diff --git a/phpgwapi/inc/HTTP/WebDAV/Server.php b/phpgwapi/inc/HTTP/WebDAV/Server.php new file mode 100644 index 0000000000..a9f6eefe04 --- /dev/null +++ b/phpgwapi/inc/HTTP/WebDAV/Server.php @@ -0,0 +1,2921 @@ + + * @version @package_version@ + */ +class HTTP_WebDAV_Server +{ + // {{{ Member Variables + + /** + * complete URI for this request + * + * @var string + */ + var $uri; + + /** + * base URI for this request + * + * @var string + */ + var $base_uri; + + /** + * Set if client requires to be a url (true) or a path (false). + * RFC 4918 allows both: http://www.webdav.org/specs/rfc4918.html#ELEMENT_href + * But some clients can NOT deal with one or the other! + * + * @var boolean + */ + var $client_require_href_as_url; + + /** + * Set if client requires or does not allow namespace redundacy. + * The XML Namespace specification does allow both + * But some clients can NOT deal with one or the other! + * + * $this->crrnd === false: + * + * + * /egroupware/webdav.php/home/ralf/ + * + * + * + * + * HTTP/1.1 200 OK + * + * + * + * + * $this->crrnd === true: + * + * + * /egroupware/webdav.php/home/ralf/ + * + * + * + * + * HTTP/1.1 200 OK + * + * + * + * + * @var boolean (client_refuses_redundand_namespace_declarations) + */ + var $crrnd = false; + + /** + + + /** + * URI path for this request + * + * @var string + */ + var $path; + + /** + * Realm string to be used in authentification popups + * + * @var string + */ + var $http_auth_realm = "PHP WebDAV"; + + /** + * String to be used in "X-Dav-Powered-By" header + * + * @var string + */ + var $dav_powered_by = ""; + + /** + * Remember parsed If: (RFC2518/9.4) header conditions + * + * @var array + */ + var $_if_header_uris = array(); + + /** + * HTTP response status/message + * + * @var string + */ + var $_http_status = "200 OK"; + + /** + * encoding of property values passed in + * + * @var string + */ + var $_prop_encoding = "utf-8"; + + /** + * Copy of $_SERVER superglobal array + * + * Derived classes may extend the constructor to + * modify its contents + * + * @var array + */ + var $_SERVER; + + // }}} + + // {{{ Constructor + + /** + * Constructor + * + * @param void + */ + function HTTP_WebDAV_Server() + { + // PHP messages destroy XML output -> switch them off + ini_set("display_errors", 0); + + // copy $_SERVER variables to local _SERVER array + // so that derived classes can simply modify these + $this->_SERVER = $_SERVER; + } + + // }}} + + // {{{ ServeRequest() + /** + * Serve WebDAV HTTP request + * + * dispatch WebDAV HTTP request to the apropriate method handler + * + * @param $prefix=null prefix filesystem path with given path, eg. "/webdav" for owncloud 4.5 remote.php + * @return void + */ + function ServeRequest($prefix=null) + { + // prevent warning in litmus check 'delete_fragment' + if (strstr($this->_SERVER["REQUEST_URI"], '#')) { + $this->http_status("400 Bad Request"); + return; + } + + // default is currently to use just the path, extending class can set $this->client_require_href_as_url depending on user-agent + if ($this->client_require_href_as_url) + { + // default uri is the complete request uri + $uri = (@$this->_SERVER["HTTPS"] === "on" ? "https:" : "http:") . '//'.$this->_SERVER['HTTP_HOST']; + } + $uri .= $this->_SERVER["SCRIPT_NAME"]; + + // WebDAV has no concept of a query string and clients (including cadaver) + // seem to pass '?' unencoded, so we need to extract the path info out + // of the request URI ourselves + // if request URI contains a full url, remove schema and domain + if (preg_match('|^https?://[^/]+(/.*)$|', $path_info=$this->_SERVER["REQUEST_URI"], $matches)) + { + $path_info = $matches[1]; + } + $path_info = substr($path_info, strlen($this->_SERVER["SCRIPT_NAME"])); + + // just in case the path came in empty ... + if (empty($path_info)) { + $path_info = "/"; + } + + $path_info = $this->_urldecode($path_info); + + if ($prefix && strpos($path_info, $prefix) === 0) + { + $uri .= $prefix; + list(,$path_info) = explode($prefix, $path_info, 2); + } + + $this->base_uri = $uri; + $this->uri = $uri . $path_info; + + // set path + // $_SERVER['PATH_INFO'] is already urldecoded + //$this->path = $this->_urldecode($path_info); + // quote '#' (e.g. OpenOffice uses this for lock-files) + $this->path = strtr($path_info,array( + '%' => '%25', + '#' => '%23', + '?' => '%3F', + )); + if (!strlen($this->path)) { + if ($this->_SERVER["REQUEST_METHOD"] == "GET") { + // redirect clients that try to GET a collection + // WebDAV clients should never try this while + // regular HTTP clients might ... + header("Location: ".$this->base_uri."/"); + return; + } else { + // if a WebDAV client didn't give a path we just assume '/' + $this->path = "/"; + } + } + + if (ini_get("magic_quotes_gpc")) { + $this->path = stripslashes($this->path); + } + + + // identify ourselves + if (empty($this->dav_powered_by)) { + header("X-Dav-Powered-By: PHP class: ".get_class($this)); + } else { + header("X-Dav-Powered-By: ".$this->dav_powered_by); + } + + // check authentication + // for the motivation for not checking OPTIONS requests on / see + // http://pear.php.net/bugs/bug.php?id=5363 + if ( ( !(($this->_SERVER['REQUEST_METHOD'] == 'OPTIONS') && ($this->path == "/"))) + && (!$this->_check_auth())) { + // RFC2518 says we must use Digest instead of Basic + // but Microsoft Clients do not support Digest + // and we don't support NTLM and Kerberos + // so we are stuck with Basic here + header('WWW-Authenticate: Basic realm="'.($this->http_auth_realm).'"'); + + // Windows seems to require this being the last header sent + // (changed according to PECL bug #3138) + $this->http_status('401 Unauthorized'); + + return; + } + + // check + if (! $this->_check_if_header_conditions()) { + return; + } + + // detect requested method names + $method = strtolower($this->_SERVER["REQUEST_METHOD"]); + $wrapper = "http_".$method; + + // activate HEAD emulation by GET if no HEAD method found + if ($method == "head" && !method_exists($this, "head")) { + $method = "get"; + } + + if (method_exists($this, $wrapper) && ($method == "options" || method_exists($this, $method))) { + $this->$wrapper(); // call method by name + } else { // method not found/implemented + if ($this->_SERVER["REQUEST_METHOD"] == "LOCK") { + $error = '412 Precondition failed'; + ; + } else { + $error = '405 Method not allowed'; + header("Allow: ".join(", ", $this->_allow())); // tell client what's allowed + } + $this->http_status($error); + echo "Error $error\n"; + echo "

$error

\n"; + echo "The requested could not by handled by this server.\n"; + echo '(URI ' . $this->_SERVER['REQUEST_URI'] . ")
\n
\n"; + echo "\n"; + } + } + + // }}} + + // {{{ abstract WebDAV methods + + // {{{ GET() + /** + * GET implementation + * + * overload this method to retrieve resources from your server + *
+ * + * + * @abstract + * @param array &$params Array of input and output parameters + *
input + *
output + * @returns int HTTP-Statuscode + */ + + /* abstract + function GET(&$params) + { + // dummy entry for PHPDoc + } + */ + + // }}} + + // {{{ PUT() + /** + * PUT implementation + * + * PUT implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function PUT() + { + // dummy entry for PHPDoc + } + */ + + // }}} + + // {{{ COPY() + + /** + * COPY implementation + * + * COPY implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function COPY() + { + // dummy entry for PHPDoc + } + */ + + // }}} + + // {{{ MOVE() + + /** + * MOVE implementation + * + * MOVE implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function MOVE() + { + // dummy entry for PHPDoc + } + */ + + // }}} + + // {{{ DELETE() + + /** + * DELETE implementation + * + * DELETE implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function DELETE() + { + // dummy entry for PHPDoc + } + */ + // }}} + + // {{{ PROPFIND() + + /** + * PROPFIND implementation + * + * PROPFIND implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function PROPFIND() + { + // dummy entry for PHPDoc + } + */ + + // }}} + + // {{{ PROPPATCH() + + /** + * PROPPATCH implementation + * + * PROPPATCH implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function PROPPATCH() + { + // dummy entry for PHPDoc + } + */ + // }}} + + // {{{ LOCK() + + /** + * LOCK implementation + * + * LOCK implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function LOCK() + { + // dummy entry for PHPDoc + } + */ + // }}} + + // {{{ UNLOCK() + + /** + * UNLOCK implementation + * + * UNLOCK implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function UNLOCK() + { + // dummy entry for PHPDoc + } + */ + // }}} + + // {{{ ACL() + + /** + * ACL implementation + * + * ACL implementation + * + * @abstract + * @param array &$params + * @returns int HTTP-Statuscode + */ + + /* abstract + function ACL() + { + // dummy entry for PHPDoc + } + */ + // }}} + + // }}} + + // {{{ other abstract methods + + // {{{ check_auth() + + /** + * check authentication + * + * overload this method to retrieve and confirm authentication information + * + * @abstract + * @param string type Authentication type, e.g. "basic" or "digest" + * @param string username Transmitted username + * @param string passwort Transmitted password + * @returns bool Authentication status + */ + + /* abstract + function checkAuth($type, $username, $password) + { + // dummy entry for PHPDoc + } + */ + + // }}} + + // {{{ checklock() + + /** + * check lock status for a resource + * + * overload this method to return shared and exclusive locks + * active for this resource + * + * @abstract + * @param string resource Resource path to check + * @returns array An array of lock entries each consisting + * of 'type' ('shared'/'exclusive'), 'token' and 'timeout' + */ + + /* abstract + function checklock($resource) + { + // dummy entry for PHPDoc + } + */ + + // }}} + + // }}} + + // {{{ WebDAV HTTP method wrappers + + // {{{ http_OPTIONS() + + /** + * OPTIONS method handler + * + * The OPTIONS method handler creates a valid OPTIONS reply + * including Dav: and Allowed: headers + * based on the implemented methods found in the actual instance + * + * @param void + * @return void + */ + function http_OPTIONS() + { + // Microsoft clients default to the Frontpage protocol + // unless we tell them to use WebDAV + header("MS-Author-Via: DAV"); + + // get allowed methods + $allow = $this->_allow(); + + // dav header + $dav = array(1); // assume we are always dav class 1 compliant + if (isset($allow['LOCK'])) { + $dav[] = 2; // dav class 2 requires that locking is supported + } + + // allow extending class to modify DAV and Allow headers + if (method_exists($this,'OPTIONS')) { + $this->OPTIONS($this->path,$dav,$allow); + } + + // tell clients what we found + $this->http_status("200 OK"); + header("DAV: " .join(", ", $dav)); + header("Allow: ".join(", ", $allow)); + + header("Content-length: 0"); + } + + // }}} + + + // {{{ http_PROPFIND() + + /** + * Should the whole PROPFIND request (xml) be stored + * + * @var boolean + */ + var $store_request = false; + /** + * Content of (last) PROPFIND request + * + * @var string + */ + var $request; + + /** + * PROPFIND method handler + * + * @param string $handler='PROPFIND' allows to use method eg. for CalDAV REPORT + * @return void + */ + function http_PROPFIND($handler='PROPFIND') + { + $options = Array(); + $files = Array(); + + $options["path"] = $this->path; + + // search depth from header (default is "infinity) + if (isset($this->_SERVER['HTTP_DEPTH'])) { + $options["depth"] = $this->_SERVER["HTTP_DEPTH"]; + } else { + $options["depth"] = "infinity"; + } + + // analyze request payload + $propinfo = new _parse_propfind("php://input", $this->store_request); + if ($this->store_request) $this->request = $propinfo->request; + if (!$propinfo->success) { + $this->http_status("400 Error"); + return; + } + $options['root'] = $propinfo->root; + $options['props'] = $propinfo->props; + if ($propinfo->filters) + $options['filters'] = $propinfo->filters; + if ($propinfo->other) + $options['other'] = $propinfo->other; + + // call user handler + if (!($retval =$this->$handler($options, $files))) { + $files = array("files" => array()); + if (method_exists($this, "checkLock")) { + // is locked? + $lock = $this->checkLock($this->path); + + if (is_array($lock) && count($lock)) { + $created = isset($lock['created']) ? $lock['created'] : time(); + $modified = isset($lock['modified']) ? $lock['modified'] : time(); + $files['files'][] = array("path" => $this->_slashify($this->path), + "props" => array($this->mkprop("displayname", $this->path), + $this->mkprop("creationdate", $created), + $this->mkprop("getlastmodified", $modified), + $this->mkprop("resourcetype", ""), + $this->mkprop("getcontenttype", ""), + $this->mkprop("getcontentlength", 0)) + ); + } + } + + if (empty($files['files'])) { + $this->http_status("404 Not Found"); + return; + } + } + + // now we generate the reply header ... + if ($retval === true) + { + $this->http_status('207 Multi-Status'); + } + elseif (is_string($retval)) + { + $this->http_status($retval); + header('Content-Type: text/html'); + echo "Error $retval\n"; + echo "

$retval

\n"; + switch (substr($retval, 0 ,3)) + { + case '501': // Not Implemented + echo "The requested feature is not (yet) supported by this server.\n"; + break; + default: + echo "The request could not be handled by this server.\n"; + } + echo '(URI ' . $this->_SERVER['REQUEST_URI'] . ")
