From 6c6b570ff15cfa9da6b1ab8b7e56ef0a82c96086 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Wed, 22 Feb 2012 18:04:21 +0000 Subject: [PATCH 01/22] avoid notice in error log from user_webfinger app --- apps/user_webfinger/host-meta.php | 2 +- apps/user_webfinger/webfinger.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/user_webfinger/host-meta.php b/apps/user_webfinger/host-meta.php index ceb15f22da4..dbb4377e8c7 100644 --- a/apps/user_webfinger/host-meta.php +++ b/apps/user_webfinger/host-meta.php @@ -10,7 +10,7 @@ echo "<"; ?xml version="1.0" encoding="UTF-8"?> - + diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php index d695a833f31..a9537182016 100644 --- a/apps/user_webfinger/webfinger.php +++ b/apps/user_webfinger/webfinger.php @@ -22,7 +22,7 @@ if($_GET['q']) { if(substr($userName, 0, 5) == 'acct:') { $userName = substr($userName, 5); } -if($_SERVER['HTTPS']) { +if(isset($_SERVER['HTTPS'])) { $baseAddress = 'https://'.$_SERVER['SERVER_NAME'].'/apps/remoteStorage/'; } else { $baseAddress = 'http://'.$_SERVER['SERVER_NAME'].'/apps/remoteStorage/'; From 9850820b4276b197433bb64d84ed085cdcd01e0e Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Wed, 22 Feb 2012 18:05:52 +0000 Subject: [PATCH 02/22] BearerAuth and multiple tokens support in remoteStorage app --- apps/remoteStorage/BearerAuth.php | 61 ++++++++++++++++++++++++ apps/remoteStorage/WebDAV.php | 1 + apps/remoteStorage/auth.php | 4 +- apps/remoteStorage/lib_remoteStorage.php | 32 +++++++------ apps/remoteStorage/oauth_ro_auth.php | 4 +- 5 files changed, 84 insertions(+), 18 deletions(-) create mode 100644 apps/remoteStorage/BearerAuth.php diff --git a/apps/remoteStorage/BearerAuth.php b/apps/remoteStorage/BearerAuth.php new file mode 100644 index 00000000000..ebcf189dfb9 --- /dev/null +++ b/apps/remoteStorage/BearerAuth.php @@ -0,0 +1,61 @@ +httpRequest->getRawServerValue('PHP_AUTH_USER')) && ($pass = $this->httpRequest->getRawServerValue('PHP_AUTH_PW'))) { + + return array($user,$pass); + + } + + // Most other webservers + $auth = $this->httpRequest->getHeader('Authorization'); + + if (!$auth) return false; + + if (strpos(strtolower($auth),'bearer')!==0) return false; + + return explode(':', base64_decode(substr($auth, 7))); + + } + + /** + * Returns an HTTP 401 header, forcing login + * + * This should be called when username and password are incorrect, or not supplied at all + * + * @return void + */ + public function requireLogin() { + + $this->httpResponse->setHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"'); + $this->httpResponse->sendStatus(401); + + } + +} diff --git a/apps/remoteStorage/WebDAV.php b/apps/remoteStorage/WebDAV.php index e048d19e8f2..06520b4021b 100644 --- a/apps/remoteStorage/WebDAV.php +++ b/apps/remoteStorage/WebDAV.php @@ -33,6 +33,7 @@ require_once('../../lib/base.php'); OC_Util::checkAppEnabled('remoteStorage'); require_once('Sabre/autoload.php'); require_once('lib_remoteStorage.php'); +require_once('BearerAuth.php'); require_once('oauth_ro_auth.php'); ini_set('default_charset', 'UTF-8'); diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index 85421ba3d88..75e0aac419d 100644 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -68,14 +68,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') { } else if($k=='redirect_uri'){ $appUrl=$v; } else if($k=='scope'){ - $category=$v; + $categories=$v; } } $currUser = OC_User::getUser(); if($currUser == $ownCloudUser) { if(isset($_POST['allow'])) { //TODO: check if this can be faked by editing the cookie in firebug! - $token=OC_remoteStorage::createCategory($appUrl, $category); + $token=OC_remoteStorage::createCategories($appUrl, $categories); header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer'); } else { echo '
'; diff --git a/apps/remoteStorage/lib_remoteStorage.php b/apps/remoteStorage/lib_remoteStorage.php index 4f19310904e..4f5c9664509 100644 --- a/apps/remoteStorage/lib_remoteStorage.php +++ b/apps/remoteStorage/lib_remoteStorage.php @@ -2,11 +2,13 @@ class OC_remoteStorage { public static function getValidTokens($ownCloudUser, $category) { - $query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND category=? LIMIT 100"); - $result=$query->execute(array($ownCloudUser,$category)); + $query=OC_DB::prepare("SELECT token,appUrl,category FROM *PREFIX*authtoken WHERE user=? LIMIT 100"); + $result=$query->execute(array($ownCloudUser)); $ret = array(); while($row=$result->fetchRow()){ - $ret[$row['token']]=true; + if(in_array($category, explode(',', $row['category']))) { + $ret[$row['token']]=true; + } } return $ret; } @@ -19,7 +21,7 @@ class OC_remoteStorage { while($row=$result->fetchRow()){ $ret[$row['token']] = array( 'appUrl' => $row['appurl'], - 'category' => $row['category'], + 'categories' => $row['category'], ); } return $ret; @@ -30,21 +32,23 @@ class OC_remoteStorage { $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?"); $result=$query->execute(array($token,$user)); } - private static function addToken($token, $appUrl, $category){ + private static function addToken($token, $appUrl, $categories){ $user=OC_User::getUser(); $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)"); - $result=$query->execute(array($token,$appUrl,$user,$category)); + $result=$query->execute(array($token,$appUrl,$user,$categories)); } - public static function createCategory($appUrl, $category) { + public static function createCategories($appUrl, $categories) { $token=uniqid(); - self::addToken($token, $appUrl, $category); - //TODO: input checking on $category OC_Util::setupFS(OC_User::getUser()); - $scopePathParts = array('remoteStorage', $category); - for($i=0;$i<=count($scopePathParts);$i++){ - $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i)); - if(!OC_Filesystem::file_exists($thisPath)) { - OC_Filesystem::mkdir($thisPath); + self::addToken($token, $appUrl, $categories); + foreach($categories as $category) { + //TODO: input checking on $category + $scopePathParts = array('remoteStorage', $category); + for($i=0;$i<=count($scopePathParts);$i++){ + $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i)); + if(!OC_Filesystem::file_exists($thisPath)) { + OC_Filesystem::mkdir($thisPath); + } } } return base64_encode('remoteStorage:'.$token); diff --git a/apps/remoteStorage/oauth_ro_auth.php b/apps/remoteStorage/oauth_ro_auth.php index 5403fbe20c9..d4a55061492 100644 --- a/apps/remoteStorage/oauth_ro_auth.php +++ b/apps/remoteStorage/oauth_ro_auth.php @@ -34,7 +34,7 @@ class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBa if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { OC_Util::setUpFS(); return true; - } else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) { + } else if(isset($this->validTokens[$password])) { OC_Util::setUpFS(); return true; } else { @@ -47,7 +47,7 @@ die('not getting in with "'.$username.'"/"'.$password.'"!'); //overwriting this to make it not automatically fail if no auth header is found: public function authenticate(Sabre_DAV_Server $server,$realm) { - $auth = new Sabre_HTTP_BasicAuth(); + $auth = new Sabre_HTTP_BearerAuth(); $auth->setHTTPRequest($server->httpRequest); $auth->setHTTPResponse($server->httpResponse); $auth->setRealm($realm); From 3f87c2cedb271d498f5e198ce90df4948bc032fa Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Wed, 22 Feb 2012 19:05:41 +0000 Subject: [PATCH 03/22] correct header Content-Type: application/xrd+xml --- apps/user_webfinger/host-meta.php | 2 +- apps/user_webfinger/webfinger.