|
|
<?php /* +----------------------------------------------------------------------+ | Copyright (c) 2002-2007 Christian Stocker, Hartmut Holzgraefe | | All rights reserved | | | | Redistribution and use in source and binary forms, with or without | | modification, are permitted provided that the following conditions | | are met: | | | | 1. Redistributions of source code must retain the above copyright | | notice, this list of conditions and the following disclaimer. | | 2. Redistributions in binary form must reproduce the above copyright | | notice, this list of conditions and the following disclaimer in | | the documentation and/or other materials provided with the | | distribution. | | 3. The names of the authors may not be used to endorse or promote | | products derived from this software without specific prior | | written permission. | | | | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | | COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN | | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | POSSIBILITY OF SUCH DAMAGE. | +----------------------------------------------------------------------+*/
require_once("HTTP/WebDAV/Tools/_parse_propfind.php");require_once("HTTP/WebDAV/Tools/_parse_proppatch.php");require_once("HTTP/WebDAV/Tools/_parse_lockinfo.php");
/** * Virtual base class for implementing WebDAV servers * * WebDAV server base class, needs to be extended to do useful work * * @package HTTP_WebDAV_Server * @author Hartmut Holzgraefe <hholzgra@php.net> * @version @package_version@ */class HTTP_WebDAV_Server { // {{{ Member Variables
/** * complete URI for this request * * @var string */ var $uri; /** * base URI for this request * * @var string */ var $base_uri;
/** * URI path for this request * * @var string */ var $path;
/** * Realm string to be used in authentification popups * * @var string */ var $http_auth_realm = "PHP WebDAV";
/** * String to be used in "X-Dav-Powered-By" header * * @var string */ var $dav_powered_by = "";
/** * Remember parsed If: (RFC2518/9.4) header conditions * * @var array */ var $_if_header_uris = array();
/** * HTTP response status/message * * @var string */ var $_http_status = "200 OK";
/** * encoding of property values passed in * * @var string */ var $_prop_encoding = "utf-8";
/** * Copy of $_SERVER superglobal array * * Derived classes may extend the constructor to * modify its contents * * @var array */ var $_SERVER;
// }}}
// {{{ Constructor
/** * Constructor * * @param void */ function HTTP_WebDAV_Server() { // PHP messages destroy XML output -> switch them off
ini_set("display_errors", 0);
// copy $_SERVER variables to local _SERVER array
// so that derived classes can simply modify these
$this->_SERVER = $_SERVER; }
// }}}
// {{{ ServeRequest()
/** * Serve WebDAV HTTP request * * dispatch WebDAV HTTP request to the apropriate method handler * * @param void * @return void */ function ServeRequest() { // prevent warning in litmus check 'delete_fragment'
if (strstr($this->_SERVER["REQUEST_URI"], '#')) { $this->http_status("400 Bad Request"); return; }
// default uri is the complete request uri
$uri = "http"; if (isset($this->_SERVER["HTTPS"]) && $this->_SERVER["HTTPS"] === "on") { $uri = "https"; } $uri.= "://".$this->_SERVER["HTTP_HOST"].$this->_SERVER["SCRIPT_NAME"]; // WebDAV has no concept of a query string and clients (including cadaver)
// seem to pass '?' unencoded, so we need to extract the path info out
// of the request URI ourselves
$path_info = substr($this->_SERVER["REQUEST_URI"], strlen($this->_SERVER["SCRIPT_NAME"]));
// just in case the path came in empty ...
if (empty($path_info)) { $path_info = "/"; }
$this->base_uri = $uri; $this->uri = $uri . $path_info;
// set path
$this->path = $this->_urldecode($path_info); if (!strlen($this->path)) { if ($this->_SERVER["REQUEST_METHOD"] == "GET") { // redirect clients that try to GET a collection
// WebDAV clients should never try this while
// regular HTTP clients might ...
header("Location: ".$this->base_uri."/"); return; } else { // if a WebDAV client didn't give a path we just assume '/'
$this->path = "/"; } } if (ini_get("magic_quotes_gpc")) { $this->path = stripslashes($this->path); } // identify ourselves
if (empty($this->dav_powered_by)) { header("X-Dav-Powered-By: PHP class: ".get_class($this)); } else { header("X-Dav-Powered-By: ".$this->dav_powered_by); }
// check authentication
// for the motivation for not checking OPTIONS requests on / see
// http://pear.php.net/bugs/bug.php?id=5363
if ( ( !(($this->_SERVER['REQUEST_METHOD'] == 'OPTIONS') && ($this->path == "/"))) && (!$this->_check_auth())) { // RFC2518 says we must use Digest instead of Basic
// but Microsoft Clients do not support Digest
// and we don't support NTLM and Kerberos
// so we are stuck with Basic here
header('WWW-Authenticate: Basic realm="'.($this->http_auth_realm).'"');
// Windows seems to require this being the last header sent
// (changed according to PECL bug #3138)
$this->http_status('401 Unauthorized');
return; } // check
if (! $this->_check_if_header_conditions()) { return; } // detect requested method names
