extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-21 23:43:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

use filemanager UI as UI for sharing directories

Browse Source
This commit is contained in:
Ralf Becker 2014-11-18 12:55:32 +00:00
parent be66f13885
commit 5eeac7093c
11 changed files with 273 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etemplate/inc/class.etemplate_new.inc.php
View File

@ -206,9 +206,12 @@ class etemplate_new extends etemplate_widget_template
return; return;
} }
// let framework know, if we are a popup or not ('popup' not true, which is allways used by index.php!) // let framework know, if we are a popup or not ('popup' not true, which is allways used by index.php!)
$GLOBALS['egw_info']['flags']['nonavbar'] = $output_mode == 2 ? 'popup' : false; if (!isset($GLOBALS['egw_info']['flags']['nonavbar']) || is_bool($GLOBALS['egw_info']['flags']['nonavbar']))
{
$GLOBALS['egw_info']['flags']['nonavbar'] = $output_mode == 2 ? 'popup' : false;
}
echo $GLOBALS['egw']->framework->header(); echo $GLOBALS['egw']->framework->header();
if ($output_mode != 2) if ($output_mode != 2 && !$GLOBALS['egw_info']['flags']['nonavbar'])
{ {
parse_navbar(); parse_navbar();
} }

95
filemanager/inc/class.filemanager_ui.inc.php
View File

@ -5,7 +5,7 @@
* @link http://www.egroupware.org * @link http://www.egroupware.org
* @package filemanager * @package filemanager
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de> * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2008-13 by Ralf Becker <RalfBecker-AT-outdoor-training.de> * @copyright (c) 2008-14 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$ * @version $Id$
*/ */
@ -58,8 +58,8 @@ class filemanager_ui
egw_vfs::$is_root = true; egw_vfs::$is_root = true;
} }
self::init_views(); static::init_views();
self::$merge_prop_namespace = egw_vfs::DEFAULT_PROP_NAMESPACE.$GLOBALS['egw_info']['flags']['currentapp']; static::$merge_prop_namespace = egw_vfs::DEFAULT_PROP_NAMESPACE.$GLOBALS['egw_info']['flags']['currentapp'];
} }
/** /**
@ -69,21 +69,21 @@ class filemanager_ui
*/ */
public static function init_views() public static function init_views()
{ {
if (!self::$views_init) if (!static::$views_init)
{ {
// translate our labels // translate our labels
foreach(self::$views as $method => &$label) foreach(static::$views as &$label)
{ {
$label = lang($label); $label = lang($label);
} }
// search for plugins with additional filemanager views // search for plugins with additional filemanager views
foreach($GLOBALS['egw']->hooks->process('filemanager_views') as $app => $views) foreach($GLOBALS['egw']->hooks->process('filemanager_views') as $views)
{ {
if (is_array($views)) self::$views += $views; if (is_array($views)) static::$views += $views;
} }
self::$views_init = true; static::$views_init = true;
} }
return self::$views; return static::$views;
} }
/** /**
@ -98,10 +98,10 @@ class filemanager_ui
{ {
$view = $_GET['view']; $view = $_GET['view'];
} }
if (!isset(self::$views[$view])) if (!isset(static::$views[$view]))
{ {
reset(self::$views); reset(static::$views);
$view = key(self::$views); $view = key(static::$views);
} }
return $view; return $view;
} }
@ -224,7 +224,7 @@ class filemanager_ui
switch($scope) switch($scope)
{ {
case 'self': case 'self':
$props = egw_vfs::propfind($path, self::$merge_prop_namespace); $props = egw_vfs::propfind($path, static::$merge_prop_namespace);
$app = empty($props) ? null : $props[0]['val']; $app = empty($props) ? null : $props[0]['val'];
break; break;
case 'parents': case 'parents':
@ -232,7 +232,7 @@ class filemanager_ui
$currentpath = $path; $currentpath = $path;
while($dir = egw_vfs::dirname($currentpath)) while($dir = egw_vfs::dirname($currentpath))
{ {
$props = egw_vfs::propfind($dir, self::$merge_prop_namespace); $props = egw_vfs::propfind($dir, static::$merge_prop_namespace);
if(!empty($props)) if(!empty($props))
{ {
// found prop in parent directory // found prop in parent directory
@ -274,7 +274,7 @@ class filemanager_ui
'default_cols' => '!comment,ctime', // I columns to use if there's no user or default pref (! as first char uses all but the named columns), default all columns 'default_cols' => '!comment,ctime', // I columns to use if there's no user or default pref (! as first char uses all but the named columns), default all columns
'csv_fields' => false, // I false=disable csv export, true or unset=enable it with auto-detected fieldnames, 'csv_fields' => false, // I false=disable csv export, true or unset=enable it with auto-detected fieldnames,
//or array with name=>label or name=>array('label'=>label,'type'=>type) pairs (type is a eT widget-type) //or array with name=>label or name=>array('label'=>label,'type'=>type) pairs (type is a eT widget-type)
'actions' => self::get_actions(), 'actions' => static::get_actions(),
'row_id' => 'path', 'row_id' => 'path',
'row_modified' => 'mtime', 'row_modified' => 'mtime',
'parent_id' => 'dir', 'parent_id' => 'dir',
@ -284,9 +284,9 @@ class filemanager_ui
'favorites' => true, 'favorites' => true,
'placeholder_actions' => array('file_drop_mail','file_drop_move','file_drop_copy','file_drop_symlink') 'placeholder_actions' => array('file_drop_mail','file_drop_move','file_drop_copy','file_drop_symlink')
); );
$content['nm']['path'] = self::get_home_dir(); $content['nm']['path'] = static::get_home_dir();
} }
$content['nm']['home_dir'] = self::get_home_dir(); $content['nm']['home_dir'] = static::get_home_dir();
if (isset($_GET['msg'])) $msg = $_GET['msg']; if (isset($_GET['msg'])) $msg = $_GET['msg'];
@ -303,7 +303,7 @@ class filemanager_ui
$path = egw_vfs::dirname($content['nm']['path']); $path = egw_vfs::dirname($content['nm']['path']);
break; break;
case '~': case '~':
$path = self::get_home_dir(); $path = static::get_home_dir();
break; break;
} }
if ($path[0] == '/' && egw_vfs::stat($path,true) && egw_vfs::is_dir($path) && egw_vfs::check_access($path,egw_vfs::READABLE)) if ($path[0] == '/' && egw_vfs::stat($path,true) && egw_vfs::is_dir($path) && egw_vfs::check_access($path,egw_vfs::READABLE))
@ -320,7 +320,7 @@ class filemanager_ui
if (!$content['nm']['filter']) $content['nm']['filter'] = ''; if (!$content['nm']['filter']) $content['nm']['filter'] = '';
} }
} }
$view = self::get_view(); $view = static::get_view();
if (strpos($view,'::') !== false && version_compare(PHP_VERSION,'5.3.0','<')) if (strpos($view,'::') !== false && version_compare(PHP_VERSION,'5.3.0','<'))
{ {
@ -375,7 +375,7 @@ class filemanager_ui
{ {
if ($content['nm']['action']) if ($content['nm']['action'])
{ {
$msg = self::action($content['nm']['action'],$content['nm']['selected'],$content['nm']['path']); $msg = static::action($content['nm']['action'],$content['nm']['selected'],$content['nm']['path']);
if($msg) egw_framework::message($msg); if($msg) egw_framework::message($msg);
// clean up after action // clean up after action
@ -389,7 +389,7 @@ class filemanager_ui
} }
elseif($content['nm']['rows']['delete']) elseif($content['nm']['rows']['delete'])
{ {
$msg = self::action('delete',array_keys($content['nm']['rows']['delete']),$content['nm']['path']); $msg = static::action('delete',array_keys($content['nm']['rows']['delete']),$content['nm']['path']);
if($msg) egw_framework::message($msg); if($msg) egw_framework::message($msg);
// clean up after action // clean up after action
@ -483,6 +483,10 @@ class filemanager_ui
{ {
$start = $path; $start = $path;
} }
elseif (!egw_vfs::is_dir($start) && egw_vfs::check_access($start, egw_vfs::READABLE))
{
$start = '/';
}
return $start; return $start;
} }
@ -511,7 +515,7 @@ class filemanager_ui
throw new egw_exception_assertion_failed('Implemented on clientside!'); throw new egw_exception_assertion_failed('Implemented on clientside!');
case 'delete': case 'delete':
return self::do_delete($selected,$errs,$files,$dirs); return static::do_delete($selected,$errs,$files,$dirs);
case 'copy': case 'copy':
foreach($selected as $path) foreach($selected as $path)
@ -650,7 +654,7 @@ class filemanager_ui
$document_merge = new filemanager_merge(egw_vfs::decodePath($dir)); $document_merge = new filemanager_merge(egw_vfs::decodePath($dir));
