From a576150b64921f0f3d9d7d6700d0f26836f32b12 Mon Sep 17 00:00:00 2001 From: ente Date: Sat, 4 Dec 2010 17:36:52 +0100 Subject: [PATCH 01/12] replaced fileActions[this.mime] by fileActions[this.mime1 + this.mime2], since an object name cannot contain slashes. (correct me if I'm wrong) --- js/lib_files.js | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/js/lib_files.js b/js/lib_files.js index 8f7f9035585..177d8a51c06 100644 --- a/js/lib_files.js +++ b/js/lib_files.js @@ -355,10 +355,13 @@ OC_FILES.file=function(dir,file,type,mime){ } } } - if(OC_FILES.fileActions[this.mime]){ - for(index in OC_FILES.fileActions[this.mime]){ - if(OC_FILES.fileActions[this.mime][index].call){ - this.actions[index]=OC_FILES.fileActions[this.mime][index]; + // replaced fileActions[this.mime] by fileActions[this.mime1 + this.mime2] + // since an object name cannot contain slashes. + // (correct me if I'm wrong) + if(OC_FILES.fileActions[this.mime1 + this.mime2]){ + for(index in OC_FILES.fileActions[this.mime1 + this.mime2]){ + if(OC_FILES.fileActions[this.mime1 + this.mime2][index].call){ + this.actions[index]=OC_FILES.fileActions[this.mime1 + this.mime2][index]; } } } From fd0e0d675e981396c436c7b65a27dabacaac357e Mon Sep 17 00:00:00 2001 From: ente Date: Sat, 4 Dec 2010 17:37:34 +0100 Subject: [PATCH 02/12] Basic HTML5 audio player plugin --- plugins/audioplayer/README | 9 ++++ plugins/audioplayer/audioplayer.js | 57 +++++++++++++++++++++++++ plugins/audioplayer/lib_audioplayer.php | 5 +++ plugins/audioplayer/plugin.xml | 15 +++++++ plugins/audioplayer/style.css | 21 +++++++++ 5 files changed, 107 insertions(+) create mode 100644 plugins/audioplayer/README create mode 100644 plugins/audioplayer/audioplayer.js create mode 100644 plugins/audioplayer/lib_audioplayer.php create mode 100644 plugins/audioplayer/plugin.xml create mode 100644 plugins/audioplayer/style.css diff --git a/plugins/audioplayer/README b/plugins/audioplayer/README new file mode 100644 index 00000000000..5de1324d56a --- /dev/null +++ b/plugins/audioplayer/README @@ -0,0 +1,9 @@ +This plugin implements a very basic HTML5 audio preview for ownCloud. + +Only formats supported by the browser can be played. +Sadly, those are very limited and not coherent among browsers, see http://html5doctor.com/native-audio-in-the-browser/ for more info. + +Ideas to change that (TODO): +- Flashplayer fallback +and/or +- on-the-fly transcoding diff --git a/plugins/audioplayer/audioplayer.js b/plugins/audioplayer/audioplayer.js new file mode 100644 index 00000000000..82fe2966a3b --- /dev/null +++ b/plugins/audioplayer/audioplayer.js @@ -0,0 +1,57 @@ +OC_AudioPlayer = new Object(); + +OC_AudioPlayer.playAudio = function(dir, file, type) { + var path = WEBROOT + '/files/open_file.php?dir='+encodeURIComponent(dir)+'&file='+encodeURIComponent(file); + + OC_AudioPlayer.audioFrame = document.createElement('div'); + OC_AudioPlayer.audioFrame.setAttribute('id', 'audioframe'); + OC_AudioPlayer.audioFrame.setAttribute('class', 'center'); + var div = document.createElement('div'); + var inner = document.createElement('div'); + var audio = document.createElement('audio'); + var source = document.createElement('source'); + + if (!(!!(audio.canPlayType) && (audio.canPlayType(type) != "no") && (audio.canPlayType(type) != ""))) { + // use a flash player fallback + // or implement some nice on-the-fly recoding here + alert("Native playing of '"+type+"' format is not supported by your browser."); + return; + } + audio.setAttribute('controls', 'true'); + audio.setAttribute('preload', 'auto'); + audio.setAttribute('autoplay', 'true'); + audio.setAttribute('autobuffer', 