123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705 |
- <?php
- /*
- +----------------------------------------------------------------------+
- | Copyright (c) 2002-2007 Christian Stocker, Hartmut Holzgraefe |
- | All rights reserved |
- | |
- | Redistribution and use in source and binary forms, with or without |
- | modification, are permitted provided that the following conditions |
- | are met: |
- | |
- | 1. Redistributions of source code must retain the above copyright |
- | notice, this list of conditions and the following disclaimer. |
- | 2. Redistributions in binary form must reproduce the above copyright |
- | notice, this list of conditions and the following disclaimer in |
- | the documentation and/or other materials provided with the |
- | distribution. |
- | 3. The names of the authors may not be used to endorse or promote |
- | products derived from this software without specific prior |
- | written permission. |
- | |
- | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
- | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
- | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
- | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
- | COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
- | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
- | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
- | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
- | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
- | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
- | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
- | POSSIBILITY OF SUCH DAMAGE. |
- +----------------------------------------------------------------------+
- */
- require_once("../inc/lib_base.php");
- oc_require_once("lib_log.php");
- oc_require_once("lib_filesystem.php");
- oc_require_once("HTTP/WebDAV/Server.php");
- oc_require_once("System.php");
-
- /**
- * Filesystem access using WebDAV
- *
- * @access public
- * @author Hartmut Holzgraefe <hartmut@php.net>
- * @version @package-version@
- */
- class HTTP_WebDAV_Server_Filesystem extends HTTP_WebDAV_Server
- {
- /**
- * Root directory for WebDAV access
- *
- * Defaults to webserver document root (set by ServeRequest)
- *
- * @access private
- * @var string
- */
- var $base = "";
-
- /**
- * Serve a webdav request
- *
- * @access public
- * @param string
- */
- function ServeRequest($base = false)
- {
- // special treatment for litmus compliance test
- // reply on its identifier header
- // not needed for the test itself but eases debugging
- if (isset($this->_SERVER['HTTP_X_LITMUS'])) {
- error_log("Litmus test ".$this->_SERVER['HTTP_X_LITMUS']);
- header("X-Litmus-reply: ".$this->_SERVER['HTTP_X_LITMUS']);
- }
-
- // set root directory, defaults to webserver document root if not set
- if ($base) {
- $this->base = realpath($base); // TODO throw if not a directory
- } else if (!$this->base) {
- $this->base = $this->_SERVER['DOCUMENT_ROOT'];
- }
-
- // let the base class do all the work
- parent::ServeRequest();
- }
-
- /**
- * No authentication is needed here
- *
- * @access private
- * @param string HTTP Authentication type (Basic, Digest, ...)
- * @param string Username
- * @param string Password
- * @return bool true on successful authentication
- */
- function check_auth($type, $user, $pass)
- {
- return true;
- }
-
-
- /**
- * PROPFIND method handler
- *
- * @param array general parameter passing array
- * @param array return array for file properties
- * @return bool true on success
- */
- function PROPFIND(&$options, &$files)
- {
- // get absolute fs path to requested resource
- $fspath = $options["path"];
-
- // sanity check
- if (!OC_FILESYSTEM::file_exists($fspath)) {
- return false;
- }
-
- // prepare property array
- $files["files"] = array();
- // store information for the requested path itself
- $files["files"][] = $this->fileinfo($options["path"]);
- // information for contained resources requested?
- if (!empty($options["depth"]) && OC_FILESYSTEM::is_dir($fspath) && OC_FILESYSTEM::is_readable($fspath)) {
- // make sure path ends with '/'
- $options["path"] = $this->_slashify($options["path"]);
-
- // try to open directory
- $handle = @OC_FILESYSTEM::opendir($fspath);
-
- if ($handle) {
- // ok, now get all its contents
- while ($filename = readdir($handle)) {
- if ($filename != "." && $filename != "..") {
- $files["files"][] = $this->fileinfo($options["path"].$filename);
- }
- }
- // TODO recursion needed if "Depth: infinite"
- }
- }
-
- // ok, all done
- return true;
- }
-
- /**
- * Get properties for a single file/resource
- *
- * @param string resource path
- * @return array resource properties
- */
- function fileinfo($path)
- {
- // map URI path to filesystem path
- $fspath =$path;
-
- // create result array
- $info = array();
- // TODO remove slash append code when base clase is able to do it itself
- $info["path"] = OC_FILESYSTEM::is_dir($fspath) ? $this->_slashify($path) : $path;
- $info["props"] = array();
- // no special beautified displayname here ...
