mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-16 13:03:12 +01:00
936 lines
30 KiB
PHP
936 lines
30 KiB
PHP
<?php
|
|
/**
|
|
* eGroupWare API: VFS - WebDAV access using the new stream wrapper VFS interface
|
|
*
|
|
* Using the PEAR HTTP/WebDAV/Server/Filesystem class (which need to be installed!)
|
|
*
|
|
* @link http://www.egroupware.org
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
|
* @package api
|
|
* @subpackage vfs
|
|
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
|
* @author Hartmut Holzgraefe <hartmut@php.net> original HTTP/WebDAV/Server/Filesystem class, of which some code is used
|
|
* @version $Id$
|
|
*/
|
|
|
|
if (strpos(ini_get('include_path'), EGW_API_INC) === false)
|
|
{
|
|
ini_set('include_path', EGW_API_INC.PATH_SEPARATOR.ini_get('include_path'));
|
|
}
|
|
require_once('HTTP/WebDAV/Server/Filesystem.php');
|
|
|
|
/**
|
|
* FileManger - WebDAV access using the new stream wrapper VFS interface
|
|
*
|
|
* Using modified PEAR HTTP/WebDAV/Server/Filesystem class in API dir
|
|
*/
|
|
class vfs_webdav_server extends HTTP_WebDAV_Server_Filesystem
|
|
{
|
|
/**
|
|
* Realm of eGW's WebDAV server
|
|
*
|
|
*/
|
|
const REALM = 'eGroupWare WebDAV server';
|
|
var $dav_powered_by = self::REALM;
|
|
var $http_auth_realm = self::REALM;
|
|
|
|
/**
|
|
* Base directory is the URL of our VFS root
|
|
*
|
|
* @var string
|
|
*/
|
|
var $base = egw_vfs::PREFIX;
|
|
|
|
/**
|
|
* Debug level: 0 = nothing, 1 = function calls, 2 = more info, eg. complete $_SERVER array
|
|
*
|
|
* The debug messages are send to the apache error_log
|
|
*
|
|
* @var integer
|
|
*/
|
|
var $debug = 0;
|
|
|
|
/**
|
|
* Serve a webdav request
|
|
*
|
|
* Reimplemented to not check our vfs base path with realpath and connect to mysql DB
|
|
*
|
|
* @access public
|
|
* @param $prefix =null prefix filesystem path with given path, eg. "/webdav" for owncloud 4.5 remote.php
|
|
*/
|
|
function ServeRequest($prefix=null)
|
|
{
|
|
// special treatment for litmus compliance test
|
|
// reply on its identifier header
|
|
// not needed for the test itself but eases debugging
|
|
if (isset($this->_SERVER['HTTP_X_LITMUS'])) {
|
|
error_log("Litmus test ".$this->_SERVER['HTTP_X_LITMUS']);
|
|
header("X-Litmus-reply: ".$this->_SERVER['HTTP_X_LITMUS']);
|
|
}
|
|
// let the base class do all the work
|
|
HTTP_WebDAV_Server::ServeRequest($prefix);
|
|
}
|
|
|
|
/**
|
|
* DELETE method handler
|
|
*
|
|
* @param array general parameter passing array
|
|
* @return bool true on success
|
|
*/
|
|
function DELETE($options)
|
|
{
|
|
$path = $this->base . $options['path'];
|
|
|
|
if (!file_exists($path))
|
|
{
|
|
return '404 Not found';
|
|
}
|
|
|
|
if (is_dir($path))
|
|
{
|
|
// recursive delete the directory
|
|
try {
|
|
$ret = egw_vfs::remove($options['path']) && !file_exists($path);
|
|
}
|
|
catch (Exception $e) {
|
|
return '403 Forbidden: '.$e->getMessage();
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$ret = unlink($path);
|
|
}
|
|
if (!$ret)
|
|
{
|
|
return '403 Forbidden';
|
|
}
|
|
return '204 No Content';
|
|
}
|
|
|
|
/**
|
|
* MKCOL method handler
|
|
*
|
|
* Reimplemented to NOT use dirname/basename, which has problems with utf-8 chars
|
|
*
|
|
* @param array general parameter passing array
|
|
* @return bool true on success
|
|
*/
|
|
function MKCOL($options)
|
|
{
|
|
$path = $this->_unslashify($this->base .$options["path"]);
|
|
$parent = egw_vfs::dirname($path);
|
|
$name = egw_vfs::basename($path);
|
|
|
|
if (!file_exists($parent)) {
|
|
return "409 Conflict";
|
|
}
|
|
|
|
if (!is_dir($parent)) {
|
|
return "403 Forbidden";
|
|
}
|
|
|
|
if ( file_exists($parent."/".$name) ) {
|
|
return "405 Method not allowed";
|
|
}
|
|
|
|
if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
|
|
return "415 Unsupported media type";
|
|
}
|
|
|
|
$stat = mkdir($parent."/".$name, 0777);
|
|
if (!$stat) {
|
|
return "403 Forbidden";
|
|
}
|
|
|
|
return ("201 Created");
|
|
}
|
|
|
|
/**
|
|
* COPY method handler
|
|
*
|
|
* @param array general parameter passing array
|
|
* @return bool true on success
|
|
*/
|
|
function COPY($options, $del=false)
|
|
{
|
|
// TODO Property updates still broken (Litmus should detect this?)
