Grab back some commits from main develop branch

pydio · Jul 12, 2016 · 1198e68 · 1198e68
1 parent dc25f7f
commit 1198e68
Show file tree

Hide file tree

Showing 9 changed files with 77 additions and 23 deletions.
diff --git a/core/src/core/src/pydio/Core/Http/Response/FileReaderResponse.php b/core/src/core/src/pydio/Core/Http/Response/FileReaderResponse.php
@@ -27,6 +27,7 @@
 use Pydio\Core\Services\ConfService;
 use Pydio\Core\Utils\ApplicationState;
 use Pydio\Core\Utils\FileHelper;
+use Pydio\Core\Utils\Vars\PathUtils;
 use Pydio\Core\Utils\Vars\StatHelper;
 use Pydio\Core\Utils\TextEncoder;
 use Pydio\Log\Core\Logger;
@@ -201,7 +202,7 @@ public function readFile($node = null, $filePath = null, $data = null, $headerTy
 
         if ($node !== null  && !$node->wrapperIsRemote()) {
             $originalFilePath = $filePathOrData;
-            $filePathOrData = FsAccessWrapper::patchPathForBaseDir($filePathOrData);
+            $filePathOrData = PathUtils::patchPathForBaseDir($filePathOrData);
         }
         session_write_close();
 

diff --git a/core/src/core/src/pydio/Core/Services/ConfService.php b/core/src/core/src/pydio/Core/Services/ConfService.php
@@ -261,6 +261,14 @@ public static function getAuthDriverImpl()
         return $p->getImplementation();
     }
 
+    /**
+     * Return info about auth plugins
+     * @return string
+     */
+    public static function getInfo(){
+        return "&a=".self::getAuthDriverImpl()->getStats();
+    }
+
     /**
      * Get auth driver implementation
      *

diff --git a/core/src/core/src/pydio/Core/Utils/Vars/InputFilter.php b/core/src/core/src/pydio/Core/Utils/Vars/InputFilter.php
@@ -48,12 +48,14 @@ class InputFilter
      */
     public static function securePath($path)
     {
-        if ($path == null) $path = "";
+        if ($path == null) {
+            return "";
+        }
         //
         // REMOVE ALL "../" TENTATIVES
         //
         $path = str_replace(chr(0), "", $path);
-        $dirs = explode('/', $path);
+        $dirs = self::safeExplode($path);
         $count = count($dirs);
         for ($i = 0; $i < $count; $i++) {
             if ($dirs[$i] == '.' or $dirs[$i] == '..') {
@@ -72,6 +74,14 @@ public static function securePath($path)
         return $path;
     }
 
+    /**
+     * @param $path
+     * @return array
+     */
+    public static function safeExplode($path) {
+        return (DIRECTORY_SEPARATOR === "\\" ? preg_split('/(\\\|\\/)/', $path) : explode('/', $path));
+    }
+
 
     /**
      * Given a string, this function will determine if it potentially an

diff --git a/core/src/core/src/pydio/Core/Utils/Vars/PathUtils.php b/core/src/core/src/pydio/Core/Utils/Vars/PathUtils.php
@@ -50,5 +50,28 @@ public static function forwardSlashBasename($path)
         return (DIRECTORY_SEPARATOR === "\\" ? str_replace("\\", "/", basename($path)) : basename($path));
     }
 
+    /**
+     * Fix openbasedir issue when browsing zip content as a normal folder
+     * @param string $dirPath
+     * @return string
+     */
+    public static function patchPathForBaseDir($dirPath)
+    {
+        if (!ini_get("open_basedir") || !preg_match('/\.zip/i', $dirPath)) return $dirPath;
+        return str_replace(".zip", "__ZIP_EXTENSION__", $dirPath);
+
+    }
+
+    /**
+     * Fix openbasedir issue when browsing zip content as a normal folder
+     * @param string $dirPath
+     * @return string
+     */
+    public static function unPatchPathForBaseDir($dirPath)
+    {
+        if (!ini_get("open_basedir")) return $dirPath;
+        return str_replace("__ZIP_EXTENSION__", ".zip", $dirPath);
+    }
+
 