$msg = $document_merge->download($settings, $selected, '', $GLOBALS['egw_info']['user']['preferences']['filemanager']['document_dir']); $msg = $document_merge->download($settings, $selected, '', $GLOBALS['egw_info']['user']['preferences']['filemanager']['document_dir']);
if($msg) return $msg; if($msg) return $msg;
$failed = count($selected); $errs = count($selected);
return false; return false;
} }
} }
@ -732,9 +736,8 @@ class filemanager_ui
* *
* @param array $query * @param array $query
* @param array &$rows * @param array &$rows
* @param array &$readonlys
*/ */
function get_rows($query,&$rows,&$readonlys) function get_rows($query, &$rows)
{ {
// show projectmanager sidebox for projectmanager path // show projectmanager sidebox for projectmanager path
if (substr($query['path'],0,20) == '/apps/projectmanager' && isset($GLOBALS['egw_info']['user']['apps']['projectmanager'])) if (substr($query['path'],0,20) == '/apps/projectmanager' && isset($GLOBALS['egw_info']['user']['apps']['projectmanager']))
@ -746,7 +749,7 @@ class filemanager_ui
{ {
egw_session::appsession('index','filemanager',$query); egw_session::appsession('index','filemanager',$query);
} }
if(!$query['path']) $query['path'] = self::get_home_dir(); if(!$query['path']) $query['path'] = static::get_home_dir();
// be tolerant with (in previous versions) not correct urlencoded pathes // be tolerant with (in previous versions) not correct urlencoded pathes
if (!egw_vfs::stat($query['path'],true) && egw_vfs::stat(urldecode($query['path']))) if (!egw_vfs::stat($query['path'],true) && egw_vfs::stat(urldecode($query['path'])))
@ -755,13 +758,19 @@ class filemanager_ui
} }
if (!egw_vfs::stat($query['path'],true) || !egw_vfs::is_dir($query['path']) || !egw_vfs::check_access($query['path'],egw_vfs::READABLE)) if (!egw_vfs::stat($query['path'],true) || !egw_vfs::is_dir($query['path']) || !egw_vfs::check_access($query['path'],egw_vfs::READABLE))
{ {
// we will leave here, since we are not allowed, or the location does not exist. Index must handle that, and give // only redirect, if it would be to some other location, gives redirect-loop otherwise
// an appropriate message if ($query['path'] != ($path = static::get_home_dir()))
egw::redirect_link('/index.php',array('menuaction'=>'filemanager.filemanager_ui.index', {
'path' => self::get_home_dir(), // we will leave here, since we are not allowed, or the location does not exist. Index must handle that, and give
'msg' => lang('The requested path %1 is not available.',egw_vfs::decodePath($query['path'])), // an appropriate message
'ajax' => 'true' egw::redirect_link('/index.php',array('menuaction'=>'filemanager.filemanager_ui.index',
)); 'path' => $path,
'msg' => lang('The requested path %1 is not available.',egw_vfs::decodePath($query['path'])),
'ajax' => 'true'
));
}
$rows = array();
return 0;
} }
$rows = $dir_is_writable = array(); $rows = $dir_is_writable = array();
if($query['searchletter'] && !empty($query['search'])) if($query['searchletter'] && !empty($query['search']))
@ -787,6 +796,7 @@ class filemanager_ui
$maxdepth = $filter && $filter != 4 ? (int)(boolean)$filter : null; $maxdepth = $filter && $filter != 4 ? (int)(boolean)$filter : null;
if($filter == 5) $maxdepth = 2; if($filter == 5) $maxdepth = 2;
$n = 0;
foreach(egw_vfs::find(!empty($query['col_filter']['dir']) ? $query['col_filter']['dir'] : $query['path'],array( foreach(egw_vfs::find(!empty($query['col_filter']['dir']) ? $query['col_filter']['dir'] : $query['path'],array(
'mindepth' => 1, 'mindepth' => 1,
'maxdepth' => $maxdepth, 'maxdepth' => $maxdepth,
@ -946,6 +956,7 @@ class filemanager_ui
if (in_array($button,array('save','apply'))) if (in_array($button,array('save','apply')))
{ {
$props = array(); $props = array();
$perm_changed = $perm_failed = 0;
foreach($content['old'] as $name => $old_value) foreach($content['old'] as $name => $old_value)
{ {
if (isset($content[$name]) && ($old_value != $content[$name] || if (isset($content[$name]) && ($old_value != $content[$name] ||
@ -989,7 +1000,7 @@ class filemanager_ui
{ {
$mergeprop = array( $mergeprop = array(
array( array(
'ns' => self::$merge_prop_namespace, 'ns' => static::$merge_prop_namespace,
'name' => 'mergeapp', 'name' => 'mergeapp',
'val' => (!empty($content[$name]) ? $content[$name] : null), 'val' => (!empty($content[$name]) ? $content[$name] : null),
), ),
@ -1008,7 +1019,7 @@ class filemanager_ui
{ {
static $name2cmd = array('uid' => 'chown','gid' => 'chgrp','perms' => 'chmod'); static $name2cmd = array('uid' => 'chown','gid' => 'chgrp','perms' => 'chmod');
$cmd = array('egw_vfs',$name2cmd[$name]); $cmd = array('egw_vfs',$name2cmd[$name]);
$value = $name == 'perms' ? self::perms2mode($content['perms']) : $content[$name]; $value = $name == 'perms' ? static::perms2mode($content['perms']) : $content[$name];
if ($content['modify_subs']) if ($content['modify_subs'])
{ {
if ($name == 'perms') if ($name == 'perms')
@ -1076,7 +1087,7 @@ class filemanager_ui
if ($content['eacl']['delete']) if ($content['eacl']['delete'])
{ {
list($ino_owner) = each($content['eacl']['delete']); list($ino_owner) = each($content['eacl']['delete']);
list($ino,$owner) = explode('-',$ino_owner,2); // $owner is a group and starts with a minus! list(, $owner) = explode('-',$ino_owner,2); // $owner is a group and starts with a minus!
$msg .= egw_vfs::eacl($path,null,$owner) ? lang('ACL deleted.') : lang('Error deleting the ACL entry!'); $msg .= egw_vfs::eacl($path,null,$owner) ? lang('ACL deleted.') : lang('Error deleting the ACL entry!');
} }
elseif ($button == 'eacl') elseif ($button == 'eacl')
@ -1165,8 +1176,8 @@ class filemanager_ui
} }
// mergeapp // mergeapp
$content['mergeapp'] = self::get_mergeapp($path, 'self'); $content['mergeapp'] = static::get_mergeapp($path, 'self');
$content['mergeapp_parent'] = self::get_mergeapp($path, 'parents'); $content['mergeapp_parent'] = static::get_mergeapp($path, 'parents');
if(!empty($content['mergeapp'])) if(!empty($content['mergeapp']))
{ {
$content['mergeapp_effective'] = $content['mergeapp']; $content['mergeapp_effective'] = $content['mergeapp'];
@ -1225,7 +1236,7 @@ class filemanager_ui
$tpl->setElementAttribute('tabs', 'add_tabs', true); $tpl->setElementAttribute('tabs', 'add_tabs', true);
$tabs =& $tpl->getElementAttribute('tabs','tabs'); $tabs =& $tpl->getElementAttribute('tabs','tabs');
$tabs = array(); if (true) $tabs = array();
foreach(isset($extra_tabs[0]) ? $extra_tabs : array($extra_tabs) as $extra_tab) foreach(isset($extra_tabs[0]) ? $extra_tabs : array($extra_tabs) as $extra_tab)
{ {
@ -1259,7 +1270,7 @@ class filemanager_ui
* @param string $action eg. 'delete', ... * @param string $action eg. 'delete', ...
* @param array $selected selected path(s) * @param array $selected selected path(s)
* @param string $dir=null current directory * @param string $dir=null current directory
* @see self::action() * @see static::action()
*/ */
public static function ajax_action($action, $selected, $dir=null, $props=null) public static function ajax_action($action, $selected, $dir=null, $props=null)
{ {
@ -1344,7 +1355,7 @@ class filemanager_ui
// Upload, then link // Upload, then link
case 'link': case 'link':
// First upload // First upload
$arr = self::ajax_action('upload', $selected, $dir, $props); $arr = static::ajax_action('upload', $selected, $dir, $props);
$app_dir = egw_link::vfs_path($props['entry']['app'],$props['entry']['id'],'',true); $app_dir = egw_link::vfs_path($props['entry']['app'],$props['entry']['id'],'',true);
foreach($arr['uploaded'] as $file) foreach($arr['uploaded'] as $file)
@ -1361,7 +1372,7 @@ class filemanager_ui
return; return;
default: default:
$arr['msg'] = self::action($action, $selected, $dir, $arr['errs'], $arr['dirs'], $arr['files']); $arr['msg'] = static::action($action, $selected, $dir, $arr['errs'], $arr['dirs'], $arr['files']);
} }
$response->data($arr); $response->data($arr);
//error_log(__METHOD__."('$action',".array2string($selected).') returning '.array2string($arr)); //error_log(__METHOD__."('$action',".array2string($selected).') returning '.array2string($arr));