|
|
|
|
if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
|
|
return "415 Unsupported media type";
|
|
}
|
|
|
|
// no copying to different WebDAV Servers yet
|
|
if (isset($options["dest_url"])) {
|
|
return "502 bad gateway";
|
|
}
|
|
|
|
$source = $this->base .$options["path"];
|
|
if (!file_exists($source)) return "404 Not found";
|
|
|
|
if (is_dir($source)) { // resource is a collection
|
|
switch ($options["depth"]) {
|
|
case "infinity": // valid
|
|
break;
|
|
case "0": // valid for COPY only
|
|
if ($del) { // MOVE?
|
|
return "400 Bad request";
|
|
}
|
|
break;
|
|
case "1": // invalid for both COPY and MOVE
|
|
default:
|
|
return "400 Bad request";
|
|
}
|
|
}
|
|
|
|
$dest = $this->base . $options["dest"];
|
|
$destdir = dirname($dest);
|
|
|
|
if (!file_exists($destdir) || !is_dir($destdir)) {
|
|
return "409 Conflict";
|
|
}
|
|
|
|
$new = !file_exists($dest);
|
|
$existing_col = false;
|
|
|
|
if (!$new) {
|
|
if ($del && is_dir($dest)) {
|
|
if (!$options["overwrite"]) {
|
|
return "412 precondition failed";
|
|
}
|
|
$dest .= basename($source);
|
|
if (file_exists($dest)) {
|
|
$options["dest"] .= basename($source);
|
|
} else {
|
|
$new = true;
|
|
$existing_col = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!$new) {
|
|
if ($options["overwrite"]) {
|
|
$stat = $this->DELETE(array("path" => $options["dest"]));
|
|
if (($stat{0} != "2") && (substr($stat, 0, 3) != "404")) {
|
|
return $stat;
|
|
}
|
|
} else {
|
|
return "412 precondition failed";
|
|
}
|
|
}
|
|
|
|
if ($del) {
|
|
if (!rename($source, $dest)) {
|
|
return "500 Internal server error";
|
|
}
|
|
} else {
|
|
if (is_dir($source) && $options['depth'] == 'infinity') {
|
|
$files = egw_vfs::find($source,array('depth' => true,'url' => true)); // depth=true: return dirs first, url=true: allow urls!
|
|
} else {
|
|
$files = array($source);
|
|
}
|
|
|
|
if (!is_array($files) || empty($files)) {
|
|
return "500 Internal server error";
|
|
}
|
|
|
|
|
|
foreach ($files as $file) {
|
|
if (is_dir($file)) {
|
|
$file = $this->_slashify($file);
|
|
}
|
|
|
|
$destfile = str_replace($source, $dest, $file);
|
|
|
|
if (is_dir($file)) {
|
|
if (!is_dir($destfile)) {
|
|
// TODO "mkdir -p" here? (only natively supported by PHP 5)
|
|
if (!@mkdir($destfile)) {
|
|
return "409 Conflict";
|
|
}
|
|
}
|
|
} else {
|
|
if (!@copy($file, $destfile)) {
|
|
return "409 Conflict";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// adding Location header as shown in example in rfc2518 section 8.9.5
|
|
header('Location: '.$this->base_uri.$options['dest']);
|
|
|
|
return ($new && !$existing_col) ? "201 Created" : "204 No Content";
|
|
}
|
|
|
|
/**
|
|
* Get properties for a single file/resource
|
|
*
|
|
* @param string $_path resource path
|
|
* @return array resource properties
|
|
*/
|
|
function fileinfo($_path)
|
|
{
|
|
// internally we require some url-encoding, as vfs_stream_wrapper uses URL's internally
|
|
$path = str_replace(array('#','?'),array('%23','%3F'),$_path);
|
|
|
|
//error_log(__METHOD__."($path)");
|
|
// map URI path to filesystem path
|
|
$fspath = $this->base . $path;
|
|
|
|
// create result array
|
|
$info = array();
|
|
// TODO remove slash append code when base class is able to do it itself
|
|
$info['path'] = is_dir($fspath) ? $this->_slashify($path) : $path;
|
|
|
|
// remove all urlencoding we need internally in EGw, HTTP_WebDAV_Server will add it's own!
|
|
// rawurldecode does NOT touch +
|
|
$info['path'] = rawurldecode($info['path']);
|
|
|
|
$info['props'] = array();
|
|
|
|
// no special beautified displayname here ...