- $info["props"][] = $this->mkprop("displayname", strtoupper($path));
-
- // creation and modification time
- $info["props"][] = $this->mkprop("creationdate", OC_FILESYSTEM::filectime($fspath));
- $info["props"][] = $this->mkprop("getlastmodified", OC_FILESYSTEM::filemtime($fspath));
- // Microsoft extensions: last access time and 'hidden' status
- $info["props"][] = $this->mkprop("lastaccessed", OC_FILESYSTEM::fileatime($fspath));
- $info["props"][] = $this->mkprop("ishidden", ('.' === substr(basename($fspath), 0, 1)));
- // type and size (caller already made sure that path exists)
- if ( OC_FILESYSTEM::is_dir($fspath)) {
- // directory (WebDAV collection)
- $info["props"][] = $this->mkprop("resourcetype", "collection");
- $info["props"][] = $this->mkprop("getcontenttype", "httpd/unix-directory");
- } else {
- // plain file (WebDAV resource)
- $info["props"][] = $this->mkprop("resourcetype", "");
- if ( OC_FILESYSTEM::is_readable($fspath)) {
- $info["props"][] = $this->mkprop("getcontenttype", OC_FILESYSTEM::getMimetype($fspath));
- } else {
- $info["props"][] = $this->mkprop("getcontenttype", "application/x-non-readable");
- }
- $info["props"][] = $this->mkprop("getcontentlength", OC_FILESYSTEM::filesize($fspath));
- }
- // get additional properties from database
- $query = "SELECT ns, name, value FROM properties WHERE path = '$path'";
- $res = OC_DB::select($query);
- foreach ($res as $row) {
- $info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]);
- }
- return $info;
- }
-
- /**
- * HEAD method handler
- *
- * @param array parameter passing array
- * @return bool true on success
- */
- function HEAD(&$options)
- {
- // get absolute fs path to requested resource
- $fspath = $options["path"];
-
- // sanity check
- if (! OC_FILESYSTEM::file_exists($fspath)) return false;
-
- // detect resource type
- $options['mimetype'] = OC_FILESYSTEM::getMimetype($fspath);
-
- // detect modification time
- // see rfc2518, section 13.7
- // some clients seem to treat this as a reverse rule
- // requiering a Last-Modified header if the getlastmodified header was set
- $options['mtime'] = OC_FILESYSTEM::filemtime($fspath);
-
- // detect resource size
- $options['size'] = OC_FILESYSTEM::filesize($fspath);
-
- return true;
- }
-
- /**
- * GET method handler
- *
- * @param array parameter passing array
- * @return bool true on success
- */
- function GET(&$options)
- {
- // get absolute fs path to requested resource)
- $fspath = $options["path"];
- error_log("get $fspath");
- // is this a collection?
- if (OC_FILESYSTEM::is_dir($fspath)) {
- return $this->GetDir($fspath, $options);
- }
-
- // the header output is the same as for HEAD
- if (!$this->HEAD($options)) {
- return false;
- }
-
- // no need to check result here, it is handled by the base class
- $options['stream'] = OC_FILESYSTEM::fopen($fspath, "r");
- OC_LOG::event($_SESSION['username'],3,$options["path"]);
- return true;
- }
-
- /**
- * GET method handler for directories
- *
- * This is a very simple mod_index lookalike.
