Merge branch 'cernbox-develop-8.0.2-integration' into cernbox-prod-8.0.2

apps/files/ajax/upload.php

@@ -51,6 +51,10 @@
 
 		// The token defines the target directory (security reasons)
 		$path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
+		if($path === null) {
+			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
+			die();
+		}
 		$dir = sprintf(
 			"/%s/%s",
 			$path,

apps/files_sharing/ajax/publicpreview.php

@@ -46,6 +46,12 @@
 
 $pathId = $linkedItem['file_source'];
 $path = $view->getPath($pathId);
+if($path === null) {
+	throw new \OCP\Files\NotFoundException();
+	\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
+	\OC_Log::write('core-preview', 'Could not resolve file for shared item', OC_Log::WARN);
+	exit;
+}
 $pathInfo = $view->getFileInfo($path);
 $sharedFile = null;
 

apps/files_sharing/lib/controllers/sharecontroller.php

@@ -1,12 +1,28 @@
 <?php
 /**
- * @author Clark Tomlinson <clark@owncloud.com>
+ * @author Björn Schießle <schiessle@owncloud.com>
+ * @author Georg Ehrke <georg@owncloud.com>
+ * @author Joas Schilling <nickvergessen@owncloud.com>
  * @author Lukas Reschke <lukas@owncloud.com>
- * @copyright 2014 Clark Tomlinson & Lukas Reschke
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Robin Appelman <icewind@owncloud.com>
+ * @author Robin McCorkell <rmccorkell@karoshi.org.uk>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
  *
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
  */
 
 namespace OCA\Files_Sharing\Controllers;
@@ -17,12 +33,12 @@
 use OC_Util;
 use OCP;
 use OCP\Template;
-use OCP\JSON;
 use OCP\Share;
 use OCP\AppFramework\Controller;
 use OCP\IRequest;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\Http\NotFoundResponse;
 use OC\URLGenerator;
 use OC\AppConfig;
 use OCP\ILogger;
@@ -60,7 +76,7 @@ class ShareController extends Controller {
 	 * @param AppConfig $appConfig
 	 * @param OCP\IConfig $config
 	 * @param URLGenerator $urlGenerator
-	 * @param OC\User\Manager $userManager
+	 * @param OCP\IUserManager $userManager
 	 * @param ILogger $logger
 	 * @param OCP\Activity\IManager $activityManager
 	 */
@@ -70,7 +86,7 @@ public function __construct($appName,
 								AppConfig $appConfig,
 								OCP\IConfig $config,
 								URLGenerator $urlGenerator,
-								OC\User\Manager $userManager,
+								OCP\IUserManager $userManager,
 								ILogger $logger,
 								OCP\Activity\IManager $activityManager) {
 		parent::__construct($appName, $request);
@@ -113,7 +129,7 @@ public function showAuthenticate($token) {
 	public function authenticate($token, $password = '') {
 		$linkItem = Share::getShareByToken($token, false);
 		if($linkItem === false) {
-			return new TemplateResponse('core', '404', array(), 'guest');
+			return new NotFoundResponse();
 		}
 
 		$authenticate = Helper::authenticate($linkItem, $password);
@@ -131,26 +147,19 @@ public function authenticate($token, $password = '') {
 	 *
 	 * @param string $token
 	 * @param string $path
-	 * @return TemplateResponse
+	 * @return TemplateResponse|RedirectResponse
 	 */
 	public function showShare($token, $path = '') {
 		\OC_User::setIncognitoMode(true);
 
 		// Check whether share exists
 		$linkItem = Share::getShareByToken($token, false);
 		if($linkItem === false) {
-			return new TemplateResponse('core', '404', array(), 'guest');
+			return new NotFoundResponse();
 		}
 
