diff --git a/README b/README
index cd562b66c6c788e3e2793945424384b7979cfc4e..4d4be2728e1088526a41fe7c5d2812974e06e4fb 100644
--- a/README
+++ b/README
@@ -3,7 +3,7 @@ A personal cloud which runs on your own server.
http://ownCloud.org
-Installation instructions: http://owncloud.org/support
+Installation instructions: http://owncloud.org/support/setup-and-installation/
Source code: http://gitorious.org/owncloud
Mailing list: http://mail.kde.org/mailman/listinfo/owncloud
diff --git a/apps/bookmarks/js/bookmarks.js b/apps/bookmarks/js/bookmarks.js
index b43c3deb59c58d2addf4990a38d4c4590dd832c6..77f767cdb81cb4ca868e5023e8e6931b9f23258a 100644
--- a/apps/bookmarks/js/bookmarks.js
+++ b/apps/bookmarks/js/bookmarks.js
@@ -137,7 +137,7 @@ function showBookmark(event) {
$('.bookmarks_add').slideToggle();
}
$('html, body').animate({
- scrollTop: $('.bookmarks_menu').offset().top
+ scrollTop: ($('.bookmarks_menu'))?$('.bookmarks_menu').offset().top:0
}, 500);
}
diff --git a/apps/calendar/ajax/createcalendar.php b/apps/calendar/ajax/createcalendar.php
index b719b207c742aabdbf17e769f3e3ae7646610fc1..8d7b12f9b89550b60be9cd8c7d11403b09eb8b24 100644
--- a/apps/calendar/ajax/createcalendar.php
+++ b/apps/calendar/ajax/createcalendar.php
@@ -25,7 +25,7 @@ foreach($calendars as $cal){
}
$userid = OC_User::getUser();
-$calendarid = OC_Calendar_Calendar::addCalendar($userid, $_POST['name'], 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']);
+$calendarid = OC_Calendar_Calendar::addCalendar($userid, strip_tags($_POST['name']), 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']);
OC_Calendar_Calendar::setCalendarActive($calendarid, 1);
$calendar = OC_Calendar_Calendar::find($calendarid);
diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php
index 998991c2fb423b8e0e81798069800788428e9e56..75fac6838d7a27d12b42d6491fbdd697429f05f9 100644
--- a/apps/calendar/ajax/events.php
+++ b/apps/calendar/ajax/events.php
@@ -11,8 +11,8 @@ require_once('../../../3rdparty/when/When.php');
function addoutput($event, $vevent, $return_event){
$return_event['id'] = (int)$event['id'];
- $return_event['title'] = $event['summary'];
- $return_event['description'] = isset($vevent->DESCRIPTION)?$vevent->DESCRIPTION->value:'';
+ $return_event['title'] = htmlspecialchars($event['summary']);
+ $return_event['description'] = isset($vevent->DESCRIPTION)?htmlspecialchars($vevent->DESCRIPTION->value):'';
$last_modified = $vevent->__get('LAST-MODIFIED');
if ($last_modified){
$lastmodified = $last_modified->getDateTime()->format('U');
diff --git a/apps/calendar/ajax/updatecalendar.php b/apps/calendar/ajax/updatecalendar.php
index 269b7b7ca06f3911c1754fdff99fba521b839097..5add6d92bfa49bb30e9dc82531ad881cf742bcdb 100644
--- a/apps/calendar/ajax/updatecalendar.php
+++ b/apps/calendar/ajax/updatecalendar.php
@@ -26,7 +26,7 @@ foreach($calendars as $cal){
$calendarid = $_POST['id'];
$calendar = OC_Calendar_App::getCalendar($calendarid);//access check
-OC_Calendar_Calendar::editCalendar($calendarid, $_POST['name'], null, null, null, $_POST['color']);
+OC_Calendar_Calendar::editCalendar($calendarid, strip_tags($_POST['name']), null, null, null, $_POST['color']);
OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']);
$calendar = OC_Calendar_App::getCalendar($calendarid);
diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js
index afd1b692dd422e02a1e5bbbbb8ceb3661c291bf0..64c029404cba8a2d9c344c836d4150a2b8ab754d 100644
--- a/apps/calendar/js/calendar.js
+++ b/apps/calendar/js/calendar.js
@@ -698,6 +698,7 @@ $(document).ready(function(){
eventDrop: Calendar.UI.moveEvent,
eventResize: Calendar.UI.resizeEvent,
eventRender: function(event, element) {
+ element.find('span.fc-event-title').html(element.find('span.fc-event-title').text());
element.tipsy({
className: 'tipsy-event',
opacity: 0.9,
diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php
index 1f2073f4bc7c92e1008dfff3b864219836e385ed..49214aca77cd8c63a65bca5374826649cf5c9936 100644
--- a/apps/calendar/templates/part.eventform.php
+++ b/apps/calendar/templates/part.eventform.php
@@ -2,7 +2,7 @@
<tr>
<th width="75px"><?php echo $l->t("Title");?>:</th>
<td>
- <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? $_['title'] : '' ?>" maxlength="100" name="title"/>
+ <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>" maxlength="100" name="title"/>
</td>
</tr>
</table>
@@ -207,7 +207,7 @@
<tr>
<th width="85px"><?php echo $l->t("Location");?>:</th>
<td>
