anonymous upload feature

apps/files/ajax/upload_public.php

@@ -0,0 +1,105 @@
+<?php
+
+// Init owncloud
+
+
+// Temporary login as user for anonymous uploading
+if(isset($_POST['public_uploading'])) {
+        $_SESSION['user_id'] = $_POST['uidOwner'];
+}
+
+// Firefox and Konqueror tries to download application/json for me.  --Arthur
+OCP\JSON::setContentTypeHeader('text/plain');
+
+OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+$l = OC_L10N::get('files');
+
+
+$dir = $_POST['dir'];
+// get array with current storage stats (e.g. max file size)
+$storageStats = \OCA\files\lib\Helper::buildFileStorageStatistics($dir);
+
+if (!isset($_FILES['files'])) {
+	OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('No file was uploaded. Unknown error')), $storageStats)));
+	if(isset($_POST['public_uploading'])) {
+                $_SESSION['user_id'] = '';
+        }
+	exit();
+}
+
+foreach ($_FILES['files']['error'] as $error) {
+	if ($error != 0) {
+		$errors = array(
+			UPLOAD_ERR_OK => $l->t('There is no error, the file uploaded with success'),
+			UPLOAD_ERR_INI_SIZE => $l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini: ')
+				. ini_get('upload_max_filesize'),
+			UPLOAD_ERR_FORM_SIZE => $l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'),
+			UPLOAD_ERR_PARTIAL => $l->t('The uploaded file was only partially uploaded'),
+			UPLOAD_ERR_NO_FILE => $l->t('No file was uploaded'),
+			UPLOAD_ERR_NO_TMP_DIR => $l->t('Missing a temporary folder'),
+			UPLOAD_ERR_CANT_WRITE => $l->t('Failed to write to disk'),
+		);
+		OCP\JSON::error(array('data' => array_merge(array('message' => $errors[$error]), $storageStats)));
+		if(isset($_POST['public_uploading'])) {
+                	$_SESSION['user_id'] = '';
+	        }
+		exit();
+	}
+}
+$files = $_FILES['files'];
+
+$error = '';
+
+$maxUploadFilesize = OCP\Util::maxUploadFilesize($dir);
+$maxHumanFilesize = OCP\Util::humanFileSize($maxUploadFilesize);
+
+$totalSize = 0;
+foreach ($files['size'] as $size) {
+	$totalSize += $size;
+}
+if ($totalSize > $maxUploadFilesize) {
+	OCP\JSON::error(array('data' => array('message' => $l->t('Not enough storage available'),
+		'uploadMaxFilesize' => $maxUploadFilesize,
+		'maxHumanFilesize' => $maxHumanFilesize)));
+	if(isset($_POST['public_uploading'])) {
+                $_SESSION['user_id'] = '';
+        }
+	exit();
+}
+
+$result = array();
+if (strpos($dir, '..') === false) {
+	$fileCount = count($files['name']);
+	for ($i = 0; $i < $fileCount; $i++) {
+		$target = OCP\Files::buildNotExistingFileName(stripslashes($dir), $files['name'][$i]);
+		// $path needs to be normalized - this failed within drag'n'drop upload to a sub-folder
+		$target = \OC\Files\Filesystem::normalizePath($target); //$tmp=$files['size'][0];  `echo $tmp > /tmp/bla`;
+		if (is_uploaded_file($files['tmp_name'][$i]) and \OC\Files\Filesystem::fromTmpFile($files['tmp_name'][$i], $target)) {
+			$meta = \OC\Files\Filesystem::getFileInfo($target);
+			// updated max file size after upload
+			$storageStats = \OCA\files\lib\Helper::buildFileStorageStatistics($dir);
+
+			$result[] = array('status' => 'success',
+				'mime' => $meta['mimetype'],
+				'size' => $meta['size'],
+				'id' => $meta['fileid'],
+				'name' => basename($target),
+				'uploadMaxFilesize' => $maxUploadFilesize,
+				'maxHumanFilesize' => $maxHumanFilesize
+			);
+		}
+	}
+	OCP\JSON::encodedPrint($result);
+	if(isset($_POST['public_uploading'])) {
+                $_SESSION['user_id'] = '';
+        }
+	exit();
+} else {
+	$error = $l->t('Invalid directory.');
+}
+
+OCP\JSON::error(array('data' => array_merge(array('message' => $error), $storageStats)));
+if(isset($_POST['public_uploading'])) {
+	$_SESSION['user_id'] = '';
+}