'true'); + source.setAttribute('src', path); + source.setAttribute('type', type); + + audio.appendChild(source); + inner.appendChild(audio); + div.appendChild(inner); + OC_AudioPlayer.audioFrame.appendChild(div); + + OC_AudioPlayer.audioFrame.addEvent('onclick', OC_AudioPlayer.hidePlayer); + inner.addEvent('onclick', function(e){e.stopPropagation();}); // don't close if clicked on player + + body = document.getElementsByTagName('body').item(0); + body.appendChild(OC_AudioPlayer.audioFrame); +} + +OC_AudioPlayer.hidePlayer = function(){ + var div = document.getElementById('audioframe'); + div.parentNode.removeChild(div); +} + + +if(!OC_FILES.fileActions.audio){ + OC_FILES.fileActions.audio = new Object(); +} +if(!OC_FILES.fileActions.applicationogg){ + OC_FILES.fileActions.applicationogg = new Object(); +} + +OC_FILES.fileActions.audio.play = function() { + OC_AudioPlayer.playAudio(this.dir, this.file, this.mime); +} + +OC_FILES.fileActions.audio['default'] = OC_FILES.fileActions.audio.play; +OC_FILES.fileActions.applicationogg['default'] = OC_FILES.fileActions.audio.play; diff --git a/plugins/audioplayer/lib_audioplayer.php b/plugins/audioplayer/lib_audioplayer.php new file mode 100644 index 00000000000..206f76bb561 --- /dev/null +++ b/plugins/audioplayer/lib_audioplayer.php @@ -0,0 +1,5 @@ + diff --git a/plugins/audioplayer/plugin.xml b/plugins/audioplayer/plugin.xml new file mode 100644 index 00000000000..ea440eab800 --- /dev/null +++ b/plugins/audioplayer/plugin.xml @@ -0,0 +1,15 @@ + + + + musicplayer + A simple HTML5 based audio player for ownCloud + 0.1 + AGPL + ente + 1.1 + + + lib_audioplayer.php + + + diff --git a/plugins/audioplayer/style.css b/plugins/audioplayer/style.css new file mode 100644 index 00000000000..689a04940ed --- /dev/null +++ b/plugins/audioplayer/style.css @@ -0,0 +1,21 @@ +#audioframe{ + position:absolute; + top:0px; + left:0px; + height:100%; + width:100%; + background:rgb(20,20,20); + background:rgba(20,20,20,0.9); + text-align:center; + display:table; +} + +#audioframe>div{ + display:table-cell; + vertical-align:middle; +} + +#audioframe>div>div{ + display:inline-block; +} + From 087a72f0efea85fd0ec7efd1d42a4fda6497abca Mon Sep 17 00:00:00 2001 From: ente Date: Sun, 5 Dec 2010 12:18:40 +0100 Subject: [PATCH 03/12] - plugin id corrected - ogg files also get the play action added to their context menu --- plugins/audioplayer/audioplayer.js | 5 ++++- plugins/audioplayer/plugin.xml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/plugins/audioplayer/audioplayer.js b/plugins/audioplayer/audioplayer.js index 82fe2966a3b..c58058b5696 100644 --- a/plugins/audioplayer/audioplayer.js +++ b/plugins/audioplayer/audioplayer.js @@ -52,6 +52,9 @@ if(!OC_FILES.fileActions.applicationogg){ OC_FILES.fileActions.audio.play = function() { OC_AudioPlayer.playAudio(this.dir, this.file, this.mime); } +OC_FILES.fileActions.applicationogg.play = function() { + OC_AudioPlayer.playAudio(this.dir, this.file, this.mime); +} OC_FILES.fileActions.audio['default'] = OC_FILES.fileActions.audio.play; -OC_FILES.fileActions.applicationogg['default'] = OC_FILES.fileActions.audio.play; +OC_FILES.fileActions.applicationogg['default'] = OC_FILES.fileActions.applicationogg.play; diff --git a/plugins/audioplayer/plugin.xml b/plugins/audioplayer/plugin.xml index ea440eab800..ea58af245ec 100644 --- a/plugins/audioplayer/plugin.xml +++ b/plugins/audioplayer/plugin.xml @@ -1,7 +1,7 @@ - musicplayer + audioplayer A simple HTML5 based audio player for ownCloud 0.1 AGPL From db5cac3b3fa64af74353ae121e75d2182a211327 Mon Sep 17 00:00:00 2001 From: ente Date: Sun, 5 Dec 2010 17:45:17 +0100 Subject: [PATCH 04/12] reverted a576150b Seems we don't really need this, since calling e.g. fileActions['audio/x-wav'] is no problem. It should be also more clear to use and read than e.g. fileActions.audioxwav --- js/lib_files.js | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/js/lib_files.js