- * See RFC 2518, Section 8.4 on GET/HEAD for collections
- *
- * @param string directory path
- * @return void function has to handle HTTP response itself
- */
- function GetDir($fspath, &$options)
- {
- $path = $this->_slashify($options["path"]);
- if ($path != $options["path"]) {
- header("Location: ".$this->base_uri.$path);
- exit;
- }
-
- // fixed width directory column format
- $format = "%15s %-19s %-s\n";
-
- if (!OC_FILESYSTEM::is_readable($fspath)) {
- return false;
- }
-
- $handle = OC_FILESYSTEM::opendir($fspath);
- if (!$handle) {
- return false;
- }
-
- echo "<html><head><title>Index of ".htmlspecialchars($options['path'])."</title></head>\n";
-
- echo "<h1>Index of ".htmlspecialchars($options['path'])."</h1>\n";
-
- echo "<pre>";
- printf($format, "Size", "Last modified", "Filename");
- echo "<hr>";
-
- while ($filename = readdir($handle)) {
- if ($filename != "." && $filename != "..") {
- $fullpath = $fspath."/".$filename;
- $name = htmlspecialchars($filename);
- printf($format,
- number_format(filesize($fullpath)),
- strftime("%Y-%m-%d %H:%M:%S", filemtime($fullpath)),
- "<a href='$name'>$name</a>");
- }
- }
-
- echo "</pre>";
-
- closedir($handle);
-
- echo "</html>\n";
-
- exit;
- }
-
- /**
- * PUT method handler
- *
- * @param array parameter passing array
- * @return bool true on success
- */
- function PUT(&$options)
- {
- $fspath = $options["path"];
-
- $dir = dirname($fspath);
- if (!OC_FILESYSTEM::file_exists($dir) || !OC_FILESYSTEM::is_dir($dir)) {
- return "409 Conflict"; // TODO right status code for both?
- }
-
- $options["new"] = ! OC_FILESYSTEM::file_exists($fspath);
-
- if ($options["new"] && !OC_FILESYSTEM::is_writeable($dir)) {
- return "403 Forbidden";
- }
- if (!$options["new"] && !OC_FILESYSTEM::is_writeable($fspath)) {
- return "403 Forbidden";
- }
- if (!$options["new"] && OC_FILESYSTEM::is_dir($fspath)) {
- return "403 Forbidden";
- }
- $fp = OC_FILESYSTEM::fopen($fspath, "w");
- OC_LOG::event($_SESSION['username'],4,$options["path"]);
- return $fp;
- }
-
-
- /**
- * MKCOL method handler
- *
- * @param array general parameter passing array
- * @return bool true on success
- */
- function MKCOL($options)
- {
- $path = $options["path"];
- $parent = dirname($path);
- $name = basename($path);
-
- if (!OC_FILESYSTEM::file_exists($parent)) {
- return "409 Conflict";
- }
-
- if (!OC_FILESYSTEM::is_dir($parent)) {
- return "403 Forbidden";
- }
-
- if ( OC_FILESYSTEM::file_exists($parent."/".$name) ) {
- return "405 Method not allowed";
- }
-
- if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
- return "415 Unsupported media type";
- }
-
- $stat = OC_FILESYSTEM::mkdir($parent."/".$name, 0777);
- if (!$stat) {
- return "403 Forbidden";
- }
-
- return ("201 Created");
- }
-
-
- /**
- * DELETE method handler
- *
- * @param array general parameter passing array
- * @return bool true on success
- */
- function DELETE($options)
- {
- $path =$options["path"];
-
- if (!OC_FILESYSTEM::file_exists($path)) {
- return "404 Not found";
- }
-
- if (OC_FILESYSTEM::is_dir($path)) {
- $query = "DELETE FROM properties WHERE path LIKE '".$this->_slashify($options["path"])."%'";
- OC_DB::query($query);
- // System::rm(array("-rf, $path"));
- OC_FILESYSTEM::delTree($path);
- } else {
- OC_FILESYSTEM::unlink($path);
- }
- $query = "DELETE FROM properties WHERE path = '$options[path]'";
- OC_DB::query($query);
-
- return "204 No Content";
- }
-
-
- /**
- * MOVE method handler
- *
- * @param array general parameter passing array
- * @return bool true on success
- */
- function MOVE($options)
- {
- return $this->COPY($options, true);
- }
-
- /**
- * COPY method handler
- *
- * @param array general parameter passing array
- * @return bool true on success
- */
- function COPY($options, $del=false)
- {
- // TODO Property updates still broken (Litmus should detect this?)