\n
\n"; + echo "\n"; + return; + } + // dav header + $dav = array(1); // assume we are always dav class 1 compliant + $allow = false; + + // allow extending class to modify DAV + if (method_exists($this,'OPTIONS')) { + $this->OPTIONS($this->path,$dav,$allow); + } + header("DAV: " .join(", ", $dav)); + header('Content-Type: text/xml; charset="utf-8"'); + + // add Vary and Preference-Applied header for Prefer: return=minimal + if (isset($this->_SERVER['HTTP_PREFER']) && in_array('return=minimal', preg_split('/, ?/', $this->_SERVER['HTTP_PREFER']))) + { + header("Preference-Applied: return=minimal"); + header("Vary: Prefer"); + } + + // ... and payload + echo "\n"; + echo $this->crrnd ? "\n" : "\n"; + + $this->multistatus_responses($files['files'], $options['props']); + + // WebDAV sync report sync-token, can be either the sync-token or a callback (called with params in $files['sync-token-params']) + if (isset($files['sync-token'])) + { + echo ($this->crrnd ? " <" : " ". + htmlspecialchars(!is_callable($files['sync-token']) ? $files['sync-token'] : + call_user_func_array($files['sync-token'], (array)$files['sync-token-params'])). + ($this->crrnd ? "\n"; + } + + echo 'crrnd?'':'D:')."multistatus>\n"; + } + + /** + * Render (echo) XML for given multistatus responses + * + * @param array|Iterator $files + * @param array|string $props + */ + function multistatus_responses(&$files, $props, $initial_ns_hash=null, $initial_ns_defs=null) + { + if (!isset($initial_ns_hash)) $initial_ns_hash = array('DAV:' => 'D'); + if (!isset($initial_ns_defs)) $initial_ns_defs = 'xmlns:ns0="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"'; + + // using an ArrayIterator to prevent foreach from copying the array, + // as we cant loop by reference, when an iterator is given in $files + if (is_array($files)) + { + $files = new ArrayIterator($files); + } + // support for "Prefer: depth-noroot" header on PROPFIND + $skip_root = $this->_SERVER['REQUEST_METHOD'] == 'PROPFIND' && + !isset($initial_ns_hash) && // multistatus_response calls itself, do NOT apply skip in that case + isset($this->_SERVER['HTTP_PREFER']) && in_array('depth-noroot', preg_split('/, ?/', $this->_SERVER['HTTP_PREFER'])); + + // now we loop over all returned file entries + foreach ($files as $file) { + + // skip first element (root), if requested by Prefer: depth-noroot + if ($skip_root) { + $skip_root = false; + continue; + } + + // collect namespaces here + $ns_hash = $initial_ns_hash; + + // Microsoft Clients need this special namespace for date and time values + $ns_defs = $initial_ns_defs; + + // nothing to do if no properties were returend for a file + if (isset($file["props"]) && is_array($file["props"])) { + + // now loop over all returned properties + foreach ($file["props"] as &$prop) { + // as a convenience feature we do not require that user handlers + // restrict returned properties to the requested ones + // here we strip all unrequested entries out of the response + + // this can happen if we have allprop and prop in one propfind: + // , eg. blah is not automatic returned by allprop + switch(is_array($props) ? $props[0] : $props) { + case "all": + // nothing to remove + break; + + case "names": + // only the names of all existing properties were requested + // so we remove all values + unset($prop["val"]); + break; + + default: + $found = false; + + // search property name in requested properties + foreach ((array)$props as $reqprop) { + if ( $reqprop["name"] == $prop["name"] + && @$reqprop["xmlns"] == $prop["ns"]) { + $found = true; + break; + } + } + + // unset property and continue with next one if not found/requested + if (!$found) { + $prop=""; + continue(2); + } + break; + } + + // namespace handling + if (empty($prop["ns"])) continue; // no namespace + $ns = $prop["ns"]; + //if ($ns == "DAV:") continue; // default namespace + if (isset($ns_hash[$ns])) continue; // already known + + // register namespace + $ns_name = "ns".(count($ns_hash) + 1); + $ns_hash[$ns] = $ns_name; + $ns_defs .= " xmlns:$ns_name=\"$ns\""; + } + + // we also need to add empty entries for properties that were requested + // but for which no values where returned by the user handler + if (is_array($props)) { + foreach ($props as $reqprop) { + if (!is_array($reqprop) || $reqprop['name']=="") continue; // skip empty entries, or 'all' if used together with + + $found = false; + + // check if property exists in result + foreach ($file["props"] as &$prop) { + if (is_array($prop) && $reqprop["name"] == $prop["name"] + && @$reqprop["xmlns"] == $prop["ns"]) { + $found = true; + break; + } + } + + if (!$found) { + if ($reqprop["xmlns"]==="DAV:" && $reqprop["name"]==="lockdiscovery") { + // lockdiscovery is handled by the base class + $file["props"][] + = $this->mkprop("DAV:", + "lockdiscovery", + $this->lockdiscovery($file['path'])); + // only collect $file['noprops'] if we have NO Brief: t and NO Prefer: return=minimal HTTP Header + } elseif ((!isset($this->_SERVER['HTTP_BRIEF']) || $this->_SERVER['HTTP_BRIEF'] != 't') && + (!isset($this->_SERVER['HTTP_PREFER']) || !in_array('return=minimal', preg_split('/, ?/', $this->_SERVER['HTTP_PREFER'])))) { + // add empty value for this property + $file["noprops"][] = + $this->mkprop($reqprop["xmlns"], $reqprop["name"], ""); + + // register property namespace if not known yet + if ($reqprop["xmlns"] != "DAV:" && !isset($ns_hash[$reqprop["xmlns"]])) { + $ns_name = "ns".(count($ns_hash) + 1); + $ns_hash[$reqprop["xmlns"]] = $ns_name; + $ns_defs .= " xmlns:$ns_name=\"$reqprop[xmlns]\""; + } + } + } + } + } + } + // ignore empty or incomplete entries + if (!is_array($file) || empty($file) || !isset($file["path"])) continue; + $path = $file['path']; + if (!is_string($path) || $path==="") continue; + + if ($this->crrnd) + { + echo " \n"; + } + else + { + echo " \n"; + } + + /* TODO right now the user implementation has to make sure + collections end in a slash, this should be done in here + by checking the resource attribute */ + $href = $this->_mergePaths($this->base_uri, $path); + + /* minimal urlencoding is needed for the resource path */ + $href = $this->_urlencode($href); + + if ($this->crrnd) + { + echo " $href\n"; + } + else + { + echo " $href\n"; + } + + // report all found properties and their values (if any) + if (isset($file["props"]) && is_array($file["props"])) { + echo ' <'.($this->crrnd?'':'D:')."propstat>\n"; + echo ' <'.($this->crrnd?'':'D:')."prop>\n"; + + foreach ($file["props"] as &$prop) { + + if (!is_array($prop)) continue; + if (!isset($prop["name"])) continue; + + if (!isset($prop["val"]) || $prop["val"] === "" || $prop["val"] === false) { + // empty properties (cannot use empty() for check as "0" is a legal value here) + if ($prop["ns"]=="DAV:") { + echo ' <'.($this->crrnd?'':'D:')."$prop[name]/>\n"; + } else if (!empty($prop["ns"])) { + echo " <".$ns_hash[$prop["ns"]].":$prop[name]/>\n"; + } else { + echo " <$prop[name] xmlns=\"\"/>"; + } + } + // multiple level of responses required for expand-property reports + elseif(isset($prop['props']) && is_array($prop['val'])) + { + if ($prop['ns'] && !isset($ns_hash[$prop['ns']])) { + $ns_name = "ns".(count($ns_hash) + 1); + $ns_hash[$prop['ns']] = $ns_name; + } + echo ' <'.$ns_hash[$prop['ns']].":$prop[name]>\n"; + $this->multistatus_responses($prop['val'], $prop['props'], $ns_hash, ''); + echo ' \n"; + } else if ($prop["ns"] == "DAV:") { + // some WebDAV properties need special treatment + switch ($prop["name"]) { + case "creationdate": + echo ' <'.($this->crrnd?'':'D:')."creationdate ns0:dt=\"dateTime.tz\">" + . gmdate("Y-m-d\\TH:i:s\\Z", $prop['val']) + . 'crrnd?'':'D:')."creationdate>\n"; + break; + case "getlastmodified": + echo ' <'.($this->crrnd?'':'D:')."getlastmodified ns0:dt=\"dateTime.rfc1123\">" + . gmdate("D, d M Y H:i:s ", $prop['val']) + . "GMTcrrnd?'':'D:')."getlastmodified>\n"; + break; + case "supportedlock": + echo ' <'.($this->crrnd?'':'D:')."supportedlock>$prop[val]crrnd?'':'D:')."supportedlock>\n"; + break; + case "lockdiscovery": + echo ' <'.($this->crrnd?'':'D:')."lockdiscovery>\n"; + echo $prop["val"]; + echo ' crrnd?'':'D:')."lockdiscovery>\n"; + break; + // the following are non-standard Microsoft extensions to the DAV namespace + case "lastaccessed": + echo ' <'.($this->crrnd?'':'D:')."lastaccessed ns0:dt=\"dateTime.rfc1123\">" + . gmdate("D, d M Y H:i:s ", $prop['val']) + . 'GMTcrrnd?'':'D:')."lastaccessed>\n"; + break; + case "ishidden": + echo ' <'.($this->crrnd?'':'D:')."ishidden>" + . is_string($prop['val']) ? $prop['val'] : ($prop['val'] ? 'true' : 'false') + . 'crrnd?'':'D:')."\n"; + break; + default: + $ns_defs = ''; + if (is_array($prop['val'])) + { + $hns_hash = $ns_hash; + $val = $this->_hierarchical_prop_encode($prop['val'], 'DAV:', $ns_defs, $hns_hash); + } elseif (isset($prop['raw'])) { + $val = $this->_prop_encode(''); + } else { + $val = $this->_prop_encode(htmlspecialchars($prop['val'], ENT_NOQUOTES, 'utf-8')); + } + echo ' <'.($this->crrnd?'':'D:')."$prop[name]$ns_defs>$val". + 'crrnd?'':'D:')."$prop[name]>\n"; + break; + } + } else { + // allow multiple values and attributes, required eg. for caldav:supported-calendar-component-set + if ($prop['ns'] && is_array($prop['val'])) { + if (!isset($ns_hash[$prop['ns']])) { + $ns_name = "ns".(count($ns_hash) + 1); + $ns_hash[$prop['ns']] = $ns_name; + } + $vals = $extra_ns = ''; + foreach($prop['val'] as $subprop) + { + if ($subprop['ns'] && $subprop['ns'] != 'DAV:') { + // register property namespace if not known yet + if (!isset($ns_hash[$subprop['ns']])) { + $ns_name = "ns".(count($ns_hash) + 1); + $ns_hash[$subprop['ns']] = $ns_name; + } else { + $ns_name = $ns_hash[$subprop['ns']]; + } + if (strchr($extra_ns,$extra=' xmlns:'.$ns_name.'="'.$subprop['ns'].'"') === false) { + $extra_ns .= $extra; + } + $ns_name .= ':'; + } elseif ($subprop['ns'] == 'DAV:') { + $ns_name = 'D:'; + } else { + $ns_name = ''; + } + $vals .= "<$ns_name$subprop[name]"; + if (is_array($subprop['val'])) + { + if (isset($subprop['val'][0])) + { + $vals .= '>'; + $vals .= $this->_hierarchical_prop_encode($subprop['val'], $subprop['ns'], $ns_defs, $ns_hash); + $vals .= ""; + } + else // val contains only attributes, no value + { + foreach($subprop['val'] as $attr => $val) + { + $vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES, 'utf-8').'"'; + } + $vals .= '/>'; + } + } + else + { + $vals .= '>'; + if (isset($subprop['raw'])) { + $vals .= ''; + } else { + if($subprop['name'] == 'href') $subprop['val'] = $this->_urlencode($subprop['val']); + $vals .= htmlspecialchars($subprop['val'], ENT_NOQUOTES, 'utf-8'); + } + $vals .= ""; + } + } + echo ' <'.$ns_hash[$prop['ns']].":$prop[name]$extra_ns>$vals\n"; + } else { + if ($prop['raw']) + { + $val = ''; + } else { + $val = htmlspecialchars($prop['val'], ENT_NOQUOTES, 'utf-8'); + } + $val = $this->_prop_encode($val); + // properties from namespaces != "DAV:" or without any namespace + if ($prop['ns']) { + if ($this->crrnd) { + echo " <$prop[name] xmlns=".'"'.$prop["ns"].'">' + . $val . "\n"; + } else { + echo " <" . $ns_hash[$prop["ns"]] . ":$prop[name]>" + . $val . '\n"; + } + } else { + echo " <$prop[name] xmlns=\"\">$val\n"; + } + } + } + } + + if ($this->crrnd) + { + echo " \n"; + echo " HTTP/1.1 200 OK\n"; + echo " \n"; + } + else + { + echo " \n"; + echo " HTTP/1.1 200 OK\n"; + echo " \n"; + } + } + + // now report all properties requested but not found + if (isset($file["noprops"])) { + echo ' <'.($this->crrnd?'':'D:')."propstat>\n"; + echo ' <'.($this->crrnd?'':'D:')."prop>\n"; + + foreach ($file["noprops"] as &$prop) { + if ($prop["ns"] == "DAV:") { + echo ' <'.($this->crrnd?'':'D:')."$prop[name]/>\n"; + } else if ($prop["ns"] == "") { + echo " <$prop[name] xmlns=\"\"/>\n"; + } else { + echo " <" . $ns_hash[$prop["ns"]] . ":$prop[name]/>\n"; + } + } + + if ($this->crrnd) + { + echo " \n"; + echo " HTTP/1.1 404 Not Found\n"; + echo " \n"; + } + else + { + echo " \n"; + echo " HTTP/1.1 404 Not Found\n"; + echo " \n"; + } + } + + // 404 Not Found status element for WebDAV sync report + if (!isset($file['props']) && !isset($file['noprops'])) + { + if ($this->crrnd) + { + echo " HTTP/1.1 404 Not Found\n"; + } + else + { + echo " HTTP/1.1 404 Not Found\n"; + } + } + + echo ' crrnd?'':'D:')."response>\n"; + } + } + + + // }}} + + // {{{ http_PROPPATCH() + + /** + * PROPPATCH method handler + * + * @param void + * @return void + */ + function http_PROPPATCH() + { + if ($this->_check_lock_status($this->path)) { + $options = Array(); + + $options["path"] = $this->path; + + $propinfo = new _parse_proppatch("php://input", $this->store_request); + if ($this->store_request) $this->request = $propinfo->request; + + if (!$propinfo->success) { + $this->http_status("400 Error"); + return; + } + + $options['props'] = $propinfo->props; + + $responsedescr = $this->PROPPATCH($options); + + $this->http_status("207 Multi-Status"); + header('Content-Type: text/xml; charset="utf-8"'); + + echo "\n"; + + echo "\n"; + echo ' <'.($this->crrnd?'':'D:')."response>\n"; + echo ' <'.($this->crrnd?'':'D:')."href>".$this->_urlencode($this->_mergePaths($this->_SERVER["SCRIPT_NAME"], $this->path)).'crrnd?'':'D:')."href>\n"; + + foreach ($options["props"] as $prop) { + echo ' <'.($this->crrnd?'':'D:')."propstat>\n"; + echo ' <'.($this->crrnd?'':'D:')."prop><$prop[name] xmlns=\"$prop[ns]\"/>crrnd?'':'D:')."prop>\n"; + echo ' <'.