b/js/lib_files.js index 177d8a51c06..8f7f9035585 100644 --- a/js/lib_files.js +++ b/js/lib_files.js @@ -355,13 +355,10 @@ OC_FILES.file=function(dir,file,type,mime){ } } } - // replaced fileActions[this.mime] by fileActions[this.mime1 + this.mime2] - // since an object name cannot contain slashes. - // (correct me if I'm wrong) - if(OC_FILES.fileActions[this.mime1 + this.mime2]){ - for(index in OC_FILES.fileActions[this.mime1 + this.mime2]){ - if(OC_FILES.fileActions[this.mime1 + this.mime2][index].call){ - this.actions[index]=OC_FILES.fileActions[this.mime1 + this.mime2][index]; + if(OC_FILES.fileActions[this.mime]){ + for(index in OC_FILES.fileActions[this.mime]){ + if(OC_FILES.fileActions[this.mime][index].call){ + this.actions[index]=OC_FILES.fileActions[this.mime][index]; } } } From 7e83db10d55334da9981d2fa2958d03902bf0b47 Mon Sep 17 00:00:00 2001 From: ente Date: Sun, 5 Dec 2010 17:51:10 +0100 Subject: [PATCH 05/12] Only register the "Play" action for audio types that the browser is able to play. Otherwise just leave the default action to "Download". --- plugins/audioplayer/audioplayer.js | 50 +++++++++++++++++------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/plugins/audioplayer/audioplayer.js b/plugins/audioplayer/audioplayer.js index c58058b5696..2cf4133d818 100644 --- a/plugins/audioplayer/audioplayer.js +++ b/plugins/audioplayer/audioplayer.js @@ -11,12 +11,12 @@ OC_AudioPlayer.playAudio = function(dir, file, type) { var audio = document.createElement('audio'); var source = document.createElement('source'); - if (!(!!(audio.canPlayType) && (audio.canPlayType(type) != "no") && (audio.canPlayType(type) != ""))) { - // use a flash player fallback - // or implement some nice on-the-fly recoding here - alert("Native playing of '"+type+"' format is not supported by your browser."); - return; - } +// if (!(!!(audio.canPlayType) && (audio.canPlayType(type) != "no") && (audio.canPlayType(type) != ""))) { +// // use a flash player fallback +// // or implement some nice on-the-fly recoding here +// alert("Native playing of '"+type+"' format is not supported by your browser."); +// return; +// } audio.setAttribute('controls', 'true'); audio.setAttribute('preload', 'auto'); audio.setAttribute('autoplay', 'true'); @@ -41,20 +41,26 @@ OC_AudioPlayer.hidePlayer = function(){ div.parentNode.removeChild(div); } - -if(!OC_FILES.fileActions.audio){ - OC_FILES.fileActions.audio = new Object(); -} -if(!OC_FILES.fileActions.applicationogg){ - OC_FILES.fileActions.applicationogg = new Object(); -} - -OC_FILES.fileActions.audio.play = function() { - OC_AudioPlayer.playAudio(this.dir, this.file, this.mime); -} -OC_FILES.fileActions.applicationogg.play = function() { - OC_AudioPlayer.playAudio(this.dir, this.file, this.mime); +// only register "play" option for file formats the browser claims to support +OC_AudioPlayer.formats = { + 'audio/mpeg':"mp3", + 'audio/ogg':"ogg", + 'application/ogg':"ogg", + 'audio/wav':"wav", + 'audio/wave':"wav", + 'audio/x-wav':"wav", + 'audio/basic':"au", + 'audio/x-aiff':"aif" +}; +var audio = document.createElement('audio'); +for(format in OC_AudioPlayer.formats) { + if (!!(audio.canPlayType) && (audio.canPlayType(format) != "no") && (audio.canPlayType(format) != "")) { + if(!OC_FILES.fileActions[format]) { + OC_FILES.fileActions[format] = new Object(); + } + OC_FILES.fileActions[format].play = function() { + OC_AudioPlayer.playAudio(this.dir, this.file, this.mime); + } + OC_FILES.fileActions[format]['default'] = OC_FILES.fileActions[format].play; + } } - -OC_FILES.fileActions.audio['default'] = OC_FILES.fileActions.audio.play; -OC_FILES.fileActions.applicationogg['default'] = OC_FILES.fileActions.applicationogg.play; From 336f21f0aa5d62ece5610528dc52e84f4f46f5f4 Mon Sep 17 00:00:00 2001 From: ente Date: Sun, 5 Dec 2010 18:30:13 +0100 Subject: [PATCH 06/12] Use correct attribute values for audio tag. --- plugins/audioplayer/audioplayer.