4.0.7

and remove some ^M while at it

3rdparty/Sabre/CardDAV/Plugin.php

@@ -153,6 +153,9 @@ class Sabre_CardDAV_Plugin extends Sabre_DAV_ServerPlugin {
 
                 // Taking out \r to not screw up the xml output
                 $returnedProperties[200][$addressDataProp] = str_replace("\r","", $val);
+                // The stripping of \r breaks the Mail App in OSX Mountain Lion
+                // this is fixed in master, but not backported. /Tanghus
+                $returnedProperties[200][$addressDataProp] = $val;
 
             }
         }

apps/calendar/appinfo/remote.php

@@ -21,10 +21,17 @@ $principalBackend = new OC_Connector_Sabre_Principal();
 $caldavBackend    = new OC_Connector_Sabre_CalDAV();
 
 // Root nodes
-$nodes = array(
-	new Sabre_CalDAV_Principal_Collection($principalBackend),
-	new Sabre_CalDAV_CalendarRootNode($principalBackend, $caldavBackend),
-);
+$Sabre_CalDAV_Principal_Collection = new Sabre_CalDAV_Principal_Collection($principalBackend); 
+$Sabre_CalDAV_Principal_Collection->disableListing = true; // Disable listening
+
+$Sabre_CalDAV_CalendarRootNode = new Sabre_CalDAV_CalendarRootNode($principalBackend, $caldavBackend); 
+$Sabre_CalDAV_CalendarRootNode->disableListing = true; // Disable listening
+
+$nodes = array( 
+	$Sabre_CalDAV_Principal_Collection, 
+	$Sabre_CalDAV_CalendarRootNode,
+	);
+
 
 // Fire up server
 $server = new Sabre_DAV_Server($nodes);

apps/calendar/lib/app.php

@@ -383,8 +383,8 @@ class OC_Calendar_App{
 		$lastmodified = ($last_modified)?$last_modified->getDateTime()->format('U'):0;
 		
 		$output = array('id'=>(int)$event['id'],
-						'title' => htmlspecialchars(($event['summary']!=NULL || $event['summary'] != '')?$event['summary']: self::$l10n->t('unnamed')),
-						'description' => isset($vevent->DESCRIPTION)?htmlspecialchars($vevent->DESCRIPTION->value):'',
+						'title' => ($event['summary']!=NULL || $event['summary'] != '')?$event['summary']: self::$l10n->t('unnamed'),
+						'description' => isset($vevent->DESCRIPTION)?$vevent->DESCRIPTION->value:'',
 						'lastmodified'=>$lastmodified);
 		
 		$dtstart = $vevent->DTSTART;

apps/contacts/appinfo/remote.php

@@ -36,10 +36,16 @@ $principalBackend = new OC_Connector_Sabre_Principal();
 $carddavBackend   = new OC_Connector_Sabre_CardDAV();
 
 // Root nodes
-$nodes = array(
-	new Sabre_CalDAV_Principal_Collection($principalBackend),
-	new Sabre_CardDAV_AddressBookRoot($principalBackend, $carddavBackend),
-);
+$Sabre_CalDAV_Principal_Collection = new Sabre_CalDAV_Principal_Collection($principalBackend); 
+$Sabre_CalDAV_Principal_Collection->disableListing = true; // Disable listening
+
+$Sabre_CardDAV_AddressBookRoot = new Sabre_CardDAV_AddressBookRoot($principalBackend, $carddavBackend);
+$Sabre_CardDAV_AddressBookRoot->disableListing = true; // Disable listening
+
+$nodes = array( 
+	$Sabre_CalDAV_Principal_Collection, 
+	$Sabre_CardDAV_AddressBookRoot,
+	);
 