-
- if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
- return "415 Unsupported media type";
- }
-
- // no copying to different WebDAV Servers yet
- if (isset($options["dest_url"])) {
- return "502 bad gateway";
- }
-
- $source = $options["path"];
- if (!OC_FILESYSTEM::file_exists($source)) {
- return "404 Not found";
- }
-
- if (OC_FILESYSTEM::is_dir($source)) { // resource is a collection
- switch ($options["depth"]) {
- case "infinity": // valid
- break;
- case "0": // valid for COPY only
- if ($del) { // MOVE?
- return "400 Bad request";
- }
- break;
- case "1": // invalid for both COPY and MOVE
- default:
- return "400 Bad request";
- }
- }
-
- $dest = $options["dest"];
- $destdir = dirname($dest);
-
- if (!OC_FILESYSTEM::file_exists($destdir) || !OC_FILESYSTEM::is_dir($destdir)) {
- return "409 Conflict";
- }
-
-
- $new = !OC_FILESYSTEM::file_exists($dest);
- $existing_col = false;
-
- if (!$new) {
- if ($del && OC_FILESYSTEM::is_dir($dest)) {
- if (!$options["overwrite"]) {
- return "412 precondition failed";
- }
- $dest .= basename($source);
- if (OC_FILESYSTEM::file_exists($dest)) {
- $options["dest"] .= basename($source);
- } else {
- $new = true;
- $existing_col = true;
- }
- }
- }
-
- if (!$new) {
- if ($options["overwrite"]) {
- $stat = $this->DELETE(array("path" => $options["dest"]));
- if (($stat{0} != "2") && (substr($stat, 0, 3) != "404")) {
- return $stat;
- }
- } else {
- return "412 precondition failed";
- }
- }
-
- if ($del) {
- if (!OC_FILESYSTEM::rename($source, $dest)) {
- return "500 Internal server error";
- }
- $destpath = $this->_unslashify($options["dest"]);
- if (is_dir($source)) {
- $query = "UPDATE properties
- SET path = REPLACE(path, '".$options["path"]."', '".$destpath."')
- WHERE path LIKE '".$this->_slashify($options["path"])."%'";
- OC_DB::query($query);
- }
-
- $query = "UPDATE properties
- SET path = '".$destpath."'
- WHERE path = '".$options["path"]."'";
- OC_DB::query($query);
- } else {
- if (OC_FILESYSTEM::is_dir($source)) {
- $files = OC_FILESYSTEM::find($source);
- $files = array_reverse($files);
- } else {
- $files = array($source);
- }
-
- if (!is_array($files) || empty($files)) {
- return "500 Internal server error";
- }
-
-
- foreach ($files as $file) {
- if (OC_FILESYSTEM::is_dir($file)) {
- $file = $this->_slashify($file);
- }
-
- $destfile = str_replace($source, $dest, $file);
-
- if (OC_FILESYSTEM::is_dir($file)) {
- if (!OC_FILESYSTEM::file_exists($destfile)) {
- if (!OC_FILESYSTEM::is_writeable(dirname($destfile))) {
- return "403 Forbidden";
- }
- if (!OC_FILESYSTEM::mkdir($destfile)) {
- return "409 Conflict";
- }
- } else if (!OC_FILESYSTEM::is_dir($destfile)) {
- return "409 Conflict";
- }
- } else {
-
- if (!OC_FILESYSTEM::copy($file, $destfile)) {
- error_log("copy $file to $destfile failed");
- return "409 Conflict";
- }
- }
- }
-
- $query = "INSERT INTO properties SELECT * FROM properties WHERE path = '".$options['path']."'";
- }
-
- return ($new && !$existing_col) ? "201 Created" : "204 No Content";
- }
-
- /**
- * PROPPATCH method handler
- *
- * @param array general parameter passing array
- * @return bool true on success
- */
- function PROPPATCH(&$options)