24
phpgwapi/inc/class.egw.inc.php
View File

@ -344,6 +344,10 @@ class egw extends egw_minimal
* Verify the user has rights for the requested app * Verify the user has rights for the requested app
* *
* If the user has no rights for the app (eg. called via URL) he get a permission denied page (this function does NOT return) * If the user has no rights for the app (eg. called via URL) he get a permission denied page (this function does NOT return)
*
* @throws egw_exception_redirect for anonymous user accessing something he has no rights to
* @throws egw_exception_no_permission_admin
* @throws egw_exception_no_permission_app
*/ */
function check_app_rights() function check_app_rights()
{ {
@ -358,7 +362,7 @@ class egw extends egw_minimal
// present a login page, if anon user has no right for an application // present a login page, if anon user has no right for an application
if ($this->session->session_flags == 'A') if ($this->session->session_flags == 'A')
{ {
egw::redirect_link('/logout.php'); throw new egw_exception_redirect('/logout.php');
} }
if ($currentapp == 'admin' || $GLOBALS['egw_info']['flags']['admin_only']) if ($currentapp == 'admin' || $GLOBALS['egw_info']['flags']['admin_only'])
{ {
@ -440,9 +444,9 @@ class egw extends egw_minimal
/** /**
* Link url generator * Link url generator
* *
* @param string $string The url the link is for * @param string $url url link is for
* @param string|array $extravars='' Extra params to be passed to the url * @param string|array $extravars ='' extra params to be added to url
* @param string $link_app=null if appname or true, some templates generate a special link-handler url * @param string $link_app =null if appname or true, some templates generate a special link-handler url
* @return string The full url after processing * @return string The full url after processing
*/ */
static function link($url, $extravars = '', $link_app=null) static function link($url, $extravars = '', $link_app=null)
@ -453,9 +457,9 @@ class egw extends egw_minimal
/** /**
* Redirects direct to a generated link * Redirects direct to a generated link
* *
* @param string $string The url the link is for * @param string $url url link is for
* @param string/array $extravars Extra params to be passed to the url * @param string|array $extravars ='' extra params to be added to url
* @param string $link_app=null if appname or true, some templates generate a special link-handler url * @param string $link_app =null if appname or true, some templates generate a special link-handler url
* @return string The full url after processing * @return string The full url after processing
*/ */
static function redirect_link($url, $extravars='', $link_app=null) static function redirect_link($url, $extravars='', $link_app=null)
@ -468,8 +472,8 @@ class egw extends egw_minimal
* *
* This function handles redirects under iis and apache it assumes that $phpgw->link() has already been called * This function handles redirects under iis and apache it assumes that $phpgw->link() has already been called
* *
* @param string The url ro redirect to * @param string $url url to redirect to
* @param string $link_app=null appname to redirect for, default currentapp * @param string $link_app =null appname to redirect for, default currentapp
*/ */
static function redirect($url, $link_app=null) static function redirect($url, $link_app=null)
{ {
@ -547,7 +551,7 @@ class egw extends egw_minimal
* garanties to run AFTER output send to user. * garanties to run AFTER output send to user.
* *
* @param callable $callback use array($classname, $method) for static methods * @param callable $callback use array($classname, $method) for static methods
* @param array $args=array() * @param array $args =array()
*/ */
public static function on_shutdown($callback, array $args=array()) public static function on_shutdown($callback, array $args=array())
{ {

