mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update to the svn version of "HTTP WebDAV server" (integration to owncloud was made with alimited knowledge, so it may be ugly).Anyway it improves a lot the score on litmus testsuite on my server.

This commit is contained in:
root 2010-04-21 12:04:22 +02:00
parent 964c9b362c
commit 09add452d9
5 changed files with 1696 additions and 1350 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

358
inc/HTTP/WebDAV/Server.php Executable file → Normal file
View File

@ -1,30 +1,42 @@
<?php <?php // $Id$
// /*
// +----------------------------------------------------------------------+ +----------------------------------------------------------------------+
// | PHP Version 4 | | Copyright (c) 2002-2007 Christian Stocker, Hartmut Holzgraefe |
// +----------------------------------------------------------------------+ | All rights reserved |
// | Copyright (c) 1997-2003 The PHP Group | | |
// +----------------------------------------------------------------------+ | Redistribution and use in source and binary forms, with or without |
// | This source file is subject to version 2.02 of the PHP license, | | modification, are permitted provided that the following conditions |
// | that is bundled with this package in the file LICENSE, and is | | are met: |
// | available at through the world-wide-web at | | |
// | http://www.php.net/license/2_02.txt. | | 1. Redistributions of source code must retain the above copyright |
// | If you did not receive a copy of the PHP license and are unable to | | notice, this list of conditions and the following disclaimer. |
// | obtain it through the world-wide-web, please send a note to | | 2. Redistributions in binary form must reproduce the above copyright |
// | license@php.net so we can mail you a copy immediately. | | notice, this list of conditions and the following disclaimer in |
// +----------------------------------------------------------------------+ | the documentation and/or other materials provided with the |
// | Authors: Hartmut Holzgraefe <hholzgra@php.net> | | distribution. |
// | Christian Stocker <chregu@bitflux.ch> | | 3. The names of the authors may not be used to endorse or promote |
// +----------------------------------------------------------------------+ | products derived from this software without specific prior |
// | written permission. |
// $Id: Server.php,v 1.46 2006/03/03 21:43:09 hholzgra Exp $ | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
| CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
| ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| POSSIBILITY OF SUCH DAMAGE. |
+----------------------------------------------------------------------+
*/
require_once "HTTP/WebDAV/Tools/_parse_propfind.php"; require_once "HTTP/WebDAV/Tools/_parse_propfind.php";
require_once "HTTP/WebDAV/Tools/_parse_proppatch.php"; require_once "HTTP/WebDAV/Tools/_parse_proppatch.php";
require_once "HTTP/WebDAV/Tools/_parse_lockinfo.php"; require_once "HTTP/WebDAV/Tools/_parse_lockinfo.php";
/** /**
* Virtual base class for implementing WebDAV servers * Virtual base class for implementing WebDAV servers
* *
@ -32,7 +44,7 @@ require_once "HTTP/WebDAV/Tools/_parse_lockinfo.php";
* *
* @package HTTP_WebDAV_Server * @package HTTP_WebDAV_Server
* @author Hartmut Holzgraefe <hholzgra@php.net> * @author Hartmut Holzgraefe <hholzgra@php.net>
* @version 0.99.1dev * @version @package_version@
*/ */
class HTTP_WebDAV_Server class HTTP_WebDAV_Server
{ {
@ -96,6 +108,16 @@ class HTTP_WebDAV_Server
*/ */
var $_prop_encoding = "utf-8"; var $_prop_encoding = "utf-8";
/**
* Copy of $_SERVER superglobal array
*
* Derived classes may extend the constructor to
* modify its contents
*
* @var array
*/
var $_SERVER;
// }}} // }}}
// {{{ Constructor // {{{ Constructor
@ -109,6 +131,10 @@ class HTTP_WebDAV_Server
{ {
// PHP messages destroy XML output -> switch them off // PHP messages destroy XML output -> switch them off
ini_set("display_errors", 0); ini_set("display_errors", 0);
// copy $_SERVER variables to local _SERVER array
// so that derived classes can simply modify these
