4.5.6

Remove eol ^M chars.

.gitignore

@@ -54,3 +54,9 @@ nbproject
 # WebFinger
 .well-known
 /.buildpath
+
+#tests - autogenerated filed
+data-autotest
+/tests/coverage*
+/tests/autoconfig*
+/tests/autotest*

.htaccess

@@ -19,4 +19,8 @@ RewriteRule ^apps/contacts/carddav.php remote.php/carddav/ [QSA,L]
 RewriteRule ^apps/([^/]*)/(.*\.(css|php))$ index.php?app=$1&getfile=$2 [QSA,L]
 RewriteRule ^remote/(.*) remote.php [QSA,L]
 </IfModule>
+<IfModule mod_mime.c>
+AddType image/svg+xml svg svgz
+AddEncoding gzip svgz
+</IfModule>
 Options -Indexes

3rdparty/MDB2/Driver/Manager/pgsql.php

@@ -363,6 +363,7 @@ class MDB2_Driver_Manager_pgsql extends MDB2_Driver_Manager_Common
             return MDB2_OK;
         }
 
+        $unquoted_name = $name;
         $name = $db->quoteIdentifier($name, true);
 
         if (!empty($changes['remove']) && is_array($changes['remove'])) {
@@ -398,6 +399,7 @@ class MDB2_Driver_Manager_pgsql extends MDB2_Driver_Manager_Common
 
         if (!empty($changes['change']) && is_array($changes['change'])) {
             foreach ($changes['change'] as $field_name => $field) {
+                $unquoted_field_name = $field_name;
                 $field_name = $db->quoteIdentifier($field_name, true);
                 if (!empty($field['definition']['type'])) {
                     $server_info = $db->getServerVersion();
@@ -419,7 +421,14 @@ class MDB2_Driver_Manager_pgsql extends MDB2_Driver_Manager_Common
                         return $result;
                     }
                 }
-                if (array_key_exists('default', $field['definition'])) {
+                if (array_key_exists('autoincrement', $field['definition'])) {
+                    $query = "ALTER $field_name SET DEFAULT nextval(".$db->quote($unquoted_name.'_'.$unquoted_field_name.'_seq', 'text').")";
+                    $result = $db->exec("ALTER TABLE $name $query");
+                    if (PEAR::isError($result)) {
+                        return $result;
+                    }
+                }
+                elseif (array_key_exists('default', $field['definition'])) {
                     $query = "ALTER $field_name SET DEFAULT ".$db->quote($field['definition']['default'], $field['definition']['type']);
                     $result = $db->exec("ALTER TABLE $name $query");
                     if (PEAR::isError($result)) {

3rdparty/Sabre/CardDAV/Plugin.php

@@ -153,10 +153,6 @@ class Sabre_CardDAV_Plugin extends Sabre_DAV_ServerPlugin {
                 if (is_resource($val))
                     $val = stream_get_contents($val);
 
-                // Taking out \r to not screw up the xml output
-                //$returnedProperties[200][$addressDataProp] = str_replace("\r","", $val);
-                // The stripping of \r breaks the Mail App in OSX Mountain Lion
-                // this is fixed in master, but not backported. /Tanghus
                 $returnedProperties[200][$addressDataProp] = $val;
 
             }

3rdparty/Sabre/CardDAV/Version.php

@@ -16,7 +16,7 @@ class Sabre_CardDAV_Version {
     /**
      * Full version number
      */
-    const VERSION = '1.6.3';
+    const VERSION = '1.6.5';
 
     /**
      * Stability : alpha, beta, stable

3rdparty/Sabre/DAV/Browser/Plugin.php

@@ -338,7 +338,7 @@ class Sabre_DAV_Browser_Plugin extends Sabre_DAV_ServerPlugin {
             $icon = '';
 
             if ($this->enableAssets) {
-                $node = $parent->getChild($name);
+                $node = $this->server->tree->getNodeForPath(($path?$path.'/':'') . $name);
                 foreach(array_reverse($this->iconMap) as $class=>$iconName) {
 
                     if ($node instanceof $class) {

3rdparty/Sabre/DAV/Client.php

@@ -22,6 +22,7 @@ class Sabre_DAV_Client {
     protected $userName;
     protected $password;
     protected $proxy;
+    protected $trustedCertificates;
 
     /**
      * Basic authentication
@@ -87,6 +88,18 @@ class Sabre_DAV_Client {
 
     }
 
+    /**
+     * Add trusted root certificates to the webdav client.
+     *
+     * The parameter certificates should be a absulute path to a file
+     * which contains all trusted certificates
+     *
+     * @param string $certificates
+     */
+    public function addTrustedCertificates($certificates) {
+        $this->trustedCertificates = $certificates;
+    }
+
     /**
      * Does a PROPFIND request
      *
@@ -143,13 +156,13 @@ class Sabre_DAV_Client {
         if ($depth===0) {
             reset($result);
             $result = current($result);
-            return $result[200];
+            return isset($result[200])?$result[200]:array();
         }
 
         $newResult = array();
         foreach($result as $href => $statusList) {
 
-            $newResult[$href] = $statusList[200];
+            $newResult[$href] = isset($statusList[200])?$statusList[200]:array();
 
         }
 
@@ -279,6 +292,10 @@ class Sabre_DAV_Client {
             CURLOPT_MAXREDIRS => 5,
         );
 
+        if($this->trustedCertificates) {
+            $curlSettings[CURLOPT_CAINFO] = $this->trustedCertificates;
+        }
+
         switch ($method) {
             case 'HEAD' :
 

3rdparty/Sabre/DAV/Server.php

@@ -214,17 +214,23 @@ class Sabre_DAV_Server {
             $error->setAttribute('xmlns:s',self::NS_SABREDAV);
             $DOM->appendChild($error);
 
-            $error->appendChild($DOM->createElement('s:exception',get_class($e)));
-            $error->appendChild($DOM->createElement('s:message',$e->getMessage()));
+            $h = function($v) {
+
+                return htmlspecialchars($v, ENT_NOQUOTES, 'UTF-8');
+
+            };
+
+            $error->appendChild($DOM->createElement('s:exception',$h(get_class($e))));
+            $error->appendChild($DOM->createElement('s:message',$h($e->getMessage())));
             if ($this->debugExceptions) {
-                $error->appendChild($DOM->createElement('s:file',$e->getFile()));
-                $error->appendChild($DOM->createElement('s:line',$e->getLine()));
-                $error->appendChild($DOM->createElement('s:code',$e->getCode()));
-                $error->appendChild($DOM->createElement('s:stacktrace',$e->getTraceAsString()));
+                $error->appendChild($DOM->createElement('s:file',$h($e->getFile())));
+                $error->appendChild($DOM->createElement('s:line',$h($e->getLine())));
+                $error->appendChild($DOM->createElement('s:code',$h($e->getCode())));
+                $error->appendChild($DOM->createElement('s:stacktrace',$h($e->getTraceAsString())));
 
             }
             if (self::$exposeVersion) {
-                $error->appendChild($DOM->createElement('s:sabredav-version',Sabre_DAV_Version::VERSION));
+                $error->appendChild($DOM->createElement('s:sabredav-version',$h(Sabre_DAV_Version::VERSION)));
             }
 
             if($e instanceof Sabre_DAV_Exception) {

3rdparty/Sabre/DAV/Version.php

@@ -14,7 +14,7 @@ class Sabre_DAV_Version {
     /**
      * Full version number
      */
-    const VERSION = '1.6.4';
+    const VERSION = '1.6.6';
 
     /**
      * Stability : alpha, beta, stable

3rdparty/Sabre/VObject/Component/VAlarm.php

@@ -29,7 +29,14 @@ class Sabre_VObject_Component_VAlarm extends Sabre_VObject_Component {
 
             $parentComponent = $this->parent;
             if ($related === 'START') {
-                $effectiveTrigger = clone $parentComponent->DTSTART->getDateTime();
+
+                if ($parentComponent->name === 'VTODO') {
+                    $propName = 'DUE';
+                } else {
+                    $propName = 'DTSTART';
+                }
+
+                $effectiveTrigger = clone $parentComponent->$propName->getDateTime();
                 $effectiveTrigger->add($triggerDuration);
             } else {
                 if ($parentComponent->name === 'VTODO') {

3rdparty/Sabre/VObject/DateTimeParser.php

@@ -28,7 +28,7 @@ class Sabre_VObject_DateTimeParser {
     static public function parseDateTime($dt,DateTimeZone $tz = null) {
 
         // Format is YYYYMMDD + "T" + hhmmss
-        $result = preg_match('/^([1-3][0-9]{3})([0-1][0-9])([0-3][0-9])T([0-2][0-9])([0-5][0-9])([0-5][0-9])([Z]?)$/',$dt,$matches);
+        $result = preg_match('/^([1-4][0-9]{3})([0-1][0-9])([0-3][0-9])T([0-2][0-9])([0-5][0-9])([0-5][0-9])([Z]?)$/',$dt,$matches);
 
         if (!$result) {
             throw new Sabre_DAV_Exception_BadRequest('The supplied iCalendar datetime value is incorrect: ' . $dt);
@@ -54,7 +54,7 @@ class Sabre_VObject_DateTimeParser {
     static public function parseDate($date) {
 
         // Format is YYYYMMDD
-        $result = preg_match('/^([1-3][0-9]{3})([0-1][0-9])([0-3][0-9])$/',$date,$matches);
+        $result = preg_match('/^([1-4][0-9]{3})([0-1][0-9])([0-3][0-9])$/',$date,$matches);
 
         if (!$result) {
             throw new Sabre_DAV_Exception_BadRequest('The supplied iCalendar date value is incorrect: ' . $date);

3rdparty/Sabre/VObject/Version.php

@@ -14,7 +14,7 @@ class Sabre_VObject_Version {
     /**
      * Full version number
      */
-    const VERSION = '1.3.4';
+    const VERSION = '1.3.5';
 
     /**
      * Stability : alpha, beta, stable

3rdparty/fullcalendar/css/fullcalendar.css

@@ -1,11 +1,11 @@
 /*
- * FullCalendar v1.5.3 Stylesheet
+ * FullCalendar v1.5.4 Stylesheet
  *
  * Copyright (c) 2011 Adam Shaw
  * Dual licensed under the MIT and GPL licenses, located in
  * MIT-LICENSE.txt and GPL-LICENSE.txt respectively.
  *
- * Date: Mon Feb 6 22:40:40 2012 -0800
+ * Date: Tue Sep 4 23:38:33 2012 -0700
  *
  */
 

3rdparty/fullcalendar/css/fullcalendar.print.css

@@ -1,5 +1,5 @@
 /*
- * FullCalendar v1.5.3 Print Stylesheet
+ * FullCalendar v1.5.4 Print Stylesheet
  *
  * Include this stylesheet on your page to get a more printer-friendly calendar.
  * When including this stylesheet, use the media='print' attribute of the <link> tag.
@@ -9,7 +9,7 @@
  * Dual licensed under the MIT and GPL licenses, located in
  * MIT-LICENSE.txt and GPL-LICENSE.txt respectively.
  *
- * Date: Mon Feb 6 22:40:40 2012 -0800
+ * Date: Tue Sep 4 23:38:33 2012 -0700
  *
  */
  

3rdparty/fullcalendar/js/fullcalendar.js

@@ -1,6 +1,6 @@
 /**
  * @preserve
- * FullCalendar v1.5.3
+ * FullCalendar v1.5.4
  * http://arshaw.com/fullcalendar/
  *
  * Use fullcalendar.css for basic styling.
@@ -11,7 +11,7 @@
  * Dual licensed under the MIT and GPL licenses, located in
  * MIT-LICENSE.txt and GPL-LICENSE.txt respectively.
  *
- * Date: Mon Feb 6 22:40:40 2012 -0800
+ * Date: Tue Sep 4 23:38:33 2012 -0700
  *
  */
  
@@ -111,7 +111,7 @@ var rtlDefaults = {
 
 
 
-var fc = $.fullCalendar = { version: "1.5.3" };
+var fc = $.fullCalendar = { version: "1.5.4" };
 var fcViews = fc.views = {};
 
 
@@ -1658,7 +1658,7 @@ function sliceSegs(events, visEventEnds, start, end) {
 				msLength: segEnd - segStart
 			});
 		}
-	} 
+	}
 	return segs.sort(segCmp);
 }
 
@@ -1742,29 +1742,26 @@ function setOuterHeight(element, height, includeMargins) {
 }
 
 
-// TODO: curCSS has been deprecated (jQuery 1.4.3 - 10/16/2010)
-
-
 function hsides(element, includeMargins) {
 	return hpadding(element) + hborders(element) + (includeMargins ? hmargins(element) : 0);
 }
 
 
 function hpadding(element) {
-	return (parseFloat($.curCSS(element[0], 'paddingLeft', true)) || 0) +
-	       (parseFloat($.curCSS(element[0], 'paddingRight', true)) || 0);
+	return (parseFloat($.css(element[0], 'paddingLeft', true)) || 0) +
+	       (parseFloat($.css(element[0], 'paddingRight', true)) || 0);
 }
 
 
 function hmargins(element) {
-	return (parseFloat($.curCSS(element[0], 'marginLeft', true)) || 0) +
-	       (parseFloat($.curCSS(element[0], 'marginRight', true)) || 0);
+	return (parseFloat($.css(element[0], 'marginLeft', true)) || 0) +
+	       (parseFloat($.css(element[0], 'marginRight', true)) || 0);
 }
 
 
 function hborders(element) {
-	return (parseFloat($.curCSS(element[0], 'borderLeftWidth', true)) || 0) +
-	       (parseFloat($.curCSS(element[0], 'borderRightWidth', true)) || 0);
+	return (parseFloat($.css(element[0], 'borderLeftWidth', true)) || 0) +
+	       (parseFloat($.css(element[0], 'borderRightWidth', true)) || 0);
 }
 
 
@@ -1774,20 +1771,20 @@ function vsides(element, includeMargins) {
 
 
 function vpadding(element) {
-	return (parseFloat($.curCSS(element[0], 'paddingTop', true)) || 0) +
-	       (parseFloat($.curCSS(element[0], 'paddingBottom', true)) || 0);
+	return (parseFloat($.css(element[0], 'paddingTop', true)) || 0) +
+	       (parseFloat($.css(element[0], 'paddingBottom', true)) || 0);
 }
 
 
 function vmargins(element) {
-	return (parseFloat($.curCSS(element[0], 'marginTop', true)) || 0) +
-	       (parseFloat($.curCSS(element[0], 'marginBottom', true)) || 0);
+	return (parseFloat($.css(element[0], 'marginTop', true)) || 0) +
+	       (parseFloat($.css(element[0], 'marginBottom', true)) || 0);
 }
 
 
 function vborders(element) {
-	return (parseFloat($.curCSS(element[0], 'borderTopWidth', true)) || 0) +
-	       (parseFloat($.curCSS(element[0], 'borderBottomWidth', true)) || 0);
+	return (parseFloat($.css(element[0], 'borderTopWidth', true)) || 0) +
+	       (parseFloat($.css(element[0], 'borderBottomWidth', true)) || 0);
 }
 
 
@@ -1956,7 +1953,6 @@ function firstDefined() {
 }
 
 
-
 fcViews.month = MonthView;
 
 function MonthView(element, calendar) {
@@ -4662,7 +4658,7 @@ function DayEventRenderer() {
 					"</span>";
 			}
 			html +=
-				"<span class='fc-event-title'>" + event.title + "</span>" +
+				"<span class='fc-event-title'>" + htmlEscape(event.title) + "</span>" +
 				"</div>";
 			if (seg.isEnd && isEventResizable(event)) {
 				html +=

3rdparty/fullcalendar/js/fullcalendar.min.js

@@ -1,6 +1,6 @@
 /*
 
- FullCalendar v1.5.3
+ FullCalendar v1.5.4
  http://arshaw.com/fullcalendar/
 
  Use fullcalendar.css for basic styling.
@@ -11,7 +11,7 @@
  Dual licensed under the MIT and GPL licenses, located in
  MIT-LICENSE.txt and GPL-LICENSE.txt respectively.
 