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('displayname', egw_vfs::basename(self::_unslashify($info['path'])));
|
|
|
|
// creation and modification time
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('creationdate', filectime($fspath));
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('getlastmodified', filemtime($fspath));
|
|
|
|
// Microsoft extensions: last access time and 'hidden' status
|
|
$info["props"][] = HTTP_WebDAV_Server::mkprop("lastaccessed", fileatime($fspath));
|
|
$info["props"][] = HTTP_WebDAV_Server::mkprop("ishidden", egw_vfs::is_hidden($fspath));
|
|
|
|
// type and size (caller already made sure that path exists)
|
|
if (is_dir($fspath)) {
|
|
// directory (WebDAV collection)
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('resourcetype', array(
|
|
HTTP_WebDAV_Server::mkprop('collection', '')));
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('getcontenttype', 'httpd/unix-directory');
|
|
} else {
|
|
// plain file (WebDAV resource)
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('resourcetype', '');
|
|
if (egw_vfs::is_readable($path)) {
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('getcontenttype', egw_vfs::mime_content_type($path));
|
|
} else {
|
|
error_log(__METHOD__."($path) $fspath is not readable!");
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('getcontenttype', 'application/x-non-readable');
|
|
}
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop ('getcontentlength', filesize($fspath));
|
|
}
|
|
// generate etag from inode (sqlfs: fs_id), modification time and size
|
|
$stat = stat($fspath);
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop('getetag', '"'.$stat['ino'].':'.$stat['mtime'].':'.$stat['size'].'"');
|
|
|
|
/* returning the supportedlock property causes Windows DAV provider and Konqueror to not longer work
|
|
ToDo: return it only if explicitly requested ($options['props'])
|
|
// supportedlock property
|
|
$info['props'][] = HTTP_WebDAV_Server::mkprop('supportedlock','
|
|
<D:lockentry>
|
|
<D:lockscope><D:exclusive/></D:lockscope>
|
|
<D:locktype><D:write/></D:lockscope>
|
|
</D:lockentry>
|
|
<D:lockentry>
|
|
<D:lockscope><D:shared/></D:lockscope>
|
|
<D:locktype><D:write/></D:lockscope>
|
|
</D:lockentry>');
|
|
*/
|
|
//error_log(__METHOD__."($path) info=".array2string($info));
|
|
return $info;
|
|
}
|
|
|
|
/**
|
|
* Which regular properties should be copied to different namespaces and names,
|
|
* because PROPPATCH stores them not as properties under their namespace and name,
|
|
* but simply sets the standard stat values instead.
|
|
*
|
|
* @var array stat-attr => array(array('ns'=>namespace, 'name'=>attribute-name)[, ...])
|
|
*/
|
|
public static $auto_props = array(
|
|
'mtime' => array(
|
|
array('ns' => 'urn:schemas-microsoft-com:', 'name' => 'Win32LastModifiedTime'),
|
|
array('ns' => 'http://www.southrivertech.com/', 'name' => 'srt_modifiedtime'),
|
|
array('ns' => 'http://www.southrivertech.com/', 'name' => 'getlastmodified'),
|
|
),
|
|
'ctime' => array(
|
|
// no streamwrapper interface / php function to set the ctime currently
|
|
//array('ns' => 'urn:schemas-microsoft-com:', 'name' => 'Win32CreationTime'),
|
|
//array('ns' => 'http://www.southrivertech.com/', 'name' => 'srt_creationtime'),
|
|
),
|
|
);
|
|
|
|
/**
|
|
* PROPFIND method handler
|
|
*
|
|
* Reimplemented to fetch all extra property of a PROPFIND request in one go.
