inc/fetch.functions.php

   1 <?php
   2 /**
   3  * Functions used by lib/exe/fetch.php
   4  * (not included by other parts of dokuwiki)
   5  */
   6
   7 /**
   8  * Set headers and send the file to the client
   9  *
  10  * The $cache parameter influences how long files may be kept in caches, the $public parameter
  11  * influences if this caching may happen in public proxis or in the browser cache only FS#2734
  12  *
  13  * This function will abort the current script when a 304 is sent or file sending is handled
  14  * through x-sendfile
  15  *
  16  * @param string $file local file to send
  17  * @param string $mime mime type of the file
  18  * @param bool $dl set to true to force a browser download
  19  * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)
  20  * @param bool $public is this a public ressource or a private one?
  21  * @param string $orig original file to send - the file name will be used for the Content-Disposition
  22  * @param array $csp The ContentSecurityPolicy to send
  23  * @author Andreas Gohr <andi@splitbrain.org>
  24  * @author Ben Coburn <btcoburn@silicodon.net>
  25  * @author Gerry Weissbach <dokuwiki@gammaproduction.de>
  26  *
  27  */
  28 function sendFile($file, $mime, $dl, $cache, $public = false, $orig = null, $csp=[]) {
  29     global $conf;
  30     // send mime headers
  31     header("Content-Type: $mime");
  32
  33     // send security policy if given
  34     if (!empty($csp)) dokuwiki\HTTP\Headers::contentSecurityPolicy($csp);
  35
  36     // calculate cache times
  37     if($cache == -1) {
  38         $maxage  = max($conf['cachetime'], 3600); // cachetime or one hour
  39         $expires = time() + $maxage;
  40     } else if($cache > 0) {
  41         $maxage  = $cache; // given time
  42         $expires = time() + $maxage;
  43     } else { // $cache == 0
  44         $maxage  = 0;
  45         $expires = 0; // 1970-01-01
  46     }
  47
  48     // smart http caching headers
  49     if($maxage) {
  50         if($public) {
  51             // cache publically
  52             header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
  53             header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.$maxage);
  54         } else {
  55             // cache in browser
  56             header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
  57             header('Cache-Control: private, no-transform, max-age='.$maxage);
  58         }
  59     } else {
  60         // no cache at all
  61         header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
  62         header('Cache-Control: no-cache, no-transform');
  63     }
  64
  65     //send important headers first, script stops here if '304 Not Modified' response
  66     $fmtime = @filemtime($file);
  67     http_conditionalRequest($fmtime);
  68
  69     // Use the current $file if is $orig is not set.
  70     if ( $orig == null ) {
  71         $orig = $file;
  72     }
  73
  74     //download or display?
  75     if ($dl) {
  76         header('Content-Disposition: attachment;' . rfc2231_encode(
  77                 'filename', \dokuwiki\Utf8\PhpString::basename($orig)) . ';'
  78         );
  79     } else {
  80         header('Content-Disposition: inline;' . rfc2231_encode(
  81                 'filename', \dokuwiki\Utf8\PhpString::basename($orig)) . ';'
  82         );
  83     }
  84
  85     //use x-sendfile header to pass the delivery to compatible webservers
  86     http_sendfile($file);
  87
  88     // send file contents
  89     $fp = @fopen($file, "rb");
  90     if($fp) {
  91         http_rangeRequest($fp, filesize($file), $mime);
  92     } else {
  93         http_status(500);
  94         print "Could not read $file - bad permissions?";
  95     }
  96 }
  97
  98 /**
  99  * Try an rfc2231 compatible encoding. This ensures correct
 100  * interpretation of filenames outside of the ASCII set.
 101  * This seems to be needed for file names with e.g. umlauts that
 102  * would otherwise decode wrongly in IE.
 103  *
 104  * There is no additional checking, just the encoding and setting the key=value for usage in headers
 105  *
 106  * @author Gerry Weissbach <gerry.w@gammaproduction.de>
 107  * @param string $name      name of the field to be set in the header() call
 108  * @param string $value     value of the field to be set in the header() call
 109  * @param string $charset   used charset for the encoding of value
 110  * @param string $lang      language used.
 111  * @return string           in the format " name=value" for values WITHOUT special characters
 112  * @return string           in the format " name*=charset'lang'value" for values WITH special characters
 113  */
 114 function rfc2231_encode($name, $value, $charset='utf-8', $lang='en') {
 115     $internal = preg_replace_callback(
 116         '/[\x00-\x20*\'%()<>@,;:\\\\"\/[\]?=\x80-\xFF]/',
 117         function ($match) {
 118             return rawurlencode($match[0]);
 119         },
 120         $value
 121     );
 122     if ( $value != $internal ) {
 123         return ' '.$name.'*='.$charset."'".$lang."'".$internal;
 124     } else {
 125         return ' '.$name.'="'.$value.'"';
 126     }
 127 }
 128
 129 /**
 130  * Check for media for preconditions and return correct status code
 131  *
 132  * READ: MEDIA, MIME, EXT, CACHE
 133  * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE )
 134  *
 135  * @author Gerry Weissbach <gerry.w@gammaproduction.de>
 136  *
 137  * @param string $media  reference to the media id
 138  * @param string $file   reference to the file variable
 139  * @param string $rev
 140  * @param int    $width
 141  * @param int    $height
 142  * @return array as array(STATUS, STATUSMESSAGE)
 143  */
 144 function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) {
 145     global $MIME, $EXT, $CACHE, $INPUT;
 146
 147     //media to local file
 148     if(media_isexternal($media)) {
 149         //check token for external image and additional for resized and cached images
 150         if(media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
 151             return array(412, 'Precondition Failed');
 152         }
 153         //handle external images
 154         if(strncmp($MIME, 'image/', 6) == 0) $file = media_get_from_URL($media, $EXT, $CACHE);
 155         if(!$file) {
 156             //download failed - redirect to original URL
 157             return array(302, $media);
 158         }
 159     } else {
 160         $media = cleanID($media);
 161         if(empty($media)) {
 162             return array(400, 'Bad request');
 163         }
 164         // check token for resized images
 165         if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
 166             return array(412, 'Precondition Failed');
 167         }
 168
 169         //check permissions (namespace only)
 170         if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) {
 171             return array(403, 'Forbidden');
 172         }
 173         $file = mediaFN($media, $rev);
 174     }
 175
 176     //check file existance
 177     if(!file_exists($file)) {
 178         return array(404, 'Not Found');
 179     }
 180
 181     return array(200, null);
 182 }
 183
 184 /**
 185  * Returns the wanted cachetime in seconds
 186  *
 187  * Resolves named constants
 188  *
 189  * @author  Andreas Gohr <andi@splitbrain.org>
 190  *
 191  * @param string $cache
 192  * @return int cachetime in seconds
 193  */
 194 function calc_cache($cache) {
 195     global $conf;
 196
 197     if(strtolower($cache) == 'nocache') return 0; //never cache
 198     if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache
 199     return -1; //cache endless
 200 }