- <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? $_['location'] : '' ?>" maxlength="100" name="location" />
+ <input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>" maxlength="100" name="location" />
</td>
</tr>
</table>
@@ -215,7 +215,7 @@
<tr>
<th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
<td>
- <textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? $_['description'] : '' ?></textarea>
+ <textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
</td>
</tr>
</table>
diff --git a/apps/calendar/templates/settings.php b/apps/calendar/templates/settings.php
index fc8e0e061d966d995367ce7d8293b25c3b523eac..e174378d02dffae696cd2412a62b42ce429bd291 100644
--- a/apps/calendar/templates/settings.php
+++ b/apps/calendar/templates/settings.php
@@ -9,6 +9,7 @@
?>
<form id="calendar">
<fieldset class="personalblock">
+ <strong><?php echo $l->t('Calendar'); ?></strong>
<table class="nostyle">
<tr><td><label for="timezone" class="bold"><?php echo $l->t('Timezone');?></label></td><td><select style="display: none;" id="timezone" name="timezone">
<?php
diff --git a/apps/contacts/ajax/addcard.php b/apps/contacts/ajax/addcard.php
index 140d6a48095a85aa2eb4ae1c0650db358df9af42..f15a1685840c541cbbc110b4e5ab8b3071228542 100644
--- a/apps/contacts/ajax/addcard.php
+++ b/apps/contacts/ajax/addcard.php
@@ -77,7 +77,7 @@ foreach( $add as $propname){
ksort($value); // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form!
$value = OC_VObject::escapeSemicolons($value);
}
- $vcard->addProperty($propname, $value); //, $prop_parameters);
+ $vcard->addProperty($propname, strip_tags($value)); //, $prop_parameters);
$line = count($vcard->children) - 1;
foreach ($prop_parameters as $key=>$element) {
if(is_array($element) && strtoupper($key) == 'TYPE') {
diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php
index c90af217c87c7da16180723ffba7405edb00e44a..a00346c7dffaa5888b4d63f6445cf1618b024afe 100644
--- a/apps/contacts/ajax/addproperty.php
+++ b/apps/contacts/ajax/addproperty.php
@@ -67,6 +67,8 @@ foreach($current as $item) {
if(is_array($value)) {
ksort($value); // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form!
+} else {
+ $value = strip_tags($value);
}
$property = $vcard->addProperty($name, $value); //, $parameters);
diff --git a/apps/contacts/ajax/createaddressbook.php b/apps/contacts/ajax/createaddressbook.php
index edcf794f497b22b727f84d7f80537dc77a49cbc6..3d766b6a60ae56bf705ef2be2df0bb6149261792 100644
--- a/apps/contacts/ajax/createaddressbook.php
+++ b/apps/contacts/ajax/createaddressbook.php
@@ -15,7 +15,7 @@ OC_JSON::checkLoggedIn();
OC_JSON::checkAppEnabled('contacts');
$userid = OC_User::getUser();
-$bookid = OC_Contacts_Addressbook::add($userid, $_POST['name'], null);
+$bookid = OC_Contacts_Addressbook::add($userid, strip_tags($_POST['name']), null);
if(!$bookid) {
OC_JSON::error(array('data' => array('message' => $l->t('Error adding addressbook.'))));
OC_Log::write('contacts','ajax/createaddressbook.php: Error adding addressbook: '.$_POST['name'], OC_Log::ERROR);
diff --git a/apps/contacts/ajax/setproperty.php b/apps/contacts/ajax/setproperty.php
index cf3fe5822477227c511e2ca6f67c4fd9a74f2615..f9e2a8e864733dfec8652cb15f63c382a3cb2c07 100644
--- a/apps/contacts/ajax/setproperty.php
+++ b/apps/contacts/ajax/setproperty.php
@@ -37,9 +37,13 @@ $line = OC_Contacts_App::getPropertyLineByChecksum($vcard, $checksum);
$value = $_POST['value'];
if(is_array($value)){
ksort($value); // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form!
+ foreach(array_keys($value) as $key) {
+ OC_Log::write('contacts','ajax/setproperty.php: setting: '.$key.': '.$value[$key], OC_Log::DEBUG);
+ }
+ $value = OC_VObject::escapeSemicolons($value);
}
OC_Log::write('contacts','ajax/setproperty.php: setting: '.$vcard->children[$line]->name.': '.$value, OC_Log::DEBUG);
-$vcard->children[$line]->setValue($value);
+$vcard->children[$line]->setValue(strip_tags($value));
// Add parameters
$postparameters = isset($_POST['parameters'])?$_POST['parameters']:array();
diff --git a/apps/contacts/templates/part.chooseaddressbook.rowfields.php b/apps/contacts/templates/part.chooseaddressbook.rowfields.php
index 0cbfe2bf803c606b3e0b0337d8c3c41ef8989267..95a4b2362aa7e36eed4f19dd72560015d37911c5 100644
--- a/apps/contacts/templates/part.chooseaddressbook.rowfields.php
+++ b/apps/contacts/templates/part.chooseaddressbook.rowfields.php
@@ -1,5 +1,5 @@
<?php
// FIXME: Make this readable.