|
|
*
|
|
* @param array general parameter passing array
|
|
* @param array return array for file properties
|
|
* @return bool true on success
|
|
*/
|
|
function PROPFIND(&$options, &$files)
|
|
{
|
|
if (!parent::PROPFIND($options,$files))
|
|
{
|
|
return false;
|
|
}
|
|
$path2n = array();
|
|
foreach($files['files'] as $n => $info)
|
|
{
|
|
// do NOT report /clientsync/.favorites/, as it fails
|
|
if (strpos($info['path'],'/clientsync/.favorites/') === 0)
|
|
{
|
|
unset($files['files'][$n]);
|
|
continue;
|
|
}
|
|
$_path = $info['path'];
|
|
if (!$n && $info['path'] != '/' && substr($info['path'],-1) == '/') $_path = substr($info['path'],0,-1);
|
|
|
|
// need to encode path again, as $info['path'] is NOT encoded, but egw_vfs::(stat|propfind) require it
|
|
// otherwise pathes containing url special chars like ? or # will not stat
|
|
$path = egw_vfs::encodePath($_path);
|
|
$path2n[$path] = $n;
|
|
|
|
// adding some properties used instead of regular DAV times
|
|
if (($stat = egw_vfs::stat($path)))
|
|
{
|
|
$fileprops =& $files['files'][$path2n[$path]]['props'];
|
|
foreach(self::$auto_props as $attr => $props)
|
|
{
|
|
switch($attr)
|
|
{
|
|
case 'ctime':
|
|
case 'mtime':
|
|
case 'atime':
|
|
$value = gmdate('D, d M Y H:i:s T',$stat[$attr]);
|
|
break;
|
|
|
|
default:
|
|
continue 2;
|
|
}
|
|
foreach($props as $prop)
|
|
{
|
|
$prop['val'] = $value;
|
|
$fileprops[] = $prop;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if ($path2n && ($path2props = egw_vfs::propfind(array_keys($path2n),null)))
|
|
{
|
|
foreach($path2props as $path => $props)
|
|
{
|
|
$fileprops =& $files['files'][$path2n[$path]]['props'];
|
|
foreach($props as $prop)
|
|
{
|
|
if ($prop['ns'] == egw_vfs::DEFAULT_PROP_NAMESPACE && $prop['name'][0] == '#') // eGW's customfields
|
|
{
|
|
$prop['ns'] .= 'customfields/';
|
|
$prop['name'] = substr($prop['name'],1);
|
|
}
|
|
$fileprops[] = $prop;
|
|
}
|
|
}
|
|
}
|
|
if ($this->debug) error_log(__METHOD__."() props=".array2string($files['files']));
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Used eg. by get
|
|
*
|
|
* @todo replace all calls to _mimetype with egw_vfs::mime_content_type()
|
|
* @param string $path
|
|
* @return string
|
|
*/
|
|
function _mimetype($path)
|
|
{
|
|
return egw_vfs::mime_content_type($path);
|
|
}
|
|
|
|
/**
|
|
* Check if path is readable by current user
|
|
*
|
|
* @param string $fspath
|
|
* @return boolean
|
|
*/
|
|
function _is_readable($fspath)
|
|
{
|
|
return egw_vfs::is_readable($fspath);
|
|
}
|
|
|
|
/**
|
|
* Check if path is writable by current user
|
|
*
|
|
* @param string $fspath
|
|
* @return boolean
|
|
*/
|
|
function _is_writable($fspath)
|
|
{
|
|
return egw_vfs::is_writable($fspath);
|
|
}
|
|
|
|
/**
|
|
* PROPPATCH method handler
|
|
*
|
|
* The current version only allows Webdrive to set creation and modificaton dates.
|
|
* They are not stored as (arbitrary) WebDAV properties with their own namespace and name,
|
|
* but in the regular vfs attributes.
|
|
*
|
|
* @param array general parameter passing array
|
|
* @return bool true on success
|
|
*/
|
|
function PROPPATCH(&$options)
|
|
{
|
|
$path = translation::convert($options['path'],'utf-8');
|
|
|
|
foreach ($options['props'] as $key => $prop) {
|
|
$attributes = array();
|
|
switch($prop['ns'])
|
|
{
|
|
// allow Webdrive to set creation and modification time
|
|
case 'http://www.southrivertech.com/':
|
|
switch($prop['name'])
|
|
{
|
|
case 'srt_modifiedtime':
|
|
case 'getlastmodified':
|
|
egw_vfs::touch($path,strtotime($prop['val']));
|
|
break;
|
|
//case 'srt_creationtime':
|
|
// no streamwrapper interface / php function to set the ctime currently
|
|
//$attributes['created'] = strtotime($prop['val']);
|
|
//break;
|
|
default:
|
|
if (!egw_vfs::proppatch($path,array($prop))) $options['props'][$key]['status'] = '403 Forbidden';
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case 'DAV:':
|
|
switch($prop['name'])
|
|
{
|
|
// allow netdrive to change the modification time
|
|
case 'getlastmodified':
|
|
egw_vfs::touch($path,strtotime($prop['val']));
|
|
break;
|
|
// not sure why, the filesystem example of the WebDAV class does it ...