$method = strtolower($this->_SERVER["REQUEST_METHOD"]); error_log("serving $method request"); $wrapper = "http_".$method; // activate HEAD emulation by GET if no HEAD method found
if ($method == "head" && !method_exists($this, "head")) { $method = "get"; } if (method_exists($this, $wrapper) && ($method == "options" || method_exists($this, $method))) { $this->$wrapper(); // call method by name
} else { // method not found/implemented
if ($this->_SERVER["REQUEST_METHOD"] == "LOCK") { $this->http_status("412 Precondition failed"); } else { $this->http_status("405 Method not allowed"); header("Allow: ".join(", ", $this->_allow())); // tell client what's allowed
} } }
// }}}
// {{{ abstract WebDAV methods
// {{{ GET()
/** * GET implementation * * overload this method to retrieve resources from your server * <br> * * * @abstract * @param array &$params Array of input and output parameters * <br><b>input</b><ul> * <li> path - * </ul> * <br><b>output</b><ul> * <li> size - * </ul> * @returns int HTTP-Statuscode */
/* abstract function GET(&$params) { // dummy entry for PHPDoc
} */
// }}}
// {{{ PUT()
/** * PUT implementation * * PUT implementation * * @abstract * @param array &$params * @returns int HTTP-Statuscode */ /* abstract function PUT() { // dummy entry for PHPDoc
} */ // }}}
// {{{ COPY()
/** * COPY implementation * * COPY implementation * * @abstract * @param array &$params * @returns int HTTP-Statuscode */ /* abstract function COPY() { // dummy entry for PHPDoc
} */
// }}}
// {{{ MOVE()
/** * MOVE implementation * * MOVE implementation * * @abstract * @param array &$params * @returns int HTTP-Statuscode */ /* abstract function MOVE() { // dummy entry for PHPDoc
} */
// }}}
// {{{ DELETE()
/** * DELETE implementation * * DELETE implementation * * @abstract * @param array &$params * @returns int HTTP-Statuscode */ /* abstract function DELETE() { // dummy entry for PHPDoc
} */ // }}}
// {{{ PROPFIND()
/** * PROPFIND implementation * * PROPFIND implementation * * @abstract * @param array &$params * @returns int HTTP-Statuscode */ /* abstract function PROPFIND() { // dummy entry for PHPDoc
} */
// }}}
// {{{ PROPPATCH()
/** * PROPPATCH implementation * * PROPPATCH implementation * * @abstract * @param array &$params * @returns int HTTP-Statuscode */ /* abstract function PROPPATCH() { // dummy entry for PHPDoc
} */ // }}}
// {{{ LOCK()
/** * LOCK implementation * * LOCK implementation * * @abstract * @param array &$params * @returns int HTTP-Statuscode */ /* abstract function LOCK() { // dummy entry for PHPDoc
} */ // }}}
// {{{ UNLOCK()
/** * UNLOCK implementation * * UNLOCK implementation * * @abstract * @param array &$params * @returns int HTTP-Statuscode */
/* abstract function UNLOCK() { // dummy entry for PHPDoc
} */ // }}}
// }}}
// {{{ other abstract methods
// {{{ check_auth()
/** * check authentication * * overload this method to retrieve and confirm authentication information * * @abstract * @param string type Authentication type, e.g. "basic" or "digest" * @param string username Transmitted username * @param string passwort Transmitted password * @returns bool Authentication status */ /* abstract function checkAuth($type, $username, $password) { // dummy entry for PHPDoc
} */ // }}}
// {{{ checklock()
/** * check lock status for a resource * * overload this method to return shared and exclusive locks * active for this resource * * @abstract * @param string resource Resource path to check * @returns array An array of lock entries each consisting * of 'type' ('shared'/'exclusive'), 'token' and 'timeout' */ /* abstract function checklock($resource) { // dummy entry for PHPDoc
} */
// }}}
// }}}
// {{{ WebDAV HTTP method wrappers
// {{{ http_OPTIONS()
/** * OPTIONS method handler * * The OPTIONS method handler creates a valid OPTIONS reply * including Dav: and Allowed: headers * based on the implemented methods found in the actual instance * * @param void * @return void */ function http_OPTIONS() { // Microsoft clients default to the Frontpage protocol
// unless we tell them to use WebDAV
header("MS-Author-Via: DAV");
// get allowed methods
$allow = $this->_allow();
// dav header
$dav = array(1); // assume we are always dav class 1 compliant
if (isset($allow['LOCK'])) { $dav[] = 2; // dav class 2 requires that locking is supported
}
// tell clients what we found
$this->http_status("200 OK"); header("DAV: " .join(", ", $dav)); header("Allow: ".join(", ", $allow));
header("Content-length: 0"); }
// }}}
// {{{ http_PROPFIND()
/** * PROPFIND method handler * * @param void * @return void */ function http_PROPFIND() { $options = Array(); $files = Array();
$options["path"] = $this->path; // search depth from header (default is "infinity)
if (isset($this->_SERVER['HTTP_DEPTH'])) { $options["depth"] = $this->_SERVER["HTTP_DEPTH"]; } else { $options["depth"] = "infinity"; }
// analyze request payload
$propinfo = new _parse_propfind("php://input"); if (!$propinfo->success) { $this->http_status("400 Error"); return; } $options['props'] = $propinfo->props;
// call user handler
if (!$this->PROPFIND($options, $files)) { $files = array("files" => array()); if (method_exists($this, "checkLock")) { // is locked?
