Merge branch '1.8RC'

5 files changed, 59 insertions, 19 deletions

diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index da5af7659..121a9c3a1 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -73,10 +73,12 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 	protected $timezone = '';
 
 
+	public $module_disabled = false;
+
+
 	/**
 	 * @brief Validates a username and password.
 	 *
-	 * Guest access is granted with the password "+++".
 	 *
 	 * @see \Sabre\DAV\Auth\Backend\AbstractBasic::validateUserPass
 	 * @param string $username
@@ -92,7 +94,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 				intval($record['account_id']),
 				intval($record['account_default_channel'])
 			);
-			if ($r) {
+			if($r && $this->check_module_access($r[0]['channel_id'])) {
 				return $this->setAuthenticated($r[0]);
 			}
 		}
@@ -109,13 +111,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
 					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
 						logger('password verified for ' . $username);
-						return $this->setAuthenticated($r[0]);
+						if($this->check_module_access($r[0]['channel_id']))
+							return $this->setAuthenticated($r[0]);
 					}
 				}
 			}
 		}
 
-		$error = 'password failed for ' . $username;
+		if($this->module_disabled)
+			$error = 'module not enabled for ' . $username;
+		else
+			$error = 'password failed for ' . $username;
 		logger($error);
 		log_failed_login($error);
 
@@ -139,6 +145,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 		return true;
 	}
 
+	protected function check_module_access($channel_id) {
+		if($channel_id && \App::$module === 'cdav') {
+			$x = get_pconfig($channel_id,'cdav','enabled');
+			if(! $x) {
+				$this->module_disabled = true;
+				return false;
+			}
+		}
+		return true;
+	}
+
 	/**
 	 * Sets the channel_name from the currently logged-in channel.
 	 *
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php
index ca262b739..f875cbf33 100644
--- a/Zotlabs/Storage/Browser.php
+++ b/Zotlabs/Storage/Browser.php
@@ -246,14 +246,17 @@ class Browser extends DAV\Browser\Plugin {
 		\App::$page['content'] = $html;
 		load_pdl($a);
 
-		$theme_info_file = "view/theme/" . current_theme() . "/php/theme.php";
+		$current_theme = \Zotlabs\Render\Theme::current();
+
+		$theme_info_file = "view/theme/" . $current_theme[0] . "/php/theme.php";
 		if (file_exists($theme_info_file)){
 			require_once($theme_info_file);
-			if (function_exists(str_replace('-', '_', current_theme()) . '_init')) {
-				$func = str_replace('-', '_', current_theme()) . '_init';
+			if (function_exists(str_replace('-', '_', $current_theme[0]) . '_init')) {
+				$func = str_replace('-', '_', $current_theme[0]) . '_init';
 				$func($a);
 			}
 		}
+		$this->server->httpResponse->setHeader('Content-Security-Policy', "script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
 		construct_page($a);
 	}
 
diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php
index 3c0cff6ef..06ae90a5f 100644
--- a/Zotlabs/Storage/Directory.php
+++ b/Zotlabs/Storage/Directory.php
@@ -194,7 +194,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 	 * @return null|string ETag
 	 */
 	public function createFile($name, $data = null) {
-		logger($name, LOGGER_DEBUG);
+		logger('create file in directory ' . $name, LOGGER_DEBUG);
 
 		if (! $this->auth->owner_id) {
 			logger('permission denied ' . $name);
@@ -246,7 +246,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			$deny_gid = $c[0]['channel_deny_gid'];
 		}
 
-		$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
+		$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, content, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
 			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
 			intval($c[0]['channel_account_id']),
 			intval($c[0]['channel_id']),
@@ -358,7 +358,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 	 * @return void
 	 */
 	public function createDirectory($name) {
-		logger($name, LOGGER_DEBUG);
+		logger('create directory ' . $name, LOGGER_DEBUG);
 
 		if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) {
 			throw new DAV\Exception\Forbidden('Permission denied.');
@@ -372,7 +372,9 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			$result = attach_mkdir($r[0], $this->auth->observer, array('filename' => $name, 'folder' => $this->folder_hash));
 