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/user_webfinger/host-meta.php b/apps/user_webfinger/host-meta.php index dbb4377e8c7..ac577cf9a0c 100644 --- a/apps/user_webfinger/host-meta.php +++ b/apps/user_webfinger/host-meta.php @@ -4,7 +4,7 @@ if($_SERVER['SCRIPT_NAME'] == '/.well-known/host-meta.php') { } else { header('Please-first: activate'); } -header("Content-Type: application/xml+xrd"); +header("Content-Type: application/xrd+xml"); echo "<"; ?> ?xml version="1.0" encoding="UTF-8"?> diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php index a9537182016..5c2a24aa070 100644 --- a/apps/user_webfinger/webfinger.php +++ b/apps/user_webfinger/webfinger.php @@ -4,7 +4,7 @@ if($_SERVER['SCRIPT_NAME'] == '/.well-known/webfinger.php') { } else { header('Please-first: activate'); } -// header("Content-Type: application/xml+xrd"); +header("Content-Type: application/xrd+xml"); // calculate the documentroot // modified version of the one in lib/base.php that takes the .well-known symlink into account From dda79a90cf50f98c1dc4c98401be8707b7103346 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sat, 25 Feb 2012 16:51:59 +0100 Subject: [PATCH 04/22] don't limit ourselfs to 32bit integers --- db_structure.xml | 12 ++++++------ lib/util.php | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/db_structure.xml b/db_structure.xml index 1d459b75fda..bdbb16759db 100644 --- a/db_structure.xml +++ b/db_structure.xml @@ -53,7 +53,7 @@ integer 0 true - 4 + 8 @@ -70,7 +70,7 @@ true - 4 + 8 @@ -96,7 +96,7 @@ integer true - 4 + 8 @@ -105,7 +105,7 @@ true - 4 + 8 @@ -114,7 +114,7 @@ true - 4 + 8 @@ -291,7 +291,7 @@ integer false - 4 + 8 diff --git a/lib/util.php b/lib/util.php index 05caeca0e3e..d1487931db8 100644 --- a/lib/util.php +++ b/lib/util.php @@ -62,7 +62,7 @@ class OC_Util { * @return array */ public static function getVersion(){ - return array(3,00,2); + return array(3,00,3); } /** From 4f627c428eb64fae307ea293e8093e345d742edc Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sat, 25 Feb 2012 20:27:16 +0100 Subject: [PATCH 05/22] some more error reporting during filesystem scan --- 3rdparty/MDB2/Driver/mysql.php | 2 +- lib/db.php | 25 ++++++++++++++++++++++--- lib/filecache.php | 24 +++++++++++++++++++----- 3 files changed, 42 insertions(+), 9 deletions(-) diff --git a/3rdparty/MDB2/Driver/mysql.php b/3rdparty/MDB2/Driver/mysql.php index b9b46c0d762..2cec1e9c033 100644 --- a/3rdparty/MDB2/Driver/mysql.php +++ b/3rdparty/MDB2/Driver/mysql.php @@ -794,7 +794,7 @@ class MDB2_Driver_mysql extends MDB2_Driver_Common ? 'mysql_query' : 'mysql_unbuffered_query'; $result = @$function($query, $connection); if (!$result) { - $err =& $this->raiseError(null, null, null, + $err =$this->raiseError(null, null, null, 'Could not execute statement', __FUNCTION__); return $err; } diff --git a/lib/db.php b/lib/db.php index 4c17cd0dbd1..02eac7cac9a 100644 --- a/lib/db.php +++ b/lib/db.php @@ -508,6 +508,21 @@ class OC_DB { self::$connection->commit(); self::$inTransaction=false; } + + /** + * check if a result is an error, works with MDB2 and PDOException + * @param mixed $result + * @return bool + */ + public static function isError($result){ + if(!$result){ + return true; + }elseif(self::$backend==self::BACKEND_MDB2 and PEAR::isError($result)){ + return true; + }else{ + return false; + } + } } /** @@ -527,11 +542,15 @@ class PDOStatementWrapper{ public function execute($input=array()){ $this->lastArguments=$input; if(count($input)>0){ - $this->statement->execute($input); + $result=$this->statement->execute($input); }else{ - $this->statement->execute(); + $result=$this->statement->execute(); + } + if($result){ + return $this; + }else{ + return false; } - return $this; } /** diff --git a/lib/filecache.php b/lib/filecache.php index faadddfb37e..cabad329b12 100644 --- a/lib/filecache.php +++ b/lib/filecache.php @@ -102,8 +102,10 @@ class OC_FileCache{ $mimePart=dirname($data['mimetype']); $user=OC_User::getUser(); $query=OC_DB::prepare('INSERT INTO *PREFIX*fscache(parent, name, path, size, mtime, ctime, mimetype, mimepart,user,writable) VALUES(?,?,?,?,?,?,?,?,?,?)'); - $query->execute(array($parent,basename($path),$path,$data['size'],$data['mtime'],$data['ctime'],$data['mimetype'],$mimePart,$user,$data['writable'])); - + $result=$query->execute(array($parent,basename($path),$path,$data['size'],$data['mtime'],$data['ctime'],$data['mimetype'],$mimePart,$user,$data['writable'])); + if(OC_DB::isError($result)){ + OC_Log::write('files','error while writing file('.$path.') to cache',OC_Log::ERROR); + } } /** @@ -128,7 +130,10 @@ class OC_FileCache{ $sql = 'UPDATE *PREFIX*fscache SET '.implode(' , ',$queryParts).' WHERE id=?'; $query=OC_DB::prepare($sql); - $query->execute($arguments); + $result=$query->execute($arguments); + if(OC_DB::isError($result)){ + OC_Log::write('files','error while updating file('.$path.') in cache',OC_Log::ERROR); + } } /** @@ -262,11 +267,20 @@ class OC_FileCache{ */ private static function getFileId($path){ $query=OC_DB::prepare('SELECT id FROM *PREFIX*fscache WHERE path=?'); - $result=$query->execute(array($path))->fetchRow(); + if(OC_DB::isError($query)){ + OC_Log::write('files','error while getting file id of '.$path,OC_Log::ERROR); + return -1; + } + $result=$query->execute(array($path)); + if(OC_DB::isError($result)){ + OC_Log::write('files','error while getting file id of '.$path,OC_Log::ERROR); + return -1; + } + $result=$result->fetchRow(); if(is_array($result)){ return $result['id']; }else{ - OC_Log::write('getFileId(): file not found in cache ('.$path.')','core',OC_Log::DEBUG); + OC_Log::write('getFileId(): file not found in cache ('.$path.')','core',OC_Log::DEBUG); return -1; } } From 8fe5251029c9e3c711660abcb58c7e60f6b88f97 Mon Sep 17 00:00:00 2001 From: Bartek Przybylski Date: Sat, 25 Feb 2012 20:37:51 +0100 Subject: [PATCH 06/22] unicode chars in gallery name fix --- apps/gallery/ajax/galleryOp.php | 3 ++- apps/gallery/ajax/getAlbums.php | 2 +- apps/gallery/js/albums.js | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/apps/gallery/ajax/galleryOp.php b/apps/gallery/ajax/galleryOp.php index 5ac6d295108..f07814056a3 100644 --- a/apps/gallery/ajax/galleryOp.php +++ b/apps/gallery/ajax/galleryOp.php @@ -41,7 +41,8 @@ function handleRemove($name) { function handleGetThumbnails($albumname) { OC_Response::enableCaching(3600 * 24); // 24 hour - $thumbnail = OC::$CONFIG_DATADIRECTORY.'/../gallery/'.$albumname.'.png'; + error_log(htmlentities($albumname)); + $thumbnail = OC::$CONFIG_DATADIRECTORY.'/../gallery/'.urldecode($albumname).'.png'; header('Content-Type: '.OC_Image::getMimeTypeForFile($thumbnail)); OC_Response::sendFile($thumbnail); } diff --git a/apps/gallery/ajax/getAlbums.php b/apps/gallery/ajax/getAlbums.php index 9e9c6ef496c..be87af2abd3 100644 --- a/apps/gallery/ajax/getAlbums.php +++ b/apps/gallery/ajax/getAlbums.php @@ -33,7 +33,7 @@ while ($r = $result->fetchRow()) { $album_name = $r['album_name']; $tmp_res = OC_Gallery_Photo::find($r['album_id']); - $a[] = array('name' => $album_name, 'numOfItems' => min($tmp_res->numRows(), 10), 'bgPath' => OC::$WEBROOT.'/data/'.OC_User::getUser().'/gallery/'.$album_name.'.png'); + $a[] = array('name' => utf8_encode($album_name), 'numOfItems' => min($tmp_res->numRows(), 10), 'bgPath' => OC::$WEBROOT.'/data/'.OC_User::getUser().'/gallery/'.$album_name.'