- Date: Mon Feb 6 22:40:40 2012 -0800
+ Date: Tue Sep 4 23:38:33 2012 -0700
 
 */
 (function(m,ma){function wb(a){m.extend(true,Ya,a)}function Yb(a,b,e){function d(k){if(E){u();q();na();S(k)}else f()}function f(){B=b.theme?"ui":"fc";a.addClass("fc");b.isRTL&&a.addClass("fc-rtl");b.theme&&a.addClass("ui-widget");E=m("<div class='fc-content' style='position:relative'/>").prependTo(a);C=new Zb(X,b);(P=C.render())&&a.prepend(P);y(b.defaultView);m(window).resize(oa);t()||g()}function g(){setTimeout(function(){!n.start&&t()&&S()},0)}function l(){m(window).unbind("resize",oa);C.destroy();
@@ -39,10 +39,10 @@ a[12])*1E3);lb(e,b)}else{e.setUTCFullYear(a[1],a[3]?a[3]-1:0,a[5]||1);e.setUTCHo
 10):0)}}function Oa(a,b,e){return ib(a,null,b,e)}function ib(a,b,e,d){d=d||Ya;var f=a,g=b,l,j=e.length,t,y,S,Q="";for(l=0;l<j;l++){t=e.charAt(l);if(t=="'")for(y=l+1;y<j;y++){if(e.charAt(y)=="'"){if(f){Q+=y==l+1?"'":e.substring(l+1,y);l=y}break}}else if(t=="(")for(y=l+1;y<j;y++){if(e.charAt(y)==")"){l=Oa(f,e.substring(l+1,y),d);if(parseInt(l.replace(/\D/,""),10))Q+=l;l=y;break}}else if(t=="[")for(y=l+1;y<j;y++){if(e.charAt(y)=="]"){t=e.substring(l+1,y);l=Oa(f,t,d);if(l!=Oa(g,t,d))Q+=l;l=y;break}}else if(t==
 "{"){f=b;g=a}else if(t=="}"){f=a;g=b}else{for(y=j;y>l;y--)if(S=dc[e.substring(l,y)]){if(f)Q+=S(f,d);l=y-1;break}if(y==l)if(f)Q+=t}}return Q}function Ua(a){return a.end?ec(a.end,a.allDay):ba(N(a.start),1)}function ec(a,b){a=N(a);return b||a.getHours()||a.getMinutes()?ba(a,1):Ka(a)}function fc(a,b){return(b.msLength-a.msLength)*100+(a.event.start-b.event.start)}function Cb(a,b){return a.end>b.start&&a.start<b.end}function nb(a,b,e,d){var f=[],g,l=a.length,j,t,y,S,Q;for(g=0;g<l;g++){j=a[g];t=j.start;
 y=b[g];if(y>e&&t<d){if(t<e){t=N(e);S=false}else{t=t;S=true}if(y>d){y=N(d);Q=false}else{y=y;Q=true}f.push({event:j,start:t,end:y,isStart:S,isEnd:Q,msLength:y-t})}}return f.sort(fc)}function ob(a){var b=[],e,d=a.length,f,g,l,j;for(e=0;e<d;e++){f=a[e];for(g=0;;){l=false;if(b[g])for(j=0;j<b[g].length;j++)if(Cb(b[g][j],f)){l=true;break}if(l)g++;else break}if(b[g])b[g].push(f);else b[g]=[f]}return b}function Db(a,b,e){a.unbind("mouseover").mouseover(function(d){for(var f=d.target,g;f!=this;){g=f;f=f.parentNode}if((f=
-g._fci)!==ma){g._fci=ma;g=b[f];e(g.event,g.element,g);m(d.target).trigger(d)}d.stopPropagation()})}function Va(a,b,e){for(var d=0,f;d<a.length;d++){f=m(a[d]);f.width(Math.max(0,b-pb(f,e)))}}function Eb(a,b,e){for(var d=0,f;d<a.length;d++){f=m(a[d]);f.height(Math.max(0,b-Sa(f,e)))}}function pb(a,b){return gc(a)+hc(a)+(b?ic(a):0)}function gc(a){return(parseFloat(m.curCSS(a[0],"paddingLeft",true))||0)+(parseFloat(m.curCSS(a[0],"paddingRight",true))||0)}function ic(a){return(parseFloat(m.curCSS(a[0],
-"marginLeft",true))||0)+(parseFloat(m.curCSS(a[0],"marginRight",true))||0)}function hc(a){return(parseFloat(m.curCSS(a[0],"borderLeftWidth",true))||0)+(parseFloat(m.curCSS(a[0],"borderRightWidth",true))||0)}function Sa(a,b){return jc(a)+kc(a)+(b?Fb(a):0)}function jc(a){return(parseFloat(m.curCSS(a[0],"paddingTop",true))||0)+(parseFloat(m.curCSS(a[0],"paddingBottom",true))||0)}function Fb(a){return(parseFloat(m.curCSS(a[0],"marginTop",true))||0)+(parseFloat(m.curCSS(a[0],"marginBottom",true))||0)}
-function kc(a){return(parseFloat(m.curCSS(a[0],"borderTopWidth",true))||0)+(parseFloat(m.curCSS(a[0],"borderBottomWidth",true))||0)}function Za(a,b){b=typeof b=="number"?b+"px":b;a.each(function(e,d){d.style.cssText+=";min-height:"+b+";_height:"+b})}function xb(){}function Gb(a,b){return a-b}function Hb(a){return Math.max.apply(Math,a)}function Pa(a){return(a<10?"0":"")+a}function jb(a,b){if(a[b]!==ma)return a[b];b=b.split(/(?=[A-Z])/);for(var e=b.length-1,d;e>=0;e--){d=a[b[e].toLowerCase()];if(d!==
-ma)return d}return a[""]}function Qa(a){return a.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/'/g,"&#039;").replace(/"/g,"&quot;").replace(/\n/g,"<br />")}function Ib(a){return a.id+"/"+a.className+"/"+a.style.cssText.replace(/(^|;)\s*(top|left|width|height)\s*:[^;]*/ig,"")}function qb(a){a.attr("unselectable","on").css("MozUserSelect","none").bind("selectstart.ui",function(){return false})}function ab(a){a.children().removeClass("fc-first fc-last").filter(":first-child").addClass("fc-first").end().filter(":last-child").addClass("fc-last")}
+g._fci)!==ma){g._fci=ma;g=b[f];e(g.event,g.element,g);m(d.target).trigger(d)}d.stopPropagation()})}function Va(a,b,e){for(var d=0,f;d<a.length;d++){f=m(a[d]);f.width(Math.max(0,b-pb(f,e)))}}function Eb(a,b,e){for(var d=0,f;d<a.length;d++){f=m(a[d]);f.height(Math.max(0,b-Sa(f,e)))}}function pb(a,b){return gc(a)+hc(a)+(b?ic(a):0)}function gc(a){return(parseFloat(m.css(a[0],"paddingLeft",true))||0)+(parseFloat(m.css(a[0],"paddingRight",true))||0)}function ic(a){return(parseFloat(m.css(a[0],"marginLeft",
+true))||0)+(parseFloat(m.css(a[0],"marginRight",true))||0)}function hc(a){return(parseFloat(m.css(a[0],"borderLeftWidth",true))||0)+(parseFloat(m.css(a[0],"borderRightWidth",true))||0)}function Sa(a,b){return jc(a)+kc(a)+(b?Fb(a):0)}function jc(a){return(parseFloat(m.css(a[0],"paddingTop",true))||0)+(parseFloat(m.css(a[0],"paddingBottom",true))||0)}function Fb(a){return(parseFloat(m.css(a[0],"marginTop",true))||0)+(parseFloat(m.css(a[0],"marginBottom",true))||0)}function kc(a){return(parseFloat(m.css(a[0],
+"borderTopWidth",true))||0)+(parseFloat(m.css(a[0],"borderBottomWidth",true))||0)}function Za(a,b){b=typeof b=="number"?b+"px":b;a.each(function(e,d){d.style.cssText+=";min-height:"+b+";_height:"+b})}function xb(){}function Gb(a,b){return a-b}function Hb(a){return Math.max.apply(Math,a)}function Pa(a){return(a<10?"0":"")+a}function jb(a,b){if(a[b]!==ma)return a[b];b=b.split(/(?=[A-Z])/);for(var e=b.length-1,d;e>=0;e--){d=a[b[e].toLowerCase()];if(d!==ma)return d}return a[""]}function Qa(a){return a.replace(/&/g,
+"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/'/g,"&#039;").replace(/"/g,"&quot;").replace(/\n/g,"<br />")}function Ib(a){return a.id+"/"+a.className+"/"+a.style.cssText.replace(/(^|;)\s*(top|left|width|height)\s*:[^;]*/ig,"")}function qb(a){a.attr("unselectable","on").css("MozUserSelect","none").bind("selectstart.ui",function(){return false})}function ab(a){a.children().removeClass("fc-first fc-last").filter(":first-child").addClass("fc-first").end().filter(":last-child").addClass("fc-last")}
 function rb(a,b){a.each(function(e,d){d.className=d.className.replace(/^fc-\w*/,"fc-"+lc[b.getDay()])})}function Jb(a,b){var e=a.source||{},d=a.color,f=e.color,g=b("eventColor"),l=a.backgroundColor||d||e.backgroundColor||f||b("eventBackgroundColor")||g;d=a.borderColor||d||e.borderColor||f||b("eventBorderColor")||g;a=a.textColor||e.textColor||b("eventTextColor");b=[];l&&b.push("background-color:"+l);d&&b.push("border-color:"+d);a&&b.push("color:"+a);return b.join(";")}function $a(a,b,e){if(m.isFunction(a))a=
 [a];if(a){var d,f;for(d=0;d<a.length;d++)f=a[d].apply(b,e)||f;return f}}function Ta(){for(var a=0;a<arguments.length;a++)if(arguments[a]!==ma)return arguments[a]}function mc(a,b){function e(j,t){if(t){hb(j,t);j.setDate(1)}j=N(j,true);j.setDate(1);t=hb(N(j),1);var y=N(j),S=N(t),Q=f("firstDay"),q=f("weekends")?0:1;if(q){Fa(y);Fa(S,-1,true)}ba(y,-((y.getDay()-Math.max(Q,q)+7)%7));ba(S,(7-S.getDay()+Math.max(Q,q))%7);Q=Math.round((S-y)/(Ab*7));if(f("weekMode")=="fixed"){ba(S,(6-Q)*7);Q=6}d.title=l(j,
 f("titleFormat"));d.start=j;d.end=t;d.visStart=y;d.visEnd=S;g(6,Q,q?5:7,true)}var d=this;d.render=e;sb.call(d,a,b,"month");var f=d.opt,g=d.renderBasic,l=b.formatDate}function nc(a,b){function e(j,t){t&&ba(j,t*7);j=ba(N(j),-((j.getDay()-f("firstDay")+7)%7));t=ba(N(j),7);var y=N(j),S=N(t),Q=f("weekends");if(!Q){Fa(y);Fa(S,-1,true)}d.title=l(y,ba(N(S),-1),f("titleFormat"));d.start=j;d.end=t;d.visStart=y;d.visEnd=S;g(1,1,Q?7:5,false)}var d=this;d.render=e;sb.call(d,a,b,"basicWeek");var f=d.opt,g=d.renderBasic,
@@ -106,7 +106,7 @@ t,y=-1,S=-1;for(t=0;t<l;t++)if(g>=e[t][0]&&g<e[t][1]){y=t;break}for(t=0;t<j;t++)
 g=l=null;a.build();b(t);d=y||"mousemove";m(document).bind(d,b)};e.stop=function(){m(document).unbind(d,b);return l}}function xc(a){if(a.pageX===ma){a.pageX=a.originalEvent.pageX;a.pageY=a.originalEvent.pageY}}function Pb(a){function b(l){return d[l]=d[l]||a(l)}var e=this,d={},f={},g={};e.left=function(l){return f[l]=f[l]===ma?b(l).position().left:f[l]};e.right=function(l){return g[l]=g[l]===ma?e.left(l)+b(l).width():g[l]};e.clear=function(){d={};f={};g={}}}var Ya={defaultView:"month",aspectRatio:1.35,
 header:{left:"title",center:"",right:"today prev,next"},weekends:true,allDayDefault:true,ignoreTimezone:true,lazyFetching:true,startParam:"start",endParam:"end",titleFormat:{month:"MMMM yyyy",week:"MMM d[ yyyy]{ '&#8212;'[ MMM] d yyyy}",day:"dddd, MMM d, yyyy"},columnFormat:{month:"ddd",week:"ddd M/d",day:"dddd M/d"},timeFormat:{"":"h(:mm)t"},isRTL:false,firstDay:0,monthNames:["January","February","March","April","May","June","July","August","September","October","November","December"],monthNamesShort:["Jan",
 "Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],dayNames:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],dayNamesShort:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],buttonText:{prev:"&nbsp;&#9668;&nbsp;",next:"&nbsp;&#9658;&nbsp;",prevYear:"&nbsp;&lt;&lt;&nbsp;",nextYear:"&nbsp;&gt;&gt;&nbsp;",today:"today",month:"month",week:"week",day:"day"},theme:false,buttonIcons:{prev:"circle-triangle-w",next:"circle-triangle-e"},unselectAuto:true,dropAccept:"*"},yc=
-{header:{left:"next,prev today",center:"",right:"title"},buttonText:{prev:"&nbsp;&#9658;&nbsp;",next:"&nbsp;&#9668;&nbsp;",prevYear:"&nbsp;&gt;&gt;&nbsp;",nextYear:"&nbsp;&lt;&lt;&nbsp;"},buttonIcons:{prev:"circle-triangle-e",next:"circle-triangle-w"}},Aa=m.fullCalendar={version:"1.5.3"},Ja=Aa.views={};m.fn.fullCalendar=function(a){if(typeof a=="string"){var b=Array.prototype.slice.call(arguments,1),e;this.each(function(){var f=m.data(this,"fullCalendar");if(f&&m.isFunction(f[a])){f=f[a].apply(f,
+{header:{left:"next,prev today",center:"",right:"title"},buttonText:{prev:"&nbsp;&#9658;&nbsp;",next:"&nbsp;&#9668;&nbsp;",prevYear:"&nbsp;&gt;&gt;&nbsp;",nextYear:"&nbsp;&lt;&lt;&nbsp;"},buttonIcons:{prev:"circle-triangle-e",next:"circle-triangle-w"}},Aa=m.fullCalendar={version:"1.5.4"},Ja=Aa.views={};m.fn.fullCalendar=function(a){if(typeof a=="string"){var b=Array.prototype.slice.call(arguments,1),e;this.each(function(){var f=m.data(this,"fullCalendar");if(f&&m.isFunction(f[a])){f=f[a].apply(f,
 b);if(e===ma)e=f;a=="destroy"&&m.removeData(this,"fullCalendar")}});if(e!==ma)return e;return this}var d=a.eventSources||[];delete a.eventSources;if(a.events){d.push(a.events);delete a.events}a=m.extend(true,{},Ya,a.isRTL||a.isRTL===ma&&Ya.isRTL?yc:{},a);this.each(function(f,g){f=m(g);g=new Yb(f,a,d);f.data("fullCalendar",g);g.render()});return this};Aa.sourceNormalizers=[];Aa.sourceFetchers=[];var ac={dataType:"json",cache:false},bc=1;Aa.addDays=ba;Aa.cloneDate=N;Aa.parseDate=kb;Aa.parseISO8601=
 Bb;Aa.parseTime=mb;Aa.formatDate=Oa;Aa.formatDates=ib;var lc=["sun","mon","tue","wed","thu","fri","sat"],Ab=864E5,cc=36E5,wc=6E4,dc={s:function(a){return a.getSeconds()},ss:function(a){return Pa(a.getSeconds())},m:function(a){return a.getMinutes()},mm:function(a){return Pa(a.getMinutes())},h:function(a){return a.getHours()%12||12},hh:function(a){return Pa(a.getHours()%12||12)},H:function(a){return a.getHours()},HH:function(a){return Pa(a.getHours())},d:function(a){return a.getDate()},dd:function(a){return Pa(a.getDate())},
 ddd:function(a,b){return b.dayNamesShort[a.getDay()]},dddd:function(a,b){return b.dayNames[a.getDay()]},M:function(a){return a.getMonth()+1},MM:function(a){return Pa(a.getMonth()+1)},MMM:function(a,b){return b.monthNamesShort[a.getMonth()]},MMMM:function(a,b){return b.monthNames[a.getMonth()]},yy:function(a){return(a.getFullYear()+"").substring(2)},yyyy:function(a){return a.getFullYear()},t:function(a){return a.getHours()<12?"a":"p"},tt:function(a){return a.getHours()<12?"am":"pm"},T:function(a){return a.getHours()<

3rdparty/fullcalendar/js/gcal.js

@@ -1,11 +1,11 @@
 /*
- * FullCalendar v1.5.3 Google Calendar Plugin
+ * FullCalendar v1.5.4 Google Calendar Plugin
  *
  * Copyright (c) 2011 Adam Shaw
  * Dual licensed under the MIT and GPL licenses, located in
  * MIT-LICENSE.txt and GPL-LICENSE.txt respectively.
  *
- * Date: Mon Feb 6 22:40:40 2012 -0800
+ * Date: Tue Sep 4 23:38:33 2012 -0700
  *
  */
  

3rdparty/php-cloudfiles/cloudfiles.php

@@ -2000,7 +2000,7 @@ class CF_Object
 //         }
 
 		//use OC's mimetype detection for files
-		if(is_file($handle)){
+		if(@is_file($handle)){
 			$this->content_type=OC_Helper::getMimeType($handle);
 		}else{
 			$this->content_type=OC_Helper::getStringMimeType($handle);
@@ -2537,7 +2537,7 @@ class CF_Object
             }
             $md5 = hash_final($ctx, false);
             rewind($data);
-        } elseif ((string)is_file($data)) {
+        } elseif ((string)@is_file($data)) {
             $md5 = md5_file($data);
         } else {
             $md5 = md5($data);

3rdparty/smb4php/smb.php

@@ -112,6 +112,10 @@ class smb {
 		}
 		$port = ($purl['port'] <> 139 ? ' -p ' . escapeshellarg ($purl['port']) : '');
 		$options = '-O ' . escapeshellarg(SMB4PHP_SMBOPTIONS);
+
+		// this put env is necessary to read the output of smbclient correctly
+		$old_locale = getenv('LC_ALL');
+		putenv('LC_ALL=en_US.UTF-8');
 		$output = popen (SMB4PHP_SMBCLIENT." -N {$auth} {$options} {$port} {$options} {$params} 2>/dev/null", 'r');
 		$info = array ();
 		$info['info']= array ();
@@ -180,6 +184,14 @@ class smb {
 			}
 		}
 		pclose($output);
+
+		// restore previous locale
+		if ($old_locale===false) {
+			putenv('LC_ALL');
+		} else {
+			putenv('LC_ALL='.$old_locale);
+		}
+		
 		return $info;
 	}
 
@@ -229,6 +241,8 @@ class smb {
 	}
 
 	function addstatcache ($url, $info) {
+		$url = str_replace('//', '/', $url);
+		$url = rtrim($url, '/');
 		global $__smb_cache;
 		$is_file = (strpos ($info['attr'],'D') === FALSE);
 		$s = ($is_file) ? stat ('/etc/passwd') : stat ('/tmp');
@@ -238,11 +252,15 @@ class smb {
 	}
 
 	function getstatcache ($url) {
+		$url = str_replace('//', '/', $url);
+		$url = rtrim($url, '/');
 		global $__smb_cache;
 		return isset ($__smb_cache['stat'][$url]) ? $__smb_cache['stat'][$url] : FALSE;
 	}
 
 	function clearstatcache ($url='') {
+		$url = str_replace('//', '/', $url);
+		$url = rtrim($url, '/');
 		global $__smb_cache;
 		if ($url == '') $__smb_cache['stat'] = array (); else unset ($__smb_cache['stat'][$url]);
 	}
@@ -358,16 +376,22 @@ class smb_stream_wrapper extends smb {
 	# cache
 
 	function adddircache ($url, $content) {
+		$url = str_replace('//', '/', $url);
+		$url = rtrim($url, '/');
 		global $__smb_cache;
 		return $__smb_cache['dir'][$url] = $content;
 	}
 
 	function getdircache ($url) {
+		$url = str_replace('//', '/', $url);
+		$url = rtrim($url, '/');
 		global $__smb_cache;
 		return isset ($__smb_cache['dir'][$url]) ? $__smb_cache['dir'][$url] : FALSE;
 	}
 
 	function cleardircache ($url='') {
+		$url = str_replace('//', '/', $url);
+		$url = rtrim($url, '/');
 		global $__smb_cache;
 		if ($url == ''){
 			$__smb_cache['dir'] = array ();

apps/files/admin.php

@@ -32,7 +32,7 @@ $htaccessWorking=(getenv('htaccessWorking')=='true');
 $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
 $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
 $maxUploadFilesize = OCP\Util::humanFileSize(min($upload_max_filesize, $post_max_size));
-if($_POST) {
+if($_POST && OC_Util::isCallRegistered()) {
 	if(isset($_POST['maxUploadSize'])) {
 		if(($setMaxSize = OC_Files::setUploadLimit(OCP\Util::computerFileSize($_POST['maxUploadSize']))) !== false) {
 			$maxUploadFilesize = OCP\Util::humanFileSize($setMaxSize);
@@ -56,6 +56,8 @@ $htaccessWritable=is_writable(OC::$SERVERROOT.'/.htaccess');
 $tmpl = new OCP\Template( 'files', 'admin' );
 $tmpl->assign( 'uploadChangable', $htaccessWorking and $htaccessWritable );
 $tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
+// max possible makes only sense on a 32 bit system
+$tmpl->assign( 'displayMaxPossibleUploadSize', PHP_INT_SIZE===4);
 $tmpl->assign( 'maxPossibleUploadSize', OCP\Util::humanFileSize(PHP_INT_MAX));
 $tmpl->assign( 'allowZipDownload', $allowZipDownload);
 $tmpl->assign( 'maxZipInputSize', $maxZipInputSize);

apps/files/ajax/delete.php

@@ -10,7 +10,7 @@ OCP\JSON::callCheck();
 $dir = stripslashes($_POST["dir"]);
 $files = isset($_POST["file"]) ? stripslashes($_POST["file"]) : stripslashes($_POST["files"]);
 
-$files = explode(';', $files);
+$files = json_decode($files);
 $filesWithError = '';
 $success = true;
 //Now delete

apps/files/ajax/download.php

@@ -33,4 +33,9 @@ OCP\User::checkLoggedIn();
 $files = $_GET["files"];
 $dir = $_GET["dir"];
 
+if ($files == "Shared" and $dir == "/") {
+	$files = '';
+	$dir = "/Shared";
+}
+
 OC_Files::get($dir, $files, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);

apps/files/ajax/list.php

@@ -25,7 +25,7 @@ if($doBreadcrumb) {
 	}
 
 	$breadcrumbNav = new OCP\Template( "files", "part.breadcrumb", "" );
-	$breadcrumbNav->assign( "breadcrumb", $breadcrumb );
+	$breadcrumbNav->assign( "breadcrumb", $breadcrumb, false );
 
 	$data['breadcrumb'] = $breadcrumbNav->fetchPage();
 }

apps/files/ajax/move.php

@@ -9,11 +9,12 @@ OCP\JSON::callCheck();
 // Get data
 $dir = stripslashes($_GET["dir"]);
 $file = stripslashes($_GET["file"]);
-$target = stripslashes($_GET["target"]);
+$target = stripslashes(rawurldecode($_GET["target"]));
 
 
 if(OC_Files::move($dir, $file, $target, $file)) {
 	OCP\JSON::success(array("data" => array( "dir" => $dir, "files" => $file )));
 } else {
-	OCP\JSON::error(array("data" => array( "message" => "Could not move $file" )));
+	$l=OC_L10N::get('files');
+	OCP\JSON::error(array("data" => array( "message" => $l->t("Could not move %s", array($file)) )));
 }

apps/files/ajax/newfile.php

@@ -65,6 +65,7 @@ if($source) {
 	$target=$dir.'/'.$filename;
 	$result=OC_Filesystem::file_put_contents($target, $sourceStream);
 	if($result) {
+		$target = OC_Filesystem::normalizePath($target);
 		$meta = OC_FileCache::get($target);
 		$mime=$meta['mimetype'];
 		$id = OC_FileCache::getId($target);

apps/files/ajax/rename.php

@@ -12,9 +12,9 @@ $file = stripslashes($_GET["file"]);
 $newname = stripslashes($_GET["newname"]);
 
 // Delete
-if( OC_Files::move( $dir, $file, $dir, $newname )) {
+if( $newname !== '.' and OC_Files::move( $dir, $file, $dir, $newname )) {
 	OCP\JSON::success(array("data" => array( "dir" => $dir, "file" => $file, "newname" => $newname )));
-}
-else{
-	OCP\JSON::error(array("data" => array( "message" => "Unable to rename file" )));
+} else {
+	$l=OC_L10N::get('files');
+	OCP\JSON::error(array("data" => array( "message" => $l->t("Unable to rename file"))));
 }

apps/files/ajax/upload.php

@@ -8,24 +8,26 @@ OCP\JSON::setContentTypeHeader('text/plain');
 
 OCP\JSON::checkLoggedIn();
 OCP\JSON::callCheck();
+$l=OC_L10N::get('files');
 
 if (!isset($_FILES['files'])) {
-	OCP\JSON::error(array("data" => array( "message" => "No file was uploaded. Unknown error" )));
+	OCP\JSON::error(array('data' => array( 'message' => $l->t( 'No file was uploaded. Unknown error' ))));
 	exit();
 }
 foreach ($_FILES['files']['error'] as $error) {
 	if ($error != 0) {
-		$l=OC_L10N::get('files');
 		$errors = array(
-			UPLOAD_ERR_OK=>$l->t("There is no error, the file uploaded with success"),
-			UPLOAD_ERR_INI_SIZE=>$l->t("The uploaded file exceeds the upload_max_filesize directive in php.ini").ini_get('upload_max_filesize'),
-			UPLOAD_ERR_FORM_SIZE=>$l->t("The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"),
-			UPLOAD_ERR_PARTIAL=>$l->t("The uploaded file was only partially uploaded"),
-			UPLOAD_ERR_NO_FILE=>$l->t("No file was uploaded"),
-			UPLOAD_ERR_NO_TMP_DIR=>$l->t("Missing a temporary folder"),
+			UPLOAD_ERR_OK=>$l->t('There is no error, the file uploaded with success'),
+			UPLOAD_ERR_INI_SIZE=>$l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini: ')
+										.ini_get('upload_max_filesize'),
+			UPLOAD_ERR_FORM_SIZE=>$l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified'
+										.' in the HTML form'),
+			UPLOAD_ERR_PARTIAL=>$l->t('The uploaded file was only partially uploaded'),
+			UPLOAD_ERR_NO_FILE=>$l->t('No file was uploaded'),
+			UPLOAD_ERR_NO_TMP_DIR=>$l->t('Missing a temporary folder'),
 			UPLOAD_ERR_CANT_WRITE=>$l->t('Failed to write to disk'),
 		);
-		OCP\JSON::error(array("data" => array( "message" => $errors[$error] )));
+		OCP\JSON::error(array('data' => array( 'message' => $errors[$error] )));
 		exit();
 	}
 }
@@ -39,7 +41,7 @@ foreach($files['size'] as $size) {
 	$totalSize+=$size;
 }
 if($totalSize>OC_Filesystem::free_space('/')) {
-	OCP\JSON::error(array("data" => array( "message" => "Not enough space available" )));
+	OCP\JSON::error(array('data' => array( 'message' => $l->t( 'Not enough space available' ))));
 	exit();
 }
 
@@ -47,17 +49,19 @@ $result=array();
 if(strpos($dir, '..') === false) {
 	$fileCount=count($files['name']);
 	for($i=0;$i<$fileCount;$i++) {
-        $target = OCP\Files::buildNotExistingFileName(stripslashes($dir), $files['name'][$i]);
+		$target = OCP\Files::buildNotExistingFileName(stripslashes($dir), $files['name'][$i]);
+		// $path needs to be normalized - this failed within drag'n'drop upload to a sub-folder
+		$target = OC_Filesystem::normalizePath($target);
 		if(is_uploaded_file($files['tmp_name'][$i]) and OC_Filesystem::fromTmpFile($files['tmp_name'][$i], $target)) {
 			$meta = OC_FileCache::get($target);
 			$id = OC_FileCache::getId($target);
-			$result[]=array( "status" => "success", 'mime'=>$meta['mimetype'],'size'=>$meta['size'], 'id'=>$id, 'name'=>basename($target));
+			$result[]=array( 'status' => 'success', 'mime'=>$meta['mimetype'], 'size'=>$meta['size'], 'id'=>$id, 'name'=>basename($target));
 		}
 	}
 	OCP\JSON::encodedPrint($result);
 	exit();
 } else {
-	$error='invalid dir';
+	$error=$l->t( 'Invalid directory.' );
 }
 
-OCP\JSON::error(array('data' => array('error' => $error, "file" => $fileName)));
+OCP\JSON::error(array('data' => array('message' => $error )));

apps/files/appinfo/filesync.php

@@ -20,8 +20,8 @@
  * The final URL will look like http://.../remote.php/filesync/oc_chunked/path/to/file
  */
 
-// only need filesystem apps
-$RUNTIME_APPTYPES=array('filesystem','authentication');
+// load needed apps
+$RUNTIME_APPTYPES=array('filesystem','authentication','logging');
 OC_App::loadApps($RUNTIME_APPTYPES);
 if(!OC_User::isLoggedIn()) {
         if(!isset($_SERVER['PHP_AUTH_USER'])) {

apps/files/appinfo/remote.php

@@ -22,10 +22,12 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-// only need filesystem apps
-$RUNTIME_APPTYPES=array('filesystem','authentication');
+// load needed apps
+$RUNTIME_APPTYPES=array('filesystem','authentication','logging');
 OC_App::loadApps($RUNTIME_APPTYPES);
 
+OC_Util::obEnd();
+
 // Backends
 $authBackend = new OC_Connector_Sabre_Auth();
 $lockBackend = new OC_Connector_Sabre_Locks();
@@ -41,6 +43,7 @@ $server->setBaseUri($baseuri);
 $server->addPlugin(new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud'));
 $server->addPlugin(new Sabre_DAV_Locks_Plugin($lockBackend));
 $server->addPlugin(new Sabre_DAV_Browser_Plugin(false)); // Show something in the Browser, but no upload
+$server->addPlugin(new OC_Connector_Sabre_QuotaPlugin());
 
 // And off we go!
 $server->exec();

apps/files/appinfo/update.php

@@ -5,10 +5,10 @@ $installedVersion=OCP\Config::getAppValue('files', 'installed_version');
 if (version_compare($installedVersion, '1.1.6', '<')) {
 	$query = OC_DB::prepare( "SELECT `propertyname`, `propertypath`, `userid` FROM `*PREFIX*properties`" );
 	$result = $query->execute();
+	$updateQuery = OC_DB::prepare('UPDATE `*PREFIX*properties` SET `propertyname` = ? WHERE `userid` = ? AND `propertypath` = ?');
 	while( $row = $result->fetchRow()){
 		if ( $row["propertyname"][0] != '{' ) {
-			$query = OC_DB::prepare( 'UPDATE `*PREFIX*properties` SET `propertyname` = ? WHERE `userid` = ? AND `propertypath` = ?' );
-			$query->execute( array( '{DAV:}' + $row["propertyname"], $row["userid"], $row["propertypath"] ));
+			$updateQuery->execute(array('{DAV:}' + $row["propertyname"], $row["userid"], $row["propertypath"]));
 		}
 	}
 }

apps/files/css/files.css

@@ -19,7 +19,7 @@
 #new>ul { display:none; position:fixed; text-align:left; padding:.5em; background:#f8f8f8; margin-top:0.075em; border:1px solid #ddd; min-width:7em; margin-left:-.5em; z-index:-1; }
 #new>ul>li { margin:.3em; padding-left:2em; background-repeat:no-repeat; cursor:pointer; padding-bottom:0.1em }
 #new>ul>li>p { cursor:pointer; }
-#new>ul>li>input { padding:0.3em; margin:-0.3em; }
+#new>ul>li>form>input { padding:0.3em; margin:-0.3em; }
 #new, .file_upload_filename { border:1px solid; border-color:#51a351 #419341 #387038; -moz-box-shadow:0 1px 1px #f8f8f8, 1px 1px 1px #ada inset; -webkit-box-shadow:0 1px 1px #f8f8f8, 1px 1px 1px #ada inset; box-shadow:0 1px 1px #f8f8f8, 1px 1px 1px #ada inset; }
 #new .popup { border-top-left-radius:0; }
 