|
|
default:
|
|
$options['props'][$key]['status'] = '403 Forbidden';
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case 'urn:schemas-microsoft-com:':
|
|
switch($prop['name'])
|
|
{
|
|
case 'Win32LastModifiedTime':
|
|
egw_vfs::touch($path,strtotime($prop['val']));
|
|
break;
|
|
case 'Win32CreationTime': // eg. "Wed, 14 Sep 2011 15:48:26 GMT"
|
|
case 'Win32LastAccessTime':
|
|
case 'Win32FileAttributes': // not sure what that is, it was always "00000000"
|
|
default:
|
|
if (!egw_vfs::proppatch($path,array($prop))) $options['props'][$key]['status'] = '403 Forbidden';
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case egw_vfs::DEFAULT_PROP_NAMESPACE.'customfields/': // eGW's customfields
|
|
$prop['ns'] = egw_vfs::DEFAULT_PROP_NAMESPACE;
|
|
$prop['name'] = '#'.$prop['name'];
|
|
// fall through
|
|
default:
|
|
if (!egw_vfs::proppatch($path,array($prop))) $options['props'][$key]['status'] = '403 Forbidden';
|
|
break;
|
|
}
|
|
if ($this->debug) $props[] = '('.$prop['ns'].')'.$prop['name'].'='.$prop['val'];
|
|
}
|
|
if ($this->debug)
|
|
{
|
|
error_log(__METHOD__.": path=$options[path], props=".implode(', ',$props));
|
|
if ($attributes) error_log(__METHOD__.": path=$options[path], set attributes=".str_replace("\n",' ',print_r($attributes,true)));
|
|
}
|
|
|
|
return ''; // this is as the filesystem example handler does it, no true or false ...
|
|
}
|
|
|
|
/**
|
|
* LOCK method handler
|
|
*
|
|
* @param array general parameter passing array
|
|
* @return bool true on success
|
|
*/
|
|
function LOCK(&$options)
|
|
{
|
|
if ($this->debug) error_log(__METHOD__.'('.str_replace(array("\n",' '),'',print_r($options,true)).')');
|
|
// TODO recursive locks on directories not supported yet
|
|
if (is_dir($this->base . $options['path']) && !empty($options['depth']))
|
|
{
|
|
return '409 Conflict';
|
|
}
|
|
$options['timeout'] = time()+300; // 5min. hardcoded
|
|
|
|
// dont know why, but HTTP_WebDAV_Server passes the owner in D:href tags, which get's passed unchanged to checkLock/PROPFIND
|
|
// that's wrong according to the standard and cadaver does not show it on discover --> strip_tags removes eventual tags
|
|
if (($ret = egw_vfs::lock($options['path'],$options['locktoken'],$options['timeout'],strip_tags($options['owner']),
|
|
$options['scope'],$options['type'],isset($options['update']))) && !isset($options['update']))
|
|
{
|
|
return $ret ? '200 OK' : '409 Conflict';
|
|
}
|
|
return $ret;
|
|
}
|
|
|
|
/**
|
|
* UNLOCK method handler
|
|
*
|
|
* @param array general parameter passing array
|
|
* @return bool true on success
|
|
*/
|
|
function UNLOCK(&$options)
|
|
{
|
|
if ($this->debug) error_log(__METHOD__.'('.str_replace(array("\n",' '),'',print_r($options,true)).')');
|
|
return egw_vfs::unlock($options['path'],$options['token']) ? '204 No Content' : '409 Conflict';
|
|
}
|
|
|
|
/**
|
|
* checkLock() helper
|
|
*
|
|
* @param string resource path to check for locks
|
|
* @return bool true on success
|
|
*/
|
|
function checkLock($path)
|
|
{
|
|
return egw_vfs::checkLock($path);
|
|
}
|
|
|
|
/**
|
|
* GET method handler for directories
|
|
*
|
|
* Reimplemented to send content type header with charset
|
|
*
|
|
* @param string directory path
|
|
* @return void function has to handle HTTP response itself
|
|
*/
|
|
function GetDir($fspath, &$options)
|
|
{
|
|
// add a content-type header to overwrite an existing default charset in apache (AddDefaultCharset directiv)
|
|
header('Content-type: text/html; charset='.translation::charset());
|
|
|
|
parent::GetDir($fspath, $options);
|
|
}
|
|
|
|
private $force_download = false;
|
|
|
|
/**
|
|
* Constructor
|
|
*
|
|
* Reimplement to add a Content-Disposition header, if ?download is appended to the REQUEST_URI
|
|
*/
|
|
function __construct()
|
|
{
|
|
if ($_SERVER['REQUEST_METHOD'] == 'GET' && ($this->force_download = strpos($_SERVER['REQUEST_URI'],'?download')))
|
|
{
|
|
$_SERVER['REQUEST_URI'] = substr($_SERVER['REQUEST_URI'],0,$this->force_download);
|
|
}
|
|
parent::HTTP_WebDAV_Server();
|
|
}
|
|
|
|
/**
|
|
* GET method handler