- {
- global $prefs, $tab;
-
- $msg = "";
- $path = $options["path"];
- $dir = dirname($path)."/";
- $base = basename($path);
-
- foreach ($options["props"] as $key => $prop) {
- if ($prop["ns"] == "DAV:") {
- $options["props"][$key]['status'] = "403 Forbidden";
- } else {
- if (isset($prop["val"])) {
- $query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
- error_log($query);
- } else {
- $query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
- }
- OC_DB::query($query);
- }
- }
-
- return "";
- }
-
-
- /**
- * LOCK method handler
- *
- * @param array general parameter passing array
- * @return bool true on success
- */
- function LOCK(&$options)
- {
- // get absolute fs path to requested resource
- $fspath = $options["path"];
-
- // TODO recursive locks on directories not supported yet
- // makes litmus test "32. lock_collection" fail
- if (is_dir($fspath) && !empty($options["depth"])) {
- return "409 Conflict";
- }
-
- $options["timeout"] = time()+300; // 5min. hardcoded
-
- if (isset($options["update"])) { // Lock Update
- $where = "WHERE path = '$options[path]' AND token = '$options[update]'";
-
- $query = "SELECT owner, exclusivelock FROM locks $where";
- $row = OC_DB::select($query);
-
- if (is_array($row)) {
- $query = "UPDATE `locks` SET `expires` = '$options[timeout]', `modified` = ".time()." $where";
- OC_DB::query($query);
-
- $options['owner'] = $row['owner'];
- $options['scope'] = $row["exclusivelock"] ? "exclusive" : "shared";
- $options['type'] = $row["exclusivelock"] ? "write" : "read";
-
- return true;
- } else {
- return false;
- }
- }
-
- $query = "INSERT INTO `locks`
- SET `token` = '$options[locktoken]'
- , `path` = '$options[path]'
- , `created` = ".time()."
- , `modified` = ".time()."
- , `owner` = '$options[owner]'
- , `expires` = '$options[timeout]'
- , `exclusivelock` = " .($options['scope'] === "exclusive" ? "1" : "0")
- ;
- OC_DB::query($query);
-
- return OC_DB::affected_rows() ? "200 OK" : "409 Conflict";
- }
-
- /**
- * UNLOCK method handler
- *
- * @param array general parameter passing array
- * @return bool true on success
- */
- function UNLOCK(&$options)
- {
- $query = "DELETE FROM locks
- WHERE path = '$options[path]'
- AND token = '$options[token]'";
- OC_DB::query($query);
-
- return OC_DB::affected_rows() ? "204 No Content" : "409 Conflict";
- }
-
- /**
- * checkLock() helper
- *
- * @param string resource path to check for locks
- * @return bool true on success
- */
- function checkLock($path)
- {
- $result = false;
- $query = "SELECT *
- FROM locks
- WHERE path = '$path'
- ";
- $res = OC_DB::select($query);
- if ($res) {
- $row=$res[0];
- OC_DB::free_result($res);
-
- if ($row) {
- $result = array( "type" => "write",
- "scope" => $row["exclusivelock"] ? "exclusive" : "shared",
- "depth" => 0,
- "owner" => $row['owner'],
- "token" => $row['token'],
- "created" => $row['created'],
- "modified" => $row['modified'],
- "expires" => $row['expires']
- );
- }
- }
-
- return $result;
- }
-
-
- /**
- * create database tables for property and lock storage
- *
- * @param void
- * @return bool true on success
- */
- function create_database()
- {
- // TODO
- return false;
- }
- }
-
- ?>
|