echo "<td width=\"20px\"><input id=\"active_" . $_['addressbook']["id"] . "\" type=\"checkbox\" onClick=\"Contacts.UI.Addressbooks.activation(this, " . $_['addressbook']["id"] . ")\"" . (OC_Contacts_Addressbook::isActive($_['addressbook']["id"]) ? ' checked="checked"' : '') . "></td>";
- echo "<td><label for=\"active_" . $_['addressbook']["id"] . "\">" . $_['addressbook']["displayname"] . "</label></td>";
+ echo "<td><label for=\"active_" . $_['addressbook']["id"] . "\">" . htmlspecialchars($_['addressbook']["displayname"]) . "</label></td>";
echo "<td width=\"20px\"><a href=\"#\" onclick=\"Contacts.UI.showCardDAVUrl('" . OC_User::getUser() . "', '" . $_['addressbook']["uri"] . "');\" title=\"" . $l->t("CardDav Link") . "\" class=\"action\"><img class=\"svg action\" src=\"../../core/img/actions/public.svg\"></a></td><td width=\"20px\"><a href=\"export.php?bookid=" . $_['addressbook']["id"] . "\" title=\"" . $l->t("Download") . "\" class=\"action\"><img class=\"svg action\" src=\"../../core/img/actions/download.svg\"></a></td><td width=\"20px\"><a href=\"#\" title=\"" . $l->t("Edit") . "\" class=\"action\" onclick=\"Contacts.UI.Addressbooks.editAddressbook(this, " . $_['addressbook']["id"] . ");\"><img class=\"svg action\" src=\"../../core/img/actions/rename.svg\"></a></td><td width=\"20px\"><a href=\"#\" onclick=\"Contacts.UI.Addressbooks.deleteAddressbook('" . $_['addressbook']["id"] . "');\" title=\"" . $l->t("Delete") . "\" class=\"action\"><img class=\"svg action\" src=\"../../core/img/actions/delete.svg\"></a></td>";
diff --git a/apps/contacts/templates/part.editaddressbook.php b/apps/contacts/templates/part.editaddressbook.php
index 48fe5c3b378fbd63425420064b7af7bd2d57fc3e..c1c585687c46b2645f6275e2c5ee76671508c26e 100644
--- a/apps/contacts/templates/part.editaddressbook.php
+++ b/apps/contacts/templates/part.editaddressbook.php
@@ -11,7 +11,7 @@
<tr>
<th><?php echo $l->t('Displayname') ?></th>
<td>
- <input id="displayname_<?php echo $_['addressbook']['id'] ?>" type="text" value="<?php echo $_['addressbook']['displayname'] ?>">
+ <input id="displayname_<?php echo $_['addressbook']['id'] ?>" type="text" value="<?php echo htmlspecialchars($_['addressbook']['displayname']) ?>">
</td>
</tr>
<?php if (!$_['new']): ?>
diff --git a/apps/contacts/templates/part.property.FN.php b/apps/contacts/templates/part.property.FN.php
index 83cef94e303519a06d308a3ab04ff37db9f13996..c9e21c20e604373e54464a0cd2a8494428479b34 100644
--- a/apps/contacts/templates/part.property.FN.php
+++ b/apps/contacts/templates/part.property.FN.php
@@ -1,9 +1,9 @@
<p id="contacts_details_name" class="contacts_property" data-checksum="<?php echo $_['property']['checksum']; ?>">
- <?php echo $_['property']['value']; ?>
+ <?php echo htmlspecialchars($_['property']['value']); ?>
<span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span>
</p>
<?php if (!isset($_['details'])): ?>
<script>
-$('#leftcontent li.active a').text('<?php echo $_['property']['value']; ?>');
+$('#leftcontent li.active a').text('<?php echo htmlspecialchars($_['property']['value']); ?>');
</script>
<?php endif ?>
diff --git a/apps/contacts/templates/part.property.php b/apps/contacts/templates/part.property.php
index e401039750075cd357f8299c7093013a1383d46c..7b23fae45b547f3667c3beee602427737c8725e6 100644
--- a/apps/contacts/templates/part.property.php
+++ b/apps/contacts/templates/part.property.php
@@ -8,21 +8,21 @@
<?php elseif($_['property']['name'] == 'ORG'): ?>
<p class="contacts_property_name"><?php echo $l->t('Organization'); ?></p>
<p class="contacts_property_data">
- <?php echo $_['property']['value']; ?>
+ <?php echo htmlspecialchars($_['property']['value']); ?>
<span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span>
<span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span>
</p>
<?php elseif($_['property']['name'] == 'EMAIL'): ?>
<p class="contacts_property_name"><?php echo $l->t('Email'); ?></p>
<p class="contacts_property_data">
- <?php echo $_['property']['value']; ?>
+ <?php echo htmlspecialchars($_['property']['value']); ?>
<span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span>
<span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span>
</p>
<?php elseif($_['property']['name'] == 'TEL'): ?>
