Permalink
Browse files

Grab back some commits from main develop branch

  • Loading branch information...
1 parent dc25f7f commit 1198e6861279d44df0e019c289728aac06c49bb6 @cdujeu cdujeu committed Jul 12, 2016
@@ -27,6 +27,7 @@
use Pydio\Core\Services\ConfService;
use Pydio\Core\Utils\ApplicationState;
use Pydio\Core\Utils\FileHelper;
+use Pydio\Core\Utils\Vars\PathUtils;
use Pydio\Core\Utils\Vars\StatHelper;
use Pydio\Core\Utils\TextEncoder;
use Pydio\Log\Core\Logger;
@@ -201,7 +202,7 @@ public function readFile($node = null, $filePath = null, $data = null, $headerTy
if ($node !== null && !$node->wrapperIsRemote()) {
$originalFilePath = $filePathOrData;
- $filePathOrData = FsAccessWrapper::patchPathForBaseDir($filePathOrData);
+ $filePathOrData = PathUtils::patchPathForBaseDir($filePathOrData);
}
session_write_close();
@@ -262,6 +262,14 @@ public static function getAuthDriverImpl()
}
/**
+ * Return info about auth plugins
+ * @return string
+ */
+ public static function getInfo(){
+ return "&a=".self::getAuthDriverImpl()->getStats();
+ }
+
+ /**
* Get auth driver implementation
*
* @return AbstractCacheDriver
@@ -48,12 +48,14 @@ class InputFilter
*/
public static function securePath($path)
{
- if ($path == null) $path = "";
+ if ($path == null) {
+ return "";
+ }
//
// REMOVE ALL "../" TENTATIVES
//
$path = str_replace(chr(0), "", $path);
- $dirs = explode('/', $path);
+ $dirs = self::safeExplode($path);
$count = count($dirs);
for ($i = 0; $i < $count; $i++) {
if ($dirs[$i] == '.' or $dirs[$i] == '..') {
@@ -72,6 +74,14 @@ public static function securePath($path)
return $path;
}
+ /**
+ * @param $path
+ * @return array
+ */
+ public static function safeExplode($path) {
+ return (DIRECTORY_SEPARATOR === "\\" ? preg_split('/(\\\|\\/)/', $path) : explode('/', $path));
+ }
+
/**
* Given a string, this function will determine if it potentially an
@@ -50,5 +50,28 @@ public static function forwardSlashBasename($path)
return (DIRECTORY_SEPARATOR === "\\" ? str_replace("\\", "/", basename($path)) : basename($path));
}
+ /**
+ * Fix openbasedir issue when browsing zip content as a normal folder
+ * @param string $dirPath
+ * @return string
+ */
+ public static function patchPathForBaseDir($dirPath)
+ {
+ if (!ini_get("open_basedir") || !preg_match('/\.zip/i', $dirPath)) return $dirPath;
+ return str_replace(".zip", "__ZIP_EXTENSION__", $dirPath);
+
+ }
+
+ /**
+ * Fix openbasedir issue when browsing zip content as a normal folder
+ * @param string $dirPath
+ * @return string
+ */
+ public static function unPatchPathForBaseDir($dirPath)
+ {
+ if (!ini_get("open_basedir")) return $dirPath;
+ return str_replace("__ZIP_EXTENSION__", ".zip", $dirPath);
+ }
+
}
@@ -381,7 +381,7 @@ public function uploadAction(ServerRequestInterface &$request, ResponseInterface
/** @var ContextInterface $ctx */
$ctx = $request->getAttribute("ctx");
if (MetaStreamWrapper::actualRepositoryWrapperClass(new AJXP_Node($ctx->getUrlBase())) === "Pydio\\Access\\Driver\\StreamProvider\\FS\\FsAccessWrapper") {
- $dir = FsAccessWrapper::patchPathForBaseDir($dir);
+ $dir = PathUtils::patchPathForBaseDir($dir);
}
$dir = InputFilter::securePath($dir);
$selection = UserSelection::fromContext($ctx, $httpVars);
@@ -635,6 +635,7 @@ public function downloadAction(ServerRequestInterface &$request, ResponseInterfa
if(isset($httpVars["dir"])){
$dir = InputFilter::decodeSecureMagic($httpVars["dir"], InputFilter::SANITIZE_DIRNAME);
}
+ $base = basename(dirname($selection->getUniqueFile()));
$zip = true;
}
if ($zip) {
@@ -1200,7 +1201,7 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface
}
$patch = false;
if (MetaStreamWrapper::actualRepositoryWrapperClass(new AJXP_Node($selection->currentBaseUrl())) === "Pydio\\Access\\Driver\\StreamProvider\\FS\\FsAccessWrapper") {
- $dir = FsAccessWrapper::patchPathForBaseDir($dir);
+ $dir = PathUtils::patchPathForBaseDir($dir);
$patch = true;
}
$dir = InputFilter::securePath($dir);
@@ -1220,7 +1221,7 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface
$path = $selection->nodeForPath(($dir!= ""?($dir[0]=="/"?"":"/").$dir:""))->getUrl();
$nonPatchedPath = $path;
if ($patch) {
- $nonPatchedPath = FsAccessWrapper::unPatchPathForBaseDir($path);
+ $nonPatchedPath = PathUtils::unPatchPathForBaseDir($path);
}
$testPath = @stat($path);
if($testPath === null || $testPath === false){
@@ -1872,6 +1873,12 @@ public function extractArchiveItemPostCallback($crtUrlBase, $status, $data, $tas
$fullname = $data['filename'];
$realBase = MetaStreamWrapper::getRealFSReference($crtUrlBase);
$repoName = str_replace($realBase, "", $fullname);
+ try{