$lock = $this->checkLock($this->path);
if (is_array($lock) && count($lock)) { $created = isset($lock['created']) ? $lock['created'] : time(); $modified = isset($lock['modified']) ? $lock['modified'] : time(); $files['files'][] = array("path" => $this->_slashify($this->path), "props" => array($this->mkprop("displayname", $this->path), $this->mkprop("creationdate", $created), $this->mkprop("getlastmodified", $modified), $this->mkprop("resourcetype", ""), $this->mkprop("getcontenttype", ""), $this->mkprop("getcontentlength", 0)) ); } }
if (empty($files['files'])) { $this->http_status("404 Not Found"); return; } } // collect namespaces here
$ns_hash = array(); // Microsoft Clients need this special namespace for date and time values
$ns_defs = "xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\""; // now we loop over all returned file entries
foreach ($files["files"] as $filekey => $file) { // nothing to do if no properties were returend for a file
if (!isset($file["props"]) || !is_array($file["props"])) { continue; } // now loop over all returned properties
foreach ($file["props"] as $key => $prop) { // as a convenience feature we do not require that user handlers
// restrict returned properties to the requested ones
// here we strip all unrequested entries out of the response
switch($options['props']) { case "all": // nothing to remove
break; case "names": // only the names of all existing properties were requested
// so we remove all values
unset($files["files"][$filekey]["props"][$key]["val"]); break; default: $found = false; // search property name in requested properties
foreach ((array)$options["props"] as $reqprop) { if (!isset($reqprop["xmlns"])) { $reqprop["xmlns"] = ""; } if ( $reqprop["name"] == $prop["name"] && $reqprop["xmlns"] == $prop["ns"]) { $found = true; break; } } // unset property and continue with next one if not found/requested
if (!$found) { $files["files"][$filekey]["props"][$key]=""; continue(2); } break; } // namespace handling
if (empty($prop["ns"])) continue; // no namespace
$ns = $prop["ns"]; if ($ns == "DAV:") continue; // default namespace
if (isset($ns_hash[$ns])) continue; // already known
// register namespace
$ns_name = "ns".(count($ns_hash) + 1); $ns_hash[$ns] = $ns_name; $ns_defs .= " xmlns:$ns_name=\"$ns\"";
} // we also need to add empty entries for properties that were requested
// but for which no values where returned by the user handler
if (is_array($options['props'])) { foreach ($options["props"] as $reqprop) { if ($reqprop['name']=="") continue; // skip empty entries
$found = false; if (!isset($reqprop["xmlns"])) { $reqprop["xmlns"] = ""; }
// check if property exists in result
foreach ($file["props"] as $prop) { if ( $reqprop["name"] == $prop["name"] && $reqprop["xmlns"] == $prop["ns"]) { $found = true; break; } } if (!$found) { if ($reqprop["xmlns"]==="DAV:" && $reqprop["name"]==="lockdiscovery") { // lockdiscovery is handled by the base class
$files["files"][$filekey]["props"][] = $this->mkprop("DAV:", "lockdiscovery", $this->lockdiscovery($files["files"][$filekey]['path'])); } else { // add empty value for this property
$files["files"][$filekey]["noprops"][] = $this->mkprop($reqprop["xmlns"], $reqprop["name"], "");
// register property namespace if not known yet
if ($reqprop["xmlns"] != "DAV:" && !isset($ns_hash[$reqprop["xmlns"]])) { $ns_name = "ns".(count($ns_hash) + 1); $ns_hash[$reqprop["xmlns"]] = $ns_name; $ns_defs .= " xmlns:$ns_name=\"$reqprop[xmlns]\""; } } } } } } // now we generate the reply header ...
$this->http_status("207 Multi-Status"); header('Content-Type: text/xml; charset="utf-8"'); // ... and payload
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"; echo "<D:multistatus xmlns:D=\"DAV:\">\n"; foreach ($files["files"] as $file) { // ignore empty or incomplete entries
if (!is_array($file) || empty($file) || !isset($file["path"])) continue; $path = $file['path']; if (!is_string($path) || $path==="") continue;
echo " <D:response $ns_defs>\n"; /* TODO right now the user implementation has to make sure collections end in a slash, this should be done in here by checking the resource attribute */ $href = $this->_mergePaths($this->_SERVER['SCRIPT_NAME'], $path);
/* minimal urlencoding is needed for the resource path */ $href = $this->_urlencode($href); echo " <D:href>$href</D:href>\n"; // report all found properties and their values (if any)
if (isset($file["props"]) && is_array($file["props"])) { echo " <D:propstat>\n"; echo " <D:prop>\n";
foreach ($file["props"] as $key => $prop) { if (!is_array($prop)) continue; if (!isset($prop["name"])) continue; if (!isset($prop["val"]) || $prop["val"] === "" || $prop["val"] === false) { // empty properties (cannot use empty() for check as "0" is a legal value here)
if ($prop["ns"]=="DAV:") { echo " <D:$prop[name]/>\n"; } else if (!empty($prop["ns"])) { echo " <".$ns_hash[$prop["ns"]].":$prop[name]/>\n"; } else { echo " <$prop[name] xmlns=\"\"/>"; } } else if ($prop["ns"] == "DAV:") { // some WebDAV properties need special treatment