<p class="contacts_property_name"><?php echo (isset($_['property']['parameters']['PREF']) && $_['property']['parameters']['PREF']) ? $l->t('Preferred').' ' : '' ?><?php echo $l->t('Phone'); ?></p>
<p class="contacts_property_data">
- <?php echo $_['property']['value']; ?>
+ <?php echo htmlspecialchars($_['property']['value']); ?>
<?php if(isset($_['property']['parameters']['TYPE']) && !empty($_['property']['parameters']['TYPE'])): ?>
<?php
foreach($_['property']['parameters']['TYPE'] as $type) {
@@ -59,25 +59,25 @@
</p>
<p class="contacts_property_data">
<?php if(!empty($_['property']['value'][0])): ?>
- <?php echo $_['property']['value'][0]; ?><br>
+ <?php echo htmlspecialchars($_['property']['value'][0]); ?><br>
<?php endif; ?>
<?php if(!empty($_['property']['value'][1])): ?>
- <?php echo $_['property']['value'][1]; ?><br>
+ <?php echo htmlspecialchars($_['property']['value'][1]); ?><br>
<?php endif; ?>
<?php if(!empty($_['property']['value'][2])): ?>
- <?php echo $_['property']['value'][2]; ?><br>
+ <?php echo htmlspecialchars($_['property']['value'][2]); ?><br>
<?php endif; ?>
<?php if(!empty($_['property']['value'][3])): ?>
- <?php echo $_['property']['value'][3]; ?><br>
+ <?php echo htmlspecialchars($_['property']['value'][3]); ?><br>
<?php endif; ?>
<?php if(!empty($_['property']['value'][4])): ?>
- <?php echo $_['property']['value'][4]; ?><br>
+ <?php echo htmlspecialchars($_['property']['value'][4]); ?><br>
<?php endif; ?>
<?php if(!empty($_['property']['value'][5])): ?>
- <?php echo $_['property']['value'][5]; ?><br>
+ <?php echo htmlspecialchars($_['property']['value'][5]); ?><br>
<?php endif; ?>
<?php if(!empty($_['property']['value'][6])): ?>
- <?php echo $_['property']['value'][6]; ?>
+ <?php echo htmlspecialchars($_['property']['value'][6]); ?>
<?php endif; ?>
<span style="display:none;" data-use="edit"><img class="svg action" src="<?php echo image_path('', 'actions/rename.svg'); ?>" /></span>
<span style="display:none;" data-use="delete"><img class="svg action" src="<?php echo image_path('', 'actions/delete.svg'); ?>" /></span>
diff --git a/apps/contacts/templates/part.setpropertyform.php b/apps/contacts/templates/part.setpropertyform.php
index 49fa96621464cdccc3cc11b440a39a47b37e9de4..93ade8faaa79d8fce728e899e01e3cf494206ab4 100644
--- a/apps/contacts/templates/part.setpropertyform.php
+++ b/apps/contacts/templates/part.setpropertyform.php
@@ -5,18 +5,18 @@
<p class="contacts_property_name">
<dl class="contacts_property_data form">
<dt><label for="n1"><?php echo $l->t('Given name'); ?></label></dt>
- <dd><input id="n1" type="text" name="value[1]" value="<?php echo $_['property']['value'][1]; ?>"></dd>
+ <dd><input id="n1" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]); ?>"></dd>
<dt><label for="n0"><?php echo $l->t('Family name'); ?></dt>
- <dd><input id="n0" type="text" name="value[0]" value="<?php echo $_['property']['value'][0]; ?>"></dd>
+ <dd><input id="n0" type="text" name="value[0]" value="<?php echo htmlspecialchars($_['property']['value'][0]); ?>"></dd>
<dt><label for="n2"><?php echo $l->t('Additional names'); ?></dt>
- <dd><input id="n2" type="text" name="value[2]" value="<?php echo $_['property']['value'][2]; ?>">
- <input id="n3" type="hidden" name="value[3]" value="<?php echo $_['property']['value'][3]; ?>">
- <input id="n4" type="hidden" name="value[4]" value="<?php echo $_['property']['value'][4]; ?>">
+ <dd><input id="n2" type="text" name="value[2]" value="<?php echo htmlspecialchars($_['property']['value'][2]); ?>">
+ <input id="n3" type="hidden" name="value[3]" value="<?php echo htmlspecialchars($_['property']['value'][3]); ?>">
+ <input id="n4" type="hidden" name="value[4]" value="<?php echo htmlspecialchars($_['property']['value'][4]); ?>">
</dd>
</dl>
</p>
<?php elseif($_['property']['name']=='FN'): ?>
- <p class="contacts_property_data"><input id="fn" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p>
+ <p class="contacts_property_data"><input id="fn" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p>
<?php elseif($_['property']['name']=='ADR'): ?>
<p class="contacts_property_name"><label for="adr_pobox"><?php echo $l->t('Address'); ?></label></p>
<dl class="contacts_property_data form" id="contacts_addresspart">
@@ -32,60 +32,60 @@
<label for="adr_pobox"><?php echo $l->t('PO Box'); ?></label>
</dt>
<dd>