+ $this->filterUserSelectionToHidden(AJXP_Node::contextFromUrl($crtUrlBase), [$repoName]);
+ }catch(\Exception $e){
+ @unlink($this->urlBase.$repoName);
+ return 1;
+ }
if($taskId !== null){
TaskService::getInstance()->updateTaskStatus($taskId, Task::STATUS_RUNNING, "Extracted file ".$repoName);
}
@@ -2157,7 +2164,7 @@ public function delete(UserSelection $selection, &$logMessages, $taskId = null)
continue;
}
$this->deldir($fileUrl, $repoData, $taskId);
- if (is_dir($fileUrl)) {
+ if ($selectedNode->isLeaf()) {
$logMessages[]="$mess[38] ".TextEncoder::toUTF8($filePath)." $mess[44].";
} else {
$logMessages[]="$mess[34] ".TextEncoder::toUTF8($filePath)." $mess[44].";
@@ -31,6 +31,7 @@
use Pydio\Core\Exception\PydioException;
use Pydio\Core\Utils\ApplicationState;
use Pydio\Core\Utils\Vars\InputFilter;
+use Pydio\Core\Utils\Vars\PathUtils;
use Pydio\Core\Utils\Vars\UrlUtils;
use Pydio\Core\Utils\TextEncoder;
use Pydio\Log\Core\Logger;
@@ -84,7 +85,7 @@ class FsAccessWrapper implements IAjxpWrapper
*/
protected static function initPath($path, $streamType, $storeOpenContext = false, $skipZip = false)
{
- $path = self::unPatchPathForBaseDir($path);
+ $path = PathUtils::unPatchPathForBaseDir($path);
$url = UrlUtils::safeParseUrl($path);
$node = new AJXP_Node($path);
$repoObject = $node->getRepository();
@@ -211,19 +212,6 @@ public static function getResolvedOptionsForNode($node)
];
}
- public static function patchPathForBaseDir($dirPath)
- {
- if(!ini_get("open_basedir") || !preg_match('/\.zip/i', $dirPath)) return $dirPath;
- return str_replace(".zip", "__ZIP_EXTENSION__", $dirPath);
-
- }
-
- public static function unPatchPathForBaseDir($dirPath)
- {
- if(!ini_get("open_basedir")) return $dirPath;
- return str_replace("__ZIP_EXTENSION__", ".zip", $dirPath);
- }
-
public static function removeTmpFile($tmpDir, $tmpFile)
{
if(is_file($tmpFile)) unlink($tmpFile);
@@ -346,7 +334,7 @@ public function stream_stat()
public function url_stat($path, $flags)
{
// File and zip case
- $patchedPath = self::patchPathForBaseDir($path);
+ $patchedPath = PathUtils::patchPathForBaseDir($path);
if (ini_get("open_basedir") && preg_match('/__ZIP_EXTENSION__/', $patchedPath)) {
// Zip Folder case
self::$lastRealSize = false;
@@ -129,6 +129,14 @@ protected function setCurrentDriverName($name)
}
/**
+ * @return string
+ */
+ public function getStats()
+ {
+ return implode(",", array_keys($this->drivers));
+ }
+
+ /**
* @return bool|AbstractAuthDriver
*/
protected function getCurrentDriver()
@@ -28,6 +28,7 @@
use Pydio\Core\PluginFramework\PluginsService;
use Pydio\Core\Services\RepositoryService;
+use Pydio\Core\Utils\Vars\PathUtils;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -164,7 +165,7 @@ public static function translateScheme($url, $crtInstance = null){
$crtPath = "/";
}
$crtBase = basename($crtPath);
- if (!empty($crtPath) && $crtPath != "/" && $crtBase != $contentFilter->getUniquePath() && $crtBase != ".ajxp_meta") {
+ if (!empty($crtPath) && $crtPath != "/" && PathUtils::unPatchPathForBaseDir($crtBase) != $contentFilter->getUniquePath() && $crtBase != ".ajxp_meta") {
throw new \Exception("Cannot find file " . $crtBase);
}
$url = $node->getContext()->getUrlBase().rtrim($baseDir.$crtPath, "/");
@@ -20,9 +20,12 @@
*/
namespace Pydio\Uploader\Processor;
+use Pydio\Access\Core\AbstractAccessDriver;
use Pydio\Access\Core\Model\AJXP_Node;
use Pydio\Access\Core\Model\UserSelection;
use Pydio\Core\Controller\Controller;
+use Pydio\Core\Model\ContextInterface;
+use Pydio\Core\PluginFramework\PluginsService;
use Pydio\Core\Services\LocaleService;
use Pydio\Core\Utils\Vars\InputFilter;
use Pydio\Core\Utils\Vars\StatHelper;
@@ -53,6 +56,8 @@ public function switchAction(\Psr\Http\Message\ServerRequestInterface $request,
//$this->logInfo("DL file", $httpVars);
$httpVars = $request->getParsedBody();
$action = $request->getAttribute("action");
+ /** @var ContextInterface $ctx */
+ $ctx = $request->getAttribute("ctx");
$userSelection = UserSelection::fromContext($request->getAttribute("ctx"), $httpVars);
$dir = InputFilter::decodeSecureMagic($httpVars["dir"]);
$currentDirUrl = $userSelection->currentBaseUrl().$dir."/";
@@ -73,6 +78,9 @@ public function switchAction(\Psr\Http\Message\ServerRequestInterface $request,
}else{
throw new \Exception("Missing argument, either file or dlfile");
}
+ /** @var AbstractAccessDriver $fsDriver */
+ $fsDriver = PluginsService::getInstance($ctx)->getUniqueActivePluginForType("access");
+ $fsDriver->filterUserSelectionToHidden($ctx, array($basename));
switch ($action) {
case "external_download":

0 comments on commit 1198e68

Please sign in to comment.