dn = preg_replace('/([^\\\]),(\s+)/','\1,',$dn);

apps/user_ldap/user_ldap.php

@@ -124,9 +124,19 @@ class OC_USER_LDAP extends OC_User_Backend {
 	 * @return boolean
 	 */
 	public function userExists($uid){
-		return in_array($uid, $this->getUsers());
+		//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
+		$dn = OC_LDAP::username2dn($uid);
+		if(!$dn) {
+			return false;
+		}
+
+		//if user really still exists, we will be able to read his cn
+		$cn = OC_LDAP::readAttribute($dn, 'cn');
+		if(!$cn || empty($cn)) {
+			return false;
+		}
+
+		return true;
 	}
 
 }
-
-?>

lib/connector/sabre/auth.php

@@ -33,7 +33,7 @@ class OC_Connector_Sabre_Auth extends Sabre_DAV_Auth_Backend_AbstractBasic {
 	protected function validateUserPass($username, $password){
 		OC_Util::setUpFS();//login hooks may need early access to the filesystem
 		if(OC_User::login($username,$password)){
-			OC_Util::setUpFS();
+			OC_Util::setUpFS($username);
 			return true;
 		}
 		else{

lib/filecache.php

@@ -86,7 +86,7 @@ class OC_FileCache{
 		}
 		$path=$root.$path;
 		$parent=self::getParentId($path);
-		$id=self::getId($path,'');
+		$id=self::getFileId($path);
 		if(isset(OC_FileCache::$savedData[$path])){
 			$data=array_merge(OC_FileCache::$savedData[$path],$data);
 			unset(OC_FileCache::$savedData[$path]);
@@ -129,7 +129,12 @@ class OC_FileCache{
 		$queryParts=array();
 		foreach(array('size','mtime','ctime','mimetype','encrypted','versioned','writable') as $attribute){
 			if(isset($data[$attribute])){
-				$arguments[]=$data[$attribute];
+				//Convert to int it args are false
+				if($data[$attribute] === false){
+					$arguments[] = 0;
+				}else{
+					$arguments[] = $data[$attribute];
+				}
 				$queryParts[]=$attribute.'=?';
 			}
 		}
@@ -262,7 +267,7 @@ class OC_FileCache{
 		}
 		$path=$root.$path;
 		$parent=self::getFileId($path);
-		if($path==-1){
+		if($parent==-1){
 			return array();
 		}
     $query=OC_DB::prepare('SELECT name,ctime,mtime,mimetype,size,encrypted,versioned,writable FROM *PREFIX*fscache WHERE parent=? AND (mimetype LIKE ? OR mimetype = ?)');

lib/installer.php

@@ -287,22 +287,23 @@ class OC_Installer{
 	 * This function installs all apps found in the 'apps' directory that should be enabled by default;
 	 */
 	public static function installShippedApps(){
-		$dir = opendir( OC::$APPSROOT."/apps" );
-		while( false !== ( $filename = readdir( $dir ))){
-			if( substr( $filename, 0, 1 ) != '.' and is_dir(OC::$APPSROOT."/apps/$filename") ){
-				if( file_exists( OC::$APPSROOT."/apps/$filename/appinfo/app.php" )){
-					if(!OC_Installer::isInstalled($filename)){
-						$info=OC_App::getAppInfo($filename);
-						$enabled = isset($info['default_enable']);
-						if( $enabled ){
-							OC_Installer::installShippedApp($filename);
-							OC_Appconfig::setValue($filename,'enabled','yes');
+		if($dir = opendir( OC::$APPSROOT."/apps" )){
+			while( false !== ( $filename = readdir( $dir ))){
+				if( substr( $filename, 0, 1 ) != '.' and is_dir(OC::$APPSROOT."/apps/$filename") ){
+					if( file_exists( OC::$APPSROOT."/apps/$filename/appinfo/app.php" )){
+						if(!OC_Installer::isInstalled($filename)){
+							$info=OC_App::getAppInfo($filename);
+							$enabled = isset($info['default_enable']);
+							if( $enabled ){
+								OC_Installer::installShippedApp($filename);
+								OC_Appconfig::setValue($filename,'enabled','yes');
+							}
 						}
 					}
 				}
 			}
+			closedir( $dir );
 		}
-		closedir( $dir );
 	}
 
 	/**

lib/util.php

@@ -83,7 +83,7 @@ class OC_Util {
 	 * @return array
 	 */
 	public static function getVersion(){
-		return array(4,00,2);
+		return array(4,00,3);
 	}
 
 	/**
@@ -91,7 +91,7 @@ class OC_Util {
 	 * @return string
 	 */
 	public static function getVersionString(){
-		return '4.0.2';
+		return '4.0.3a';
 	}
 
         /**

settings/js/log.js

@@ -39,7 +39,7 @@ OC.Log={
 			row.append(appTd);
 			
 			var messageTd=$('<td/>');
-			messageTd.text(entry.message);
+			messageTd.html(entry.message);
 			row.append(messageTd);
 			
 			var timeTd=$('<td/>');

settings/templates/admin.php

@@ -42,7 +42,7 @@ if(!$_['htaccessworking']) {
 				<?php echo $entry->app;?>
 			</td>
 			<td>
-				<?php echo htmlentities($entry->message);?>
+				<?php echo $entry->message;?>
 			</td>
 			<td>
 				<?php echo OC_Util::formatDate($entry->time);?>