 // Fire up server
 $server = new Sabre_DAV_Server($nodes);

apps/contacts/lib/addressbook.php

@@ -219,6 +219,7 @@ class OC_Contacts_Addressbook{
 			OCP\Util::writeLog('contacts','OC_Contacts_Addressbook:active:, exception: '.$e->getMessage(),OCP\Util::DEBUG);
 			OCP\Util::writeLog('contacts','OC_Contacts_Addressbook:active, ids: '.join(',', $active),OCP\Util::DEBUG);
 			OCP\Util::writeLog('contacts','OC_Contacts_Addressbook::active, SQL:'.$prep,OCP\Util::DEBUG);
+			return array();
 		}
 
 		return $addressbooks;

apps/files_sharing/sharedstorage.php

@@ -416,6 +416,25 @@ class OC_Filestorage_Shared extends OC_Filestorage {
 	public function fopen($path, $mode) {
 		$source = $this->getSource($path);
 		if ($source) {
+			switch ($mode) {
+				case 'r+':
+				case 'rb+':
+				case 'w+':
+				case 'wb+':
+				case 'x+':
+				case 'xb+':
+				case 'a+':
+				case 'ab+':
+				case 'w':
+				case 'wb':
+				case 'x':
+				case 'xb':
+				case 'a':
+				case 'ab':
+					if (!$this->is_writable($path)) {
+						return false;
+					}
+			}
 			$storage = OC_Filesystem::getStorage($source);
 			return $storage->fopen($this->getInternalPath($source), $mode);
 		}

apps/files_versions/templates/settings.php

@@ -1,4 +1,4 @@
-<form id="versions">
+<form id="versionssettings">
         <fieldset class="personalblock">
 	        <input type="checkbox" name="versions" id="versions" value="1" <?php if (OCP\Config::getSystemValue('versions', 'true')=='true') echo ' checked="checked"'; ?> /> <label for="versions"><?php echo $l->t('Enable Files Versioning'); ?></label> <br/>
         </fieldset>

apps/gallery/sharing.php

@@ -37,7 +37,7 @@ OCP\App::checkAppEnabled('gallery');
     <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js" type="text/javascript"></script>
     <script src="js/sharing.js" type="text/javascript"></script>
     <script>
-      var TOKEN = '<?php echo $_GET['token']; ?>';
+      var TOKEN = '<?php echo htmlentities($_GET['token']); ?>';
     </script>
   </head>
   <body>

apps/user_ldap/lib_ldap.php

@@ -666,9 +666,9 @@ class OC_LDAP {
 			self::$ldapPort              = OCP\Config::getAppValue('user_ldap', 'ldap_port', 389);
 			self::$ldapAgentName         = OCP\Config::getAppValue('user_ldap', 'ldap_dn','');
 			self::$ldapAgentPassword     = base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password',''));
-			self::$ldapBase              = OCP\Config::getAppValue('user_ldap', 'ldap_base', '');
-			self::$ldapBaseUsers         = OCP\Config::getAppValue('user_ldap', 'ldap_base_users',self::$ldapBase);
-			self::$ldapBaseGroups        = OCP\Config::getAppValue('user_ldap', 'ldap_base_groups', self::$ldapBase);
+			self::$ldapBase              = self::sanitizeDN(OCP\Config::getAppValue('user_ldap', 'ldap_base', ''));
+			self::$ldapBaseUsers         = self::sanitizeDN(OCP\Config::getAppValue('user_ldap', 'ldap_base_users',self::$ldapBase));
+			self::$ldapBaseGroups        = self::sanitizeDN(OCP\Config::getAppValue('user_ldap', 'ldap_base_groups', self::$ldapBase));
 			self::$ldapTLS               = OCP\Config::getAppValue('user_ldap', 'ldap_tls',0);
 			self::$ldapNoCase            = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0);
 			self::$ldapUserDisplayName   = strtolower(OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'));

apps/user_webfinger/host-meta.php

@@ -1,4 +1,8 @@
 <?php
+if (!OCP\App::isEnabled("user_webfinger")) {
+	return;
+}
+
 $hostMetaHeader = array(
 	'Access-Control-Allow-Origin' => '*',
 	'Content-Type' => 'application/xrd+json'

apps/user_webfinger/webfinger.php

@@ -1,4 +1,8 @@
 <?php
+if (!OCP\App::isEnabled("user_webfinger")) {
+	return;
+}
+
 header("Access-Control-Allow-Origin: *");
 header("Content-Type: application/xrd+json");
 