12
phpgwapi/inc/class.egw_digest_auth.inc.php
View File

@ -71,6 +71,7 @@ class egw_digest_auth
*/ */
static public function autocreate_session_callback(&$account) static public function autocreate_session_callback(&$account)
{ {
unset($account); // not used, but required by function signature
if (self::ERROR_LOG) if (self::ERROR_LOG)
{ {
$pw = self::ERROR_LOG > 1 ? $_SERVER['PHP_AUTH_PW'] : '**********'; $pw = self::ERROR_LOG > 1 ? $_SERVER['PHP_AUTH_PW'] : '**********';
@ -109,7 +110,8 @@ class egw_digest_auth
$password = translation::convert($password, 'iso-8859-1'); $password = translation::convert($password, 'iso-8859-1');
//error_log(__METHOD__."() Fixed non-ascii password of user '$username' from '$_SERVER[PHP_AUTH_PW]' to '$password'"); //error_log(__METHOD__."() Fixed non-ascii password of user '$username' from '$_SERVER[PHP_AUTH_PW]' to '$password'");
} }
if (!isset($username) || !($sessionid = $GLOBALS['egw']->session->create($username, $password, 'text'))) // create session without session cookie (session->create(..., true), as we use pseudo sessionid from credentials
if (!isset($username) || !($sessionid = $GLOBALS['egw']->session->create($username, $password, 'text', true)))
{ {
// if the session class gives a reason why the login failed --> append it to the REALM // if the session class gives a reason why the login failed --> append it to the REALM
if ($GLOBALS['egw']->session->reason) $realm .= ': '.$GLOBALS['egw']->session->reason; if ($GLOBALS['egw']->session->reason) $realm .= ': '.$GLOBALS['egw']->session->reason;
@ -130,8 +132,8 @@ class egw_digest_auth
* If no user is given, check is NOT authoretive, as we can only check if cleartext passwords are generally used * If no user is given, check is NOT authoretive, as we can only check if cleartext passwords are generally used
* *
* @param string $realm * @param string $realm
* @param string $username=null username or null to only check if we auth agains sql and use plaintext passwords * @param string $username =null username or null to only check if we auth agains sql and use plaintext passwords
* @param string &$user_pw=null stored cleartext password, if $username given AND function returns true * @param string &$user_pw =null stored cleartext password, if $username given AND function returns true
* @return boolean true if digest auth is available, false otherwise * @return boolean true if digest auth is available, false otherwise
*/ */
static public function digest_auth_available($realm,$username=null,&$user_pw=null) static public function digest_auth_available($realm,$username=null,&$user_pw=null)
@ -181,7 +183,7 @@ class egw_digest_auth
* Check digest * Check digest
* *
* @param string $realm * @param string $realm
* @param string $auth_digest=null default to $_SERVER['PHP_AUTH_DIGEST'] * @param string $auth_digest =null default to $_SERVER['PHP_AUTH_DIGEST']
* @param string &$username on return username * @param string &$username on return username
* @param string &$password on return cleartext password * @param string &$password on return cleartext password
* @return boolean true if digest is correct, false otherwise * @return boolean true if digest is correct, false otherwise
@ -215,6 +217,7 @@ class egw_digest_auth
*/ */
static private function get_digest_A1($realm,$username,&$password=null) static private function get_digest_A1($realm,$username,&$password=null)
{ {
$user_pw = null;
if (empty($username) || empty($realm) || !self::digest_auth_available($realm,$username,$user_pw)) if (empty($username) || empty($realm) || !self::digest_auth_available($realm,$username,$user_pw))
{ {
return false; return false;
@ -236,6 +239,7 @@ class egw_digest_auth
$data = array(); $data = array();
$keys = implode('|', array_keys($needed_parts)); $keys = implode('|', array_keys($needed_parts));
$matches = null;
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
foreach ($matches as $m) foreach ($matches as $m)

4
phpgwapi/inc/class.egw_framework.inc.php
View File

@ -2068,9 +2068,7 @@ abstract class egw_framework
// generate jdots bundle, if installed // generate jdots bundle, if installed
if (file_exists(EGW_SERVER_ROOT.'/jdots')) if (file_exists(EGW_SERVER_ROOT.'/jdots'))
{ {
$inc_mgr->include_js_file('/jdots/js/egw_fw.js'); $inc_mgr->include_js_file('/jdots/js/fw_jdots.js');
$inc_mgr->include_js_file('/jdots/js/egw_fw_ui.js');
$inc_mgr->include_js_file('/jdots/js/egw_fw_classes.js');
$bundles['jdots'] = array_diff($inc_mgr->get_included_files(), call_user_func_array('array_merge', $bundles)); $bundles['jdots'] = array_diff($inc_mgr->get_included_files(), call_user_func_array('array_merge', $bundles));
self::bundle_urls($bundles['jdots'], $jdots_max_mod); self::bundle_urls($bundles['jdots'], $jdots_max_mod);
} }