|
|
*
|
|
* Reimplement to add a Content-Disposition header, if ?download is appended to the REQUEST_URI
|
|
*
|
|
* @param array parameter passing array
|
|
* @return bool true on success
|
|
*/
|
|
function GET(&$options)
|
|
{
|
|
if (is_dir($this->base . $options["path"]))
|
|
{
|
|
return $this->autoindex($options);
|
|
}
|
|
if (($ok = parent::GET($options)))
|
|
{
|
|
// mitigate risk of serving javascript or css via webdav from our domain,
|
|
// which will get around same origin policy and CSP
|
|
list($type, $subtype) = explode('/', strtolower($options['mimetype']));
|
|
if (!$this->force_download && in_array($type, array('application', 'text')) &&
|
|
in_array($subtype, array('javascript', 'x-javascript', 'ecmascript', 'jscript', 'vbscript', 'css')))
|
|
{
|
|
// unfortunatly only Chrome and IE >= 8 allow to switch content-sniffing off with X-Content-Type-Options: nosniff
|
|
if (html::$user_agent == 'chrome' || html::$user_agent == 'msie' && html::$ua_version >= 8)
|
|
{
|
|
$options['mimetype'] = 'text/plain';
|
|
header('X-Content-Type-Options: nosniff'); // stop IE & Chrome from content-type sniffing
|
|
}
|
|
// for the rest we change mime-type to text/html and let code below handle it safely
|
|
// this stops Safari and Firefox from using it as src attribute in a script tag
|
|
// but only for "real" browsers, we dont want to modify data for our WebDAV clients
|
|
elseif (isset($_SERVER['HTTP_REFERER']))
|
|
{
|
|
$options['mimetype'] = 'text/html';
|
|
$options['data'] = '<pre>'.fread($options['stream'], $options['size']);
|
|
$options['size'] += 5;
|
|
fclose($options['stream']);
|
|
unset($options['stream']);
|
|
}
|
|
}
|
|
// mitigate risk of html downloads by using CSP or force download for IE
|
|
if (!$this->force_download && in_array($options['mimetype'], array('text/html', 'application/xhtml+xml')))
|
|
{
|
|
// use CSP only for current user-agents/versions I was able to positivly test
|
|
if (html::$user_agent == 'chrome' && html::$ua_version >= 24 ||
|
|
// mobile FF 24 on Android does NOT honor CSP!
|
|
html::$user_agent == 'firefox' && !html::$ua_mobile && html::$ua_version >= 24 ||
|
|
html::$user_agent == 'safari' && !html::$ua_mobile && html::$ua_version >= 536 || // OS X
|
|
html::$user_agent == 'safari' && html::$ua_mobile && html::$ua_version >= 9537) // iOS 7
|
|
{
|
|
$csp = "script-src 'none'"; // forbid to execute any javascript
|
|
header("Content-Security-Policy: $csp");
|
|
header("X-Webkit-CSP: $csp"); // Chrome: <= 24, Safari incl. iOS
|
|
//header("X-Content-Security-Policy: $csp"); // FF <= 22
|
|
//error_log(__METHOD__."('$options[path]') ".html::$user_agent.'/'.html::$ua_version.(html::$ua_mobile?'/mobile':'').": using Content-Security-Policy: $csp");
|
|
}
|
|
else // everything else get's a Content-dispostion: attachment, to be on save side
|
|
{
|
|
//error_log(__METHOD__."('$options[path]') ".html::$user_agent.'/'.html::$ua_version.(html::$ua_mobile?'/mobile':'').": using Content-disposition: attachment");
|
|
$this->force_download = true;
|
|
}
|
|
}
|
|
if ($this->force_download)
|
|
{
|
|
html::content_disposition_header(egw_vfs::basename($options['path']),true);
|
|
}
|
|
}
|
|
return $ok;
|
|
}
|
|
|
|
/**
|
|
* Display an automatic index (listing and properties) for a collection
|
|
*
|
|
* @param array $options parameter passing array, index "path" contains requested path
|
|
*/
|
|
protected function autoindex($options)
|
|
{
|
|
$propfind_options = array(
|
|
'path' => $options['path'],
|
|
'depth' => 1,
|
|
);
|
|
$files = array();
|
|
if (($ret = $this->PROPFIND($propfind_options,$files)) !== true)
|
|
{
|
|
return $ret; // no collection
|
|
}
|
|
header('Content-type: text/html; charset='.translation::charset());
|
|
echo "<html>\n<head>\n\t<title>".'EGroupware WebDAV server '.htmlspecialchars($options['path'])."</title>\n";
|
|
echo "\t<meta http-equiv='content-type' content='text/html; charset=utf-8' />\n";
|
|
echo "\t<style type='text/css'>\n.th { background-color: #e0e0e0; }\n.row_on { background-color: #F1F1F1; vertical-align: top; }\n".
