-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
anonymous upload feature #2780
anonymous upload feature #2780
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
<?php | ||
|
||
// Init owncloud | ||
|
||
|
||
// Temporary login as user for anonymous uploading | ||
if(isset($_POST['public_uploading'])) { | ||
$_SESSION['user_id'] = $_POST['uidOwner']; | ||
} | ||
|
||
// Firefox and Konqueror tries to download application/json for me. --Arthur | ||
OCP\JSON::setContentTypeHeader('text/plain'); | ||
|
||
OCP\JSON::checkLoggedIn(); | ||
OCP\JSON::callCheck(); | ||
$l = OC_L10N::get('files'); | ||
|
||
|
||
$dir = $_POST['dir']; | ||
// get array with current storage stats (e.g. max file size) | ||
$storageStats = \OCA\files\lib\Helper::buildFileStorageStatistics($dir); | ||
|
||
if (!isset($_FILES['files'])) { | ||
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('No file was uploaded. Unknown error')), $storageStats))); | ||
if(isset($_POST['public_uploading'])) { | ||
$_SESSION['user_id'] = ''; | ||
} | ||
exit(); | ||
} | ||
|
||
foreach ($_FILES['files']['error'] as $error) { | ||
if ($error != 0) { | ||
$errors = array( | ||
UPLOAD_ERR_OK => $l->t('There is no error, the file uploaded with success'), | ||
UPLOAD_ERR_INI_SIZE => $l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini: ') | ||
. ini_get('upload_max_filesize'), | ||
UPLOAD_ERR_FORM_SIZE => $l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'), | ||
UPLOAD_ERR_PARTIAL => $l->t('The uploaded file was only partially uploaded'), | ||
UPLOAD_ERR_NO_FILE => $l->t('No file was uploaded'), | ||
UPLOAD_ERR_NO_TMP_DIR => $l->t('Missing a temporary folder'), | ||
UPLOAD_ERR_CANT_WRITE => $l->t('Failed to write to disk'), | ||
); | ||
OCP\JSON::error(array('data' => array_merge(array('message' => $errors[$error]), $storageStats))); | ||
if(isset($_POST['public_uploading'])) { | ||
$_SESSION['user_id'] = ''; | ||
} | ||
exit(); | ||
} | ||
} | ||
$files = $_FILES['files']; | ||
|
||
$error = ''; | ||
|
||
$maxUploadFilesize = OCP\Util::maxUploadFilesize($dir); | ||
$maxHumanFilesize = OCP\Util::humanFileSize($maxUploadFilesize); | ||
|
||
$totalSize = 0; | ||
foreach ($files['size'] as $size) { | ||
$totalSize += $size; | ||
} | ||
if ($totalSize > $maxUploadFilesize) { | ||
OCP\JSON::error(array('data' => array('message' => $l->t('Not enough storage available'), | ||
'uploadMaxFilesize' => $maxUploadFilesize, | ||
'maxHumanFilesize' => $maxHumanFilesize))); | ||
if(isset($_POST['public_uploading'])) { | ||
$_SESSION['user_id'] = ''; | ||
} | ||
exit(); | ||
} | ||
|
||
$result = array(); | ||
if (strpos($dir, '..') === false) { | ||
$fileCount = count($files['name']); | ||
for ($i = 0; $i < $fileCount; $i++) { | ||
$target = OCP\Files::buildNotExistingFileName(stripslashes($dir), $files['name'][$i]); | ||
// $path needs to be normalized - this failed within drag'n'drop upload to a sub-folder | ||
$target = \OC\Files\Filesystem::normalizePath($target); //$tmp=$files['size'][0]; `echo $tmp > /tmp/bla`; | ||
if (is_uploaded_file($files['tmp_name'][$i]) and \OC\Files\Filesystem::fromTmpFile($files['tmp_name'][$i], $target)) { | ||
$meta = \OC\Files\Filesystem::getFileInfo($target); | ||
// updated max file size after upload | ||
$storageStats = \OCA\files\lib\Helper::buildFileStorageStatistics($dir); | ||
|
||
$result[] = array('status' => 'success', | ||
'mime' => $meta['mimetype'], | ||
'size' => $meta['size'], | ||
'id' => $meta['fileid'], | ||
'name' => basename($target), | ||
'uploadMaxFilesize' => $maxUploadFilesize, | ||
'maxHumanFilesize' => $maxHumanFilesize | ||
); | ||
} | ||
} | ||
OCP\JSON::encodedPrint($result); | ||
if(isset($_POST['public_uploading'])) { | ||
$_SESSION['user_id'] = ''; | ||
