mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-15 11:11:49 +01:00
8f7f89666f
- all: false (default) = ignore files starting with a dot '.', true = show all files (. and .. are always ignored!) - exec: false (default) = do NOT allow to upload or modify scripts, true = allow it (if docroot is mounted, this allows to run scripts!) --> deny_script method was added to egw_vfs and calls to it from filemanager Other fixes: - missing write rights of the webserver were not removed from perms (causing warnings to be displayed in the ui) - rename was not working due to typos --> should be backported for obvious reasons to 1.6
720 lines
26 KiB
PHP
720 lines
26 KiB
PHP
<?php
|
|
/**
|
|
* eGroupWare API: VFS - stream wrapper to access the regular filesystem (setting a given user, group and mode)
|
|
*
|
|
* @link http://www.egroupware.org
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
|
* @package api
|
|
* @subpackage vfs
|
|
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
|
* @copyright (c) 2008-9 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
|
* @version $Id$
|
|
*/
|
|
|
|
/**
|
|
* eGroupWare API: VFS - stream wrapper to access the regular filesystem (setting a given user, group and mode)
|
|
*
|
|
* This stream wrapper allows to mount parts of the regular filesystem, under specified permissions.
|
|
* You can eg. mount an directory in the docroot to allow the Admin group to upload files there.
|
|
*
|
|
* This stream wrapper uses query parameters to pass certain options to it:
|
|
* - user: uid or user-name owning the path, default root
|
|
* - group: gid or group-name owning the path, default root
|
|
* - mode: mode bit for the path, default 0005 (read and execute for nobody)
|
|
* - all: false (default) = ignore files starting with a dot '.', true = show all files (. and .. are always ignored!)
|
|
* - exec: false (default) = do NOT allow to upload or modify scripts, true = allow it (if docroot is mounted, this allows to run scripts!)
|
|
* scripts are considered every file having a script-extension (eg. .php, .pl, .py), defined with SCRIPT_EXTENSION_PREG constant
|
|
*
|
|
* @link http://www.php.net/manual/en/function.stream-wrapper-register.php
|
|
*/
|
|
class filesystem_stream_wrapper implements iface_stream_wrapper
|
|
{
|
|
/**
|
|
* Scheme / protocol used for this stream-wrapper
|
|
*/
|
|
const SCHEME = 'filesystem';
|
|
/**
|
|
* Mime type of directories, the old vfs used 'Directory', while eg. WebDAV uses 'httpd/unix-directory'
|
|
*/
|
|
const DIR_MIME_TYPE = egw_vfs::DIR_MIME_TYPE ;
|
|
|
|
/**
|
|
* mode-bits, which have to be set for files
|
|
*/
|
|
const MODE_FILE = 0100000;
|
|
/**
|
|
* mode-bits, which have to be set for directories
|
|
*/
|
|
const MODE_DIR = 040000;
|
|
|
|
/**
|
|
* optional context param when opening the stream, null if no context passed
|
|
*
|
|
* @var mixed
|
|
*/
|
|
var $context;
|
|
|
|
/**
|
|
* stream / ressouce this class is opened for by stream_open
|
|
*
|
|
* @var ressource
|
|
*/
|
|
private $opened_stream;
|
|
|
|
/**
|
|
* URL of the opened stream, used to build the complete URL of files in the dir
|
|
*
|
|
* @var string
|
|
*/
|
|
private $opened_stream_url;
|
|
|
|
/**
|
|
* directory-ressouce this class is opened for by dir_open
|
|
*
|
|
* @var ressource
|
|
*/
|
|
private $opened_dir;
|
|
|
|
/**
|
|
* URL of the opened dir, used to build the complete URL of files in the dir
|
|
*
|
|
* @var string
|
|
*/
|
|
private $opened_dir_url;
|
|
|
|
/**
|
|
* Should dir show all files, or only the ones NOT starting with a dot (. and .. are never shown)
|
|
*
|
|
* @var boolean
|
|
*/
|
|
private $dir_show_all = false;
|
|
|
|
/**
|
|
* How much should be logged to the apache error-log
|
|
*
|
|
* 0 = Nothing
|
|
* 1 = only errors
|
|
* 2 = all function calls and errors (contains passwords too!)
