diff --git a/files/upload.php b/files/upload.php old mode 100644 new mode 100755 index 1190b466eac..e84cf8303db --- a/files/upload.php +++ b/files/upload.php @@ -22,11 +22,9 @@ */ require_once('../inc/lib_base.php'); -// sleep(5); //immitate slow internet. - $fileName=$_FILES['file']['name']; $source=$_FILES['file']['tmp_name']; -$target=$_GET['dir'].'/'.$fileName; +$target=stripslashes($_GET['dir']).'/'.$fileName; if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($_GET['dir'],'..')===false){ if(OC_FILESYSTEM::fromTmpFile($source,$target)){ echo 'true'; diff --git a/inc/MDB2/Driver/sqlite.php b/inc/MDB2/Driver/sqlite.php index 63b66bf3fb9..abde86d596b 100644 --- a/inc/MDB2/Driver/sqlite.php +++ b/inc/MDB2/Driver/sqlite.php @@ -926,7 +926,7 @@ class MDB2_Result_sqlite extends MDB2_Result_Common if ($object_class == 'stdClass') { $row = (object) $row; } else { - $row = &new $object_class($row); + $row = new $object_class($row); } } ++$this->rownum; diff --git a/inc/User/database.php b/inc/User/database.php index 6b1310265da..9a39e191f61 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -112,11 +112,14 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * */ public static function logoutLisener() { + global $WEBROOT; if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { OC_LOG::event($_SESSION['username'], 2, ''); $_SESSION['user_id'] = false; $_SESSION['username'] = ''; $_SESSION['username_clean'] = ''; + + header("location: $WEBROOT"); } } diff --git a/inc/lib_base.php b/inc/lib_base.php index 3f7a98d7ac3..65664ae8614 100644 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -31,7 +31,6 @@ date_default_timezone_set('Europe/Berlin'); ini_set('arg_separator.output','&'); ini_set('session.cookie_httponly','1;'); session_start(); - // calculate the documentroot $SERVERROOT=substr(__FILE__,0,-17); $DOCUMENTROOT=realpath($_SERVER['DOCUMENT_ROOT']); @@ -119,6 +118,7 @@ class OC_UTIL { if(self::$fsSetup){//setting up the filesystem twice can only lead to trouble return false; } + global $SERVERROOT; global $CONFIG_DATADIRECTORY_ROOT; global $CONFIG_DATADIRECTORY; global $CONFIG_BACKUPDIRECTORY; @@ -172,7 +172,7 @@ class OC_UTIL { * @return array */ public static function getVersion(){ - return array(1,0,60); + return array(1,1,0); } /** diff --git a/inc/lib_filestorage.php b/inc/lib_filestorage.php index 7dbdfe2457e..b3dc17ac4c6 100644 --- a/inc/lib_filestorage.php +++ b/inc/lib_filestorage.php @@ -3,20 +3,20 @@ /** * ownCloud * -* @author Frank Karlitschek -* @copyright 2010 Frank Karlitschek karlitschek@kde.org -* +* @author Frank Karlitschek +* @copyright 2010 Frank Karlitschek karlitschek@kde.org +* * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either +* License as published by the Free Software Foundation; either * version 3 of the License, or any later version. -* +* * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Lesser General Public +* +* You should have received a copy of the GNU Lesser General Public * License along with this library. If not, see . */ @@ -44,7 +44,7 @@ class OC_FILESTORAGE{ } } } - + public function __construct($parameters){} public function mkdir($path){} public function rmdir($path){} @@ -202,11 +202,11 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ } return $return; } - + public function getMimeType($fspath){ if (@is_dir($this->datadir.$fspath)) { // directories are easy - return "httpd/unix-directory"; + return "httpd/unix-directory"; }elseif (function_exists('finfo_open') and function_exists('finfo_file') and $finfo=finfo_open(FILEINFO_MIME)){ $mimeType =strtolower(finfo_file($finfo,$this->datadir.$fspath)); $mimeType=substr($mimeType,0,strpos($mimeType,';')); @@ -216,15 +216,15 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ // use mime magic extension if available $mime_type = mime_content_type($this->datadir.