111
phpgwapi/inc/class.egw_session.inc.php
View File

@ -169,7 +169,7 @@ class egw_session
/** /**
* Constructor just loads up some defaults from cookies * Constructor just loads up some defaults from cookies
* *
* @param array $domain_names=null domain-names used in this install * @param array $domain_names =null domain-names used in this install
*/ */
function __construct(array $domain_names=null) function __construct(array $domain_names=null)
{ {
@ -323,8 +323,8 @@ class egw_session
* *
* @param array &$arr * @param array &$arr
* @param string $label * @param string $label
* @param boolean $recursion=true if true call itself for every item > $limit * @param boolean $recursion =true if true call itself for every item > $limit
* @param int $limit=1000 log only differences > $limit * @param int $limit =1000 log only differences > $limit
*/ */
static function log_session_usage(&$arr,$label,$recursion=true,$limit=1000) static function log_session_usage(&$arr,$label,$recursion=true,$limit=1000)
{ {
@ -375,8 +375,8 @@ class egw_session
* *
* @param string $kp3 mcrypt key transported via cookie or get parameter like the session id, * @param string $kp3 mcrypt key transported via cookie or get parameter like the session id,
* unlike the session id it's not know on the server, so only the client-request can decrypt the session! * unlike the session id it's not know on the server, so only the client-request can decrypt the session!
* @param string $algo=self::MCRYPT_ALGO * @param string $algo =self::MCRYPT_ALGO
* @param string $mode=self::MCRYPT_MODE * @param string $mode =self::MCRYPT_MODE
* @return boolean true if encryption is used, false otherwise * @return boolean true if encryption is used, false otherwise
*/ */
static private function init_crypt($kp3,$algo=self::MCRYPT_ALGO,$mode=self::MCRYPT_MODE) static private function init_crypt($kp3,$algo=self::MCRYPT_ALGO,$mode=self::MCRYPT_MODE)
@ -420,8 +420,8 @@ class egw_session
* @param string $login user login * @param string $login user login
* @param string $passwd user password * @param string $passwd user password
* @param string $passwd_type type of password being used, ie plaintext, md5, sha1 * @param string $passwd_type type of password being used, ie plaintext, md5, sha1
* @param boolean $no_session_needed=false dont create a real session, eg. for GroupDAV clients using only basic auth, no cookie support * @param boolean $no_session =false dont create a real session, eg. for GroupDAV clients using only basic auth, no cookie support
* @param boolean $auth_check=true if false, the user is loged in without checking his password (eg. for single sign on), default = true * @param boolean $auth_check =true if false, the user is loged in without checking his password (eg. for single sign on), default = true
* @return string session id * @return string session id
*/ */
function create($login,$passwd = '',$passwd_type = '',$no_session=false,$auth_check=true) function create($login,$passwd = '',$passwd_type = '',$no_session=false,$auth_check=true)
@ -520,11 +520,10 @@ class egw_session
$GLOBALS['egw_info']['user']['account_id'] = $this->account_id; $GLOBALS['egw_info']['user']['account_id'] = $this->account_id;
$GLOBALS['egw']->accounts->accounts($this->account_id); $GLOBALS['egw']->accounts->accounts($this->account_id);
// for WebDAV and GroupDAV we use a pseudo sessionid created from md5(user:passwd) // for *DAV and eSync we use a pseudo sessionid created from md5(user:passwd)
// --> allows this stateless protocolls which use basic auth to use sessions! // --> allows this stateless protocolls which use basic auth to use sessions!
if (($this->sessionid = self::get_sessionid(true))) if (($this->sessionid = self::get_sessionid(true)))
{ {
$no_session = true; // no need to set cookie
session_id($this->sessionid); session_id($this->sessionid);
} }
else else
@ -572,7 +571,7 @@ class egw_session
'user_ip' => $user_ip, 'user_ip' => $user_ip,
),'',true))) // true = run hooks from all apps, not just the ones the current user has perms to run ),'',true))) // true = run hooks from all apps, not just the ones the current user has perms to run
{ {
foreach($hook_result as $app => $reason) foreach($hook_result as $reason)
{ {
if ($reason) // called hook requests to deny the session if ($reason) // called hook requests to deny the session
{ {
@ -649,9 +648,9 @@ class egw_session
* Write or update (for logout) the access_log * Write or update (for logout) the access_log
* *
* @param string|int $sessionid nummeric or PHP session id or 0 for unsuccessful logins * @param string|int $sessionid nummeric or PHP session id or 0 for unsuccessful logins
* @param string $login='' account_lid (evtl. with domain) or '' for setting the logout-time * @param string $login ='' account_lid (evtl. with domain) or '' for setting the logout-time
* @param string $user_ip='' ip to log * @param string $user_ip ='' ip to log
* @param int $account_id=0 numerical account_id * @param int $account_id =0 numerical account_id
* @return int $sessionid primary key of egw_access_log for login, null otherwise * @return int $sessionid primary key of egw_access_log for login, null otherwise
*/ */
private function log_access($sessionid,$login='',$user_ip='',$account_id=0) private function log_access($sessionid,$login='',$user_ip='',$account_id=0)
@ -708,7 +707,6 @@ class egw_session
*/ */
private function login_blocked($login,$ip) private function login_blocked($login,$ip)
{ {
$blocked = false;
$block_time = time() - $GLOBALS['egw_info']['server']['block_time'] * 60; $block_time = time() - $GLOBALS['egw_info']['server']['block_time'] * 60;
$false_id = $false_ip = 0; $false_id = $false_ip = 0;
@ -764,7 +762,7 @@ class egw_session
} }
catch(Exception $e) { catch(Exception $e) {
// ignore exception, but log it, to block the account and give a correct error-message to user // ignore exception, but log it, to block the account and give a correct error-message to user
error_log(__METHOD__."('$log', '$ip') ".$e->getMessage()); error_log(__METHOD__."('$login', '$ip') ".$e->getMessage());
} }
} }
// save time of mail, to not send to many mails // save time of mail, to not send to many mails
@ -776,10 +774,19 @@ class egw_session
return $blocked; return $blocked;
} }
/**
* Basename of scripts for which we create a pseudo session-id based on user-credentials
*
* @var array
*/
static $pseudo_session_scripts = array(
'webdav.php', 'groupdav.php', 'remote.php', 'share.php'
);
/** /**
* Get the sessionid from Cookie, Get-Parameter or basic auth * Get the sessionid from Cookie, Get-Parameter or basic auth
* *
* @param boolean $only_basic_auth=false return only a basic auth pseudo sessionid, default no * @param boolean $only_basic_auth =false return only a basic auth pseudo sessionid, default no
* @return string * @return string
*/ */
static function get_sessionid($only_basic_auth=false) static function get_sessionid($only_basic_auth=false)
@ -787,7 +794,7 @@ class egw_session
// for WebDAV and GroupDAV we use a pseudo sessionid created from md5(user:passwd) // for WebDAV and GroupDAV we use a pseudo sessionid created from md5(user:passwd)
// --> allows this stateless protocolls which use basic auth to use sessions! // --> allows this stateless protocolls which use basic auth to use sessions!
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) &&
(in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php','remote.php')) || (in_array(basename($_SERVER['SCRIPT_NAME']), self::$pseudo_session_scripts) ||
$_SERVER['SCRIPT_NAME'] === '/Microsoft-Server-ActiveSync')) $_SERVER['SCRIPT_NAME'] === '/Microsoft-Server-ActiveSync'))
{ {
// we generate a pseudo-sessionid from the basic auth credentials // we generate a pseudo-sessionid from the basic auth credentials
@ -799,7 +806,7 @@ class egw_session
} }
// same for digest auth // same for digest auth
elseif (isset($_SERVER['PHP_AUTH_DIGEST']) && elseif (isset($_SERVER['PHP_AUTH_DIGEST']) &&
in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php','remote.php'))) in_array(basename($_SERVER['SCRIPT_NAME']), self::$pseudo_session_scripts))
{ {
// we generate a pseudo-sessionid from the digest username, realm and nounce // we generate a pseudo-sessionid from the digest username, realm and nounce
// can't use full $_SERVER['PHP_AUTH_DIGEST'], as it changes (contains eg. the url) // can't use full $_SERVER['PHP_AUTH_DIGEST'], as it changes (contains eg. the url)
@ -897,20 +904,6 @@ class egw_session
if($GLOBALS['egw_info']['user']['domain'] && $this->account_domain != $GLOBALS['egw_info']['user']['domain']) if($GLOBALS['egw_info']['user']['domain'] && $this->account_domain != $GLOBALS['egw_info']['user']['domain'])
{ {
return false; // session not verified, domain changed return false; // session not verified, domain changed
throw new Exception("Wrong domain! '$this->account_domain' != '{$GLOBALS['egw_info']['user']['domain']}'");
/* if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid','$kp3') account_domain='$this->account_domain' != '{$GLOBALS['egw_info']['user']['domain']}'=egw_info[user][domain]");
$GLOBALS['egw']->ADOdb = null;
$GLOBALS['egw_info']['user']['domain'] = $this->account_domain;
// reset the db
$GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$this->account_domain]['db_host'];
$GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$this->account_domain]['db_port'];
$GLOBALS['egw_info']['server']['db_name'] = $GLOBALS['egw_domain'][$this->account_domain]['db_name'];
$GLOBALS['egw_info']['server']['db_user'] = $GLOBALS['egw_domain'][$this->account_domain]['db_user'];
$GLOBALS['egw_info']['server']['db_pass'] = $GLOBALS['egw_domain'][$this->account_domain]['db_pass'];
$GLOBALS['egw_info']['server']['db_type'] = $GLOBALS['egw_domain'][$this->account_domain]['db_type'];
$GLOBALS['egw']->setup('',false);
*/
} }
$GLOBALS['egw_info']['user']['kp3'] = $this->kp3; $GLOBALS['egw_info']['user']['kp3'] = $this->kp3;
@ -1022,7 +1015,7 @@ class egw_session
} }
$this->log_access($sessionid); // log logout-time $this->log_access($sessionid); // log logout-time
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($sessionid,$kp3) parent::destroy()=$ret"); if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($sessionid,$kp3)");
if (is_numeric($sessionid)) // do we have a access-log-id --> get PHP session id if (is_numeric($sessionid)) // do we have a access-log-id --> get PHP session id
{ {
@ -1127,7 +1120,7 @@ class egw_session
} }
// check if the url already contains a query and ensure that vars is an array and all strings are in extravars // check if the url already contains a query and ensure that vars is an array and all strings are in extravars
