Permalink
Browse files

Move magicDequote and fromPostedFileName to InputFilter.

Fix FS driver and FS test, fix Lucene indexation with new full-utf8 model.
  • Loading branch information...
1 parent ea602e4 commit b5783dd17405fffd0e730036b34777ff7666f7d5 @cdujeu cdujeu committed Sep 6, 2016
@@ -23,6 +23,7 @@
use Pydio\Core\Model\ContextInterface;
use Pydio\Core\Services\SessionService;
+use Pydio\Core\Utils\Vars\InputFilter;
defined('AJXP_EXEC') or die( 'Access not allowed');
/**
@@ -131,29 +132,6 @@ public static function fromUTF8($filesystemElement, $test = false)
return TextEncoder::changeCharset("UTF-8", $enc, $filesystemElement);
}
- /**
- * This function is used when the server's PHP configuration is using magic quote
- * @param string $text
- * @return string
- */
- public static function magicDequote($text)
- {
- // If the PHP server enables magic quotes, remove them
- if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
- return stripslashes($text);
- return $text;
- }
-
- /**
- * call fromUTF8
- * @static
- * @param string $filesystemElement
- * @return string
- */
- public static function fromPostedFileName($filesystemElement)
- {
- return TextEncoder::magicDequote($filesystemElement);
- }
/**
* Transform a string from current charset to utf8
@@ -287,5 +287,29 @@ public static function parseCSL($string, $hash = false)
return $assoc;
}
+ /**
+ * This function is used when the server's PHP configuration is using magic quote
+ * @param string $text
+ * @return string
+ */
+ public static function magicDequote($text)
+ {
+ // If the PHP server enables magic quotes, remove them
+ if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
+ return stripslashes($text);
+ return $text;
+ }
+
+ /**
+ * call fromUTF8
+ * @static
+ * @param string $filesystemElement
+ * @return string
+ */
+ public static function fromPostedFileName($filesystemElement)
+ {
+ return InputFilter::magicDequote($filesystemElement);
+ }
+
}
@@ -296,7 +296,7 @@ public function pluginsActions(ServerRequestInterface $requestInterface, Respons
case "parameters_to_form_definitions" :
- $data = json_decode(TextEncoder::magicDequote($httpVars["json_parameters"]), true);
+ $data = json_decode(InputFilter::magicDequote($httpVars["json_parameters"]), true);
$buffer = "<standard_form>";
foreach ($data as $repoScope => $pluginsData) {
$buffer .= "<repoScope id='$repoScope'>";
@@ -94,7 +94,7 @@ public function rolesActions(ServerRequestInterface $requestInterface, ResponseI
// ROLES
case "create_role":
- $roleId = InputFilter::sanitize(TextEncoder::magicDequote($httpVars["role_id"]), InputFilter::SANITIZE_HTML_STRICT);
+ $roleId = InputFilter::sanitize(InputFilter::magicDequote($httpVars["role_id"]), InputFilter::SANITIZE_HTML_STRICT);
if (!strlen($roleId)) {
throw new \Exception($mess[349]);
}
@@ -116,7 +116,7 @@ public function rolesActions(ServerRequestInterface $requestInterface, ResponseI
case "edit_role" :
- $roleId = TextEncoder::magicDequote($httpVars["role_id"]);
+ $roleId = InputFilter::magicDequote($httpVars["role_id"]);
$roleGroup = false;
$userObject = null;
$groupLabel = null;
@@ -322,7 +322,7 @@ public function rolesActions(ServerRequestInterface $requestInterface, ResponseI
case "post_json_role" :
- $roleId = TextEncoder::magicDequote($httpVars["role_id"]);
+ $roleId = InputFilter::magicDequote($httpVars["role_id"]);
$roleGroup = false;
$currentMainUser = $ctx->getUser();
$userObject = $usrId = $filteredGroupPath = null;
@@ -369,7 +369,7 @@ public function rolesActions(ServerRequestInterface $requestInterface, ResponseI
$outputRoleOnly = true;
}else{
// Other apis: a more complex
- $jsonData = TextEncoder::magicDequote($httpVars["json_data"]);
+ $jsonData = InputFilter::magicDequote($httpVars["json_data"]);
$data = json_decode($jsonData, true);
$roleData = $data["ROLE"];
$outputRoleOnly = false;