|
|
*/
|
|
const LOG_LEVEL = 1;
|
|
|
|
/**
|
|
* Regular expression identifying scripts, to NOT allow updating them if exec mount option is NOT set
|
|
*/
|
|
const SCRIPT_EXTENSIONS_PREG = '/\.(php[0-9]*|pl|py)$/';
|
|
|
|
/**
|
|
* This method is called immediately after your stream object is created.
|
|
*
|
|
* @param string $url URL that was passed to fopen() and that this object is expected to retrieve
|
|
* @param string $mode mode used to open the file, as detailed for fopen()
|
|
* @param int $options additional flags set by the streams API (or'ed together):
|
|
* - STREAM_USE_PATH If path is relative, search for the resource using the include_path.
|
|
* - STREAM_REPORT_ERRORS If this flag is set, you are responsible for raising errors using trigger_error() during opening of the stream.
|
|
* If this flag is not set, you should not raise any errors.
|
|
* @param string $opened_path full path of the file/resource, if the open was successfull and STREAM_USE_PATH was set
|
|
* @return boolean true if the ressource was opened successful, otherwise false
|
|
*/
|
|
function stream_open ( $url, $mode, $options, &$opened_path )
|
|
{
|
|
$this->opened_stream = $this->opened_stream_url = null;
|
|
|
|
// check access rights, based on the eGW mount perms
|
|
if (!($stat = self::url_stat($url,0)) || $mode[0] == 'x') // file not found or file should NOT exist
|
|
{
|
|
$dir = egw_vfs::dirname($url);
|
|
if ($mode[0] == 'r' || // does $mode require the file to exist (r,r+)
|
|
$mode[0] == 'x' || // or file should not exist, but does
|
|
!egw_vfs::check_access($dir,egw_vfs::WRITABLE,$dir_stat=self::url_stat($dir,0))) // or we are not allowed to create it
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) file does not exist or can not be created!");
|
|
if (!($options & STREAM_URL_STAT_QUIET))
|
|
{
|
|
trigger_error(__METHOD__."($url,$mode,$options) file does not exist or can not be created!",E_USER_WARNING);
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
elseif ($mode != 'r' && !egw_vfs::check_access($url,egw_vfs::WRITABLE,$stat)) // we are not allowed to edit it
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) file can not be edited!");
|
|
if (!($options & STREAM_URL_STAT_QUIET))
|
|
{
|
|
trigger_error(__METHOD__."($url,$mode,$options) file can not be edited!",E_USER_WARNING);
|
|
}
|
|
return false;
|
|
}
|
|
if ($mode != 'r' && self::deny_script($url))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) permission denied, file is a script!");
|
|
if (!($options & STREAM_URL_STAT_QUIET))
|
|
{
|
|
trigger_error(__METHOD__."($url,$mode,$options) permission denied, file is a script!",E_USER_WARNING);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
// open the "real" file
|
|
if (!($this->opened_stream = fopen($path=parse_url($url,PHP_URL_PATH),$mode,$options)))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) fopen('$path','$mode',$options) returned false!");
|
|
return false;
|
|
}
|
|
$this->opened_stream_url = $url;
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* This method is called when the stream is closed, using fclose().
|
|
*
|
|
* You must release any resources that were locked or allocated by the stream.
|
|
*/
|
|
function stream_close ( )
|
|
{
|
|
$ret = fclose($this->opened_stream);
|
|
|
|
$this->opened_stream = null;
|
|
|
|
return $ret;
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to fread() and fgets() calls on the stream.
|
|
*
|
|
* You must return up-to count bytes of data from the current read/write position as a string.
|
|
* If there are less than count bytes available, return as many as are available.
|
|
* If no more data is available, return either FALSE or an empty string.
|
|
* You must also update the read/write position of the stream by the number of bytes that were successfully read.
|
|
*
|
|
* @param int $count
|
|
* @return string/false up to count bytes read or false on EOF
|
|
*/
|
|
function stream_read ( $count )
|
|
{
|
|
return fread($this->opened_stream,$count);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to fwrite() calls on the stream.
|
|
*
|
|
* You should store data into the underlying storage used by your stream.
|
|
* If there is not enough room, try to store as many bytes as possible.
|
|
* You should return the number of bytes that were successfully stored in the stream, or 0 if none could be stored.