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/audioplayer/audioplayer.js b/plugins/audioplayer/audioplayer.js index 2cf4133d818..07e9f5e23ee 100644 --- a/plugins/audioplayer/audioplayer.js +++ b/plugins/audioplayer/audioplayer.js @@ -1,7 +1,7 @@ OC_AudioPlayer = new Object(); OC_AudioPlayer.playAudio = function(dir, file, type) { - var path = WEBROOT + '/files/open_file.php?dir='+encodeURIComponent(dir)+'&file='+encodeURIComponent(file); + var path = WEBROOT + '/files/api?action=get&dir='+encodeURIComponent(dir)+'&file='+encodeURIComponent(file); OC_AudioPlayer.audioFrame = document.createElement('div'); OC_AudioPlayer.audioFrame.setAttribute('id', 'audioframe'); @@ -17,10 +17,10 @@ OC_AudioPlayer.playAudio = function(dir, file, type) { // alert("Native playing of '"+type+"' format is not supported by your browser."); // return; // } - audio.setAttribute('controls', 'true'); + audio.setAttribute('controls', 'controls'); audio.setAttribute('preload', 'auto'); - audio.setAttribute('autoplay', 'true'); - audio.setAttribute('autobuffer', 'true'); + audio.setAttribute('autoplay', 'autoplay'); + audio.setAttribute('autobuffer', 'autobuffer'); source.setAttribute('src', path); source.setAttribute('type', type); From 654387ff05e84c51a4c85854abe1843bb65ed412 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 12 Dec 2010 22:34:17 +0100 Subject: [PATCH 07/12] Show error when trying to create a file or folder that already exists fixes https://bugs.kde.org/show_bug.cgi?id=259616 --- js/lib_files.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/js/lib_files.js b/js/lib_files.js index 8f7f9035585..54af643272a 100644 --- a/js/lib_files.js +++ b/js/lib_files.js @@ -225,6 +225,10 @@ OC_FILES.newFile=function(type,name,dir){ arg=new Object; arg.name=name; arg.dir=dir; + if(OC_FILES.cache.files[name]){//check if the file already exists + alert(((type=='dir')?'folder ':'file ')+name+' already exists.'); + return; + } arg.type=type; OC_API.run('new',{dir:dir,name:name,type:type},OC_FILES.new_callback,arg) if(!OC_FILES.cache.incomplete[dir]){ From ba246b450f8cb6f666bd1fbf108242ab48307da8 Mon Sep 17 00:00:00 2001 From: Elias Probst Date: Sat, 1 Jan 2011 01:01:57 +0100 Subject: [PATCH 08/12] =?UTF-8?q?Fixed=20typo=20(Lisener=20=E2=86=92=20Lis?= =?UTF-8?q?tener)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inc/User/backend.php | 4 ++-- inc/User/database.php | 4 ++-- inc/lib_base.php | 4 ++-- inc/lib_config.php | 8 ++++---- inc/lib_user.php | 8 ++++---- inc/templates/header.php | 8 ++++---- plugins/ldap/lib_ldap.php | 4 ++-- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/inc/User/backend.php b/inc/User/backend.php index e71d155cea1..9d10adefd40 100755 --- a/inc/User/backend.php +++ b/inc/User/backend.php @@ -33,7 +33,7 @@ abstract class OC_USER_BACKEND { * Check if the login button is pressed and log the user in * */ - abstract public static function loginLisener(); + abstract public static function loginListener(); /** * Try to create a new user @@ -55,7 +55,7 @@ abstract class OC_USER_BACKEND { * Check if the logout button is pressed and logout the user * */ - abstract public static function logoutLisener(); + abstract public static function logoutListener(); /** * Check if some user is logged in diff --git a/inc/User/database.php b/inc/User/database.php index 9a39e191f61..bd33ba6b6e9 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -36,7 +36,7 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * Check if the login button is pressed and log the user in * */ - public static function loginLisener(){ + public