switch ($prop["name"]) { case "creationdate": echo " <D:creationdate ns0:dt=\"dateTime.tz\">" . gmdate("Y-m-d\\TH:i:s\\Z", $prop['val']) . "</D:creationdate>\n"; break; case "getlastmodified": echo " <D:getlastmodified ns0:dt=\"dateTime.rfc1123\">" . gmdate("D, d M Y H:i:s ", $prop['val']) . "GMT</D:getlastmodified>\n"; break; case "resourcetype": echo " <D:resourcetype><D:$prop[val]/></D:resourcetype>\n"; break; case "supportedlock": echo " <D:supportedlock>$prop[val]</D:supportedlock>\n"; break; case "lockdiscovery": echo " <D:lockdiscovery>\n"; echo $prop["val"]; echo " </D:lockdiscovery>\n"; break; // the following are non-standard Microsoft extensions to the DAV namespace
case "lastaccessed": echo " <D:lastaccessed ns0:dt=\"dateTime.rfc1123\">" . gmdate("D, d M Y H:i:s ", $prop['val']) . "GMT</D:lastaccessed>\n"; break; case "ishidden": echo " <D:ishidden>" . is_string($prop['val']) ? $prop['val'] : ($prop['val'] ? 'true' : 'false') . "</D:ishidden>\n"; break; default: echo " <D:$prop[name]>" . $this->_prop_encode(htmlspecialchars($prop['val'])) . "</D:$prop[name]>\n"; break; } } else { // properties from namespaces != "DAV:" or without any namespace
if ($prop["ns"]) { echo " <" . $ns_hash[$prop["ns"]] . ":$prop[name]>" . $this->_prop_encode(htmlspecialchars($prop['val'])) . "</" . $ns_hash[$prop["ns"]] . ":$prop[name]>\n"; } else { echo " <$prop[name] xmlns=\"\">" . $this->_prop_encode(htmlspecialchars($prop['val'])) . "</$prop[name]>\n"; } } }
echo " </D:prop>\n"; echo " <D:status>HTTP/1.1 200 OK</D:status>\n"; echo " </D:propstat>\n"; } // now report all properties requested but not found
if (isset($file["noprops"])) { echo " <D:propstat>\n"; echo " <D:prop>\n";
foreach ($file["noprops"] as $key => $prop) { if ($prop["ns"] == "DAV:") { echo " <D:$prop[name]/>\n"; } else if ($prop["ns"] == "") { echo " <$prop[name] xmlns=\"\"/>\n"; } else { echo " <" . $ns_hash[$prop["ns"]] . ":$prop[name]/>\n"; } }
echo " </D:prop>\n"; echo " <D:status>HTTP/1.1 404 Not Found</D:status>\n"; echo " </D:propstat>\n"; } echo " </D:response>\n"; } echo "</D:multistatus>\n"; }
// }}}
// {{{ http_PROPPATCH()
/** * PROPPATCH method handler * * @param void * @return void */ function http_PROPPATCH() { if ($this->_check_lock_status($this->path)) { $options = Array();
$options["path"] = $this->path;
$propinfo = new _parse_proppatch("php://input"); if (!$propinfo->success) { $this->http_status("400 Error"); return; } $options['props'] = $propinfo->props; $responsedescr = $this->PROPPATCH($options); $this->http_status("207 Multi-Status"); header('Content-Type: text/xml; charset="utf-8"'); echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
echo "<D:multistatus xmlns:D=\"DAV:\">\n"; echo " <D:response>\n"; echo " <D:href>".$this->_urlencode($this->_mergePaths($this->_SERVER["SCRIPT_NAME"], $this->path))."</D:href>\n";
foreach ($options["props"] as $prop) { echo " <D:propstat>\n"; echo " <D:prop><$prop[name] xmlns=\"$prop[ns]\"/></D:prop>\n"; echo " <D:status>HTTP/1.1 $prop[status]</D:status>\n"; echo " </D:propstat>\n"; }
if ($responsedescr) { echo " <D:responsedescription>". $this->_prop_encode(htmlspecialchars($responsedescr)). "</D:responsedescription>\n"; }
echo " </D:response>\n"; echo "</D:multistatus>\n"; } else { $this->http_status("423 Locked"); } } // }}}
// {{{ http_MKCOL()
/** * MKCOL method handler * * @param void * @return void */ function http_MKCOL() { $options = Array();
$options["path"] = $this->path;
$stat = $this->MKCOL($options);
$this->http_status($stat); }
// }}}
// {{{ http_GET()
/** * GET method handler * * @param void * @returns void */ function http_GET() { // TODO check for invalid stream
$options = Array(); $options["path"] = $this->path;
$this->_get_ranges($options);
if (true === ($status = $this->GET($options))) { if (!headers_sent()) { $status = "200 OK";
if (!isset($options['mimetype'])) { $options['mimetype'] = "application/octet-stream"; } header("Content-type: $options[mimetype]"); if (isset($options['mtime'])) { header("Last-modified:".gmdate("D, d M Y H:i:s ", $options['mtime'])."GMT"); } if (isset($options['stream'])) { // GET handler returned a stream
if (!empty($options['ranges']) && (0===fseek($options['stream'], 0, SEEK_SET))) { // partial request and stream is seekable
if (count($options['ranges']) === 1) { $range = $options['ranges'][0]; if (isset($range['start'])) { fseek($options['stream'], $range['start'], SEEK_SET); if (feof($options['stream'])) { $this->http_status("416 Requested range not satisfiable"); return; }
if (isset($range['end'])) { $size = $range['end']-$range['start']+1; $this->http_status("206 partial"); header("Content-length: $size"); header("Content-range: $range[start]-$range[end]/" . (isset($options['size']) ? $options['size'] : "*")); while ($size && !feof($options['stream'])) { $buffer = fread($options['stream'], 4096); $size -= $this->bytes($buffer); echo $buffer; } } else { $this->http_status("206 partial"); if (isset($options['size'])) { header("Content-length: ".($options['size'] - $range['start'])); header("Content-range: ".$range['start']."-".$range['end']."/" . (isset($options['size']) ? $options['size'] : "*")); } fpassthru($options['stream']); } } else { header("Content-length: ".$range['last']); fseek($options['stream'], -$range['last'], SEEK_END); fpassthru($options['stream']); } } else { $this->_multipart_byterange_header(); // init multipart
foreach ($options['ranges'] as $range) { // TODO what if size unknown? 500?
