[dev] Horde Shared Ressource API

Joel Vandal jvandal@subi.to
Mon, 19 Aug 2002 20:03:06 -0400
Previous message: [dev] Sieve GUI.
Next message: [dev] Horde Shared Ressource API
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is a multi-part message in MIME format.

---------------------- multipart/alternative attachment
Hi,

On last weeks, I've talk about a patch for shared calendar with =
Kronolith.  I have rewrite/restructure major part of my code and create =
a new class/API for Horde. I named it Share::

With this classe you can add shared ressources support on any Horde =
modules. You have only to add some require_once and hasPermission call.

All shared information are saved in a SQL database (future release will =
include other backend).

Currently, my code is still in alpha stage and will not be available =
before I clean and comment code.

But, If you have suggestions or comments, please send me an email about =
this.

You can get a working demo (at this time, Gollem and Kronolith have been =
patched) at  http://www.courriels.com/horde2/ (login: =
demo@perl-quebec.com pass: demo)

I have also begin some work on lib/VFSBrowser.php (check the browse =
function on my demo... gollem -> Options -> Share -> Browse)

Finally, I will try it with a clean gollem version but using the file =
VFS backend, it's possible to use : manage.php?dir=3D../../../ to go out =
of the vfsroot directory and go in /etc /tmp etc.  .

Here is a preliminary patch for gollem/lib/Gollem.php that only go to =
the [Home] folder if the dir parameter contain .. (dot dot)...

   function setDir()
    {
        $dir =3D Horde::getFormData('dir');

        if (preg_match('/\.\./', $dir)) {
            $dir =3D '' ;
        }

--
Joel Vandal

---------------------- multipart/alternative attachment
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>On last weeks, I've talk about a patch =
for shared=20
calendar with Kronolith.&nbsp; </FONT><FONT face=3DArial size=3D2>I have =

rewrite/restructure major part of my code and create a new class/API for =
Horde.=20
I named it Share::</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>With this classe you can add shared =
ressources=20
support on any Horde modules. You have&nbsp;only to add some =
require_once and=20
hasPermission&nbsp;call.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>All shared information are saved in a =
SQL database=20
(future release will include other backend).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Currently, my code is still in alpha =
stage and will=20
not be available before I clean and comment code.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>But, If you have suggestions or =
comments, please=20
send me an email about this.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>You can get a working demo (at this =
time, Gollem=20
and Kronolith have been patched) at &nbsp;<A=20
href=3D"http://www.courriels.com/horde2/">http://www.courriels.com/horde2=
/</A>=20
(login: <A href=3D"mailto:demo@perl-quebec.com">demo@perl-quebec.com</A> =
pass:=20
demo)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I have also begin some work on =
lib/VFSBrowser.php=20
(check the browse function on my demo... gollem -&gt; Options -&gt; =
Share -&gt;=20
Browse)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Finally, I will try it with a clean =
gollem version=20
but using the file VFS backend, it's possible to use : =
manage.php?dir=3D../../../=20
to go out of the vfsroot directory and go in /etc /tmp etc.&nbsp; =
.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Here is a&nbsp;preliminary patch for=20
gollem/lib/Gollem.php that only go to the [Home] folder if the dir =
parameter=20
contain .. (dot dot)...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; function=20
setDir()<BR>&nbsp;&nbsp;&nbsp; =
{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
$dir =3D Horde::getFormData('dir');</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial =
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if=20
(preg_match('/\.\./', $dir))=20
{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
$dir =3D=20
'' ;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>--</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Joel Vandal</FONT></DIV></BODY></HTML>

---------------------- multipart/alternative attachment--
Previous message: [dev] Sieve GUI.
Next message: [dev] Horde Shared Ressource API
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]