inc/fetch.functions.php

   1 <?php
   2
   3 use dokuwiki\HTTP\Headers;
   4 use dokuwiki\Utf8\PhpString;
   5
   6 /**
   7  * Functions used by lib/exe/fetch.php
   8  * (not included by other parts of dokuwiki)
   9  */
  10
  11 /**
  12  * Set headers and send the file to the client
  13  *
  14  * The $cache parameter influences how long files may be kept in caches, the $public parameter
  15  * influences if this caching may happen in public proxis or in the browser cache only FS#2734
  16  *
  17  * This function will abort the current script when a 304 is sent or file sending is handled
  18  * through x-sendfile
  19  *
  20  * @param string $file local file to send
  21  * @param string $mime mime type of the file
  22  * @param bool $dl set to true to force a browser download
  23  * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)
  24  * @param bool $public is this a public ressource or a private one?
  25  * @param string $orig original file to send - the file name will be used for the Content-Disposition
  26  * @param array $csp The ContentSecurityPolicy to send
  27  * @author Andreas Gohr <andi@splitbrain.org>
  28  * @author Ben Coburn <btcoburn@silicodon.net>
  29  * @author Gerry Weissbach <dokuwiki@gammaproduction.de>
  30  *
  31  */
  32 function sendFile($file, $mime, $dl, $cache, $public = false, $orig = null, $csp = [])
  33 {
  34     global $conf;
  35     // send mime headers
  36     header("Content-Type: $mime");
  37
  38     // send security policy if given
  39     if (!empty($csp)) Headers::contentSecurityPolicy($csp);
  40
  41     // calculate cache times
  42     if ($cache == -1) {
  43         $maxage  = max($conf['cachetime'], 3600); // cachetime or one hour
  44         $expires = time() + $maxage;
  45     } elseif ($cache > 0) {
  46         $maxage  = $cache; // given time
  47         $expires = time() + $maxage;
  48     } else { // $cache == 0
  49         $maxage  = 0;
  50         $expires = 0; // 1970-01-01
  51     }
  52
  53     // smart http caching headers
  54     if ($maxage) {
  55         if ($public) {
  56             // cache publically
  57             header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT');
  58             header('Cache-Control: public, proxy-revalidate, no-transform, max-age=' . $maxage);
  59         } else {
  60             // cache in browser
  61             header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT');
  62             header('Cache-Control: private, no-transform, max-age=' . $maxage);
  63         }
  64     } else {
  65         // no cache at all
  66         header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
  67         header('Cache-Control: no-cache, no-transform');
  68     }
  69
  70     //send important headers first, script stops here if '304 Not Modified' response
  71     $fmtime = @filemtime($file);
  72     http_conditionalRequest($fmtime);
  73
  74     // Use the current $file if is $orig is not set.
  75     if ($orig == null) {
  76         $orig = $file;
  77     }
  78
  79     //download or display?
  80     if ($dl) {
  81         header('Content-Disposition: attachment;' . rfc2231_encode(
  82             'filename',
  83             PhpString::basename($orig)
  84         ) . ';');
  85     } else {
  86         header('Content-Disposition: inline;' . rfc2231_encode(
  87             'filename',
  88             PhpString::basename($orig)
  89         ) . ';');
  90     }
  91
  92     //use x-sendfile header to pass the delivery to compatible webservers
  93     http_sendfile($file);
  94
  95     // send file contents
  96     $fp = @fopen($file, "rb");
  97     if ($fp) {
  98         http_rangeRequest($fp, filesize($file), $mime);
  99     } else {
 100         http_status(500);
 101         echo "Could not read $file - bad permissions?";
 102     }
 103 }
 104
 105 /**
 106  * Try an rfc2231 compatible encoding. This ensures correct
 107  * interpretation of filenames outside of the ASCII set.
 108  * This seems to be needed for file names with e.g. umlauts that
 109  * would otherwise decode wrongly in IE.
 110  *
 111  * There is no additional checking, just the encoding and setting the key=value for usage in headers
 112  *
 113  * @author Gerry Weissbach <gerry.w@gammaproduction.de>
 114  * @param string $name      name of the field to be set in the header() call
 115  * @param string $value     value of the field to be set in the header() call
 116  * @param string $charset   used charset for the encoding of value
 117  * @param string $lang      language used.
 118  * @return string           in the format " name=value" for values WITHOUT special characters
 119  * @return string           in the format " name*=charset'lang'value" for values WITH special characters
 120  */
 121 function rfc2231_encode($name, $value, $charset = 'utf-8', $lang = 'en')
 122 {
 123     $internal = preg_replace_callback(
 124         '/[\x00-\x20*\'%()<>@,;:\\\\"\/[\]?=\x80-\xFF]/',
 125         static fn($match) => rawurlencode($match[0]),
 126         $value
 127     );
 128     if ($value != $internal) {
 129         return ' ' . $name . '*=' . $charset . "'" . $lang . "'" . $internal;
 130     } else {
 131         return ' ' . $name . '="' . $value . '"';
 132     }
 133 }
 134
 135 /**
 136  * Check for media for preconditions and return correct status code
 137  *
 138  * READ: MEDIA, MIME, EXT, CACHE
 139  * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE )
 140  *
 141  * @author Gerry Weissbach <gerry.w@gammaproduction.de>
 142  *
 143  * @param string $media  reference to the media id
 144  * @param string $file   reference to the file variable
 145  * @param string $rev
 146  * @param int    $width
 147  * @param int    $height
 148  * @return array as array(STATUS, STATUSMESSAGE)
 149  */
 150 function checkFileStatus(&$media, &$file, $rev = '', $width = 0, $height = 0)
 151 {
 152     global $MIME, $EXT, $CACHE, $INPUT;
 153
 154     //media to local file
 155     if (media_isexternal($media)) {
 156         //check token for external image and additional for resized and cached images
 157         if (media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
 158             return [412, 'Precondition Failed'];
 159         }
 160         //handle external images
 161         if (str_starts_with($MIME, 'image/')) $file = media_get_from_URL($media, $EXT, $CACHE);
 162         if (!$file) {
 163             //download failed - redirect to original URL
 164             return [302, $media];
 165         }
 166     } else {
 167         $media = cleanID($media);
 168         if (empty($media)) {
 169             return [400, 'Bad request'];
 170         }
 171         // check token for resized images
 172         if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
 173             return [412, 'Precondition Failed'];
 174         }
 175
 176         //check permissions (namespace only)
 177         if (auth_quickaclcheck(getNS($media) . ':X') < AUTH_READ) {
 178             return [403, 'Forbidden'];
 179         }
 180         $file = mediaFN($media, $rev);
 181     }
 182
 183     //check file existance
 184     if (!file_exists($file)) {
 185         return [404, 'Not Found'];
 186     }
 187
 188     return [200, null];
 189 }
 190
 191 /**
 192  * Returns the wanted cachetime in seconds
 193  *
 194  * Resolves named constants
 195  *
 196  * @author  Andreas Gohr <andi@splitbrain.org>
 197  *
 198  * @param string $cache
 199  * @return int cachetime in seconds
 200  */
 201 function calc_cache($cache)
 202 {
 203     global $conf;
 204
 205     if (strtolower($cache) == 'nocache') return 0; //never cache
 206     if (strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache
 207     return -1; //cache endless
 208 }