|
|
* You must also update the read/write position of the stream by the number of bytes that were successfully written.
|
|
*
|
|
* @param string $data
|
|
* @return integer
|
|
*/
|
|
function stream_write ( $data )
|
|
{
|
|
return fwrite($this->opened_stream,$data);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to feof() calls on the stream.
|
|
*
|
|
* Important: PHP 5.0 introduced a bug that wasn't fixed until 5.1: the return value has to be the oposite!
|
|
*
|
|
* if(version_compare(PHP_VERSION,'5.0','>=') && version_compare(PHP_VERSION,'5.1','<'))
|
|
* {
|
|
* $eof = !$eof;
|
|
* }
|
|
*
|
|
* @return boolean true if the read/write position is at the end of the stream and no more data availible, false otherwise
|
|
*/
|
|
function stream_eof ( )
|
|
{
|
|
return feof($this->opened_stream);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to ftell() calls on the stream.
|
|
*
|
|
* @return integer current read/write position of the stream
|
|
*/
|
|
function stream_tell ( )
|
|
{
|
|
return ftell($this->opened_stream);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to fseek() calls on the stream.
|
|
*
|
|
* You should update the read/write position of the stream according to offset and whence.
|
|
* See fseek() for more information about these parameters.
|
|
*
|
|
* @param integer $offset
|
|
* @param integer $whence SEEK_SET - Set position equal to offset bytes
|
|
* SEEK_CUR - Set position to current location plus offset.
|
|
* SEEK_END - Set position to end-of-file plus offset. (To move to a position before the end-of-file, you need to pass a negative value in offset.)
|
|
* @return boolean TRUE if the position was updated, FALSE otherwise.
|
|
*/
|
|
function stream_seek ( $offset, $whence )
|
|
{
|
|
return fseek($this->opened_stream,$offset,$whence);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to fflush() calls on the stream.
|
|
*
|
|
* If you have cached data in your stream but not yet stored it into the underlying storage, you should do so now.
|
|
*
|
|
* @return booelan TRUE if the cached data was successfully stored (or if there was no data to store), or FALSE if the data could not be stored.
|
|
*/
|
|
function stream_flush ( )
|
|
{
|
|
return fflush($this->opened_stream);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to fstat() calls on the stream.
|
|
*
|
|
* If you plan to use your wrapper in a require_once you need to define stream_stat().
|
|
* If you plan to allow any other tests like is_file()/is_dir(), you have to define url_stat().
|
|
* stream_stat() must define the size of the file, or it will never be included.
|
|
* url_stat() must define mode, or is_file()/is_dir()/is_executable(), and any of those functions affected by clearstatcache() simply won't work.
|
|
* It's not documented, but directories must be a mode like 040777 (octal), and files a mode like 0100666.
|
|
* If you wish the file to be executable, use 7s instead of 6s.
|
|
* The last 3 digits are exactly the same thing as what you pass to chmod.
|
|
* 040000 defines a directory, and 0100000 defines a file.
|
|
*
|
|
* @return array containing the same values as appropriate for the stream.
|
|
*/
|
|
function stream_stat ( )
|
|
{
|
|
return self::url_stat($this->opened_stream_url,0);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to unlink() calls on URL paths associated with the wrapper.
|
|
*
|
|
* It should attempt to delete the item specified by path.
|
|
* In order for the appropriate error message to be returned, do not define this method if your wrapper does not support unlinking!
|
|
*
|
|
* @param string $url
|
|
* @return boolean TRUE on success or FALSE on failure
|
|
*/
|
|
static function unlink ( $url )
|
|
{
|
|
$path = parse_url($url,PHP_URL_PATH);
|
|
|
|
// check access rights (file need to exist and directory need to be writable
|
|
if (!file_exists($path) || is_dir($path) || !egw_vfs::check_access(egw_vfs::dirname($url),egw_vfs::WRITABLE))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url) permission denied!");
|
|
return false; // no permission or file does not exist
|
|
}
|
|
return unlink($path);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to rename() calls on URL paths associated with the wrapper.
|
|
*
|
|
* It should attempt to rename the item specified by path_from to the specification given by path_to.
|
|
* In order for the appropriate error message to be returned, do not define this method if your wrapper does not support renaming.