|
|
".row_off { background-color: #ffffff; vertical-align: top; }\ntd { padding-left: 5px; }\nth { padding-left: 5px; text-align: left; }\n\t</style>\n";
|
|
echo "</head>\n<body>\n";
|
|
|
|
echo '<h1>WebDAV ';
|
|
list(,$base) = explode(parse_url($GLOBALS['egw_info']['server']['webserver_url'], PHP_URL_PATH), $this->base_uri, 2);
|
|
$path = $base;
|
|
foreach(explode('/',$this->_unslashify($options['path'])) as $n => $name)
|
|
{
|
|
$path .= ($n != 1 ? '/' : '').$name;
|
|
echo html::a_href(htmlspecialchars($name.'/'),$path);
|
|
}
|
|
echo "</h1>\n";
|
|
|
|
static $props2show = array(
|
|
'DAV:displayname' => 'Displayname',
|
|
'DAV:getlastmodified' => 'Last modified',
|
|
'DAV:getetag' => 'ETag',
|
|
'DAV:getcontenttype' => 'Content type',
|
|
'DAV:resourcetype' => 'Resource type',
|
|
//'DAV:owner' => 'Owner',
|
|
//'DAV:current-user-privilege-set' => 'current-user-privilege-set',
|
|
//'DAV:getcontentlength' => 'Size',
|
|
//'DAV:sync-token' => 'sync-token',
|
|
);
|
|
$n = 0;
|
|
$collection_props = null;
|
|
foreach($files['files'] as $file)
|
|
{
|
|
if (!isset($collection_props))
|
|
{
|
|
$collection_props = $this->props2array($file['props']);
|
|
echo '<h3>'.lang('Collection listing').': '.htmlspecialchars($collection_props['DAV:displayname'])."</h3>\n";
|
|
continue; // own entry --> displaying properies later
|
|
}
|
|
if(!$n++)
|
|
{
|
|
echo "<table>\n\t<tr class='th'>\n\t\t<th>#</th>\n\t\t<th>".lang('Name')."</th>";
|
|
foreach($props2show as $label)
|
|
{
|
|
echo "\t\t<th>".lang($label)."</th>\n";
|
|
}
|
|
echo "\t</tr>\n";
|
|
}
|
|
$props = $this->props2array($file['props']);
|
|
//echo $file['path']; _debug_array($props);
|
|
$class = $class == 'row_on' ? 'row_off' : 'row_on';
|
|
|
|
if (substr($file['path'],-1) == '/')
|
|
{
|
|
$name = basename(substr($file['path'],0,-1)).'/';
|
|
}
|
|
else
|
|
{
|
|
$name = basename($file['path']);
|
|
}
|
|
|
|
echo "\t<tr class='$class'>\n\t\t<td>$n</td>\n\t\t<td>".
|
|
html::a_href(htmlspecialchars($name),$base.strtr($file['path'], array(
|
|
'%' => '%25',
|
|
'#' => '%23',
|
|
'?' => '%3F',
|
|
)))."</td>\n";
|
|
foreach($props2show as $prop => $label)
|
|
{
|
|
echo "\t\t<td>".($prop=='DAV:getlastmodified'&&!empty($props[$prop])?date('Y-m-d H:i:s',$props[$prop]):$props[$prop])."</td>\n";
|
|
}
|
|
echo "\t</tr>\n";
|
|
}
|
|
if (!$n)
|
|
{
|
|
echo '<p>'.lang('Collection empty.')."</p>\n";
|
|
}
|
|
else
|
|
{
|
|
echo "</table>\n";
|
|
}
|
|
echo '<h3>'.lang('Properties')."</h3>\n";
|
|
echo "<table>\n\t<tr class='th'><th>".lang('Namespace')."</th><th>".lang('Name')."</th><th>".lang('Value')."</th></tr>\n";
|
|
foreach($collection_props as $name => $value)
|
|
{
|
|
$class = $class == 'row_on' ? 'row_off' : 'row_on';
|
|
$parts = explode(':',$name);
|
|
$name = array_pop($parts);
|
|
$ns = implode(':',$parts);
|
|
echo "\t<tr class='$class'>\n\t\t<td>".htmlspecialchars($ns)."</td><td style='white-space: nowrap'>".htmlspecialchars($name)."</td>\n";
|
|
echo "\t\t<td>".$value."</td>\n\t</tr>\n";
|
|
}
|
|
echo "</table>\n";
|
|
/*$dav = array(1);
|
|
$allow = false;
|
|
$this->OPTIONS($options['path'], $dav, $allow);
|
|
echo "<p>DAV: ".implode(', ', $dav)."</p>\n";*/
|
|
|
|
echo "</body>\n</html>\n";
|
|
|
|
common::egw_exit();
|
|
}
|
|
|
|
/**
|
|
* Format a property value for output
|
|
*
|
|
* @param mixed $value
|
|
* @return string
|
|
*/
|
|
protected function prop_value($value)
|
|
{
|
|
if (is_array($value))
|
|
{
|
|
if (isset($value[0]['ns']))
|
|
{
|
|
$value = $this->_hierarchical_prop_encode($value);
|
|
}
|
|
$value = array2string($value);
|
|
}
|
|
if ($value[0] == '<' && function_exists('tidy_repair_string'))
|
|
{
|
|
$value = tidy_repair_string($value, array(
|
|
'indent' => true,
|
|
'show-body-only' => true,
|
|
'output-encoding' => 'utf-8',
|
|
'input-encoding' => 'utf-8',
|
|
'input-xml' => true,
|
|
'output-xml' => true,
|
|
'wrap' => 0,
|
|
));
|
|
}
|
|
if (($href=preg_match('/\<(D:)?href\>[^<]+\<\/(D:)?href\>/i',$value)))
|
|
{
|
|
$value = preg_replace('/\<(D:)?href\>('.preg_quote($this->base_uri.'/','/').')?([^<]+)\<\/(D:)?href\>/i','<\\1href><a href="\\2\\3">\\3</a></\\4href>',$value);
|
|
}
|
|
$ret = $value[0] == '<' || strpos($value, "\n") !== false ?