@@ -15,7 +19,7 @@ header("Content-Type: application/xrd+json");
  * 	href="<?php echo WF_BASEURL; ?>/apps/myApp/profile.php?user=<?php echo WF_USER; ?>">
  * </Link>
  *
- '* but can also use complex database queries to generate the webfinger result
+ * but can also use complex database queries to generate the webfinger result
  **/
 // calculate the documentroot
 // modified version of the one in lib/base.php that takes the .well-known symlink into account

core/ajax/appconfig.php

@@ -7,6 +7,7 @@
 
 require_once ("../../lib/base.php");
 OC_Util::checkAdminUser();
+OCP\JSON::callCheck();
 
 $action=isset($_POST['action'])?$_POST['action']:$_GET['action'];
 $result=false;

core/js/js.js

@@ -402,11 +402,7 @@ $(document).ready(function(){
 	//use infield labels
 	$("label.infield").inFieldLabels();
 
-	// hide log in button etc. when form fields not filled
-	$('#submit').hide();
-	$('#remember_login').hide();
-	$('#remember_login+label').hide();
-	$('input#user, input#password').keyup(function() {
+	checkShowCredentials = function() {
 		var empty = false;
 		$('input#user, input#password').each(function() {
 			if ($(this).val() == '') {
@@ -422,7 +418,10 @@ $(document).ready(function(){
 			$('#remember_login').show();
 			$('#remember_login+label').fadeIn();
 		}
-	});
+	}
+	// hide log in button etc. when form fields not filled
+	checkShowCredentials();
+	$('input#user, input#password').keyup(checkShowCredentials);
 
 	$('#settings #expand').keydown(function(event) {
 		if (event.which == 13 || event.which == 32) {

index.php

@@ -77,7 +77,7 @@ elseif(OC_User::isLoggedIn()) {
 		}
 		// confirm credentials in cookie
 		if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
-		OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
+		OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) {
 			OC_User::setUserId($_COOKIE['oc_username']);
 			OC_Util::redirectToDefaultPage();
 		}

lib/base.php

@@ -434,6 +434,7 @@ class OC{
 		
 		// Check for blacklisted files
 		OC_Hook::connect('OC_Filesystem','write','OC_Filesystem','isBlacklisted');
+		OC_Hook::connect('OC_Filesystem', 'rename', 'OC_Filesystem', 'isBlacklisted');
 
 		//make sure temporary files are cleaned up
 		register_shutdown_function(array('OC_Helper','cleanTmp'));

lib/connector/sabre/locks.php

@@ -41,8 +41,10 @@ class OC_Connector_Sabre_Locks extends Sabre_DAV_Locks_Backend_Abstract {
 		// NOTE: the following 10 lines or so could be easily replaced by
 		// pure sql. MySQL's non-standard string concatination prevents us
 		// from doing this though.
-		$query = 'SELECT * FROM *PREFIX*locks WHERE userid = ? AND (created + timeout) > ? AND ((uri = ?)';
-		$params = array(OC_User::getUser(),time(),$uri);
+		// Fix: sqlite does not insert time() as a number but as text, making
+		// the equation returning false all the time
+		$query = 'SELECT * FROM *PREFIX*locks WHERE userid = ? AND (created + timeout) > '.time().' AND ((uri = ?)';
+		$params = array(OC_User::getUser(),$uri);
 
 		// We need to check locks for every part in the uri.
 		$uriParts = explode('/',$uri);