($this->crrnd?'':'D:')."status>HTTP/1.1 $prop[status]crrnd?'':'D:')."status>\n"; + echo ' crrnd?'':'D:')."propstat>\n"; + } + + if ($responsedescr) { + echo ' <'.($this->crrnd?'':'D:')."responsedescription>". + $this->_prop_encode(htmlspecialchars($responsedescr, ENT_NOQUOTES, 'utf-8')). + 'crrnd?'':'D:')."responsedescription>\n"; + } + + echo ' crrnd?'':'D:')."response>\n"; + echo 'crrnd?'':'D:')."multistatus>\n"; + } else { + $this->http_status("423 Locked"); + } + } + + // }}} + + + // {{{ http_MKCOL() + + /** + * MKCOL method handler + * + * @param void + * @return void + */ + function http_MKCOL() + { + $options = Array(); + + $options["path"] = $this->path; + + $stat = $this->MKCOL($options); + + $this->http_status($stat); + } + + // }}} + + /** + * Check or set if we want ot use compression as transfer encoding + * + * If we use compression via zlib.output_compression as transfer encoding, + * we can NOT send Content-Length headers, as the have to reflect size + * AFTER applying compression/transfer encoding. + * + * @param boolean $set=null + * @return boolean true if we use compression, false otherwise + */ + public static function use_compression($set=null) + { + static $compression = null; + if (isset($set)) + { + ini_set('zlib.output_compression', $compression=(boolean)$set); + } + elseif (!isset($compression)) + { + $compression = (boolean)ini_get('zlib.output_compression'); + } + //error_log(__METHOD__."(".array2string($set).") returning ".array2string($compression)); + return $compression; + } + + // {{{ http_GET() + + /** + * GET method handler + * + * @param void + * @return void + */ + function http_GET() + { + // TODO check for invalid stream + $options = Array(); + $options["path"] = $this->path; + + $this->_get_ranges($options); + + if (true === ($status = $this->GET($options))) { + if (!headers_sent()) { + $status = "200 OK"; + + if (!isset($options['mimetype'])) { + $options['mimetype'] = "application/octet-stream"; + } + // switching off zlib.output_compression for everything but text files, + // as the double compression of zip files makes problems eg. with lighttpd + // and anyway little sense with with other content like pictures + if (substr($options['mimetype'],0,5) != 'text/') + { + self::use_compression(false); + } + header("Content-type: $options[mimetype]"); + + if (isset($options['mtime'])) { + header("Last-modified:".gmdate("D, d M Y H:i:s ", $options['mtime'])."GMT"); + } + // fix for IE and https, thanks to rob_burcham@yahoo.com + // see http://us3.php.net/manual/en/function.header.php#83219 + // and http://support.microsoft.com/kb/812935 + header("Cache-Control: maxage=1"); //In seconds + header("Pragma: public"); + + if (isset($options['stream'])) { + // GET handler returned a stream + if (!empty($options['ranges']) && (0===fseek($options['stream'], 0, SEEK_SET))) { + // partial request and stream is seekable + + if (count($options['ranges']) === 1) { + $range = $options['ranges'][0]; + + if (isset($range['start'])) { + fseek($options['stream'], $range['start'], SEEK_SET); + if (feof($options['stream'])) { + $this->http_status("416 Requested range not satisfiable"); + return; + } + + if (isset($range['end'])) { + $size = $range['end']-$range['start']+1; + $this->http_status("206 Partial content"); + if (!self::use_compression()) header("Content-Length: $size"); + header("Content-Range: bytes $range[start]-$range[end]/" + . (isset($options['size']) ? $options['size'] : "*")); + while ($size && !feof($options['stream'])) { + $buffer = fread($options['stream'], 4096); + $size -= $this->bytes($buffer); + echo $buffer; + } + } else { + $this->http_status("206 Partial content"); + if (isset($options['size'])) { + if (!self::use_compression()) header("Content-Length: ".($options['size'] - $range['start'])); + header("Content-Range: bytes ".$range['start']."-".$range['end']."/" + . (isset($options['size']) ? $options['size'] : "*")); + } + fpassthru($options['stream']); + } + } else { + if (!self::use_compression()) header("Content-length: ".$range['last']); + fseek($options['stream'], -$range['last'], SEEK_END); + fpassthru($options['stream']); + } + } else { + $this->_multipart_byterange_header(); // init multipart + foreach ($options['ranges'] as $range) { + // TODO what if size unknown? 500? + if (isset($range['start'])) { + $from = $range['start']; + $to = !empty($range['end']) ? $range['end'] : $options['size']-1; + } else { + $from = $options['size'] - $range['last']-1; + $to = $options['size'] -1; + } + $total = isset($options['size']) ? $options['size'] : "*"; + $size = $to - $from + 1; + $this->_multipart_byterange_header($options['mimetype'], $from, $to, $total); + + + fseek($options['stream'], $from, SEEK_SET); + while ($size && !feof($options['stream'])) { + $buffer = fread($options['stream'], 4096); + $size -= $this->bytes($buffer); + echo $buffer; + } + } + $this->_multipart_byterange_header(); // end multipart + } + } else { + // normal request or stream isn't seekable, return full content + if (isset($options['size']) && !self::use_compression()) { + header("Content-Length: ".$options['size']); + } + fpassthru($options['stream']); + return; // no more headers + } + } elseif (isset($options['data'])) { + if (is_array($options['data'])) { + // reply to partial request + } else { + if (!self::use_compression()) header("Content-Length: ".$this->bytes($options['data'])); + echo $options['data']; + } + } + } + } + + if (!headers_sent()) { + if (false === $status) { + $this->http_status("404 not found"); + } else { + // TODO: check setting of headers in various code paths above + $this->http_status("$status"); + } + } + } + + + /** + * parse HTTP Range: header + * + * @param array options array to store result in + * @return void + */ + function _get_ranges(&$options) + { + // process Range: header if present + if (isset($this->_SERVER['HTTP_RANGE'])) { + + // we only support standard "bytes" range specifications for now + if (preg_match('/bytes\s*=\s*(.+)/', $this->_SERVER['HTTP_RANGE'], $matches)) { + $options["ranges"] = array(); + + // ranges are comma separated + foreach (explode(",", $matches[1]) as $range) { + // ranges are either from-to pairs or just end positions + list($start, $end) = explode("-", $range); + $options["ranges"][] = ($start==="") + ? array("last"=>$end) + : array("start"=>$start, "end"=>$end); + } + } + } + } + + /** + * generate separator headers for multipart response + * + * first and last call happen without parameters to generate + * the initial header and closing sequence, all calls inbetween + * require content mimetype, start and end byte position and + * optionaly the total byte length of the requested resource + * + * @param string mimetype + * @param int start byte position + * @param int end byte position + * @param int total resource byte size + */ + function _multipart_byterange_header($mimetype = false, $from = false, $to=false, $total=false) + { + if ($mimetype === false) { + if (!isset($this->multipart_separator)) { + // initial + + // a little naive, this sequence *might* be part of the content + // but it's really not likely and rather expensive to check + $this->multipart_separator = "SEPARATOR_".md5(microtime()); + + // generate HTTP header + header("Content-type: multipart/byteranges; boundary=".$this->multipart_separator); + } else { + // final + + // generate closing multipart sequence + echo "\n--{$this->multipart_separator}--"; + } + } else { + // generate separator and header for next part + echo "\n--{$this->multipart_separator}\n"; + echo "Content-type: $mimetype\n"; + echo "Content-range: $from-$to/". ($total === false ? "*" : $total); + echo "\n\n"; + } + } + + + + // }}} + + // {{{ http_HEAD() + + /** + * HEAD method handler + * + * @param void + * @return void + */ + function http_HEAD() + { + $status = false; + $options = Array(); + $options["path"] = $this->path; + + if (method_exists($this, "HEAD")) { + $status = $this->head($options); + } else if (method_exists($this, "GET")) { + ob_start(); + $status = $this->GET($options); + if (!isset($options['size'])) { + $options['size'] = ob_get_length(); + } + ob_end_clean(); + } + + if (!isset($options['mimetype'])) { + $options['mimetype'] = "application/octet-stream"; + } + header("Content-type: $options[mimetype]"); + + if (isset($options['mtime'])) { + header("Last-modified:".gmdate("D, d M Y H:i:s ", $options['mtime'])."GMT"); + } + + if (isset($options['size'])) { + header("Content-Length: ".$options['size']); + } + + if ($status === true) $status = "200 OK"; + if ($status === false) $status = "404 Not found"; + + $this->http_status($status); + } + + // }}} + + // {{{ http_POST() + + /** + * POST method handler + * + * @param void + * @return void + */ + function http_POST() + { + $status = '405 Method not allowed'; + $options = Array(); + $options['path'] = $this->path; + + if (isset($this->_SERVER['CONTENT_LENGTH'])) + { + $options['content_length'] = $this->_SERVER['CONTENT_LENGTH']; + } + elseif (isset($this->_SERVER['X-Expected-Entity-Length'])) + { + // MacOS gives us that hint + $options['content_length'] = $this->_SERVER['X-Expected-Entity-Length']; + } + + // get the Content-type + if (isset($this->_SERVER["CONTENT_TYPE"])) { + // for now we do not support any sort of multipart requests + if (!strncmp($this->_SERVER["CONTENT_TYPE"], 'multipart/', 10)) { + $this->http_status('501 not implemented'); + echo 'The service does not support mulipart POST requests'; + return; + } + $options['content_type'] = $this->_SERVER['CONTENT_TYPE']; + } else { + // default content type if none given + $options['content_type'] = 'application/octet-stream'; + } + + $options['stream'] = fopen('php://input', 'r'); + switch($this->_SERVER['HTTP_CONTENT_ENCODING']) + { + case 'gzip': + case 'deflate': //zlib + if (extension_loaded('zlib')) + { + stream_filter_append($options['stream'], 'zlib.inflate', STREAM_FILTER_READ); + } + } + // store request in $this->request, if requested via $this->store_request + if ($this->store_request) + { + $options['content'] = ''; + while(!feof($options['stream'])) + { + $options['content'] .= fread($options['stream'],8192); + } + $this->request =& $options['content']; + unset($options['stream']); + } + + /* RFC 2616 2.6 says: "The recipient of the entity MUST NOT + ignore any Content-* (e.g. Content-Range) headers that it + does not understand or implement and MUST return a 501 + (Not Implemented) response in such cases." + */ + foreach ($this->_SERVER as $key => $val) { + if (strncmp($key, 'HTTP_CONTENT', 11)) continue; + switch ($key) { + case 'HTTP_CONTENT_ENCODING': // RFC 2616 14.11 + switch($this->_SERVER['HTTP_CONTENT_ENCODING']) + { + case 'gzip': + case 'deflate': //zlib + if (extension_loaded('zlib')) break; + // fall through for no zlib support + default: + $this->http_status('415 Unsupported Media Type'); + echo "The service does not support '$val' content encoding"; + return; + } + break; + + case 'HTTP_CONTENT_LANGUAGE': // RFC 2616 14.12 + // we assume it is not critical if this one is ignored + // in the actual POST implementation ... + $options['content_language'] = $val; + break; + + case 'HTTP_CONTENT_LENGTH': + // defined on IIS and has the same value as CONTENT_LENGTH + break; + + case 'HTTP_CONTENT_LOCATION': // RFC 2616 14.14 + /* The meaning of the Content-Location header in PUT + or POST requests is undefined; servers are free + to ignore it in those cases. */ + break; + + case 'HTTP_CONTENT_RANGE': // RFC 2616 14.16 + // single byte range requests are supported + // the header format is also specified in RFC 2616 14.16 + // TODO we have to ensure that implementations support this or send 501 instead + if (!preg_match('@bytes\s+(\d+)-(\d+)/((\d+)|\*)@', $val, $matches)) { + $this->http_status('400 bad request'); + echo 'The service does only support single byte ranges'; + return; + } + + $range = array('start'=>$matches[1], 'end'=>$matches[2]); + if (is_numeric($matches[3])) { + $range['total_length'] = $matches[3]; + } + $option['ranges'][] = $range; + + // TODO make sure the implementation supports partial POST + // this has to be done in advance to avoid data being overwritten + // on implementations that do not support this ... + break; + + case 'HTTP_CONTENT_TYPE': + // defined on IIS and has the same value as CONTENT_TYPE + break; + + case 'HTTP_CONTENT_MD5': // RFC 2616 14.15 + // TODO: maybe we can just pretend here? + $this->http_status('501 not implemented'); + echo 'The service does not support content MD5 checksum verification'; + return; + + case 'HTTP_CONTENT_DISPOSITION': + // do NOT care about Content-Disposition in POST requests required by CalDAV managed attachments + break; + + default: + // any other unknown Content-* headers + $this->http_status('501 not implemented'); + echo "The service does not support '$key'"; + return; + } + } + + if (method_exists($this, 'POST')) { + $status = $this->POST($options); + + if ($status === false) { + $status = '400 Something went wrong'; + } else if ($status === true) { + $status = '200 OK'; + } else if (is_resource($status) && get_resource_type($status) == 'stream') { + $stream = $status; + + $status = empty($options['new']) ? '200 OK' : '201 Created'; + + if (!empty($options['ranges'])) { + // TODO multipart support is missing (see also above) + if (0 == fseek($stream, $range[0]['start'], SEEK_SET)) { + $length = $range[0]['end']-$range[0]['start']+1; + if (!fwrite($stream, fread($options['stream'], $length))) { + $status = '403 Forbidden'; + } + } else { + $status = '403 Forbidden'; + } + } else { + while (!feof($options['stream'])) { + if (false === fwrite($stream, fread($options['stream'], 4096))) { + $status = '403 Forbidden'; + break; + } + } + } + fclose($stream); + } + } + $this->http_status($status); + } + + // }}} + + // {{{ http_PUT() + + /** + * PUT method handler + * + * @param void + * @return void + */ + function http_PUT() + { + if ($this->_check_lock_status($this->path)) { + $options = Array(); + $options["path"] = $this->path; + + if (isset($this->_SERVER['CONTENT_LENGTH'])) + { + $options['content_length'] = $this->_SERVER['CONTENT_LENGTH']; + } + elseif (isset($this->_SERVER['X-Expected-Entity-Length'])) + { + // MacOS gives us that hint + $options['content_length'] = $this->_SERVER['X-Expected-Entity-Length']; + } + + // get the Content-type + if (isset($this->_SERVER["CONTENT_TYPE"])) { + // for now we do not support any sort of multipart requests + if (!strncmp($this->_SERVER["CONTENT_TYPE"], "multipart/", 10)) { + $this->http_status("501 not implemented"); + echo "The service does not support multipart PUT requests"; + return; + } + $options["content_type"] = $this->_SERVER["CONTENT_TYPE"]; + } else { + // default content type if none given + $options["content_type"] = "application/octet-stream"; + } + + $options["stream"] = fopen("php://input", "r"); + switch($this->_SERVER['HTTP_CONTENT_ENCODING']) + { + case 'gzip': + case 'deflate': //zlib + if (extension_loaded('zlib')) + { + stream_filter_append($options['stream'], 'zlib.inflate', STREAM_FILTER_READ); + } + } + // store request in $this->request, if requested via $this->store_request + if ($this->store_request) + { + $options['content'] = ''; + while(!feof($options['stream'])) + { + $options['content'] .