miteruzo
/
mr-legend_wiki
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
13 MiB
 
 
 
 
 
Tree: c616a96f53
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c616a96f53'
${ noResults }
mr-legend_wiki/inc/fetch.functions.php

209 lines
6.7 KiB
Raw Blame History 

  1. <?php

  2. 

  3. use dokuwiki\HTTP\Headers;

  4. use dokuwiki\Utf8\PhpString;

  5. 

  6. /**

  7.  * Functions used by lib/exe/fetch.php

  8.  * (not included by other parts of dokuwiki)

  9.  */

  10. 

  11. /**

  12.  * Set headers and send the file to the client

  13.  *

  14.  * The $cache parameter influences how long files may be kept in caches, the $public parameter

  15.  * influences if this caching may happen in public proxis or in the browser cache only FS#2734

  16.  *

  17.  * This function will abort the current script when a 304 is sent or file sending is handled

  18.  * through x-sendfile

  19.  *

  20.  * @param string $file local file to send

  21.  * @param string $mime mime type of the file

  22.  * @param bool $dl set to true to force a browser download

  23.  * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)

  24.  * @param bool $public is this a public ressource or a private one?

  25.  * @param string $orig original file to send - the file name will be used for the Content-Disposition

  26.  * @param array $csp The ContentSecurityPolicy to send

  27.  * @author Andreas Gohr <andi@splitbrain.org>

  28.  * @author Ben Coburn <btcoburn@silicodon.net>

  29.  * @author Gerry Weissbach <dokuwiki@gammaproduction.de>

  30.  *

  31.  */

  32. function sendFile($file, $mime, $dl, $cache, $public = false, $orig = null, $csp = [])

  33. {

  34.     global $conf;

  35.     // send mime headers

  36.     header("Content-Type: $mime");

  37. 

  38.     // send security policy if given

  39.     if (!empty($csp)) Headers::contentSecurityPolicy($csp);

  40. 

  41.     // calculate cache times

  42.     if ($cache == -1) {

  43.         $maxage  = max($conf['cachetime'], 3600); // cachetime or one hour

  44.         $expires = time() + $maxage;

  45.     } elseif ($cache > 0) {

  46.         $maxage  = $cache; // given time

  47.         $expires = time() + $maxage;

  48.     } else { // $cache == 0

  49.         $maxage  = 0;

  50.         $expires = 0; // 1970-01-01

  51.     }

  52. 

  53.     // smart http caching headers

  54.     if ($maxage) {

  55.         if ($public) {

  56.             // cache publically

  57.             header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT');

  58.             header('Cache-Control: public, proxy-revalidate, no-transform, max-age=' . $maxage);

  59.         } else {

  60.             // cache in browser

  61.             header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT');

  62.             header('Cache-Control: private, no-transform, max-age=' . $maxage);

  63.         }

  64.     } else {

  65.         // no cache at all

  66.         header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');

  67.         header('Cache-Control: no-cache, no-transform');

  68.     }

  69. 

  70.     //send important headers first, script stops here if '304 Not Modified' response

  71.     $fmtime = @filemtime($file);

  72.     http_conditionalRequest($fmtime);

  73. 

  74.     // Use the current $file if is $orig is not set.

  75.     if ($orig == null) {

  76.         $orig = $file;

  77.     }

  78. 

  79.     //download or display?

  80.     if ($dl) {

  81.         header('Content-Disposition: attachment;' . rfc2231_encode(

  82.             'filename',

  83.             PhpString::basename($orig)

  84.         ) . ';');

  85.     } else {

  86.         header('Content-Disposition: inline;' . rfc2231_encode(

  87.             'filename',

  88.             PhpString::basename($orig)

  89.         ) . ';');

  90.     }

  91. 

  92.     //use x-sendfile header to pass the delivery to compatible webservers

  93.     http_sendfile($file);

  94. 

  95.     // send file contents

  96.     $fp = @fopen($file, "rb");

  97.     if ($fp) {

  98.         http_rangeRequest($fp, filesize($file), $mime);

  99.     } else {

  100.         http_status(500);

  101.         echo "Could not read $file - bad permissions?";

  102.     }

  103. }

  104. 