@@ -203,7 +203,7 @@ public function usersActions(ServerRequestInterface $requestInterface, ResponseI
throw new PydioException($mess["ajxp_conf.61"]);
}
- $original_login = TextEncoder::magicDequote($httpVars["new_user_login"]);
+ $original_login = InputFilter::magicDequote($httpVars["new_user_login"]);
$new_user_login = InputFilter::sanitize($original_login, InputFilter::SANITIZE_EMAILCHARS);
if($original_login != $new_user_login){
throw new \Exception(str_replace("%s", $new_user_login, $mess["ajxp_conf.127"]));
@@ -235,7 +235,7 @@ public function usersActions(ServerRequestInterface $requestInterface, ResponseI
$gName = InputFilter::sanitize(InputFilter::decodeSecureMagic(basename($httpVars["group_path"])), InputFilter::SANITIZE_ALPHANUM);
} else {
$basePath = substr($httpVars["dir"], strlen("/data/users"));
- $gName = InputFilter::sanitize(TextEncoder::magicDequote($httpVars["group_name"]), InputFilter::SANITIZE_ALPHANUM);
+ $gName = InputFilter::sanitize(InputFilter::magicDequote($httpVars["group_name"]), InputFilter::SANITIZE_ALPHANUM);
}
$gLabel = InputFilter::decodeSecureMagic($httpVars["group_label"]);
$basePath = ($ctx->hasUser() ? $ctx->getUser()->getRealGroupPath($basePath) : $basePath);
@@ -640,7 +640,7 @@ public function usersActions(ServerRequestInterface $requestInterface, ResponseI
$i = 0;
while (isSet($httpVars["pref_name_".$i]) && isSet($httpVars["pref_value_".$i])) {
$prefName = InputFilter::sanitize($httpVars["pref_name_" . $i], InputFilter::SANITIZE_ALPHANUM);
- $prefValue = InputFilter::sanitize(TextEncoder::magicDequote($httpVars["pref_value_" . $i]));
+ $prefValue = InputFilter::sanitize(InputFilter::magicDequote($httpVars["pref_value_" . $i]));
if($prefName == "password") continue;
if ($prefName != "pending_folder" && $userObject == null) {
$i++;
@@ -107,36 +107,36 @@ protected function initRepository(ContextInterface $contextInterface)
}
$repository = $contextInterface->getRepository();
$create = $repository->getContextOption($contextInterface, "CREATE");
- $path = TextEncoder::toStorageEncoding($repository->getContextOption($contextInterface, "PATH"));
+ $path = $repository->getContextOption($contextInterface, "PATH");
+ $storagePath = TextEncoder::toStorageEncoding($path);
$recycle = $repository->getContextOption($contextInterface, "RECYCLE_BIN");
$chmod = $repository->getContextOption($contextInterface, "CHMOD_VALUE");
$this->urlBase = $contextInterface->getUrlBase();
- //$encodingWrapper = new EncodingWrapper("UTF-8");
MetaStreamWrapper::appendMetaWrapper("pydio.encoding", "Pydio\\Access\\Core\\EncodingWrapper");
if ($create == true) {
- if(!is_dir($path)) @mkdir($path, 0755, true);
- if (!is_dir($path)) {
+ if(!is_dir($storagePath)) @mkdir($storagePath, 0755, true);
+ if (!is_dir($storagePath)) {
throw new PydioException("Cannot create root path for repository (".$repository->getDisplay()."). Please check repository configuration or that your folder is writeable!");
}
- if ($recycle!= "" && !is_dir($path."/".$recycle)) {
- @mkdir($path."/".$recycle);
- if (!is_dir($path."/".$recycle)) {
+ if ($recycle!= "" && !is_dir($storagePath."/".$recycle)) {
+ @mkdir($storagePath."/".$recycle);
+ if (!is_dir($storagePath."/".$recycle)) {
throw new PydioException("Cannot create recycle bin folder. Please check repository configuration or that your folder is writeable!");
} else {
$this->setHiddenAttribute(new AJXP_Node($contextInterface->getUrlBase() ."/".$recycle));
}
}
- $dataTemplate = $repository->getContextOption($contextInterface, "DATA_TEMPLATE");
- if (!empty($dataTemplate) && is_dir($dataTemplate) && !is_file($path."/.ajxp_template")) {
+ $dataTemplate = TextEncoder::toStorageEncoding($repository->getContextOption($contextInterface, "DATA_TEMPLATE"));
+ if (!empty($dataTemplate) && is_dir($dataTemplate) && !is_file($storagePath."/.ajxp_template")) {
$errs = [];$succ = [];