@@ -58,13 +58,13 @@ table th#headerDate, table td.date { width:11em; padding:0 .1em 0 1em; text-alig
 table td.selection, table th.selection, table td.fileaction { width:2em; text-align:center; }
 table td.filename a.name { display:block; height:1.5em; vertical-align:middle; margin-left:3em; }
 table tr[data-type="dir"] td.filename a.name span.nametext {font-weight:bold; }
-table td.filename a.name input, table td.filename a.name form { width:100%; cursor:text; }
+table td.filename input.filename { width:100%; cursor:text; }
 table td.filename a, table td.login, table td.logout, table td.download, table td.upload, table td.create, table td.delete { padding:.2em .5em .5em 0; }
 table td.filename .nametext, .uploadtext, .modified { float:left; padding:.3em 0; }
 // TODO fix usability bug (accidental file/folder selection)
 table td.filename .nametext { width:40em; overflow:hidden; text-overflow:ellipsis; }
 table td.filename .uploadtext { font-weight:normal; margin-left:.5em; }
-table td.filename form { float:left; font-size:.85em; }
+table td.filename form { font-size:.85em; margin-left:3em; margin-right:3em; }
 table thead.fixed tr{ position:fixed; top:6.5em; z-index:49; -moz-box-shadow:0 -3px 7px #ddd; -webkit-box-shadow:0 -3px 7px #ddd; box-shadow:0 -3px 7px #ddd; }
 table thead.fixed { height:2em; }
 #fileList tr td.filename>input[type=checkbox]:first-child { -ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=0)"; filter:alpha(opacity=0); opacity:0; float:left; margin:.7em 0 0 1em; /* bigger clickable area doesn’t work in FF width:2.8em; height:2.4em;*/ -webkit-transition:opacity 200ms; -moz-transition:opacity 200ms; -o-transition:opacity 200ms; transition:opacity 200ms; }

apps/files/download.php

@@ -40,9 +40,14 @@ if(!OC_Filesystem::file_exists($filename)) {
 $ftype=OC_Filesystem::getMimeType( $filename );
 
 header('Content-Type:'.$ftype);
-header('Content-Disposition: attachment; filename="'.basename($filename).'"');
+if ( preg_match( "/MSIE/", $_SERVER["HTTP_USER_AGENT"] ) ) {
+	header( 'Content-Disposition: attachment; filename="' . rawurlencode( basename($filename) ) . '"' );
+} else {
+	header( 'Content-Disposition: attachment; filename*=UTF-8\'\'' . rawurlencode( basename($filename) )
+										 . '; filename="' . rawurlencode( basename($filename) ) . '"' );
+}
 OCP\Response::disableCaching();
 header('Content-Length: '.OC_Filesystem::filesize($filename));
 
-@ob_end_clean();
+OC_Util::obEnd();
 OC_Filesystem::readfile( $filename );

apps/files/index.php

@@ -67,7 +67,7 @@ $breadcrumb = array();
 $pathtohere = '';
 foreach( explode( '/', $dir ) as $i ) {
 	if( $i != '' ) {
-		$pathtohere .= '/'.str_replace('+','%20', urlencode($i));
+		$pathtohere .= '/'.$i;
 		$breadcrumb[] = array( 'dir' => $pathtohere, 'name' => $i );
 	}
 }

apps/files/js/filelist.js

@@ -15,9 +15,9 @@ var FileList={
 			extension=false;
 		}
 		html+='<td class="filename" style="background-image:url('+img+')"><input type="checkbox" />';
-		html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '&lt;').replace(/>/, '&gt;')+'/'+name+'"><span class="nametext">'+basename;
+		html+='<a class="name" href="download.php?file='+$('#dir').val().replace(/</, '&lt;').replace(/>/, '&gt;')+'/'+escapeHTML(name)+'"><span class="nametext">'+escapeHTML(basename);
 		if(extension){
-			html+='<span class="extension">'+extension+'</span>';
+			html+='<span class="extension">'+escapeHTML(extension)+'</span>';
 		}
 		html+='</span></a></td>';
 		if(size!='Pending'){
@@ -137,16 +137,19 @@ var FileList={
 		tr=$('tr').filterAttr('data-file',name);
 		tr.data('renaming',true);
 		td=tr.children('td.filename');
-		input=$('<input class="filename"></input>').val(name);
+		input=$('<input class="filename"/>').val(name);
 		form=$('<form></form>');
 		form.append(input);
-		td.children('a.name').text('');
-		td.children('a.name').append(form);
+		td.children('a.name').hide();
+		td.append(form);
 		input.focus();
 		form.submit(function(event){
 			event.stopPropagation();
 			event.preventDefault();
 			var newname=input.val();
+			if (!Files.isFileNameValid(newname)) {
+				return false;
+			}
 			if (newname != name) {
 				if (FileList.checkName(name, newname, false)) {
 					newname = name;
@@ -156,11 +159,11 @@ var FileList={
 							OC.dialogs.alert(result.data.message, 'Error moving file');
 							newname = name;
 						}
-						tr.data('renaming',false);
 					});
 					
 				}
 			}
+			tr.data('renaming',false);
 			tr.attr('data-file', newname);
 			var path = td.children('a.name').attr('href');
 			td.children('a.name').attr('href', path.replace(encodeURIComponent(name), encodeURIComponent(newname)));
@@ -169,15 +172,24 @@ var FileList={
 			} else {
 				var basename=newname;
 			}
-			td.children('a.name').empty();
-			var span=$('<span class="nametext"></span>');
-			span.text(basename);
-			td.children('a.name').append(span);
+			td.find('a.name span.nametext').text(basename);
 			if (newname.indexOf('.') > 0 && tr.data('type') != 'dir') {
-				span.append($('<span class="extension">'+newname.substr(newname.lastIndexOf('.'))+'</span>'));
+				if (td.find('a.name span.extension').length == 0 ) {
+					td.find('a.name span.nametext').append('<span class="extension"></span>');
+				}
+				td.find('a.name span.extension').text(newname.substr(newname.lastIndexOf('.')));
 			}
+			form.remove();
+			td.children('a.name').show();
 			return false;
 		});
+		input.keyup(function(event){
+			if (event.keyCode == 27) {
+				tr.data('renaming',false);
+				form.remove();
+				td.children('a.name').show();
+			}
+		});
 		input.click(function(event){
 			event.stopPropagation();
 			event.preventDefault();
@@ -189,9 +201,9 @@ var FileList={
 	checkName:function(oldName, newName, isNewFile) {
 		if (isNewFile || $('tr').filterAttr('data-file', newName).length > 0) {
 			if (isNewFile) {
-				$('#notification').html(newName+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="suggest">'+t('files', 'suggest name')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
+				$('#notification').html(escapeHTML(newName)+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="suggest">'+t('files', 'suggest name')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
 			} else {
-				$('#notification').html(newName+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
+				$('#notification').html(escapeHTML(newName)+' '+t('files', 'already exists')+'<span class="replace">'+t('files', 'replace')+'</span><span class="cancel">'+t('files', 'cancel')+'</span>');
 			}
 			$('#notification').data('oldName', oldName);
 			$('#notification').data('newName', newName);
@@ -272,16 +284,16 @@ var FileList={
 		} else {
 			// NOTE: Temporary fix to change the text to unshared for files in root of Shared folder
 			if ($('#dir').val() == '/Shared') {
-				$('#notification').html(t('files', 'unshared')+' '+files+'<span class="undo">'+t('files', 'undo')+'</span>');
+				$('#notification').html(t('files', 'unshared')+' '+ escapeHTML(files) +'<span class="undo">'+t('files', 'undo')+'</span>');
 			} else {
-				$('#notification').html(t('files', 'deleted')+' '+files+'<span class="undo">'+t('files', 'undo')+'</span>');
+				$('#notification').html(t('files', 'deleted')+' '+ escapeHTML(files)+'<span class="undo">'+t('files', 'undo')+'</span>');
 			}
 			$('#notification').fadeIn();
 		}
 	},
 	finishDelete:function(ready,sync){
 		if(!FileList.deleteCanceled && FileList.deleteFiles){
-			var fileNames=FileList.deleteFiles.join(';');
+			var fileNames=JSON.stringify(FileList.deleteFiles);
 			$.ajax({
 				url: OC.filePath('files', 'ajax', 'delete.php'),
 				async:!sync,
@@ -373,4 +385,7 @@ $(document).ready(function(){
 			FileList.lastAction();
 		}
 	});
+	$(window).unload(function (){
+		$(window).trigger('beforeunload');
+	});
 });

apps/files/js/files.js

@@ -25,6 +25,30 @@ Files={
 			delete uploadingFiles[index];
 		});
 		procesSelection();
+	},
+	isFileNameValid:function (name) {
+		if (name === '.') {
+			$('#notification').text(t('files', '\'.\' is an invalid file name.'));
+			$('#notification').fadeIn();
+			return false;
+		}
+		if (name.length == 0) {
+			$('#notification').text(t('files', 'File name cannot be empty.'));
+			$('#notification').fadeIn();
+			return false;
+		}
+
+		// check for invalid characters
+		var invalid_characters = ['\\', '/', '<', '>', ':', '"', '|', '?', '*'];
+		for (var i = 0; i < invalid_characters.length; i++) {
+			if (name.indexOf(invalid_characters[i]) != -1) {
+				$('#notification').text(t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
+				$('#notification').fadeIn();
+				return false;
+			}
+		}
+		$('#notification').fadeOut();
+		return true;
 	}
 };
 $(document).ready(function() {
@@ -199,7 +223,7 @@ $(document).ready(function() {
 	$(document).bind('drop dragover', function (e) {
 			e.preventDefault(); // prevent browser from doing anything, if file isn't dropped in dropZone
 	});
-	 
+
 	if ( document.getElementById("data-upload-form") ) {
 	$(function() {
 		$('.file_upload_start').fileupload({
@@ -233,6 +257,11 @@ $(document).ready(function() {
 						}
 					});
 				}else{
+					var dropTarget = $(e.originalEvent.target).closest('tr');
+					if(dropTarget && dropTarget.attr('data-type') === 'dir') { // drag&drop upload to folder
+						var dirName = dropTarget.attr('data-file')
+					}
+
 					var date=new Date();
 					if(files){
 						for(var i=0;i<files.length;i++){
@@ -286,7 +315,10 @@ $(document).ready(function() {
 								var jqXHR =  $('.file_upload_start').fileupload('send', {files: files[i],
 										formData: function(form) {
 											var formArray = form.serializeArray();
-											formArray[1]['value'] = dirName;
+											// array index 0 contains the max files size
+											// array index 1 contains the request token
+											// array index 2 contains the directory
+											formArray[2]['value'] = dirName;
 											return formArray;
 										}}).success(function(result, textStatus, jqXHR) {
 											var response;
@@ -296,7 +328,13 @@ $(document).ready(function() {
 												$('#notification').fadeIn();
 											}
 											var file=response[0];
+											// TODO: this doesn't work if the file name has been changed server side
 											delete uploadingFiles[dirName][file.name];
+											if ($.assocArraySize(uploadingFiles[dirName]) == 0) {
+												delete uploadingFiles[dirName];
+											}
+
+											var uploadtext = $('tr').filterAttr('data-type', 'dir').filterAttr('data-file', dirName).find('.uploadtext')
 											var currentUploads = parseInt(uploadtext.attr('currentUploads'));
 											currentUploads -= 1;
 											uploadtext.attr('currentUploads', currentUploads);
@@ -419,7 +457,7 @@ $(document).ready(function() {
 		// http://stackoverflow.com/a/6700/11236
 		var size = 0, key;
 		for (key in obj) {
-		    if (obj.hasOwnProperty(key)) size++;
+			if (obj.hasOwnProperty(key)) size++;
 		}
 		return size;
 	};
@@ -463,7 +501,7 @@ $(document).ready(function() {
 		$('button.file_upload_filename').removeClass('active');
 		$('#new li').each(function(i,element){
 			if($(element).children('p').length==0){
-				$(element).children('input').remove();
+				$(element).children('form').remove();
 				$(element).append('<p>'+$(element).data('text')+'</p>');
 			}
 		});
@@ -483,7 +521,7 @@ $(document).ready(function() {
 
 		$('#new li').each(function(i,element){
 			if($(element).children('p').length==0){
-				$(element).children('input').remove();
+				$(element).children('form').remove();
 				$(element).append('<p>'+$(element).data('text')+'</p>');
 			}
 		});
@@ -492,18 +530,29 @@ $(document).ready(function() {
 		var text=$(this).children('p').text();
 		$(this).data('text',text);
 		$(this).children('p').remove();
+		var form=$('<form></form>');
 		var input=$('<input>');
-		$(this).append(input);
+		form.append(input);
+		$(this).append(form);
 		input.focus();
-		input.change(function(){
-			if(type != 'web' && $(this).val().indexOf('/')!=-1){
-				$('#notification').text(t('files','Invalid name, \'/\' is not allowed.'));
+		form.submit(function(event){
+			event.stopPropagation();
+			event.preventDefault();
+			var newname=input.val();
+			if(type == 'web' && newname.length == 0){
+				$('#notification').text(t('files', "URL cannot be empty."));
 				$('#notification').fadeIn();
-				return;
+				return false;
+			} else if (type != 'web' && !Files.isFileNameValid(newname)) {
+				return false;
+			} else if( type == 'folder' && $('#dir').val() == '/' && newname == 'Shared') {
+				$('#notification').text(t('files','Invalid folder name. Usage of "Shared" is reserved by Owncloud'));
+				$('#notification').fadeIn();
+				return false;
 			}
-			var name = getUniqueName($(this).val());
-			if (name != $(this).val()) {
-				FileList.checkName(name, $(this).val(), true);
+			var name = getUniqueName(newname);
+			if (newname != name) {
+				FileList.checkName(name, newname, true);
 				var hidden = true;
 			} else {
 				var hidden = false;
@@ -547,7 +596,7 @@ $(document).ready(function() {
 					break;
 				case 'web':
 					if(name.substr(0,8)!='https://' && name.substr(0,7)!='http://'){
-						name='http://'.name;
+						name='http://'+name;
 					}
 					var localName=name;
 					if(localName.substr(localName.length-1,1)=='/'){//strip /
@@ -586,8 +635,8 @@ $(document).ready(function() {
 					});
 					break;
 			}
-			var li=$(this).parent();
-			$(this).remove();
+			var li=form.parent();
+			form.remove();
 			li.append('<p>'+li.data('text')+'</p>');
 			$('#new>a').click();
 		});
@@ -707,7 +756,7 @@ function updateBreadcrumb(breadcrumbHtml) {
 
 //options for file drag/dropp
 var dragOptions={
-	distance: 20, revert: 'invalid', opacity: 0.7,
+	distance: 20, revert: 'invalid', opacity: 0.7, helper: 'clone',
 	stop: function(event, ui) {
 		$('#fileList tr td.filename').addClass('ui-draggable');
 	}
@@ -826,7 +875,7 @@ function getSelectedFiles(property){
 			name:$(element).attr('data-file'),
 			mime:$(element).data('mime'),
 			type:$(element).data('type'),
-			size:$(element).data('size'),
+			size:$(element).data('size')
 		};
 		if(property){
 			files.push(file[property]);
@@ -842,28 +891,27 @@ function relative_modified_date(timestamp) {
 	var diffminutes = Math.round(timediff/60);
 	var diffhours = Math.round(diffminutes/60);
 	var diffdays = Math.round(diffhours/24);
-	var diffmonths = Math.round(diffdays/31);
-	var diffyears = Math.round(diffdays/365);
-	if(timediff < 60) { return t('files','seconds ago'); }
-	else if(timediff < 120) { return '1 '+t('files','minute ago'); }
-	else if(timediff < 3600) { return diffminutes+' '+t('files','minutes ago'); }
+	//var diffmonths = Math.round(diffdays/31);
+	//var diffyears = Math.round(diffdays/365);
+	if(timediff < 60) { return t('lib','seconds ago'); }
+	else if(timediff < 120) { return t('lib','1 minute ago'); }
+	else if(timediff < 3600) { return t('lib','%d minutes ago',diffminutes); }
 	//else if($timediff < 7200) { return '1 hour ago'; }
 	//else if($timediff < 86400) { return $diffhours.' hours ago'; }
-	else if(timediff < 86400) { return t('files','today'); }
-	else if(timediff < 172800) { return t('files','yesterday'); }
-	else if(timediff < 2678400) { return diffdays+' '+t('files','days ago'); }
-	else if(timediff < 5184000) { return t('files','last month'); }
-	//else if($timediff < 31556926) { return $diffmonths.' months ago'; }
-	else if(timediff < 31556926) { return t('files','months ago'); }
-	else if(timediff < 63113852) { return t('files','last year'); }
-	else { return diffyears+' '+t('files','years ago'); }
+	else if(timediff < 86400) { return t('lib','today'); }
+	else if(timediff < 172800) { return t('lib','yesterday'); }
+	else if(timediff < 2678400) { return t('lib','%d days ago',diffdays); }
+	else if(timediff < 5184000) { return t('lib','last month'); }
+	else if(timediff < 31556926) { return t('lib','months ago'); }
+	else if(timediff < 63113852) { return t('lib','last year'); }
+	else { return t('lib','years ago'); }
 }
 
 function getMimeIcon(mime, ready){
 	if(getMimeIcon.cache[mime]){
 		ready(getMimeIcon.cache[mime]);
 	}else{
-		$.get( OC.filePath('files','ajax','mimeicon.php')+'?mime='+mime, function(path){
+		$.get( OC.filePath('files','ajax','mimeicon.php'), {mime: mime}, function(path){
 			getMimeIcon.cache[mime]=path;
 			ready(getMimeIcon.cache[mime]);
 		});

apps/files/l10n/de.php

@@ -37,7 +37,7 @@
 "folders" => "Ordner",
 "file" => "Datei",
 "files" => "Dateien",
-"seconds ago" => "Sekunden her",
+"seconds ago" => "Gerade eben",
 "minute ago" => "Minute her",
 "minutes ago" => "Minuten her",
 "today" => "Heute",

apps/files/templates/admin.php

@@ -4,13 +4,18 @@
 	<fieldset class="personalblock">
 		<legend><strong><?php echo $l->t('File handling');?></strong></legend>
 		<?php if($_['uploadChangable']):?>
-			<label for="maxUploadSize"><?php echo $l->t( 'Maximum upload size' ); ?> </label><input name='maxUploadSize' id="maxUploadSize" value='<?php echo $_['uploadMaxFilesize'] ?>'/>(<?php echo $l->t('max. possible: '); echo $_['maxPossibleUploadSize'] ?>)<br/>
+			<label for="maxUploadSize"><?php echo $l->t( 'Maximum upload size' ); ?> </label><input name='maxUploadSize' id="maxUploadSize" value='<?php echo $_['uploadMaxFilesize'] ?>'/>
+			<?php if($_['displayMaxPossibleUploadSize']):?>
+				(<?php echo $l->t('max. possible: '); echo $_['maxPossibleUploadSize'] ?>)
+			<?php endif;?>
+			<br/>
 		<?php endif;?>
 		<input type="checkbox" name="allowZipDownload" id="allowZipDownload" value="1" title="<?php echo $l->t( 'Needed for multi-file and folder downloads.' ); ?>"<?php if ($_['allowZipDownload']) echo ' checked="checked"'; ?> /> <label for="allowZipDownload"><?php echo $l->t( 'Enable ZIP-download' ); ?></label> <br/>
 
 			<input name="maxZipInputSize" id="maxZipInputSize" style="width:180px;" value='<?php echo $_['maxZipInputSize'] ?>' title="<?php echo $l->t( '0 is unlimited' ); ?>"<?php if (!$_['allowZipDownload']) echo ' disabled="disabled"'; ?> />
 			<label for="maxZipInputSize"><?php echo $l->t( 'Maximum input size for ZIP files' ); ?> </label><br />
 
+		<input type="hidden" value="<?php echo $_['requesttoken']; ?>" name="requesttoken" />
 		<input type="submit" name="submitFilesAdminSettings" id="submitFilesAdminSettings" value="<?php echo $l->t( 'Save' ); ?>"/>
 	</fieldset>
 </form>

apps/files/templates/index.php

@@ -14,6 +14,8 @@
 			<div class="file_upload_wrapper svg">
 				<form data-upload-id='1' id="data-upload-form" class="file_upload_form" action="<?php echo OCP\Util::linkTo('files', 'ajax/upload.php'); ?>" method="post" enctype="multipart/form-data" target="file_upload_target_1">
 					<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
+					<!-- Send the requesttoken, this is needed for older IE versions because they don't send the CSRF token via HTTP header in this case -->
+					<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
 					<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
 					<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
 					<input class="file_upload_start" type="file" name='files[]'/>

apps/files/templates/part.breadcrumb.php

@@ -1,6 +1,7 @@
 	<?php for($i=0; $i<count($_["breadcrumb"]); $i++):
-        $crumb = $_["breadcrumb"][$i]; ?>
-		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo urlencode($crumb["dir"]);?>' style='background-image:url("<?php echo OCP\image_path('core','breadcrumb.png');?>")'>
-		<a href="<?php echo $_['baseURL'].urlencode($crumb["dir"]); ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
+	$crumb = $_["breadcrumb"][$i];
+	$dir = str_replace('+','%20', urlencode($crumb["dir"])); ?>
+		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $dir;?>' style='background-image:url("<?php echo OCP\image_path('core', 'breadcrumb.png');?>")'>
+		<a href="<?php echo $_['baseURL'].$dir; ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
 		</div>
 	<?php endfor;?>

apps/files/templates/part.list.php

@@ -1,3 +1,12 @@
+		<script type="text/javascript">
+		<?php if ( array_key_exists('publicListView', $_) && $_['publicListView'] == true ) {
+			echo "var publicListView = true;";
+		} else {
+			echo "var publicListView = false;";
+		}
+		?>
+		</script>
+		
 		<?php foreach($_['files'] as $file):
 			$simple_file_size = OCP\simple_file_size($file['size']);
 			$simple_size_color = intval(200-$file['size']/(1024*1024)*2); // the bigger the file, the darker the shade of grey; megabytes*2

apps/files_encryption/settings.php

@@ -6,6 +6,8 @@
  * See the COPYING-README file.
  */
 
+OC_Util::checkAdminUser();
+
 $tmpl = new OCP\Template( 'files_encryption', 'settings');
 $blackList=explode(',',OCP\Config::getAppValue('files_encryption','type_blacklist','jpg,png,jpeg,avi,mpg,mpeg,mkv,mp3,oga,ogv,ogg'));
 $enabled=(OCP\Config::getAppValue('files_encryption','enable_encryption','true')=='true');

apps/files_external/ajax/removeMountPoint.php

@@ -3,6 +3,15 @@
 OCP\JSON::checkAppEnabled('files_external');
 OCP\JSON::callCheck();
 
+if (!isset($_POST['isPersonal']))
+	return;
+if (!isset($_POST['mountPoint']))
+	return;
+if (!isset($_POST['mountType']))
+	return;
+if (!isset($_POST['applicable']))
+	return;
+
 if ($_POST['isPersonal'] == 'true') {
 	OCP\JSON::checkLoggedIn();
 	$isPersonal = true;
@@ -10,4 +19,5 @@ if ($_POST['isPersonal'] == 'true') {
 	OCP\JSON::checkAdminUser();
 	$isPersonal = false;
 }
+
 OC_Mount_Config::removeMountPoint($_POST['mountPoint'], $_POST['mountType'], $_POST['applicable'], $isPersonal);

apps/files_external/lib/config.php

@@ -109,10 +109,10 @@ class OC_Mount_Config {
 		return $personal;
 	}
 
-	/**
-	 * Add directory for mount point to the filesystem
-	 * @param OC_Fileview instance $view
-	 * @param string path to mount point
+	/**
+	 * Add directory for mount point to the filesystem
+	 * @param OC_Fileview instance $view
+	 * @param string path to mount point
 	 */
 	private static function addMountPointDirectory($view, $path) {
 		$dir = '';
@@ -256,7 +256,7 @@ class OC_Mount_Config {
 			foreach ($data[self::MOUNT_TYPE_GROUP] as $group => $mounts) {
 				$content .= "\t\t'".$group."' => array (\n";
 				foreach ($mounts as $mountPoint => $mount) {
-					$content .= "\t\t\t'".$mountPoint."' => ".str_replace("\n", '', var_export($mount, true)).",\n";
+					$content .= "\t\t\t'".addcslashes($mountPoint,"'")."' => ".str_replace("\n", '', var_export($mount, true)).",\n";
 