if (isset($range['start'])) { $from = $range['start']; $to = !empty($range['end']) ? $range['end'] : $options['size']-1; } else { $from = $options['size'] - $range['last']-1; $to = $options['size'] -1; } $total = isset($options['size']) ? $options['size'] : "*"; $size = $to - $from + 1; $this->_multipart_byterange_header($options['mimetype'], $from, $to, $total);
fseek($options['stream'], $from, SEEK_SET); while ($size && !feof($options['stream'])) { $buffer = fread($options['stream'], 4096); $size -= $this->bytes($buffer); echo $buffer; } } $this->_multipart_byterange_header(); // end multipart
} } else { // normal request or stream isn't seekable, return full content
if (isset($options['size'])) { header("Content-length: ".$options['size']); } fpassthru($options['stream']); return; // no more headers
} } elseif (isset($options['data'])) { if (is_array($options['data'])) { // reply to partial request
} else { header("Content-length: ".$this->bytes($options['data'])); echo $options['data']; } } } }
if (!headers_sent()) { if (false === $status) { $this->http_status("404 not found"); } else { // TODO: check setting of headers in various code paths above
$this->http_status("$status"); } } }
/** * parse HTTP Range: header * * @param array options array to store result in * @return void */ function _get_ranges(&$options) { // process Range: header if present
if (isset($this->_SERVER['HTTP_RANGE'])) {
// we only support standard "bytes" range specifications for now
if (preg_match('/bytes\s*=\s*(.+)/', $this->_SERVER['HTTP_RANGE'], $matches)) { $options["ranges"] = array();
// ranges are comma separated
foreach (explode(",", $matches[1]) as $range) { // ranges are either from-to pairs or just end positions
list($start, $end) = explode("-", $range); $options["ranges"][] = ($start==="") ? array("last"=>$end) : array("start"=>$start, "end"=>$end); } } } }
/** * generate separator headers for multipart response * * first and last call happen without parameters to generate * the initial header and closing sequence, all calls inbetween * require content mimetype, start and end byte position and * optionaly the total byte length of the requested resource * * @param string mimetype * @param int start byte position * @param int end byte position * @param int total resource byte size */ function _multipart_byterange_header($mimetype = false, $from = false, $to=false, $total=false) { if ($mimetype === false) { if (!isset($this->multipart_separator)) { // initial
// a little naive, this sequence *might* be part of the content
// but it's really not likely and rather expensive to check
$this->multipart_separator = "SEPARATOR_".md5(microtime());
// generate HTTP header
header("Content-type: multipart/byteranges; boundary=".$this->multipart_separator); } else { // final
// generate closing multipart sequence
echo "\n--{$this->multipart_separator}--"; } } else { // generate separator and header for next part
echo "\n--{$this->multipart_separator}\n"; echo "Content-type: $mimetype\n"; echo "Content-range: $from-$to/". ($total === false ? "*" : $total); echo "\n\n"; } }
// }}}
// {{{ http_HEAD()
/** * HEAD method handler * * @param void * @return void */ function http_HEAD() { $status = false; $options = Array(); $options["path"] = $this->path; if (method_exists($this, "HEAD")) { $status = $this->head($options); } else if (method_exists($this, "GET")) { ob_start(); $status = $this->GET($options); if (!isset($options['size'])) { $options['size'] = ob_get_length(); } ob_end_clean(); } if (!isset($options['mimetype'])) { $options['mimetype'] = "application/octet-stream"; } header("Content-type: $options[mimetype]"); if (isset($options['mtime'])) { header("Last-modified:".gmdate("D, d M Y H:i:s ", $options['mtime'])."GMT"); } if (isset($options['size'])) { header("Content-length: ".$options['size']); }
if ($status === true) $status = "200 OK"; if ($status === false) $status = "404 Not found"; $this->http_status($status); }
// }}}
// {{{ http_PUT()
/** * PUT method handler * * @param void * @return void */ function http_PUT() { if ($this->_check_lock_status($this->path)) { $options = Array(); $options["path"] = $this->path; $options["content_length"] = $this->_SERVER["CONTENT_LENGTH"];
// get the Content-type
if (isset($this->_SERVER["CONTENT_TYPE"])) { // for now we do not support any sort of multipart requests
if (!strncmp($this->_SERVER["CONTENT_TYPE"], "multipart/", 10)) { $this->http_status("501 not implemented"); echo "The service does not support mulipart PUT requests"; return; } $options["content_type"] = $this->_SERVER["CONTENT_TYPE"]; } else { // default content type if none given
$options["content_type"] = "application/octet-stream"; }
/* RFC 2616 2.6 says: "The recipient of the entity MUST NOT
ignore any Content-* (e.g. Content-Range) headers that it does not understand or implement and MUST return a 501 (Not Implemented) response in such cases."
*/ foreach ($this->_SERVER as $key => $val) { if (strncmp($key, "HTTP_CONTENT", 11)) continue; switch ($key) { case 'HTTP_CONTENT_ENCODING': // RFC 2616 14.11
// TODO support this if ext/zlib filters are available
$this->http_status("501 not implemented"); echo "The service does not support '$val' content encoding"; return;
case 'HTTP_CONTENT_LANGUAGE': // RFC 2616 14.12
// we assume it is not critical if this one is ignored
// in the actual PUT implementation ...
$options["content_language"] = $val; break;
case 'HTTP_CONTENT_LENGTH': // defined on IIS and has the same value as CONTENT_LENGTH
break;
case 'HTTP_CONTENT_LOCATION': // RFC 2616 14.14
/* The meaning of the Content-Location header in PUT or POST requests is undefined; servers are free to ignore it in those cases. */ break;
case 'HTTP_CONTENT_RANGE': // RFC 2616 14.16
// single byte range requests are supported
// the header format is also specified in RFC 2616 14.16
// TODO we have to ensure that implementations support this or send 501 instead
if (!preg_match('@bytes\s+(\d+)-(\d+)/((\d+)|\*)@', $val, $matches)) { $this->http_status("400 bad request"); echo "The service does only support single byte ranges"; return; } $range = array("start"=>$matches[1], "end"=>$matches[2]); if (is_numeric($matches[3])) { $range["total_length"] = $matches[3]; } $option["ranges"][] = $range;
// TODO make sure the implementation supports partial PUT
// this has to be done in advance to avoid data being overwritten
// on implementations that do not support this ...
break;
case 'HTTP_CONTENT_TYPE': // defined on IIS and has the same value as CONTENT_TYPE
break;
case 'HTTP_CONTENT_MD5': // RFC 2616 14.15
// TODO: maybe we can just pretend here?