= fread($options['stream'],8192); + } + $this->request =& $options['content']; + unset($options['stream']); + } + + /* RFC 2616 2.6 says: "The recipient of the entity MUST NOT + ignore any Content-* (e.g. Content-Range) headers that it + does not understand or implement and MUST return a 501 + (Not Implemented) response in such cases." + */ + foreach ($this->_SERVER as $key => $val) { + if (strncmp($key, "HTTP_CONTENT", 11)) continue; + switch ($key) { + case 'HTTP_CONTENT_ENCODING': // RFC 2616 14.11 + switch($this->_SERVER['HTTP_CONTENT_ENCODING']) + { + case 'gzip': + case 'deflate': //zlib + if (extension_loaded('zlib')) break; + // fall through for no zlib support + default: + $this->http_status('415 Unsupported Media Type'); + echo "The service does not support '$val' content encoding"; + return; + } + break; + + case 'HTTP_CONTENT_LANGUAGE': // RFC 2616 14.12 + // we assume it is not critical if this one is ignored + // in the actual PUT implementation ... + $options["content_language"] = $val; + break; + + case 'HTTP_CONTENT_LENGTH': + // defined on IIS and has the same value as CONTENT_LENGTH + break; + + case 'HTTP_CONTENT_LOCATION': // RFC 2616 14.14 + /* The meaning of the Content-Location header in PUT + or POST requests is undefined; servers are free + to ignore it in those cases. */ + break; + + case 'HTTP_CONTENT_RANGE': // RFC 2616 14.16 + // single byte range requests are supported + // the header format is also specified in RFC 2616 14.16 + // TODO we have to ensure that implementations support this or send 501 instead + if (!preg_match('@bytes\s+(\d+)-(\d+)/((\d+)|\*)@', $val, $matches)) { + $this->http_status("400 bad request"); + echo "The service does only support single byte ranges"; + return; + } + + $range = array("start" => $matches[1], "end" => $matches[2]); + if (is_numeric($matches[3])) { + $range["total_length"] = $matches[3]; + } + + if (!isset($options['ranges'])) { + $options['ranges'] = array(); + } + + $options["ranges"][] = $range; + + // TODO make sure the implementation supports partial PUT + // this has to be done in advance to avoid data being overwritten + // on implementations that do not support this ... + break; + + case 'HTTP_CONTENT_TYPE': + // defined on IIS and has the same value as CONTENT_TYPE + break; + + case 'HTTP_CONTENT_MD5': // RFC 2616 14.15 + // TODO: maybe we can just pretend here? + $this->http_status("501 not implemented"); + echo "The service does not support content MD5 checksum verification"; + return; + + default: + // any other unknown Content-* headers + $this->http_status("501 not implemented"); + echo "The service does not support '$key'"; + return; + } + } + + $stat = $this->PUT($options); + + if ($stat === false) { + $stat = "403 Forbidden"; + } else if (is_resource($stat) && get_resource_type($stat) == "stream") { + $stream = $stat; + + $stat = $options["new"] ? "201 Created" : "204 No Content"; + + if (!empty($options["ranges"])) { + // TODO multipart support is missing (see also above) + if (0 == fseek($stream, $options['ranges'][0]["start"], SEEK_SET)) { + $length = $options['ranges'][0]["end"] - $options['ranges'][0]["start"]+1; + + while (!feof($options['stream'])) { + if ($length <= 0) { + break; + } + + if ($length <= 8192) { + $data = fread($options['stream'], $length); + } else { + $data = fread($options['stream'], 8192); + } + + if ($data === false) { + $stat = "400 Bad request"; + } elseif (strlen($data)) { + if (false === fwrite($stream, $data)) { + $stat = "403 Forbidden"; + break; + } + $length -= strlen($data); + } + } + } else { + $stat = "403 Forbidden"; + } + } else { + while (!feof($options["stream"])) { + if (false === fwrite($stream, fread($options["stream"], 8192))) { + $stat = "403 Forbidden"; + break; + } + } + } + + fclose($stream); + } + + $this->http_status($stat); + } else { + $this->http_status("423 Locked"); + } + } + + // }}} + + + // {{{ http_DELETE() + + /** + * DELETE method handler + * + * @param void + * @return void + */ + function http_DELETE() + { + // check RFC 2518 Section 9.2, last paragraph + if (isset($this->_SERVER["HTTP_DEPTH"])) { + if ($this->_SERVER["HTTP_DEPTH"] != "infinity") { + if (stripos($_SERVER['HTTP_USER_AGENT'],'webdrive') !== false) + { + // pretend we didnt see it, as webdrive does not handle the depth parameter correctly while deleting collections + } + else + { + $this->http_status("400 Bad Request"); + return; + } + } + } + + // check lock status + if ($this->_check_lock_status($this->path)) { + // ok, proceed + $options = Array(); + $options["path"] = $this->path; + + $stat = $this->DELETE($options); + + $this->http_status($stat); + } else { + // sorry, its locked + $this->http_status("423 Locked"); + } + } + + // }}} + + // {{{ http_COPY() + + /** + * COPY method handler + * + * @param void + * @return void + */ + function http_COPY() + { + // no need to check source lock status here + // destination lock status is always checked by the helper method + $this->_copymove("copy"); + } + + // }}} + + // {{{ http_MOVE() + + /** + * MOVE method handler + * + * @param void + * @return void + */ + function http_MOVE() + { + if ($this->_check_lock_status($this->path)) { + // destination lock status is always checked by the helper method + $this->_copymove("move"); + } else { + $this->http_status("423 Locked"); + } + } + + // }}} + + + // {{{ http_LOCK() + + /** + * LOCK method handler + * + * @param void + * @return void + */ + function http_LOCK() + { + $options = Array(); + $options["path"] = $this->path; + + if (isset($this->_SERVER['HTTP_DEPTH'])) { + $options["depth"] = $this->_SERVER["HTTP_DEPTH"]; + } else { + $options["depth"] = "infinity"; + } + + if (isset($this->_SERVER["HTTP_TIMEOUT"])) { + $options["timeout"] = explode(",", $this->_SERVER["HTTP_TIMEOUT"]); + } + + if (empty($this->_SERVER['CONTENT_LENGTH']) && !empty($this->_SERVER['HTTP_IF'])) { + // check if locking is possible + if (!$this->_check_lock_status($this->path)) { + $this->http_status("423 Locked"); + return; + } + + // refresh lock + $options["locktoken"] = substr($this->_SERVER['HTTP_IF'], 2, -2); + $options["update"] = $options["locktoken"]; + + // setting defaults for required fields, LOCK() SHOULD overwrite these + $options['owner'] = "unknown"; + $options['scope'] = "exclusive"; + $options['type'] = "write"; + + + $stat = $this->LOCK($options); + } else { + // extract lock request information from request XML payload + $lockinfo = new _parse_lockinfo("php://input"); + if (!$lockinfo->success) { + $this->http_status("400 bad request"); + } + + // check if locking is possible + if (!$this->_check_lock_status($this->path, $lockinfo->lockscope === "shared")) { + $this->http_status("423 Locked"); + return; + } + + // new lock + $options["scope"] = $lockinfo->lockscope; + $options["type"] = $lockinfo->locktype; + // Todo: lockinfo::owner still contains D:href opening and closing tags, maybe they should be removed here with strip_tags + $options["owner"] = $lockinfo->owner; + $options["locktoken"] = $this->_new_locktoken(); + + $stat = $this->LOCK($options); + } + + if (is_bool($stat)) { + $http_stat = $stat ? "200 OK" : "423 Locked"; + } else { + $http_stat = (string)$stat; + } + $this->http_status($http_stat); + + if ($http_stat{0} == 2) { // 2xx states are ok + if ($options["timeout"]) { + // if multiple timeout values were given we take the first only + if (is_array($options["timeout"])) { + reset($options["timeout"]); + $options["timeout"] = current($options["timeout"]); + } + // if the timeout is numeric only we need to reformat it + if (is_numeric($options["timeout"])) { + // more than a million is considered an absolute timestamp + // less is more likely a relative value + if ($options["timeout"]>1000000) { + $timeout = "Second-".($options['timeout']-time()); + } else { + $timeout = "Second-$options[timeout]"; + } + } else { + // non-numeric values are passed on verbatim, + // no error checking is performed here in this case + // TODO: send "Infinite" on invalid timeout strings? + $timeout = $options["timeout"]; + } + } else { + $timeout = "Infinite"; + } + + header('Content-Type: text/xml; charset="utf-8"'); + header("Lock-Token: <$options[locktoken]>"); + echo "\n"; + echo "\n"; + echo ' <'.($this->crrnd?'':'D:')."lockdiscovery>\n"; + echo ' <'.($this->crrnd?'':'D:')."activelock>\n"; + echo ' <'.($this->crrnd?'':'D:')."lockscope>crrnd?'':'D:')."lockscope>\n"; + echo ' <'.($this->crrnd?'':'D:')."locktype>crrnd?'':'D:')."locktype>\n"; + echo ' <'.($this->crrnd?'':'D:')."depth>$options[depth]crrnd?'':'D:')."depth>\n"; + echo ' <'.($this->crrnd?'':'D:')."owner>$options[owner]crrnd?'':'D:')."owner>\n"; + echo ' <'.($this->crrnd?'':'D:')."timeout>$timeoutcrrnd?'':'D:')."timeout>\n"; + echo ' <'.($this->crrnd?'':'D:')."locktoken>$options[locktoken]crrnd?'':'D:')."locktoken>\n"; + echo ' crrnd?'':'D:')."activelock>\n"; + echo ' crrnd?'':'D:')."lockdiscovery>\n"; + echo 'crrnd?'':'D:')."prop>\n\n"; + } + } + + + // }}} + + // {{{ http_UNLOCK() + + /** + * UNLOCK method handler + * + * @param void + * @return void + */ + function http_UNLOCK() + { + $options = Array(); + $options["path"] = $this->path; + + if (isset($this->_SERVER['HTTP_DEPTH'])) { + $options["depth"] = $this->_SERVER["HTTP_DEPTH"]; + } else { + $options["depth"] = "infinity"; + } + + // strip surrounding <> + $options["token"] = substr(trim($this->_SERVER["HTTP_LOCK_TOKEN"]), 1, -1); + + // call user method + $stat = $this->UNLOCK($options); + + $this->http_status($stat); + } + + // }}} + + // {{{ http_ACL() + + /** + * ACL method handler + * + * @param void + * @return void + */ + function http_ACL() + { + $options = Array(); + $options['path'] = $this->path; + $options['errors'] = array(); + + if (isset($this->_SERVER['HTTP_DEPTH'])) { + $options['depth'] = $this->_SERVER['HTTP_DEPTH']; + } else { + $options['depth'] = 'infinity'; + } + + // call user method + $status = $this->ACL($options); + + // now we generate the reply header ... + $this->http_status($status); + $content = ''; + + if (is_array($options['errors']) && count($options['errors'])) { + header('Content-Type: text/xml; charset="utf-8"'); + // ... and payload + $content .= "\n"; + $content .= " \n"; + foreach ($options['errors'] as $violation) { + $content .= '<'.($this->crrnd?'':'D:')."$violation/>\n"; + } + $content .= 'crrnd?'':'D:')."error>\n"; + } + if (!self::use_compression()) header("Content-Length: ".$this->bytes($content)); + if ($content) echo $options['content']; + } + + // }}} + + // }}} + + // {{{ _copymove() + + function _copymove($what) + { + $options = Array(); + $options["path"] = $this->path; + + if (isset($this->_SERVER["HTTP_DEPTH"])) { + $options["depth"] = $this->_SERVER["HTTP_DEPTH"]; + } else { + $options["depth"] = "infinity"; + } + + $http_header_host = preg_replace("/:80$/", "", $this->_SERVER["HTTP_HOST"]); + + $url = parse_url($this->_SERVER["HTTP_DESTINATION"]); + $path = urldecode($url["path"]); + + if (isset($url["host"])) { + // TODO check url scheme, too + $http_host = $url["host"]; + if (isset($url["port"]) && $url["port"] != 80) + $http_host.= ":".$url["port"]; + } else { + // only path given, set host to self + $http_host == $http_header_host; + } + + if ($http_host == $http_header_host && + !strncmp($this->_SERVER["SCRIPT_NAME"], $path, + strlen($this->_SERVER["SCRIPT_NAME"]))) { + $options["dest"] = substr($path, strlen($this->_SERVER["SCRIPT_NAME"])); + if (!