 				}
 				$content .= "\t\t),\n";
@@ -268,7 +268,7 @@ class OC_Mount_Config {
 			foreach ($data[self::MOUNT_TYPE_USER] as $user => $mounts) {
 				$content .= "\t\t'".$user."' => array (\n";
 				foreach ($mounts as $mountPoint => $mount) {
-					$content .= "\t\t\t'".$mountPoint."' => ".str_replace("\n", '', var_export($mount, true)).",\n";
+					$content .= "\t\t\t'".addcslashes($mountPoint,"'")."' => ".str_replace("\n", '', var_export($mount, true)).",\n";
 				}
 				$content .= "\t\t),\n";
 			}
@@ -285,9 +285,17 @@ class OC_Mount_Config {
 	public static function getCertificates() {
 		$view = \OCP\Files::getStorage('files_external');
 		$path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/';
-		if (!is_dir($path)) mkdir($path);
+		\OCP\Util::writeLog('files_external', 'checking path '.$path, \OCP\Util::INFO);
+		if(!is_dir($path)) {
+			//path might not exist (e.g. non-standard OC_User::getHome() value)
+			//in this case create full path using 3rd (recursive=true) parameter.
+			mkdir($path, 0777, true);
+		}
 		$result = array();
 		$handle = opendir($path);
+		if (!$handle) {
+			return array();
+		}
 		while (false !== ($file = readdir($handle))) {
 			if($file != '.' && $file != '..') $result[] = $file;
 		}
@@ -319,4 +327,39 @@ class OC_Mount_Config {
 		return true;
 	}
 
+	/**
+	 * check if smbclient is installed 
+	 */
+	public static function checksmbclient() {
+		if(function_exists('shell_exec')) {
+			$output=shell_exec('which smbclient');
+			return (empty($output)?false:true);
+		}else{
+			return(false);
+		}
+	}
+
+	/**
+	 * check if php-ftp is installed 
+	 */
+	public static function checkphpftp() {
+		if(function_exists('ftp_login')) {
+			return(true);
+		}else{
+			return(false);
+		}
+	}
+
+	/**
+	 * check dependencies
+	 */
+	public static function checkDependencies() {
+		$l= new OC_L10N('files_external');
+		$txt='';
+		if(!OC_Mount_Config::checksmbclient()) $txt.=$l->t('<b>Warning:</b> "smbclient" is not installed. Mounting of CIFS/SMB shares is not possible. Please ask your system administrator to install it.').'<br />';
+		if(!OC_Mount_Config::checkphpftp()) $txt.=$l->t('<b>Warning:</b> The FTP support in PHP is not enabled or installed. Mounting of FTP shares is not possible. Please ask your system administrator to install it.').'<br />';
+
+		return($txt);
+	}
+
 }

apps/files_external/lib/ftp.php

@@ -19,7 +19,15 @@ class OC_FileStorage_FTP extends OC_FileStorage_StreamWrapper{
 		$this->host=$params['host'];
 		$this->user=$params['user'];
 		$this->password=$params['password'];
-		$this->secure=isset($params['secure'])?(bool)$params['secure']:false;
+		if(isset($params['secure'])){
+			if(is_string($params['secure'])){
+				$this->secure = ($params['secure'] === 'true');
+			}else{
+				$this->secure = (bool)$params['secure'];
+			}
+		}else{
+			$this->secure = false;
+		}
 		$this->root=isset($params['root'])?$params['root']:'/';
 		if(!$this->root || $this->root[0]!='/') {
 			$this->root='/'.$this->root;

apps/files_external/lib/smb.php

@@ -58,10 +58,6 @@ class OC_FileStorage_SMB extends OC_FileStorage_StreamWrapper{
 		}
 	}
 
-	public function filetype($path) {
-		return (bool)@$this->opendir($path);//using opendir causes the same amount of requests and caches the content of the folder in one go
-	}
-
 	/**
 	 * check if a file or folder has been updated since $time
 	 * @param int $time

apps/files_external/lib/swift.php

@@ -39,7 +39,7 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 	 * @return string
 	 */
 	private function getContainerName($path) {
-		$path=trim($this->root.$path,'/');
+		$path=trim(trim($this->root,'/')."/".$path,'/.');
 		return str_replace('/','\\',$path);
 	}
 
@@ -70,11 +70,11 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 	 * @return CF_Container
 	 */
 	private function createContainer($path) {
-		if($path=='' or $path=='/') {
+		if($path=='' or $path=='/' or $path=='.') {
 			return $this->conn->create_container($this->getContainerName($path));
 		}
 		$parent=dirname($path);
-		if($parent=='' or $parent=='/') {
+		if($parent=='' or $parent=='/' or $parent=='.') {
 			$parentContainer=$this->rootContainer;
 		}else{
 			if(!$this->containerExists($parent)) {
@@ -100,6 +100,9 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 		if(is_null($container)) {
 			return null;
 		}else{
+			if ($path=="/" or $path=='') {
+				return null;
+			}
 			try{
 				$obj=$container->get_object(basename($path));
 				$this->objects[$path]=$obj;
@@ -135,7 +138,7 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 	private function createObject($path) {
 		$container=$this->getContainer(dirname($path));
 		if(!is_null($container)) {
-			$container=$this->createContainer($path);
+			$container=$this->createContainer(dirname($path));
 		}
 		return $container->create_object(basename($path));
 	}
@@ -268,7 +271,15 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 		$this->host=$params['host'];
 		$this->user=$params['user'];
 		$this->root=isset($params['root'])?$params['root']:'/';
-		$this->secure=isset($params['secure'])?(bool)$params['secure']:true;
+		if(isset($params['secure'])){
+			if(is_string($params['secure'])){
+				$this->secure = ($params['secure'] === 'true');
+			}else{
+				$this->secure = (bool)$params['secure'];
+			}
+		}else{
+			$this->secure = false;
+		}
 		if(!$this->root || $this->root[0]!='/') {
 			$this->root='/'.$this->root;
 		}
@@ -277,7 +288,7 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 
 		$this->conn = new CF_Connection($this->auth);
 
-		if(!$this->containerExists($this->root)) {
+		if(!$this->containerExists('/')) {
 			$this->rootContainer=$this->createContainer('/');
 		}else{
 			$this->rootContainer=$this->getContainer('/');
@@ -391,6 +402,9 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 	}
 
 	public function unlink($path) {
+		if($this->containerExists($path)) {
+			return $this->rmdir($path);
+		}
 		if($this->objectExists($path)) {
 			$container=$this->getContainer(dirname($path));
 			$container->delete_object(basename($path));
@@ -401,13 +415,13 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 	}
 
 	public function fopen($path,$mode) {
-		$obj=$this->getObject($path);
-		if(is_null($obj)) {
-			return false;
-		}
 		switch($mode) {
 			case 'r':
 			case 'rb':
+				$obj=$this->getObject($path);
+				if (is_null($obj)) {
+					return false;
+				}
 				$fp = fopen('php://temp', 'r+');
 				$obj->stream($fp);
 
@@ -440,7 +454,7 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 	}
 
 	public function free_space($path) {
-		return 0;
+		return 1024*1024*1024*8;
 	}
 
 	public function touch($path,$mtime=null) {
@@ -481,7 +495,17 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 	}
 
 	public function stat($path) {
+		$container=$this->getContainer($path);
+		if (!is_null($container)) {
+			return array(
+				'mtime'=>-1,
+				'size'=>$container->bytes_used,
+				'ctime'=>-1
+			);
+		}
+
 		$obj=$this->getObject($path);
+
 		if(is_null($obj)) {
 			return false;
 		}
@@ -505,7 +529,7 @@ class OC_FileStorage_SWIFT extends OC_Filestorage_Common{
 			$obj->save_to_filename($tmpFile);
 			return $tmpFile;
 		}else{
-			return false;
+			return OCP\Files::tmpFile();
 		}
 	}
 

apps/files_external/lib/webdav.php

@@ -27,7 +27,15 @@ class OC_FileStorage_DAV extends OC_Filestorage_Common{
 		$this->host=$host;
 		$this->user=$params['user'];
 		$this->password=$params['password'];
-		$this->secure=(isset($params['secure']) && $params['secure'] == 'true')?true:false;
+		if(isset($params['secure'])){
+			if(is_string($params['secure'])){
+				$this->secure = ($params['secure'] === 'true');
+			}else{
+				$this->secure = (bool)$params['secure'];
+			}
+		}else{
+			$this->secure = false;
+		}
 		$this->root=isset($params['root'])?$params['root']:'/';
 		if(!$this->root || $this->root[0]!='/') {
 			$this->root='/'.$this->root;
@@ -131,6 +139,9 @@ class OC_FileStorage_DAV extends OC_Filestorage_Common{
 		switch($mode) {
 			case 'r':
 			case 'rb':
+				if(!$this->file_exists($path)) {
+					return false;
+				}
 				//straight up curl instead of sabredav here, sabredav put's the entire get result in memory
 				$curl = curl_init();
 				$fp = fopen('php://temp', 'r+');

apps/files_external/personal.php

@@ -29,5 +29,6 @@ $tmpl = new OCP\Template('files_external', 'settings');
 $tmpl->assign('isAdminPage', false, false);
 $tmpl->assign('mounts', OC_Mount_Config::getPersonalMountPoints());
 $tmpl->assign('certs', OC_Mount_Config::getCertificates());
+$tmpl->assign('dependencies', OC_Mount_Config::checkDependencies(),false);
 $tmpl->assign('backends', $backends);
 return $tmpl->fetchPage();

apps/files_external/settings.php

@@ -20,6 +20,8 @@
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+OC_Util::checkAdminUser();
+
 OCP\Util::addScript('files_external', 'settings');
 OCP\Util::addscript('3rdparty', 'chosen/chosen.jquery.min');
 OCP\Util::addStyle('files_external', 'settings');
@@ -30,5 +32,6 @@ $tmpl->assign('mounts', OC_Mount_Config::getSystemMountPoints());
 $tmpl->assign('backends', OC_Mount_Config::getBackends());
 $tmpl->assign('groups', OC_Group::getGroups());
 $tmpl->assign('users', OCP\User::getUsers());
+$tmpl->assign('dependencies', OC_Mount_Config::checkDependencies(),false);
 $tmpl->assign('allowUserMounting', OCP\Config::getAppValue('files_external', 'allow_user_mounting', 'yes'));
 return $tmpl->fetchPage();

apps/files_external/templates/settings.php

@@ -1,6 +1,7 @@
 <form id="files_external">
 	<fieldset class="personalblock">
 	<legend><strong><?php echo $l->t('External Storage'); ?></strong></legend>
+		<?php if (isset($_['dependencies']) and ($_['dependencies']<>'')) echo($_['dependencies']); ?>
 		<table id="externalStorage" data-admin='<?php echo json_encode($_['isAdminPage']); ?>'>
 			<thead>
 				<tr>
@@ -60,7 +61,7 @@
 					<?php if ($_['isAdminPage']): ?>
 					<td class="applicable" align="right" data-applicable-groups='<?php if (isset($mount['applicable']['groups'])) echo json_encode($mount['applicable']['groups']); ?>' data-applicable-users='<?php if (isset($mount['applicable']['users'])) echo json_encode($mount['applicable']['users']); ?>'>
 							<select class="chzn-select" multiple style="width:20em;" data-placeholder="<?php echo $l->t('None set'); ?>">
-								<option value="all"><?php echo $l->t('All Users'); ?></option>
+								<option value="all" <?php if (isset($mount['applicable']['users']) && in_array('all', $mount['applicable']['users'])) echo 'selected="selected"';?> ><?php echo $l->t('All Users'); ?></option>
 								<optgroup label="<?php echo $l->t('Groups'); ?>">
 									<?php foreach ($_['groups'] as $group): ?>
 										<option value="<?php echo $group; ?>(group)" <?php if (isset($mount['applicable']['groups']) && in_array($group, $mount['applicable']['groups'])) echo 'selected="selected"'; ?>><?php echo $group; ?></option>
@@ -113,4 +114,4 @@
         <input type="submit" name="cert_import" value="<?php echo $l->t('Import Root Certificate'); ?>" />
 		<?php endif; ?>
 </fieldset>
-</form>
+</form>

apps/files_external/tests/amazons3.php

@@ -1,43 +1,42 @@
 <?php
 
 /**
-* ownCloud
-*
-* @author Michael Gapczynski
-* @copyright 2012 Michael Gapczynski mtgap@owncloud.com
-*
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either
-* version 3 of the License, or any later version.
-*
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*
-* You should have received a copy of the GNU Affero General Public
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-*/
+ * ownCloud
+ *
+ * @author Michael Gapczynski
+ * @copyright 2012 Michael Gapczynski mtgap@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ */
 
-$config = include('apps/files_external/tests/config.php');
-if (!is_array($config) or !isset($config['amazons3']) or !$config['amazons3']['run']) {
-	abstract class Test_Filestorage_AmazonS3 extends Test_FileStorage{}
-	return;
-} else {
-	class Test_Filestorage_AmazonS3 extends Test_FileStorage {
+class Test_Filestorage_AmazonS3 extends Test_FileStorage {
 
-		private $config;
-		private $id;
+	private $config;
+	private $id;
 
-		public function setUp() {
-			$id = uniqid();
-			$this->config = include('apps/files_external/tests/config.php');
-			$this->config['amazons3']['bucket'] = $id; // Make sure we have a new empty bucket to work in
-			$this->instance = new OC_Filestorage_AmazonS3($this->config['amazons3']);
+	public function setUp() {
+		$id = uniqid();
+		$this->config = include('files_external/tests/config.php');
+		if (!is_array($this->config) or !isset($this->config['amazons3']) or !$this->config['amazons3']['run']) {
+			$this->markTestSkipped('AmazonS3 backend not configured');
 		}
+		$this->config['amazons3']['bucket'] = $id; // Make sure we have a new empty bucket to work in
+		$this->instance = new OC_Filestorage_AmazonS3($this->config['amazons3']);
+	}
 
-		public function tearDown() {
+	public function tearDown() {
+		if ($this->instance) {
 			$s3 = new AmazonS3(array('key' => $this->config['amazons3']['key'], 'secret' => $this->config['amazons3']['secret']));
 			if ($s3->delete_all_objects($this->id)) {
 				$s3->delete_bucket($this->id);

apps/files_external/tests/config.php

@@ -26,7 +26,7 @@ return array(
 		'run'=>false,
 		'user'=>'test:tester',
 		'token'=>'testing',
-		'host'=>'localhost:8080/auth',
+		'host'=>'localhost.local:8080/auth',
 		'root'=>'/',
 	),
 	'smb'=>array(

apps/files_external/tests/dropbox.php

@@ -6,22 +6,21 @@
  * See the COPYING-README file.
  */
 
-$config=include('files_external/tests/config.php');
-if(!is_array($config) or !isset($config['dropbox']) or !$config['dropbox']['run']) {
-	abstract class Test_Filestorage_Dropbox extends Test_FileStorage{}
-	return;
-}else{
-	class Test_Filestorage_Dropbox extends Test_FileStorage {
-		private $config;
+class Test_Filestorage_Dropbox extends Test_FileStorage {
+	private $config;
 
-		public function setUp() {
-			$id=uniqid();
-			$this->config=include('files_external/tests/config.php');
-			$this->config['dropbox']['root'].='/'.$id;//make sure we have an new empty folder to work in
-			$this->instance=new OC_Filestorage_Dropbox($this->config['dropbox']);
+	public function setUp() {
+		$id = uniqid();
+		$this->config = include('files_external/tests/config.php');
+		if (!is_array($this->config) or !isset($this->config['dropbox']) or !$this->config['dropbox']['run']) {
+			$this->markTestSkipped('Dropbox backend not configured');
 		}
+		$this->config['dropbox']['root'] .= '/' . $id; //make sure we have an new empty folder to work in
+		$this->instance = new OC_Filestorage_Dropbox($this->config['dropbox']);
+	}
 
-		public function tearDown() {
+	public function tearDown() {
+		if ($this->instance) {
 			$this->instance->unlink('/');
 		}
 	}

apps/files_external/tests/ftp.php

@@ -6,23 +6,40 @@
  * See the COPYING-README file.
  */
 
-$config=include('apps/files_external/tests/config.php');
-if(!is_array($config) or !isset($config['ftp']) or !$config['ftp']['run']) {
-	abstract class Test_Filestorage_FTP extends Test_FileStorage{}
-	return;
-}else{
-	class Test_Filestorage_FTP extends Test_FileStorage {
-		private $config;
+class Test_Filestorage_FTP extends Test_FileStorage {
+	private $config;
 
-		public function setUp() {
-			$id=uniqid();
-			$this->config=include('apps/files_external/tests/config.php');
-			$this->config['ftp']['root'].='/'.$id;//make sure we have an new empty folder to work in
-			$this->instance=new OC_Filestorage_FTP($this->config['ftp']);
+	public function setUp() {
+		$id = uniqid();
+		$this->config = include('files_external/tests/config.php');
+		if (!is_array($this->config) or !isset($this->config['ftp']) or !$this->config['ftp']['run']) {
+			$this->markTestSkipped('FTP backend not configured');
 		}
+		$this->config['ftp']['root'] .= '/' . $id; //make sure we have an new empty folder to work in
+		$this->instance = new OC_Filestorage_FTP($this->config['ftp']);
+	}
 
-		public function tearDown() {
+	public function tearDown() {
+		if ($this->instance) {
 			OCP\Files::rmdirr($this->instance->constructUrl(''));
 		}
 	}
+
+	public function testConstructUrl(){
+		$config = array ( 'host' => 'localhost', 'user' => 'ftp', 'password' => 'ftp', 'root' => '/', 'secure' => false );
+		$instance = new OC_Filestorage_FTP($config);
+		$this->assertEqual('ftp://ftp:ftp@localhost/', $instance->constructUrl(''));
+
+		$config['secure'] = true;
+		$instance = new OC_Filestorage_FTP($config);
+		$this->assertEqual('ftps://ftp:ftp@localhost/', $instance->constructUrl(''));
+
+		$config['secure'] = 'false';
+		$instance = new OC_Filestorage_FTP($config);
+		$this->assertEqual('ftp://ftp:ftp@localhost/', $instance->constructUrl(''));
+
+		$config['secure'] = 'true';
+		$instance = new OC_Filestorage_FTP($config);
+		$this->assertEqual('ftps://ftp:ftp@localhost/', $instance->constructUrl(''));
+	}
 }

apps/files_external/tests/google.php

@@ -1,42 +1,41 @@
 <?php
 
 /**
-* ownCloud
-*
-* @author Michael Gapczynski
-* @copyright 2012 Michael Gapczynski mtgap@owncloud.com
-*
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either
-* version 3 of the License, or any later version.
-*
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*
-* You should have received a copy of the GNU Affero General Public
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-*/
+ * ownCloud
+ *
+ * @author Michael Gapczynski
+ * @copyright 2012 Michael Gapczynski mtgap@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ */
 
-$config=include('apps/files_external/tests/config.php');
-if(!is_array($config) or !isset($config['google']) or !$config['google']['run']) {
-	abstract class Test_Filestorage_Google extends Test_FileStorage{}
-	return;
-}else{
-	class Test_Filestorage_Google extends Test_FileStorage {
+class Test_Filestorage_Google extends Test_FileStorage {
 
-		private $config;
+	private $config;
 
-		public function setUp() {
-			$id=uniqid();
-			$this->config=include('apps/files_external/tests/config.php');
-			$this->config['google']['root'].='/'.$id;//make sure we have an new empty folder to work in
-			$this->instance=new OC_Filestorage_Google($this->config['google']);
+	public function setUp() {
+		$id = uniqid();
+		$this->config = include('files_external/tests/config.php');
+		if (!is_array($this->config) or !isset($this->config['google']) or !$this->config['google']['run']) {
+			$this->markTestSkipped('Google backend not configured');
 		}
+		$this->config['google']['root'] .= '/' . $id; //make sure we have an new empty folder to work in
+		$this->instance = new OC_Filestorage_Google($this->config['google']);
+	}
 
-		public function tearDown() {
+	public function tearDown() {
+		if ($this->instance) {
 			$this->instance->rmdir('/');
 		}
 	}

apps/files_external/tests/smb.php

@@ -6,23 +6,21 @@
  * See the COPYING-README file.
  */
 
-$config=include('apps/files_external/tests/config.php');
+class Test_Filestorage_SMB extends Test_FileStorage {
+	private $config;
 
-if(!is_array($config) or !isset($config['smb']) or !$config['smb']['run']) {
-	abstract class Test_Filestorage_SMB extends Test_FileStorage{}
-	return;
-}else{
-	class Test_Filestorage_SMB extends Test_FileStorage {
-		private $config;
-
-		public function setUp() {
-			$id=uniqid();
-			$this->config=include('apps/files_external/tests/config.php');
-			$this->config['smb']['root'].=$id;//make sure we have an new empty folder to work in
-			$this->instance=new OC_Filestorage_SMB($this->config['smb']);
+	public function setUp() {
+		$id = uniqid();
+		$this->config = include('files_external/tests/config.php');
+		if (!is_array($this->config) or !isset($this->config['smb']) or !$this->config['smb']['run']) {
+			$this->markTestSkipped('Samba backend not configured');
 		}
+		$this->config['smb']['root'] .= $id; //make sure we have an new empty folder to work in
+		$this->instance = new OC_Filestorage_SMB($this->config['smb']);
+	}
 
-		public function tearDown() {
+	public function tearDown() {
+		if ($this->instance) {
 			OCP\Files::rmdirr($this->instance->constructUrl(''));
 		}
 	}

apps/files_external/tests/swift.php

@@ -6,25 +6,23 @@
  * See the COPYING-README file.
  */
 
-$config=include('apps/files_external/tests/config.php');
-if(!is_array($config) or !isset($config['swift']) or !$config['swift']['run']) {
-	abstract class Test_Filestorage_SWIFT extends Test_FileStorage{}
-	return;
-}else{
-	class Test_Filestorage_SWIFT extends Test_FileStorage {
-		private $config;
+class Test_Filestorage_SWIFT extends Test_FileStorage {
+	private $config;
 
-		public function setUp() {
-			$id=uniqid();
-			$this->config=include('apps/files_external/tests/config.php');
-			$this->config['swift']['root'].='/'.$id;//make sure we have an new empty folder to work in
-			$this->instance=new OC_Filestorage_SWIFT($this->config['swift']);
+	public function setUp() {
+		$id = uniqid();
+		$this->config = include('files_external/tests/config.php');
+		if (!is_array($this->config) or !isset($this->config['swift']) or !$this->config['swift']['run']) {
+			$this->markTestSkipped('OpenStack SWIFT backend not configured');
 		}
+		$this->config['swift']['root'] .= '/' . $id; //make sure we have an new empty folder to work in
+		$this->instance = new OC_Filestorage_SWIFT($this->config['swift']);
+	}
 
 
-		public function tearDown() {
-		    $this->instance->rmdir('');
+	public function tearDown() {
+		if ($this->instance) {
+			$this->instance->rmdir('');
 		}
-
 	}
 }

apps/files_external/tests/webdav.php

@@ -6,22 +6,21 @@
  * See the COPYING-README file.
  */
 
-$config=include('apps/files_external/tests/config.php');
-if(!is_array($config) or !isset($config['webdav']) or !$config['webdav']['run']) {
-	abstract class Test_Filestorage_DAV extends Test_FileStorage{}
-	return;
-}else{
-	class Test_Filestorage_DAV extends Test_FileStorage {
-		private $config;
+class Test_Filestorage_DAV extends Test_FileStorage {
+	private $config;
 