 		$shareOwner = $linkItem['uid_owner'];
-		$originalSharePath = null;
-		$rootLinkItem = OCP\Share::resolveReShare($linkItem);
-		if (isset($rootLinkItem['uid_owner'])) {
-			OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
-			OC_Util::tearDownFS();
-			OC_Util::setupFS($rootLinkItem['uid_owner']);
-			$originalSharePath = Filesystem::getPath($linkItem['file_source']);
-		}
+		$originalSharePath = $this->getPath($token);
 
 		// Share is password protected - check whether the user is permitted to access the share
 		if (isset($linkItem['share_with']) && !Helper::authenticate($linkItem)) {
@@ -161,15 +170,18 @@ public function showShare($token, $path = '') {
 		if (Filesystem::isReadable($originalSharePath . $path)) {
 			$getPath = Filesystem::normalizePath($path);
 			$originalSharePath .= $path;
+		} else {
+			throw new OCP\Files\NotFoundException();
 		}
 
 		$file = basename($originalSharePath);
 
-		$shareTmpl = array();
+		$shareTmpl = [];
 		$shareTmpl['displayName'] = User::getDisplayName($shareOwner);
 		$shareTmpl['filename'] = $file;
 		$shareTmpl['directory_path'] = $linkItem['file_target'];
 		$shareTmpl['mimetype'] = Filesystem::getMimeType($originalSharePath);
+		$shareTmpl['previewSupported'] = \OC::$server->getPreviewManager()->isMimeSupported($shareTmpl['mimetype']);
 		$shareTmpl['dirToken'] = $linkItem['token'];
 		$shareTmpl['sharingToken'] = $token;
 		$shareTmpl['server2serversharing'] = Helper::isOutgoingServer2serverShareEnabled();
@@ -182,7 +194,6 @@ public function showShare($token, $path = '') {
 		// Show file list
 		if (Filesystem::is_dir($originalSharePath)) {
 			$shareTmpl['dir'] = $getPath;
-			$files = array();
 			$maxUploadFilesize = Util::maxUploadFilesize($originalSharePath);
 			$freeSpace = Util::freeSpace($originalSharePath);
 			$uploadLimit = Util::uploadLimit();
@@ -192,7 +203,6 @@ public function showShare($token, $path = '') {
 			$folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
 			$folder->assign('isPublic', true);
 			$folder->assign('publicUploadEnabled', 'no');
-			$folder->assign('files', $files);
 			$folder->assign('uploadMaxFilesize', $maxUploadFilesize);
 			$folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
 			$folder->assign('freeSpace', $freeSpace);
@@ -204,6 +214,7 @@ public function showShare($token, $path = '') {
 
 		$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token));
 		$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
+		$shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
 
 		return new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
 	}
@@ -230,26 +241,48 @@ public function downloadShare($token, $files = null, $path = '') {
 			}
 		}
 
+		$files_list = null;
+		if (!is_null($files)) { // download selected files
+			$files_list = json_decode($files);
+			// in case we get only a single file
+			if ($files_list === null) {
+				$files_list = array($files);
+			}
+		}
+
 		$originalSharePath = self::getPath($token);
 
+		// Create the activities
 		if (isset($originalSharePath) && Filesystem::isReadable($originalSharePath . $path)) {
 			$originalSharePath = Filesystem::normalizePath($originalSharePath . $path);
-			$type = \OC\Files\Filesystem::is_dir($originalSharePath) ? 'folder' : 'file';
-			$args = $type === 'folder' ? array('dir' => $originalSharePath) : array('dir' => dirname($originalSharePath), 'scrollto' => basename($originalSharePath));
-			$linkToFile = \OCP\Util::linkToAbsolute('files', 'index.php', $args);
-			$subject = $type === 'folder' ? Activity::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED : Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED;
-			$this->activityManager->publishActivity(
-					'files_sharing', $subject, array($originalSharePath), '', array(), $originalSharePath,
-					$linkToFile, $linkItem['uid_owner'], Activity::TYPE_PUBLIC_LINKS, Activity::PRIORITY_MEDIUM);
-		}
+			$isDir = \OC\Files\Filesystem::is_dir($originalSharePath);
 