$fspath); } else if (self::canExecute("file")) { - // it looks like we have a 'file' command, + // it looks like we have a 'file' command, // lets see it it does have mime support $fp = popen("file -i -b '{$this->datadir}$fspath' 2>/dev/null", "r"); $reply = fgets($fp); pclose($fp); - + //trim the character set from the end of the response $mime_type=substr($reply,0,strrpos($reply,' ')); - } + } if (empty($mime_type)) { // Fallback solution: try to guess the type by the file extension // TODO: add more ... @@ -290,53 +290,66 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ break; } } - + return $mime_type; } - + /** * detect if a given program is found in the search PATH * - * helper function used by _mimetype() to detect if the + * helper function used by _mimetype() to detect if the * external 'file' utility is available * * @param string program name * @param string optional search path, defaults to $PATH * @return bool true if executable program found in path */ - private function canExecute($name, $path = false) + private function canExecute($name, $path = false) { // path defaults to PATH from environment if not set if ($path === false) { $path = getenv("PATH"); } - + // check method depends on operating system if (!strncmp(PHP_OS, "WIN", 3)) { // on Windows an appropriate COM or EXE file needs to exist $exts = array(".exe", ".com"); $check_fn = "file_exists"; - } else { + } else { // anywhere else we look for an executable file of that name $exts = array(""); $check_fn = "is_executable"; } - - // now check the directories in the path for the program - foreach (explode(PATH_SEPARATOR, $path) as $dir) { - // skip invalid path entries - if (!file_exists($dir)) continue; - if (!is_dir($dir)) continue; - // and now look for the file - foreach ($exts as $ext) { - if ($check_fn("$dir/$name".$ext)) return true; - } - } + // Default check will be done with $path directories : + $dirs = explode(PATH_SEPARATOR, $path); + + // WARNING : We have to check if open_basedir is enabled : + $obd = ini_get('open_basedir'); + + if($obd != "none") + $obd_values = explode(PATH_SEPARATOR, $obd); + + if(count($obd_values) > 0) + { + // open_basedir is in effect ! + // We need to check if the program is in one of these dirs : + $dirs = $obd_values; + } + + foreach($dirs as $dir) + { + foreach($exts as $ext) + { + if($check_fn("$dir/$name".$ext)) + return true; + } + } return false; } - + public function toTmpFile($path){ $tmpFolder=sys_get_temp_dir(); $filename=tempnam($tmpFolder,'OC_TEMP_FILE_'.substr($path,strrpos($path,'.'))); @@ -347,7 +360,7 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ return false; } } - + public function fromTmpFile($tmpFile,$path){ if(rename($tmpFile,$this->datadir.$path)){ $this->notifyObservers($path,OC_FILEACTION_CREATE); @@ -356,21 +369,21 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ return false; } } - + public function delTree($dir) { $dirRelative=$dir; $dir=$this->datadir.$dir; - if (!file_exists($dir)) return true; - if (!is_dir($dir) || is_link($dir)) return unlink($dir); - foreach (scandir($dir) as $item) { - if ($item == '.' || $item == '..') continue; + if (!file_exists($dir)) return true; + if (!is_dir($dir) || is_link($dir)) return unlink($dir); + foreach (scandir($dir) as $item) { + if ($item == '.' || $item == '..') continue; if(is_file($dir.'/'.$item)){ if(unlink($dir.'/'.$item)){ $this->notifyObservers($dir.'/'.$item,OC_FILEACTION_DELETE); } }elseif(is_dir($dir.'/'.$item)){ - if (!$this->delTree($dirRelative. "/" . $item)){ - return false; + if (!