.png'); } OC_JSON::success(array('albums'=>$a)); diff --git a/apps/gallery/js/albums.js b/apps/gallery/js/albums.js index 987412f28e0..adecd24cc75 100644 --- a/apps/gallery/js/albums.js +++ b/apps/gallery/js/albums.js @@ -54,9 +54,9 @@ Albums={ event.preventDefault(); galleryRemove(event.data.name); }); - $("a.view", local).attr('href','?view='+escape(a.name)); - $('h1',local).text(a.name); - $(".gallery_album_cover", local).attr('title',a.name); + $("a.view", local).attr('href','?view='+decodeURIComponent(escape(a.name))); + $('h1',local).text(decodeURIComponent(escape(a.name))); + $(".gallery_album_cover", local).attr('title',decodeURIComponent(escape(a.name))); $(".gallery_album_cover", local).css('background-repeat', 'no-repeat'); $(".gallery_album_cover", local).css('background-position', '0'); $(".gallery_album_cover", local).css('background-image','url("ajax/galleryOp.php?operation=get_covers&albumname='+escape(a.name)+'")'); From 820f2f27f6ba0509b43b70eb61204355acfeb30f Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Sat, 25 Feb 2012 21:59:58 +0000 Subject: [PATCH 07/22] security hardening in remoteStorage app --- apps/remoteStorage/WebDAV.php | 8 ++++++-- apps/remoteStorage/auth.php | 3 ++- apps/remoteStorage/oauth_ro_auth.php | 23 +++++++++++++---------- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/apps/remoteStorage/WebDAV.php b/apps/remoteStorage/WebDAV.php index 06520b4021b..cad465181a9 100644 --- a/apps/remoteStorage/WebDAV.php +++ b/apps/remoteStorage/WebDAV.php @@ -69,7 +69,10 @@ if(count($pathParts) >= 3 && $pathParts[0] == '') { $server->setBaseUri(OC::$WEBROOT."/apps/remoteStorage/WebDAV.php/$ownCloudUser"); // Auth backend - $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $category)); + $authBackend = new OC_Connector_Sabre_Auth_ro_oauth( + OC_remoteStorage::getValidTokens($ownCloudUser, $category), + $category + ); $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here $server->addPlugin($authPlugin); @@ -82,5 +85,6 @@ if(count($pathParts) >= 3 && $pathParts[0] == '') { // And off we go! $server->exec(); } else { - die('not the right address format '.var_export($pathParts, true)); + //die('not the right address format '.var_export($pathParts, true)); + die('not the right address format'); } diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index 75e0aac419d..cc40e895e01 100644 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -96,5 +96,6 @@ if(count($pathParts) == 2 && $pathParts[0] == '') { .'
'); } } else { - die('please use auth.php/username?params. '.var_export($pathParts, true)); + //die('please use auth.php/username?params. '.var_export($pathParts, true)); + die('please use auth.php/username?params.'); } diff --git a/apps/remoteStorage/oauth_ro_auth.php b/apps/remoteStorage/oauth_ro_auth.php index d4a55061492..085a5469920 100644 --- a/apps/remoteStorage/oauth_ro_auth.php +++ b/apps/remoteStorage/oauth_ro_auth.php @@ -16,9 +16,10 @@ class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBasic { private $validTokens; - - public function __construct($validTokensArg) { + private $category; + public function __construct($validTokensArg, $categoryArg) { $this->validTokens = $validTokensArg; + $this->category = $categoryArg; } /** @@ -31,16 +32,16 @@ class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBa */ protected function validateUserPass($username, $password){ //always give read-only: - if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { - OC_Util::setUpFS(); - return true; - } else if(isset($this->validTokens[$password])) { + if(($_SERVER['REQUEST_METHOD'] == 'OPTIONS') + || (isset($this->validTokens[$password])) + || (($_SERVER['REQUEST_METHOD'] == 'GET') && ($this->category == 'public')) + ) { OC_Util::setUpFS(); return true; } else { -var_export($_SERVER); -var_export($this->validTokens); -die('not getting in with "'.$username.'"/"'.$password.'"!'); + //var_export($_SERVER); + //var_export($this->validTokens); + //die('not getting in with "'.$username.'"/"'.$password.'"!'); return false; } } @@ -53,7 +54,9 @@ die('not getting in with "'.$username.'"/"'.$password.'"!'); $auth->setRealm($realm); $userpass = $auth->getUserPass(); if (!$userpass) { - if(in_array($_SERVER['REQUEST_METHOD'], array('OPTIONS'))) { + if(($_SERVER['REQUEST_METHOD'] == 'OPTIONS') + ||(($_SERVER['REQUEST_METHOD'] == 'GET') && ($this->category == 'public')) + ) { $userpass = array('', ''); } else { $auth->requireLogin(); From 28650191c36e610c7d1335272e304e59ebe371bb Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Sat, 25 Feb 2012 22:01:04 +0000 Subject: [PATCH 08/22] bump up version and update license --- apps/remoteStorage/appinfo/info.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/remoteStorage/appinfo/info.xml b/apps/remoteStorage/appinfo/info.xml index 8179ca99112..5f061da258c 100644 --- a/apps/remoteStorage/appinfo/info.xml +++ b/apps/remoteStorage/appinfo/info.xml @@ -3,8 +3,8 @@ remoteStorage remoteStorage compatibility Enables your users to use ownCloud as their remote storage for unhosted applications. - 0.2 - AGPL + 0.3 + AGPL or MIT Michiel de Jong 2 From 42735429dac1bfdb9dca403f9abc97313acd8d3d Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Sat, 25 Feb 2012 22:03:14 +0000 Subject: [PATCH 09/22] bump up version and update license --- apps/user_webfinger/appinfo/info.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/user_webfinger/appinfo/info.xml b/apps/user_webfinger/appinfo/info.xml index a4071dae172..55cf2cf2201 100644 --- a/apps/user_webfinger/appinfo/info.xml +++ b/apps/user_webfinger/appinfo/info.xml @@ -3,8 +3,8 @@ user_webfinger Webfinger Provide WebFinger for all users so they get a user address like user@owncloudinstance which can be used for unhosted applications. If you don't run ownCloud in the root of your domain, for instance if you run it on example.com/owncloud/, then make sure you link example.com/.well-known/ to example.com/owncloud/apps/user_webfinger/ - by running something like "ln -s /var/www/owncloud/apps/user_webfinger /var/www/.well-known". Only enable this app if you run this ownCloud installation on a public web address, not if you run it on an intranet or on localhost. - 0.1 - AGPL + 0.2 + AGPL or MIT Michiel de Jong 2 From a7d7597d552ce41aa7f9d77c751b9160224cf96a Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Sat, 25 Feb 2012 23:15:31 +0000 Subject: [PATCH 10/22] fix type error in dir creation for categories --- apps/remoteStorage/appinfo/info.xml | 2 +- apps/remoteStorage/lib_remoteStorage.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/remoteStorage/appinfo/info.xml b/apps/remoteStorage/appinfo/info.xml index 5f061da258c..1fc146aac73 100644 --- a/apps/remoteStorage/appinfo/info.xml +++ b/apps/remoteStorage/appinfo/info.xml @@ -3,7 +3,7 @@ remoteStorage remoteStorage compatibility Enables your users to use ownCloud as their remote storage for unhosted applications. - 0.3 + 0.4 AGPL or MIT Michiel de Jong 2 diff --git a/apps/remoteStorage/lib_remoteStorage.php b/apps/remoteStorage/lib_remoteStorage.php index 4f5c9664509..a9b73516aad 100644 --- a/apps/remoteStorage/lib_remoteStorage.php +++ b/apps/remoteStorage/lib_remoteStorage.php @@ -41,7 +41,7 @@ class OC_remoteStorage { $token=uniqid(); OC_Util::setupFS(OC_User::getUser()); self::addToken($token, $appUrl, $categories); - foreach($categories as $category) { + foreach(explode(',', $categories) as $category) { //TODO: input checking on $category $scopePathParts = array('remoteStorage', $category); for($i=0;$i<=count($scopePathParts);$i++){ From 797e921b9aa25f832718a3c44cfcb936f96c49df Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sat, 25 Feb 2012 21:19:32 +0100 Subject: [PATCH 11/22] improve log browsing --- core/js/js.js | 33 +++++++++++++++++++++++++++ files/js/files.js | 33 --------------------------- lib/log.php | 26 ++++++++++++--------- settings/ajax/getlog.php | 17 ++++++++++++++ settings/ajax/setquota.php | 5 +++++ settings/css/settings.css | 3 +++ settings/js/log.js | 46 ++++++++++++++++++++++++++++++++++++++ settings/log.php | 5 ++++- settings/templates/log.php | 5 +++-- 9 files changed, 126 insertions(+), 47 deletions(-) create mode 