-		public function setUp() {
-			$id=uniqid();
-			$this->config=include('apps/files_external/tests/config.php');
-			$this->config['webdav']['root'].='/'.$id;//make sure we have an new empty folder to work in
-			$this->instance=new OC_Filestorage_DAV($this->config['webdav']);
+	public function setUp() {
+		$id = uniqid();
+		$this->config = include('files_external/tests/config.php');
+		if (!is_array($this->config) or !isset($this->config['webdav']) or !$this->config['webdav']['run']) {
+			$this->markTestSkipped('WebDAV backend not configured');
 		}
+		$this->config['webdav']['root'] .= '/' . $id; //make sure we have an new empty folder to work in
+		$this->instance = new OC_Filestorage_DAV($this->config['webdav']);
+	}
 
-		public function tearDown() {
+	public function tearDown() {
+		if ($this->instance) {
 			$this->instance->rmdir('/');
 		}
 	}

apps/files_sharing/appinfo/app.php

@@ -3,6 +3,7 @@
 OC::$CLASSPATH['OC_Share_Backend_File'] = "apps/files_sharing/lib/share/file.php";
 OC::$CLASSPATH['OC_Share_Backend_Folder'] = 'apps/files_sharing/lib/share/folder.php';
 OC::$CLASSPATH['OC_Filestorage_Shared'] = "apps/files_sharing/lib/sharedstorage.php";
+OC::$CLASSPATH['OC_Files_Sharing_Util'] = "apps/files_sharing/lib/util.php";
 OCP\Util::connectHook('OC_Filesystem', 'setup', 'OC_Filestorage_Shared', 'setup');
 OCP\Share::registerBackend('file', 'OC_Share_Backend_File');
 OCP\Share::registerBackend('folder', 'OC_Share_Backend_Folder', 'file');

apps/files_sharing/appinfo/update.php

@@ -55,6 +55,7 @@ if (version_compare($installedVersion, '0.3', '<')) {
 			OC_Util::tearDownFS();
 		}
 	}
+	OC_User::setUserId(null);
 	if ($update_error) {
 		OCP\Util::writeLog('files_sharing', 'There were some problems upgrading the sharing of files', OCP\Util::ERROR);
 	}

apps/files_sharing/js/share.js

@@ -1,6 +1,6 @@
 $(document).ready(function() {
 
-	if (typeof OC.Share !== 'undefined' && typeof FileActions !== 'undefined') {
+	if (typeof OC.Share !== 'undefined' && typeof FileActions !== 'undefined'  && !publicListView) {
 		OC.Share.loadIcons('file');
 		FileActions.register('all', 'Share', OC.PERMISSION_READ, function(filename) {
 			// Return the correct sharing icon
@@ -46,7 +46,7 @@ $(document).ready(function() {
 			var appendTo = $(tr).find('td.filename');
 			// Check if drop down is already visible for a different file
 			if (OC.Share.droppedDown) {
-				if (item != $('#dropdown').data('item')) {
+				if ($(tr).data('id') != $('#dropdown').attr('data-item-source')) {
 					OC.Share.hideDropDown(function () {
 						$(tr).addClass('mouseOver');
 						OC.Share.showDropDown(itemType, $(tr).data('id'), appendTo, true, possiblePermissions);

apps/files_sharing/lib/sharedstorage.php

@@ -113,7 +113,10 @@ class OC_Filestorage_Shared extends OC_Filestorage_Common {
 			return false;
 		} else if ($source = $this->getSourcePath($path)) {
 			$storage = OC_Filesystem::getStorage($source);
-			return $storage->mkdir($this->getInternalPath($source));
+			if( ($storage->mkdir($this->getInternalPath($source))) ) {
+				$this->updateFSCache($path);
+				return true;
+			}
 		}
 		return false;
 	}
@@ -296,10 +299,15 @@ class OC_Filestorage_Shared extends OC_Filestorage_Common {
 					'target' => $this->sharedFolder.$path,
 					'source' => $source,
 				);
-			OCP\Util::emitHook('OC_Filestorage_Shared', 'file_put_contents', $info);
+			OCP\Util::emitHook('OC_Filestorage_Shared', 'file_put_contents', $info);
+			$parts = explode('/', $source, 4);
+			$user =  $parts[1];
+			$intPath = '/'.$parts[3];
 			$storage = OC_Filesystem::getStorage($source);
-			$result = $storage->file_put_contents($this->getInternalPath($source), $data);
-			return $result;
+			if( ( $result = $storage->file_put_contents($this->getInternalPath($source), $data) ) ) {
+				$this->updateFSCache($path);
+				return $result;
+			}	
 		}
 		return false;
 	}
@@ -368,17 +376,18 @@ class OC_Filestorage_Shared extends OC_Filestorage_Common {
 
 	public function fopen($path, $mode) {
 		if ($source = $this->getSourcePath($path)) {
+			$write = false;
 			switch ($mode) {
+				case 'w':
+				case 'wb':
+				case 'w+':
+				case 'wb+': $write = true;
 				case 'r+':
 				case 'rb+':
-				case 'w+':
-				case 'wb+':
 				case 'x+':
 				case 'xb+':
 				case 'a+':
 				case 'ab+':
-				case 'w':
-				case 'wb':
 				case 'x':
 				case 'xb':
 				case 'a':
@@ -394,6 +403,14 @@ class OC_Filestorage_Shared extends OC_Filestorage_Common {
 			);
 			OCP\Util::emitHook('OC_Filestorage_Shared', 'fopen', $info);
 			$storage = OC_Filesystem::getStorage($source);
+			
+			$parts = explode('/', $source, 4);
+			$user =  $parts[1];
+			$intPath = '/'.$parts[3];
+
+			if ( $write && $storage->touch($this->getInternalPath($source)) ) {
+				$this->updateFSCache($path);
+			}
 			return $storage->fopen($this->getInternalPath($source), $mode);
 		}
 		return false;
@@ -447,4 +464,16 @@ class OC_Filestorage_Shared extends OC_Filestorage_Common {
 		//TODO
 		return false;
 	}
+	
+	private function updateFSCache($path) {
+		$source = $this->getSourcePath($path);
+		$parts = explode('/', $source, 4);
+		$user =  $parts[1];
+		$intPath = '/'.$parts[3];
+		
+		$mtime = $this->filemtime($path);
+		$size = $this->filesize($path);
+		$mime = $this->getMimeType($path);
+		OC_FileCache::put($intPath ,array('user'=>$user, 'size'=>$size, 'mtime'=>$mtime, 'mimetype'=>$mime, 'writable'=>true),'/'.$user.'/files');
+	}
 }

apps/files_sharing/lib/util.php

@@ -0,0 +1,79 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Bjoern Schiessle
+ * @copyright 2012 Bjoern Schiessle schiessle@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+class OC_Files_Sharing_Util {
+
+	private static $files = array();
+
+	/**
+	 * @brief Get the source file path and the permissions granted for a shared file
+	 * @param string Shared target file path
+	 * @return Returns array with the keys path and permissions or false if not found
+	 */
+	private static function getFile($target) {
+		$target = '/'.$target;
+		$target = rtrim($target, '/');
+		if (isset(self::$files[$target])) {
+			return self::$files[$target];
+		} else {
+			$pos = strpos($target, '/', 1);
+			// Get shared folder name
+			if ($pos !== false) {
+				$folder = substr($target, 0, $pos);
+				if (isset(self::$files[$folder])) {
+					$file = self::$files[$folder];
+				} else {
+					$file = OCP\Share::getItemSharedWith('folder', $folder, OC_Share_Backend_File::FORMAT_SHARED_STORAGE);
+				}
+				if ($file) {
+					self::$files[$target]['path'] = $file['path'].substr($target, strlen($folder));
+					self::$files[$target]['permissions'] = $file['permissions'];
+					return self::$files[$target];
+				}
+			} else {
+				$file = OCP\Share::getItemSharedWith('file', $target, OC_Share_Backend_File::FORMAT_SHARED_STORAGE);
+				if ($file) {
+					self::$files[$target] = $file;
+					return self::$files[$target];
+				}
+			}
+			OCP\Util::writeLog('files_sharing', 'File source not found for: '.$target, OCP\Util::ERROR);
+			return false;
+		}
+	}
+
+	/**
+	 * @brief Get the source file path for a shared file
+	 * @param string Shared target file path
+	 * @return Returns source file path or false if not found
+	 */
+	public static function getSourcePath($target) {
+		$file = self::getFile($target);
+		if (isset($file['path'])) {
+			$uid = substr($file['path'], 1, strpos($file['path'], '/', 1) - 1);
+			OC_Filesystem::mount('OC_Filestorage_Local', array('datadir' => OC_User::getHome($uid)), $uid);
+			return $file['path'];
+		}
+		return false;
+	}
+}

apps/files_sharing/public.php

@@ -7,7 +7,7 @@ OC_App::loadApps();
 // support will be removed in OC 5.0,a
 if (isset($_GET['token'])) {
 	unset($_GET['file']);
-	$qry = \OC_DB::prepare('SELECT `source` FROM `*PREFIX*sharing` WHERE `target` = ? LIMIT 1');
+	$qry = \OC_DB::prepare('SELECT `source` FROM `*PREFIX*sharing` WHERE `target` = ?', 1);
 	$filepath = $qry->execute(array($_GET['token']))->fetchOne();
 	if(isset($filepath)) {
 		$info = OC_FileCache_Cached::get($filepath, '');
@@ -19,174 +19,261 @@ if (isset($_GET['token'])) {
 		\OCP\Util::writeLog('files_sharing', 'You have files that are shared by link originating from ownCloud 4.0. Redistribute the new links, because backwards compatibility will be removed in ownCloud 5.', \OCP\Util::WARN);
 	}
 }
-// Enf of backward compatibility
 
-if (isset($_GET['file']) || isset($_GET['dir'])) {
+function getID($path) {
+	// use the share table from the db to find the item source if the file was reshared because shared files
+	// are not stored in the file cache.
+	if (substr(OC_Filesystem::getMountPoint($path), -7, 6) == "Shared") {
+		$path_parts = explode('/', $path, 5);
+		$user = $path_parts[1];
+		$intPath = '/'.$path_parts[4];
+		$query = \OC_DB::prepare('SELECT `item_source` FROM `*PREFIX*share` WHERE `uid_owner` = ? AND `file_target` = ? ');
+		$result = $query->execute(array($user, $intPath));
+		$row = $result->fetchRow();
+		$fileSource = $row['item_source'];
+	} else {
+		$fileSource = OC_Filecache::getId($path, '');
+	}
+	
+	return $fileSource;
+}
+// End of backward compatibility
+
+/**
+ * lookup file path and owner by fetching it from the fscache
+ * needed becaus OC_FileCache::getPath($id, $user) already requires the user
+ * @param int $id
+ * @return array
+ */
+function getPathAndUser($id) {
+	$query = \OC_DB::prepare('SELECT `user`, `path` FROM `*PREFIX*fscache` WHERE `id` = ?');
+	$result = $query->execute(array($id));
+	$row = $result->fetchRow();
+	return $row;
+}
+
+
+if (isset($_GET['t'])) {
+	$token = $_GET['t'];
+	$linkItem = OCP\Share::getShareByToken($token);
+	if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
+		// seems to be a valid share
+		$type = $linkItem['item_type'];
+		$fileSource = $linkItem['file_source'];
+		$shareOwner = $linkItem['uid_owner'];
+		
+		if (OCP\User::userExists($shareOwner) && $fileSource != -1 ) {
+			
+			$pathAndUser = getPathAndUser($linkItem['file_source']);
+			$fileOwner = $pathAndUser['user'];
+			
+			//if this is a reshare check the file owner also exists
+			if ($shareOwner != $fileOwner && ! OCP\User::userExists($fileOwner)) {
+					OCP\Util::writeLog('share', 'original file owner '.$fileOwner.' does not exist for share '.$linkItem['id'], \OCP\Util::ERROR);
+					header('HTTP/1.0 404 Not Found');
+					$tmpl = new OCP\Template('', '404', 'guest');
+					$tmpl->printPage();
+					exit();
+			}
+			
+			//mount filesystem of file owner
+			OC_Util::setupFS($fileOwner);
+		}
+	}
+} else if (isset($_GET['file']) || isset($_GET['dir'])) {
+	OCP\Util::writeLog('share', 'Missing token, trying fallback file/dir links', \OCP\Util::DEBUG);
 	if (isset($_GET['dir'])) {
 		$type = 'folder';
 		$path = $_GET['dir'];
+		if(strlen($path)>1 and substr($path, -1, 1)==='/') {
+			$path=substr($path, 0, -1);
+		}
 		$baseDir = $path;
 		$dir = $baseDir;
 	} else {
 		$type = 'file';
 		$path = $_GET['file'];
+		if(strlen($path)>1 and substr($path, -1, 1)==='/') {
+			$path=substr($path, 0, -1);
+		}
 	}
-	$uidOwner = substr($path, 1, strpos($path, '/', 1) - 1);
-	if (OCP\User::userExists($uidOwner)) {
-		OC_Util::setupFS($uidOwner);
-		$fileSource = OC_Filecache::getId($path, '');
-		if ($fileSource != -1 && ($linkItem = OCP\Share::getItemSharedWithByLink($type, $fileSource, $uidOwner))) {
-			// TODO Fix in the getItems
-			if (!isset($linkItem['item_type']) || $linkItem['item_type'] != $type) {
+	$shareOwner = substr($path, 1, strpos($path, '/', 1) - 1);
+	
+	if (OCP\User::userExists($shareOwner)) {
+		OC_Util::setupFS($shareOwner);
+		$fileSource = getID($path);
+		if ($fileSource != -1 ) {
+			$linkItem = OCP\Share::getItemSharedWithByLink($type, $fileSource, $shareOwner);
+			$pathAndUser['path'] = $path;
+			$path_parts = explode('/', $path, 5);
+			$pathAndUser['user'] = $path_parts[1];
+			$fileOwner = $path_parts[1];
+		}
+	}
+}
+
+if ($linkItem) {
+	if (!isset($linkItem['item_type'])) {
+		OCP\Util::writeLog('share', 'No item type set for share id: '.$linkItem['id'], \OCP\Util::ERROR);
+		header('HTTP/1.0 404 Not Found');
+		$tmpl = new OCP\Template('', '404', 'guest');
+		$tmpl->printPage();
+		exit();
+	}
+	if (isset($linkItem['share_with'])) {
+		// Authenticate share_with
+		$url = OCP\Util::linkToPublic('files').'&t='.$token;
+		if (isset($_GET['file'])) {
+			$url .= '&file='.urlencode($_GET['file']);
+		} else if (isset($_GET['dir'])) {
+			$url .= '&dir='.urlencode($_GET['dir']);
+		}
+		if (isset($_POST['password'])) {
+			$password = $_POST['password'];
+			if ($linkItem['share_type'] == OCP\Share::SHARE_TYPE_LINK) {
+				// Check Password
+				$forcePortable = (CRYPT_BLOWFISH != 1);
+				$hasher = new PasswordHash(8, $forcePortable);
+				if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $linkItem['share_with']))) {
+					$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
+					$tmpl->assign('URL', $url);
+					$tmpl->assign('error', true);
+					$tmpl->printPage();
+					exit();
+				} else {
+					// Save item id in session for future requests
+					$_SESSION['public_link_authenticated'] = $linkItem['id'];
+				}
+			} else {
+				OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type'].' for share id '.$linkItem['id'], \OCP\Util::ERROR);
 				header('HTTP/1.0 404 Not Found');
 				$tmpl = new OCP\Template('', '404', 'guest');
 				$tmpl->printPage();
 				exit();
 			}
-			if (isset($linkItem['share_with'])) {
-				// Check password
-				if (isset($_POST['password'])) {
-					$password = $_POST['password'];
-					$storedHash = $linkItem['share_with'];
-					$forcePortable = (CRYPT_BLOWFISH != 1);
-					$hasher = new PasswordHash(8, $forcePortable);
-					if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash))) {
-						$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
-						$tmpl->assign('URL', OCP\Util::linkToPublic('files').'&file='.$_GET['file']);
-						$tmpl->assign('error', true);
-						$tmpl->printPage();
-						exit();
-					} else {
-						// Save item id in session for future requests
-						$_SESSION['public_link_authenticated'] = $linkItem['id'];
-					}
-				// Check if item id is set in session
-				} else if (!isset($_SESSION['public_link_authenticated']) || $_SESSION['public_link_authenticated'] !== $linkItem['id']) {
-					// Prompt for password
-					$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
-					$tmpl->assign('URL', OCP\Util::linkToPublic('files').'&file='.$_GET['file']);
-					$tmpl->printPage();
-					exit();
-				}
-			}
-			$path = $linkItem['path'];
-			if (isset($_GET['path'])) {
-				$path .= $_GET['path'];
-				$dir .= $_GET['path'];
-				if (!OC_Filesystem::file_exists($path)) {
-					header('HTTP/1.0 404 Not Found');
-					$tmpl = new OCP\Template('', '404', 'guest');
-					$tmpl->printPage();
-					exit();
-				}
-			}
-			// Download the file
-			if (isset($_GET['download'])) {
-				if (isset($_GET['dir'])) {
-					if ( isset($_GET['files']) ) { // download selected files
-						OC_Files::get($path, $_GET['files'], $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
-					} else 	if (isset($_GET['path']) &&  $_GET['path'] != '' ) { // download a file from a shared directory
-						OC_Files::get('', $path, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
-					} else { // download the whole shared directory
-						OC_Files::get($path, '', $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
-					}
-				} else { // download a single shared file
-					OC_Files::get("", $path, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
-				}
-				
-			} else {
-				OCP\Util::addStyle('files_sharing', 'public');
-				OCP\Util::addScript('files_sharing', 'public');
-				OCP\Util::addScript('files', 'fileactions');
-				$tmpl = new OCP\Template('files_sharing', 'public', 'base');
-				$tmpl->assign('owner', $uidOwner);
-				// Show file list
-				if (OC_Filesystem::is_dir($path)) {
-					OCP\Util::addStyle('files', 'files');
-					OCP\Util::addScript('files', 'files');
-					OCP\Util::addScript('files', 'filelist');
-					$files = array();
-					$rootLength = strlen($baseDir) + 1;
-					foreach (OC_Files::getDirectoryContent($path) as $i) {
-						$i['date'] = OCP\Util::formatDate($i['mtime']);
-						if ($i['type'] == 'file') {
-							$fileinfo = pathinfo($i['name']);
-							$i['basename'] = $fileinfo['filename'];
-							$i['extension'] = isset($fileinfo['extension']) ? ('.'.$fileinfo['extension']) : '';
-						}
-						$i['directory'] = '/'.substr('/'.$uidOwner.'/files'.$i['directory'], $rootLength);
-						if ($i['directory'] == '/') {
-							$i['directory'] = '';
-						}
-						$i['permissions'] = OCP\Share::PERMISSION_READ;
-						$files[] = $i;
-					}
-					// Make breadcrumb
-					$breadcrumb = array();
-					$pathtohere = '';
-					$count = 1;
-					foreach (explode('/', $dir) as $i) {
-						if ($i != '') {
-							if ($i != $baseDir) {
-								$pathtohere .= '/'.$i;
-							}						
-							if ( strlen($pathtohere) <  strlen($_GET['dir'])) {
-								continue;
-							}
-							$breadcrumb[] = array('dir' => str_replace($_GET['dir'], "", $pathtohere, $count), 'name' => $i);
-						}
-					}
-					$list = new OCP\Template('files', 'part.list', '');
-					$list->assign('files', $files, false);
-					$list->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.$_GET['dir'].'&path=', false);
-					$list->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.$_GET['dir'].'&path=', false);
-					$breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '' );
-					$breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
-					$breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.$_GET['dir'].'&path=', false);
-					$folder = new OCP\Template('files', 'index', '');
-					$folder->assign('fileList', $list->fetchPage(), false);
-					$folder->assign('breadcrumb', $breadcrumbNav->fetchPage(), false);
-					$folder->assign('dir', basename($dir));
-					$folder->assign('isCreatable', false);
-					$folder->assign('permissions', 0);
-					$folder->assign('files', $files);
-					$folder->assign('uploadMaxFilesize', 0);
-					$folder->assign('uploadMaxHumanFilesize', 0);
-					$folder->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
-					$tmpl->assign('folder', $folder->fetchPage(), false);
-					$tmpl->assign('uidOwner', $uidOwner);
-					$tmpl->assign('dir', basename($dir));
-					$tmpl->assign('filename', basename($path));
-					$tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
-					$tmpl->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
-					if (isset($_GET['path'])) {
-						$getPath = $_GET['path'];
-					} else {
-						$getPath = '';
-					}
-					$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.$_GET['dir'].'&path='.$getPath);
-				} else {
-					// Show file preview if viewer is available
-					$tmpl->assign('uidOwner', $uidOwner);
-					$tmpl->assign('dir', dirname($path));
-					$tmpl->assign('filename', basename($path));
-					$tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
-					if ($type == 'file') {
-						$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&file='.$_GET['file'].'&download');
-					} else {
-						if (isset($_GET['path'])) {
-							$getPath = $_GET['path'];
-						} else {
-							$getPath = '';
-						}
-						$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.$_GET['dir'].'&path='.$getPath);
-					}
-				}
-				$tmpl->printPage();
-			}
+		// Check if item id is set in session
+		} else if (!isset($_SESSION['public_link_authenticated']) || $_SESSION['public_link_authenticated'] !== $linkItem['id']) {
+			// Prompt for password
+			$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
+			$tmpl->assign('URL', $url);
+			$tmpl->printPage();
 			exit();
 		}
 	}
+	$basePath = substr($pathAndUser['path'] , strlen('/'.$fileOwner.'/files'));
+	$path = $basePath;
+	if (isset($_GET['path'])) {
+		$path .= $_GET['path'];
+	}
+	if (!$path || !OC_Filesystem::isValidPath($path) || !OC_Filesystem::file_exists($path)) {
+		OCP\Util::writeLog('share', 'Invalid path '.$path.' for share id '.$linkItem['id'], \OCP\Util::ERROR);
+		header('HTTP/1.0 404 Not Found');
+		$tmpl = new OCP\Template('', '404', 'guest');
+		$tmpl->printPage();
+		exit();
+	}
+	$dir = dirname($path);
+	$file = basename($path);
+	// Download the file
+	if (isset($_GET['download'])) {
+		if (isset($_GET['path']) && $_GET['path'] !== '' ) {
+			if ( isset($_GET['files']) ) { // download selected files
+				OC_Files::get($path, $_GET['files'], $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
+			} else if (isset($_GET['path']) && $_GET['path'] != '' ) { // download a file from a shared directory
+				OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
+			} else { // download the whole shared directory
+				OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
+			}
+		} else { // download a single shared file
+			OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
+		}
+
+	} else {
+		OCP\Util::addStyle('files_sharing', 'public');
+		OCP\Util::addScript('files_sharing', 'public');
+		OCP\Util::addScript('files', 'fileactions');
+		$tmpl = new OCP\Template('files_sharing', 'public', 'base');
+		$tmpl->assign('uidOwner', $shareOwner);
+		$tmpl->assign('dir', $dir);
+		$tmpl->assign('filename', $file);
+		$tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
+		if (isset($_GET['path'])) {
+			$getPath = $_GET['path'];
+		} else {
+			$getPath = '';
+		}
+		//
+		$urlLinkIdentifiers= (isset($token)?'&t='.$token:'').(isset($_GET['dir'])?'&dir='.$_GET['dir']:'').(isset($_GET['file'])?'&file='.$_GET['file']:'');
+		// Show file list
+		if (OC_Filesystem::is_dir($path)) {
+			OCP\Util::addStyle('files', 'files');
+			OCP\Util::addScript('files', 'files');
+			OCP\Util::addScript('files', 'filelist');
+			$files = array();
+			$rootLength = strlen($basePath) + 1;
+			foreach (OC_Files::getDirectoryContent($path) as $i) {
+				$i['date'] = OCP\Util::formatDate($i['mtime']);
+				if ($i['type'] == 'file') {
+					$fileinfo = pathinfo($i['name']);
+					$i['basename'] = $fileinfo['filename'];
+					$i['extension'] = isset($fileinfo['extension']) ? ('.'.$fileinfo['extension']) : '';
+				}
+				$i['directory'] = '/'.substr($i['directory'], $rootLength);
+				if ($i['directory'] == '/') {
+					$i['directory'] = '';
+				}
+				$i['permissions'] = OCP\Share::PERMISSION_READ;
+				$files[] = $i;
+			}
+			// Make breadcrumb
+			$breadcrumb = array();
+			$pathtohere = '';
+
+			//add base breadcrumb
+			$breadcrumb[] = array('dir' => '/', 'name' => basename($basePath));
+
+			//add subdir breadcrumbs
+			foreach (explode('/', urldecode($getPath)) as $i) {
+				if ($i != '') {
+					$pathtohere .= '/'.$i;
+					$breadcrumb[] = array('dir' => $pathtohere, 'name' => $i);
+				}
+			}
+				
+			$list = new OCP\Template('files', 'part.list', '');
+			$list->assign('files', $files, false);
+			$list->assign('publicListView', true);
+			$list->assign('baseURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&path=', false);
+			$list->assign('downloadURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&download&path=', false);
+			$breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '' );
+			$breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
+			$breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&path=', false);
+			$folder = new OCP\Template('files', 'index', '');
+			$folder->assign('fileList', $list->fetchPage(), false);
+			$folder->assign('breadcrumb', $breadcrumbNav->fetchPage(), false);
+			$folder->assign('dir', basename($dir));
+			$folder->assign('isCreatable', false);
+			$folder->assign('permissions', 0);
+			$folder->assign('files', $files);
+			$folder->assign('uploadMaxFilesize', 0);
+			$folder->assign('uploadMaxHumanFilesize', 0);
+			$folder->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
+			$tmpl->assign('folder', $folder->fetchPage(), false);
+			$tmpl->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
+			$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&download&path='.urlencode($getPath));
+		} else {
+			// Show file preview if viewer is available
+			if ($type == 'file') {
+				$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&download');
+			} else {
+				$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&download&path='.urlencode($getPath));
+			}
+		}
+		$tmpl->printPage();
+	}
+	exit();
+} else {
+	OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG);
 }
 header('HTTP/1.0 404 Not Found');
 $tmpl = new OCP\Template('', '404', 'guest');

