From b14f2d0388601879b69a0d43a576b068ae412ea8 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Sun, 27 May 2012 12:31:51 +0200 Subject: [PATCH 1/7] update When --- 3rdparty/when/When.php | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/3rdparty/when/When.php b/3rdparty/when/When.php index d54f296ed6..5f97f0eb9b 100644 --- a/3rdparty/when/When.php +++ b/3rdparty/when/When.php @@ -586,7 +586,7 @@ class When } } } - elseif($this->gobyday && $interval == "month") + elseif($this->gobyday || $interval == "month") { $_mdays = range(1, date('t',mktime(0,0,0,$month,1,$year))); foreach($_mdays as $_mday) @@ -621,13 +621,7 @@ class When if($interval == "month") { - - $this->try_date->modify('first day of next month'); - if((int) date('t', $this->try_date->format('U')) > (int) $this->start_date->format('j')){ - $this->try_date->modify('+' . (int) $this->start_date->format('j') - 1 . ' day'); - }else{ - $this->try_date->modify('+' . (int) date('t', $this->try_date->format('U')) - 1 . ' day'); - } + $this->try_date->modify('last day of ' . $this->interval . ' ' . $interval); } else { From 5e7b318e42bf7928f19af2ce023472273bca7608 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Mon, 28 May 2012 10:49:27 +0200 Subject: [PATCH 2/7] add urlencode for caldav link --- apps/calendar/js/calendar.js | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js index e27fe49c54..b5411d3fd9 100644 --- a/apps/calendar/js/calendar.js +++ b/apps/calendar/js/calendar.js @@ -207,6 +207,7 @@ Calendar={ }, showCalDAVUrl:function(username, calname){ $('#caldav_url').val(totalurl + '/' + username + '/' + calname); + $('#caldav_url').val(encodeURI($('#caldav_url').val())); $('#caldav_url').show(); $("#caldav_url_close").show(); }, From df5bdc8e42a39ee8c74aac91ddbd03aef2731586 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Mon, 28 May 2012 12:58:51 +0200 Subject: [PATCH 3/7] Contacts: Double check XSS, and fix a rookie error ;-) --- apps/contacts/lib/vcard.php | 2 +- apps/contacts/templates/part.contacts.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/contacts/lib/vcard.php b/apps/contacts/lib/vcard.php index 2414efe676..a8ad695f62 100644 --- a/apps/contacts/lib/vcard.php +++ b/apps/contacts/lib/vcard.php @@ -227,7 +227,7 @@ class OC_Contacts_VCard{ $vcard->setString('FN', $fn); OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. Added missing \'FN\' field: '.$fn,OCP\Util::DEBUG); } - if(!$n || $n = ';;;;'){ // Fix missing 'N' field. Ugly hack ahead ;-) + if(!$n || $n == ';;;;'){ // Fix missing 'N' field. Ugly hack ahead ;-) $slice = array_reverse(array_slice(explode(' ', $fn), 0, 2)); // Take 2 first name parts of 'FN' and reverse. if(count($slice) < 2) { // If not enought, add one more... $slice[] = ""; diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php index 00a61f72fd..5751750540 100644 --- a/apps/contacts/templates/part.contacts.php +++ b/apps/contacts/templates/part.contacts.php @@ -8,5 +8,5 @@ } } ?> -
    • +
    • From c79a529edda3992bffc9e7dd1c7949f42c3b8f57 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Mon, 28 May 2012 13:57:45 +0200 Subject: [PATCH 4/7] remove not needed includes --- apps/files_sharing/ajax/getitem.php | 1 - apps/files_sharing/ajax/getstatuses.php | 3 +-- apps/files_sharing/ajax/setpermissions.php | 1 - apps/files_sharing/ajax/share.php | 1 - apps/files_sharing/ajax/unshare.php | 1 - apps/media/ajax/api.php | 4 +--- apps/media/index.php | 3 --- apps/user_ldap/appinfo/update.php | 5 +---- 8 files changed, 3 insertions(+), 16 deletions(-) diff --git a/apps/files_sharing/ajax/getitem.php b/apps/files_sharing/ajax/getitem.php index 36ac372cad..94f0890d70 100644 --- a/apps/files_sharing/ajax/getitem.php +++ b/apps/files_sharing/ajax/getitem.php @@ -1,5 +1,4 @@ $items)); -?> \ No newline at end of file +?> diff --git a/apps/files_sharing/ajax/setpermissions.php b/apps/files_sharing/ajax/setpermissions.php index 2f4c5da978..4d19cd40f2 100644 --- a/apps/files_sharing/ajax/setpermissions.php +++ b/apps/files_sharing/ajax/setpermissions.php @@ -1,5 +1,4 @@ \ No newline at end of file +?