$this->http_status("501 not implemented"); echo "The service does not support content MD5 checksum verification"; return;
default: // any other unknown Content-* headers
$this->http_status("501 not implemented"); echo "The service does not support '$key'"; return; } } $options["stream"] = fopen("php://input", "r");
$stat = $this->PUT($options);
if ($stat === false) { $stat = "403 Forbidden"; } else if (is_resource($stat) && get_resource_type($stat) == "stream") { $stream = $stat;
$stat = $options["new"] ? "201 Created" : "204 No Content";
if (!empty($options["ranges"])) { // TODO multipart support is missing (see also above)
if (0 == fseek($stream, $range[0]["start"], SEEK_SET)) { $length = $range[0]["end"]-$range[0]["start"]+1; if (!fwrite($stream, fread($options["stream"], $length))) { $stat = "403 Forbidden"; } } else { $stat = "403 Forbidden"; } } else { while (!feof($options["stream"])) { if (false === fwrite($stream, fread($options["stream"], 4096))) { $stat = "403 Forbidden"; break; } } }
fclose($stream); }
$this->http_status($stat); } else { $this->http_status("423 Locked"); } }
// }}}
// {{{ http_DELETE()
/** * DELETE method handler * * @param void * @return void */ function http_DELETE() { // check RFC 2518 Section 9.2, last paragraph
if (isset($this->_SERVER["HTTP_DEPTH"])) { if ($this->_SERVER["HTTP_DEPTH"] != "infinity") { $this->http_status("400 Bad Request"); return; } }
// check lock status
if ($this->_check_lock_status($this->path)) { // ok, proceed
$options = Array(); $options["path"] = $this->path;
$stat = $this->DELETE($options);
$this->http_status($stat); } else { // sorry, its locked
$this->http_status("423 Locked"); } }
// }}}
// {{{ http_COPY()
/** * COPY method handler * * @param void * @return void */ function http_COPY() { // no need to check source lock status here
// destination lock status is always checked by the helper method
$this->_copymove("copy"); }
// }}}
// {{{ http_MOVE()
/** * MOVE method handler * * @param void * @return void */ function http_MOVE() { if ($this->_check_lock_status($this->path)) { // destination lock status is always checked by the helper method
$this->_copymove("move"); } else { $this->http_status("423 Locked"); } }
// }}}
// {{{ http_LOCK()
/** * LOCK method handler * * @param void * @return void */ function http_LOCK() { $options = Array(); $options["path"] = $this->path; if (isset($this->_SERVER['HTTP_DEPTH'])) { $options["depth"] = $this->_SERVER["HTTP_DEPTH"]; } else { $options["depth"] = "infinity"; } if (isset($this->_SERVER["HTTP_TIMEOUT"])) { $options["timeout"] = explode(",", $this->_SERVER["HTTP_TIMEOUT"]); } if (empty($this->_SERVER['CONTENT_LENGTH']) && !empty($this->_SERVER['HTTP_IF'])) { // check if locking is possible
if (!$this->_check_lock_status($this->path)) { $this->http_status("423 Locked"); return; }
// refresh lock
$options["locktoken"] = substr($this->_SERVER['HTTP_IF'], 2, -2); $options["update"] = $options["locktoken"];
// setting defaults for required fields, LOCK() SHOULD overwrite these
$options['owner'] = "unknown"; $options['scope'] = "exclusive"; $options['type'] = "write";
$stat = $this->LOCK($options); } else { // extract lock request information from request XML payload
$lockinfo = new _parse_lockinfo("php://input"); if (!$lockinfo->success) { $this->http_status("400 bad request"); }
// check if locking is possible
if (!$this->_check_lock_status($this->path, $lockinfo->lockscope === "shared")) { $this->http_status("423 Locked"); return; }
// new lock
$options["scope"] = $lockinfo->lockscope; $options["type"] = $lockinfo->locktype; $options["owner"] = $lockinfo->owner; $options["locktoken"] = $this->_new_locktoken(); $stat = $this->LOCK($options); } if (is_bool($stat)) { $http_stat = $stat ? "200 OK" : "423 Locked"; } else { $http_stat = (string)$stat; } $this->http_status($http_stat); if ($http_stat{0} == 2) { // 2xx states are ok
if ($options["timeout"]) { // if multiple timeout values were given we take the first only
if (is_array($options["timeout"])) { reset($options["timeout"]); $options["timeout"] = current($options["timeout"]); } // if the timeout is numeric only we need to reformat it
if (is_numeric($options["timeout"])) { // more than a million is considered an absolute timestamp
// less is more likely a relative value
if ($options["timeout"]>1000000) { $timeout = "Second-".($options['timeout']-time()); } else { $timeout = "Second-$options[timeout]"; } } else { // non-numeric values are passed on verbatim,
// no error checking is performed here in this case
// TODO: send "Infinite" on invalid timeout strings?
$timeout = $options["timeout"]; } } else { $timeout = "Infinite"; } header('Content-Type: text/xml; charset="utf-8"'); header("Lock-Token: <$options[locktoken]>"); echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"; echo "<D:prop xmlns:D=\"DAV:\">\n"; echo " <D:lockdiscovery>\n"; echo " <D:activelock>\n"; echo " <D:lockscope><D:$options[scope]/></D:lockscope>\n"; echo " <D:locktype><D:$options[type]/></D:locktype>\n"; echo " <D:depth>$options[depth]</D:depth>\n"; echo " <D:owner>$options[owner]</D:owner>\n"; echo " <D:timeout>$timeout</D:timeout>\n"; echo " <D:locktoken><D:href>$options[locktoken]</D:href></D:locktoken>\n"; echo " </D:activelock>\n"; echo " </D:lockdiscovery>\n"; echo "</D:prop>\n\n"; } }