} | ||
exit(); | ||
} else { | ||
$error = $l->t('Invalid directory.'); | ||
} | ||
|
||
OCP\JSON::error(array('data' => array_merge(array('message' => $error), $storageStats))); | ||
if(isset($_POST['public_uploading'])) { | ||
$_SESSION['user_id'] = ''; | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -143,7 +143,7 @@ | |
"remember_login_cookie_lifetime" => 60*60*24*15, | ||
|
||
/* Custom CSP policy, changing this will overwrite the standard policy */ | ||
"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:", | ||
"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 👎 |
||
|
||
/* The directory where the user data is stored, default to data in the owncloud | ||
* directory. The sqlite database is also stored here, when sqlite is used. | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -168,6 +168,8 @@ OC.Share={ | |
html += '<div id="linkPass">'; | ||
html += '<input id="linkPassText" type="password" placeholder="'+t('core', 'Password')+'" />'; | ||
html += '</div>'; | ||
html += '<br />'; | ||
html += '<input type="checkbox" name="allowUpload" id="allowUpload" value="1" style="display:none;" /><label for="allowUpload" style="display:none;">'+t('core', 'Allow Upload')+'</label>'; | ||
html += '</div>'; | ||
html += '<form id="emailPrivateLink" >'; | ||
html += '<input id="email" style="display:none; width:62%;" value="" placeholder="'+t('core', 'Email link to person')+'" type="text" />'; | ||
|
@@ -197,6 +199,13 @@ OC.Share={ | |
} | ||
}); | ||
} | ||
$.ajax({type: 'GET', url: OC.filePath('core', 'ajax', 'share.php'), data: { fetch: 'getUpload', itemType: itemType, itemSource: itemSource }, success: function(result) { | ||
if (result && result.status === 'success') { | ||
if(result.data == "1" || result.data == "true" ) { | ||
$('#allowUpload').attr('checked', true); | ||
} | ||
} | ||
}}); | ||
$('#shareWith').autocomplete({minLength: 1, source: function(search, response) { | ||
// if (cache[search.term]) { | ||
// response(cache[search.term]); | ||
|
@@ -341,6 +350,7 @@ OC.Share={ | |
}, | ||
showLink:function(token, password, itemSource) { | ||
OC.Share.itemShares[OC.Share.SHARE_TYPE_LINK] = true; | ||
itemType = $('#dropdown').data('item-type'); | ||
$('#linkCheckbox').attr('checked', true); | ||
if (! token) { | ||
//fallback to pre token link | ||
|
@@ -360,6 +370,11 @@ OC.Share={ | |
$('#linkText').val(link); | ||
$('#linkText').show('blind'); | ||
$('#linkText').css('display','block'); | ||
//upload only for folders | ||
if (itemType == 'folder') { | ||
$('#allowUpload').show(); | ||
$('#allowUpload+label').show(); | ||
} | ||
$('#showPassword').show(); | ||
$('#showPassword+label').show(); | ||
if (password != null) { | ||
|
@@ -373,6 +388,8 @@ OC.Share={ | |
}, | ||
hideLink:function() { | ||
$('#linkText').hide('blind'); | ||
$('#allowUpload').hide(); | ||
$('#allowUpload+label').hide(); | ||
$('#showPassword').hide(); | ||
$('#showPassword+label').hide(); | ||
$('#linkPass').hide(); | ||
|
@@ -543,6 +560,21 @@ $(document).ready(function() { | |
$(this).select(); | ||
}); | ||
|
||
$('#allowUpload').live('change', function() { | ||
var itemType = $('#dropdown').data('item-type'); | ||
var itemSource = $('#dropdown').data('item-source'); | ||
if ($('#allowUpload').is(':checked')) { | ||
var allow = "1"; | ||
} else { | ||
var allow = "0"; | ||
} | ||
$.post(OC.filePath('core', 'ajax', 'share.php'), { action: 'setUpload', itemType: itemType, itemSource: itemSource, allow: allow }, function(result) { | ||
if (!result || result.status !== 'success') { | ||
OC.dialogs.alert(t('core', 'Error'), t('core', 'Error setting public upload rights')); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Swap the arguments so "Error" is the title and "Error setting …" the content. |