> diff --git a/apps/media/index.php b/apps/media/index.php index 906d7bacb6..fb51aa0b17 100644 --- a/apps/media/index.php +++ b/apps/media/index.php @@ -28,9 +28,6 @@ OCP\User::checkLoggedIn(); OCP\App::checkAppEnabled('media'); -require_once(OC::$APPSROOT . '/apps/media/lib_collection.php'); -require_once(OC::$APPSROOT . '/apps/media/lib_scanner.php'); - OCP\Util::addscript('media','player'); OCP\Util::addscript('media','music'); OCP\Util::addscript('media','playlist'); diff --git a/apps/user_ldap/appinfo/update.php b/apps/user_ldap/appinfo/update.php index b3f7a397db..dc437ce21c 100644 --- a/apps/user_ldap/appinfo/update.php +++ b/apps/user_ldap/appinfo/update.php @@ -16,9 +16,6 @@ $state = OCP\Config::getSystemValue('ldapIgnoreNamingRules', 'doCheck'); if($state == 'doCheck'){ $sqlCleanMap = 'DELETE FROM *PREFIX*ldap_user_mapping'; - require_once(OC::$APPSROOT.'/apps/user_ldap/lib_ldap.php'); - require_once(OC::$APPSROOT.'/apps/user_ldap/user_ldap.php'); - OCP\Config::setSystemValue('ldapIgnoreNamingRules', true); $LDAP_USER = new OC_USER_LDAP(); $users_old = $LDAP_USER->getUsers(); @@ -33,4 +30,4 @@ if($state == 'doCheck'){ //we don't need to check Groups, because they were not supported in 3' OCP\Config::setSystemValue('ldapIgnoreNamingRules', true); } -} \ No newline at end of file +} From 817f9ff57d127e4f3b4402c05a8628ff8ab6f513 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Mon, 28 May 2012 14:38:31 +0200 Subject: [PATCH 5/7] Contacts: Fix XSS. --- apps/contacts/js/contacts.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/contacts/js/contacts.js b/apps/contacts/js/contacts.js index 256b5ad6d0..34afdcc4e4 100644 --- a/apps/contacts/js/contacts.js +++ b/apps/contacts/js/contacts.js @@ -6,7 +6,7 @@ function ucwords (str) { String.prototype.strip_tags = function(){ tags = this; - stripped = tags.replace(/[\<\>]/gi, ""); + stripped = tags.replace(/<(.|\n)*?>/g, ''); return stripped; }; @@ -159,7 +159,7 @@ Contacts={ // Name has changed. Update it and reorder. $('#fn').change(function(){ - var name = $('#fn').val(); + var name = $('#fn').val().strip_tags(); var item = $('#contacts [data-id="'+Contacts.UI.Card.id+'"]'); $(item).find('a').html(name); var added = false; From 22cd0f1cda83b6ca76e717ff9f8e376a17430740 Mon Sep 17 00:00:00 2001 From: Brice Maron Date: Mon, 28 May 2012 20:41:39 +0000 Subject: [PATCH 6/7] Correct typo in last_insert_id for calendar and pg fix #oc-731 --- apps/calendar/lib/calendar.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/calendar/lib/calendar.php b/apps/calendar/lib/calendar.php index 1d00850804..869b35e2e1 100644 --- a/apps/calendar/lib/calendar.php +++ b/apps/calendar/lib/calendar.php @@ -109,7 +109,7 @@ class OC_Calendar_Calendar{ $stmt = OCP\DB::prepare( 'INSERT INTO *PREFIX*calendar_calendars (userid,displayname,uri,ctag,calendarorder,calendarcolor,timezone,components) VALUES(?,?,?,?,?,?,?,?)' ); $result = $stmt->execute(array($userid,$name,$uri,1,$order,$color,$timezone,$components)); - return OCP\DB::insertid('*PREFIX*calendar_calendar'); + return OCP\DB::insertid('*PREFIX*calendar_calendars'); } /** From 75afc09b9d0e2dd417ded4d9b84ca745042a0cf3 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Tue, 29 May 2012 13:12:37 +0200 Subject: [PATCH 7/7] fix status of timezone detection --- apps/calendar/ajax/settings/timezonedetection.php | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/apps/calendar/ajax/settings/timezonedetection.php b/apps/calendar/ajax/settings/timezonedetection.php index ba5f2af5fd..5f03f647b3 100644 --- a/apps/calendar/ajax/settings/timezonedetection.php +++ b/apps/calendar/ajax/settings/timezonedetection.php @@ -8,13 +8,9 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('calendar'); -if(array_key_exists('timezonedetection', $_POST)){ - if($_POST['timezonedetection'] == 'on'){ - OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'true'); - }else{ - OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'false'); - } - OCP\JSON::success(); +if(array_key_exists('timezonedetection', $_POST) && $_POST['timezonedetection'] == 'on'){ + OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'true'); }else{ - OCP\JSON::error(); -} \ No newline at end of file + OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'false'); +} +OCP\JSON::success(); \ No newline at end of file