- <input id="adr_pobox" type="text" name="value[0]" value="<?php echo $_['property']['value'][0] ?>">
+ <input id="adr_pobox" type="text" name="value[0]" value="<?php echo htmlspecialchars($_['property']['value'][0]) ?>">
</dd>
<!-- dt>
<label for="adr_extended"><?php echo $l->t('Extended'); ?></label>
</dt>
<dd>
- <input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo $_['property']['value'][1] ?>">
+ <input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]) ?>">
</dd -->
<dt>
<label for="adr_street"><?php echo $l->t('Street'); ?></label>
</dt>
<dd>
- <input style="width: 12em;" id="adr_street" type="text" name="value[2]" value="<?php echo $_['property']['value'][2] ?>">
- <label for="adr_extended"><?php echo $l->t('Extended'); ?></label><input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo $_['property']['value'][1] ?>">
+ <input style="width: 12em;" id="adr_street" type="text" name="value[2]" value="<?php echo htmlspecialchars($_['property']['value'][2]) ?>">
+ <label for="adr_extended"><?php echo $l->t('Extended'); ?></label><input style="width: 7em;" id="adr_extended" type="text" name="value[1]" value="<?php echo htmlspecialchars($_['property']['value'][1]) ?>">
</dd>
<dt>
<label for="adr_city"><?php echo $l->t('City'); ?></label>
</dt>
<dd>
- <input style="width: 12em;" id="adr_city" type="text" name="value[3]" value="<?php echo $_['property']['value'][3] ?>">
+ <input style="width: 12em;" id="adr_city" type="text" name="value[3]" value="<?php echo htmlspecialchars($_['property']['value'][3]) ?>">
<label for="adr_zipcode"><?php echo $l->t('Zipcode'); ?></label>
- <input style="width: 5em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo $_['property']['value'][5] ?>">
+ <input style="width: 5em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo htmlspecialchars($_['property']['value'][5]) ?>">
</dd>
<dt>
<label for="adr_region"><?php echo $l->t('Region'); ?></label>
</dt>
<dd>
- <input id="adr_region" type="text" name="value[4]" value="<?php echo $_['property']['value'][4] ?>">
+ <input id="adr_region" type="text" name="value[4]" value="<?php echo htmlspecialchars($_['property']['value'][4]) ?>">
</dd>
<!-- dt>
<label for="adr_zipcode"><?php echo $l->t('Zipcode'); ?></label>
</dt>
<dd>
- <input style="width: 7em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo $_['property']['value'][5] ?>">
+ <input style="width: 7em;" id="adr_zipcode" type="text" name="value[5]" value="<?php echo htmlspecialchars($_['property']['value'][5]) ?>">
</dd -->
<dt>
<label for="adr_country"><?php echo $l->t('Country'); ?></label>
</dt>
<dd>
- <input style="width: 25em;" id="adr_country" type="text" name="value[6]" value="<?php echo $_['property']['value'][6] ?>">
+ <input style="width: 25em;" id="adr_country" type="text" name="value[6]" value="<?php echo htmlspecialchars($_['property']['value'][6]) ?>">
</dd>
</dl>
<?php elseif($_['property']['name']=='TEL'): ?>
<p class="contacts_property_name"><label for="tel"><?php echo $l->t('Phone'); ?></label></p>
- <p class="contacts_property_data"><input id="tel" type="phone" name="value" value="<?php echo $_['property']['value'] ?>">
+ <p class="contacts_property_data"><input id="tel" type="phone" name="value" value="<?php echo htmlspecialchars($_['property']['value']) ?>">
<select id="tel_type<?php echo $_['property']['checksum'] ?>" name="parameters[TYPE][]" multiple="multiple" data-placeholder="<?php echo $l->t('Type') ?>">
<?php echo html_select_options($_['phone_types'], isset($_['property']['parameters']['TYPE'])?$_['property']['parameters']['TYPE']:array()) ?>
</select></p>
<?php elseif($_['property']['name']=='EMAIL'): ?>
<p class="contacts_property_name"><label for="email"><?php echo $l->t('Email'); ?></label></p>
- <p class="contacts_property_data"><input id="email" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p>
+ <p class="contacts_property_data"><input id="email" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p>
<?php elseif($_['property']['name']=='ORG'): ?>
<p class="contacts_property_name"><label for="org"><?php echo $l->t('Organization'); ?></label></p>
- <p class="contacts_property_data"><input id="org" type="text" name="value" value="<?php echo $_['property']['value']; ?>"></p>