$this->delTree($dirRelative. "/" . $item)){ + return false; }; } } @@ -379,7 +392,7 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ } return $return; } - + public function find($path){ $return=System::find($this->datadir.$path); foreach($return as &$file){ @@ -387,7 +400,7 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ } return $return; } - + public function getTree($dir) { if(substr($dir,-1,1)=='/'){ $dir=substr($dir,0,-1); @@ -396,9 +409,9 @@ class OC_FILESTORAGE_LOCAL extends OC_FILESTORAGE{ $tree[]=$dir; $dirRelative=$dir; $dir=$this->datadir.$dir; - if (!file_exists($dir)) return true; - foreach (scandir($dir) as $item) { - if ($item == '.' || $item == '..') continue; + if (!file_exists($dir)) return true; + foreach (scandir($dir) as $item) { + if ($item == '.' || $item == '..') continue; if(is_file($dir.'/'.$item)){ $tree[]=$dirRelative.'/'.$item; }elseif(is_dir($dir.'/'.$item)){ diff --git a/inc/templates/adminform.php b/inc/templates/adminform.php index 50ba2a3b64b..5a04c4902ac 100755 --- a/inc/templates/adminform.php +++ b/inc/templates/adminform.php @@ -88,7 +88,7 @@ echo('
') echo "$CONFIG_ERROR"; } if($FIRSTRUN){?> -Administartor User +Administrator User user name: password: retype password: diff --git a/js/filebrowser.js b/js/filebrowser.js index 1ad37ebcf3f..a12a7cd715c 100644 --- a/js/filebrowser.js +++ b/js/filebrowser.js @@ -310,7 +310,7 @@ OC_FILES.browser.show_callback=function(content){ OC_FILES.browser.files.show(null,content); } if(OC_FILES.uploadForm){ - OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+dir); + OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+encodeURIComponent(dir)); } } @@ -423,7 +423,7 @@ OC_FILES.browser.showuploader=function(dir,parent,max_upload){ var iframeId=OC_FILES.uploadIFrames.length OC_FILES.uploadForm=document.createElement('form'); OC_FILES.uploadForm.setAttribute('target','uploadIFrame'+iframeId); - OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+dir); + OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+encodeURIComponent(dir)); OC_FILES.uploadForm.method='post'; OC_FILES.uploadForm.setAttribute('enctype','multipart/form-data'); OC_FILES.uploadIFrames[iframeId]=document.createElement('iframe'); diff --git a/plugins/music/index.php b/plugins/music/index.php deleted file mode 100644 index 737b9ff79c6..00000000000 --- a/plugins/music/index.php +++ /dev/null @@ -1,37 +0,0 @@ -. -* -*/ - - -require_once('../../inc/lib_base.php'); - - -OC_UTIL::showheader(); - -echo('
'); -echo('nothing here yet :-)'); -echo('
'); - - -OC_UTIL::showfooter(); - -?> diff --git a/plugins/music/lib_music.php b/plugins/music/lib_music.php deleted file mode 100644 index e1262737f06..00000000000 --- a/plugins/music/lib_music.php +++ /dev/null @@ -1,29 +0,0 @@ -. -* -*/ - - -OC_UTIL::addnavigationentry('Music','/plugins/music'); - - - -?> diff --git a/plugins/music/plugin.xml b/plugins/music/plugin.xml deleted file mode 100644 index 2ef3c08343c..00000000000 --- a/plugins/music/plugin.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - music - Music player for ownCloud - 0.1 - AGPL - 2010 Frank Karlitschek karlitschek@kde.org - 1.1 - - - lib_music.php - - diff --git a/settings/index.php b/settings/index.php index ba11da08c0b..674e42b8d7c 100644 --- a/settings/index.php +++ b/settings/index.php @@ -33,8 +33,8 @@ $FIRSTRUN=false; OC_CONFIG::addForm('User Settings','/inc/templates/configform.php'); if(OC_USER::ingroup($_SESSION['username'],'admin')){ OC_CONFIG::addForm('System Settings','/inc/templates/adminform.php'); - OC_CONFIG::addForm('User Managment','/inc/templates/userform.php'); - OC_CONFIG::addForm('Plugin Managment','/inc/templates/pluginform.php'); + OC_CONFIG::addForm('User Management','/inc/templates/userform.php'); + OC_CONFIG::addForm('Plugin Management','/inc/templates/pluginform.php'); } echo('
');