  105. /**

  106.  * Try an rfc2231 compatible encoding. This ensures correct

  107.  * interpretation of filenames outside of the ASCII set.

  108.  * This seems to be needed for file names with e.g. umlauts that

  109.  * would otherwise decode wrongly in IE.

  110.  *

  111.  * There is no additional checking, just the encoding and setting the key=value for usage in headers

  112.  *

  113.  * @author Gerry Weissbach <gerry.w@gammaproduction.de>

  114.  * @param string $name      name of the field to be set in the header() call

  115.  * @param string $value     value of the field to be set in the header() call

  116.  * @param string $charset   used charset for the encoding of value

  117.  * @param string $lang      language used.

  118.  * @return string           in the format " name=value" for values WITHOUT special characters

  119.  * @return string           in the format " name*=charset'lang'value" for values WITH special characters

  120.  */

  121. function rfc2231_encode($name, $value, $charset = 'utf-8', $lang = 'en')

  122. {

  123.     $internal = preg_replace_callback(

  124.         '/[\x00-\x20*\'%()<>@,;:\\\\"\/[\]?=\x80-\xFF]/',

  125.         static fn($match) => rawurlencode($match[0]),

  126.         $value

  127.     );

  128.     if ($value != $internal) {

  129.         return ' ' . $name . '*=' . $charset . "'" . $lang . "'" . $internal;

  130.     } else {

  131.         return ' ' . $name . '="' . $value . '"';

  132.     }

  133. }

  134. 

  135. /**

  136.  * Check for media for preconditions and return correct status code

  137.  *

  138.  * READ: MEDIA, MIME, EXT, CACHE

  139.  * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE )

  140.  *

  141.  * @author Gerry Weissbach <gerry.w@gammaproduction.de>

  142.  *

  143.  * @param string $media  reference to the media id

  144.  * @param string $file   reference to the file variable

  145.  * @param string $rev

  146.  * @param int    $width

  147.  * @param int    $height

  148.  * @return array as array(STATUS, STATUSMESSAGE)

  149.  */

  150. function checkFileStatus(&$media, &$file, $rev = '', $width = 0, $height = 0)

  151. {

  152.     global $MIME, $EXT, $CACHE, $INPUT;

  153. 

  154.     //media to local file

  155.     if (media_isexternal($media)) {

  156.         //check token for external image and additional for resized and cached images

  157.         if (media_get_token($media, $width, $height) !== $INPUT->str('tok')) {

  158.             return [412, 'Precondition Failed'];

  159.         }

  160.         //handle external images

  161.         if (str_starts_with($MIME, 'image/')) $file = media_get_from_URL($media, $EXT, $CACHE);

  162.         if (!$file) {

  163.             //download failed - redirect to original URL

  164.             return [302, $media];

  165.         }

  166.     } else {

  167.         $media = cleanID($media);

  168.         if (empty($media)) {

  169.             return [400, 'Bad request'];

  170.         }

  171.         // check token for resized images

  172.         if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {

  173.             return [412, 'Precondition Failed'];

  174.         }

  175. 

  176.         //check permissions (namespace only)

  177.         if (auth_quickaclcheck(getNS($media) . ':X') < AUTH_READ) {

  178.             return [403, 'Forbidden'];

  179.         }

  180.         $file = mediaFN($media, $rev);

  181.     }

  182. 

  183.     //check file existance

  184.     if (!file_exists($file)) {

  185.         return [404, 'Not Found'];

  186.     }

  187. 

  188.     return [200, null];

  189. }

  190. 

  191. /**

  192.  * Returns the wanted cachetime in seconds

  193.  *

  194.  * Resolves named constants

  195.  *

  196.  * @author  Andreas Gohr <andi@splitbrain.org>

  197.  *

  198.  * @param string $cache

  199.  * @return int cachetime in seconds

  200.  */

  201. function calc_cache($cache)

  202. {

  203.     global $conf;

  204. 

  205.     if (strtolower($cache) == 'nocache') return 0; //never cache

  206.     if (strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache

  207.     return -1; //cache endless

  208. }