+ <p class="contacts_property_data"><input id="org" type="text" name="value" value="<?php echo htmlspecialchars($_['property']['value']); ?>"></p>
<?php endif; ?>
<input id="contacts_setproperty_button" type="submit" value="<?php echo $l->t('Update'); ?>">
</form>
diff --git a/apps/gallery/ajax/galleryOp.php b/apps/gallery/ajax/galleryOp.php
index 0c2674f885931aa5c4eb76b4ff7227e1b848c7ad..f819d87f6660e2d28a6a6b0b1cb40e871f4c4a03 100644
--- a/apps/gallery/ajax/galleryOp.php
+++ b/apps/gallery/ajax/galleryOp.php
@@ -54,9 +54,11 @@ function handleGalleryScanning() {
OC_JSON::success(array('albums' => OC_Gallery_Scanner::scan('/')));
}
-function handleFilescan() {
+function handleFilescan($cleanup) {
OC_JSON::checkLoggedIn();
- $pathlist = OC_Gallery_Scanner::find_paths('/');
+ if ($cleanup) OC_Gallery_Album::cleanup();
+ $root = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'root', '').'/';
+ $pathlist = OC_Gallery_Scanner::find_paths($root);
sort($pathlist);
OC_JSON::success(array('paths' => $pathlist));
}
@@ -72,6 +74,25 @@ function handlePartialCreate($path) {
OC_JSON::success(array('album_details' => $albums));
}
+function handleStoreSettings($root, $order) {
+ OC_JSON::checkLoggedIn();
+ if (!OC_Filesystem::file_exists($root)) {
+ OC_JSON::error(array('cause' => 'No such file or directory'));
+ return;
+ }
+ if (!OC_Filesystem::is_dir($root)) {
+ OC_JSON::error(array('cause' => $root . ' is not a directory'));
+ return;
+ }
+
+ $current_root = OC_Preferences::getValue(OC_User::getUser(),'gallery', 'root', '/');
+ $root = trim(rtrim($root, '/'));
+ $rescan = $current_root==$root?'no':'yes';
+ OC_Preferences::setValue(OC_User::getUser(), 'gallery', 'root', $root);
+ OC_Preferences::setValue(OC_User::getUser(), 'gallery', 'order', $order);
+ OC_JSON::success(array('rescan' => $rescan));
+}
+
if ($_GET['operation']) {
switch($_GET['operation']) {
case 'rename':
@@ -83,16 +104,19 @@ if ($_GET['operation']) {
OC_JSON::success();
break;
case 'get_covers':
- handleGetThumbnails($_GET['albumname']);
+ handleGetThumbnails(urldecode($_GET['albumname']));
break;
case 'scan':
handleGalleryScanning();
break;
case 'filescan':
- handleFilescan();
+ handleFilescan($_GET['cleanup']);
break;
case 'partial_create':
- handlePartialCreate($_GET['path']);
+ handlePartialCreate(urldecode($_GET['path']));
+ break;
+ case 'store_settings':
+ handleStoreSettings($_GET['root'], $_GET['order']);
break;
default:
OC_JSON::error(array('cause' => 'Unknown operation'));
diff --git a/apps/gallery/css/styles.css b/apps/gallery/css/styles.css
index 7872b6445ca73ea348bcee627b6639faf95296ae..c039cd5ec02b47a20978248b5f15c44a1dad46a6 100644
--- a/apps/gallery/css/styles.css
+++ b/apps/gallery/css/styles.css
@@ -12,3 +12,6 @@ div.gallery_control_overlay a { color:white; }
#gallery_images.rightcontent { padding:10px 5px; bottom: 0px; overflow: auto; right:0px}
#scan { position:absolute; right:13.5em; top:0em; }
#scan #scanprogressbar { position:relative; display:inline-block; width:10em; height:1.5em; top:.4em; }
+#g-settings {position: absolute; left 13.5em; top: 0;}
+input[type=button] { -webkit-transition: opacity 0.5s ease-in-out; -moz-transition: opacity 0.5s ease-in-out; -o-transition: opacity 0.5s ease-in-out; opacity: 1}
+input[type=button]:disabled { opacity: 0.5 }
diff --git a/apps/gallery/js/album_cover.js b/apps/gallery/js/album_cover.js
index e78db221cff52dd840a85945fdcfee5537501514..4ddac2f211131c379a50c6a095a554c128ee7881 100644
--- a/apps/gallery/js/album_cover.js
+++ b/apps/gallery/js/album_cover.js
@@ -38,10 +38,12 @@ function createNewAlbum() {
var albumCounter = 0;
var totalAlbums = 0;
-function scanForAlbums() {
+function scanForAlbums(cleanup) {
+ cleanup = cleanup?true:false;
var albumCounter = 0;
var totalAlbums = 0;
- $.getJSON('ajax/galleryOp.php?operation=filescan', function(r) {
+ $('#g-scan-button').attr('disabled', 'true');
+ $.getJSON('ajax/galleryOp.php?operation=filescan', {cleanup: cleanup}, function(r) {
if (r.status == 'success') {
totalAlbums = r.paths.length;
@@ -68,6 +70,7 @@ function scanForAlbums() {
} else {
alert('Error occured: no such layer `gallery_list`');
}
+ $('#g-scan-button').attr('disabled', null);
}
});
}
@@ -125,13 +128,13 @@ function galleryRename(name) {
$(this).dialog("close");
return;
}
- $.getJSON("ajax/galleryOp.php", {operation: "rename", oldname: name, newname: newname}, function(r) {