apps/files_sharing/templates/public.php

@@ -1,3 +1,11 @@
+<script type="text/javascript">
+	<?php if ( array_key_exists('publicListView', $_) && $_['publicListView'] == true ) {
+		echo "var publicListView = true;";
+	} else {
+		echo "var publicListView = false;";
+	}
+	?>
+</script>
 <input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
 <input type="hidden" name="downloadURL" value="<?php echo $_['downloadURL'] ?>" id="downloadURL">
 <input type="hidden" name="filename" value="<?php echo $_['filename'] ?>" id="filename">

apps/files_versions/js/versions.js

@@ -21,11 +21,11 @@ $(document).ready(function(){
 			}
 			,function(filename){
 				// Action to perform when clicked
-				if (scanFiles.scanning || !$('#dropdown').hasClass('drop-versions')){return;}//workaround to prevent additional http request block scanning feedback
+				if (scanFiles.scanning){return;}//workaround to prevent additional http request block scanning feedback
 
 				var file = $('#dir').val()+'/'+filename;
 				// Check if drop down is already visible for a different file
-				if (($('#dropdown').length > 0)) {
+				if (($('#dropdown').length > 0) && $('#dropdown').hasClass('drop-versions') ) {
 					if (file != $('#dropdown').data('file')) {
 						$('#dropdown').hide('blind', function() {
 							$('#dropdown').remove();
@@ -45,7 +45,7 @@ function createVersionsDropdown(filename, files) {
 
 	var historyUrl = OC.linkTo('files_versions', 'history.php') + '?path='+encodeURIComponent( $( '#dir' ).val() ).replace( /%2F/g, '/' )+'/'+encodeURIComponent( filename );
 
-	var html = '<div id="dropdown" class="drop drop-versions" data-file="'+files+'">';
+	var html = '<div id="dropdown" class="drop drop-versions" data-file="'+escapeHTML(files)+'">';
 	html += '<div id="private">';
 	html += '<select data-placeholder="Saved versions" id="found_versions" class="chzen-select" style="width:16em;">';
 	html += '<option value=""></option>';
@@ -73,7 +73,6 @@ function createVersionsDropdown(filename, files) {
 				$.each( versions, function(index, row ) {
 					addVersion( row );
 				});
-				$('#found_versions').chosen();
 			} else {
 				$('#found_versions').hide();
 				$('#makelink').hide();

apps/files_versions/lib/hooks.php

@@ -64,7 +64,7 @@ class Hooks {
 		$abs_newpath = \OCP\Config::getSystemValue('datadirectory').$versions_fileview->getAbsolutePath('').$params['newpath'].'.v';
 		if(Storage::isversioned($rel_oldpath)) {
 			$info=pathinfo($abs_newpath);
-			if(!file_exists($info['dirname'])) mkdir($info['dirname'],0700,true);
+			if(!file_exists($info['dirname'])) mkdir($info['dirname'],0750,true);
 			$versions = Storage::getVersions($rel_oldpath);
 			foreach ($versions as $v) {
 				rename($abs_oldpath.$v['version'], $abs_newpath.$v['version']);

apps/files_versions/lib/versions.php

@@ -1,279 +1,274 @@
-<?php
-/**
- * Copyright (c) 2012 Frank Karlitschek <frank@owncloud.org>
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
-
-/**
- * Versions
- *
- * A class to handle the versioning of files.
- */
-
-namespace OCA_Versions;
-
-class Storage {
-
-
-	// config.php configuration:
-	//   - files_versions
-	//   - files_versionsfolder
-	//   - files_versionsblacklist
-	//   - files_versionsmaxfilesize
-	//   - files_versionsinterval
-	//   - files_versionmaxversions
-	//
-	// todo:
-	//   - finish porting to OC_FilesystemView to enable network transparency
-	//   - add transparent compression. first test if it´s worth it.
-
-	const DEFAULTENABLED=true;
-	const DEFAULTBLACKLIST='avi mp3 mpg mp4 ctmp';
-	const DEFAULTMAXFILESIZE=1048576; // 10MB
-	const DEFAULTMININTERVAL=60; // 1 min
-	const DEFAULTMAXVERSIONS=50;
-
-	private static function getUidAndFilename($filename)
-	{
-		if (\OCP\App::isEnabled('files_sharing')
-		    && substr($filename, 0, 7) == '/Shared'
-		    && $source = \OCP\Share::getItemSharedWith('file',
-					substr($filename, 7),
-					\OC_Share_Backend_File::FORMAT_SHARED_STORAGE)) {
-			$filename = $source['path'];
-			$pos = strpos($filename, '/files', 1);
-			$uid = substr($filename, 1, $pos - 1);
-			$filename = substr($filename, $pos + 6);
-		} else {
-			$uid = \OCP\User::getUser();
-		}
-		return array($uid, $filename);
-	}
-
-	/**
-	 * store a new version of a file.
-	 */
-	public function store($filename) {
-		if(\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true') {
-			list($uid, $filename) = self::getUidAndFilename($filename);
-			$files_view = new \OC_FilesystemView('/'.$uid.'/files');
-			$users_view = new \OC_FilesystemView('/'.$uid);
-
-			//check if source file already exist as version to avoid recursions.
-			// todo does this check work?
-			if ($users_view->file_exists($filename)) {
-				return false;
-			}
-
-			// check if filename is a directory
-			if($files_view->is_dir($filename)) {
-				return false;
-			}
-
-			// check filetype blacklist
-			$blacklist=explode(' ',\OCP\Config::getSystemValue('files_versionsblacklist', Storage::DEFAULTBLACKLIST));
-			foreach($blacklist as $bl) {
-				$parts=explode('.', $filename);
-				$ext=end($parts);
-				if(strtolower($ext)==$bl) {
-					return false;
-				}
-			}
-			// we should have a source file to work with
-			if (!$files_view->file_exists($filename)) {
-				return false;
-			}
-
-			// check filesize
-			if($files_view->filesize($filename)>\OCP\Config::getSystemValue('files_versionsmaxfilesize', Storage::DEFAULTMAXFILESIZE)) {
-				return false;
-			}
-
-
-			// check mininterval if the file is being modified by the owner (all shared files should be versioned despite mininterval)
-			if ($uid == \OCP\User::getUser()) {
-				$versions_fileview = new \OC_FilesystemView('/'.$uid.'/files_versions');
-				$versionsFolderName=\OCP\Config::getSystemValue('datadirectory'). $versions_fileview->getAbsolutePath('');
-				$matches=glob($versionsFolderName.'/'.$filename.'.v*');
-				sort($matches);
-				$parts=explode('.v',end($matches));
-				if((end($parts)+Storage::DEFAULTMININTERVAL)>time()) {
-					return false;
-				}
-			}
-
-
-			// create all parent folders
-			$dirname = dirname($filename);
-			if(!$users_view->file_exists('/files_versions/'.$dirname)) {
-				$users_view->mkdir('/files_versions/'.$dirname,0700,true);
-			}
-
-			// store a new version of a file
-			$users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.time());
-
-			// expire old revisions if necessary
-			Storage::expire($filename);
-		}
-	}
-
-
-	/**
-	 * rollback to an old version of a file.
-	 */
-	public static function rollback($filename,$revision) {
-
-		if(\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true') {
-			list($uid, $filename) = self::getUidAndFilename($filename);
-			$users_view = new \OC_FilesystemView('/'.$uid);
-
-			// rollback
-			if( @$users_view->copy('files_versions'.$filename.'.v'.$revision, 'files'.$filename) ) {
-
-				return true;
-
-			}else{
-
-				return false;
-
-			}
-
-		}
-
-	}
-
-	/**
-	 * check if old versions of a file exist.
-	 */
-	public static function isversioned($filename) {
-		if(\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true') {
-			list($uid, $filename) = self::getUidAndFilename($filename);
-			$versions_fileview = new \OC_FilesystemView('/'.$uid.'/files_versions');
-
-			$versionsFolderName=\OCP\Config::getSystemValue('datadirectory'). $versions_fileview->getAbsolutePath('');
-
-			// check for old versions
-			$matches=glob($versionsFolderName.$filename.'.v*');
-			if(count($matches)>0) {
-				return true;
-			}else{
-				return false;
-			}
-		}else{
-			return(false);
-		}
-	}
-
-
-
-	/**
-	 * @brief get a list of all available versions of a file in descending chronological order
-	 * @param $filename file to find versions of, relative to the user files dir
-	 * @param $count number of versions to return
-	 * @returns array
-	 */
-	public static function getVersions( $filename, $count = 0 ) {
-
-		if( \OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true' ) {
-			list($uid, $filename) = self::getUidAndFilename($filename);
-			$versions_fileview = new \OC_FilesystemView('/'.$uid.'/files_versions');
-
-			$versionsFolderName = \OCP\Config::getSystemValue('datadirectory'). $versions_fileview->getAbsolutePath('');
-			$versions = array();
-
-			// fetch for old versions
-			$matches = glob( $versionsFolderName.'/'.$filename.'.v*' );
-
-			sort( $matches );
-
-			$i = 0;
-
-			$files_view = new \OC_FilesystemView('/'.$uid.'/files');
-			$local_file = $files_view->getLocalFile($filename);
-			foreach( $matches as $ma ) {
-
-				$i++;
-				$versions[$i]['cur'] = 0;
-				$parts = explode( '.v', $ma );
-				$versions[$i]['version'] = ( end( $parts ) );
-
-				// if file with modified date exists, flag it in array as currently enabled version
-				( \md5_file( $ma ) == \md5_file( $local_file ) ? $versions[$i]['fileMatch'] = 1 : $versions[$i]['fileMatch'] = 0 );
-
-			}
-
-			$versions = array_reverse( $versions );
-
-			foreach( $versions as $key => $value ) {
-
-				// flag the first matched file in array (which will have latest modification date) as current version
-				if ( $value['fileMatch'] ) {
-
-					$value['cur'] = 1;
-					break;
-
-				}
-
-			}
-
-			$versions = array_reverse( $versions );
-
-			// only show the newest commits
-			if( $count != 0 and ( count( $versions )>$count ) ) {
-
-				$versions = array_slice( $versions, count( $versions ) - $count );
-
-			}
-
-			return( $versions );
-
-
-		} else {
-
-			// if versioning isn't enabled then return an empty array
-			return( array() );
-
-		}
-
-	}
-
-	/**
-	 * @brief Erase a file's versions which exceed the set quota
-	 */
-	public static function expire($filename) {
-		if(\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true') {
-			list($uid, $filename) = self::getUidAndFilename($filename);
-			$versions_fileview = new \OC_FilesystemView('/'.$uid.'/files_versions');
-
-			$versionsFolderName=\OCP\Config::getSystemValue('datadirectory'). $versions_fileview->getAbsolutePath('');
-
-			// check for old versions
-			$matches = glob( $versionsFolderName.'/'.$filename.'.v*' );
-
-			if( count( $matches ) > \OCP\Config::getSystemValue( 'files_versionmaxversions', Storage::DEFAULTMAXVERSIONS ) ) {
-
-				$numberToDelete = count($matches) - \OCP\Config::getSystemValue( 'files_versionmaxversions', Storage::DEFAULTMAXVERSIONS );
-
-				// delete old versions of a file
-				$deleteItems = array_slice( $matches, 0, $numberToDelete );
-
-				foreach( $deleteItems as $de ) {
-
-					unlink( $versionsFolderName.'/'.$filename.'.v'.$de );
-
-				}
-			}
-		}
-	}
-
-	/**
-	 * @brief Erase all old versions of all user files
-	 * @return true/false
-	 */
-	public function expireAll() {
-		$view = \OCP\Files::getStorage('files_versions');
-		return $view->deleteAll('', true);
-	}
-}
+<?php
+/**
+ * Copyright (c) 2012 Frank Karlitschek <frank@owncloud.org>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+/**
+ * Versions
+ *
+ * A class to handle the versioning of files.
+ */
+
+namespace OCA_Versions;
+
+class Storage {
+
+
+	// config.php configuration:
+	//   - files_versions
+	//   - files_versionsfolder
+	//   - files_versionsblacklist
+	//   - files_versionsmaxfilesize
+	//   - files_versionsinterval
+	//   - files_versionmaxversions
+	//
+	// todo:
+	//   - finish porting to OC_FilesystemView to enable network transparency
+	//   - add transparent compression. first test if it´s worth it.
+
+	const DEFAULTENABLED=true;
+	const DEFAULTBLACKLIST='avi mp3 mpg mp4 ctmp';
+	const DEFAULTMAXFILESIZE=1048576; // 10MB
+	const DEFAULTMININTERVAL=60; // 1 min
+	const DEFAULTMAXVERSIONS=50;
+
+	private static function getUidAndFilename($filename)
+	{		
+		if (\OCP\App::isEnabled('files_sharing')
+		    && substr($filename, 0, 7) == '/Shared'
+		    && $source = \OC_Files_Sharing_Util::getSourcePath(substr($filename, 8))) {
+			$pos = strpos($source, '/files', 1);
+			$uid = substr($source, 1, $pos - 1);
+			$filename = substr($source, $pos + 6);
+		} else {
+			$uid = \OCP\User::getUser();
+		}
+		return array($uid, $filename);
+	}
+
+	/**
+	 * store a new version of a file.
+	 */
+	public function store($filename) {
+		if(\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true') {
+			list($uid, $filename) = self::getUidAndFilename($filename);
+			$files_view = new \OC_FilesystemView('/'. $uid .'/files');
+			$users_view = new \OC_FilesystemView('/'.$uid);
+			//check if source file already exist as version to avoid recursions.
+			// todo does this check work?
+			if ($users_view->file_exists($filename)) {
+				return false;
+			}
+
+			// check if filename is a directory
+			if($files_view->is_dir($filename)) {
+				return false;
+			}
+
+			// check filetype blacklist
+			$blacklist=explode(' ',\OCP\Config::getSystemValue('files_versionsblacklist', Storage::DEFAULTBLACKLIST));
+			foreach($blacklist as $bl) {
+				$parts=explode('.', $filename);
+				$ext=end($parts);
+				if(strtolower($ext)==$bl) {
+					return false;
+				}
+			}
+			// we should have a source file to work with
+			if (!$files_view->file_exists($filename)) {
+				return false;
+			}
+
+			// check filesize
+			if($files_view->filesize($filename)>\OCP\Config::getSystemValue('files_versionsmaxfilesize', Storage::DEFAULTMAXFILESIZE)) {
+				return false;
+			}
+
+			$versions_fileview = new \OC_FilesystemView('/'.$uid.'/files_versions');
+			$versionsFolderName=\OCP\Config::getSystemValue('datadirectory').$versions_fileview->getAbsolutePath('');
+			
+			// check mininterval if the file is being modified by the owner (all shared files should be versioned despite mininterval)
+			if ($uid == \OCP\User::getUser()) {
+				$versionsName=\OCP\Config::getSystemValue('datadirectory').$versions_fileview->getAbsolutePath($filename);
+				$matches=glob($versionsName.'.v*');
+				sort($matches);
+				$parts=explode('.v',end($matches));
+				if((end($parts)+Storage::DEFAULTMININTERVAL)>time()) {
+					return false;
+				}
+			}
+
+
+			// create all parent folders
+			$info=pathinfo($filename);
+			if(!file_exists($versionsFolderName.'/'.$info['dirname'])) {
+				mkdir($versionsFolderName.'/'.$info['dirname'],0750,true);
+			}
+
+			// store a new version of a file
+			$users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.time());
+
+			// expire old revisions if necessary
+			Storage::expire($filename);
+		}
+	}
+
+
+	/**
+	 * rollback to an old version of a file.
+	 */
+	public static function rollback($filename,$revision) {
+
+		if(\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true') {
+			list($uid, $filename) = self::getUidAndFilename($filename);
+			$users_view = new \OC_FilesystemView('/'.$uid);
+
+			// rollback
+			if( @$users_view->copy('files_versions'.$filename.'.v'.$revision, 'files'.$filename) ) {
+
+				return true;
+
+			}else{
+
+				return false;
+
+			}
+
+		}
+
+	}
+
+	/**
+	 * check if old versions of a file exist.
+	 */
+	public static function isversioned($filename) {
+		if(\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true') {
+			list($uid, $filename) = self::getUidAndFilename($filename);
+			$versions_fileview = new \OC_FilesystemView('/'.$uid.'/files_versions');
+
+			$versionsName=\OCP\Config::getSystemValue('datadirectory').$versions_fileview->getAbsolutePath($filename);
+
+			// check for old versions
+			$matches=glob($versionsName.'.v*');
+			if(count($matches)>0) {
+				return true;
+			}else{
+				return false;
+			}
+		}else{
+			return(false);
+		}
+	}
+
+
+
+	/**
+	 * @brief get a list of all available versions of a file in descending chronological order
+	 * @param $filename file to find versions of, relative to the user files dir
+	 * @param $count number of versions to return
+	 * @returns array
+	 */
+	public static function getVersions( $filename, $count = 0 ) {
+		if( \OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true' ) {
+			list($uid, $filename) = self::getUidAndFilename($filename);
+			$versions_fileview = new \OC_FilesystemView('/'.$uid.'/files_versions');
+
+			$versionsName = \OCP\Config::getSystemValue('datadirectory').$versions_fileview->getAbsolutePath($filename);
+			$versions = array();
+			// fetch for old versions
+			$matches = glob( $versionsName.'.v*' );
+
+			sort( $matches );
+
+			$i = 0;
+
+			$files_view = new \OC_FilesystemView('/'.$uid.'/files');
+			$local_file = $files_view->getLocalFile($filename);
+			foreach( $matches as $ma ) {
+
+				$i++;
+				$versions[$i]['cur'] = 0;
+				$parts = explode( '.v', $ma );
+				$versions[$i]['version'] = ( end( $parts ) );
+
+				// if file with modified date exists, flag it in array as currently enabled version
+				( \md5_file( $ma ) == \md5_file( $local_file ) ? $versions[$i]['fileMatch'] = 1 : $versions[$i]['fileMatch'] = 0 );
+
+			}
+
+			$versions = array_reverse( $versions );
+
+			foreach( $versions as $key => $value ) {
+
+				// flag the first matched file in array (which will have latest modification date) as current version
+				if ( $value['fileMatch'] ) {
+
+					$value['cur'] = 1;
+					break;
+
+				}
+
+			}
+
+			$versions = array_reverse( $versions );
+
+			// only show the newest commits
+			if( $count != 0 and ( count( $versions )>$count ) ) {
+
+				$versions = array_slice( $versions, count( $versions ) - $count );
+
+			}
+
+			return( $versions );
+
+
+		} else {
+
+			// if versioning isn't enabled then return an empty array
+			return( array() );
+
+		}
+
+	}
+
+	/**
+	 * @brief Erase a file's versions which exceed the set quota
+	 */
+	public static function expire($filename) {
+		if(\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true') {
+			list($uid, $filename) = self::getUidAndFilename($filename);
+			$versions_fileview = new \OC_FilesystemView('/'.$uid.'/files_versions');
+
+			$versionsName=\OCP\Config::getSystemValue('datadirectory').$versions_fileview->getAbsolutePath($filename);
+
+			// check for old versions
+			$matches = glob( $versionsName.'.v*' );
+
+			if( count( $matches ) > \OCP\Config::getSystemValue( 'files_versionmaxversions', Storage::DEFAULTMAXVERSIONS ) ) {
+
+				$numberToDelete = count($matches) - \OCP\Config::getSystemValue( 'files_versionmaxversions', Storage::DEFAULTMAXVERSIONS );
+
+				// delete old versions of a file
+				$deleteItems = array_slice( $matches, 0, $numberToDelete );
+
+				foreach( $deleteItems as $de ) {
+
+					unlink( $versionsName.'.v'.$de );
+
+				}
+			}
+		}
+	}
+
+	/**
+	 * @brief Erase all old versions of all user files
+	 * @return true/false
+	 */
+	public function expireAll() {
+		$view = \OCP\Files::getStorage('files_versions');
+		return $view->deleteAll('', true);
+	}
+}

apps/user_ldap/appinfo/app.php

@@ -42,3 +42,6 @@ $entry = array(
 );
 
 OCP\Backgroundjob::addRegularTask('OCA\user_ldap\lib\Jobs', 'updateGroups');
+if(OCP\App::isEnabled('user_webdavauth')) {
+	OCP\Util::writeLog('user_ldap', 'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour', OCP\Util::WARN);
+}

apps/user_ldap/appinfo/database.xml

@@ -130,7 +130,7 @@
    </field>
 
    <index>
-    <name>ldap_group_members</name>
+    <name>ldap_group_members_index</name>
     <unique>true</unique>
     <field>
      <name>owncloudname</name>

apps/user_ldap/appinfo/info.xml

@@ -2,7 +2,9 @@
 <info>
 	<id>user_ldap</id>
 	<name>LDAP user and group backend</name>
-	<description>Authenticate Users by LDAP</description>
+	<description>Authenticate users and groups by LDAP resp. Active Directoy.
+
+	This app is not compatible to the WebDAV user backend.</description>
 	<licence>AGPL</licence>
 	<author>Dominik Schmidt and Arthur Schiwon</author>
 	<require>4.9</require>

apps/user_ldap/appinfo/update.php

@@ -34,22 +34,49 @@ $groupBE = new \OCA\user_ldap\GROUP_LDAP();
 $groupBE->setConnector($connector);
 
 foreach($objects as $object) {
-	$fetchDNSql = 'SELECT `ldap_dn`, `owncloud_name` FROM `*PREFIX*ldap_'.$object.'_mapping` WHERE `directory_uuid` = ""';
-	$updateSql = 'UPDATE `*PREFIX*ldap_'.$object.'_mapping` SET `ldap_DN` = ?, `directory_uuid` = ? WHERE `ldap_dn` = ?';
+	$fetchDNSql = '
+		SELECT `ldap_dn`, `owncloud_name`, `directory_uuid`
+		FROM `*PREFIX*ldap_'.$object.'_mapping`';
+	$updateSql = '
+		UPDATE `*PREFIX*ldap_'.$object.'_mapping`
+		SET `ldap_DN` = ?, `directory_uuid` = ?
+		WHERE `ldap_dn` = ?';
 
