From 534b6f3a098c8f2bb5993592e73f5af75c3c86bc Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Mon, 2 Jan 2012 11:49:53 +0100 Subject: [PATCH 1/3] Fix whitespace username --- lib/user.php | 2 +- settings/js/users.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/user.php b/lib/user.php index 241d9aa8b10..0a5881ec0f8 100644 --- a/lib/user.php +++ b/lib/user.php @@ -120,7 +120,7 @@ class OC_User { return false; } // No empty username - if( !$uid ){ + if(trim($uid) == ''){ return false; } // Check if user already exists diff --git a/settings/js/users.js b/settings/js/users.js index 4fea52e4a1f..79b4e80870a 100644 --- a/settings/js/users.js +++ b/settings/js/users.js @@ -126,7 +126,7 @@ $(document).ready(function(){ $('#newuser').submit(function(event){ event.preventDefault(); var username=$('#newusername').val(); - if(username == '') { + if($.trim(username) == '') { alert('Please provide a username!'); return false; } From a1af757ef6e99fc17d635ab05470671b41fc44db Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Mon, 2 Jan 2012 14:21:46 +0100 Subject: [PATCH 2/3] Fix whitespace username in the installation form --- core/js/setup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/core/js/setup.js b/core/js/setup.js index b765d41ba35..94097785e42 100644 --- a/core/js/setup.js +++ b/core/js/setup.js @@ -7,7 +7,9 @@ $(document).ready(function() { $('#dbhost').hide(); $('#dbhostlabel').hide(); } - + $('#adminlogin').change(function(){ + $('#adminlogin').val($.trim($('#adminlogin').val())); + }); $('#sqlite').click(function() { $('#use_other_db').slideUp(250); $('#dbhost').hide(250); From cc55f00481dd00c4db54714d79e1f13158a87850 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Mon, 2 Jan 2012 16:38:10 +0100 Subject: [PATCH 3/3] fix is_readable and is_writable --- lib/filesystem.php | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/lib/filesystem.php b/lib/filesystem.php index 1205a6aa51b..627f494c937 100644 --- a/lib/filesystem.php +++ b/lib/filesystem.php @@ -199,11 +199,26 @@ class OC_Filesystem{ */ static public function getLocalFile($path){ $parent=substr($path,0,strrpos($path,'/')); - if(self::is_readable($parent) and $storage=self::getStorage($path)){ + if(self::isValidPath($parent) and $storage=self::getStorage($path)){ return $storage->getLocalFile(self::getInternalPath($path)); } } + /** + * check if the requested path is valid + * @param string path + * @return bool + */ + static public function isValidPath($path){ + if(substr($path,0,1)!=='/'){ + $path='/'.$path; + } + if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ + return false; + } + return true; + } + static public function mkdir($path){ return self::basicOperation('mkdir',$path,array('create','write')); } @@ -238,24 +253,10 @@ class OC_Filesystem{ return self::basicOperation('readfile',$path,array('read')); } static public function is_readable($path){ - if(substr($path,0,1)!=='/'){ - $path='/'.$path; - } - if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ - return false; - } - $storage=self::getStorage($path); - return $storage->is_readable(self::getInternalPath($path)); + return self::basicOperation('is_readable',$path); } static public function is_writeable($path){ - if(substr($path,0,1)!=='/'){ - $path='/'.$path; - } - if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ - return false; - } - $storage=self::getStorage($path); - return $storage->is_writeable(self::getInternalPath($path)); + return self::basicOperation('is_writeable',$path); } static public function file_exists($path){ if($path=='/'){ @@ -358,7 +359,7 @@ class OC_Filesystem{ return self::basicOperation('fopen',$path,$hooks,$mode); } static public function toTmpFile($path){ - if(OC_FileProxy::runPreProxies('toTmpFile',$path) and self::is_readable($path) and $storage=self::getStorage($path)){ + if(OC_FileProxy::runPreProxies('toTmpFile',$path) and self::isValidPath($path) and $storage=self::getStorage($path)){ OC_Hook::emit( 'OC_Filesystem', 'read', array( 'path' => $path)); return $storage->toTmpFile(self::getInternalPath($path)); } @@ -447,7 +448,7 @@ class OC_Filesystem{ * @return mixed */ private static function basicOperation($operation,$path,$hooks=array(),$extraParam=null){ - if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and self::is_readable($path) and $storage=self::getStorage($path)){ + if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and self::isValidPath($path) and $storage=self::getStorage($path)){ $interalPath=self::getInternalPath($path); $run=true; foreach($hooks as $hook){