From e3031ae28be12b377f6a570f8048512b744d5951 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Tue, 5 Jun 2012 12:52:23 +0200 Subject: [PATCH 1/4] more reliable host detection for reverse proxy servers --- lib/base.php | 12 +++++++----- lib/helper.php | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/base.php b/lib/base.php index bdfd05e8f1..b9c28119e3 100644 --- a/lib/base.php +++ b/lib/base.php @@ -367,16 +367,18 @@ class OC{ // CSRF protection if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer=''; - $protocol=OC_Helper::serverProtocol().'://'; + $refererhost=parse_url($referer); + if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost=''; + $server=OC_Helper::serverHost(); + $serverhost=parse_url($server); + if(isset($serverhost['host'])) $serverhost=$serverhost['host']; else $serverhost=''; if(!self::$CLI){ - $server=$protocol.OC_Helper::serverHost(); - if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) { - $url = $protocol.OC_Helper::serverProtocol().OC::$WEBROOT.'/index.php'; + if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) { + $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php'; header("Location: $url"); exit(); } } - self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); diff --git a/lib/helper.php b/lib/helper.php index aedac20405..decc1d6133 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -120,7 +120,7 @@ class OC_Helper { */ public static function linkToAbsolute( $app, $file ) { $urlLinkTo = self::linkTo( $app, $file ); - $urlLinkTo = OC_Helper::serverProtocol(). '://' . self::serverHost() . $urlLinkTo; + $urlLinkTo = self::serverProtocol(). '://' . self::serverHost() . $urlLinkTo; return $urlLinkTo; } From 7621559d00efa5d55ec6543e50a4b0ae39d8c7df Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Tue, 5 Jun 2012 14:02:00 +0200 Subject: [PATCH 2/4] make groups not static, fixes oc-919 --- lib/group/backend.php | 12 ++++++------ lib/group/database.php | 22 +++++++++++----------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/lib/group/backend.php b/lib/group/backend.php index 1b0b663f2e..24778afd1e 100644 --- a/lib/group/backend.php +++ b/lib/group/backend.php @@ -44,7 +44,7 @@ abstract class OC_Group_Backend { OC_GROUP_BACKEND_ADD_TO_GROUP => 'addToGroup', OC_GROUP_BACKEND_REMOVE_FROM_GOUP => 'removeFromGroup', ); - + /** * @brief Get all supported actions * @returns bitwise-or'ed actions @@ -62,7 +62,7 @@ abstract class OC_Group_Backend { return $actions; } - + /** * @brief Check if backend implements actions * @param $actions bitwise-or'ed actions @@ -83,7 +83,7 @@ abstract class OC_Group_Backend { * * Checks whether the user is member of a group or not. */ - public static function inGroup($uid, $gid){ + public function inGroup($uid, $gid){ return in_array($gid, $this->getUserGroups($uid)); } @@ -95,7 +95,7 @@ abstract class OC_Group_Backend { * This function fetches all groups a user belongs to. It does not check * if the user exists at all. */ - public static function getUserGroups($uid){ + public function getUserGroups($uid){ return array(); } @@ -105,7 +105,7 @@ abstract class OC_Group_Backend { * * Returns a list with all groups */ - public static function getGroups(){ + public function getGroups(){ return array(); } @@ -122,7 +122,7 @@ abstract class OC_Group_Backend { * @brief get a list of all users in a group * @returns array with user ids */ - public static function usersInGroup($gid){ + public function usersInGroup($gid){ return array(); } diff --git a/lib/group/database.php b/lib/group/database.php index af55de1f42..fb173665eb 100644 --- a/lib/group/database.php +++ b/lib/group/database.php @@ -41,7 +41,7 @@ * Class for group management in a SQL Database (e.g. MySQL, SQLite) */ class OC_Group_Database extends OC_Group_Backend { - static private $userGroupCache=array(); + private $userGroupCache=array(); /** * @brief Try to create a new group @@ -51,7 +51,7 @@ class OC_Group_Database extends OC_Group_Backend { * Trys to create a new group. If the group name already exists, false will * be returned. */ - public static function createGroup( $gid ){ + public function createGroup( $gid ){ // Check for existence $query = OC_DB::prepare( "SELECT gid FROM `*PREFIX*groups` WHERE gid = ?" ); $result = $query->execute( array( $gid )); @@ -76,7 +76,7 @@ class OC_Group_Database extends OC_Group_Backend { * * Deletes a group and