||
} | ||
}); | ||
}); | ||
|
||
$(document).on('click', '#dropdown #showPassword', function() { | ||
$('#linkPass').toggle('blind'); | ||
if (!$('#showPassword').is(':checked') ) { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -172,6 +172,33 @@ public static function getShareByToken($token) { | |
return $result->fetchRow(); | ||
} | ||
|
||
/* | ||
* @brief Get the upload permission of a item | ||
* @param string Item type | ||
* @param string Item source | ||
* @return Boelean | ||
*/ | ||
public static function getUploadPermission($itemType, $itemSource) { | ||
$query = \OC_DB::prepare('SELECT `uploadable` FROM `*PREFIX*share` WHERE `item_Type` = ? AND `item_Source` = ?'); | ||
$result = $query->execute(array($itemType, $itemSource))->fetchRow(); | ||
|
||
return $result['uploadable']; | ||
} | ||
|
||
/* | ||
* @brief Set the upload permission for a item | ||
* @param string Item type | ||
* @param string Item source | ||
* @param string | ||
* @return Boelean | ||
*/ | ||
public static function setUploadPermission($itemType, $itemSource, $allow) { | ||
$query = \OC_DB::prepare('UPDATE `*PREFIX*share` SET `uploadable` = ? WHERE `item_Type` = ? AND item_Source = ?'); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. backticks There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Also item_type not item_Type and item_source not item_Source There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. http://www.riceparty.com louis vuitton outlet There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @rgeber There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. great item fast shipping |
||
$query->execute(array($allow, $itemType, $itemSource)); | ||
|
||
return "1"; | ||
} | ||
|
||
/** | ||
* @brief Get the shared items of item type owned by the current user | ||
* @param string Item type | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -194,7 +194,7 @@ public function __construct( $app, $name, $renderas = "" ) { | |
// If you change the standard policy, please also change it in config.sample.php | ||
$policy = OC_Config::getValue('custom_csp_policy', | ||
'default-src \'self\'; ' | ||
.'script-src \'self\' \'unsafe-eval\'; ' | ||
.'script-src \'self\' \'unsafe-eval\' \'unsafe-inline\'; ' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 👎 |
||
.'style-src \'self\' \'unsafe-inline\'; ' | ||
.'frame-src *; ' | ||
.'img-src *; ' | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -335,6 +335,9 @@ public static function isLoggedIn() { | |
return true; | ||
} | ||
} | ||
if(isset($_POST['public_uploading'])) { | ||
return true; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 👎 |
||
} | ||
return false; | ||
} | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is absolutely insecure - 👎
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
5Michael Kors Bags Michael Kors Handbags Michael Kors Hamilton Michael Kors Outlet Online Michael Kors Bags Cheap Michael Kors Michael Kors Outlet ahdi Michael Kors Factory Outlet cdq Michael Kors Outlet bdi Michael Kors Outlet sjq Lebron James Shoes vlq Nike Lebron 12 bma Lebron 12 vda Lebron 12 aju Cheap Lebron 12 ymi Lebron James Shoes Cheap Lebron 12 vlg Nike Lebron 12 vmu Nike Lebron 12 vju Lebron 12 For Sale weji Louis Vuitton Outlet Store wemg Louis Vuitton Handbags smi Louis Vuitton Purses smi Louis Vuitton Handbags Outlet ahma Louis Vuitton Outlet blq Louis Vuitton Belt wedi Louis Vuitton Purses cmg Louis Vuitton Outlet ala Louis Vuitton Handbags Outlet vmi Louis Vuitton Backpack weja
[url=http://www.sanchoasociados.com]Sport Blue 14s For Sale[/url]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I have also never worked with the CRUDS system and therefore can't help you much :-(