$this->_check_lock_status($options["dest"])) { + $this->http_status("423 Locked"); + return; + } + + } else { + $options["dest_url"] = $this->_SERVER["HTTP_DESTINATION"]; + } + + // see RFC 2518 Sections 9.6, 8.8.4 and 8.9.3 + if (isset($this->_SERVER["HTTP_OVERWRITE"])) { + $options["overwrite"] = $this->_SERVER["HTTP_OVERWRITE"] == "T"; + } else { + $options["overwrite"] = true; + } + + $stat = $this->$what($options); + $this->http_status($stat); + } + + // }}} + + // {{{ _allow() + + /** + * check for implemented HTTP methods + * + * @param void + * @return array something + */ + function _allow() + { + // OPTIONS is always there + $allow = array("OPTIONS" =>"OPTIONS"); + + // all other METHODS need both a http_method() wrapper + // and a method() implementation + // the base class supplies wrappers only + foreach (get_class_methods($this) as $method) { + if (!strncmp("http_", $method, 5)) { + $method = strtoupper(substr($method, 5)); + if (method_exists($this, $method)) { + $allow[$method] = $method; + } + } + } + + // we can emulate a missing HEAD implemetation using GET + if (isset($allow["GET"])) + $allow["HEAD"] = "HEAD"; + + // no LOCK without checklok() + if (!method_exists($this, "checklock")) { + unset($allow["LOCK"]); + unset($allow["UNLOCK"]); + } + + return $allow; + } + + // }}} + + /** + * helper for property element creation + * + * @param string XML namespace (optional) + * @param string property name + * @param string property value + * @praram boolen property raw-flag + * @return array property array + */ + function mkprop() + { + $args = func_get_args(); + switch (count($args)) { + case 4: + return array('ns' => $args[0], + 'name' => $args[1], + 'val' => $args[2], + 'raw' => true); + case 3: + return array('ns' => $args[0], + 'name' => $args[1], + 'val' => $args[2]); + default: + return array('ns' => 'DAV:', + 'name' => $args[0], + 'val' => $args[1]); + } + } + + // {{{ _check_auth + + /** + * check authentication if check is implemented + * + * @param void + * @return bool true if authentication succeded or not necessary + */ + function _check_auth() + { + if (method_exists($this, "checkAuth")) { + // PEAR style method name + return $this->checkAuth(@$this->_SERVER["AUTH_TYPE"], + @$this->_SERVER["PHP_AUTH_USER"], + @$this->_SERVER["PHP_AUTH_PW"]); + } else if (method_exists($this, "check_auth")) { + // old (pre 1.0) method name + return $this->check_auth(@$this->_SERVER["AUTH_TYPE"], + @$this->_SERVER["PHP_AUTH_USER"], + @$this->_SERVER["PHP_AUTH_PW"]); + } else { + // no method found -> no authentication required + return true; + } + } + + // }}} + + // {{{ UUID stuff + + /** + * generate Unique Universal IDentifier for lock token + * + * @param void + * @return string a new UUID + */ + function _new_uuid() + { + // use uuid extension from PECL if available + if (function_exists("uuid_create")) { + return uuid_create(); + } + + // fallback + $uuid = md5(microtime().getmypid()); // this should be random enough for now + + // set variant and version fields for 'true' random uuid + $uuid{12} = "4"; + $n = 8 + (ord($uuid{16}) & 3); + $hex = "0123456789abcdef"; + $uuid{16} = $hex{$n}; + + // return formated uuid + return substr($uuid, 0, 8)."-" + . substr($uuid, 8, 4)."-" + . substr($uuid, 12, 4)."-" + . substr($uuid, 16, 4)."-" + . substr($uuid, 20); + } + + /** + * create a new opaque lock token as defined in RFC2518 + * + * @param void + * @return string new RFC2518 opaque lock token + */ + function _new_locktoken() + { + return "opaquelocktoken:".HTTP_WebDAV_Server::_new_uuid(); + } + + // }}} + + // {{{ WebDAV If: header parsing + + /** + * + * + * @param string header string to parse + * @param int current parsing position + * @return array next token (type and value) + */ + function _if_header_lexer($string, &$pos) + { + // skip whitespace + while (ctype_space($string{$pos})) { + ++$pos; + } + + // already at end of string? + if (strlen($string) <= $pos) { + return false; + } + + // get next character + $c = $string{$pos++}; + + // now it depends on what we found + switch ($c) { + case "<": + // URIs are enclosed in <...> + $pos2 = strpos($string, ">", $pos); + $uri = substr($string, $pos, $pos2 - $pos); + $pos = $pos2 + 1; + return array("URI", $uri); + + case "[": + //Etags are enclosed in [...] + if ($string{$pos} == "W") { + $type = "ETAG_WEAK"; + $pos += 2; + } else { + $type = "ETAG_STRONG"; + } + $pos2 = strpos($string, "]", $pos); + $etag = substr($string, $pos + 1, $pos2 - $pos - 2); + $pos = $pos2 + 1; + return array($type, $etag); + + case "N": + // "N" indicates negation + $pos += 2; + return array("NOT", "Not"); + + default: + // anything else is passed verbatim char by char + return array("CHAR", $c); + } + } + + /** + * parse If: header + * + * @param string header string + * @return array URIs and their conditions + */ + function _if_header_parser($str) + { + $pos = 0; + $len = strlen($str); + $uris = array(); + + // parser loop + while ($pos < $len) { + // get next token + $token = $this->_if_header_lexer($str, $pos); + + // check for URI + if ($token[0] == "URI") { + $uri = $token[1]; // remember URI + $token = $this->_if_header_lexer($str, $pos); // get next token + } else { + $uri = ""; + } + + // sanity check + if ($token[0] != "CHAR" || $token[1] != "(") { + return false; + } + + $list = array(); + $level = 1; + $not = ""; + while ($level) { + $token = $this->_if_header_lexer($str, $pos); + if ($token[0] == "NOT") { + $not = "!"; + continue; + } + switch ($token[0]) { + case "CHAR": + switch ($token[1]) { + case "(": + $level++; + break; + case ")": + $level--; + break; + default: + return false; + } + break; + + case "URI": + $list[] = $not."<$token[1]>"; + break; + + case "ETAG_WEAK": + $list[] = $not."[W/'$token[1]']>"; + break; + + case "ETAG_STRONG": + $list[] = $not."['$token[1]']>"; + break; + + default: + return false; + } + $not = ""; + } + + if (@is_array($uris[$uri])) { + $uris[$uri] = array_merge($uris[$uri], $list); + } else { + $uris[$uri] = $list; + } + } + + return $uris; + } + + /** + * check if conditions from "If:" headers are meat + * + * the "If:" header is an extension to HTTP/1.1 + * defined in RFC 2518 section 9.4 + * + * @param void + * @return void + */ + function _check_if_header_conditions() + { + if (isset($this->_SERVER["HTTP_IF"])) { + $this->_if_header_uris = + $this->_if_header_parser($this->_SERVER["HTTP_IF"]); + + foreach ($this->_if_header_uris as $uri => $conditions) { + if ($uri == "") { + $uri = $this->uri; + } + // all must match + $state = true; + foreach ($conditions as $condition) { + // lock tokens may be free form (RFC2518 6.3) + // but if opaquelocktokens are used (RFC2518 6.4) + // we have to check the format (litmus tests this) + if (!strncmp($condition, "$/', $condition)) { + $this->http_status("423 Locked"); + return false; + } + } + if (!$this->_check_uri_condition($uri, $condition)) { + $this->http_status("412 Precondition failed"); + $state = false; + break; + } + } + + // any match is ok + if ($state == true) { + return true; + } + } + return false; + } + return true; + } + + /** + * Check a single URI condition parsed from an if-header + * + * Check a single URI condition parsed from an if-header + * + * @abstract + * @param string $uri URI to check + * @param string $condition Condition to check for this URI + * @returns bool Condition check result + */ + function _check_uri_condition($uri, $condition) + { + // not really implemented here, + // implementations must override + + // a lock token can never be from the DAV: scheme + // litmus uses DAV:no-lock in some tests + if (!strncmp(" ignored for now + if (method_exists($this, "checkLock")) { + // is locked? + $lock = $this->checkLock($path); + + // ... and lock is not owned? + if (is_array($lock) && count($lock)) { + // FIXME doesn't check uri restrictions yet + if (!isset($this->_SERVER["HTTP_IF"]) || !strstr($this->_SERVER["HTTP_IF"], $lock["token"])) { + if (!$exclusive_only || ($lock["scope"] !== "shared")) + return false; + } + } + } + return true; + } + + + // }}} + + + /** + * Generate lockdiscovery reply from checklock() result + * + * @param string resource path to check + * @return string lockdiscovery response + */ + function lockdiscovery($path) + { + // no lock support without checklock() method + if (!method_exists($this, "checklock")) { + return ""; + } + + // collect response here + $activelocks = ""; + + // get checklock() reply + $lock = $this->checklock($path); + + // generate block for returned data + if (is_array($lock) && count($lock)) { + // check for 'timeout' or 'expires' + if (!empty($lock["expires"])) { + $timeout = "Second-".($lock["expires"] - time()); + } else if (!empty($lock["timeout"])) { + $timeout = "Second-$lock[timeout]"; + } else { + $timeout = "Infinite"; + } + + // genreate response block + if ($this->crrnd) + { + $activelocks.= " + + <$lock[scope]/> + <$lock[type]/> + $lock[depth] + $lock[owner] + $timeout + $lock[token] + + "; + } + else + { + $activelocks.= " + + + + $lock[depth] + $lock[owner] + $timeout + $lock[token] + + "; + } + } + + // return generated response + //error_log(__METHOD__."\n".print_r($activelocks,true)); + return $activelocks; + } + + /** + * set HTTP return status and mirror it in a private header + * + * @param string status code and message + * @return void + */ + function http_status($status) + { + // simplified success case + if ($status === true) { + $status = "200 OK"; + } + + // remember status + $this->_http_status = $status; + + // generate HTTP status response + header("HTTP/1.1 $status"); + header("X-WebDAV-Status: $status", true); + } + + /** + * private minimalistic version of PHP urlencode() + * + * only blanks, percent and XML special chars must be encoded here + * full urlencode() encoding confuses some clients ... + * + * @param string URL to encode + * @return string encoded URL + */ + function _urlencode($url) + { + // cadaver (and probably all neon using agents) need a more complete url encoding + // otherwise special chars like "$,()'" in filenames do NOT work + // netdrive does NOT use a User-Agent, but requires full urlencoding for non-ascii chars (eg. German Umlauts) + if (strpos($_SERVER['HTTP_USER_AGENT'],'neon') !== false || !isset($_SERVER['HTTP_USER_AGENT'])) + { + return strtr(rawurlencode($url),array( + '%2F' => '/', + '%3A' => ':', + )); + } + //error_log( __METHOD__."\n" .print_r($url,true)); + return strtr($url, array(' ' => '%20', + '%' => '%25', + '&' => '%26', + '<' => '%3C', + '>' => '%3E', + '+' => '%2B', + )); + } + + /** + * private version of PHP urldecode + * + * not really needed but added for completenes + * + * @param string URL to decode + * @return string decoded URL + */ + function _urldecode($path) + { + return rawurldecode($path); + } + + /** + * Encode a hierarchical properties like: + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * @param array $props + * @param string $ns + * @param strin $ns_defs + * @param array $ns_hash + * @return string + */ + function _hierarchical_prop_encode(array $props, $ns, &$ns_defs, array &$ns_hash) + { + $ret = ''; + + //error_log(__METHOD__.'('.array2string($props).')'); + if (isset($props['name'])) $props = array($props); + + foreach($props as $prop) + { + if (!isset($ns_hash[$prop['ns']])) // unknown namespace + { + // register namespace + $ns_name = 'ns'.(count($ns_hash) + 1); + $ns_hash[$prop['ns']] = $ns_name; + $ns_defs .= ' xmlns:'.$ns_name.'="'.$prop['ns'].'"'; + } + if (is_array($prop['val'])) + { + $subprop = $prop['val']; + if (isset($subprop['ns']) || isset($subprop[0]['ns'])) + { + $ret .= '<'.($prop['ns'] == $ns ? ($this->crrnd ? '' : $ns_hash[$ns].':') : $ns_hash[$prop['ns']].':').$prop['name']. + (empty($prop['val']) ? '/>' : '>'.$this->_hierarchical_prop_encode($prop['val'], $prop['ns'], $ns_defs, $ns_hash). + 'crrnd ? '' : $ns_hash[$ns].':') : ($this->crrnd ? '' : $ns_hash[$prop['ns']].':')).$prop['name'].'>'); + } + else // val contains only attributes, no value + { + $vals = ''; + + foreach($subprop as $attr => $val) + { + $vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES, 'utf-8').'"'; + } + + $ret .= '<'.($prop['ns'] == $ns ? ($this->crrnd ? '' : $ns_hash[$ns].':') : $ns_hash[$prop['ns']].':').$prop['name']. + $vals .'/>'; + } + } + else + { + if (empty($prop['val'])) + { + $val = ''; + } + else + { + if(isset($prop['raw'])) + { + $val = $this->_prop_encode(''); + } else { + $val = $this->_prop_encode(htmlspecialchars($prop['val'], ENT_NOQUOTES, 'utf-8')); + // for href properties we need (minimalistic) urlencoding, eg. space + if ($prop['name'] == 'href') + { + $val = $this->_urlencode($val); + } + } + } + + $ret .= '<'.($prop['ns'] == $ns ? ($this->crrnd ? '' : $ns_hash[$ns].':') : $ns_hash[$prop['ns']].':').$prop['name']. + (empty($prop['val']) ? ' />' : '>'.$val.'crrnd ? '' : $ns_hash[$ns].':') : ($this->crrnd ? '' : $ns_hash[$prop['ns']].':')).$prop['name'].'>'); + } + } + + //error_log(__METHOD__.'('.array2string($props).") crrnd=$this->crrnd returning ".array2string($ret)); + return $ret; + } + + /** + * UTF-8 encode property values if not already done so + * + * @param string text to encode + * @return string utf-8 encoded text + */ + function _prop_encode($text) + { + //error_log( __METHOD__."