static function loginListener(){ if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) { if ( OC_USER::login($_POST['login'], $_POST['password']) ) { echo 1; @@ -111,7 +111,7 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * Check if the logout button is pressed and logout the user * */ - public static function logoutLisener() { + public static function logoutListener() { global $WEBROOT; if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { OC_LOG::event($_SESSION['username'], 2, ''); diff --git a/inc/lib_base.php b/inc/lib_base.php index 65664ae8614..b8c639b2446 100644 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -102,8 +102,8 @@ OC_UTIL::setupFS(); OC_UTIL::checkserver(); // listen for login or logout actions -OC_USER::logoutlisener(); -$loginresult=OC_USER::loginlisener(); +OC_USER::logoutlistener(); +$loginresult=OC_USER::loginlistener(); /** * Class for utility functions diff --git a/inc/lib_config.php b/inc/lib_config.php index d5f0f2270fb..777673a8b31 100644 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -45,7 +45,7 @@ class OC_CONFIG{ } } - public static function createUserLisener(){ + public static function createUserListener(){ if(OC_USER::isLoggedIn()){ if(OC_USER::ingroup($_SESSION['username'],'admin')){ if(isset($_POST['new_username']) and isset($_POST['new_password'])){ @@ -63,7 +63,7 @@ class OC_CONFIG{ } } - public static function createGroupLisener(){ + public static function createGroupListener(){ if(OC_USER::isLoggedIn()){ if(isset($_POST['creategroup']) and $_POST['creategroup']==1){ if(OC_USER::creategroup($_POST['groupname'])){ @@ -84,7 +84,7 @@ class OC_CONFIG{ * lisen for configuration changes * */ - public static function configLisener(){ + public static function configListener(){ if(OC_USER::isLoggedIn()){ if(isset($_POST['config']) and $_POST['config']==1){ $error=''; @@ -142,7 +142,7 @@ class OC_CONFIG{ * lisen for admin configuration changes and write it to the file *4bd0be1185e76 */ - public static function writeAdminLisener(){ + public static function writeAdminListener(){ global $CONFIG_INSTALLED; $allow=false; if(!$CONFIG_INSTALLED){ diff --git a/inc/lib_user.php b/inc/lib_user.php index 8bde1d92075..5b48e0abf2f 100644 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -78,8 +78,8 @@ class OC_USER { * Check if the login button is pressed and log the user in * */ - public static function loginLisener() { - return self::$_backend->loginLisener(); + public static function loginListener() { + return self::$_backend->loginListener(); } /** @@ -106,8 +106,8 @@ class OC_USER { * Check if the logout button is pressed and logout the user * */ - public static function logoutLisener() { - return self::$_backend->logoutLisener(); + public static function logoutListener() { + return self::$_backend->logoutListener(); } /** diff --git a/inc/templates/header.php b/inc/templates/header.php index 9b67f34c884..4593af59518 100644 --- a/inc/templates/header.php +++ b/inc/templates/header.php @@ -51,14 +51,14 @@ if(!OC_UTIL::hasSmallScreen()){ // check if already configured. otherwise start configuration wizard - $error=OC_CONFIG::writeadminlisener(); - if($e=OC_CONFIG::configlisener()){ + $error=OC_CONFIG::writeadminlistener(); + if($e=OC_CONFIG::configlistener()){ $error.=$e; } - if($e=OC_CONFIG::createuserlisener()){ + if($e=OC_CONFIG::createuserlistener()){ $error.=$e; } - if($e=OC_CONFIG::creategrouplisener()){ + if($e=OC_CONFIG::creategrouplistener()){ $error.