|
|
*
|
|
* The regular filesystem stream-wrapper returns an error, if $url_from and $url_to are not either both files or both dirs!
|
|
*
|
|
* @param string $url_from
|
|
* @param string $url_to
|
|
* @return boolean TRUE on success or FALSE on failure
|
|
*/
|
|
static function rename ( $url_from, $url_to )
|
|
{
|
|
$from = parse_url($url_from);
|
|
$to = parse_url($url_to);
|
|
|
|
// check access rights
|
|
if (!($from_stat = self::url_stat($url_from,0)) || !egw_vfs::check_access(egw_vfs::dirname($url_from),egw_vfs::WRITABLE))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url_from,$url_to): $from[path] permission denied!");
|
|
return false; // no permission or file does not exist
|
|
}
|
|
$to_dir = egw_vfs::dirname($url_to);
|
|
if (!egw_vfs::check_access($to_dir,egw_vfs::WRITABLE,$to_dir_stat = self::url_stat($to_dir,0)))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url_from,$url_to): $to_dir permission denied!");
|
|
return false; // no permission or parent-dir does not exist
|
|
}
|
|
if (self::deny_script($url_to))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url_from,$url_to) permission denied, file is a script!");
|
|
return false;
|
|
}
|
|
// the filesystem stream-wrapper does NOT allow to rename files to directories, as this makes problems
|
|
// for our vfs too, we abort here with an error, like the filesystem one does
|
|
if (($to_stat = self::url_stat($to['path'],0)) &&
|
|
($to_stat['mime'] === self::DIR_MIME_TYPE) !== ($from_stat['mime'] === self::DIR_MIME_TYPE))
|
|
{
|
|
$is_dir = $to_stat['mime'] === self::DIR_MIME_TYPE ? 'a' : 'no';
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url_to,$url_from) $to[path] is $is_dir directory!");
|
|
return false; // no permission or file does not exist
|
|
}
|
|
// if destination file already exists, delete it
|
|
if ($to_stat && !self::unlink($url_to,$operation))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url_to,$url_from) can't unlink existing $url_to!");
|
|
return false;
|
|
}
|
|
return rename($from['path'],$to['path']);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to mkdir() calls on URL paths associated with the wrapper.
|
|
*
|
|
* It should attempt to create the directory specified by path.
|
|
* In order for the appropriate error message to be returned, do not define this method if your wrapper does not support creating directories.
|
|
*
|
|
* @param string $url
|
|
* @param int $mode not used, as we dont allow to change mode
|
|
* @param int $options Posible values include STREAM_REPORT_ERRORS and STREAM_MKDIR_RECURSIVE
|
|
* @return boolean TRUE on success or FALSE on failure
|
|
*/
|
|
static function mkdir ( $url, $mode, $options )
|
|
{
|
|
$path = parse_url($url,PHP_URL_PATH);
|
|
$recursive = (bool)($options & STREAM_MKDIR_RECURSIVE);
|
|
|
|
// find the real parent (might be more then one level if $recursive!)
|
|
do {
|
|
$parent = dirname($parent ? $parent : $path);
|
|
$parent_url = egw_vfs::dirname($parent_url ? $parent_url : $url);
|
|
}
|
|
while ($recursive && $parent != '/' && !file_exists($parent));
|
|
//echo __METHOD__."($url,$mode,$options) path=$path, recursive=$recursive, parent=$parent, egw_vfs::check_access(parent_url=$parent_url,egw_vfs::WRITABLE)=".(int)egw_vfs::check_access($parent_url,egw_vfs::WRITABLE)."\n";
|
|
|
|
// check access rights (in real filesystem AND by mount perms)
|
|
if (file_exists($path) || !file_exists($parent) || !is_writable($parent) || !egw_vfs::check_access($parent_url,egw_vfs::WRITABLE))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url) permission denied!");
|
|
return false;
|
|
}
|
|
return mkdir($path,$mode=0700,$recursive); // setting mode 0700 allows (only) apache to write into the dir
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to rmdir() calls on URL paths associated with the wrapper.
|
|
*
|
|
* It should attempt to remove the directory specified by path.
|
|
* In order for the appropriate error message to be returned, do not define this method if your wrapper does not support removing directories.