lib/filecache.php

@@ -84,19 +84,28 @@ class OC_FileCache{
 		if($root=='/'){
 			$root='';
 		}
-		$path=$root.$path;
-		$parent=self::getParentId($path);
-		$id=self::getFileId($path);
-		if(isset(OC_FileCache::$savedData[$path])){
-			$data=array_merge(OC_FileCache::$savedData[$path],$data);
-			unset(OC_FileCache::$savedData[$path]);
+		$fullpath=$root.$path;
+		$parent=self::getParentId($fullpath);
+		$id=self::getFileId($fullpath);
+		if(isset(OC_FileCache::$savedData[$fullpath])){
+			$data=array_merge(OC_FileCache::$savedData[$fullpath],$data);
+			unset(OC_FileCache::$savedData[$fullpath]);
 		}
+		
+		// add parent directory to the file cache if it does not exist yet.
+		if ($parent == -1 && $fullpath != $root) {
+			$parentDir = substr(dirname($path), 0, strrpos(dirname($path), DIRECTORY_SEPARATOR));
+			self::scanFile($parentDir);
+			$parent = self::getParentId($fullpath);
+		}
+		
 		if($id!=-1){
 			self::update($id,$data);
 			return;
 		}
+		
 		if(!isset($data['size']) or !isset($data['mtime'])){//save incomplete data for the next time we write it
-			self::$savedData[$path]=$data;
+			self::$savedData[$fullpath]=$data;
 			return;
 		}
 		if(!isset($data['encrypted'])){
@@ -113,9 +122,9 @@ class OC_FileCache{
 		$data['versioned']=(int)$data['versioned'];
 		$user=OC_User::getUser();
 		$query=OC_DB::prepare('INSERT INTO *PREFIX*fscache(parent, name, path, path_hash, size, mtime, ctime, mimetype, mimepart,`user`,writable,encrypted,versioned) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?)');
-		$result=$query->execute(array($parent,basename($path),$path,md5($path),$data['size'],$data['mtime'],$data['ctime'],$data['mimetype'],$mimePart,$user,$data['writable'],$data['encrypted'],$data['versioned']));
+		$result=$query->execute(array($parent,basename($fullpath),$fullpath,md5($fullpath),$data['size'],$data['mtime'],$data['ctime'],$data['mimetype'],$mimePart,$user,$data['writable'],$data['encrypted'],$data['versioned']));
 		if(OC_DB::isError($result)){
-			OC_Log::write('files','error while writing file('.$path.') to cache',OC_Log::ERROR);
+			OC_Log::write('files','error while writing file('.$fullpath.') to cache',OC_Log::ERROR);
 		}
 	}
 

lib/filesystem.php

@@ -372,13 +372,21 @@ class OC_Filesystem{
 	
 	/**
 	 * checks if a file is blacklsited for storage in the filesystem
+	 * Listens to write and rename hooks
 	 * @param array $data from hook
 	 */
 	static public function isBlacklisted($data){
 		$blacklist = array('.htaccess');
-		$filename = strtolower(basename($data['path']));
-		if(in_array($filename,$blacklist)){
-			$data['run'] = false;	
+		if (isset($data['path'])) {
+			$path = $data['path'];
+		} else if (isset($data['newpath'])) {
+			$path = $data['newpath'];
+		}
+		if (isset($path)) {
+			$filename = strtolower(basename($path));
+			if (in_array($filename, $blacklist)) {
+				$data['run'] = false;
+			}
 		}
 	}
 	

lib/migrate.php

@@ -322,7 +322,7 @@ class OC_Migrate{
 			$objects = scandir( $path );
 			if( sizeof( $objects ) > 0 ){
 				foreach( $objects as $file ){
-					if( $file == "." || $file == ".." )
+					if( $file == "." || $file == ".." || $file == ".htaccess")
 					continue;
 					// go on
 					if( is_dir( $path . '/' . $file ) ){

lib/util.php

@@ -83,7 +83,7 @@ class OC_Util {
 	 * @return array
 	 */
 	public static function getVersion(){
-		return array(4,00,6);
+		return array(4,00,7);
 	}
 
 	/**
@@ -91,7 +91,7 @@ class OC_Util {
 	 * @return string
 	 */
 	public static function getVersionString(){
-		return '4.0.6';
+		return '4.0.7';
 	}
 
         /**
@@ -408,18 +408,18 @@ class OC_Util {
 		}
 	}
 	
-	/**
-	 * @brief Public function to sanitize HTML
-	 *
-	 * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
-	 *
-	 * @param string or array of strings
-	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
-	 */
-	public static function sanitizeHTML( &$value ){
-		if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
-		else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
-		return $value;
+	/**
+	 * @brief Public function to sanitize HTML
+	 *
+	 * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
+	 *
+	 * @param string or array of strings
+	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+	 */
+	public static function sanitizeHTML( &$value ){
+		if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
+		else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
+		return $value;
 	}