=$e; } $CONFIG_ERROR=$error; diff --git a/plugins/ldap/lib_ldap.php b/plugins/ldap/lib_ldap.php index 16bd3a52869..2bb557919a2 100755 --- a/plugins/ldap/lib_ldap.php +++ b/plugins/ldap/lib_ldap.php @@ -35,7 +35,7 @@ class OC_USER_LDAP extends OC_USER_BACKEND { * Check if the login button is pressed and log the user in * */ - public static function loginLisener() { + public static function loginListener() { return(''); } @@ -69,7 +69,7 @@ class OC_USER_LDAP extends OC_USER_BACKEND { * Check if the logout button is pressed and logout the user * */ - public static function logoutLisener() { + public static function logoutListener() { if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { header('WWW-Authenticate: Basic realm="ownCloud"'); header('HTTP/1.0 401 Unauthorized'); From 290b2d7355ed7075eb1e05f6d4b36d3ea1b9534b Mon Sep 17 00:00:00 2001 From: Elias Probst Date: Sat, 1 Jan 2011 01:08:40 +0100 Subject: [PATCH 09/12] =?UTF-8?q?Fix=20further=20typos=20in=20comments,=20?= =?UTF-8?q?too=20(lisen=20=E2=86=92=20listen).?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inc/lib_config.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/lib_config.php b/inc/lib_config.php index 777673a8b31..6863146cde9 100644 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -81,7 +81,7 @@ class OC_CONFIG{ /** - * lisen for configuration changes + * listen for configuration changes * */ public static function configListener(){ @@ -139,7 +139,7 @@ class OC_CONFIG{ } /** - * lisen for admin configuration changes and write it to the file + * listen for admin configuration changes and write it to the file *4bd0be1185e76 */ public static function writeAdminListener(){ From 61ce6e21ec751269501302b91d1d2e60b6cea2e9 Mon Sep 17 00:00:00 2001 From: Matthew Dawson Date: Mon, 3 Jan 2011 17:46:18 -0500 Subject: [PATCH 10/12] Fix a chroot issue where the path /.. (and related paths) are not caught and removed. Signed-off-by: Matthew Dawson --- inc/lib_filesystem.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/lib_filesystem.php b/inc/lib_filesystem.php index a64d2ba599b..accc133b7b6 100644 --- a/inc/lib_filesystem.php +++ b/inc/lib_filesystem.php @@ -111,7 +111,7 @@ class OC_FILESYSTEM{ if(substr($path,0,1)!=='/'){ $path='/'.$path; } - if(strstr($path,'/../')){ + if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ return false; } return true;//dummy untill premissions are correctly implemented, also the correcty value because for now users are locked in their seperate data dir and can read/write everything in there From 0f5923a15030c42156eddf05b161f92024c055ed Mon Sep 17 00:00:00 2001 From: Matthew Dawson Date: Mon, 3 Jan 2011 17:58:49 -0500 Subject: [PATCH 11/12] Add similar check to the canWrite function. Signed-off-by: Matthew Dawson --- inc/lib_filesystem.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/lib_filesystem.php b/inc/lib_filesystem.php index accc133b7b6..170d296bd23 100644 --- a/inc/lib_filesystem.php +++ b/inc/lib_filesystem.php @@ -125,7 +125,7 @@ class OC_FILESYSTEM{ if(substr($path,0,1)!=='/'){ $path='/'.$path; } - if(strstr($path,'/../')){ + if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ return false; } return true;//dummy untill premissions are correctly implemented, also the correcty value because for now users are locked in their seperate data dir and can read/write everything in there From 5c856e5741350e1130fc3026c59ab78109dd5b6a Mon Sep 17 00:00:00 2001 From: Matthew Dawson Date: Mon, 3 Jan 2011 18:11:16 -0500 Subject: [PATCH 12/12] Fix a warning when there is no included files in a plugin. Signed-off-by: Matthew Dawson --- inc/lib_plugin.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/inc/lib_plugin.php b/inc/lib_plugin.php index 76f94a1156d..eb7533c4479 100644 --- a/inc/lib_plugin.php +++ b/inc/lib_plugin.php @@ -59,8 +59,10 @@ class OC_PLUGIN{ } } - foreach($data['runtime'] as $include){ - include($SERVERROOT.'/plugins/'.$id.'/'.$include); + if(isset($data['runtime'])){ + foreach($data['runtime'] as $include){ + include($SERVERROOT.'/plugins/'.$id.'/'.$include); + } } } return false;