|
|
*
|
|
* @param string $url
|
|
* @param int $options Possible values include STREAM_REPORT_ERRORS.
|
|
* @return boolean TRUE on success or FALSE on failure.
|
|
*/
|
|
static function rmdir ( $url, $options )
|
|
{
|
|
$path = parse_url($url,PHP_URL_PATH);
|
|
$parent = dirname($path);
|
|
|
|
// check access rights (in real filesystem AND by mount perms)
|
|
if (!file_exists($path) || !is_writable($parent) || !egw_vfs::check_access(egw_vfs::dirname($url),egw_vfs::WRITABLE))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url) permission denied!");
|
|
return false;
|
|
}
|
|
return rmdir($path);
|
|
}
|
|
|
|
/**
|
|
* This is not (yet) a stream-wrapper function, but it's necessary and can be used static
|
|
*
|
|
* @param string $path
|
|
* @param int $time=null modification time (unix timestamp), default null = current time
|
|
* @param int $atime=null access time (unix timestamp), default null = current time, not implemented in the vfs!
|
|
* @return boolean true on success, false otherwise
|
|
*/
|
|
static function touch($url,$time=null,$atime=null)
|
|
{
|
|
$path = parse_url($url,PHP_URL_PATH);
|
|
$parent = dirname($path);
|
|
|
|
// check access rights (in real filesystem AND by mount perms)
|
|
if (!file_exists($path) || !is_writable($parent) || !egw_vfs::check_access(egw_vfs::dirname($url),egw_vfs::WRITABLE))
|
|
{
|
|
if (self::LOG_LEVEL) error_log(__METHOD__."($url) permission denied!");
|
|
return false;
|
|
}
|
|
return touch($path,$time,$atime);
|
|
}
|
|
|
|
/**
|
|
* This is not (yet) a stream-wrapper function, but it's necessary and can be used static
|
|
*
|
|
* Not supported, as it would require root rights!
|
|
*
|
|
* @param string $path
|
|
* @param string $mode mode string see egw_vfs::mode2int
|
|
* @return boolean true on success, false otherwise
|
|
*/
|
|
static function chmod($path,$mode)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* This is not (yet) a stream-wrapper function, but it's necessary and can be used static
|
|
*
|
|
* Not supported, as it would require root rights!
|
|
*
|
|
* @param string $path
|
|
* @param int $owner numeric user id
|
|
* @return boolean true on success, false otherwise
|
|
*/
|
|
static function chown($path,$owner)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* This is not (yet) a stream-wrapper function, but it's necessary and can be used static
|
|
*
|
|
* Not supported, as it would require root rights!
|
|
*
|
|
* @param string $path
|
|
* @param int $group numeric group id
|
|
* @return boolean true on success, false otherwise
|
|
*/
|
|
static function chgrp($path,$group)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* This method is called immediately when your stream object is created for examining directory contents with opendir().
|
|
*
|
|
* @param string $url URL that was passed to opendir() and that this object is expected to explore.
|
|
* @param int $options
|
|
* @return booelan
|
|
*/
|
|
function dir_opendir ( $url, $options )
|
|
{
|
|
if (self::LOG_LEVEL > 1) error_log(__METHOD__."($url,$options)");
|
|
|
|
$this->opened_dir = null;
|
|
|
|
$parts = parse_url($this->opened_dir_url = $url);
|
|
parse_str($parts['query'],$get);
|
|
$this->dir_show_all = (bool)$get['all'];
|
|
|
|
// ToDo: check access rights
|
|
|
|
if (!($this->opened_dir = opendir($parts['path'])))
|
|
{
|
|
if (self::LOG_LEVEL > 0) error_log(__METHOD__."($url,$options) opendir('$parts[path]') failed!");
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to stat() calls on the URL paths associated with the wrapper.
|
|
*
|
|
* It should return as many elements in common with the system function as possible.
|
|
* Unknown or unavailable values should be set to a rational value (usually 0).
|
|
*
|
|
* If you plan to use your wrapper in a require_once you need to define stream_stat().
|
|
* If you plan to allow any other tests like is_file()/is_dir(), you have to define url_stat().
|
|
* stream_stat() must define the size of the file, or it will never be included.