 	$query = OCP\DB::prepare($fetchDNSql);
 	$res = $query->execute();
 	$DNs = $res->fetchAll();
 	$updateQuery = OCP\DB::prepare($updateSql);
 	foreach($DNs as $dn) {
-		$newDN = mb_strtolower($dn['ldap_dn'], 'UTF-8');
-		if($object == 'user') {
+		$newDN = escapeDN(mb_strtolower($dn['ldap_dn'], 'UTF-8'));
+		if(!empty($dn['directory_uuid'])) {
+			$uuid = $dn['directory_uuid'];
+		} elseif($object == 'user') {
 			$uuid = $userBE->getUUID($newDN);
 			//fix home folder to avoid new ones depending on the configuration
 			$userBE->getHome($dn['owncloud_name']);
 		} else {
 			$uuid = $groupBE->getUUID($newDN);
 		}
-		$updateQuery->execute(array($newDN, $uuid, $dn['ldap_dn']));
+		try {
+			$updateQuery->execute(array($newDN, $uuid, $dn['ldap_dn']));
+		} catch(Exception $e) {
+		    \OCP\Util::writeLog('user_ldap', 'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ', \OCP\Util::WARN);
+		}
+
 	}
 }
+
+function escapeDN($dn) {
+	$aDN = ldap_explode_dn($dn, false);
+	unset($aDN['count']);
+	foreach($aDN as $key => $part) {
+		$value = substr($part, strpos($part, '=')+1);
+		$escapedValue = strtr($value, Array(','=>'\2c', '='=>'\3d', '+'=>'\2b',
+			'<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c',
+			'"'=>'\22', '#'=>'\23'));
+		$part = str_replace($part, $value, $escapedValue);
+	}
+	$dn = implode(',', $aDN);
+
+	return $dn;
+}

apps/user_ldap/appinfo/version

@@ -1 +1 @@
-0.3.0.0
+0.3.0.1

apps/user_ldap/css/settings.css

@@ -7,4 +7,9 @@
 #ldap fieldset input {
 	width: 70%;
 	display: inline-block;
+}
+
+.ldapwarning {
+	margin-left: 1.4em;
+	color: #FF3B3B;
 }

apps/user_ldap/group_ldap.php

@@ -28,10 +28,11 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 
 	public function setConnector(lib\Connection &$connection) {
 		parent::setConnector($connection);
-		if(empty($this->connection->ldapGroupFilter) || empty($this->connection->ldapGroupMemberAssocAttr)) {
-			$this->enabled = false;
+		$filter = $this->connection->ldapGroupFilter;
+		$gassoc = $this->connection->ldapGroupMemberAssocAttr;
+		if(!empty($filter) && !empty($gassoc)) {
+			$this->enabled = true;
 		}
-		$this->enabled = true;
 	}
 
 	/**
@@ -96,12 +97,13 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 		if(!$this->enabled) {
 			return array();
 		}
-		if($this->connection->isCached('getUserGroups'.$uid)) {
-			return $this->connection->getFromCache('getUserGroups'.$uid);
+		$cacheKey = 'getUserGroups'.$uid;
+		if($this->connection->isCached($cacheKey)) {
+			return $this->connection->getFromCache($cacheKey);
 		}
 		$userDN = $this->username2dn($uid);
 		if(!$userDN) {
-			$this->connection->writeToCache('getUserGroups'.$uid, array());
+			$this->connection->writeToCache($cacheKey, array());
 			return array();
 		}
 
@@ -124,7 +126,7 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 		));
 		$groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName,'dn'));
 		$groups = array_unique($this->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
-		$this->connection->writeToCache('getUserGroups'.$uid, $groups);
+		$this->connection->writeToCache($cacheKey, $groups);
 
 		return $groups;
 	}

apps/user_ldap/lib/access.php

@@ -38,9 +38,11 @@ abstract class Access {
 	 * @brief reads a given attribute for an LDAP record identified by a DN
 	 * @param $dn the record in question
 	 * @param $attr the attribute that shall be retrieved
-	 * @returns the values in an array on success, false otherwise
+	 *        if empty, just check the record's existence
+	 * @returns an array of values on success or an empty
+	 *          array if $attr is empty, false otherwise
 	 *
-	 * Reads an attribute from an LDAP entry
+	 * Reads an attribute from an LDAP entry or check if entry exists
 	 */
 	public function readAttribute($dn, $attr) {
 		if(!$this->checkConnection()) {
@@ -53,12 +55,18 @@ abstract class Access {
 			\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG);
 			return false;
 		}
+		//Slashes should only be escaped in filters, not bases.
+		$dn = $this->DNasBaseParameter($dn);
 		$rr = @ldap_read($cr, $dn, 'objectClass=*', array($attr));
 		if(!is_resource($rr)) {
-			\OCP\Util::writeLog('user_ldap', 'readAttribute '.$attr.' failed for DN '.$dn, \OCP\Util::DEBUG);
+			\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
 			//in case an error occurs , e.g. object does not exist
 			return false;
 		}
+		if (empty($attr)) {
+			\OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
+			return array();
+		}
 		$er = ldap_first_entry($cr, $rr);
 		//LDAP attributes are not case sensitive
 		$result = \OCP\Util::mb_array_change_key_case(ldap_get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
@@ -67,7 +75,13 @@ abstract class Access {
 		if(isset($result[$attr]) && $result[$attr]['count'] > 0) {
 			$values = array();
 			for($i=0;$i<$result[$attr]['count'];$i++) {
-				$values[] = $this->resemblesDN($attr) ? $this->sanitizeDN($result[$attr][$i]) : $result[$attr][$i];
+				if($this->resemblesDN($attr)) {
+					$values[] = $this->sanitizeDN($result[$attr][$i]);
+				} elseif(strtolower($attr) == 'objectguid') {
+					$values[] = $this->convertObjectGUID2Str($result[$attr][$i]);
+				} else {
+					$values[] = $result[$attr][$i];
+				}
 			}
 			return $values;
 		}
@@ -101,6 +115,21 @@ abstract class Access {
 		//make comparisons and everything work
 		$dn = mb_strtolower($dn, 'UTF-8');
 
+		//escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
+		//to use the DN in search filters, \ needs to be escaped to \5c additionally
+		//to use them in bases, we convert them back to simple backslashes in readAttribute()
+		$replacements = array(
+			'\,' => '\5c2C',
+			'\=' => '\5c3D',
+			'\+' => '\5c2B',
+			'\<' => '\5c3C',
+			'\>' => '\5c3E',
+			'\;' => '\5c3B',
+			'\"' => '\5c22',
+			'\#' => '\5c23',
+		);
+		$dn = str_replace(array_keys($replacements),array_values($replacements), $dn);
+
 		return $dn;
 	}
 
@@ -209,7 +238,6 @@ abstract class Access {
 	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
 	 */
 	public function dn2ocname($dn, $ldapname = null, $isUser = true) {
-		$dn = $this->sanitizeDN($dn);
 		$table = $this->getMapTable($isUser);
 		if($isUser) {
 			$fncFindMappedName = 'findMappedUser';
@@ -255,8 +283,8 @@ abstract class Access {
 		}
 		$ldapname = $this->sanitizeUsername($ldapname);
 
-		//a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot.
-		if(($isUser && !\OCP\User::userExists($ldapname)) || (!$isUser && !\OC_Group::groupExists($ldapname))) {
+		//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
+		if(($isUser && !\OCP\User::userExists($ldapname, 'OCA\\user_ldap\\USER_LDAP')) || (!$isUser && !\OC_Group::groupExists($ldapname))) {
 			if($this->mapComponent($dn, $ldapname, $isUser)) {
 				return $ldapname;
 			}
@@ -339,7 +367,8 @@ abstract class Access {
 		$ownCloudNames = array();
 
 		foreach($ldapObjects as $ldapObject) {
-			$ocname = $this->dn2ocname($ldapObject['dn'], $ldapObject[$nameAttribute], $isUsers);
+			$nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null;
+			$ocname = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
 			if($ocname) {
 				$ownCloudNames[] = $ocname;
 			}
@@ -405,7 +434,6 @@ abstract class Access {
 	 */
 	private function mapComponent($dn, $ocname, $isUser = true) {
 		$table = $this->getMapTable($isUser);
-		$dn = $this->sanitizeDN($dn);
 
 		$sqlAdjustment = '';
 		$dbtype = \OCP\Config::getSystemValue('dbtype');
@@ -503,6 +531,12 @@ abstract class Access {
 		$link_resource = $this->connection->getConnectionResource();
 		if(is_resource($link_resource)) {
 			$sr = ldap_search($link_resource, $base, $filter, $attr);
+			if(!is_resource($sr)) {
+				$errmsg  = '('.ldap_errno($link_resource).') ' . ldap_error($link_resource);
+				$errmsg .= ', search filter: ' . $filter;
+				\OCP\Util::writeLog('user_ldap', 'Search: no result resource, LDAP error message: ' . $errmsg, \OCP\Util::ERROR);
+				return array();
+			}
 			$findings = ldap_get_entries($link_resource, $sr );
 
 			// if we're here, probably no connection resource is returned.
@@ -622,6 +656,7 @@ abstract class Access {
 	}
 
 	public function areCredentialsValid($name, $password) {
+		$name = $this->DNasBaseParameter($name);
 		$testConnection = clone $this->connection;
 		$credentials = array(
 			'ldapAgentName' => $name,
@@ -664,6 +699,7 @@ abstract class Access {
 
 	public function getUUID($dn) {
 		if($this->detectUuidAttribute($dn)) {
+			\OCP\Util::writeLog('user_ldap', 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, \OCP\Util::DEBUG);
 			$uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute);
 			if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) {
 				$this->detectUuidAttribute($dn, true);
@@ -679,4 +715,44 @@ abstract class Access {
 		}
 		return $uuid;
 	}
-}
+
+	/**
+	 * @brief converts a binary ObjectGUID into a string representation
+	 * @param $oguid the ObjectGUID in it's binary form as retrieved from AD
+	 * @returns String
+	 *
+	 * converts a binary ObjectGUID into a string representation
+	 * http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
+	 */
+	private function convertObjectGUID2Str($oguid) {
+		$hex_guid = bin2hex($oguid);
+		$hex_guid_to_guid_str = '';
+		for($k = 1; $k <= 4; ++$k) {
+			$hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
+		}
+		$hex_guid_to_guid_str .= '-';
+		for($k = 1; $k <= 2; ++$k) {
+			$hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
+		}
+		$hex_guid_to_guid_str .= '-';
+		for($k = 1; $k <= 2; ++$k) {
+			$hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
+		}
+		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
+		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
+
+		return strtoupper($hex_guid_to_guid_str);
+	}
+
+	/**
+	 * @brief converts a stored DN so it can be used as base parameter for LDAP queries
+	 * @param $dn the DN
+	 * @returns String
+	 *
+	 * converts a stored DN so it can be used as base parameter for LDAP queries
+	 * internally we store them for usage in LDAP filters
+	 */
+	private function DNasBaseParameter($dn) {
+		return str_replace('\\5c', '\\', $dn);
+	}
+}

apps/user_ldap/lib/connection.php

@@ -84,7 +84,7 @@ class Connection {
 			\OCP\Util::writeLog('user_ldap', 'Set config ldapUuidAttribute to  '.$value, \OCP\Util::DEBUG);
 			$this->config[$name] = $value;
 			if(!empty($this->configID)) {
-				\OCP\Config::getAppValue($this->configID, 'ldap_uuid_attribute', $value);
+				\OCP\Config::setAppValue($this->configID, 'ldap_uuid_attribute', $value);
 			}
 			$changed = true;
 		}

apps/user_ldap/settings.php

@@ -20,22 +20,21 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
+
+OC_Util::checkAdminUser();
+
 $params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl', 'home_folder_naming_rule');
 
 OCP\Util::addscript('user_ldap', 'settings');
 OCP\Util::addstyle('user_ldap', 'settings');
 
 if ($_POST) {
+	$clearCache = false;
 	foreach($params as $param) {
 		if(isset($_POST[$param])) {
+			$clearCache = true;
 			if('ldap_agent_password' == $param) {
 				OCP\Config::setAppValue('user_ldap', $param, base64_encode($_POST[$param]));
-			} elseif('ldap_cache_ttl' == $param) {
-				if(OCP\Config::getAppValue('user_ldap', $param,'') != $_POST[$param]) {
-					$ldap = new \OCA\user_ldap\lib\Connection('user_ldap');
-					$ldap->clearCache();
-					OCP\Config::setAppValue('user_ldap', $param, $_POST[$param]);
-				}
 			} elseif('home_folder_naming_rule' == $param) {
 				$value = empty($_POST[$param]) ? 'opt:username' : 'attr:'.$_POST[$param];
 				OCP\Config::setAppValue('user_ldap', $param, $value);
@@ -54,6 +53,10 @@ if ($_POST) {
 			OCP\Config::setAppValue('user_ldap', $param, 0);
 		}
 	}
+	if($clearCache) {
+		$ldap = new \OCA\user_ldap\lib\Connection('user_ldap');
+		$ldap->clearCache();
+	}
 }
 
 // fill template

apps/user_ldap/templates/settings.php

@@ -4,6 +4,13 @@
 		<li><a href="#ldapSettings-1">LDAP Basic</a></li>
 		<li><a href="#ldapSettings-2">Advanced</a></li>
 	</ul>
+		<?php if(OCP\App::isEnabled('user_webdavauth')) {
+			echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour. Please ask your system administrator to disable one of them.').'</p>';
+		}
+		if(!function_exists('ldap_connect')) {
+			echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module needs is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>';
+		}
+		?>
 	<fieldset id="ldapSettings-1">
 		<p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
 		<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><input type="text" id="ldap_base" name="ldap_base" value="<?php echo $_['ldap_base']; ?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>" /></p>

apps/user_ldap/user_ldap.php

@@ -29,11 +29,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 
 	private function updateQuota($dn) {
 		$quota = null;
-		if(!empty($this->connection->ldapQuotaDefault)) {
-			$quota = $this->connection->ldapQuotaDefault;
+		$quotaDefault = $this->connection->ldapQuotaDefault;
+		$quotaAttribute = $this->connection->ldapQuotaAttribute;
+		if(!empty($quotaDefault)) {
+			$quota = $quotaDefault;
 		}
-		if(!empty($this->connection->ldapQuotaAttribute)) {
-			$aQuota = $this->readAttribute($dn, $this->connection->ldapQuotaAttribute);
+		if(!empty($quotaAttribute)) {
+			$aQuota = $this->readAttribute($dn, $quotaAttribute);
 
 			if($aQuota && (count($aQuota) > 0)) {
 				$quota = $aQuota[0];
@@ -46,8 +48,9 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 
 	private function updateEmail($dn) {
 		$email = null;
-		if(!empty($this->connection->ldapEmailAttribute)) {
-			$aEmail = $this->readAttribute($dn, $this->connection->ldapEmailAttribute);
+		$emailAttribute = $this->connection->ldapEmailAttribute;
+		if(!empty($emailAttribute)) {
+			$aEmail = $this->readAttribute($dn, $emailAttribute);
 			if($aEmail && (count($aEmail) > 0)) {
 				$email = $aEmail[0];
 			}
@@ -138,9 +141,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 			return false;
 		}
 
-		//if user really still exists, we will be able to read his objectclass
-		$objcs = $this->readAttribute($dn, 'objectclass');
-		if(!$objcs || empty($objcs)) {
+		//check if user really still exists by reading its entry
+		if(!is_array($this->readAttribute($dn, ''))) {
 			$this->connection->writeToCache('userExists'.$uid, false);
 			return false;
 		}
@@ -169,8 +171,19 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
 			$attr = substr($this->connection->homeFolderNamingRule, strlen('attr:'));
 			$homedir = $this->readAttribute($this->username2dn($uid), $attr);
-			if($homedir) {
-				$homedir = \OCP\Config::getSystemValue( "datadirectory", \OC::$SERVERROOT."/data" ) . '/' . $homedir[0];
+			if($homedir && isset($homedir[0])) {
+				$path = $homedir[0];
+				//if attribute's value is an absolute path take this, otherwise append it to data dir
+				//check for / at the beginning or pattern c:\ resp. c:/
+				if(
+					'/' == $path[0]
+					|| (3 < strlen($path) && ctype_alpha($path[0]) && $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2]))
+				) {
+					$homedir = $path;
+				} else {
+					$homedir = \OCP\Config::getSystemValue( "datadirectory", \OC::$SERVERROOT."/data" ) . '/' . $homedir[0];
+				}
+
 				\OCP\Config::setUserValue($uid, 'user_ldap', 'homedir', $homedir);
 				return $homedir;
 			}

apps/user_webdavauth/appinfo/app.php

@@ -23,7 +23,7 @@
 
 require_once 'apps/user_webdavauth/user_webdavauth.php';
 
-OC_APP::registerAdmin('user_webdavauth','settings');
+OC_APP::registerAdmin('user_webdavauth', 'settings');
 
 OC_User::registerBackend("WEBDAVAUTH");
 OC_User::useBackend( "WEBDAVAUTH" );

apps/user_webdavauth/appinfo/info.xml

@@ -2,10 +2,14 @@
 <info>
 	<id>user_webdavauth</id>
 	<name>WebDAV user backend</name>
-	<description>Authenticate Users by a WebDAV call</description>
-	<version>1.0</version>
+	<description>Authenticate users by a WebDAV call. You can use any WebDAV server, ownCloud server or other webserver to authenticate. It should return http 200 for right credentials and http 401 for wrong ones.
+
+	This app is not compatible to the LDAP user and group backend.</description>
 	<licence>AGPL</licence>
 	<author>Frank Karlitschek</author>
 	<require>4.9</require>
 	<shipped>true</shipped>
+	<types>
+		<authentication/>
+	</types>
 </info>

apps/user_webdavauth/appinfo/version

@@ -0,0 +1 @@
+1.1.0.0

apps/user_webdavauth/settings.php

@@ -21,7 +21,8 @@
  *
  */
 
-print_r($_POST);
+OC_Util::checkAdminUser();
+
 if($_POST) {
 
 		if(isset($_POST['webdav_url'])) {

apps/user_webdavauth/templates/settings.php

@@ -1,7 +1,7 @@
 <form id="webdavauth" action="#" method="post">
 	<fieldset class="personalblock">
 		<legend><strong>WebDAV Authentication</strong></legend>
-		<p><label for="webdav_url"><?php echo $l->t('webdav_url');?><input type="text" id="webdav_url" name="webdav_url" value="<?php echo $_['webdav_url']; ?>"></label>
+		<p><label for="webdav_url"><?php echo $l->t('WebDAV URL: http://');?><input type="text" id="webdav_url" name="webdav_url" value="<?php echo $_['webdav_url']; ?>"></label>
 		<input type="submit" value="Save" />
 	</fieldset>
 </form>

apps/user_webdavauth/user_webdavauth.php

@@ -30,37 +30,36 @@ class OC_USER_WEBDAVAUTH extends OC_User_Backend {
 
 	public function createUser() {
 		// Can't create user
-		OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to create users from web frontend using WebDAV user backend',3);
+		OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to create users from web frontend using WebDAV user backend', 3);
 		return false;
 	}
 
-	public function deleteUser() {
+	public function deleteUser($uid) {
 		// Can't delete user
-		OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to delete users from web frontend using WebDAV user backend',3);
+		OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to delete users from web frontend using WebDAV user backend', 3);
 		return false;
 	}
 
 	public function setPassword ( $uid, $password ) {
 		// We can't change user password
-		OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to change password for users from web frontend using WebDAV user backend',3);
+		OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to change password for users from web frontend using WebDAV user backend', 3);
 		return false;
 	}
 
 	public function checkPassword( $uid, $password ) {
-
 		$url= 'http://'.urlencode($uid).':'.urlencode($password).'@'.$this->webdavauth_url;
 		$headers = get_headers($url);
 		if($headers==false) {
-			OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to connect to WebDAV Url: "'.$this->webdavauth_url.'" ' ,3);
+			OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to connect to WebDAV Url: "'.$this->webdavauth_url.'" ', 3);
 			return false;
 
 		}
 		$returncode= substr($headers[0], 9, 3);
 
-		if($returncode=='401') {
-			return false;
+		if(($returncode=='401') or ($returncode=='403')) {
+			return(false);
 		}else{
-			return true;
+			return($uid);
 		}
 
 	}
@@ -68,14 +67,15 @@ class OC_USER_WEBDAVAUTH extends OC_User_Backend {
 	/*
 	* we don´t know if a user exists without the password. so we have to return false all the time
 	*/
-	public function userExists( $uid ) {
-		return false;
+	public function userExists( $uid ){
+		return true;
 	}
 
+
 	/*
 	* we don´t know the users so all we can do it return an empty array here
 	*/
-	public function getUsers() {
+	public function getUsers($search = '', $limit = 10, $offset = 0) {
 		$returnArray = array();
 
 		return $returnArray;

config/config.sample.php

@@ -30,6 +30,12 @@ $CONFIG = array(
 /* Force use of HTTPS connection (true = use HTTPS) */
 "forcessl" => false,
 
+/* The automatic hostname detection of ownCloud can fail in certain reverse proxy situations. This option allows to manually override the automatic detection. You can also add a port. For example "www.example.com:88" */
+"overwritehost" => "",
+
+/* The automatic protocol detection of ownCloud can fail in certain reverse proxy situations. This option allows to manually override the protocol detection. For example "https" */
+"overwriteprotocol" => "",
+
 /* Theme to use for ownCloud */
 "theme" => "",
 
@@ -60,6 +66,9 @@ $CONFIG = array(
 /* Host to use for sending mail, depends on mail_smtpmode if this is used */
 "mail_smtphost" => "127.0.0.1",
 