apps/files_sharing/css/public.css

@@ -73,3 +73,19 @@ thead{
 	background-color: white;
 	padding-left:0 !important; /* fixes multiselect bar offset on shared page */
 }
+
+.upload_wrapper { 
+	padding-left: 0.1em; 
+	padding-right: 0.3em; 
+	vertical-align: text-bottom; 
+	float:right; 
+}
+#upload_svg { 
+	height: 1.2em; 
+}
+.upload_target { 
+	display: none; 
+}
+#file_upload_start { 
+	display: none; 
+}

apps/files_sharing/public.php

@@ -21,6 +21,7 @@ function fileCmp($a, $b) {
 		$type = $linkItem['item_type'];
 		$fileSource = $linkItem['file_source'];
 		$shareOwner = $linkItem['uid_owner'];
+		$allowUpload = OCP\SHARE::getUploadPermission($linkItem['item_type'], $linkItem['file_source']);
 		$fileOwner = null;
 		$path = null;
 		if (isset($linkItem['parent'])) {
@@ -110,6 +111,9 @@ function fileCmp($a, $b) {
 	}
 	$dir = dirname($path);
 	$file = basename($path);
+	// get the max. filesize for upload
+	$upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
+	$upload_max_human_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize')) / 1024 / 1024;
 	// Download the file
 	if (isset($_GET['download'])) {
 		if (isset($_GET['files'])) { // download selected files
@@ -128,10 +132,16 @@ function fileCmp($a, $b) {
 		OCP\Util::addStyle('files_sharing', 'public');
 		OCP\Util::addScript('files_sharing', 'public');
 		OCP\Util::addScript('files', 'fileactions');
+		OCP\Util::addscript( 'files', 'jquery.fileupload' );
+                OCP\Util::addscript( 'files', 'files' );
 		$tmpl = new OCP\Template('files_sharing', 'public', 'base');
 		$tmpl->assign('uidOwner', $shareOwner);
 		$tmpl->assign('displayName', \OCP\User::getDisplayName($shareOwner));
 		$tmpl->assign('filename', $file);
+		$tmpl->assign('path', $path);
+                $tmpl->assign('allowUpload', $allowUpload);
+		$tmpl->assign('upload_max_filesize', $upload_max_filesize);
+                $tmpl->assign('upload_max_human_filesize', $upload_max_human_filesize);
 		$tmpl->assign('mimetype', \OC\Files\Filesystem::getMimeType($path));
 		$tmpl->assign('fileTarget', basename($linkItem['file_target']));
 		$urlLinkIdentifiers= (isset($token)?'&t='.$token:'')

apps/files_sharing/templates/public.php

@@ -1,4 +1,4 @@
-<input type="hidden" name="dir" value="<?php p($_['dir']) ?>" id="dir">
+<input type="hidden" name="dir" value="<?php p($_['path']) ?>" id="dir">
 <input type="hidden" name="downloadURL" value="<?php p($_['downloadURL']) ?>" id="downloadURL">
 <input type="hidden" name="filename" value="<?php p($_['filename']) ?>" id="filename">
 <input type="hidden" name="mimetype" value="<?php p($_['mimetype']) ?>" id="mimetype">
@@ -13,6 +13,19 @@
 		<span id="details"><?php p($l->t('%s shared the file %s with you',
 			array($_['displayName'], $_['fileTarget']))) ?></span>
 	<?php endif; ?>
+	<?php if($_['allowUpload'] == "1" or $_['allowUpload'] == "true") { ?>
+			<form data-upload-id='1' id="data-upload-form" class="upload_wrapper" action="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload_public.php')); ?>" method="post" enctype="multipart/form-data" target="upload_target">
+					<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" id="requesttoken">
+                                        <input type="hidden" name="MAX_FILE_SIZE" value="<?php p($_['upload_max_filesize']) ?>" id="max_upload">
+                                        <input type="hidden" class="max_human_file_size" value="(max <?php p($_['upload_max_human_filesize']) ?>MB)">
+                                        <input type="hidden" name="dir" value="<?php echo p($_['path']) ?>" id="dir">
+					<input type="hidden" name="uidOwner" value="<?php echo p($_['uidOwner']) ?>" id="uidOwner">
+				 	<input type="hidden" name="public_uploading" value="1">
+                                        <input class="file_upload_start" type="file" name='files[]' id="file_upload_start">
+					<a href="#" onclick="$(this).parent().children('#file_upload_start').trigger('click')"><span class="button"><img id="upload_svg" alt="Upload" src="<?php print_unescaped(OCP\image_path("core", "actions/upload.svg")); ?>" /><?php p($l->t('Upload')) ?></span></a>
+					<iframe name="upload_target" class='upload_target' src=""></iframe>
+                                </form>
+	<?php } ?>
 		<?php if (!isset($_['folder']) || $_['allowZipDownload']): ?>
 			<a href="<?php p($_['downloadURL']); ?>" class="button" id="download"><img
 				class="svg" alt="Download" src="<?php print_unescaped(OCP\image_path("core", "actions/download.svg")); ?>"