removes it from the group_user-table */ - public static function deleteGroup( $gid ){ + public function deleteGroup( $gid ){ // Delete the group $query = OC_DB::prepare( "DELETE FROM `*PREFIX*groups` WHERE gid = ?" ); $result = $query->execute( array( $gid )); @@ -96,7 +96,7 @@ class OC_Group_Database extends OC_Group_Backend { * * Checks whether the user is member of a group or not. */ - public static function inGroup( $uid, $gid ){ + public function inGroup( $uid, $gid ){ // check $query = OC_DB::prepare( "SELECT uid FROM `*PREFIX*group_user` WHERE gid = ? AND uid = ?" ); $result = $query->execute( array( $gid, $uid )); @@ -112,9 +112,9 @@ class OC_Group_Database extends OC_Group_Backend { * * Adds a user to a group. */ - public static function addToGroup( $uid, $gid ){ + public function addToGroup( $uid, $gid ){ // No duplicate entries! - if( !self::inGroup( $uid, $gid )){ + if( !$this->inGroup( $uid, $gid )){ $query = OC_DB::prepare( "INSERT INTO `*PREFIX*group_user` ( `uid`, `gid` ) VALUES( ?, ? )" ); $result = $query->execute( array( $uid, $gid )); return true; @@ -131,7 +131,7 @@ class OC_Group_Database extends OC_Group_Backend { * * removes the user from a group. */ - public static function removeFromGroup( $uid, $gid ){ + public function removeFromGroup( $uid, $gid ){ $query = OC_DB::prepare( "DELETE FROM *PREFIX*group_user WHERE uid = ? AND gid = ?" ); $result = $query->execute( array( $uid, $gid )); @@ -146,7 +146,7 @@ class OC_Group_Database extends OC_Group_Backend { * This function fetches all groups a user belongs to. It does not check * if the user exists at all. */ - public static function getUserGroups( $uid ){ + public function getUserGroups( $uid ){ // No magic! $query = OC_DB::prepare( "SELECT gid FROM `*PREFIX*group_user` WHERE uid = ?" ); $result = $query->execute( array( $uid )); @@ -165,7 +165,7 @@ class OC_Group_Database extends OC_Group_Backend { * * Returns a list with all groups */ - public static function getGroups(){ + public function getGroups(){ $query = OC_DB::prepare( "SELECT gid FROM `*PREFIX*groups`" ); $result = $query->execute(); @@ -176,12 +176,12 @@ class OC_Group_Database extends OC_Group_Backend { return $groups; } - + /** * @brief get a list of all users in a group * @returns array with user ids */ - public static function usersInGroup($gid){ + public function usersInGroup($gid){ $query=OC_DB::prepare('SELECT uid FROM *PREFIX*group_user WHERE gid=?'); $users=array(); $result=$query->execute(array($gid)); From 6c4231b3d356241ca0e261ae03fcd54b33e656b5 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Tue, 5 Jun 2012 14:16:26 +0200 Subject: [PATCH 3/4] Per user quota didn't show in FF (and possibly IE) http://forum.owncloud.org/viewtopic.php?f=4&t=2716&p=5373#p5324. --- settings/css/settings.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings/css/settings.css b/settings/css/settings.css index 36d9b8d26f..b5a3c0f03b 100644 --- a/settings/css/settings.css +++ b/settings/css/settings.css @@ -34,7 +34,7 @@ li.selected { background-color:#ddd; } #content>table:not(.nostyle) { margin-top:3em; } table:not(.nostyle) { width:100%; } #rightcontent { padding-left: 1em; } -td.quota { position:relative } +td.quota { position:absolute; } div.quota { float:right; display:block; position:absolute; right:25em; top:0; } select.quota { position:absolute; left:0; top:0; width:10em; } input.quota-other { display:none; position:absolute; left:0.1em; top:0.1em; width:7em; border:none; -webkit-box-shadow: none -mox-box-shadow:none ; box-shadow:none; } From e747fd794ec90afe5808e8082298870f4ab53140 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Tue, 5 Jun 2012 15:26:31 +0200 Subject: [PATCH 4/4] fix login for hosts running on port 80 --- lib/base.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/base.php b/lib/base.php index b9c28119e3..641005c57c 100644 --- a/lib/base.php +++ b/lib/base.php @@ -370,8 +370,8 @@ class OC{ $refererhost=parse_url($referer); if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost=''; $server=OC_Helper::serverHost(); - $serverhost=parse_url($server); - if(isset($serverhost['host'])) $serverhost=$serverhost['host']; else $serverhost=''; + $serverhost=explode(':',$server); + $serverhost=$serverhost['0']; if(!self::$CLI){ if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) { $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';