\n" .print_r($text,true)); + //error_log("prop-encode:" . print_r($this->_prop_encoding,true)); + + switch (strtolower($this->_prop_encoding)) { + case "utf-8": + //error_log( __METHOD__."allready encoded\n" .print_r($text,true)); + return $text; + case "iso-8859-1": + case "iso-8859-15": + case "latin-1": + default: + error_log( __METHOD__."utf8 encode\n" .print_r(utf8_encode($text),true)); + return utf8_encode($text); + } + } + + /** + * Slashify - make sure path ends in a slash + * + * @param string directory path + * @returns string directory path wiht trailing slash + */ + function _slashify($path) + { + //error_log(__METHOD__." called with $path"); + if ($path[$this->bytes($path)-1] != '/') { + //error_log(__METHOD__." added slash at the end of path"); + $path = $path."/"; + } + return $path; + } + + /** + * Unslashify - make sure path doesn't in a slash + * + * @param string directory path + * @returns string directory path wihtout trailing slash + */ + function _unslashify($path) + { + //error_log(__METHOD__." called with $path"); + if ($path[$this->bytes($path)-1] == '/') { + $path = substr($path, 0, -1); + //error_log(__METHOD__." removed slash at the end of path"); + } + return $path; + } + + /** + * Merge two paths, make sure there is exactly one slash between them + * + * @param string parent path + * @param string child path + * @return string merged path + */ + function _mergePaths($parent, $child) + { + //error_log("merge called :\n$parent \n$child\n" . function_backtrace()); + //error_log("merge :\n".print_r($this->_mergePaths($this->_SERVER["SCRIPT_NAME"], $this->path)true)); + if ($child{0} == '/') { + return $this->_unslashify($parent).$child; + } else { + return $this->_slashify($parent).$child; + } + } + + /** + * mbstring.func_overload save strlen version: counting the bytes not the chars + * + * @param string $str + * @return int + */ + function bytes($str) + { + static $func_overload; + + if (is_null($func_overload)) + { + $func_overload = @extension_loaded('mbstring') ? ini_get('mbstring.func_overload') : 0; + } + return $func_overload & 2 ? mb_strlen($str,'ascii') : strlen($str); + } +} + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + */ +?> diff --git a/phpgwapi/inc/HTTP/WebDAV/Server/Filesystem.php b/phpgwapi/inc/HTTP/WebDAV/Server/Filesystem.php new file mode 100644 index 0000000000..a6979782e9 --- /dev/null +++ b/phpgwapi/inc/HTTP/WebDAV/Server/Filesystem.php @@ -0,0 +1,921 @@ + + * @version @package-version@ + */ +class HTTP_WebDAV_Server_Filesystem extends HTTP_WebDAV_Server +{ + /** + * Root directory for WebDAV access + * + * Defaults to webserver document root (set by ServeRequest) + * + * @access private + * @var string + */ + var $base = ""; + + /** + * MySQL Host where property and locking information is stored + * + * @access private + * @var string + */ + var $db_host = "localhost"; + + /** + * MySQL database for property/locking information storage + * + * @access private + * @var string + */ + var $db_name = "webdav"; + + /** + * MySQL table name prefix + * + * @access private + * @var string + */ + var $db_prefix = ""; + + /** + * MySQL user for property/locking db access + * + * @access private + * @var string + */ + var $db_user = "root"; + + /** + * MySQL password for property/locking db access + * + * @access private + * @var string + */ + var $db_passwd = ""; + + /** + * Serve a webdav request + * + * @access public + * @param string + */ + function ServeRequest($base = false) + { + // special treatment for litmus compliance test + // reply on its identifier header + // not needed for the test itself but eases debugging + if (isset($this->_SERVER['HTTP_X_LITMUS'])) { + error_log("Litmus test ".$this->_SERVER['HTTP_X_LITMUS']); + header("X-Litmus-reply: ".$this->_SERVER['HTTP_X_LITMUS']); + } + + // set root directory, defaults to webserver document root if not set + if ($base) { + $this->base = realpath($base); // TODO throw if not a directory + } else if (!$this->base) { + $this->base = $this->_SERVER['DOCUMENT_ROOT']; + } + + // establish connection to property/locking db + mysql_connect($this->db_host, $this->db_user, $this->db_passwd) or die(mysql_error()); + mysql_select_db($this->db_name) or die(mysql_error()); + // TODO throw on connection problems + + // let the base class do all the work + parent::ServeRequest(); + } + + /** + * No authentication is needed here + * + * @access private + * @param string HTTP Authentication type (Basic, Digest, ...) + * @param string Username + * @param string Password + * @return bool true on successful authentication + */ + function check_auth($type, $user, $pass) + { + return true; + } + + + /** + * PROPFIND method handler + * + * @param array general parameter passing array + * @param array return array for file properties + * @return bool true on success + */ + function PROPFIND(&$options, &$files) + { + // get absolute fs path to requested resource + $fspath = $this->base . $options["path"]; + + // sanity check + if (!file_exists($fspath)) { + return false; + } + + // prepare property array + $files["files"] = array(); + + // store information for the requested path itself + $files["files"][] = $this->fileinfo($options["path"]); + + // information for contained resources requested? + if (!empty($options["depth"]) && is_dir($fspath) && $this->_is_readable($fspath)) { + + // make sure path ends with '/' + $options["path"] = $this->_slashify($options["path"]); + + // try to open directory + $handle = opendir($fspath); + + if ($handle) { + // ok, now get all its contents + while ($filename = readdir($handle)) { + if ($filename != "." && $filename != "..") { + $files["files"][] = $this->fileinfo($options["path"].$filename); + } + } + // TODO recursion needed if "Depth: infinite" + closedir($handle); + } + } + + // ok, all done + return true; + } + + /** + * Get properties for a single file/resource + * + * @param string resource path + * @return array resource properties + */ + function fileinfo($path) + { + // map URI path to filesystem path + $fspath = $this->base . $path; + + // create result array + $info = array(); + // TODO remove slash append code when base clase is able to do it itself + $info["path"] = is_dir($fspath) ? $this->_slashify($path) : $path; + $info["props"] = array(); + + // no special beautified displayname here ... + $info["props"][] = $this->mkprop("displayname", strtoupper($path)); + + // creation and modification time + $info["props"][] = $this->mkprop("creationdate", filectime($fspath)); + $info["props"][] = $this->mkprop("getlastmodified", filemtime($fspath)); + + // Microsoft extensions: last access time and 'hidden' status + $info["props"][] = $this->mkprop("lastaccessed", fileatime($fspath)); + $info["props"][] = $this->mkprop("ishidden", ('.' === substr(basename($fspath), 0, 1))); + + // type and size (caller already made sure that path exists) + if (is_dir($fspath)) { + // directory (WebDAV collection) + $info["props"][] = $this->mkprop("resourcetype", "collection"); + $info["props"][] = $this->mkprop("getcontenttype", "httpd/unix-directory"); + } else { + // plain file (WebDAV resource) + $info["props"][] = $this->mkprop("resourcetype", ""); + if ($this->_is_readable($fspath)) { + $info["props"][] = $this->mkprop("getcontenttype", $this->_mimetype($fspath)); + } else { + $info["props"][] = $this->mkprop("getcontenttype", "application/x-non-readable"); + } + $info["props"][] = $this->mkprop("getcontentlength", filesize($fspath)); + } + + // get additional properties from database + $query = "SELECT ns, name, value + FROM {$this->db_prefix}properties + WHERE path = '$path'"; + $res = mysql_query($query); + while ($row = mysql_fetch_assoc($res)) { + $info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]); + } + mysql_free_result($res); + + return $info; + } + + /** + * detect if a given program is found in the search PATH + * + * helper function used by _mimetype() to detect if the + * external 'file' utility is available + * + * @param string program name + * @param string optional search path, defaults to $PATH + * @return bool true if executable program found in path + */ + function _can_execute($name, $path = false) + { + // path defaults to PATH from environment if not set + if ($path === false) { + $path = getenv("PATH"); + } + + // check method depends on operating system + if (!strncmp(PHP_OS, "WIN", 3)) { + // on Windows an appropriate COM or EXE file needs to exist + $exts = array(".exe", ".com"); + $check_fn = "file_exists"; + } else { + // anywhere else we look for an executable file of that name + $exts = array(""); + $check_fn = "is_executable"; + } + + // now check the directories in the path for the program + foreach (explode(PATH_SEPARATOR, $path) as $dir) { + // skip invalid path entries + if (!file_exists($dir)) continue; + if (!is_dir($dir)) continue; + + // and now look for the file + foreach ($exts as $ext) { + if ($check_fn("$dir/$name".$ext)) return true; + } + } + + return false; + } + + /** + * Check if path is readable by current user + * + * Allow extending classes to overwrite it + * + * @param string $fspath + * @return boolean + */ + function _is_readable($fspath) + { + return is_readable($fspath); + } + + /** + * Check if path is writable by current user + * + * Allow extending classes to overwrite it + * + * @param string $fspath + * @return boolean + */ + function _is_writable($fspath) + { + return is_writable($fspath); + } + + /** + * try to detect the mime type of a file + * + * @param string file path + * @return string guessed mime type + */ + function _mimetype($fspath) + { + if (is_dir($fspath)) { + // directories are easy + return "httpd/unix-directory"; + } else if (function_exists("mime_content_type")) { + // use mime magic extension if available + $mime_type = mime_content_type($fspath); + } else if ($this->_can_execute("file")) { + // it looks like we have a 'file' command, + // lets see it it does have mime support + $fp = popen("file -i '$fspath' 2>/dev/null", "r"); + $reply = fgets($fp); + pclose($fp); + + // popen will not return an error if the binary was not found + // and find may not have mime support using "-i" + // so we test the format of the returned string + + // the reply begins with the requested filename + if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) { + $reply = substr($reply, strlen($fspath)+2); + // followed by the mime type (maybe including options) + if (preg_match('|^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*|', $reply, $matches)) { + $mime_type = $matches[0]; + } + } + } + + if (empty($mime_type)) { + // Fallback solution: try to guess the type by the file extension + // TODO: add more ... + // TODO: it has been suggested to delegate mimetype detection + // to apache but this has at least three issues: + // - works only with apache + // - needs file to be within the document tree + // - requires apache mod_magic + // TODO: can we use the registry for this on Windows? + // OTOH if the server is Windos the clients are likely to + // be Windows, too, and tend do ignore the Content-Type + // anyway (overriding it with information taken from + // the registry) + // TODO: have a seperate PEAR class for mimetype detection? + switch (strtolower(strrchr(basename($fspath), "."))) { + case ".html": + $mime_type = "text/html"; + break; + case ".gif": + $mime_type = "image/gif"; + break; + case ".jpg": + $mime_type = "image/jpeg"; + break; + default: + $mime_type = "application/octet-stream"; + break; + } + } + + return $mime_type; + } + + /** + * HEAD method handler + * + * @param array parameter passing array + * @return bool true on success + */ + function HEAD(&$options) + { + // get absolute fs path to requested resource + $fspath = $this->base . $options["path"]; + + // sanity check + if (!file_exists($fspath)) return false; + + // detect resource type + $options['mimetype'] = $this->_mimetype($fspath); + + // detect modification time + // see rfc2518, section 13.7 + // some clients seem to treat this as a reverse rule + // requiering a Last-Modified header if the getlastmodified header was set + $options['mtime'] = filemtime($fspath); + + // detect resource size + $options['size'] = filesize($fspath); + + return true; + } + + /** + * GET method handler + * + * @param array parameter passing array + * @return bool true on success + */ + function GET(&$options) + { + // get absolute fs path to requested resource + $fspath = $this->base . $options["path"]; + + // is this a collection? + if (is_dir($fspath)) { + return $this->GetDir($fspath, $options); + } + + // the header output is the same as for HEAD + if (!$this->HEAD($options)) { + return false; + } + + // no need to check result here, it is handled by the base class + $options['stream'] = fopen($fspath, "r"); + + return true; + } + + /** + * GET method handler for directories + * + * This is a very simple mod_index lookalike. + * See RFC 2518, Section 8.4 on GET/HEAD for collections + * + * @param string directory path + * @return void function has to handle HTTP response itself + */ + function GetDir($fspath, &$options) + { + $path = $this->_slashify($options["path"]); + if ($path != $options["path"]) { + header("Location: ".$this->base_uri.$path); + exit; + } + + // fixed width directory column format + $format = "%15s %-19s %-s\n"; + + if (!$this->_is_readable($fspath)) { + return false; + } + + $handle = opendir($fspath); + if (!$handle) { + return false; + } + + echo "Index of ".htmlspecialchars(urldecode($options['path']))."\n"; + + echo "

Index of ".htmlspecialchars($options['path'])."