$repoData = ['base_url' => $contextInterface->getUrlBase(), 'chmod' => $chmod, 'recycle' => $recycle];
- $this->dircopy($dataTemplate, $path, $succ, $errs, false, false, $repoData, $repoData);
- touch($path."/.ajxp_template");
+ $this->dircopy($dataTemplate, $storagePath, $succ, $errs, false, false, $repoData, $repoData);
+ touch($storagePath."/.ajxp_template");
}
} else {
- if (!is_dir($path)) {
+ if (!is_dir($storagePath)) {
throw new PydioException("Cannot find base path for your repository! Please check the configuration!");
}
}
@@ -442,7 +442,7 @@ public function uploadAction(ServerRequestInterface &$request, ResponseInterface
InputFilter::parseFileDataErrors($uploadedFile, true);
// FIND PROPER FILE NAME / FILTER IF NECESSARY
- $userfile_name= InputFilter::sanitize(TextEncoder::fromPostedFileName($uploadedFile->getClientFileName()), InputFilter::SANITIZE_FILENAME);
+ $userfile_name= InputFilter::sanitize(InputFilter::fromPostedFileName($uploadedFile->getClientFileName()), InputFilter::SANITIZE_FILENAME);
if (isSet($httpVars["urlencoded_filename"])) {
$userfile_name = InputFilter::sanitize(urldecode($httpVars["urlencoded_filename"]), InputFilter::SANITIZE_FILENAME);
}
@@ -635,9 +635,9 @@ public function downloadAction(ServerRequestInterface &$request, ResponseInterfa
if (is_dir($selection->getUniqueNode()->getUrl())) {
$zip = true;
$base = basename($selection->getUniqueFile());
- $uniqDir = dirname($selection->getUniqueFile());
+ $uniqDir = PathUtils::forwardSlashDirname($selection->getUniqueFile());
if(!empty($uniqDir) && $uniqDir != "/"){
- $dir = dirname($selection->getUniqueFile());
+ $dir = PathUtils::forwardSlashDirname($selection->getUniqueFile());
}
} else {
if (!file_exists($selection->getUniqueNode()->getUrl())) {
@@ -649,7 +649,7 @@ public function downloadAction(ServerRequestInterface &$request, ResponseInterfa
if(isset($httpVars["dir"])){
$dir = InputFilter::decodeSecureMagic($httpVars["dir"], InputFilter::SANITIZE_DIRNAME);
}
- $base = basename(dirname($selection->getUniqueFile()));
+ $base = basename(PathUtils::forwardSlashDirname($selection->getUniqueFile()));
$zip = true;
}
if ($zip) {
@@ -866,7 +866,7 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface
if (isSet($httpVars["encode"]) && $httpVars["encode"] == "base64") {
$code = base64_decode($code);
} else {
- $code=str_replace("&lt;","<",TextEncoder::magicDequote($code));
+ $code=str_replace("&lt;","<", InputFilter::magicDequote($code));
}
$response = $response->withHeader("Content-Type", "text/plain");
try {
@@ -1018,7 +1018,7 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface
$targetBaseName = $httpVars["targetBaseName"];
}
if(!file_exists($destPath) && isSet($httpVars["recycle_restore"])){
- $this->mkDir($selection->nodeForPath(dirname($destPath)), basename($destPath), false, true);
+ $this->mkDir($selection->nodeForPath(PathUtils::forwardSlashDirname($destPath)), basename($destPath), false, true);
}
$this->filterUserSelectionToHidden($ctx, [$httpVars["dest"]]);
if ($selection->inZip()) {
@@ -1332,7 +1332,7 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface
}
$node->loadNodeInfo(false, false, ($lsOptions["l"]?"all":"minimal"));
if (!empty($node->metaData["nodeName"]) && $node->metaData["nodeName"] != $nodeName) {
- $node->setUrl(dirname($node->getUrl())."/".$node->metaData["nodeName"]);
+ $node->setUrl(PathUtils::forwardSlashDirname($node->getUrl())."/".$node->metaData["nodeName"]);
}
if (!empty($node->metaData["hidden"]) && $node->metaData["hidden"] === true) {
continue;
@@ -2030,8 +2030,8 @@ public function copyOrMove($destDir, $selection, &$error, &$success, $move = fal
];
foreach ($selectedNodes as $selectedNode) {
$selectedFile = $selectedNode->getPath();
- if ($move && !$this->isWriteable($selection->nodeForPath(dirname($selectedFile)))) {
- $error[] = "\n".$mess[38]." ".dirname($selectedFile)." ".$mess[99];