+ $.getJSON('ajax/galleryOp.php', {operation: 'rename', oldname: name, newname: newname}, function(r) {
if (r.status == "success") {
Albums.rename($(".gallery_album_box").filterAttr('data-album',name), newname);
} else {
alert("Error: " + r.cause);
}
- $('#dialog-form').dialog("close");
+ $('#dialog-form').dialog('close');
});
}
@@ -139,10 +142,49 @@ function galleryRename(name) {
{
text: t('gallery', 'Cancel'),
click: function() {
- $( this ).dialog( "close" );
+ $( this ).dialog('close');
}
}
],
});
}
+function settings() {
+ $( '#g-dialog-settings' ).dialog({
+ height: 180,
+ width: 350,
+ modal: false,
+ buttons: [{
+ text: t('gallery', 'Apply'),
+ click: function() {
+ var scanning_root = $('#g-scanning-root').val();
+ var disp_order = $('#g-display-order option:selected').val();
+ if (scanning_root == '') {
+ alert('Scanning root cannot be empty');
+ return;
+ }
+ $.getJSON('ajax/galleryOp.php', {operation: 'store_settings', root: scanning_root, order: disp_order}, function(r) {
+ if (r.status == 'success') {
+ if (r.rescan == 'yes') {
+ $('#g-dialog-settings').dialog('close');
+ Albums.clear(document.getElementById('gallery_list'));
+ scanForAlbums(true);
+ return;
+ }
+ } else {
+ alert('Error: ' + r.cause);
+ return;
+ }
+ $('#g-dialog-settings').dialog('close');
+ });
+ }
+ },
+ {
+ text: t('gallery', 'Cancel'),
+ click: function() {
+ $(this).dialog('close');
+ }
+ }
+ ],
+ });
+}
diff --git a/apps/gallery/js/albums.js b/apps/gallery/js/albums.js
index d2b4d858b5580459d080cbfe5a96abac7c1fb044..987412f28e0f0dbe2203bc845a5644ff46d3826f 100644
--- a/apps/gallery/js/albums.js
+++ b/apps/gallery/js/albums.js
@@ -52,14 +52,14 @@ Albums={
});
$(".gallery_album_decoration a.remove", local).bind('click', {name: a.name},function(event){
event.preventDefault();
- galleryRemove(a.data.name);
+ galleryRemove(event.data.name);
});
- $("a.view", local).attr('href','?view='+a.name);
+ $("a.view", local).attr('href','?view='+escape(a.name));
$('h1',local).text(a.name);
$(".gallery_album_cover", local).attr('title',a.name);
$(".gallery_album_cover", local).css('background-repeat', 'no-repeat');
$(".gallery_album_cover", local).css('background-position', '0');
- $(".gallery_album_cover", local).css('background-image','url("ajax/galleryOp.php?operation=get_covers&albumname='+a.name+'")');
+ $(".gallery_album_cover", local).css('background-image','url("ajax/galleryOp.php?operation=get_covers&albumname='+escape(a.name)+'")');
$(".gallery_album_cover", local).mousemove(function(e) {
var albumMetadata = Albums.find(this.title);
@@ -80,6 +80,10 @@ Albums={
$("a.view", element).attr("href", "?view="+new_name);
$("h1", element).text(new_name);
}
+ },
+ clear: function(element) {
+ Albums.albums = new Array();
+ element.innerHTML = '';
}
}
diff --git a/apps/gallery/lib/album.php b/apps/gallery/lib/album.php
index 4eb12cc0b8155be6dd729ca44a922b2da5fdc058..d1405333ac775d3b396adac93c33be0150ce5aab 100644
--- a/apps/gallery/lib/album.php
+++ b/apps/gallery/lib/album.php
@@ -31,6 +31,14 @@ class OC_Gallery_Album {
$stmt = OC_DB::prepare('UPDATE *PREFIX*gallery_albums SET album_name=? WHERE uid_owner=? AND album_name=?');
$stmt->execute(array($newname, $owner, $oldname));
}
+
+ public static function cleanup() {
+ $albums = self::find(OC_User::getUser());
+ while ($r = $albums->fetchRow()) {
+ OC_Gallery_Photo::removeByAlbumId($r['album_id']);
+ self::remove(OC_User::getUser(), $r['album_name']);
+ }
+ }
public static function remove($owner, $name=null) {
$sql = 'DELETE FROM *PREFIX*gallery_albums WHERE uid_owner = ?';
@@ -69,7 +77,8 @@ class OC_Gallery_Album {
$sql .= ' AND album_path = ?';
$args[] = $path;
}
- $sql .= ' ORDER BY album_name ASC';
+ $order = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'order', 'ASC');
+ $sql .= ' ORDER BY album_name ' . $order;
$stmt = OC_DB::prepare($sql);
return $stmt->execute($args);
diff --git a/apps/gallery/lib/hooks_handlers.php b/apps/gallery/lib/hooks_handlers.php
index 236a4b96a0769be3ca03b4579963e8af006c5960..046866e5c5dbc2ab853b8842c9750c88b78899e5 100644
--- a/apps/gallery/lib/hooks_handlers.php
+++ b/apps/gallery/lib/hooks_handlers.php
@@ -58,12 +58,18 @@ class OC_Gallery_Hooks_Handlers {
return OC_Gallery_Album::find(OC_User::getUser(), null, $path);
}