 			if($result['success']) {
-				$sync = attach_export_data($r[0],$ret['data']['hash']);
+				$sync = attach_export_data($r[0],$result['data']['hash']);
+				logger('createDirectory: attach_export_data returns $sync:' . print_r($sync, true), LOGGER_DEBUG);
+
 				if($sync) {
 					build_sync_packet($r[0]['channel_id'],array('file' => array($sync)));
 				}
@@ -563,4 +565,4 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			$free
 		);
 	}
-}
\ No newline at end of file
+}
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php
index d40fee0ea..ecd15cc55 100644
--- a/Zotlabs/Storage/File.php
+++ b/Zotlabs/Storage/File.php
@@ -124,7 +124,7 @@ class File extends DAV\Node implements DAV\IFile {
 		);
 		if ($r) {
 			if (intval($r[0]['os_storage'])) {
-				$d = q("select folder, data from attach where hash = '%s' and uid = %d limit 1",
+				$d = q("select folder, content from attach where hash = '%s' and uid = %d limit 1",
 					dbesc($this->data['hash']),
 					intval($c[0]['channel_id'])
 				);
@@ -139,7 +139,7 @@ class File extends DAV\Node implements DAV\IFile {
 							$direct = $f1[0];
 						}
 					}	
-					$fname = dbunescbin($d[0]['data']);
+					$fname = dbunescbin($d[0]['content']);
 					if(strpos($fname,'store') === false)
 						$f = 'store/' . $this->auth->owner_nick . '/' . $fname ;
 					else
@@ -158,12 +158,12 @@ class File extends DAV\Node implements DAV\IFile {
 			} 
 			else {
 				// this shouldn't happen any more
-				$r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d",
+				$r = q("UPDATE attach SET content = '%s' WHERE hash = '%s' AND uid = %d",
 					dbescbin(stream_get_contents($data)),
 					dbesc($this->data['hash']),
 					intval($this->data['uid'])
 				);
-				$r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1",
+				$r = q("SELECT length(content) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1",
 					dbesc($this->data['hash']),
 					intval($this->data['uid'])
 				);
@@ -236,7 +236,7 @@ class File extends DAV\Node implements DAV\IFile {
 		logger('get file ' . basename($this->name), LOGGER_DEBUG);
 		logger('os_path: ' . $this->os_path, LOGGER_DATA);
 
-		$r = q("SELECT data, flags, os_storage, filename, filetype FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1",
+		$r = q("SELECT content, flags, os_storage, filename, filetype FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1",
 			dbesc($this->data['hash']),
 			intval($this->data['uid'])
 		);
@@ -250,14 +250,14 @@ class File extends DAV\Node implements DAV\IFile {
 			}
 
 			if (intval($r[0]['os_storage'])) {
-				$x = dbunescbin($r[0]['data']);
+				$x = dbunescbin($r[0]['content']);
 				if(strpos($x,'store') === false)
 					$f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $x;
 				else
 					$f = $x;
 				return fopen($f, 'rb');
 			}
-			return dbunescbin($r[0]['data']);
+			return dbunescbin($r[0]['content']);
 		}
 	}
 
diff --git a/Zotlabs/Storage/GitRepo.php b/Zotlabs/Storage/GitRepo.php
index 2a24e03c0..306abc0ba 100644
--- a/Zotlabs/Storage/GitRepo.php
+++ b/Zotlabs/Storage/GitRepo.php
@@ -75,6 +75,15 @@ class GitRepo {
 			}
 		}
 	}
+	
+	public function initRepo() {
+		if(!$this->path) return false;
+		try {
+			return $this->git->init($this->path);
+		} catch (\PHPGit\Exception\GitException $ex) {
+			return false;
+		}
+	}
 
 	public function pull() {
 		try {
@@ -118,6 +127,15 @@ class GitRepo {
 		$repo['logs'] = $git->log(array('limit' => 50));
 		return $repo;
 	}
+	
+	// Commit changes to the repo. Default is to stage all changes and commit everything.
+	public function commit($msg, $options = array()) {
+		try {
+			return $this->git->commit($msg, $options);
+		} catch (\PHPGit\Exception\GitException $ex) {
+			return false;
+		}		
+	}
 
 	public static function isValidGitRepoURL($url) {
 		if (validate_url($url) && strrpos(parse_url($url, PHP_URL_PATH), '.')) {