\n"; + + echo "
";
+        printf($format, "Size", "Last modified", "Filename");
+        echo "
";
+
+        while ($filename = readdir($handle)) {
+            if ($filename != "." && $filename != "..") {
+                $fullpath = $fspath.$filename;
+                $name     = htmlspecialchars($filename);
+                printf($format,
+                       number_format(filesize($fullpath)),
+                       strftime("%Y-%m-%d %H:%M:%S", filemtime($fullpath)),
+                       ''.urldecode($name).'');
+            }
+        }
+
+        echo "
"; + + closedir($handle); + + echo "\n"; + + exit; + } + + /** + * PUT method handler + * + * @param array parameter passing array + * @return bool true on success + */ + function PUT(&$options) + { + $fspath = $this->base . $options["path"]; + + $dir = dirname($fspath); + if (!file_exists($dir) || !is_dir($dir)) { + return "409 Conflict"; // TODO right status code for both? + } + + $options["new"] = ! file_exists($fspath); + + if ($options["new"] && !$this->_is_writable($dir)) { + return "403 Forbidden"; + } + if (!$options["new"] && !$this->_is_writable($fspath)) { + return "403 Forbidden"; + } + if (!$options["new"] && is_dir($fspath)) { + return "403 Forbidden"; + } + + $fp = fopen($fspath, "w"); + + return $fp; + } + + + /** + * MKCOL method handler + * + * @param array general parameter passing array + * @return bool true on success + */ + function MKCOL($options) + { + $path = $this->base .$options["path"]; + $parent = dirname($path); + $name = basename($path); + + if (!file_exists($parent)) { + return "409 Conflict"; + } + + if (!is_dir($parent)) { + return "403 Forbidden"; + } + + if ( file_exists($parent."/".$name) ) { + return "405 Method not allowed"; + } + + if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet + return "415 Unsupported media type"; + } + + $stat = mkdir($parent."/".$name, 0777); + if (!$stat) { + return "403 Forbidden"; + } + + return ("201 Created"); + } + + + /** + * DELETE method handler + * + * @param array general parameter passing array + * @return bool true on success + */ + function DELETE($options) + { + $path = $this->base . "/" .$options["path"]; + + if (!file_exists($path)) { + return "404 Not found"; + } + + if (is_dir($path)) { + $query = "DELETE FROM {$this->db_prefix}properties + WHERE path LIKE '".$this->_slashify($options["path"])."%'"; + mysql_query($query); + System::rm(array("-rf", $path)); + } else { + unlink($path); + } + $query = "DELETE FROM {$this->db_prefix}properties + WHERE path = '$options[path]'"; + mysql_query($query); + + return "204 No Content"; + } + + + /** + * MOVE method handler + * + * @param array general parameter passing array + * @return bool true on success + */ + function MOVE($options) + { + return $this->COPY($options, true); + } + + /** + * COPY method handler + * + * @param array general parameter passing array + * @return bool true on success + */ + function COPY($options, $del=false) + { + // TODO Property updates still broken (Litmus should detect this?) + + if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet + return "415 Unsupported media type"; + } + + // no copying to different WebDAV Servers yet + if (isset($options["dest_url"])) { + return "502 bad gateway"; + } + + $source = $this->base . $options["path"]; + if (!file_exists($source)) { + return "404 Not found"; + } + + if (is_dir($source)) { // resource is a collection + switch ($options["depth"]) { + case "infinity": // valid + break; + case "0": // valid for COPY only + if ($del) { // MOVE? + return "400 Bad request"; + } + break; + case "1": // invalid for both COPY and MOVE + default: + return "400 Bad request"; + } + } + + $dest = $this->base . $options["dest"]; + $destdir = dirname($dest); + + if (!file_exists($destdir) || !is_dir($destdir)) { + return "409 Conflict"; + } + + + $new = !file_exists($dest); + $existing_col = false; + + if (!$new) { + if ($del && is_dir($dest)) { + if (!$options["overwrite"]) { + return "412 precondition failed"; + } + $dest .= basename($source); + if (file_exists($dest)) { + $options["dest"] .= basename($source); + } else { + $new = true; + $existing_col = true; + } + } + } + + if (!$new) { + if ($options["overwrite"]) { + $stat = $this->DELETE(array("path" => $options["dest"])); + if (($stat{0} != "2") && (substr($stat, 0, 3) != "404")) { + return $stat; + } + } else { + return "412 precondition failed"; + } + } + + if ($del) { + if (!rename($source, $dest)) { + return "500 Internal server error"; + } + $destpath = $this->_unslashify($options["dest"]); + if (is_dir($source)) { + $query = "UPDATE {$this->db_prefix}properties + SET path = REPLACE(path, '".$options["path"]."', '".$destpath."') + WHERE path LIKE '".$this->_slashify($options["path"])."%'"; + mysql_query($query); + } + + $query = "UPDATE {$this->db_prefix}properties + SET path = '".$destpath."' + WHERE path = '".$options["path"]."'"; + mysql_query($query); + } else { + if (is_dir($source) && $options["depth"] == "infinity") { // no find for depth="0" + $files = System::find($source); + $files = array_reverse($files); + } else { + $files = array($source); + } + + if (!is_array($files) || empty($files)) { + return "500 Internal server error"; + } + + + foreach ($files as $file) { + if (is_dir($file)) { + $file = $this->_slashify($file); + } + + $destfile = str_replace($source, $dest, $file); + + if (is_dir($file)) { + if (!file_exists($destfile)) { + if (!$this->_is_writable(dirname($destfile))) { + return "403 Forbidden"; + } + if (!mkdir($destfile)) { + return "409 Conflict"; + } + } else if (!is_dir($destfile)) { + return "409 Conflict"; + } + } else { + + if (!copy($file, $destfile)) { + return "409 Conflict"; + } + } + } + + $query = "INSERT INTO {$this->db_prefix}properties + SELECT * + FROM {$this->db_prefix}properties + WHERE path = '".$options['path']."'"; + } + + return ($new && !$existing_col) ? "201 Created" : "204 No Content"; + } + + /** + * PROPPATCH method handler + * + * @param array general parameter passing array + * @return bool true on success + */ + function PROPPATCH(&$options) + { + global $prefs, $tab; + + $msg = ""; + $path = $options["path"]; + $dir = dirname($path)."/"; + $base = basename($path); + + foreach ($options["props"] as $key => $prop) { + if ($prop["ns"] == "DAV:") { + $options["props"][$key]['status'] = "403 Forbidden"; + } else { + if (isset($prop["val"])) { + $query = "REPLACE INTO {$this->db_prefix}properties + SET path = '$options[path]' + , name = '$prop[name]' + , ns= '$prop[ns]' + , value = '$prop[val]'"; + } else { + $query = "DELETE FROM {$this->db_prefix}properties + WHERE path = '$options[path]' + AND name = '$prop[name]' + AND ns = '$prop[ns]'"; + } + mysql_query($query); + } + } + + return ""; + } + + + /** + * LOCK method handler + * + * @param array general parameter passing array + * @return bool true on success + */ + function LOCK(&$options) + { + // get absolute fs path to requested resource + $fspath = $this->base . $options["path"]; + + // TODO recursive locks on directories not supported yet + // makes litmus test "32. lock_collection" fail + if (is_dir($fspath) && !empty($options["depth"])) { + return "409 Conflict"; + } + + $options["timeout"] = time()+300; // 5min. hardcoded + + if (isset($options["update"])) { // Lock Update + $where = "WHERE path = '$options[path]' AND token = '$options[update]'"; + + $query = "SELECT owner, exclusivelock FROM {$this->db_prefix}locks $where"; + $res = mysql_query($query); + $row = mysql_fetch_assoc($res); + mysql_free_result($res); + + if (is_array($row)) { + $query = "UPDATE {$this->db_prefix}locks + SET expires = '$options[timeout]' + , modified = ".time()." + $where"; + mysql_query($query); + + $options['owner'] = $row['owner']; + $options['scope'] = $row["exclusivelock"] ? "exclusive" : "shared"; + $options['type'] = $row["exclusivelock"] ? "write" : "read"; + + return true; + } else { + return false; + } + } + + $query = "INSERT INTO {$this->db_prefix}locks + SET token = '$options[locktoken]' + , path = '$options[path]' + , created = ".time()." + , modified = ".time()." + , owner = '$options[owner]' + , expires = '$options[timeout]' + , exclusivelock = " .($options['scope'] === "exclusive" ? "1" : "0") + ; + mysql_query($query); + + return mysql_affected_rows() ? "200 OK" : "409 Conflict"; + } + + /** + * UNLOCK method handler + * + * @param array general parameter passing array + * @return bool true on success + */ + function UNLOCK(&$options) + { + $query = "DELETE FROM {$this->db_prefix}locks + WHERE path = '$options[path]' + AND token = '$options[token]'"; + mysql_query($query); + + return mysql_affected_rows() ? "204 No Content" : "409 Conflict"; + } + + /** + * checkLock() helper + * + * @param string resource path to check for locks + * @return bool true on success + */ + function checkLock($path) + { + $result = false; + + $query = "SELECT owner, token, created, modified, expires, exclusivelock + FROM {$this->db_prefix}locks + WHERE path = '$path' + "; + $res = mysql_query($query); + + if ($res) { + $row = mysql_fetch_array($res); + mysql_free_result($res); + + if ($row) { + $result = array( "type" => "write", + "scope" => $row["exclusivelock"] ? "exclusive" : "shared", + "depth" => 0, + "owner" => $row['owner'], + "token" => $row['token'], + "created" => $row['created'], + "modified" => $row['modified'], + "expires" => $row['expires'] + ); + } + } + + return $result; + } + + + /** + * create database tables for property and lock storage + * + * @param void + * @return bool true on success + */ + function create_database() + { + // TODO + return false; + } +} + + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * indent-tabs-mode:nil + * End: + */ diff --git a/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_lockinfo.php b/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_lockinfo.php new file mode 100644 index 0000000000..34afa0ace4 --- /dev/null +++ b/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_lockinfo.php @@ -0,0 +1,251 @@ + + * @version @package-version@ + */ +class _parse_lockinfo +{ + /** + * success state flag + * + * @var bool + * @access public + */ + var $success = false; + + /** + * lock type, currently only "write" + * + * @var string + * @access public + */ + var $locktype = ""; + + /** + * lock scope, "shared" or "exclusive" + * + * @var string + * @access public + */ + var $lockscope = ""; + + /** + * lock owner information + * + * @var string + * @access public + */ + var $owner = ""; + + /** + * flag that is set during lock owner read + * + * @var bool + * @access private + */ + var $collect_owner = false; + + /** + * constructor + * + * @param string path of stream to read + * @access public + */ + function _parse_lockinfo($path) + { + // we assume success unless problems occur + $this->success = true; + + // remember if any input was parsed + $had_input = false; + + // open stream + $f_in = fopen($path, "r"); + if (!$f_in) { + $this->success = false; + return; + } + + // create namespace aware parser + $xml_parser = xml_parser_create_ns("UTF-8", " "); + + // set tag and data handlers + xml_set_element_handler($xml_parser, + array(&$this, "_startElement"), + array(&$this, "_endElement")); + xml_set_character_data_handler($xml_parser, + array(&$this, "_data")); + + // we want a case sensitive parser + xml_parser_set_option($xml_parser, + XML_OPTION_CASE_FOLDING, false); + + // parse input + while ($this->success && !feof($f_in)) { + $line = fgets($f_in); + if (is_string($line)) { + $had_input = true; + $this->success &= xml_parse($xml_parser, $line, false); + } + } + + // finish parsing + if ($had_input) { + $this->success &= xml_parse($xml_parser, "", true); + } + + // check if required tags where found + $this->success &= !empty($this->locktype); + $this->success &= !empty($this->lockscope); + + // free parser resource + xml_parser_free($xml_parser); + + // close input stream + fclose($f_in); + } + + + /** + * tag start handler + * + * @param resource parser + * @param string tag name + * @param array tag attributes + * @return void + * @access private + */ + function _startElement($parser, $name, $attrs) + { + // namespace handling + if (strstr($name, " ")) { + list($ns, $tag) = explode(" ", $name); + } else { + $ns = ""; + $tag = $name; + } + + + if ($this->collect_owner) { + // everything within the tag needs to be collected + $ns_short = ""; + $ns_attr = ""; + if ($ns) { + if ($ns == "DAV:") { + $ns_short = "D:"; + } else { + $ns_attr = " xmlns='$ns'"; + } + } + $this->owner .