+ public static function pathInRoot($path) {
+ $root = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'root', '/');
+ return substr($path, 0, strlen($path)>strlen($root)?strlen($root):strlen($path)) == $root;
+ }
+
public static function addPhotoFromPath($params) {
$fullpath = $params[OC_Filesystem::signal_param_path];
if (!self::isPhoto($fullpath)) return;
$path = substr($fullpath, 0, strrpos($fullpath, '/'));
+ if (!self::pathInRoot($path)) return;
OC_Gallery_Scanner::scanDir($path, $albums);
}
@@ -71,8 +77,8 @@ class OC_Gallery_Hooks_Handlers {
public static function removePhoto($params) {
$path = $params[OC_Filesystem::signal_param_path];
if (OC_Filesystem::is_dir($path) && self::directoryContainsPhotos($path)) {
- OC_Gallery_Album::removeByPath($path, OC_User::getUser());
- OC_Gallery_Photo::removeByPath($path.'/%');
+ if(!self::pathInRoot($path)) return;
+ OC_Gallery_Album::removeByPath($path.'/', OC_User::getUser());
} elseif (self::isPhoto($path)) {
OC_Gallery_Photo::removeByPath($path);
}
diff --git a/apps/gallery/lib/scanner.php b/apps/gallery/lib/scanner.php
index dfb9edebfea864046bfc59f933b793bea4608fd1..3aae94d1a4ff271619d172ed0de6cfc112133f6f 100644
--- a/apps/gallery/lib/scanner.php
+++ b/apps/gallery/lib/scanner.php
@@ -39,12 +39,19 @@ class OC_Gallery_Scanner {
$stmt->execute(array());
}
+ public static function createName($name) {
+ $root = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'root', '/');
+ $name = str_replace('/', '.', str_replace(OC::$CONFIG_DATADIRECTORY, '', $name));
+ if (substr($name, 0, strlen($root)) == str_replace('/','.',$root)) {
+ $name = substr($name, strlen($root));
+ }
+ $name = ($name==='.') ? 'main' : trim($name,'.');
+ return $name;
+ }
+
public static function scanDir($path, &$albums) {
$current_album = array('name'=> $path, 'imagesCount' => 0, 'images' => array());
- $current_album['name'] = str_replace('/', '.', str_replace(OC::$CONFIG_DATADIRECTORY, '', $current_album['name']));
- $current_album['name'] = ($current_album['name']==='.') ?
- 'main' :
- trim($current_album['name'],'.');
+ $current_album['name'] = self::createName($current_album['name']);
if ($dh = OC_Filesystem::opendir($path)) {
while (($filename = readdir($dh)) !== false) {
@@ -106,7 +113,7 @@ class OC_Gallery_Scanner {
if (self::isPhoto($path.$file)) $addpath = TRUE;
}
- if ($addpath) $ret[] = $path;
+ if ($addpath) $ret[] = urlencode($path);
return $ret;
}
diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php
index 4c2fbcfe6c654ebd0afcb0064ca82cceb862387a..7cc7dad3ac683720520644e7a739f4397708712c 100644
--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
@@ -9,7 +9,10 @@ $l = new OC_L10N('gallery');
<div id="controls">
<div id="scan">
<div id="scanprogressbar"></div>
- <input type="button" value="<?php echo $l->t('Rescan');?>" onclick="javascript:scanForAlbums();" />
+ <input type="button" id="g-scan-button" value="<?php echo $l->t('Rescan');?>" onclick="javascript:scanForAlbums();" />
+ </div>
+ <div id="g-settings">
+ <input type="button" id="g-settings-button" value="<?php echo $l->t('Settings');?>" onclick="javascript:settings();"/>
</div>
</div>
<div id="gallery_list">
@@ -28,3 +31,26 @@ $l = new OC_L10N('gallery');
</form>
</div>
+<div id="g-dialog-settings" title="<?php echo $l->t('Settings');?>" style="display:none">
+ <form>
+ <fieldset><?php $root = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'root', '/'); $order = OC_Preferences::getValue(OC_User::getUser(), 'gallery', 'order', 'ASC');?>
+ <label for="name"><?php echo $l->t('Scanning root');?></label>
+ <input type="text" name="g-scanning-root" id="g-scanning-root" class="text ui-widget-content ui-corner-all" value="<?php echo $root;?>" /><br/>
+
+ <label for="sort"><?php echo $l->t('Default sorting'); ?></label>
+ <select id="g-display-order">
+ <option value="ASC"<?php echo $order=='ASC'?'selected':'';?>><?php echo $l->t('Ascending'); ?></option>
+ <option value="DESC"<?php echo $order=='DESC'?'selected':'';?>><?php echo $l->t('Descending'); ?></option>
+ </select><br/>
+<!--
+ <label for="sort"><?php echo $l->t('Thumbnails size'); ?></label>
+ <select>
+ <option value="100">100px</option>
+ <option value="150">150px</option>
+ <option value="200">200px</option>
+ </select>
+ -->
+ </fieldset>
+ </form>
+</div>
+