100644 settings/ajax/getlog.php create mode 100644 settings/js/log.js diff --git a/core/js/js.js b/core/js/js.js index 6da9c29e693..076fbf04c78 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -444,4 +444,37 @@ $.fn.filterAttr = function(attr_name, attr_value) { return this.filter(function() { return $(this).attr(attr_name) === attr_value; }); }; +function humanFileSize(bytes){ + if( bytes < 1024 ){ + return bytes+' B'; + } + bytes = Math.round(bytes / 1024, 1 ); + if( bytes < 1024 ){ + return bytes+' kB'; + } + bytes = Math.round( bytes / 1024, 1 ); + if( bytes < 1024 ){ + return bytes+' MB'; + } + + // Wow, heavy duty for owncloud + bytes = Math.round( bytes / 1024, 1 ); + return bytes+' GB'; +} +function simpleFileSize(bytes) { + mbytes = Math.round(bytes/(1024*1024/10))/10; + if(bytes == 0) { return '0'; } + else if(mbytes < 0.1) { return '< 0.1'; } + else if(mbytes > 1000) { return '> 1000'; } + else { return mbytes.toFixed(1); } +} + +function formatDate(date){ + if(typeof date=='number'){ + date=new Date(date); + } + var monthNames = [ t('files','January'), t('files','February'), t('files','March'), t('files','April'), t('files','May'), t('files','June'), + t('files','July'), t('files','August'), t('files','September'), t('files','October'), t('files','November'), t('files','December') ]; + return monthNames[date.getMonth()]+' '+date.getDate()+', '+date.getFullYear()+', '+((date.getHours()<10)?'0':'')+date.getHours()+':'+date.getMinutes(); +} diff --git a/files/js/files.js b/files/js/files.js index 9f1f5368df0..f5dc40ad45d 100644 --- a/files/js/files.js +++ b/files/js/files.js @@ -387,39 +387,6 @@ function updateBreadcrumb(breadcrumbHtml) { $('p.nav').empty().html(breadcrumbHtml); } -function humanFileSize(bytes){ - if( bytes < 1024 ){ - return bytes+' B'; - } - bytes = Math.round(bytes / 1024, 1 ); - if( bytes < 1024 ){ - return bytes+' kB'; - } - bytes = Math.round( bytes / 1024, 1 ); - if( bytes < 1024 ){ - return bytes+' MB'; - } - - // Wow, heavy duty for owncloud - bytes = Math.round( bytes / 1024, 1 ); - return bytes+' GB'; -} - -function simpleFileSize(bytes) { - mbytes = Math.round(bytes/(1024*1024/10))/10; - if(bytes == 0) { return '0'; } - else if(mbytes < 0.1) { return '< 0.1'; } - else if(mbytes > 1000) { return '> 1000'; } - else { return mbytes.toFixed(1); } -} - -function formatDate(date){ - var monthNames = [ t('files','January'), t('files','February'), t('files','March'), t('files','April'), t('files','May'), t('files','June'), - t('files','July'), t('files','August'), t('files','September'), t('files','October'), t('files','November'), t('files','December') ]; - return monthNames[date.getMonth()]+' '+date.getDate()+', '+date.getFullYear()+', '+((date.getHours()<10)?'0':'')+date.getHours()+':'+date.getMinutes(); -} - - //options for file drag/dropp var dragOptions={ distance: 20, revert: 'invalid', opacity: 0.7, diff --git a/lib/log.php b/lib/log.php index 446ddd48848..4e450a027f5 100644 --- a/lib/log.php +++ b/lib/log.php @@ -3,7 +3,7 @@ * ownCloud * * @author Robin Appelman - * @copyright 2011 Robin Appelman icewind1991@gmail.com + * @copyright 2012 Robin Appelman icewind1991@gmail.com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE @@ -50,25 +50,29 @@ class OC_Log{ fclose($fh); } } - - public static function getEntries(){ + + /** + * get entries from the log in reverse chronological order + * @param int limit + * @param int offset + * @return array + */ + public static function getEntries($limit=50,$offset=0){ $datadir=OC_Config::getValue( "datadirectory", OC::$SERVERROOT.'/data' ); $logFile=OC_Config::getValue( "logfile", $datadir.'/owncloud.log' ); $entries=array(); if(!file_exists($logFile)){ return array(); } - $fh=fopen($logFile,'r'); - if($fh === false){ // Unable to read log file! + $contents=file($logFile); + if(!$contents){//error while reading log return array(); } - while(!feof($fh)){ - $line=fgets($fh); - if($line){ - $entries[]=json_decode($line); - } + $end=max(count($contents)-$offset-1,0); + $start=max($end-$limit,0); + for($i=$end;$i>$start;$i--){ + $entries[]=json_decode($contents[$i]); } - fclose($fh); return $entries; } } diff --git a/settings/ajax/getlog.php b/settings/ajax/getlog.php new file mode 100644 index 00000000000..600ebefcece --- /dev/null +++ b/settings/ajax/getlog.php @@ -0,0 +1,17 @@ + + * This file is licensed under the Affero General Public License version 3 or later. + * See the COPYING-README file. + */ + +// Init owncloud +require_once('../../lib/base.php'); + +OC_JSON::checkAdminUser(); + +$count=(isset($_GET['count']))?$_GET['count']:50; +$offset=(isset($_GET['offset']))?$_GET['offset']:0; + +$entries=OC_Log::getEntries($count,$offset); +OC_JSON::success(array("data" => $entries)); diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php index dc87625a05d..f59017600ac 100644 --- a/settings/ajax/setquota.php +++ b/settings/ajax/setquota.php @@ -1,4 +1,9 @@ + * This file is licensed under the Affero General Public License version 3 or later. + * See the COPYING-README file. + */ // Init owncloud require_once('../../lib/base.php'); diff --git a/settings/css/settings.css b/settings/css/settings.css index 7a5873bb4d2..e80de0f1ad2 100644 --- a/settings/css/settings.css +++ b/settings/css/settings.css @@ -40,3 +40,6 @@ select.quota.active { background: #fff; } li { color:#888; } li.active { color:#000; } span.version { margin-left:3em; color:#ddd; } + +/* LOF */ +#log { white-space:normal; } \ No newline at end of file diff --git a/settings/js/log.js b/settings/js/log.js new file mode 100644 index 00000000000..3814d9c10bf --- /dev/null +++ b/settings/js/log.js @@ -0,0 +1,46 @@ +/** + * Copyright (c) 2012, Robin Appelman + * This file is licensed under the Affero General Public License version 3 or later. + * See the COPYING-README file. + */ + +OC.Log={ + levels:['Debug','Info','Warning','Error','Fatal'], + loaded:50,//are initially loaded + getMore:function(){ + $.get(OC.filePath('settings','ajax','getlog.php'),{offset:OC.Log.loaded},function(result){ + if(result.status=='success'){ + OC.Log.addEntries(result.data); + } + }); + OC.Log.loaded+=50; + }, + addEntries:function(entries){ + for(var i=0;i'); + var levelTd=$(''); + levelTd.text(OC.Log.levels[entry.level]); + row.append(levelTd); + + var appTd=$(''); + appTd.text(entry.app); + row.append(appTd); + + var messageTd=$(''); + messageTd.text(entry.message); + row.append(messageTd); + + var timeTd=$(''); + timeTd.text(formatDate(entry.time)); + row.append(timeTd); + $('#log').append(row); + } + } +} + +$(document).ready(function(){ + $('#moreLog').click(function(){ + OC.Log.getMore(); + }) +}); diff --git a/settings/log.php b/settings/log.php index 21303c2170f..946f2b6f8e5 100644 --- a/settings/log.php +++ b/settings/log.php @@ -3,7 +3,7 @@ * ownCloud * * @author Robin Appelman - * @copyright 2011 Robin Appelman icewind1991@gmail.com + * @copyright 2012 Robin Appelman icewind1991@gmail.com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE @@ -30,6 +30,9 @@ OC_App::setActiveNavigationEntry( "core_log" ); $entries=OC_Log::getEntries(); +OC_Util::addScript('settings','log'); +OC_Util::addStyle('settings','settings'); + function compareEntries($a,$b){ return $b->time - $a->time; } diff --git a/settings/templates/log.php b/settings/templates/log.php index bcf5258f5f5..da5defc320e 100644 --- a/settings/templates/log.php +++ b/settings/templates/log.php @@ -9,7 +9,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal');
- +
-
@@ -26,4 +26,5 @@ $levels=array('Debug','Info','Warning','Error','Fatal');