+ if ($move && !$this->isWriteable($selection->nodeForPath(PathUtils::forwardSlashDirname($selectedFile)))) {
+ $error[] = "\n".$mess[38]." ".PathUtils::forwardSlashDirname($selectedFile)." ".$mess[99];
continue;
}
if( !empty ($targetBaseName)){
@@ -2060,7 +2060,7 @@ public function rename($originalNode, $dest = null, $filename_new = null)
$mess = LocaleService::getMessages();
if(!empty($filename_new)){
- $filename_new= InputFilter::sanitize(TextEncoder::magicDequote($filename_new), InputFilter::SANITIZE_FILENAME);
+ $filename_new= InputFilter::sanitize(InputFilter::magicDequote($filename_new), InputFilter::SANITIZE_FILENAME);
$filename_new = substr($filename_new, 0, ConfService::getContextConf($originalNode->getContext(), "NODENAME_MAX_LENGTH"));
}
@@ -22,6 +22,7 @@
use Pydio\Core\Model\Context;
+use Pydio\Core\Utils\TextEncoder;
defined('AJXP_EXEC') or die( 'Access not allowed');
@@ -52,8 +53,7 @@ public function doRepositoryTest($repo)
$path = $repo->getContextOption($ctx, "PATH");
$createOpt = $repo->getContextOption($ctx, "CREATE");
$create = (($createOpt=="true"||$createOpt===true)?true:false);
-
- if (!$create && !@is_dir($path)) {
+ if (!$create && !is_dir(TextEncoder::toStorageEncoding($path))) {
$this->failedInfo .= "Selected repository path ".$path." doesn't exist, and the CREATE option is false"; return FALSE;
}
return TRUE;
@@ -132,7 +132,7 @@ public function uploadActions(ServerRequestInterface &$request, ResponseInterfac
$destPath = $ctx->getUrlBase().base64_decode($fData['destination'])."/".$fData['name'];
//$destPath = AJXP_Utils::decodeSecureMagic($destPath);
// DO NOT "SANITIZE", THE URL IS ALREADY IN THE FORM ajxp.ftp://repoId/filename
- $destPath = TextEncoder::fromPostedFileName($destPath);
+ $destPath = InputFilter::fromPostedFileName($destPath);
$node = new AJXP_Node($destPath);
$this->logDebug("Copying file to server", array("from"=>$fData["tmp_name"], "to"=>$destPath, "name"=>$fData["name"]));
TaskService::getInstance()->updateTaskStatus($taskId, Task::STATUS_RUNNING, "Uploading file ".$fData["name"]);
@@ -45,15 +45,15 @@ class EncodingWrapper extends SchemeTranslatorWrapper
* @param $path
* @return string
*/
- protected function encode($path){
+ protected static function encode($path){
return TextEncoder::fromStorageEncoding($path);
}
/**
* @param $path
* @return string
*/
- protected function decode($path){
+ protected static function decode($path){
return TextEncoder::toStorageEncoding($path);
}
@@ -164,6 +164,7 @@ public function dir_readdir()
/**
* Get a "usable" reference to a file : the real file or a tmp copy.
+ * Return the "storage-encoded" version of the path.
*
* @param string $path
* @param bool $persistent
@@ -172,9 +173,8 @@ public function dir_readdir()
*/
public static function getRealFSReference($path, $persistent = false)
{
- $wrapper = self::findSubWrapperClassName(self::decode($path));
- $newPath = call_user_func(array($wrapper, "getRealFSReference"), self::translateScheme($path), $persistent);
- return self::encode($newPath);
+ $wrapper = self::findSubWrapperClassName($path);
+ return call_user_func(array($wrapper, "getRealFSReference"), self::translateScheme(self::decode($path)), $persistent);
}
/**
@@ -747,7 +747,7 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
$i = 0;
while (isSet($httpVars["pref_name_".$i]) && isSet($httpVars["pref_value_".$i])) {
$prefName = InputFilter::sanitize($httpVars["pref_name_" . $i], InputFilter::SANITIZE_ALPHANUM);
- $prefValue = InputFilter::sanitize(TextEncoder::magicDequote($httpVars["pref_value_" . $i]));
+ $prefValue = InputFilter::sanitize(InputFilter::magicDequote($httpVars["pref_value_" . $i]));
if($prefName == "password") continue;
if ($prefName != "pending_folder" && $loggedUser == null) {
$i++;
Oops, something went wrong.

0 comments on commit b5783dd

Please sign in to comment.