|
|
* url_stat() must define mode, or is_file()/is_dir()/is_executable(), and any of those functions affected by clearstatcache() simply won't work.
|
|
* It's not documented, but directories must be a mode like 040777 (octal), and files a mode like 0100666.
|
|
* If you wish the file to be executable, use 7s instead of 6s.
|
|
* The last 3 digits are exactly the same thing as what you pass to chmod.
|
|
* 040000 defines a directory, and 0100000 defines a file.
|
|
*
|
|
* @param string $url
|
|
* @param int $flags holds additional flags set by the streams API. It can hold one or more of the following values OR'd together:
|
|
* - STREAM_URL_STAT_LINK For resources with the ability to link to other resource (such as an HTTP Location: forward,
|
|
* or a filesystem symlink). This flag specified that only information about the link itself should be returned,
|
|
* not the resource pointed to by the link.
|
|
* This flag is set in response to calls to lstat(), is_link(), or filetype().
|
|
* - STREAM_URL_STAT_QUIET If this flag is set, your wrapper should not raise any errors. If this flag is not set,
|
|
* you are responsible for reporting errors using the trigger_error() function during stating of the path.
|
|
* stat triggers it's own warning anyway, so it makes no sense to trigger one by our stream-wrapper!
|
|
* @return array
|
|
*/
|
|
static function url_stat ( $url, $flags )
|
|
{
|
|
$parts = parse_url($url);
|
|
|
|
$stat = @stat($parts['path']); // suppressed the stat failed warnings
|
|
|
|
if ($stat)
|
|
{
|
|
// set owner, group and mode from mount options
|
|
if (!self::parse_query($parts['query'],$uid,$gid,$mode))
|
|
{
|
|
return false;
|
|
if (self::LOG_LEVEL > 0) error_log(__METHOD__."($url,$flags) can NOT self::parse_query('$parts[query]')!");
|
|
}
|
|
$stat['uid'] = $stat[4] = $uid;
|
|
$stat['gid'] = $stat[5] = $gid;
|
|
$stat['mode'] = $stat[2] = $stat['mode'] & self::MODE_DIR ? self::MODE_DIR | $mode : self::MODE_FILE | ($mode & ~0111);
|
|
// write rights also depend on the write rights of the webserver
|
|
if (!is_writable($parts['path']))
|
|
{
|
|
$stat['mode'] = $stat[2] = $stat['mode'] & ~0222;
|
|
}
|
|
}
|
|
if (self::LOG_LEVEL > 1) error_log(__METHOD__."($url,$flags) path=$parts[path], mount_mode=".sprintf('0%o',$mode).", mode=".sprintf('0%o',$stat['mode']).'='.egw_vfs::int2mode($stat['mode']));
|
|
return $stat;
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to readdir().
|
|
*
|
|
* It should return a string representing the next filename in the location opened by dir_opendir().
|
|
*
|
|
* Unless other filesystem, we only return files readable by the user, if the dir is not writable for him.
|
|
* This is done to hide files and dirs not accessible by the user (eg. other peoples home-dirs in /home).
|
|
*
|
|
* @return string
|
|
*/
|
|
function dir_readdir ( )
|
|
{
|
|
do {
|
|
$file = readdir($this->opened_dir);
|
|
|
|
$ignore = !($file === false || // stop if no more dirs or
|
|
$file[0] != '.' || // file does NOT start with a dot '.' or
|
|
($this->dir_show_all && $file != '.' && $file != '..' )); // file not . or .. or dir_show_all set
|
|
if (self::LOG_LEVEL > 1 && $ignore) error_log(__METHOD__.'() ignoring '.array2string($file));
|
|
}
|
|
while ($ignore);
|
|
|
|
if (self::LOG_LEVEL > 1) error_log(__METHOD__.'() returning '.array2string($file));
|
|
|
|
return $file;
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to rewinddir().
|
|
*
|
|
* It should reset the output generated by dir_readdir(). i.e.:
|
|
* The next call to dir_readdir() should return the first entry in the location returned by dir_opendir().
|
|
*
|
|
* @return boolean
|
|
*/
|
|
function dir_rewinddir ( )
|
|
{
|
|
return rewinddir($this->opened_dir);
|
|
}
|
|
|
|
/**
|
|
* This method is called in response to closedir().