\ No newline at end of file + +...'> From a5e892505e494b906f942aa3ac1d6489f73a5f05 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 03:10:01 +0100 Subject: [PATCH 12/22] more robust png fallback --- core/js/js.js | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/core/js/js.js b/core/js/js.js index 076fbf04c78..4b5062eb1a6 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -252,16 +252,22 @@ function replaceSVG(){ $('.svg').each(function(index,element){ element=$(element); var background=element.css('background-image'); - if(background && background!='none'){ - background=background.substr(0,background.length-4)+'png)'; - element.css('background-image',background); + if(background){ + var i=background.lastIndexOf('.svg'); + if(i>=0){ + background=background.substr(0,i)+'.png'+background.substr(i+4); + element.css('background-image',background); + } } element.find('*').each(function(index,element) { element=$(element); var background=element.css('background-image'); - if(background && background!='none'){ - background=background.substr(0,background.length-4)+'png)'; - element.css('background-image',background); + if(background){ + var i=background.lastIndexOf('.svg'); + if(i>=0){ + background=background.substr(0,i)+'.png'+background.substr(i+4); + element.css('background-image',background); + } } }); }); From ff9111847f6646a35a7197c0c956559972a7bccb Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 03:24:00 +0100 Subject: [PATCH 13/22] additional error codes for file upload --- files/ajax/upload.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/files/ajax/upload.php b/files/ajax/upload.php index 241edc216ff..67611fb893e 100644 --- a/files/ajax/upload.php +++ b/files/ajax/upload.php @@ -16,12 +16,13 @@ foreach ($_FILES['files']['error'] as $error) { if ($error != 0) { $l=new OC_L10N('files'); $errors = array( - 0=>$l->t("There is no error, the file uploaded with success"), - 1=>$l->t("The uploaded file exceeds the upload_max_filesize directive in php.ini").ini_get('upload_max_filesize'), - 2=>$l->t("The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"), - 3=>$l->t("The uploaded file was only partially uploaded"), - 4=>$l->t("No file was uploaded"), - 6=>$l->t("Missing a temporary folder") + UPLOAD_ERR_OK=>$l->t("There is no error, the file uploaded with success"), + UPLOAD_ERR_INI_SIZE=>$l->t("The uploaded file exceeds the upload_max_filesize directive in php.ini").ini_get('upload_max_filesize'), + UPLOAD_ERR_FORM_SIZE=>$l->t("The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"), + UPLOAD_ERR_PARTIAL=>$l->t("The uploaded file was only partially uploaded"), + UPLOAD_ERR_NO_FILE=>$l->t("No file was uploaded"), + UPLOAD_ERR_NO_TMP_DIR=>$l->t("Missing a temporary folder"), + UPLOAD_ERR_CANT_WRITE=>$l->t('Failed to write to disk'), ); OC_JSON::error(array("data" => array( "message" => $errors[$error] ))); exit(); From fe0832746b8b084f36706e296896a3a7e56e98cb Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 03:31:04 +0100 Subject: [PATCH 14/22] intval() of a number seems unnecessary and it could cause 32bit integer overflow issues --- lib/helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/helper.php b/lib/helper.php index 2f71bdad2dc..80074a21b97 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -194,7 +194,7 @@ class OC_Helper { $bytes *= $bytes_array[$matches[1]]; } - $bytes = intval(round($bytes, 2)); + $bytes = round($bytes, 2); return $bytes; } From 0b19af5e10ea83400e114c8b2d4252fb8d50cc33 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 03:42:15 +0100 Subject: [PATCH 15/22] application/ogg is music to --- apps/media/ajax/api.php | 5 ++++- apps/media/lib_scanner.php | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/media/ajax/api.php b/apps/media/ajax/api.php index bb4502690b5..9d9c14deb17 100644 --- a/apps/media/ajax/api.php +++ b/apps/media/ajax/api.php @@ -120,7 +120,10 @@ if($arguments['action']){ OC_Filesystem::readfile($arguments['path']); exit; case 'find_music': - OC_JSON::encodedPrint(OC_FileCache::searchByMime('audio')); + $music=OC_FileCache::searchByMime('audio'); + $ogg=OC_FileCache::searchByMime('application','ogg'); + $music=array_merge($music,$ogg); + OC_JSON::encodedPrint($music); exit; } } diff --git a/apps/media/lib_scanner.php b/apps/media/lib_scanner.php index ea594ee8e3c..39658b27ba9 100644 --- a/apps/media/lib_scanner.php +++ b/apps/media/lib_scanner.php @@ -38,6 +38,8 @@ class OC_MEDIA_SCANNER{ */ public static function scanCollection($eventSource=null){ $music=OC_FileCache::searchByMime('audio'); + $ogg=OC_FileCache::searchByMime('application','ogg'); + $music=array_merge($music,$ogg); $eventSource->send('count',count($music)); $songs=0; foreach($music as $file){ From c8c3b8a63ea1c4763e1a5197487f0ae3506339c1 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 03:54:21 +0100 Subject: [PATCH 16/22] chunked implementation for readfile prevents memory issues when downloading large files --- apps/files_sharing/sharedstorage.php | 8 -------- lib/filestorage.php | 1 - lib/filestorage/local.php | 3 --- lib/filestoragecommon.php | 8 -------- lib/filesystemview.php | 9 ++++++++- 5 files changed, 8 insertions(+), 21 deletions(-) diff --git a/apps/files_sharing/sharedstorage.php b/apps/files_sharing/sharedstorage.php index cb641e68a84..0e110da30b1 100644 --- a/apps/files_sharing/sharedstorage.php +++ b/apps/files_sharing/sharedstorage.php @@ -281,14 +281,6 @@ class OC_Filestorage_Shared extends OC_Filestorage { } } - public function readfile($path) { - $source = $this->getSource($path); - if ($source) { - $storage = OC_Filesystem::getStorage($source); - return $storage->readfile($this->getInternalPath($source)); - } - } - public function filectime($path) { if ($path == "" || $path == "/") { $ctime = 0; diff --git a/lib/filestorage.php b/lib/filestorage.php index 4523144f6f4..989f5b311f3 100644 --- a/lib/filestorage.php +++ b/lib/filestorage.php @@ -36,7 +36,6 @@ class OC_Filestorage{ public function is_readable($path){} public function is_writable($path){} public function file_exists($path){} - public function readfile($path){} public function filectime($path){} public function filemtime($path){} public function file_get_contents($path){} diff --git a/lib/filestorage/local.php b/lib/filestorage/local.php index dcb516a3afb..243fdd3ba6b 100644 --- a/lib/filestorage/local.php +++ b/lib/filestorage/local.php @@ -52,9 +52,6 @@ class OC_Filestorage_Local extends OC_Filestorage{ public function file_exists($path){ return file_exists($this->datadir.$path); } - public function readfile($path){ - return readfile($this->datadir.$path); - } public function filectime($path){ return filectime($this->datadir.$path); } diff --git a/lib/filestoragecommon.php b/lib/filestoragecommon.php index f522d15c4e9..45ad11fcde8 100644 --- a/lib/filestoragecommon.php +++ b/lib/filestoragecommon.php @@ -37,14 +37,6 @@ class OC_Filestorage_Common extends OC_Filestorage { public function is_readable($path){} public function is_writable($path){} public function file_exists($path){} - public function readfile($path) { - $handle = $this->fopen($path, "r"); - $chunk = 1024; - while (!feof($handle)) { - echo fread($handle, $chunk); - } - return $this->filesize($path); - } public function filectime($path) { $stat = $this->stat($path); return $stat['ctime']; diff --git a/lib/filesystemview.php b/lib/filesystemview.php index 91c6cd17720..ab254cc512f 100644 --- a/lib/filesystemview.php +++ b/lib/filesystemview.php @@ -136,7 +136,14 @@ class OC_FilesystemView { return $this->basicOperation('filesize',$path); } public function readfile($path){ - return $this->basicOperation('readfile',$path,array('read')); + $handle=$this->fopen($path,'r'); + $chunkSize = 1024*1024;// 1 MB chunks + while (!feof($handle)) { + echo fread($handle, $chunkSize); + @ob_flush(); + flush(); + } + return $this->filesize($path); } public function is_readable($path){ return $this->basicOperation('is_readable',$path); From 0af31a532818012e9db50aa7f2ec061c0924aa4d Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 03:56:45 +0100 Subject: [PATCH 17/22] missed one is_writeable --- apps/files_sharing/sharedstorage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/files_sharing/sharedstorage.php b/apps/files_sharing/sharedstorage.php index 0e110da30b1..457966a96e2 100644 --- a/apps/files_sharing/sharedstorage.php +++ b/apps/files_sharing/sharedstorage.php @@ -58,7 +58,7 @@ class OC_Filestorage_Shared extends OC_Filestorage { } public function mkdir($path) { - if ($path == "" || $path == "/" || !