list($url,$othervars) = explode('?',$url,2); list($ret_url,$othervars) = explode('?', $url, 2);
if ($extravars && is_array($extravars)) if ($extravars && is_array($extravars))
{ {
$vars += $extravars; $vars += $extravars;
@ -1174,18 +1167,17 @@ class egw_session
$query[] = $key.'='.urlencode($value); $query[] = $key.'='.urlencode($value);
} }
} }
$url .= '?' . implode('&',$query); $ret_url .= '?' . implode('&',$query);
} }
//echo " = '$url'</p>\n"; return $ret_url;
return $url;
} }
/** /**
* Stores or retrieve applications data in/form the eGW session * Stores or retrieve applications data in/form the eGW session
* *
* @param string $location free lable to store the data * @param string $location free lable to store the data
* @param string $appname='' default current application (egw_info[flags][currentapp]) * @param string $appname ='' default current application (egw_info[flags][currentapp])
* @param mixed $data='##NOTHING##' if given, data to store, if not specified * @param mixed $data ='##NOTHING##' if given, data to store, if not specified
* @deprecated use egw_cache::setSession($appname, $location, $data) or egw_cache::getSession($appname, $location) * @deprecated use egw_cache::setSession($appname, $location, $data) or egw_cache::getSession($appname, $location)
* @return mixed session data or false if no data stored for $appname/$location * @return mixed session data or false if no data stored for $appname/$location
*/ */
@ -1255,9 +1247,9 @@ class egw_session
* Set a cookie with eGW's cookie-domain and -path settings * Set a cookie with eGW's cookie-domain and -path settings
* *
* @param string $cookiename name of cookie to be set * @param string $cookiename name of cookie to be set
* @param string $cookievalue='' value to be used, if unset cookie is cleared (optional) * @param string $cookievalue ='' value to be used, if unset cookie is cleared (optional)
* @param int $cookietime=0 when cookie should expire, 0 for session only (optional) * @param int $cookietime =0 when cookie should expire, 0 for session only (optional)
* @param string $cookiepath=null optional path (eg. '/') if the eGW install-dir should not be used * @param string $cookiepath =null optional path (eg. '/') if the eGW install-dir should not be used
*/ */
public static function egw_setcookie($cookiename,$cookievalue='',$cookietime=0,$cookiepath=null) public static function egw_setcookie($cookiename,$cookievalue='',$cookietime=0,$cookiepath=null)
{ {
@ -1269,12 +1261,11 @@ class egw_session
if(!headers_sent()) // gives only a warning, but can not send the cookie anyway if(!headers_sent()) // gives only a warning, but can not send the cookie anyway
{ {
$rv = setcookie($cookiename,$cookievalue,$cookietime, setcookie($cookiename,$cookievalue,$cookietime,
is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain, is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain,
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true) // if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
empty($GLOBALS['egw_info']['server']['insecure_cookies']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true); empty($GLOBALS['egw_info']['server']['insecure_cookies']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true);
} }
//error_log(__METHOD__." $cookiename->$cookievalue".' returned:'.print_r($rv,true).print_r($_COOKIE,true));
} }
/** /**
@ -1293,6 +1284,7 @@ class egw_session
self::$cookie_domain = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST']; self::$cookie_domain = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
} }
// remove port from HTTP_HOST // remove port from HTTP_HOST
$arr = null;
if (preg_match("/^(.*):(.*)$/",self::$cookie_domain,$arr)) if (preg_match("/^(.*):(.*)$/",self::$cookie_domain,$arr))
{ {
self::$cookie_domain = $arr[1]; self::$cookie_domain = $arr[1];
@ -1305,11 +1297,11 @@ class egw_session
if (!$GLOBALS['egw_info']['server']['cookiepath'] || if (!$GLOBALS['egw_info']['server']['cookiepath'] ||
!(self::$cookie_path = parse_url($GLOBALS['egw_info']['server']['webserver_url'],PHP_URL_PATH))) !(self::$cookie_path = parse_url($GLOBALS['egw_info']['server']['webserver_url'],PHP_URL_PATH)))
{ {
self::$cookie_path = '/'; self::$cookie_path = '/';
} }
//echo "<p>cookie_path='self::$cookie_path', cookie_domain='self::$cookie_domain'</p>\n"; //echo "<p>cookie_path='self::$cookie_path', cookie_domain='self::$cookie_domain'</p>\n";
session_set_cookie_params(0, $path, $domain, session_set_cookie_params(0, self::$cookie_path, self::$cookie_domain,
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true) // if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
empty($GLOBALS['egw_info']['server']['insecure_cookies']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true); empty($GLOBALS['egw_info']['server']['insecure_cookies']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true);
} }
@ -1320,8 +1312,8 @@ class egw_session
* @param string $login on login $_POST['login'], $_SERVER['PHP_AUTH_USER'] or $_SERVER['REMOTE_USER'] * @param string $login on login $_POST['login'], $_SERVER['PHP_AUTH_USER'] or $_SERVER['REMOTE_USER']
* @param string $domain_requested usually self::get_request('domain') * @param string $domain_requested usually self::get_request('domain')
* @param string &$default_domain usually $default_domain get's set eg. by sitemgr * @param string &$default_domain usually $default_domain get's set eg. by sitemgr
* @param string|array $server_name usually array($_SERVER['HTTP_HOST'], $_SERVER['SERVER_NAME']) * @param string|array $server_names usually array($_SERVER['HTTP_HOST'], $_SERVER['SERVER_NAME'])
* @param array $domains=null defaults to $GLOBALS['egw_domain'] from the header * @param array $domains =null defaults to $GLOBALS['egw_domain'] from the header
* @return string $GLOBALS['egw_info']['user']['domain'] set with the domain/instance to use * @return string $GLOBALS['egw_info']['user']['domain'] set with the domain/instance to use
*/ */
public static function search_instance($login,$domain_requested,&$default_domain,$server_names,array $domains=null) public static function search_instance($login,$domain_requested,&$default_domain,$server_names,array $domains=null)
@ -1342,9 +1334,9 @@ class egw_session
} }
else else
{ {
$domain_part = explode('.',$server_name); $parts = explode('.', $server_name);
array_shift($domain_part); array_shift($parts);
$domain_part = implode('.',$domain_part); $domain_part = implode('.', $parts);
if(isset($domains[$domain_part])) if(isset($domains[$domain_part]))
{ {
$default_domain = $domain_part; $default_domain = $domain_part;
@ -1385,7 +1377,7 @@ class egw_session
/** /**
* Update session_action and session_dla (session last used time) * Update session_action and session_dla (session last used time)
* *
* @param boolean $update_access_log=true false: dont update egw_access_log table * @param boolean $update_access_log =true false: dont update egw_access_log table
* @return string action as written to egw_access_log.session_action * @return string action as written to egw_access_log.session_action
*/ */
private function update_dla($update_access_log=true) private function update_dla($update_access_log=true)
@ -1538,7 +1530,7 @@ class egw_session
* *
* @param string $user username * @param string $user username
* @param string $password password or md5 hash of password if $allow_password_md5 * @param string $password password or md5 hash of password if $allow_password_md5
* @param boolean $allow_password_md5=false can password alread be an md5 hash * @param boolean $allow_password_md5 =false can password alread be an md5 hash
* @return string * @return string
*/ */
static function user_pw_hash($user,$password,$allow_password_md5=false) static function user_pw_hash($user,$password,$allow_password_md5=false)
@ -1598,7 +1590,7 @@ class egw_session
* - true --> private caching by browser (no expires header) * - true --> private caching by browser (no expires header)
* - "public" or integer --> public caching with given cache_expire in minutes or php.ini default session_cache_expire * - "public" or integer --> public caching with given cache_expire in minutes or php.ini default session_cache_expire
* *
* @param int $expire=null expiration time in seconds, default $GLOBALS['egw_info']['flags']['nocachecontrol'] or php.ini session.cache_expire * @param int $expire =null expiration time in seconds, default $GLOBALS['egw_info']['flags']['nocachecontrol'] or php.ini session.cache_expire
*/ */
public static function cache_control($expire=null) public static function cache_control($expire=null)
{ {
@ -1635,6 +1627,7 @@ class egw_session
if ($expire && (session_cache_limiter() !== ($expire===true?'private_no_expire':'public') || if ($expire && (session_cache_limiter() !== ($expire===true?'private_no_expire':'public') ||
is_int($expire) && $expire/60 !== session_cache_expire())) is_int($expire) && $expire/60 !== session_cache_expire()))
{ {
$file = $line = null;
if (headers_sent($file, $line)) if (headers_sent($file, $line))
{ {
error_log(__METHOD__."($expire) called, but header already sent in $file: $line"); error_log(__METHOD__."($expire) called, but header already sent in $file: $line");
@ -1667,10 +1660,10 @@ class egw_session
* Get a session list (of the current instance) * Get a session list (of the current instance)
* *
* @param int $start * @param int $start
* @param string $sort='DESC' ASC or DESC * @param string $sort ='DESC' ASC or DESC
* @param string $order='session_dla' session_lid, session_id, session_started, session_logintime, session_action, or (default) session_dla * @param string $order ='session_dla' session_lid, session_id, session_started, session_logintime, session_action, or (default) session_dla
* @param boolean $all_no_sort=False skip sorting and limiting to maxmatchs if set to true * @param boolean $all_no_sort =False skip sorting and limiting to maxmatchs if set to true
* @param array $filter=array() extra filter for sessions * @param array $filter =array() extra filter for sessions
* @return array with sessions (values for keys as in $sort) * @return array with sessions (values for keys as in $sort)
*/ */
public static function session_list($start,$sort='DESC',$order='session_dla',$all_no_sort=False,array $filter=array()) public static function session_list($start,$sort='DESC',$order='session_dla',$all_no_sort=False,array $filter=array())
@ -1758,6 +1751,6 @@ class egw_session
*/ */
function delete_cache($accountid='') function delete_cache($accountid='')
{ {
unset($accountid); // not used, but required by function signature
} }
} }