|
|
*
|
|
* You should release any resources which were locked or allocated during the opening and use of the directory stream.
|
|
*
|
|
* @return boolean
|
|
*/
|
|
function dir_closedir ( )
|
|
{
|
|
closedir($this->opened_dir);
|
|
|
|
$this->opened_dir = $this->extra_dirs = null;
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* parse a query containing mount parameters: user, uid, group, gid or mode
|
|
*
|
|
* @param string|array $query query string or array returned by parse_url (key 'query' holds the value)
|
|
* @param int &$uid default if not set is 0=root
|
|
* @param int &$gid default if not set is 0=root
|
|
* @param int &$mode default if not set is 05 r-x for others
|
|
* @return boolean true on successfull parse, false on error
|
|
*/
|
|
static function parse_query($query,&$uid,&$gid,&$mode)
|
|
{
|
|
parse_str(is_array($query) ? $query['query'] : $query,$params);
|
|
|
|
// setting the default perms root.root r-x for other
|
|
$uid = $gid = 0;
|
|
$mode = 05;
|
|
|
|
foreach($params as $name => $value)
|
|
{
|
|
switch($name)
|
|
{
|
|
case 'user':
|
|
if (!is_numeric($value))
|
|
{
|
|
if ($name === 'root')
|
|
{
|
|
$value = 0;
|
|
}
|
|
elseif (($value = $GLOBALS['egw']->accounts->name2id($value,'account_lid','u')) === false)
|
|
{
|
|
error_log(__METHOD__."('$query') unknown user-name '$value'!");
|
|
return false; // wrong user-name
|
|
}
|
|
}
|
|
// fall-through
|
|
case 'uid':
|
|
if (!is_numeric($value) || $value < 0 || !is_int($value) && !$GLOBALS['egw']->accounts->id2name($value))
|
|
{
|
|
error_log(__METHOD__."('$query') wrong numeric user-id '$value'!");
|
|
return false;
|
|
}
|
|
$uid = (int)$value;
|
|
break;
|
|
case 'group':
|
|
if (!is_numeric($value))
|
|
{
|
|
if ($name === 'root')
|
|
{
|
|
$value = 0;
|
|
}
|
|
elseif (($value = $GLOBALS['egw']->accounts->name2id($value,'account_lid','g')) === false)
|
|
{
|
|
error_log(__METHOD__."('$query') unknown group-name '$value'!");
|
|
return false; // wrong group-name
|
|
}
|
|
$value = -$value; // vfs uses positiv gid's!
|
|
}
|
|
// fall-through
|
|
case 'gid':
|
|
if (!is_numeric($value) || $value < 0 || !is_int($value) && !$GLOBALS['egw']->accounts->id2name(-$value))
|
|
{
|
|
error_log(__METHOD__."('$query') wrong numeric group-id '$value'!");
|
|
return false;
|
|
}
|
|
$gid = (int)$value;
|
|
break;
|
|
case 'mode':
|
|
$mode = egw_vfs::mode2int($value);
|
|
break;
|
|
default:
|
|
error_log(__METHOD__."('$query') unknown option '$name'!");
|
|
break;
|
|
}
|
|
}
|
|
//echo __METHOD__.'('.print_r($query,true).") uid=$uid, gid=$gid, mode=".sprintf('0%o',$mode)."\n";
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Check if url is a script (self::$script_extentions) and exec mount option is NOT set
|
|
*
|
|
* @param string $url
|
|
* @return boolean true if $url is a script AND exec is NOT set, false otherwise
|
|
*/
|
|
static function deny_script($url)
|
|
{
|
|
$parts = parse_url($url);
|
|
parse_str($parts['query'],$get);
|
|
|
|
$deny = !$get['exec'] && preg_match(self::SCRIPT_EXTENSIONS_PREG,$parts['path']);
|
|
|
|
if (self::LOG_LEVEL > 1 || self::LOG_LEVEL > 0 && $deny)
|
|
{
|
|
error_log(__METHOD__."($url) returning ".array2string($deny));
|
|
}
|
|
return $deny;
|
|
}
|
|
}
|
|
|
|
stream_register_wrapper(filesystem_stream_wrapper::SCHEME ,'filesystem_stream_wrapper');
|