-		if (!is_null($files)) { // download selected files
-			$files_list = json_decode($files);
-			// in case we get only a single file
-			if ($files_list === NULL) {
-				$files_list = array($files);
+			$activities = [];
+			if (!$isDir) {
+				// Single file public share
+				$activities[$originalSharePath] = Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED;
+			} else if (!empty($files_list)) {
+				// Only some files are downloaded
+				foreach ($files_list as $file) {
+					$filePath = Filesystem::normalizePath($originalSharePath . '/' . $file);
+					$isDir = \OC\Files\Filesystem::is_dir($filePath);
+					$activities[$filePath] = ($isDir) ? Activity::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED : Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED;
+				}
+			} else {
+				// The folder is downloaded
+				$activities[$originalSharePath] = Activity::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED;
 			}
 
+			foreach ($activities as $filePath => $subject) {
+				$this->activityManager->publishActivity(
+					'files_sharing', $subject, array($filePath), '', array(),
+					$filePath, '', $linkItem['uid_owner'], Activity::TYPE_PUBLIC_LINKS, Activity::PRIORITY_MEDIUM
+				);
+			}
+		}
+
+		// download selected files
+		if (!is_null($files)) {
 			// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
 			// after dispatching the request which results in a "Cannot modify header information" notice.
 			OC_Files::get($originalSharePath, $files_list, $_SERVER['REQUEST_METHOD'] == 'HEAD');
@@ -263,22 +296,30 @@ public function downloadShare($token, $files = null, $path = '') {
 	}
 
 	/**
-	 * @param $token
-	 * @return null|string
+	 * @param string $token
+	 * @return string Resolved file path of the token
+	 * @throws \Exception In case share could not get properly resolved
 	 */
 	private function getPath($token) {
 		$linkItem = Share::getShareByToken($token, false);
-		$path = null;
 		if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
 			// seems to be a valid share
 			$rootLinkItem = Share::resolveReShare($linkItem);
 			if (isset($rootLinkItem['uid_owner'])) {
-				JSON::checkUserExists($rootLinkItem['uid_owner']);
+				if(!$this->userManager->userExists($rootLinkItem['uid_owner'])) {
+					throw new \Exception('Owner of the share does not exist anymore');
+				}
 				OC_Util::tearDownFS();
 				OC_Util::setupFS($rootLinkItem['uid_owner']);
 				$path = Filesystem::getPath($linkItem['file_source']);
+
+				if(!empty($path) && Filesystem::isReadable($path)) {
+					return $path;
+				}
 			}
 		}
-		return $path;
+
+		throw new \Exception('No file found belonging to file.');
 	}
 }
+

core/js/share.js

@@ -399,9 +399,6 @@ OC.Share={
 				html += '<span class="icon-loading-small hidden"></span>';
 				html += '<input type="checkbox" name="linkCheckbox" id="linkCheckbox" value="1" /><label for="linkCheckbox">'+t('core', 'Share link')+'</label>';
 				html += '<br />';
-				if (itemType != 'folder') {
-                                	html += '<p>Share the <i>current version</i> of this file</p>';
-				}
 	                        html += '<p>See also the <a target="_blank" href="https://cern.service-now.com/service-portal/search.do?q=cernbox+share"><b>FAQ</b></a></p>';
 
 				var defaultExpireMessage = '';

lib/private/files/view.php

@@ -37,11 +37,20 @@ class View {
 	protected $updater;
 
 	public function __construct($root = '') {
+		if (is_null($root)) {
+			throw new \InvalidArgumentException('Root can\'t be null');
+		}
+		if(!Filesystem::isValidPath($root)) {
+			throw new \Exception();
+		}
 		$this->fakeRoot = $root;
 		$this->updater = new Updater($this);
 	}
 
 	public function getAbsolutePath($path = '/') {
+		if ($path === null) {
+			return null;
+		}
 		$this->assertPathLength($path);
 		if ($path === '') {
 			$path = '/';