fetch.functions.php 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200
  1. <?php
  2. /**
  3. * Functions used by lib/exe/fetch.php
  4. * (not included by other parts of dokuwiki)
  5. */
  6. /**
  7. * Set headers and send the file to the client
  8. *
  9. * The $cache parameter influences how long files may be kept in caches, the $public parameter
  10. * influences if this caching may happen in public proxis or in the browser cache only FS#2734
  11. *
  12. * This function will abort the current script when a 304 is sent or file sending is handled
  13. * through x-sendfile
  14. *
  15. * @param string $file local file to send
  16. * @param string $mime mime type of the file
  17. * @param bool $dl set to true to force a browser download
  18. * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)
  19. * @param bool $public is this a public ressource or a private one?
  20. * @param string $orig original file to send - the file name will be used for the Content-Disposition
  21. * @param array $csp The ContentSecurityPolicy to send
  22. * @author Andreas Gohr <andi@splitbrain.org>
  23. * @author Ben Coburn <btcoburn@silicodon.net>
  24. * @author Gerry Weissbach <dokuwiki@gammaproduction.de>
  25. *
  26. */
  27. function sendFile($file, $mime, $dl, $cache, $public = false, $orig = null, $csp=[]) {
  28. global $conf;
  29. // send mime headers
  30. header("Content-Type: $mime");
  31. // send security policy if given
  32. if (!empty($csp)) dokuwiki\HTTP\Headers::contentSecurityPolicy($csp);
  33. // calculate cache times
  34. if($cache == -1) {
  35. $maxage = max($conf['cachetime'], 3600); // cachetime or one hour
  36. $expires = time() + $maxage;
  37. } else if($cache > 0) {
  38. $maxage = $cache; // given time
  39. $expires = time() + $maxage;
  40. } else { // $cache == 0
  41. $maxage = 0;
  42. $expires = 0; // 1970-01-01
  43. }
  44. // smart http caching headers
  45. if($maxage) {
  46. if($public) {
  47. // cache publically
  48. header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
  49. header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.$maxage);
  50. } else {
  51. // cache in browser
  52. header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
  53. header('Cache-Control: private, no-transform, max-age='.$maxage);
  54. }
  55. } else {
  56. // no cache at all
  57. header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
  58. header('Cache-Control: no-cache, no-transform');
  59. }
  60. //send important headers first, script stops here if '304 Not Modified' response
  61. $fmtime = @filemtime($file);
  62. http_conditionalRequest($fmtime);
  63. // Use the current $file if is $orig is not set.
  64. if ( $orig == null ) {
  65. $orig = $file;
  66. }
  67. //download or display?
  68. if ($dl) {
  69. header('Content-Disposition: attachment;' . rfc2231_encode(
  70. 'filename', \dokuwiki\Utf8\PhpString::basename($orig)) . ';'
  71. );
  72. } else {
  73. header('Content-Disposition: inline;' . rfc2231_encode(
  74. 'filename', \dokuwiki\Utf8\PhpString::basename($orig)) . ';'
  75. );
  76. }
  77. //use x-sendfile header to pass the delivery to compatible webservers
  78. http_sendfile($file);
  79. // send file contents
  80. $fp = @fopen($file, "rb");
  81. if($fp) {
  82. http_rangeRequest($fp, filesize($file), $mime);
  83. } else {
  84. http_status(500);
  85. print "Could not read $file - bad permissions?";
  86. }
  87. }
  88. /**
  89. * Try an rfc2231 compatible encoding. This ensures correct
  90. * interpretation of filenames outside of the ASCII set.
  91. * This seems to be needed for file names with e.g. umlauts that
  92. * would otherwise decode wrongly in IE.
  93. *
  94. * There is no additional checking, just the encoding and setting the key=value for usage in headers
  95. *
  96. * @author Gerry Weissbach <gerry.w@gammaproduction.de>
  97. * @param string $name name of the field to be set in the header() call
  98. * @param string $value value of the field to be set in the header() call
  99. * @param string $charset used charset for the encoding of value
  100. * @param string $lang language used.
  101. * @return string in the format " name=value" for values WITHOUT special characters
  102. * @return string in the format " name*=charset'lang'value" for values WITH special characters
  103. */
  104. function rfc2231_encode($name, $value, $charset='utf-8', $lang='en') {
  105. $internal = preg_replace_callback(
  106. '/[\x00-\x20*\'%()<>@,;:\\\\"\/[\]?=\x80-\xFF]/',
  107. function ($match) {
  108. return rawurlencode($match[0]);
  109. },
  110. $value
  111. );
  112. if ( $value != $internal ) {
  113. return ' '.$name.'*='.$charset."'".$lang."'".$internal;
  114. } else {
  115. return ' '.$name.'="'.$value.'"';
  116. }
  117. }
  118. /**
  119. * Check for media for preconditions and return correct status code
  120. *
  121. * READ: MEDIA, MIME, EXT, CACHE
  122. * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE )
  123. *
  124. * @author Gerry Weissbach <gerry.w@gammaproduction.de>
  125. *
  126. * @param string $media reference to the media id
  127. * @param string $file reference to the file variable
  128. * @param string $rev
  129. * @param int $width
  130. * @param int $height
  131. * @return array as array(STATUS, STATUSMESSAGE)
  132. */
  133. function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) {
  134. global $MIME, $EXT, $CACHE, $INPUT;
  135. //media to local file
  136. if(media_isexternal($media)) {
  137. //check token for external image and additional for resized and cached images
  138. if(media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
  139. return array(412, 'Precondition Failed');
  140. }
  141. //handle external images
  142. if(strncmp($MIME, 'image/', 6) == 0) $file = media_get_from_URL($media, $EXT, $CACHE);
  143. if(!$file) {
  144. //download failed - redirect to original URL
  145. return array(302, $media);
  146. }
  147. } else {
  148. $media = cleanID($media);
  149. if(empty($media)) {
  150. return array(400, 'Bad request');
  151. }
  152. // check token for resized images
  153. if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
  154. return array(412, 'Precondition Failed');
  155. }
  156. //check permissions (namespace only)
  157. if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) {
  158. return array(403, 'Forbidden');
  159. }
  160. $file = mediaFN($media, $rev);
  161. }
  162. //check file existance
  163. if(!file_exists($file)) {
  164. return array(404, 'Not Found');
  165. }
  166. return array(200, null);
  167. }
  168. /**
  169. * Returns the wanted cachetime in seconds
  170. *
  171. * Resolves named constants
  172. *
  173. * @author Andreas Gohr <andi@splitbrain.org>
  174. *
  175. * @param string $cache
  176. * @return int cachetime in seconds
  177. */
  178. function calc_cache($cache) {
  179. global $conf;
  180. if(strtolower($cache) == 'nocache') return 0; //never cache
  181. if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache
  182. return -1; //cache endless
  183. }