= "<$ns_short$tag$ns_attr>"; + } else if ($ns == "DAV:") { + // parse only the essential tags + switch ($tag) { + case "write": + $this->locktype = $tag; + break; + case "exclusive": + case "shared": + $this->lockscope = $tag; + break; + case "owner": + $this->collect_owner = true; + break; + } + } + } + + /** + * data handler + * + * @param resource parser + * @param string data + * @return void + * @access private + */ + function _data($parser, $data) + { + // only the tag has data content + if ($this->collect_owner) { + $this->owner .= $data; + } + } + + /** + * tag end handler + * + * @param resource parser + * @param string tag name + * @return void + * @access private + */ + function _endElement($parser, $name) + { + // namespace handling + if (strstr($name, " ")) { + list($ns, $tag) = explode(" ", $name); + } else { + $ns = ""; + $tag = $name; + } + + // finished? + if (($ns == "DAV:") && ($tag == "owner")) { + $this->collect_owner = false; + } + + // within we have to collect everything + if ($this->collect_owner) { + $ns_short = ""; + $ns_attr = ""; + if ($ns) { + if ($ns == "DAV:") { + $ns_short = "D:"; + } else { + $ns_attr = " xmlns='$ns'"; + } + } + $this->owner .= ""; + } + } +} + +?> diff --git a/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_propfind.php b/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_propfind.php new file mode 100644 index 0000000000..30c2df6db7 --- /dev/null +++ b/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_propfind.php @@ -0,0 +1,285 @@ + + * @version @package-version@ + */ +class _parse_propfind +{ + /** + * success state flag + * + * @var bool + * @access public + */ + var $success = false; + + /** + * found properties are collected here + * + * @var array + * @access public + */ + var $props = false; + + /** + * found (CalDAV) filters are collected here + * + * @var array + * @access public + */ + var $filters = false; + + /** + * found other tags, eg. CalDAV calendar-multiget href's + * + * @var array + * @access public + */ + var $other = false; + + /** + * what we are currently parsing: props or filters + * + * @var array + * @access private + */ + var $use = 'props'; + + /** + * Root tag, usually 'propfind' for PROPFIND, but can be eg. 'calendar-query' or 'calendar-multiget' for CalDAV REPORT + * + * @var array with keys 'name' and 'ns' + */ + var $root; + + /** + * internal tag nesting depth counter + * + * @var int + * @access private + */ + var $depth = 0; + + /** + * On return whole request, if $store_request == true was specified in constructor + * + * @var string + */ + var $request; + + /** + * constructor + * + * @access public + * @param string $path + * @param boolean $store_request=false if true whole request data will be made available in $this->request + */ + function _parse_propfind($path, $store_request=false) + { + // success state flag + $this->success = true; + + // property storage array + $this->props = array(); + + // internal tag depth counter + $this->depth = 0; + + // remember if any input was parsed + $had_input = false; + + // open input stream + $f_in = fopen($path, "r"); + if (!$f_in) { + $this->success = false; + return; + } + + // create XML parser + $xml_parser = xml_parser_create_ns("UTF-8", " "); + + // set tag and data handlers + xml_set_element_handler($xml_parser, + array(&$this, "_startElement"), + array(&$this, "_endElement")); + + xml_set_character_data_handler($xml_parser, + array(&$this,'_charData') + ); + + // we want a case sensitive parser + xml_parser_set_option($xml_parser, + XML_OPTION_CASE_FOLDING, false); + + // parse input + while ($this->success && !feof($f_in)) { + $line = fgets($f_in); + if ($store_request) $this->request .= $line; + if (is_string($line)) { + $had_input = true; + $this->success &= xml_parse($xml_parser, $line, false); + } + } + + // finish parsing + if ($had_input) { + $this->success &= xml_parse($xml_parser, "", true); + } + + // free parser + xml_parser_free($xml_parser); + + // close input stream + fclose($f_in); + + // if no input was parsed it was a request + if(!count($this->props)) $this->props = "all"; // default + } + + + /** + * start tag handler + * + * @access private + * @param resource parser + * @param string tag name + * @param array tag attributes + */ + function _startElement($parser, $name, $attrs) + { + // name space handling + if (strstr($name, " ")) { + list($ns, $tag) = explode(" ", $name); + if ($ns == "") + $this->success = false; + } else { + $ns = ""; + $tag = $name; + } + + // record root tag + if ($this->depth == 0) { + $this->root = array('name' => $tag, 'xmlns' => $ns, 'attrs' => $attrs); + } + // special tags at level 1: and + if ($this->depth == 1) { + $this->use = 'props'; + switch ($tag) + { + case "allprop": + $this->props = "all"; + break; + case "propname": + $this->props = "names"; + break; + case 'prop': + break; + case 'filter': + $this->use = 'filters'; + $this->filters['attrs'] = $attrs; // need attrs eg. + break; + default: + $this->use = 'other'; + break; + } + } + //echo "$this->depth: use=$this->use $ns:$tag attrs=".array2string($attrs)."\n"; + + // requested properties are found at level 2 + // CalDAV filters can be at deeper levels too and we need the attrs, same for other tags (eg. multiget href's) + if ($this->depth == 2 || $this->use == 'filters' && $this->depth >= 2 || $this->use == 'other' || + $this->use == 'props' && $this->depth >= 2) { + $prop = array("name" => $tag); + if ($ns) + $prop["xmlns"] = $ns; + if ($this->use != 'props' || $this->depth > 2) { + $prop['attrs'] = $attrs; + $prop['depth'] = $this->depth; + } + // collect sub-elements of props in the original props children attribute + // eg. required for CalDAV + if ($this->use == 'props' && $this->depth > 2) + { + $this->last_prop['children'][$tag] = $prop; + } + else + { + // this can happen if we have allprop and prop in one propfind: + // , eg. blah is not automatic returned by allprop + if (!is_array($this->{$this->use}) && $this->{$this->use}) $this->{$this->use} = array($this->{$this->use}); + $this->{$this->use}[] =& $prop; + $this->last_prop =& $prop; + unset($prop); + } + } + + // increment depth count + $this->depth++; + } + + + /** + * end tag handler + * + * @access private + * @param resource parser + * @param string tag name + */ + function _endElement($parser, $name) + { + // here we only need to decrement the depth count + $this->depth--; + } + + + /** + * char data handler for non prop tags, eg. href's in CalDAV multiget, or filter contents + * + * @access private + * @param resource parser + * @param string character data + */ + function _charData($parser, $data) + { + if ($this->use != 'props' && ($n = count($this->{$this->use})) && ($data = trim($data))) { + $this->{$this->use}[$n-1]['data'] = $data; + } + } +} diff --git a/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_proppatch.php b/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_proppatch.php new file mode 100644 index 0000000000..25a0bbef9a --- /dev/null +++ b/phpgwapi/inc/HTTP/WebDAV/Tools/_parse_proppatch.php @@ -0,0 +1,246 @@ + + * @version @package-version@ + */ +class _parse_proppatch +{ + /** + * + * + * @var + * @access + */ + var $success; + + /** + * + * + * @var + * @access + */ + var $props; + + /** + * + * + * @var + * @access + */ + var $depth; + + /** + * + * + * @var + * @access + */ + var $mode; + + /** + * + * + * @var + * @access + */ + var $current; + + /** + * On return whole request, if $store_request == true was specified in constructor + * + * @var string + */ + var $request; + + /** + * constructor + * + * @param string path of input stream + * @param boolean $store_request=false if true whole request data will be made available in $this->request + * @access public + */ + function _parse_proppatch($path, $store_request=false) + { + $this->success = true; + + $this->depth = 0; + $this->props = array(); + $had_input = false; + + $f_in = fopen($path, "r"); + if (!$f_in) { + $this->success = false; + return; + } + + $xml_parser = xml_parser_create_ns("UTF-8", " "); + + xml_set_element_handler($xml_parser, + array(&$this, "_startElement"), + array(&$this, "_endElement")); + + xml_set_character_data_handler($xml_parser, + array(&$this, "_data")); + + xml_parser_set_option($xml_parser, + XML_OPTION_CASE_FOLDING, false); + + while($this->success && !feof($f_in)) { + $line = fgets($f_in); + if ($store_request) $this->request .= $line; + if (is_string($line)) { + $had_input = true; + $this->success &= xml_parse($xml_parser, $line, false); + } + } + + if($had_input) { + $this->success &= xml_parse($xml_parser, "", true); + } + + xml_parser_free($xml_parser); + + fclose($f_in); + } + + /** + * tag start handler + * + * @param resource parser + * @param string tag name + * @param array tag attributes + * @return void + * @access private + */ + function _startElement($parser, $name, $attrs) + { + if (strstr($name, " ")) { + list($ns, $tag) = explode(" ", $name); + if ($ns == "") + $this->success = false; + } else { + $ns = ""; + $tag = $name; + } + + if ($this->depth == 1) { + $this->mode = $tag; + } + + if ($this->depth == 3) { + $prop = array("name" => $tag); + $this->current = array("name" => $tag, "ns" => $ns, "status"=> 200); + if ($this->mode == "set") { + $this->current["val"] = ""; // default set val + } + } + + if ($this->depth >= 4) { + $this->current["val"] .= "<$tag"; + if (isset($attr)) { + foreach ($attr as $key => $val) { + $this->current["val"] .= ' '.$key.'="'.str_replace('"','"', $val).'"'; + } + } + $this->current["val"] .= ">"; + } + + + + $this->depth++; + } + + /** + * tag end handler + * + * @param resource parser + * @param string tag name + * @return void + * @access private + */ + function _endElement($parser, $name) + { + if (strstr($name, " ")) { + list($ns, $tag) = explode(" ", $name); + if ($ns == "") + $this->success = false; + } else { + $ns = ""; + $tag = $name; + } + + $this->depth--; + + if ($this->depth >= 4) { + $this->current["val"] .= ""; + } + + if ($this->depth == 3) { + if (isset($this->current)) { + $this->props[] = $this->current; + unset($this->current); + } + } + } + + /** + * input data handler + * + * @param resource parser + * @param string data + * @return void + * @access private + */ + function _data($parser, $data) + { + if (isset($this->current)) { + $this->current["val"] .= $data; + } + } +} + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * indent-tabs-mode:nil + * End: + */ diff --git a/phpgwapi/inc/class.groupdav.inc.php b/phpgwapi/inc/class.groupdav.inc.php index cf042cbfa2..aa14939497 100644 --- a/phpgwapi/inc/class.groupdav.inc.php +++ b/phpgwapi/inc/class.groupdav.inc.php @@ -7,16 +7,20 @@ * @package api * @subpackage groupdav * @author Ralf Becker - * @copyright (c) 2007-13 by Ralf Becker + * @copyright (c) 2007-14 by Ralf Becker * @version $Id$ */ +if (strpos(ini_get('include_path'), EGW_API_INC) === false) +{ + ini_set('include_path', EGW_API_INC.PATH_SEPARATOR.ini_get('include_path')); +} require_once('HTTP/WebDAV/Server.php'); /** * EGroupware: GroupDAV access * - * Using a modified PEAR HTTP/WebDAV/Server class from egw-pear! + * Using a modified PEAR HTTP/WebDAV/Server class from API! * * One can use the following url's releative (!) to http://domain.com/egroupware/groupdav.php * diff --git a/phpgwapi/inc/class.vfs_webdav_server.inc.php b/phpgwapi/inc/class.vfs_webdav_server.inc.php index e657c9f9ba..8fe8b55866 100644 --- a/phpgwapi/inc/class.vfs_webdav_server.inc.php +++ b/phpgwapi/inc/class.vfs_webdav_server.inc.php @@ -13,15 +13,16 @@ * @version $Id$ */ +if (strpos(ini_get('include_path'), EGW_API_INC) === false) +{ + ini_set('include_path', EGW_API_INC.PATH_SEPARATOR.ini_get('include_path')); +} require_once('HTTP/WebDAV/Server/Filesystem.php'); /** * FileManger - WebDAV access using the new stream wrapper VFS interface * - * Using the PEAR HTTP/WebDAV/Server/Filesystem class (which need to be installed!) - * - * @todo table to store properties - * @todo filesystem class uses PEAR's System::find in COPY, which we dont require nor know if it works on custom stream wrappers + * Using modified PEAR HTTP/WebDAV/Server/Filesystem class in API dir */ class vfs_webdav_server extends HTTP_WebDAV_Server_Filesystem {