// }}}
// {{{ http_UNLOCK()
/** * UNLOCK method handler * * @param void * @return void */ function http_UNLOCK() { $options = Array(); $options["path"] = $this->path;
if (isset($this->_SERVER['HTTP_DEPTH'])) { $options["depth"] = $this->_SERVER["HTTP_DEPTH"]; } else { $options["depth"] = "infinity"; }
// strip surrounding <>
$options["token"] = substr(trim($this->_SERVER["HTTP_LOCK_TOKEN"]), 1, -1);
// call user method
$stat = $this->UNLOCK($options);
$this->http_status($stat); }
// }}}
// }}}
// {{{ _copymove()
function _copymove($what) { $options = Array(); $options["path"] = $this->path;
if (isset($this->_SERVER["HTTP_DEPTH"])) { $options["depth"] = $this->_SERVER["HTTP_DEPTH"]; } else { $options["depth"] = "infinity"; }
$http_header_host = preg_replace("/:80$/", "", $this->_SERVER["HTTP_HOST"]);
$url = parse_url($this->_SERVER["HTTP_DESTINATION"]); $path = urldecode($url["path"]);
if (isset($url["host"])) { // TODO check url scheme, too
$http_host = $url["host"]; if (isset($url["port"]) && $url["port"] != 80) $http_host.= ":".$url["port"]; } else { // only path given, set host to self
$http_host == $http_header_host; }
if ($http_host == $http_header_host && !strncmp($this->_SERVER["SCRIPT_NAME"], $path, strlen($this->_SERVER["SCRIPT_NAME"]))) { $options["dest"] = substr($path, strlen($this->_SERVER["SCRIPT_NAME"])); if (!$this->_check_lock_status($options["dest"])) { $this->http_status("423 Locked"); return; }
} else { $options["dest_url"] = $this->_SERVER["HTTP_DESTINATION"]; }
// see RFC 2518 Sections 9.6, 8.8.4 and 8.9.3
if (isset($this->_SERVER["HTTP_OVERWRITE"])) { $options["overwrite"] = $this->_SERVER["HTTP_OVERWRITE"] == "T"; } else { $options["overwrite"] = true; }
$stat = $this->$what($options); $this->http_status($stat); }
// }}}
// {{{ _allow()
/** * check for implemented HTTP methods * * @param void * @return array something */ function _allow() { // OPTIONS is always there
$allow = array("OPTIONS" =>"OPTIONS");
// all other METHODS need both a http_method() wrapper
// and a method() implementation
// the base class supplies wrappers only
foreach (get_class_methods($this) as $method) { if (!strncmp("http_", $method, 5)) { $method = strtoupper(substr($method, 5)); if (method_exists($this, $method)) { $allow[$method] = $method; } } }
// we can emulate a missing HEAD implemetation using GET
if (isset($allow["GET"])) $allow["HEAD"] = "HEAD";
// no LOCK without checklok()
if (!method_exists($this, "checklock")) { unset($allow["LOCK"]); unset($allow["UNLOCK"]); }
return $allow; }
// }}}
/** * helper for property element creation * * @param string XML namespace (optional) * @param string property name * @param string property value * @return array property array */ function mkprop() { $args = func_get_args(); if (count($args) == 3) { return array("ns" => $args[0], "name" => $args[1], "val" => $args[2]); } else { return array("ns" => "DAV:", "name" => $args[0], "val" => $args[1]); } }
// {{{ _check_auth
/** * check authentication if check is implemented * * @param void * @return bool true if authentication succeded or not necessary */ function _check_auth() { $auth_type = isset($this->_SERVER["AUTH_TYPE"]) ? $this->_SERVER["AUTH_TYPE"] : null;
$auth_user = isset($this->_SERVER["PHP_AUTH_USER"]) ? $this->_SERVER["PHP_AUTH_USER"] : null;
$auth_pw = isset($this->_SERVER["PHP_AUTH_PW"]) ? $this->_SERVER["PHP_AUTH_PW"] : null;
if (method_exists($this, "checkAuth")) { // PEAR style method name
return $this->checkAuth($auth_type, $auth_user, $auth_pw); } else if (method_exists($this, "check_auth")) { // old (pre 1.0) method name
return $this->check_auth($auth_type, $auth_user, $auth_pw); } else { // no method found -> no authentication required
return true; } }
// }}}
// {{{ UUID stuff
/** * generate Unique Universal IDentifier for lock token * * @param void * @return string a new UUID */ function _new_uuid() { // use uuid extension from PECL if available
if (function_exists("uuid_create")) { return uuid_create(); }
// fallback
$uuid = md5(microtime().getmypid()); // this should be random enough for now
// set variant and version fields for 'true' random uuid
$uuid{12} = "4"; $n = 8 + (ord($uuid{16}) & 3); $hex = "0123456789abcdef"; $uuid{16} = $hex{$n};
// return formated uuid
return substr($uuid, 0, 8)."-" . substr($uuid, 8, 4)."-" . substr($uuid, 12, 4)."-" . substr($uuid, 16, 4)."-" . substr($uuid, 20); }
/** * create a new opaque lock token as defined in RFC2518 * * @param void * @return string new RFC2518 opaque lock token */ function _new_locktoken() { return "opaquelocktoken:".$this->_new_uuid(); }
// }}}
// {{{ WebDAV If: header parsing
/** * * * @param string header string to parse * @param int current parsing position * @return array next token (type and value) */ function _if_header_lexer($string, &$pos) { // skip whitespace
while (ctype_space($string{$pos})) { ++$pos; }
// already at end of string?
if (strlen($string) <= $pos) { return false; }
// get next character
$c = $string{$pos++};
// now it depends on what we found
switch ($c) { case "<": // URIs are enclosed in <...>
$pos2 = strpos($string, ">", $pos); $uri = substr($string, $pos, $pos2 - $pos); $pos = $pos2 + 1; return array("URI", $uri);
case "[": //Etags are enclosed in [...]