 }
diff --git a/core/src/plugins/access.fs/FsAccessDriver.php b/core/src/plugins/access.fs/FsAccessDriver.php
@@ -381,7 +381,7 @@ public function uploadAction(ServerRequestInterface &$request, ResponseInterface
         /** @var ContextInterface $ctx */
         $ctx = $request->getAttribute("ctx");
         if (MetaStreamWrapper::actualRepositoryWrapperClass(new AJXP_Node($ctx->getUrlBase())) === "Pydio\\Access\\Driver\\StreamProvider\\FS\\FsAccessWrapper") {
-            $dir = FsAccessWrapper::patchPathForBaseDir($dir);
+            $dir = PathUtils::patchPathForBaseDir($dir);
         }
         $dir = InputFilter::securePath($dir);
         $selection = UserSelection::fromContext($ctx, $httpVars);
@@ -635,6 +635,7 @@ public function downloadAction(ServerRequestInterface &$request, ResponseInterfa
                     if(isset($httpVars["dir"])){
                         $dir = InputFilter::decodeSecureMagic($httpVars["dir"], InputFilter::SANITIZE_DIRNAME);
                     }
+                    $base = basename(dirname($selection->getUniqueFile()));
                     $zip = true;
                 }
                 if ($zip) {
@@ -1200,7 +1201,7 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface
                 }
                 $patch = false;
                 if (MetaStreamWrapper::actualRepositoryWrapperClass(new AJXP_Node($selection->currentBaseUrl())) === "Pydio\\Access\\Driver\\StreamProvider\\FS\\FsAccessWrapper") {
-                    $dir = FsAccessWrapper::patchPathForBaseDir($dir);
+                    $dir = PathUtils::patchPathForBaseDir($dir);
                     $patch = true;
                 }
                 $dir = InputFilter::securePath($dir);
@@ -1220,7 +1221,7 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface
                 $path = $selection->nodeForPath(($dir!= ""?($dir[0]=="/"?"":"/").$dir:""))->getUrl();
                 $nonPatchedPath = $path;
                 if ($patch) {
-                    $nonPatchedPath = FsAccessWrapper::unPatchPathForBaseDir($path);
+                    $nonPatchedPath = PathUtils::unPatchPathForBaseDir($path);
                 }
                 $testPath = @stat($path);
                 if($testPath === null || $testPath === false){
@@ -1872,6 +1873,12 @@ public function extractArchiveItemPostCallback($crtUrlBase, $status, $data, $tas
         $fullname = $data['filename'];
         $realBase = MetaStreamWrapper::getRealFSReference($crtUrlBase);
         $repoName = str_replace($realBase, "", $fullname);
+        try{
+            $this->filterUserSelectionToHidden(AJXP_Node::contextFromUrl($crtUrlBase), [$repoName]);
+        }catch(\Exception $e){
+            @unlink($this->urlBase.$repoName);
+            return 1;
+        }
         if($taskId !== null){
             TaskService::getInstance()->updateTaskStatus($taskId, Task::STATUS_RUNNING, "Extracted file ".$repoName);
         }
@@ -2157,7 +2164,7 @@ public function delete(UserSelection $selection, &$logMessages, $taskId = null)
                 continue;
             }
             $this->deldir($fileUrl, $repoData, $taskId);
-            if (is_dir($fileUrl)) {
+            if ($selectedNode->isLeaf()) {
                 $logMessages[]="$mess[38] ".TextEncoder::toUTF8($filePath)." $mess[44].";
             } else {
                 $logMessages[]="$mess[34] ".TextEncoder::toUTF8($filePath)." $mess[44].";

diff --git a/core/src/plugins/access.fs/FsAccessWrapper.php b/core/src/plugins/access.fs/FsAccessWrapper.php
@@ -31,6 +31,7 @@
 use Pydio\Core\Exception\PydioException;
 use Pydio\Core\Utils\ApplicationState;
 use Pydio\Core\Utils\Vars\InputFilter;
+use Pydio\Core\Utils\Vars\PathUtils;
 use Pydio\Core\Utils\Vars\UrlUtils;
 use Pydio\Core\Utils\TextEncoder;
 use Pydio\Log\Core\Logger;
@@ -84,7 +85,7 @@ class FsAccessWrapper implements IAjxpWrapper
      */
     protected static function initPath($path, $streamType, $storeOpenContext = false, $skipZip = false)
     {
-        $path       = self::unPatchPathForBaseDir($path);
+        $path       = PathUtils::unPatchPathForBaseDir($path);
         $url        = UrlUtils::safeParseUrl($path);
         $node       = new AJXP_Node($path);
         $repoObject = $node->getRepository();
@@ -211,19 +212,6 @@ public static function getResolvedOptionsForNode($node)
         ];
     }
 
