diff --git a/core/js/setup.js b/core/js/setup.js index b765d41ba35..94097785e42 100644 --- a/core/js/setup.js +++ b/core/js/setup.js @@ -7,7 +7,9 @@ $(document).ready(function() { $('#dbhost').hide(); $('#dbhostlabel').hide(); } - + $('#adminlogin').change(function(){ + $('#adminlogin').val($.trim($('#adminlogin').val())); + }); $('#sqlite').click(function() { $('#use_other_db').slideUp(250); $('#dbhost').hide(250); diff --git a/lib/filesystem.php b/lib/filesystem.php index 1205a6aa51b..627f494c937 100644 --- a/lib/filesystem.php +++ b/lib/filesystem.php @@ -199,11 +199,26 @@ class OC_Filesystem{ */ static public function getLocalFile($path){ $parent=substr($path,0,strrpos($path,'/')); - if(self::is_readable($parent) and $storage=self::getStorage($path)){ + if(self::isValidPath($parent) and $storage=self::getStorage($path)){ return $storage->getLocalFile(self::getInternalPath($path)); } } + /** + * check if the requested path is valid + * @param string path + * @return bool + */ + static public function isValidPath($path){ + if(substr($path,0,1)!=='/'){ + $path='/'.$path; + } + if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ + return false; + } + return true; + } + static public function mkdir($path){ return self::basicOperation('mkdir',$path,array('create','write')); } @@ -238,24 +253,10 @@ class OC_Filesystem{ return self::basicOperation('readfile',$path,array('read')); } static public function is_readable($path){ - if(substr($path,0,1)!=='/'){ - $path='/'.$path; - } - if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ - return false; - } - $storage=self::getStorage($path); - return $storage->is_readable(self::getInternalPath($path)); + return self::basicOperation('is_readable',$path); } static public function is_writeable($path){ - if(substr($path,0,1)!=='/'){ - $path='/'.$path; - } - if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ - return false; - } - $storage=self::getStorage($path); - return $storage->is_writeable(self::getInternalPath($path)); + return self::basicOperation('is_writeable',$path); } static public function file_exists($path){ if($path=='/'){ @@ -358,7 +359,7 @@ class OC_Filesystem{ return self::basicOperation('fopen',$path,$hooks,$mode); } static public function toTmpFile($path){ - if(OC_FileProxy::runPreProxies('toTmpFile',$path) and self::is_readable($path) and $storage=self::getStorage($path)){ + if(OC_FileProxy::runPreProxies('toTmpFile',$path) and self::isValidPath($path) and $storage=self::getStorage($path)){ OC_Hook::emit( 'OC_Filesystem', 'read', array( 'path' => $path)); return $storage->toTmpFile(self::getInternalPath($path)); } @@ -447,7 +448,7 @@ class OC_Filesystem{ * @return mixed */ private static function basicOperation($operation,$path,$hooks=array(),$extraParam=null){ - if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and self::is_readable($path) and $storage=self::getStorage($path)){ + if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and self::isValidPath($path) and $storage=self::getStorage($path)){ $interalPath=self::getInternalPath($path); $run=true; foreach($hooks as $hook){ diff --git a/lib/user.php b/lib/user.php index 241d9aa8b10..0a5881ec0f8 100644 --- a/lib/user.php +++ b/lib/user.php @@ -120,7 +120,7 @@ class OC_User { return false; } // No empty username - if( !$uid ){ + if(trim($uid) == ''){ return false; } // Check if user already exists diff --git a/settings/js/users.js b/settings/js/users.js index 4fea52e4a1f..79b4e80870a 100644 --- a/settings/js/users.js +++ b/settings/js/users.js @@ -126,7 +126,7 @@ $(document).ready(function(){ $('#newuser').submit(function(event){ event.preventDefault(); var username=$('#newusername').val(); - if(username == '') { + if($.trim(username) == '') { alert('Please provide a username!'); return false; }