if ($string{$pos} == "W") { $type = "ETAG_WEAK"; $pos += 2; } else { $type = "ETAG_STRONG"; } $pos2 = strpos($string, "]", $pos); $etag = substr($string, $pos + 1, $pos2 - $pos - 2); $pos = $pos2 + 1; return array($type, $etag);
case "N": // "N" indicates negation
$pos += 2; return array("NOT", "Not");
default: // anything else is passed verbatim char by char
return array("CHAR", $c); } }
/** * parse If: header * * @param string header string * @return array URIs and their conditions */ function _if_header_parser($str) { $pos = 0; $len = strlen($str); $uris = array();
// parser loop
while ($pos < $len) { // get next token
$token = $this->_if_header_lexer($str, $pos);
// check for URI
if ($token[0] == "URI") { $uri = $token[1]; // remember URI
$token = $this->_if_header_lexer($str, $pos); // get next token
} else { $uri = ""; }
// sanity check
if ($token[0] != "CHAR" || $token[1] != "(") { return false; }
$list = array(); $level = 1; $not = ""; while ($level) { $token = $this->_if_header_lexer($str, $pos); if ($token[0] == "NOT") { $not = "!"; continue; } switch ($token[0]) { case "CHAR": switch ($token[1]) { case "(": $level++; break; case ")": $level--; break; default: return false; } break;
case "URI": $list[] = $not."<$token[1]>"; break;
case "ETAG_WEAK": $list[] = $not."[W/'$token[1]']>"; break;
case "ETAG_STRONG": $list[] = $not."['$token[1]']>"; break;
default: return false; } $not = ""; }
if (isset($uris[$uri]) && is_array($uris[$uri])) { $uris[$uri] = array_merge($uris[$uri], $list); } else { $uris[$uri] = $list; } }
return $uris; }
/** * check if conditions from "If:" headers are meat * * the "If:" header is an extension to HTTP/1.1 * defined in RFC 2518 section 9.4 * * @param void * @return void */ function _check_if_header_conditions() { if (isset($this->_SERVER["HTTP_IF"])) { $this->_if_header_uris = $this->_if_header_parser($this->_SERVER["HTTP_IF"]);
foreach ($this->_if_header_uris as $uri => $conditions) { if ($uri == "") { $uri = $this->uri; } // all must match
$state = true; foreach ($conditions as $condition) { // lock tokens may be free form (RFC2518 6.3)
// but if opaquelocktokens are used (RFC2518 6.4)
// we have to check the format (litmus tests this)
if (!strncmp($condition, "<opaquelocktoken:", strlen("<opaquelocktoken"))) { if (!preg_match('/^<opaquelocktoken:[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}>$/', $condition)) { $this->http_status("423 Locked"); return false; } } if (!$this->_check_uri_condition($uri, $condition)) { $this->http_status("412 Precondition failed"); $state = false; break; } }
// any match is ok
if ($state == true) { return true; } } return false; } return true; }
/** * Check a single URI condition parsed from an if-header * * Check a single URI condition parsed from an if-header * * @abstract * @param string $uri URI to check * @param string $condition Condition to check for this URI * @returns bool Condition check result */ function _check_uri_condition($uri, $condition) { // not really implemented here,
// implementations must override
// a lock token can never be from the DAV: scheme
// litmus uses DAV:no-lock in some tests
if (!strncmp("<DAV:", $condition, 5)) { return false; }
return true; }
/** * * * @param string path of resource to check * @param bool exclusive lock? */ function _check_lock_status($path, $exclusive_only = false) { // FIXME depth -> ignored for now
if (method_exists($this, "checkLock")) { // is locked?
$lock = $this->checkLock($path);
// ... and lock is not owned?
if (is_array($lock) && count($lock)) { // FIXME doesn't check uri restrictions yet
if (!isset($this->_SERVER["HTTP_IF"]) || !strstr($this->_SERVER["HTTP_IF"], $lock["token"])) { if (!$exclusive_only || ($lock["scope"] !== "shared")) return false; } } } return true; }
// }}}
/** * Generate lockdiscovery reply from checklock() result * * @param string resource path to check * @return string lockdiscovery response */ function lockdiscovery($path) { // no lock support without checklock() method
if (!method_exists($this, "checklock")) { return ""; }
// collect response here
$activelocks = "";
// get checklock() reply
$lock = $this->checklock($path);
// generate <activelock> block for returned data
if (is_array($lock) && count($lock)) { // check for 'timeout' or 'expires'
if (!empty($lock["expires"])) { $timeout = "Second-".($lock["expires"] - time()); } else if (!empty($lock["timeout"])) { $timeout = "Second-$lock[timeout]"; } else { $timeout = "Infinite"; }
// genreate response block
$activelocks.= "
<D:activelock> <D:lockscope><D:$lock[scope]/></D:lockscope> <D:locktype><D:$lock[type]/></D:locktype> <D:depth>$lock[depth]</D:depth> <D:owner>$lock[owner]</D:owner> <D:timeout>$timeout</D:timeout> <D:locktoken><D:href>$lock[token]</D:href></D:locktoken> </D:activelock> ";
}
// return generated response
return $activelocks; }
/** * set HTTP return status and mirror it in a private header * * @param string status code and message * @return void */ function http_status($status) { // simplified success case
if ($status === true) { $status = "200 OK"; }
// remember status
$this->_http_status = $status;
// generate HTTP status response
header("HTTP/1.1 $status"); header("X-WebDAV-Status: $status", true); }
/** * private minimalistic version of PHP urlencode() * * only blanks, percent and XML special chars must be encoded here * full urlencode() encoding confuses some clients ... * * @param string URL to encode * @return string encoded URL */ function _urlencode($url) { return strtr($url, array(" "=>"%20", "%"=>"%25", "&"=>"%26", "<"=>"%3C", ">"=>"%3E", )); }
/** * private version of PHP urldecode * * not really needed but added for completenes * * @param string URL to decode * @return string decoded URL */ function _urldecode($path) { return rawurldecode($path); }
/** * UTF-8 encode property values if not already done so * * @param string text to encode * @return string utf-8 encoded text */ function _prop_encode($text) { switch (strtolower($this->_prop_encoding)) { case "utf-8": return $text; case "iso-8859-1": case "iso-8859-15": case "latin-1": default: return utf8_encode($text); } }
/** * Slashify - make sure path ends in a slash * * @param string directory path * @returns string directory path wiht trailing slash */ function _slashify($path) { if ($path[strlen($path)-1] != '/') { $path = $path."/"; } return $path; }
/** * Unslashify - make sure path doesn't in a slash * * @param string directory path * @returns string directory path wihtout trailing slash */ function _unslashify($path) { if ($path[strlen($path)-1] == '/') { $path = substr($path, 0, strlen($path) -1); } return $path; }
/** * Merge two paths, make sure there is exactly one slash between them * * @param string parent path * @param string child path * @return string merged path */ function _mergePaths($parent, $child) { if ($child{0} == '/') { return $this->_unslashify($parent).$child; } else { return $this->_slashify($parent).$child; } } /** * mbstring.func_overload save strlen version: counting the bytes not the chars * * @param string $str * @return int */ function bytes($str) { static $func_overload; if (is_null($func_overload)) { $func_overload = @extension_loaded('mbstring') ? ini_get('mbstring.func_overload') : 0; } return $func_overload & 2 ? mb_strlen($str,'ascii') : strlen($str); }} ?>
|