$this->is_writeable($path)) { + if ($path == "" || $path == "/" || !$this->is_writable($path)) { return false; } else { $source = $this->getSource($path); From 6c501f90bb3bf61edbe507b9864146d1642a328b Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 04:09:48 +0100 Subject: [PATCH 18/22] hopefully a fix for webroot detection --- lib/base.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/base.php b/lib/base.php index 342bdc6768e..404f3dd7f91 100644 --- a/lib/base.php +++ b/lib/base.php @@ -143,6 +143,13 @@ class OC{ $scriptName=$_SERVER["SCRIPT_NAME"]; if(substr($scriptName,-1)=='/'){ $scriptName.='index.php'; + //make sure suburi follows the same rules as scriptName + if(substr(OC::$SUBURI,-9)!='index.php'){ + if(substr(OC::$SUBURI,-1)!='/'){ + OC::$SUBURI=OC::$SUBURI.'/'; + } + OC::$SUBURI=OC::$SUBURI.'index.php'; + } } OC::$WEBROOT=substr($scriptName,0,strlen($scriptName)-strlen(OC::$SUBURI)); From 92c7b2717d4cff555ac8037b2b7dc5c59a79f493 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Sun, 26 Feb 2012 13:45:20 +0100 Subject: [PATCH 19/22] add OC_Geo class --- lib/geo.php | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 lib/geo.php diff --git a/lib/geo.php b/lib/geo.php new file mode 100644 index 00000000000..a967ab28a96 --- /dev/null +++ b/lib/geo.php @@ -0,0 +1,31 @@ + + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ +class OC_Geo{ + /* + * @brief returns the closest timezone to coordinates + * @param (string) $latitude - Latitude + * @param (string) $longitude - Longitude + * @return (string) $timezone - closest timezone + */ + public static function timezone($latitude, $longitude){ + $alltimezones = DateTimeZone::listIdentifiers(); + $variances = array(); + //calculate for all timezones the system know + foreach($alltimezones as $timezone){ + $datetimezoneobj = new DateTimeZone($timezone); + $locationinformations = $datetimezoneobj->getLocation(); + $latitudeoftimezone = $locationinformations['latitude']; + $longitudeoftimezone = $locationinformations['longitude']; + $variances[abs($latitudeoftimezone - $latitude) + abs($longitudeoftimezone - $longitude)] = $timezone; + } + //sort array and return the timezone with the smallest difference + ksort($variances); + reset($variances); + return current($variances); + } +} \ No newline at end of file From 89865cb8a0ca668f628e6e3e6a43bca7e72eab63 Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Sun, 26 Feb 2012 13:45:51 +0100 Subject: [PATCH 20/22] stop using 3rdparty services for timezone detection --- apps/calendar/ajax/settings/guesstimezone.php | 53 ++++++------------- apps/calendar/js/geo.js | 1 - 2 files changed, 16 insertions(+), 38 deletions(-) diff --git a/apps/calendar/ajax/settings/guesstimezone.php b/apps/calendar/ajax/settings/guesstimezone.php index cfa92e1aee8..d45a70e1ce3 100755 --- a/apps/calendar/ajax/settings/guesstimezone.php +++ b/apps/calendar/ajax/settings/guesstimezone.php @@ -5,44 +5,23 @@ * later. * See the COPYING-README file. */ -function make_array_out_of_xml ($xml){ - $returnarray = array(); - $xml = (array)$xml ; - foreach ($xml as $property => $value){ - $value = (array)$value; - if(!isset($value[0])){ - $returnarray[$property] = make_array_out_of_xml($value); - }else{ - $returnarray[$property] = trim($value[0]); - } - } - return $returnarray; -} require_once('../../../../lib/base.php'); + OC_JSON::checkLoggedIn(); OC_JSON::checkAppEnabled('calendar'); -$l = new OC_L10N('calendar'); -$lat = $_GET['lat']; -$long = $_GET['long']; -if(OC_Preferences::getValue(OC_USER::getUser(), 'calendar', 'position') == $lat . '-' . $long && OC_Preferences::getValue(OC_USER::getUser(), 'calendar', 'timezone') != null){ - OC_JSON::success(); - exit; -} -OC_Preferences::setValue(OC_USER::getUser(), 'calendar', 'position', $lat . '-' . $long); -$geolocation = file_get_contents('http://ws.geonames.org/timezone?lat=' . $lat . '&lng=' . $long); -//Information are by Geonames (http://www.geonames.org) and licensed under the Creative Commons Attribution 3.0 License -$geoxml = simplexml_load_string($geolocation); -$geoarray = make_array_out_of_xml($geoxml); -if($geoarray['timezone']['timezoneId'] == OC_Preferences::getValue(OC_USER::getUser(), 'calendar', 'timezone')){ - OC_JSON::success(); - exit; -} -if(in_array($geoarray['timezone']['timezoneId'], DateTimeZone::listIdentifiers())){ - OC_Preferences::setValue(OC_USER::getUser(), 'calendar', 'timezone', $geoarray['timezone']['timezoneId']); - $message = array('message'=> $l->t('New Timezone:') . $geoarray['timezone']['timezoneId']); - OC_JSON::success($message); -}else{ - OC_JSON::error(); -} -?> +$l = new OC_L10N('calendar'); + +$lat = $_GET['lat']; +$lng = $_GET['long']; + +$timezone = OC_Geo::timezone($lat, $lng); + +if($timezone == OC_Preferences::getValue(OC_USER::getUser(), 'calendar', 'timezone')){ + OC_JSON::success(); + exit; +} +OC_Preferences::setValue(OC_USER::getUser(), 'calendar', 'timezone', $timezone); +$message = array('message'=> $l->t('New Timezone:') . $timezone); +OC_JSON::success($message); +?> \ No newline at end of file diff --git a/apps/calendar/js/geo.js b/apps/calendar/js/geo.js index c9cc5dd0955..7018c6298a2 100755 --- a/apps/calendar/js/geo.js +++ b/apps/calendar/js/geo.js @@ -10,7 +10,6 @@ if (navigator.geolocation) { function(data){ if (data.status == 'success' && typeof(data.message) != 'undefined'){ $('#notification').html(data.message); - $('#notification').attr('title', 'CC BY 3.0 by Geonames.org'); $('#notification').slideDown(); window.setTimeout(function(){$('#notification').slideUp();}, 5000); }else{ From 62cd89da14608f4b390c42fe732130ffe8a432fc Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 13:49:51 +0100 Subject: [PATCH 21/22] improved password hashing based one phpass old passwords are automatically upgraded on login --- 3rdparty/phpass/PasswordHash.php | 253 ++++++++++++++++++++++++++++++ 3rdparty/phpass/c/Makefile | 21 +++ 3rdparty/phpass/c/crypt_private.c | 106 +++++++++++++ 3rdparty/phpass/test.php | 72 +++++++++ lib/user/database.php | 49 +++++- 5 files changed, 494 insertions(+), 7 deletions(-) create mode 100644 3rdparty/phpass/PasswordHash.php create mode 100644 3rdparty/phpass/c/Makefile create mode 100644 3rdparty/phpass/c/crypt_private.c create mode 100644 3rdparty/phpass/test.php diff --git a/3rdparty/phpass/PasswordHash.php b/3rdparty/phpass/PasswordHash.php new file mode 100644 index 00000000000..12958c7f19e --- /dev/null +++ b/3rdparty/phpass/PasswordHash.php @@ -0,0 +1,253 @@ + in 2004-2006 and placed in +# the public domain. Revised in subsequent years, still public domain. +# +# There's absolutely no warranty. +# +# The homepage URL for this framework is: +# +# http://www.openwall.com/phpass/ +# +# Please be sure to update the Version line if you edit this file in any way. +# It is suggested that you leave the main version number intact, but indicate +# your project name (after the slash) and add your own revision information. +# +# Please do not change the "private" password hashing method implemented in +# here, thereby making your hashes incompatible. However, if you must, please +# change the hash type identifier (the "$P$") to something different. +# +# Obviously, since this code is in the public domain, the above are not +# requirements (there can be none), but merely suggestions. +# +class PasswordHash { + var $itoa64; + var $iteration_count_log2; + var $portable_hashes; + var $random_state; + + function PasswordHash($iteration_count_log2, $portable_hashes) + { + $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; + + if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) + $iteration_count_log2 = 8; + $this->iteration_count_log2 = $iteration_count_log2; + + $this->portable_hashes = $portable_hashes; + + $this->random_state = microtime(); + if (function_exists('getmypid')) + $this->random_state .