From d296b02b0e522dbbd30ad7926e9f80f3c8c04328 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 26 Jan 2014 14:15:57 -0800
Subject: The final piece of the DAV authentication puzzle. Provide a directory
 view to an un-auth'd person (without asking for a password) by adding a query
 parameter 'davguest=1'. This is a bit of a hack, but there was no response on
 the official forum about how to do this correctly so it will have to do. On
 the downside, if permission is denied, it won't ask for a password - but
 we're talking about unauthenticated folks who didn't go through magic auth so
 chances are even if they authenticate, permission will still be denied.

---
 include/conversation.php |  2 +-
 mod/cloud.php            | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/include/conversation.php b/include/conversation.php
index cec5993b6..34d661004 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1481,7 +1481,7 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){
 	if($p['view_storage']) {
 		$tabs[] = array(
 			'label' => t('Files'),
-			'url'	=> $a->get_baseurl() . '/cloud/' . $nickname,
+			'url'	=> $a->get_baseurl() . '/cloud/' . $nickname . ((get_observer_hash()) ? '' : '?f=&davguest=1'),
 			'sel'	=> ((argv(0) == 'cloud') ? 'active' : ''),
 			'title' => t('Files and Storage'),
 			'id'    => 'files-tab',
diff --git a/mod/cloud.php b/mod/cloud.php
index f6ea059ce..18b61f941 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -67,12 +67,18 @@ function cloud_init(&$a) {
 		$auth->observer = $ob_hash;
 	}	
 
+	if($_GET['davguest'])
+		$_SESSION['davguest'] = true;
+
+
 
 	$_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']);
 	$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']);
+	$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']);
 
 	$_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']);
 	$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']);
+	$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']);
 
 	$rootDirectory = new RedDirectory('/',$auth);
 	$server = new DAV\Server($rootDirectory);
@@ -85,12 +91,10 @@ function cloud_init(&$a) {
 	// allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login.
 	// If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot, 
 	// prompt for HTTP-auth. This will be the default case for mounting a DAV directory. 
-
-	// FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from 
-	// the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be 
-	// able to do this with a special $_GET request var and a cookie.  
+	// In order to avoid prompting for passwords for viewing a DIRECTORY, add the URL query parameter 'davguest=1'
 
 	$isapublic_file = false;
+	$davguest = ((x($_SESSION,'davguest')) ? true : false);
 
 	if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
 		try { 
@@ -103,7 +107,7 @@ function cloud_init(&$a) {
 		}
 	}
 
-	if((! $auth->observer) && (! $isapublic_file)) {
+	if((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
 		try {
 			$auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++'));
 		}
-- 
cgit v1.2.3


From d67fdd129921549b6a1e7cb5e5ebea7bdc38bf0e Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 26 Jan 2014 14:41:43 -0800
Subject: add davguest param to cut/paste link for directories in
 mod/filestorage

---
 mod/filestorage.php      | 3 +--
 view/tpl/attach_edit.tpl | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/mod/filestorage.php b/mod/filestorage.php
index 18760dd45..3e53a1e93 100644
--- a/mod/filestorage.php
+++ b/mod/filestorage.php
@@ -69,7 +69,6 @@ function filestorage_content(&$a) {
 		return;
 	}
 
-	// 	TODO This will also need to check for files on disk and delete them from there as well as the DB.
 
 	if(argc() > 3 && argv(3) === 'delete') {
 		if(! $perms['write_storage']) {
@@ -110,7 +109,7 @@ function filestorage_content(&$a) {
 
 		$channel = $a->get_channel();
 
-		$cloudpath = get_cloudpath($f);
+		$cloudpath = get_cloudpath($f) . (($f['flags'] & ATTACH_FLAG_DIR) ? '?f=&davguest=1' : '');
 
 		$aclselect_e = populate_acl($f);
 		$is_a_dir = (($f['flags'] & ATTACH_FLAG_DIR) ? true : false);
diff --git a/view/tpl/attach_edit.tpl b/view/tpl/attach_edit.tpl
index f9c6e96ce..77f32b5bc 100644
--- a/view/tpl/attach_edit.tpl
+++ b/view/tpl/attach_edit.tpl
@@ -23,12 +23,11 @@
 {{else}}
 <div class="cut-paste-desc">{{$cpdesc}}</div>
 <input type="text" id="cutpasteinput" name="cutpastelink" value="[attachment]{{$file.hash}},{{$file.revision}}[/attachment]" onclick="this.select();" /><br />
+{{/if}}
 
 <div class="cut-paste-desc">{{$cpldesc}}</div>
 <input type="text" id="linkpasteinput" name="cutpasteextlink" value="{{$cloudpath}}" onclick="this.select();"/><br />
 
-{{/if}}
-
 <div id="attach-edit-perms" >
 {{$aclselect}}
 </div>
-- 
cgit v1.2.3