138
phpgwapi/inc/class.egw_sharing.inc.php
View File

@ -15,6 +15,12 @@
* *
* Token generation uses openssl_random_pseudo_bytes, if available, otherwise * Token generation uses openssl_random_pseudo_bytes, if available, otherwise
* mt_rand based auth::randomstring is used. * mt_rand based auth::randomstring is used.
*
* @todo UI to create shares
* @todo handle existing user sessions eg. by mounting share under it's token into vfs and redirect to regular filemanager
* @todo handle mounts inside shared directory (they get currently lost)
* @todo handle absolute symlinks (wont work as we use share as root)
* @todo use sharing instead of attachments in mail app
*/ */
class egw_sharing class egw_sharing
{ {
@ -33,20 +39,31 @@ class egw_sharing
* *
* @var egw_db * @var egw_db
*/ */
protected $db; protected static $db;
/** /**
* Constructor * Share we are instanciated for
*
* @var array
*/ */
public function __construct() protected $share;
/**
* Protected constructor called via self::create_session
*
* @param string $token
* @param array $share
*/
protected function __construct(array $share)
{ {
$this->db = $GLOBALS['egw']->db; self::$db = $GLOBALS['egw']->db;
$this->share = $share;
} }
/** /**
* Server a request on a share specified in REQUEST_URI * Init sharing by setting PHP_AUTH_USER from token in url
*/ */
public function ServeRequest() public static function init()
{ {
// WebDAV has no concept of a query string and clients (including cadaver) // WebDAV has no concept of a query string and clients (including cadaver)
// seem to pass '?' unencoded, so we need to extract the path info out // seem to pass '?' unencoded, so we need to extract the path info out
@ -60,27 +77,62 @@ class egw_sharing
$path_info = substr($path_info, strlen($_SERVER['SCRIPT_NAME'])); $path_info = substr($path_info, strlen($_SERVER['SCRIPT_NAME']));
list(, $token/*, $path*/) = explode('/', $path_info, 3); list(, $token/*, $path*/) = explode('/', $path_info, 3);
if (empty($token) || !($share = $this->db->select(self::TABLE, '*', array( $_SERVER['PHP_AUTH_USER'] = $token;
if (!isset($_SERVER['PHP_AUTH_PW'])) $_SERVER['PHP_AUTH_PW'] = '';
return $token;
}
/**
* Create sharing session
*
* @return string with sessionid, does NOT return if no session created
*/
public static function create_session()
{
self::$db = $GLOBALS['egw']->db;
$token = $_SERVER['PHP_AUTH_USER'];
if (empty($token) || !($share = self::$db->select(self::TABLE, '*', array(
'share_token' => $token, 'share_token' => $token,
'(share_expires IS NULL OR share_expires > '.$this->db->quote(time(), 'date').')', '(share_expires IS NULL OR share_expires > '.self::$db->quote(time(), 'date').')',
), __LINE__, __FILE__)->fetch())) ), __LINE__, __FILE__)->fetch()) ||
!$GLOBALS['egw']->accounts->exists($share['share_owner']))
{ {
sleep(1); sleep(1);
$status = '404 Not Found'; $status = '404 Not Found';
header("HTTP/1.1 $status"); header("HTTP/1.1 $status");
header("X-WebDAV-Status: $status", true); header("X-WebDAV-Status: $status", true);
echo "Requested resource '".htmlspecialchars($path_info)."' does NOT exist!\n"; echo "Requested resource '/".htmlspecialchars($token)."' does NOT exist!\n";
common::egw_exit(); common::egw_exit();
} }
// ToDo: password check, if required
// create session without checking auth: create(..., false, false)
if (!($sessionid = $GLOBALS['egw']->session->create('anonymous', '', 'text', false, false)))
{
sleep(1);
$status = '500 Internal Server Error';
header("HTTP/1.1 $status");
header("X-WebDAV-Status: $status", true);
echo "Failed to create session: ".$GLOBALS['egw']->session->reason."\n";
common::egw_exit();
}
// only allow filemanager app
$GLOBALS['egw_info']['user']['apps'] = array(
'filemanager' => $GLOBALS['egw_info']['apps']['filemanager']
);
$share['resolve_url'] = egw_vfs::resolve_url($share['share_path']); $share['resolve_url'] = egw_vfs::resolve_url($share['share_path']);
// if share not writable append ro=1 to mount url to make it readonly // if share not writable append ro=1 to mount url to make it readonly
if (!$this->db->from_bool($share['share_writable'])) if (!self::$db->from_bool($share['share_writable']))
{ {
$share['resolve_url'] .= (strpos($share['resolve_url'], '?') ? '&' : '?').'ro=1'; $share['resolve_url'] .= (strpos($share['resolve_url'], '?') ? '&' : '?').'ro=1';
} }
//_debug_array($share); //_debug_array($share);
// arrange vfs to only contain shared url // arrange vfs to only contain shared url and use share-owner as user
egw_vfs::$is_root = true; egw_vfs::$is_root = true;
if (!egw_vfs::mount($share['resolve_url'], '/', false, false, true)) if (!egw_vfs::mount($share['resolve_url'], '/', false, false, true))
{ {
@ -88,17 +140,49 @@ class egw_sharing
$status = '404 Not Found'; $status = '404 Not Found';
header("HTTP/1.1 $status"); header("HTTP/1.1 $status");
header("X-WebDAV-Status: $status", true); header("X-WebDAV-Status: $status", true);
echo "Requested resource '".htmlspecialchars($path_info)."' does NOT exist!\n"; echo "Requested resource '/".htmlspecialchars($token)."' does NOT exist!\n";
common::egw_exit(); common::egw_exit();
} }
egw_vfs::$is_root = false; egw_vfs::$is_root = false;
egw_vfs::$user = $GLOBALS['egw_info']['user']['account_id'] = $share['share_owner']; // need to store new fstab and vfs_user in session to allow GET requests / downloads via WebDAV
$GLOBALS['egw_info']['server']['vfs_fstab'] = egw_vfs::mount();
$GLOBALS['egw_info']['user']['vfs_user'] = egw_vfs::$user = $share['share_owner'];
egw_vfs::clearstatcache(); egw_vfs::clearstatcache();
// ToDo: password and write protection
//$GLOBALS['egw']->session->commit_session(); // update accessed timestamp
$webdav_server = new vfs_webdav_server(); self::$db->update(self::TABLE, array(
$webdav_server->ServeRequest('/'.$token); 'share_last_accessed' => $share['share_last_accessed']=time(),
), array(
'share_id' => $share['share_id'],
), __LINE__, __FILE__);
// store sharing object in egw object and therefore in session
$GLOBALS['egw']->sharing = new egw_sharing($share);
return $sessionid;
}
/**
* Server a request on a share specified in REQUEST_URI
*/
public function ServeRequest()
{
// use pure WebDAV for everything but GET requests to directories
if (!egw_vfs::is_dir('/') || $_SERVER['REQUEST_METHOD'] != 'GET' ||
// or unsupported browsers like ie < 10
html::$user_agent == 'msie' && html::$ua_version < 10.0 ||
// or if no filemanager installed (WebDAV has own autoindex)
!file_exists(__DIR__.'/../../filemanager/inc/class.filemanager_ui.inc.php'))
{
//$GLOBALS['egw']->session->commit_session();
$webdav_server = new vfs_webdav_server();
$webdav_server->ServeRequest('/'.$this->share['share_token']);
return;
}
// run full eTemplate2 UI for directories
$_GET['path'] = '/';
$ui = new egw_sharing_filemanager();
$ui->index();
} }
/** /**
@ -115,4 +199,22 @@ class egw_sharing
return $token; return $token;
} }
}
if (file_exists(__DIR__.'/../../filemanager/inc/class.filemanager_ui.inc.php'))
{
require_once __DIR__.'/../../filemanager/inc/class.filemanager_ui.inc.php';
class egw_sharing_filemanager extends filemanager_ui
{
/**
* Get the configured start directory for the current user
*
* @return string
*/
static function get_home_dir()
{
return '/';
}
}
} }