= getmypid(); + } + + function get_random_bytes($count) + { + $output = ''; + if (is_readable('/dev/urandom') && + ($fh = @fopen('/dev/urandom', 'rb'))) { + $output = fread($fh, $count); + fclose($fh); + } + + if (strlen($output) < $count) { + $output = ''; + for ($i = 0; $i < $count; $i += 16) { + $this->random_state = + md5(microtime() . $this->random_state); + $output .= + pack('H*', md5($this->random_state)); + } + $output = substr($output, 0, $count); + } + + return $output; + } + + function encode64($input, $count) + { + $output = ''; + $i = 0; + do { + $value = ord($input[$i++]); + $output .= $this->itoa64[$value & 0x3f]; + if ($i < $count) + $value |= ord($input[$i]) << 8; + $output .= $this->itoa64[($value >> 6) & 0x3f]; + if ($i++ >= $count) + break; + if ($i < $count) + $value |= ord($input[$i]) << 16; + $output .= $this->itoa64[($value >> 12) & 0x3f]; + if ($i++ >= $count) + break; + $output .= $this->itoa64[($value >> 18) & 0x3f]; + } while ($i < $count); + + return $output; + } + + function gensalt_private($input) + { + $output = '$P$'; + $output .= $this->itoa64[min($this->iteration_count_log2 + + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; + $output .= $this->encode64($input, 6); + + return $output; + } + + function crypt_private($password, $setting) + { + $output = '*0'; + if (substr($setting, 0, 2) == $output) + $output = '*1'; + + $id = substr($setting, 0, 3); + # We use "$P$", phpBB3 uses "$H$" for the same thing + if ($id != '$P$' && $id != '$H$') + return $output; + + $count_log2 = strpos($this->itoa64, $setting[3]); + if ($count_log2 < 7 || $count_log2 > 30) + return $output; + + $count = 1 << $count_log2; + + $salt = substr($setting, 4, 8); + if (strlen($salt) != 8) + return $output; + + # We're kind of forced to use MD5 here since it's the only + # cryptographic primitive available in all versions of PHP + # currently in use. To implement our own low-level crypto + # in PHP would result in much worse performance and + # consequently in lower iteration counts and hashes that are + # quicker to crack (by non-PHP code). + if (PHP_VERSION >= '5') { + $hash = md5($salt . $password, TRUE); + do { + $hash = md5($hash . $password, TRUE); + } while (--$count); + } else { + $hash = pack('H*', md5($salt . $password)); + do { + $hash = pack('H*', md5($hash . $password)); + } while (--$count); + } + + $output = substr($setting, 0, 12); + $output .= $this->encode64($hash, 16); + + return $output; + } + + function gensalt_extended($input) + { + $count_log2 = min($this->iteration_count_log2 + 8, 24); + # This should be odd to not reveal weak DES keys, and the + # maximum valid value is (2**24 - 1) which is odd anyway. + $count = (1 << $count_log2) - 1; + + $output = '_'; + $output .= $this->itoa64[$count & 0x3f]; + $output .= $this->itoa64[($count >> 6) & 0x3f]; + $output .= $this->itoa64[($count >> 12) & 0x3f]; + $output .= $this->itoa64[($count >> 18) & 0x3f]; + + $output .= $this->encode64($input, 3); + + return $output; + } + + function gensalt_blowfish($input) + { + # This one needs to use a different order of characters and a + # different encoding scheme from the one in encode64() above. + # We care because the last character in our encoded string will + # only represent 2 bits. While two known implementations of + # bcrypt will happily accept and correct a salt string which + # has the 4 unused bits set to non-zero, we do not want to take + # chances and we also do not want to waste an additional byte + # of entropy. + $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; + + $output = '$2a$'; + $output .= chr(ord('0') + $this->iteration_count_log2 / 10); + $output .= chr(ord('0') + $this->iteration_count_log2 % 10); + $output .= '$'; + + $i = 0; + do { + $c1 = ord($input[$i++]); + $output .= $itoa64[$c1 >> 2]; + $c1 = ($c1 & 0x03) << 4; + if ($i >= 16) { + $output .= $itoa64[$c1]; + break; + } + + $c2 = ord($input[$i++]); + $c1 |= $c2 >> 4; + $output .= $itoa64[$c1]; + $c1 = ($c2 & 0x0f) << 2; + + $c2 = ord($input[$i++]); + $c1 |= $c2 >> 6; + $output .= $itoa64[$c1]; + $output .= $itoa64[$c2 & 0x3f]; + } while (1); + + return $output; + } + + function HashPassword($password) + { + $random = ''; + + if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { + $random = $this->get_random_bytes(16); + $hash = + crypt($password, $this->gensalt_blowfish($random)); + if (strlen($hash) == 60) + return $hash; + } + + if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { + if (strlen($random) < 3) + $random = $this->get_random_bytes(3); + $hash = + crypt($password, $this->gensalt_extended($random)); + if (strlen($hash) == 20) + return $hash; + } + + if (strlen($random) < 6) + $random = $this->get_random_bytes(6); + $hash = + $this->crypt_private($password, + $this->gensalt_private($random)); + if (strlen($hash) == 34) + return $hash; + + # Returning '*' on error is safe here, but would _not_ be safe + # in a crypt(3)-like function used _both_ for generating new + # hashes and for validating passwords against existing hashes. + return '*'; + } + + function CheckPassword($password, $stored_hash) + { + $hash = $this->crypt_private($password, $stored_hash); + if ($hash[0] == '*') + $hash = crypt($password, $stored_hash); + + return $hash == $stored_hash; + } +} + +?> diff --git a/3rdparty/phpass/c/Makefile b/3rdparty/phpass/c/Makefile new file mode 100644 index 00000000000..fe48917f7f5 --- /dev/null +++ b/3rdparty/phpass/c/Makefile @@ -0,0 +1,21 @@ +# +# Written by Solar Designer and placed in the public domain. +# See crypt_private.c for more information. +# +CC = gcc +LD = $(CC) +RM = rm -f +CFLAGS = -Wall -O2 -fomit-frame-pointer -funroll-loops +LDFLAGS = -s +LIBS = -lcrypto + +all: crypt_private-test + +crypt_private-test: crypt_private-test.o + $(LD) $(LDFLAGS) $(LIBS) crypt_private-test.o -o $@ + +crypt_private-test.o: crypt_private.c + $(CC) -c $(CFLAGS) crypt_private.c -DTEST -o $@ + +clean: + $(RM) crypt_private-test* diff --git a/3rdparty/phpass/c/crypt_private.c b/3rdparty/phpass/c/crypt_private.c new file mode 100644 index 00000000000..6abc05bc1de --- /dev/null +++ b/3rdparty/phpass/c/crypt_private.c @@ -0,0 +1,106 @@ +/* + * This code exists for the sole purpose to serve as another implementation + * of the "private" password hashing method implemened in PasswordHash.php + * and thus to confirm that these password hashes are indeed calculated as + * intended. + * + * Other uses of this code are discouraged. There are much better password + * hashing algorithms available to C programmers; one of those is bcrypt: + * + * http://www.openwall.com/crypt/ + * + * Written by Solar Designer in 2005 and placed in + * the public domain. + * + * There's