+/* Port to use for sending mail, depends on mail_smtpmode if this is used */
+"mail_smtpport" => 25,
+
 /* authentication needed to send mail, depends on mail_smtpmode if this is used
  * (false = disable authentication)
  */
@@ -104,4 +113,4 @@ $CONFIG = array(
 		'writable' => true,
   ),
  ),
-);
+);

core/ajax/share.php

@@ -28,13 +28,19 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
 		case 'share':
 			if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
 				try {
-					if ((int)$_POST['shareType'] === OCP\Share::SHARE_TYPE_LINK && $_POST['shareWith'] == '') {
+					$shareType = (int)$_POST['shareType'];
+					$shareWith = $_POST['shareWith'];
+					if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith == '') {
 						$shareWith = null;
-					} else {
-						$shareWith = $_POST['shareWith'];
 					}
-					OCP\Share::shareItem($_POST['itemType'], $_POST['itemSource'], (int)$_POST['shareType'], $shareWith, $_POST['permissions']);
-					OC_JSON::success();
+					
+					$token = OCP\Share::shareItem($_POST['itemType'], $_POST['itemSource'], $shareType, $shareWith, $_POST['permissions']);
+					
+					if (is_string($token)) {
+						OC_JSON::success(array('data' => array('token' => $token)));
+					} else {
+						OC_JSON::success();
+					}
 				} catch (Exception $exception) {
 					OC_JSON::error(array('data' => array('message' => $exception->getMessage())));
 				}
@@ -63,6 +69,39 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
 				($return) ? OC_JSON::success() : OC_JSON::error();
 			}
 			break;
+		case 'email':
+			// read post variables
+			$user = OCP\USER::getUser();
+			$type = $_POST['itemType'];
+			$link = $_POST['link'];
+			$file = $_POST['file'];
+			$to_address = $_POST['toaddress'];
+
+			// enable l10n support
+			$l = OC_L10N::get('core');
+
+			// setup the email
+			$subject = (string)$l->t('User %s shared a file with you', $user);
+			if ($type === 'dir') {
+				$subject = (string)$l->t('User %s shared a folder with you', $user);
+			}
+
+			$text = (string)$l->t('User %s shared the file "%s" with you. It is available for download here: %s', array($user, $file, $link));
+			if ($type === 'dir') {
+				$text = (string)$l->t('User %s shared the folder "%s" with you. It is available for download here: %s', array($user, $file, $link));
+			}
+
+			$default_from = OCP\Util::getDefaultEmailAddress('sharing-noreply');
+			$from_address = OCP\Config::getUserValue($user, 'settings', 'email', $default_from);
+
+			// send it out now
+			try {
+				OCP\Util::sendMail($to_address, $to_address, $subject, $text, $from_address, $user);
+				OCP\JSON::success();
+			} catch (Exception $exception) {
+				OCP\JSON::error(array('data' => array('message' => OC_Util::sanitizeHTML($exception->getMessage()))));
+			}
+			break;
 	}
 } else if (isset($_GET['fetch'])) {
 	switch ($_GET['fetch']) {

core/css/share.css

@@ -17,6 +17,11 @@ a.unshare { float:right; display:inline; padding:.3em 0 0 .3em !important; opaci
 a.unshare:hover { opacity:1; }
 #link { border-top:1px solid #ddd; padding-top:0.5em; }
 #dropdown input[type="text"], #dropdown input[type="password"] { width:90%; }
+#dropdown form {
+    font-size: 100%;
+    margin-left: 0;
+    margin-right: 0;
+}
 #linkText, #linkPass, #expiration { display:none; }
 #link #showPassword img { width:12px; padding-left: 0.3em; }
 #link label, #expiration label{ padding-left: 0.5em; }

core/js/config.js

@@ -50,6 +50,6 @@ OC.AppConfig={
 	},
 	deleteApp:function(app){
 		OC.AppConfig.postCall('deleteApp',{app:app});
-	},
+	}
 };
 //TODO OC.Preferences

core/js/eventsource.js

@@ -42,7 +42,11 @@ OC.EventSource=function(src,data){
 	}
 	dataStr+='requesttoken='+OC.Request.Token;
 	if(!this.useFallBack && typeof EventSource !='undefined'){
-		this.source=new EventSource(src+'?'+dataStr);
+		var joinChar = '&';
+		if(src.indexOf('?') == -1) {
+			joinChar = '?';
+		}
+		this.source=new EventSource(src+joinChar+dataStr);
 		this.source.onmessage=function(e){
 			for(var i=0;i<this.typelessListeners.length;i++){
 				this.typelessListeners[i](JSON.parse(e.data));
@@ -54,7 +58,12 @@ OC.EventSource=function(src,data){
 		this.iframe=$('<iframe/>');
 		this.iframe.attr('id',iframeId);
 		this.iframe.hide();
-		this.iframe.attr('src',src+'?fallback=true&fallback_id='+OC.EventSource.iframeCount+'&'+dataStr);
+
+		var joinChar = '&';
+		if(src.indexOf('?') == -1) {
+			joinChar = '?';
+		}
+		this.iframe.attr('src',src+joinChar+'fallback=true&fallback_id='+OC.EventSource.iframeCount+'&'+dataStr);
 		$('body').append(this.iframe);
 		this.useFallBack=true;
 		OC.EventSource.iframeCount++
@@ -90,7 +99,7 @@ OC.EventSource.prototype={
 	lastLength:0,//for fallback
 	listen:function(type,callback){
 		if(callback && callback.call){
-			
+
 			if(type){
 				if(this.useFallBack){
 					if(!this.listeners[type]){

core/js/js.js

@@ -30,6 +30,15 @@ function t(app,text){
 }
 t.cache={};
 
+/*
+* Sanitizes a HTML string
+* @param string
+* @return Sanitized string
+*/
+function escapeHTML(s) {
+		return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('"').join('&quot;');
+}
+
 /**
 * Get the path to download a file
 * @param file The filename
@@ -297,8 +306,15 @@ if(typeof localStorage !=='undefined' && localStorage !== null){
 			return localStorage.setItem(OC.localStorage.namespace+name,JSON.stringify(item));
 		},
 		getItem:function(name){
-			if(localStorage.getItem(OC.localStorage.namespace+name)===null){return null;}
-			return JSON.parse(localStorage.getItem(OC.localStorage.namespace+name));
+			var item = localStorage.getItem(OC.localStorage.namespace+name);
+			if(item===null){
+				return null;
+			} else if (typeof JSON === 'undefined') {
+				//fallback to jquery for IE6/7/8
+				return $.parseJSON(item);
+			} else {
+				return JSON.parse(item);
+			}
 		}
 	};
 }else{
@@ -619,7 +635,7 @@ $.fn.filterAttr = function(attr_name, attr_value) {
 function humanFileSize(size) {
 	var humanList = ['B', 'kB', 'MB', 'GB', 'TB'];
 	// Calculate Log with base 1024: size = 1024 ** order
-	var order = Math.floor(Math.log(size) / Math.log(1024));
+	var order = size?Math.floor(Math.log(size) / Math.log(1024)):0;
 	// Stay in range of the byte sizes that are defined
 	order = Math.min(humanList.length - 1, order);
 	var readableFormat = humanList[order];

core/js/oc-dialogs.js

@@ -66,51 +66,54 @@ var OCdialogs = {
 	/**
 	* prompt user for input with custom form
 	* fields should be passed in following format: [{text:'prompt text', name:'return name', type:'input type', value: 'dafault value'},...]
-	* @param fields to display 
+	* select example 	var fields=[{text:'Test', name:'test', type:'select', options:[{text:'hallo',value:1},{text:'hallo1',value:2}] }];
+	* @param fields to display
 	* @param title dialog title
 	* @param callback which will be triggered when user press OK (user answers will be passed to callback in following format: [{name:'return name', value: 'user value'},...])
 	*/
 	form:function(fields, title, callback, modal) {
 		var content = '<table>';
-		for (var a in fields) {
-			content += '<tr><td>'+fields[a].text+'</td><td>';
-			var type=fields[a].type;
+		$.each(fields, function(index, val){
+			content += '<tr><td>'+val.text+'</td><td>';
+			var type=val.type;
+
 			if (type == 'text' || type == 'checkbox' || type == 'password') {
-				content += '<input type="'+type+'" name="'+fields[a].name+'"';
+				content += '<input type="'+type+'" name="'+val.name+'"';
 				if (type == 'checkbox') {
-					if (fields[a].value != undefined && fields[a].value == true) {
+					if (val.value != undefined && val.value == true) {
 						content += ' checked="checked">';
 					} else {
 						content += '>';
 					}
-				} else if (type == 'text' || type == 'password' && fields[a].value) {
-					content += ' value="'+fields[a].value+'">';
+				} else if (type == 'text' || type == 'password' && val.value) {
+					content += ' value="'+val.value+'">';
 				}
 			} else if (type == 'select') {
-				content += '<select name="'+fields[a].name+'"';
-				if (fields[a].value != undefined) {
-					content += ' value="'+fields[a].value+'"';
+				content += '<select name="'+val.name+'"';
+				if (val.value != undefined) {
+					content += ' value="'+val.value+'"';
 				}
 				content += '>';
-				for (var o in fields[a].options) {
-					content += '<option value="'+fields[a].options[o].value+'">'+fields[a].options[o].text+'</option>';
-				}
+				$.each(val.options, function(index, valo){
+					content += '<option value="'+valo.value+'">'+valo.text+'</option>';
+				});
 				content += '</select>';
 			}
 			content += '</td></tr>';
-		}
+
+		});
 		content += '</table>';
 		OCdialogs.message(content, title, OCdialogs.FORM_DIALOG, OCdialogs.OK_CANCEL_BUTTONS, callback, modal);
 	},
 	filepicker:function(title, callback, multiselect, mimetype_filter, modal) {
 		var c_name = 'oc-dialog-'+OCdialogs.dialogs_counter+'-content';
 		var c_id = '#'+c_name;
-		var d = '<div id="'+c_name+'" title="'+title+'"><select id="dirtree"><option value="0">'+OC.currentUser+'</option></select><div id="filelist"></div><div class="filepicker_loader"><img src="'+OC.filePath('gallery','img','loading.gif')+'"></div></div>';
+		var d = '<div id="'+c_name+'" title="'+title+'"><select id="dirtree"><option value="0">'+OC.currentUser+'</option></select><div id="filelist"></div><div class="filepicker_loader"><img src="'+OC.filePath('core','img','loading.gif')+'"></div></div>';
 		if (!modal) modal = false; // Huh..
 		if (!multiselect) multiselect = false;
 		$('body').append(d);
 		$(c_id + ' #dirtree').focus(function() {
-			var t = $(this); 
+			var t = $(this);
 			t.data('oldval',  t.val())
 		}).change({dcid: c_id}, OC.dialogs.handleTreeListSelect);
 		$(c_id).ready(function(){
@@ -120,7 +123,7 @@ var OCdialogs = {
 		}).data('multiselect', multiselect).data('mimetype',mimetype_filter);
 		// build buttons
 		var b = [{
-			text: t('core', 'Choose'), 
+			text: t('core', 'Choose'),
 			click: function(){
 				if (callback != undefined) {
 					var p;
@@ -140,7 +143,7 @@ var OCdialogs = {
 			}
 		},
 		{
-			text: t('core', 'Cancel'), 
+			text: t('core', 'Cancel'),
 			click: function(){$(c_id).dialog('close'); }}
 		];
 		$(c_id).dialog({width: ((4*$('body').width())/9), height: 400, modal: modal, buttons: b});
@@ -215,9 +218,10 @@ var OCdialogs = {
 	fillFilePicker:function(r, dialog_content_id) {
 		var entry_template = '<div onclick="javascript:OC.dialogs.handlePickerClick(this, \'*ENTRYNAME*\',\''+dialog_content_id+'\')" data="*ENTRYTYPE*"><img src="*MIMETYPEICON*" style="margin-right:1em;"><span id="filename">*NAME*</span><div style="float:right;margin-right:1em;">*LASTMODDATE*</div></div>';
 		var names = '';
-		for (var a in r.data) {
-			names += entry_template.replace('*LASTMODDATE*', OC.mtime2date(r.data[a].mtime)).replace('*NAME*', r.data[a].name).replace('*MIMETYPEICON*', r.data[a].mimetype_icon).replace('*ENTRYNAME*', r.data[a].name).replace('*ENTRYTYPE*', r.data[a].type);
-		}
+		$.each(r.data, function(index, a) {
+			names += entry_template.replace('*LASTMODDATE*', OC.mtime2date(a.mtime)).replace('*NAME*', a.name).replace('*MIMETYPEICON*', a.mimetype_icon).replace('*ENTRYNAME*', a.name).replace('*ENTRYTYPE*', a.type);
+		});
+
 		$(dialog_content_id + ' #filelist').html(names);
 		$(dialog_content_id + ' .filepicker_loader').css('visibility', 'hidden');
 	},
@@ -231,10 +235,10 @@ var OCdialogs = {
 		}
 		var skip_first = true;
 		var path = '';
-		$(this).children().each(function(i, element) { 
+		$(this).children().each(function(i, element) {
 			if (skip_first) {
-				skip_first = false; 
-				return; 
+				skip_first = false;
+				return;
 			}
 			path += '/'+$(element).text();
 		});

core/js/share.js

@@ -125,7 +125,7 @@ OC.Share={
 	showDropDown:function(itemType, itemSource, appendTo, link, possiblePermissions) {
 		var data = OC.Share.loadItem(itemType, itemSource);
 		var html = '<div id="dropdown" class="drop" data-item-type="'+itemType+'" data-item-source="'+itemSource+'">';
-		if (data.reshare) {
+		if (data !== false && data.reshare !== false && data.reshare.uid_owner !== undefined) {
 			if (data.reshare.share_type == OC.Share.SHARE_TYPE_GROUP) {
 				html += '<span class="reshare">'+t('core', 'Shared with you and the group')+' '+data.reshare.share_with+' '+t('core', 'by')+' '+data.reshare.uid_owner+'</span>';
 			} else {
@@ -140,15 +140,19 @@ OC.Share={
 			if (link) {
 				html += '<div id="link">';
 				html += '<input type="checkbox" name="linkCheckbox" id="linkCheckbox" value="1" /><label for="linkCheckbox">'+t('core', 'Share with link')+'</label>';
-				html += '<a href="#" id="showPassword" style="display:none;"><img class="svg" alt="'+t('core', 'Password protect')+'" src="'+OC.imagePath('core', 'actions/lock')+'"/></a>';
 				html += '<br />';
 				html += '<input id="linkText" type="text" readonly="readonly" />';
+				html += '<input type="checkbox" name="showPassword" id="showPassword" value="1" style="display:none;" /><label for="showPassword" style="display:none;">'+t('core', 'Password protect')+'</label>';
 				html += '<div id="linkPass">';
 				html += '<input id="linkPassText" type="password" placeholder="'+t('core', 'Password')+'" />';
 				html += '</div>';
 				html += '</div>';
-			}
-			html += '<div id="expiration">';
+                html += '<form id="emailPrivateLink" >';
+                html += '<input id="email" style="display:none; width:65%;" value="" placeholder="' + t('core', 'Email link to person') + '" type="text" />';
+                html += '<input id="emailButton" style="display:none; float:right;" type="submit" value="' + t('core', 'Send') + '" />';
+                html += '</form>';
+            }
+            html += '<div id="expiration">';
 			html += '<input type="checkbox" name="expirationCheckbox" id="expirationCheckbox" value="1" /><label for="expirationCheckbox">'+t('core', 'Set expiration date')+'</label>';
 			html += '<input id="expirationDate" type="text" placeholder="'+t('core', 'Expiration date')+'" style="display:none; width:90%;" />';
 			html += '</div>';
@@ -158,7 +162,7 @@ OC.Share={
 			if (data.shares) {
 				$.each(data.shares, function(index, share) {
 					if (share.share_type == OC.Share.SHARE_TYPE_LINK) {
-						OC.Share.showLink(itemSource, share.share_with);
+						OC.Share.showLink(share.token, share.share_with, itemSource);
 					} else {
 						if (share.collection) {
 							OC.Share.addShareWith(share.share_type, share.share_with, share.permissions, possiblePermissions, share.collection);
@@ -302,31 +306,45 @@ OC.Share={
 			$('#expiration').show();
 		}
 	},
-	showLink:function(itemSource, password) {
+	showLink:function(token, password, itemSource) {
 		OC.Share.itemShares[OC.Share.SHARE_TYPE_LINK] = true;
 		$('#linkCheckbox').attr('checked', true);
-		var filename = $('tr').filterAttr('data-id', String(itemSource)).data('file');
-		var type = $('tr').filterAttr('data-id', String(itemSource)).data('type');
-		if ($('#dir').val() == '/') {
-			var file = $('#dir').val() + filename;
+		if (! token) {
+			//fallback to pre token link
+			var filename = $('tr').filterAttr('data-id', String(itemSource)).data('file');
+			var type = $('tr').filterAttr('data-id', String(itemSource)).data('type');
+			if ($('#dir').val() == '/') {
+				var file = $('#dir').val() + filename;
+			} else {
+				var file = $('#dir').val() + '/' + filename;
+			}
+			file = '/'+OC.currentUser+'/files'+file;
+			var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service=files&'+type+'='+encodeURIComponent(file);
 		} else {
-			var file = $('#dir').val() + '/' + filename;
+			//TODO add path param when showing a link to file in a subfolder of a public link share
+			var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service=files&t='+token;
 		}
-		file = '/'+OC.currentUser+'/files'+file;
-		var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service=files&'+type+'='+file;
 		$('#linkText').val(link);
 		$('#linkText').show('blind');
+		$('#linkText').css('display','block');
 		$('#showPassword').show();
+		$('#showPassword+label').show();
 		if (password != null) {
 			$('#linkPass').show('blind');
+			$('#showPassword').attr('checked', true);
 			$('#linkPassText').attr('placeholder', t('core', 'Password protected'));
 		}
 		$('#expiration').show();
+        $('#emailPrivateLink #email').show();
+        $('#emailPrivateLink #emailButton').show();
 	},
 	hideLink:function() {
 		$('#linkText').hide('blind');
 		$('#showPassword').hide();
+		$('#showPassword+label').hide();
 		$('#linkPass').hide();
+        $('#emailPrivateLink #email').hide();
+        $('#emailPrivateLink #emailButton').hide();
 	},
 	dirname:function(path) {
 		return path.replace(/\\/g,'/').replace(/\/[^\/]*$/, '');
@@ -339,7 +357,7 @@ OC.Share={
 		$('#expirationDate').datepicker({
 			dateFormat : 'dd-mm-yy'
 		});
-	}
+    }
 }
 
 $(document).ready(function() {
@@ -449,8 +467,8 @@ $(document).ready(function() {
 		var itemSource = $('#dropdown').data('item-source');
 		if (this.checked) {
 			// Create a link
-			OC.Share.share(itemType, itemSource, OC.Share.SHARE_TYPE_LINK, '', OC.PERMISSION_READ, function() {
-				OC.Share.showLink(itemSource);
+			OC.Share.share(itemType, itemSource, OC.Share.SHARE_TYPE_LINK, '', OC.PERMISSION_READ, function(data) {
+				OC.Share.showLink(data.token, null, itemSource);
 				OC.Share.updateIcon(itemType, itemSource);
 			});
 		} else {
@@ -473,13 +491,21 @@ $(document).ready(function() {
 
 	$('#showPassword').live('click', function() {
 		$('#linkPass').toggle('blind');
-	});
-
-	$('#linkPassText').live('keyup', function(event) {
-		if (event.keyCode == 13) {
+		if (!$('#showPassword').is(':checked') ) {
 			var itemType = $('#dropdown').data('item-type');
 			var itemSource = $('#dropdown').data('item-source');
-			OC.Share.share(itemType, itemSource, OC.Share.SHARE_TYPE_LINK, $(this).val(), OC.PERMISSION_READ, function() {
+			OC.Share.share(itemType, itemSource, OC.Share.SHARE_TYPE_LINK, '', OC.PERMISSION_READ);
+		} else {
+			$('#linkPassText').focus();
+		}
+	});
+
+	$('#linkPassText').live('focusout keyup', function(event) {
+		if ( $('#linkPassText').val() != '' && (event.type == 'focusout' || event.keyCode == 13) ) {
+			var itemType = $('#dropdown').data('item-type');
+			var itemSource = $('#dropdown').data('item-source');
+			OC.Share.share(itemType, itemSource, OC.Share.SHARE_TYPE_LINK, $('#linkPassText').val(), OC.PERMISSION_READ, function() {
+				console.log("password set to: '" + $('#linkPassText').val() +"' by event: " + event.type);
 				$('#linkPassText').val('');
 				$('#linkPassText').attr('placeholder', t('core', 'Password protected'));
 			});
@@ -511,4 +537,31 @@ $(document).ready(function() {
 		});
 	});
 
+    $('#emailPrivateLink').live('submit', function(event) {
+        event.preventDefault();
+        var link = $('#linkText').val();
+        var itemType = $('#dropdown').data('item-type');
+        var itemSource = $('#dropdown').data('item-source');
+        var file = $('tr').filterAttr('data-id', String(itemSource)).data('file');
+        var email = $('#email').val();
+        if (email != '') {
+            $('#email').attr('disabled', "disabled");
+            $('#email').val(t('core', 'Sending ...'));
+            $('#emailButton').attr('disabled', "disabled");
+
+            $.post(OC.filePath('core', 'ajax', 'share.php'), { action: 'email', toaddress: email, link: link, itemType: itemType, itemSource: itemSource, file: file},
+                function(result) {
+                    $('#email').attr('disabled', "false");
+                    $('#emailButton').attr('disabled', "false");
+                    if (result && result.status == 'success') {
+                        $('#email').css('font-weight', 'bold');
+                        $('#email').animate({ fontWeight: 'normal' }, 2000, function() {
+                            $(this).val('');
+                        }).val(t('core','Email sent'));
+                    } else {
+                        OC.dialogs.alert(result.data.message, t('core', 'Error while sharing'));
+                    }
+                });
+        }
+    });
 });

core/lostpassword/index.php

@@ -13,8 +13,8 @@ require_once '../../lib/base.php';
 // Someone lost their password:
 if (isset($_POST['user'])) {
 	if (OC_User::userExists($_POST['user'])) {
-		$token = hash("sha256", $_POST['user'].OC_Util::generate_random_bytes(10));
-		OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
+		$token = hash("sha256", OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', ''));
+		OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash("sha256", $token)); // Hash the token again to prevent timing attacks
 		$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
 		if (!empty($email)) {
 			$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php', array('user' => $_POST['user'], 'token' => $token));
@@ -22,9 +22,8 @@ if (isset($_POST['user'])) {
 			$tmpl->assign('link', $link, false);
 			$msg = $tmpl->fetchPage();
 			$l = OC_L10N::get('core');
-			$from = 'lostpassword-noreply@' . OCP\Util::getServerHost();
+			$from = OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
 			OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
-			echo('sent');
 		}
 		OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true));
 	} else {

core/lostpassword/resetpassword.php

@@ -10,7 +10,7 @@ $RUNTIME_NOAPPS = TRUE; //no apps
 require_once '../../lib/base.php';
 
 // Someone wants to reset their password:
-if(isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], 'owncloud', 'lostpassword') === $_GET['token']) {
+if(isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], 'owncloud', 'lostpassword') === hash("sha256", $_GET['token'])) {
 	if (isset($_POST['password'])) {
 		if (OC_User::setPassword($_GET['user'], $_POST['password'])) {
 			OC_Preferences::deleteKey($_GET['user'], 'owncloud', 'lostpassword');

core/lostpassword/templates/resetpassword.php

@@ -1,4 +1,4 @@
-<form action="<?php echo 'resetpassword.php?'.$_SERVER['QUERY_STRING']; ?>" method="post">
+<form action="<?php echo 'resetpassword.php?user='.htmlentities($_GET['user']).'&token='.htmlentities($_GET['token']); ?>" method="post">
 	<fieldset>
 		<?php if($_['success']): ?>
 			<h1><?php echo $l->t('Your password was reset'); ?></h1>

core/templates/exception.php

@@ -5,7 +5,7 @@
 		<p class="exception">
 		<?php
 		if($_['showsysinfo'] == true) {
-			echo 'If you would like to support ownCloud\'s developers and report this error in our <a href="http://bugs.owncloud.org">Bugtracker</a>, please copy the following informations into the description. <br><br><textarea readonly>';
+			echo 'If you would like to support ownCloud\'s developers and report this error in our <a href="https://github.com/owncloud/core">bug tracker</a>, please copy the following informations into the description. <br><br><textarea readonly>';
 			echo 'Message: '  . $_['message'] . "\n";
 			echo 'Error Code: '  . $_['code'] . "\n";
 			echo 'File: '  . $_['file'] . "\n";

core/templates/installation.php

@@ -3,7 +3,6 @@
 <input type='hidden' id='hasPostgreSQL' value='<?php echo $_['hasPostgreSQL'] ?>'></input>
 <input type='hidden' id='hasOracle' value='<?php echo $_['hasOracle'] ?>'></input>
 <form action="index.php" method="post">
-
 <input type="hidden" name="install" value="true" />
 	<?php if(count($_['errors']) > 0): ?>
 	<ul class="errors">
@@ -19,7 +18,20 @@
 		<?php endforeach; ?>
 	</ul>
 	<?php endif; ?>
-
+	<?php if(!$_['secureRNG']): ?>
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7; border-style:solid; border-radius: 5px; border-width:1px; padding:0.5em;">
+		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+		<span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span>		
+		<br/>
+		<span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>		
+	</fieldset>
+	<?php endif; ?>
+	<?php if(!$_['htaccessWorking']): ?>
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7; border-style:solid; border-radius: 5px; border-width:1px; padding:0.5em;">
+		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+		<span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span>		
+	</fieldset>
+	<?php endif; ?>
 	<fieldset>
 		<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
 		<p class="infield">
@@ -99,7 +111,7 @@
 			</p>
 			<p class="infield">
 				<label for="dbname" class="infield"><?php echo $l->t( 'Database name' ); ?></label>
-				<input type="text" name="dbname" id="dbname" value="<?php print OC_Helper::init_var('dbname'); ?>" autocomplete="off" />
+				<input type="text" name="dbname" id="dbname" value="<?php print OC_Helper::init_var('dbname'); ?>" autocomplete="off" pattern="[0-9a-zA-Z$_-]+" />
 			</p>
 		</div>
 		<?php endif; ?>

db_structure.xml

@@ -581,6 +581,21 @@
 				<notnull>false</notnull>
 			</field>
 
+			<field>
+				<name>token</name>
+				<type>text</type>
+				<default></default>
+				<notnull>false</notnull>
+				<length>32</length>
+			</field>
+
+			<index>
+				<name>token_index</name>
+				<field>
+					<name>token</name>
+					<sorting>ascending</sorting>
+				</field>
+			</index>
 		</declaration>
 
 	</table>