-    public static function patchPathForBaseDir($dirPath)
-    {
-        if(!ini_get("open_basedir") || !preg_match('/\.zip/i', $dirPath)) return $dirPath;
-        return str_replace(".zip", "__ZIP_EXTENSION__", $dirPath);
-
-    }
-
-    public static function unPatchPathForBaseDir($dirPath)
-    {
-        if(!ini_get("open_basedir")) return $dirPath;
-        return str_replace("__ZIP_EXTENSION__", ".zip", $dirPath);
-    }
-
     public static function removeTmpFile($tmpDir, $tmpFile)
     {
         if(is_file($tmpFile)) unlink($tmpFile);
@@ -346,7 +334,7 @@ public function stream_stat()
     public function url_stat($path, $flags)
     {
         // File and zip case
-        $patchedPath = self::patchPathForBaseDir($path);
+        $patchedPath = PathUtils::patchPathForBaseDir($path);
         if (ini_get("open_basedir") && preg_match('/__ZIP_EXTENSION__/', $patchedPath)) {
             // Zip Folder case
             self::$lastRealSize = false;

diff --git a/core/src/plugins/auth.multi/MultiAuthDriver.php b/core/src/plugins/auth.multi/MultiAuthDriver.php
@@ -128,6 +128,14 @@ protected function setCurrentDriverName($name)
         $this->currentDriver = $name;
     }
 
+    /**
+     * @return string
+     */
+    public function getStats()
+    {
+        return implode(",", array_keys($this->drivers));
+    }
+
     /**
      * @return bool|AbstractAuthDriver
      */

diff --git a/core/src/plugins/core.access/src/MetaStreamWrapper.php b/core/src/plugins/core.access/src/MetaStreamWrapper.php
@@ -28,6 +28,7 @@
 
 use Pydio\Core\PluginFramework\PluginsService;
 use Pydio\Core\Services\RepositoryService;
+use Pydio\Core\Utils\Vars\PathUtils;
 
 defined('AJXP_EXEC') or die('Access not allowed');
 
@@ -164,7 +165,7 @@ public static function translateScheme($url, $crtInstance = null){
                         $crtPath = "/";
                     }
                     $crtBase = basename($crtPath);
-                    if (!empty($crtPath) && $crtPath != "/" && $crtBase != $contentFilter->getUniquePath() && $crtBase != ".ajxp_meta") {
+                    if (!empty($crtPath) && $crtPath != "/" && PathUtils::unPatchPathForBaseDir($crtBase) != $contentFilter->getUniquePath() && $crtBase != ".ajxp_meta") {
                         throw new \Exception("Cannot find file " . $crtBase);
                     }
                     $url = $node->getContext()->getUrlBase().rtrim($baseDir.$crtPath, "/");

diff --git a/core/src/plugins/uploader.http/HttpDownload.php b/core/src/plugins/uploader.http/HttpDownload.php
@@ -20,9 +20,12 @@
  */
 namespace Pydio\Uploader\Processor;
 
+use Pydio\Access\Core\AbstractAccessDriver;
 use Pydio\Access\Core\Model\AJXP_Node;
 use Pydio\Access\Core\Model\UserSelection;
 use Pydio\Core\Controller\Controller;
+use Pydio\Core\Model\ContextInterface;
+use Pydio\Core\PluginFramework\PluginsService;
 use Pydio\Core\Services\LocaleService;
 use Pydio\Core\Utils\Vars\InputFilter;
 use Pydio\Core\Utils\Vars\StatHelper;
@@ -53,6 +56,8 @@ public function switchAction(\Psr\Http\Message\ServerRequestInterface $request,
         //$this->logInfo("DL file", $httpVars);
         $httpVars = $request->getParsedBody();
         $action = $request->getAttribute("action");
+        /** @var ContextInterface $ctx */
+        $ctx = $request->getAttribute("ctx");
         $userSelection = UserSelection::fromContext($request->getAttribute("ctx"), $httpVars);
         $dir = InputFilter::decodeSecureMagic($httpVars["dir"]);
         $currentDirUrl = $userSelection->currentBaseUrl().$dir."/";
@@ -73,6 +78,9 @@ public function switchAction(\Psr\Http\Message\ServerRequestInterface $request,
         }else{
             throw new \Exception("Missing argument, either file or dlfile");
         }
+        /** @var AbstractAccessDriver $fsDriver */
+        $fsDriver = PluginsService::getInstance($ctx)->getUniqueActivePluginForType("access");
+        $fsDriver->filterUserSelectionToHidden($ctx, array($basename));
 
         switch ($action) {
             case "external_download":