inc/fetch.functions.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

<?php 
/**
 * Functions used by lib/exe/fetch.php
 * (not included by other parts of dokuwiki)
 */

/**
 * Set headers and send the file to the client
 *
 * The $cache parameter influences how long files may be kept in caches, the $public parameter
 * influences if this caching may happen in public proxis or in the browser cache only FS#2734
 *
 * This function will abort the current script when a 304 is sent or file sending is handled
 * through x-sendfile
 *
 * @author Andreas Gohr <andi@splitbrain.org>
 * @author Ben Coburn <btcoburn@silicodon.net>
 * @param string $file   local file to send
 * @param string $mime   mime type of the file
 * @param bool   $dl     set to true to force a browser download
 * @param int    $cache  remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)
 * @param bool   $public is this a public ressource or a private one?
 */
function sendFile($file, $mime, $dl, $cache, $public = false) {
    global $conf;
    // send mime headers
    header("Content-Type: $mime");

    // calculate cache times
    if($cache == -1) {
        $maxage  = max($conf['cachetime'], 3600); // cachetime or one hour
        $expires = time() + $maxage;
    } else if($cache > 0) {
        $maxage  = $cache; // given time
        $expires = time() + $maxage;
    } else { // $cache == 0
        $maxage  = 0;
        $expires = 0; // 1970-01-01
    }

    // smart http caching headers
    if($maxage) {
        if($public) {
            // cache publically
            header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
            header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.$maxage);
            header('Pragma: public');
        } else {
            // cache in browser
            header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
            header('Cache-Control: private, no-transform, max-age='.$maxage);
            header('Pragma: no-cache');
        }
    } else {
        // no cache at all
        header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
        header('Cache-Control: no-cache, no-transform');
        header('Pragma: no-cache');
    }

    //send important headers first, script stops here if '304 Not Modified' response
    $fmtime = @filemtime($file);
    http_conditionalRequest($fmtime);

    //download or display?
    if($dl) {
        header('Content-Disposition: attachment; filename="'.utf8_basename($file).'";');
    } else {
        header('Content-Disposition: inline; filename="'.utf8_basename($file).'";');
    }

    //use x-sendfile header to pass the delivery to compatible webservers
    if(http_sendfile($file)) exit;

    // send file contents
    $fp = @fopen($file, "rb");
    if($fp) {
        http_rangeRequest($fp, filesize($file), $mime);
    } else {
        http_status(500);
        print "Could not read $file - bad permissions?";
    }
}

/**
 * Check for media for preconditions and return correct status code
 *
 * READ: MEDIA, MIME, EXT, CACHE
 * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE )
 *
 * @author Gerry Weissbach <gerry.w@gammaproduction.de>
 * @param $media reference to the media id
 * @param $file  reference to the file variable
 * @returns array(STATUS, STATUSMESSAGE)
 */
function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) {
    global $MIME, $EXT, $CACHE, $INPUT;

    //media to local file
    if(preg_match('#^(https?)://#i', $media)) {
        //check hash
        if(substr(PassHash::hmac('md5', $media, auth_cookiesalt()), 0, 6) !== $INPUT->str('hash')) {
            return array(412, 'Precondition Failed');
        }
        //handle external images
        if(strncmp($MIME, 'image/', 6) == 0) $file = media_get_from_URL($media, $EXT, $CACHE);
        if(!$file) {
            //download failed - redirect to original URL
            return array(302, $media);
        }
        // check token for resized and cached images
        if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
            return array(412, 'Precondition Failed');
        }
    } else {
        $media = cleanID($media);
        if(empty($media)) {
            return array(400, 'Bad request');
        }
        // check token for resized images
        if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
            return array(412, 'Precondition Failed');
        }

        //check permissions (namespace only)
        if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) {
            return array(403, 'Forbidden');
        }
        $file = mediaFN($media, $rev);
    }

    //check file existance
    if(!@file_exists($file)) {
        return array(404, 'Not Found');
    }

    return array(200, null);
}

/**
 * Returns the wanted cachetime in seconds
 *
 * Resolves named constants
 *
 * @author  Andreas Gohr <andi@splitbrain.org>
 */
function calc_cache($cache) {
    global $conf;

    if(strtolower($cache) == 'nocache') return 0; //never cache
    if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache
    return -1; //cache endless
}