config/config.sample.php

@@ -143,7 +143,7 @@
 "remember_login_cookie_lifetime" => 60*60*24*15,
 
 /* Custom CSP policy, changing this will overwrite the standard policy */
-"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:",
+"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:",
 
 /* The directory where the user data is stored, default to data in the owncloud
  * directory. The sqlite database is also stored here, when sqlite is used.

core/ajax/share.php

@@ -63,6 +63,10 @@
 				($return) ? OC_JSON::success() : OC_JSON::error();
 			}
 			break;
+		case 'setUpload':
+			$return = OCP\Share::setUploadPermission($_POST['itemType'], $_POST['itemSource'], $_POST['allow']);
+                        ($return) ? OC_JSON::success() : OC_JSON::error();
+			break;
 		case 'setPermissions':
 			if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
 				$return = OCP\Share::setPermissions(
@@ -155,6 +159,14 @@
 				OC_JSON::success(array('data' => array('reshare' => $reshare, 'shares' => $shares)));
 			}
 			break;
+		case 'getUpload':
+                        if (isset($_GET['itemType']) && isset($_GET['itemSource'])) {
+                                // check if other can upload in this item
+                                $return = OCP\Share::getUploadPermission($_GET['itemType'], $_GET['itemSource']);
+
+                                OC_JSON::success(array('data' => $return));
+                        }
+                        break;
 		case 'getShareWith':
 			if (isset($_GET['search'])) {
 				$sharePolicy = OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global');

core/js/share.js

@@ -168,6 +168,8 @@ OC.Share={
 				html += '<div id="linkPass">';
 				html += '<input id="linkPassText" type="password" placeholder="'+t('core', 'Password')+'" />';
 				html += '</div>';
+				html += '<br />';
+				html += '<input type="checkbox" name="allowUpload" id="allowUpload" value="1" style="display:none;" /><label for="allowUpload" style="display:none;">'+t('core', 'Allow Upload')+'</label>';
 				html += '</div>';
 				html += '<form id="emailPrivateLink" >';
 				html += '<input id="email" style="display:none; width:62%;" value="" placeholder="'+t('core', 'Email link to person')+'" type="text" />';
@@ -197,6 +199,13 @@ OC.Share={
 					}
 				});
 			}
+			$.ajax({type: 'GET', url: OC.filePath('core', 'ajax', 'share.php'), data: { fetch: 'getUpload', itemType: itemType, itemSource: itemSource }, success: function(result) { 
+				if (result && result.status === 'success') {
+					if(result.data == "1" || result.data == "true" ) {
+						$('#allowUpload').attr('checked', true);
+					}
+                        	}
+                	}});
 			$('#shareWith').autocomplete({minLength: 1, source: function(search, response) {
 	// 			if (cache[search.term]) {
 	// 				response(cache[search.term]);
@@ -341,6 +350,7 @@ OC.Share={
 	},
 	showLink:function(token, password, itemSource) {
 		OC.Share.itemShares[OC.Share.SHARE_TYPE_LINK] = true;
+		itemType = $('#dropdown').data('item-type');
 		$('#linkCheckbox').attr('checked', true);
 		if (! token) {
 			//fallback to pre token link
@@ -360,6 +370,11 @@ OC.Share={
 		$('#linkText').val(link);
 		$('#linkText').show('blind');
 		$('#linkText').css('display','block');
+		//upload only for folders
+		if (itemType == 'folder') {
+			$('#allowUpload').show();
+			$('#allowUpload+label').show();
+		}
 		$('#showPassword').show();
 		$('#showPassword+label').show();
 		if (password != null) {
@@ -373,6 +388,8 @@ OC.Share={
 	},
 	hideLink:function() {
 		$('#linkText').hide('blind');
+		$('#allowUpload').hide();
+		$('#allowUpload+label').hide();
 		$('#showPassword').hide();
 		$('#showPassword+label').hide();
 		$('#linkPass').hide();
@@ -543,6 +560,21 @@ $(document).ready(function() {
 		$(this).select();
 	});
 
