diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php
index 92091f421353d370b47594059563b72dd3325065..878e4cb2159e70c5a9aa25935b5bc9043a28ab81 100644
--- a/apps/files/ajax/list.php
+++ b/apps/files/ajax/list.php
@@ -25,7 +25,7 @@ if($doBreadcrumb) {
}
$breadcrumbNav = new OCP\Template( "files", "part.breadcrumb", "" );
- $breadcrumbNav->assign( "breadcrumb", $breadcrumb );
+ $breadcrumbNav->assign( "breadcrumb", $breadcrumb, false );
$data['breadcrumb'] = $breadcrumbNav->fetchPage();
}
diff --git a/apps/files/index.php b/apps/files/index.php
index 54c741678030fc00d4536b5b29bc32050b670730..a88e1f00741a243a619385654a681b9f1af02741 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -36,7 +36,7 @@ if(!isset($_SESSION['timezone'])) {
}
OCP\App::setActiveNavigationEntry( 'files_index' );
// Load the files
-$dir = isset( $_GET['dir'] ) ? rawurldecode(stripslashes($_GET['dir'])) : '';
+$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
// Redirect if directory does not exist
if(!\OC\Files\Filesystem::is_dir($dir.'/')) {
header('Location: '.$_SERVER['SCRIPT_NAME'].'');
diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js
index 40dd9f14a69babdc73cc62a18e890c63b622a959..80b9c01f83887176e554ebb72ef29513a88ede99 100644
--- a/apps/files/js/fileactions.js
+++ b/apps/files/js/fileactions.js
@@ -70,34 +70,43 @@ var FileActions = {
}
parent.children('a.name').append('<span class="fileactions" />');
var defaultAction = FileActions.getDefault(FileActions.getCurrentMimeType(), FileActions.getCurrentType(), FileActions.getCurrentPermissions());
- var actionHandler = function (parent, action, event) {
+
+ var actionHandler = function (event) {
event.stopPropagation();
event.preventDefault();
- FileActions.currentFile = parent;
- file = FileActions.getCurrentFile();
- action(file);
+
+ FileActions.currentFile = event.data.elem;
+ var file = FileActions.getCurrentFile();
+
+ event.data.actionFunc(file);
};
- for (name in actions) {
+
+ $.each(actions, function (name, action) {
// NOTE: Temporary fix to prevent rename action in root of Shared directory
if (name === 'Rename' && $('#dir').val() === '/Shared') {
- continue;
+ return true;
}
- if ((name === 'Download' || actions[name] !== defaultAction) && name !== 'Delete') {
+
+ if ((name === 'Download' || action !== defaultAction) && name !== 'Delete') {
var img = FileActions.icons[name];
if (img.call) {
img = img(file);
}
var html = '<a href="#" class="action" data-action="'+name+'">';
if (img) {
- html += '<img class ="svg" src="' + img + '"/> ';
+ html += '<img class ="svg" src="' + img + '" /> ';
}
html += t('files', name) + '</a>';
+
var element = $(html);
element.data('action', name);
- element.click(actionHandler.bind(null, parent, actions[name]));
+ //alert(element);
+ element.on('click',{a:null, elem:parent, actionFunc:actions[name]},actionHandler);
parent.find('a.name>span.fileactions').append(element);
}
- }
+
+ });
+
if (actions['Delete']) {
var img = FileActions.icons['Delete'];
if (img.call) {
@@ -114,7 +123,7 @@ var FileActions = {
element.append($('<img class ="svg" src="' + img + '"/>'));
}
element.data('action', actions['Delete']);
- element.click(actionHandler.bind(null, parent, actions['Delete']));
+ element.on('click',{a:null, elem:parent, actionFunc:actions['Delete']},actionHandler);
parent.parent().children().last().append(element);
}
},
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index a5550dc9926223afa058f435a84d92169439032b..5674206632b2daf1bf86cab8d2184b662cb9eb31 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -151,6 +151,9 @@ var FileList={
event.stopPropagation();
event.preventDefault();
var newname=input.val();
+ if (Files.containsInvalidCharacters(newname)) {
+ return false;
+ }
if (newname != name) {
if (FileList.checkName(name, newname, false)) {
newname = name;
diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 4307650d4ff6aba8799ac07b003068dc29ad18d8..3b33fc197806ccbc69266b066b6d448ede926d2d 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -25,6 +25,18 @@ Files={
delete uploadingFiles[index];
});
procesSelection();
+ },
+ containsInvalidCharacters:function (name) {
+ var invalid_characters = ['\\', '/', '<', '>', ':', '"', '|', '?', '*'];
+ for (var i = 0; i < invalid_characters.length; i++) {
+ if (name.indexOf(invalid_characters[i]) != -1) {
+ $('#notification').text(t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
+ $('#notification').fadeIn();
+ return true;
+ }
+ }
+ $('#notification').fadeOut();
+ return false;
}
};
$(document).ready(function() {
@@ -505,9 +517,7 @@ $(document).ready(function() {
$(this).append(input);
input.focus();
input.change(function(){
- if(type != 'web' && $(this).val().indexOf('/')!=-1){
- $('#notification').text(t('files','Invalid name, \'/\' is not allowed.'));
- $('#notification').fadeIn();
+ if (type != 'web' && Files.containsInvalidCharacters($(this).val())) {
return;
} else if( type == 'folder' && $('#dir').val() == '/' && $(this).val() == 'Shared') {
$('#notification').text(t('files','Invalid folder name. Usage of "Shared" is reserved by Owncloud'));
diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php
index ead9ab1ed7d4c37aa4e335e4fbbebc5ffd899f23..ba1432c1b8f9cce464f909d0b35f4b8ba7f1b4eb 100644
--- a/apps/files/templates/part.breadcrumb.php
+++ b/apps/files/templates/part.breadcrumb.php
@@ -1,6 +1,7 @@
<?php for($i=0; $i<count($_["breadcrumb"]); $i++):
- $crumb = $_["breadcrumb"][$i]; ?>
- <div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo urlencode($crumb["dir"]);?>' style='background-image:url("<?php echo OCP\image_path('core', 'breadcrumb.png');?>")'>
- <a href="<?php echo $_['baseURL'].urlencode($crumb["dir"]); ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
+ $crumb = $_["breadcrumb"][$i];
+ $dir = str_replace('+','%20', urlencode($crumb["dir"])); ?>
+ <div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $dir;?>' style='background-image:url("<?php echo OCP\image_path('core', 'breadcrumb.png');?>")'>
+ <a href="<?php echo $_['baseURL'].$dir; ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
</div>
<?php endfor;?>
diff --git a/core/templates/installation.php b/core/templates/installation.php
index a7c4780d5d1dc5ce457e8ba4d3444bcc9e31f30b..1e7983eae5351038544d4fb2a36b962753425252 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -19,7 +19,7 @@
</ul>
<?php endif; ?>
<?php if(!$_['secureRNG']): ?>
- <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+ <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7; border-style:solid; border-radius: 5px; border-width:1px; padding:0.5em;">
<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
<span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span>
<br/>
@@ -27,7 +27,7 @@
</fieldset>
<?php endif; ?>
<?php if(!$_['htaccessWorking']): ?>
- <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+ <fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7; border-style:solid; border-radius: 5px; border-width:1px; padding:0.5em;">
<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
<span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span>
</fieldset>