4
phpgwapi/inc/class.egw_vfs.inc.php
View File

@ -1774,7 +1774,9 @@ class egw_vfs extends vfs_stream_wrapper
*/ */
static function init_static() static function init_static()
{ {
self::$user = (int) $GLOBALS['egw_info']['user']['account_id']; // if special user/vfs_user given (eg. from sharing) use it instead default user/account_id
self::$user = (int)(isset($GLOBALS['egw_info']['user']['vfs_user']) ?
$GLOBALS['egw_info']['user']['vfs_user'] : $GLOBALS['egw_info']['user']['account_id']);
self::$is_admin = isset($GLOBALS['egw_info']['user']['apps']['admin']); self::$is_admin = isset($GLOBALS['egw_info']['user']['apps']['admin']);
self::$db = isset($GLOBALS['egw_setup']->db) ? $GLOBALS['egw_setup']->db : $GLOBALS['egw']->db; self::$db = isset($GLOBALS['egw_setup']->db) ? $GLOBALS['egw_setup']->db : $GLOBALS['egw']->db;
self::$lock_cache = array(); self::$lock_cache = array();

2
phpgwapi/js/jsapi/egw_links.js
View File

@ -26,7 +26,7 @@ egw.extend('links', egw.MODULE_GLOBAL, function()
* *
* @access: private, use egw.open() or egw.set_link_registry() * @access: private, use egw.open() or egw.set_link_registry()
*/ */
var link_registry = null; var link_registry = undefined;
/** /**
* Local cache for link-titles * Local cache for link-titles

2
phpgwapi/lang.php
View File

@ -20,7 +20,7 @@ ini_set('zlib.output_compression', 0);
$GLOBALS['egw_info'] = array( $GLOBALS['egw_info'] = array(
'flags' => array( 'flags' => array(
'currentapp' => in_array($_GET['app'],array('etemplate','common','custom')) ? 'home' : $_GET['app'], 'currentapp' => 'home',
'noheader' => true, 'noheader' => true,
'load_translations' => false, // do not automatically load translations 'load_translations' => false, // do not automatically load translations
'nocachecontrol' => true, 'nocachecontrol' => true,

20
share.php
View File

@ -10,16 +10,26 @@
* @version $Id$ * @version $Id$
*/ */
require_once('./phpgwapi/inc/class.egw_sharing.inc.php');
// set PHP_AUTH_USER from token in URL, must be called before header include, to be able to verify session
egw_sharing::init();
$GLOBALS['egw_info'] = array( $GLOBALS['egw_info'] = array(
'flags' => array( 'flags' => array(
'disable_Template_class' => True, 'disable_Template_class' => true,
'noheader' => True, 'noheader' => true,
'currentapp' => 'login', 'nonavbar' => 'always', // true would cause eTemplate to reset it to false for non-popups!
'currentapp' => 'filemanager',
'autocreate_session_callback' => 'egw_sharing::create_session',
'no_exception_handler' => 'basic_auth', // we use a basic auth exception handler (sends exception message as basic auth realm) 'no_exception_handler' => 'basic_auth', // we use a basic auth exception handler (sends exception message as basic auth realm)
) )
); );
include('./header.inc.php'); include('./header.inc.php');
$sharing = new egw_sharing(); if (!$GLOBALS['egw']->sharing)
$sharing->ServeRequest(); {
egw_sharing::create_session();
}
$GLOBALS['egw']->sharing->ServeRequest();