+	$('#allowUpload').live('change', function() {
+		var itemType = $('#dropdown').data('item-type');
+		var itemSource = $('#dropdown').data('item-source');
+		if ($('#allowUpload').is(':checked')) {
+			var allow = "1";
+		} else {
+			var allow = "0";
+		}
+		$.post(OC.filePath('core', 'ajax', 'share.php'), { action: 'setUpload', itemType: itemType, itemSource: itemSource, allow: allow }, function(result) {
+                       if (!result || result.status !== 'success') {
+                                OC.dialogs.alert(t('core', 'Error'), t('core', 'Error setting public upload rights'));
+                       }
+                });
+        });
+
 	$(document).on('click', '#dropdown #showPassword', function() {
 		$('#linkPass').toggle('blind');
 		if (!$('#showPassword').is(':checked') ) {

core/l10n/de.php

@@ -135,5 +135,6 @@
 "Alternative Logins" => "Alternative Logins",
 "prev" => "Zurück",
 "next" => "Weiter",
+"Allow Upload" => "Erlaube Upload",
 "Updating ownCloud to version %s, this may take a while." => "Aktualisiere ownCloud auf Version %s. Dies könnte eine Weile dauern."
 );

db_structure.xml

@@ -822,6 +822,14 @@
 				<notnull>false</notnull>
 			</field>
 
+			<field>
+                                <name>uploadable</name>
+                                <type>integer</type>
+                                <default>0</default>
+                                <notnull>true</notnull>
+                                <length>1</length>
+                        </field>
+
 			<field>
 				<name>token</name>
 				<type>text</type>

lib/public/share.php

@@ -172,6 +172,33 @@ public static function getShareByToken($token) {
 		return $result->fetchRow();
 	}
 
+	/*
+	 * @brief Get the upload permission of a item
+	 * @param string Item type
+         * @param string Item source
+	 * @return Boelean
+	*/
+	public static function getUploadPermission($itemType, $itemSource) {
+		$query = \OC_DB::prepare('SELECT `uploadable` FROM `*PREFIX*share` WHERE `item_Type` = ? AND `item_Source` = ?');
+		$result = $query->execute(array($itemType, $itemSource))->fetchRow();
+
+		return $result['uploadable'];
+	}
+
+	/*
+         * @brief Set the upload permission for a item
+         * @param string Item type
+         * @param string Item source
+	 * @param string
+         * @return Boelean
+        */
+	public static function setUploadPermission($itemType, $itemSource, $allow) {
+                $query = \OC_DB::prepare('UPDATE `*PREFIX*share` SET `uploadable` = ? WHERE `item_Type` = ? AND item_Source = ?');
+                $query->execute(array($allow, $itemType, $itemSource));
+
+                return "1";
+        }
+
 	/**
 	* @brief Get the shared items of item type owned by the current user
 	* @param string Item type

lib/template.php

@@ -194,7 +194,7 @@ public function __construct( $app, $name, $renderas = "" ) {
 		// If you change the standard policy, please also change it in config.sample.php
 		$policy = OC_Config::getValue('custom_csp_policy',
 			'default-src \'self\'; '
-			.'script-src \'self\' \'unsafe-eval\'; '
+			.'script-src \'self\' \'unsafe-eval\' \'unsafe-inline\'; '
 			.'style-src \'self\' \'unsafe-inline\'; '
 			.'frame-src *; '
 			.'img-src *; '

lib/user.php

@@ -335,6 +335,9 @@ public static function isLoggedIn() {
 				return true;
 			}
 		}
+		if(isset($_POST['public_uploading'])) {
+                        return true;
+                }
 		return false;
 	}