|
|
'<pre>'.htmlspecialchars($value).'</pre>' : htmlspecialchars($value);
|
|
|
|
if ($href)
|
|
{
|
|
$ret = str_replace('</a>', '</a>',
|
|
preg_replace('/<a href="(.+)">/', '<a href="\\1">', $ret));
|
|
}
|
|
return $ret;
|
|
}
|
|
|
|
/**
|
|
* Return numeric indexed array with values for keys 'ns', 'name' and 'val' as array 'ns:name' => 'val'
|
|
*
|
|
* @param array $props
|
|
* @return array
|
|
*/
|
|
protected function props2array(array $props)
|
|
{
|
|
$arr = array();
|
|
foreach($props as $prop)
|
|
{
|
|
$ns_hash = array('DAV:' => 'D');
|
|
switch($prop['ns'])
|
|
{
|
|
case 'DAV:';
|
|
$ns = 'DAV';
|
|
break;
|
|
default:
|
|
$ns = $prop['ns'];
|
|
}
|
|
if (is_array($prop['val']))
|
|
{
|
|
$prop['val'] = $this->_hierarchical_prop_encode($prop['val'], $prop['ns'], $ns_defs='', $ns_hash);
|
|
// hack to show real namespaces instead of not (visibly) defined shortcuts
|
|
unset($ns_hash['DAV:']);
|
|
$value = strtr($v=$this->prop_value($prop['val']),array_flip($ns_hash));
|
|
}
|
|
else
|
|
{
|
|
$value = $this->prop_value($prop['val']);
|
|
}
|
|
$arr[$ns.':'.$prop['name']] = $value;
|
|
}
|
|
return $arr;
|
|
}
|
|
|
|
/**
|
|
* PUT method handler
|
|
*
|
|
* Reimplemented to safely rejected PUT with Transfer-Encoding: Chunk, if server does not support it.
|
|
* Currently on Apache with mod_php and newer Ngix support it.
|
|
* We reject it with "501 Unimplemented" for fastCGI, if SERVER_SOFTWARE does NOT contain Nginx.
|
|
* This stops OS X Finder from destroying files.
|
|
*
|
|
* @param array parameter passing array
|
|
* @return bool true on success
|
|
*/
|
|
function PUT(&$options)
|
|
{
|
|
if (strtolower($_SERVER['HTTP_TRANSFER_ENCODING']) == 'chunked' &&
|
|
in_array(php_sapi_name(), array('cgi', 'cgi-fcgi', 'fpm-fcgi')) && !preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE']))
|
|
{
|
|
error_log(__METHOD__.'() '.$_SERVER['REQUEST_METHOD'].' '.$_SERVER['REQUEST_URI'].' HTTP/1.1');
|
|
error_log(__METHOD__.'() _SERVER[HTTP_TRANSFER_ENCODING='.$_SERVER['HTTP_TRANSFER_ENCODING'].', php_sapi_name()='.php_sapi_name().', _SERVER[SERVER_SOFTWARE]='.$_SERVER['SERVER_SOFTWARE']);
|
|
/*foreach($_SERVER as $name => $value)
|
|
{
|
|
list($type,$name) = explode('_',$name,2);
|
|
if ($type == 'HTTP' || $type == 'CONTENT')
|
|
{
|
|
error_log(__METHOD__.'() '.str_replace(' ','-',ucwords(strtolower(($type=='HTTP'?'':$type.' ').str_replace('_',' ',$name)))).
|
|
': '.($name=='AUTHORIZATION'?'Basic ***************':$value));
|
|
}
|
|
}*/
|
|
error_log(__METHOD__.'() Rejected PUT with Transfer-Encoding: Chunked, as server does NOT support it!');
|
|
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6
|
|
return '501 Unimplemented (Transfer-Encoding: Chunked)';
|
|
}
|
|
return parent::PUT($options);
|
|
}
|
|
}
|