absolutely no warranty. + */ + +#include +#include + +#ifdef TEST +#include +#endif + +static char *itoa64 = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +static void encode64(char *dst, char *src, int count) +{ + int i, value; + + i = 0; + do { + value = (unsigned char)src[i++]; + *dst++ = itoa64[value & 0x3f]; + if (i < count) + value |= (unsigned char)src[i] << 8; + *dst++ = itoa64[(value >> 6) & 0x3f]; + if (i++ >= count) + break; + if (i < count) + value |= (unsigned char)src[i] << 16; + *dst++ = itoa64[(value >> 12) & 0x3f]; + if (i++ >= count) + break; + *dst++ = itoa64[(value >> 18) & 0x3f]; + } while (i < count); +} + +char *crypt_private(char *password, char *setting) +{ + static char output[35]; + MD5_CTX ctx; + char hash[MD5_DIGEST_LENGTH]; + char *p, *salt; + int count_log2, length, count; + + strcpy(output, "*0"); + if (!strncmp(setting, output, 2)) + output[1] = '1'; + + if (strncmp(setting, "$P$", 3)) + return output; + + p = strchr(itoa64, setting[3]); + if (!p) + return output; + count_log2 = p - itoa64; + if (count_log2 < 7 || count_log2 > 30) + return output; + + salt = setting + 4; + if (strlen(salt) < 8) + return output; + + length = strlen(password); + + MD5_Init(&ctx); + MD5_Update(&ctx, salt, 8); + MD5_Update(&ctx, password, length); + MD5_Final(hash, &ctx); + + count = 1 << count_log2; + do { + MD5_Init(&ctx); + MD5_Update(&ctx, hash, MD5_DIGEST_LENGTH); + MD5_Update(&ctx, password, length); + MD5_Final(hash, &ctx); + } while (--count); + + memcpy(output, setting, 12); + encode64(&output[12], hash, MD5_DIGEST_LENGTH); + + return output; +} + +#ifdef TEST +int main(int argc, char **argv) +{ + if (argc != 3) return 1; + + puts(crypt_private(argv[1], argv[2])); + + return 0; +} +#endif diff --git a/3rdparty/phpass/test.php b/3rdparty/phpass/test.php new file mode 100644 index 00000000000..2f4a41c8c31 --- /dev/null +++ b/3rdparty/phpass/test.php @@ -0,0 +1,72 @@ +HashPassword($correct); + +print 'Hash: ' . $hash . "\n"; + +$check = $t_hasher->CheckPassword($correct, $hash); +if ($check) $ok++; +print "Check correct: '" . $check . "' (should be '1')\n"; + +$wrong = 'test12346'; +$check = $t_hasher->CheckPassword($wrong, $hash); +if (!$check) $ok++; +print "Check wrong: '" . $check . "' (should be '0' or '')\n"; + +unset($t_hasher); + +# Force the use of weaker portable hashes. +$t_hasher = new PasswordHash(8, TRUE); + +$hash = $t_hasher->HashPassword($correct); + +print 'Hash: ' . $hash . "\n"; + +$check = $t_hasher->CheckPassword($correct, $hash); +if ($check) $ok++; +print "Check correct: '" . $check . "' (should be '1')\n"; + +$check = $t_hasher->CheckPassword($wrong, $hash); +if (!$check) $ok++; +print "Check wrong: '" . $check . "' (should be '0' or '')\n"; + +# A correct portable hash for 'test12345'. +# Please note the use of single quotes to ensure that the dollar signs will +# be interpreted literally. Of course, a real application making use of the +# framework won't store password hashes within a PHP source file anyway. +# We only do this for testing. +$hash = '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0'; + +print 'Hash: ' . $hash . "\n"; + +$check = $t_hasher->CheckPassword($correct, $hash); +if ($check) $ok++; +print "Check correct: '" . $check . "' (should be '1')\n"; + +$check = $t_hasher->CheckPassword($wrong, $hash); +if (!$check) $ok++; +print "Check wrong: '" . $check . "' (should be '0' or '')\n"; + +if ($ok == 6) + print "All tests have PASSED\n"; +else + print "Some tests have FAILED\n"; + +?> diff --git a/lib/user/database.php b/lib/user/database.php index 452709c1fb9..3eade276dd9 100644 --- a/lib/user/database.php +++ b/lib/user/database.php @@ -33,12 +33,28 @@ * */ +require_once 'phpass/PasswordHash.php'; + /** * Class for user management in a SQL Database (e.g. MySQL, SQLite) */ class OC_User_Database extends OC_User_Backend { static private $userGroupCache=array(); + /** + * @var PasswordHash + */ + static private $hasher=null; + + private function getHasher(){ + if(!self::$hasher){ + //we don't want to use DES based crypt(), since it doesn't return a has with a recognisable prefix + $forcePortable=(CRYPT_BLOWFISH!=1); + self::$hasher=new PasswordHash(8,$forcePortable); + } + return self::$hasher; + } + /** * @brief Create a new user * @param $uid The username of the user to create @@ -51,10 +67,11 @@ class OC_User_Database extends OC_User_Backend { public function createUser( $uid, $password ){ if( $this->userExists($uid) ){ return false; - } - else{ + }else{ + $hasher=$this->getHasher(); + $hash = $hasher->HashPassword($password); $query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" ); - $result = $query->execute( array( $uid, sha1( $password ))); + $result = $query->execute( array( $uid, $hash)); return $result ? true : false; } @@ -84,8 +101,10 @@ class OC_User_Database extends OC_User_Backend { */ public function setPassword( $uid, $password ){ if( $this->userExists($uid) ){ + $hasher=$this->getHasher(); + $hash = $hasher->HashPassword($password); $query = OC_DB::prepare( "UPDATE *PREFIX*users SET password = ? WHERE uid = ?" ); - $result = $query->execute( array( sha1( $password ), $uid )); + $result = $query->execute( array( $hash, $uid )); return true; } @@ -103,12 +122,28 @@ class OC_User_Database extends OC_User_Backend { * Check if the password is correct without logging in the user */ public function checkPassword( $uid, $password ){ - $query = OC_DB::prepare( "SELECT uid FROM *PREFIX*users WHERE uid LIKE ? AND password = ?" ); - $result = $query->execute( array( $uid, sha1( $password ))); + $query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid LIKE ?" ); + $result = $query->execute( array( $uid)); $row=$result->fetchRow(); if($row){ - return $row['uid']; + $storedHash=$row['password']; + if (substr($storedHash,0,1)=='$'){//the new phpass based hashing + $hasher=$this->getHasher(); + if($hasher->CheckPassword($password, $storedHash)){ + return $row['uid']; + }else{ + return false; + } + }else{//old sha1 based hashing + if(sha1($password)==$storedHash){ + //upgrade to new hashing + $this->setPassword($row['uid'],$password); + return $row['uid']; + }else{ + return false; + } + } }else{ return false; } From 3d0d47957e65a72e17d33a924c9c4efcd5088ed2 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 26 Feb 2012 14:03:53 +0100 Subject: [PATCH 22/22] improved humanFileSize for js --- core/js/js.js | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/core/js/js.js b/core/js/js.js index 4b5062eb1a6..0f8122b3d1e 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -450,22 +450,18 @@ $.fn.filterAttr = function(attr_name, attr_value) { return this.filter(function() { return $(this).attr(attr_name) === attr_value; }); }; -function humanFileSize(bytes){ - if( bytes < 1024 ){ - return bytes+' B'; +function humanFileSize(size) { + humanList = ['B', 'kB', 'MB', 'GB', 'TB']; + // Calculate Log with base 1024: size = 1024 ** order + order = Math.floor(Math.log(size) / Math.log(1024)); + // Stay in range of the byte sizes that are defined + order = Math.min(humanList.length, order); + readableFormat = humanList[order]; + relativeSize = (size / Math.pow(1024, order)).toFixed(1); + if(relativeSize.substr(relativeSize.length-2,2)=='.0'){ + relativeSize=relativeSize.substr(0,relativeSize.length-2); } - bytes = Math.round(bytes / 1024, 1 ); - if( bytes < 1024 ){ - return bytes+' kB'; - } - bytes = Math.round( bytes / 1024, 1 ); - if( bytes < 1024 ){ - return bytes+' MB'; - } - - // Wow, heavy duty for owncloud - bytes = Math.round( bytes / 1024, 1 ); - return bytes+' GB'; + return relativeSize + ' ' + readableFormat; } function simpleFileSize(bytes) {