$this->_SERVER = $_SERVER;
} }
// }}} // }}}
@ -125,16 +151,27 @@ class HTTP_WebDAV_Server
function ServeRequest() function ServeRequest()
{ {
// prevent warning in litmus check 'delete_fragment' // prevent warning in litmus check 'delete_fragment'
if (strstr($_SERVER["REQUEST_URI"], '#')) { if (strstr($this->_SERVER["REQUEST_URI"], '#')) {
$this->http_status("400 Bad Request"); $this->http_status("400 Bad Request");
return; return;
} }
// default uri is the complete request uri // default uri is the complete request uri
$uri = (@$_SERVER["HTTPS"] === "on" ? "https:" : "http:"); $uri = "http";
$uri.= "//$_SERVER[HTTP_HOST]$_SERVER[SCRIPT_NAME]"; if (isset($this->_SERVER["HTTPS"]) && $this->_SERVER["HTTPS"] === "on") {
$uri = "https";
}
$uri.= "://".$this->_SERVER["HTTP_HOST"].$this->_SERVER["SCRIPT_NAME"];
$path_info = empty($_SERVER["PATH_INFO"]) ? "/" : $_SERVER["PATH_INFO"]; // WebDAV has no concept of a query string and clients (including cadaver)
// seem to pass '?' unencoded, so we need to extract the path info out
// of the request URI ourselves
$path_info = substr($this->_SERVER["REQUEST_URI"], strlen($this->_SERVER["SCRIPT_NAME"]));
// just in case the path came in empty ...
if (empty($path_info)) {
$path_info = "/";
}
$this->base_uri = $uri; $this->base_uri = $uri;
$this->uri = $uri . $path_info; $this->uri = $uri . $path_info;
@ -142,7 +179,7 @@ class HTTP_WebDAV_Server
// set path // set path
$this->path = $this->_urldecode($path_info); $this->path = $this->_urldecode($path_info);
if (!strlen($this->path)) { if (!strlen($this->path)) {
if ($_SERVER["REQUEST_METHOD"] == "GET") { if ($this->_SERVER["REQUEST_METHOD"] == "GET") {
// redirect clients that try to GET a collection // redirect clients that try to GET a collection
// WebDAV clients should never try this while // WebDAV clients should never try this while
// regular HTTP clients might ... // regular HTTP clients might ...
@ -169,7 +206,7 @@ class HTTP_WebDAV_Server
// check authentication // check authentication
// for the motivation for not checking OPTIONS requests on / see // for the motivation for not checking OPTIONS requests on / see
// http://pear.php.net/bugs/bug.php?id=5363 // http://pear.php.net/bugs/bug.php?id=5363
if ( ( !(($_SERVER['REQUEST_METHOD'] == 'OPTIONS') && ($this->path == "/"))) if ( ( !(($this->_SERVER['REQUEST_METHOD'] == 'OPTIONS') && ($this->path == "/")))
&& (!$this->_check_auth())) { && (!$this->_check_auth())) {
// RFC2518 says we must use Digest instead of Basic // RFC2518 says we must use Digest instead of Basic
// but Microsoft Clients do not support Digest // but Microsoft Clients do not support Digest
@ -190,7 +227,7 @@ class HTTP_WebDAV_Server
} }
// detect requested method names // detect requested method names
$method = strtolower($_SERVER["REQUEST_METHOD"]); $method = strtolower($this->_SERVER["REQUEST_METHOD"]);
$wrapper = "http_".$method; $wrapper = "http_".$method;
// activate HEAD emulation by GET if no HEAD method found // activate HEAD emulation by GET if no HEAD method found
@ -201,7 +238,7 @@ class HTTP_WebDAV_Server
if (method_exists($this, $wrapper) && ($method == "options" || method_exists($this, $method))) { if (method_exists($this, $wrapper) && ($method == "options" || method_exists($this, $method))) {
$this->$wrapper(); // call method by name $this->$wrapper(); // call method by name
} else { // method not found/implemented } else { // method not found/implemented
if ($_SERVER["REQUEST_METHOD"] == "LOCK") { if ($this->_SERVER["REQUEST_METHOD"] == "LOCK") {
$this->http_status("412 Precondition failed"); $this->http_status("412 Precondition failed");
} else { } else {
$this->http_status("405 Method not allowed"); $this->http_status("405 Method not allowed");
@ -465,7 +502,7 @@ class HTTP_WebDAV_Server
* OPTIONS method handler * OPTIONS method handler
* *
* The OPTIONS method handler creates a valid OPTIONS reply * The OPTIONS method handler creates a valid OPTIONS reply
* including Dav: and Allowed: heaers * including Dav: and Allowed: headers
* based on the implemented methods found in the actual instance * based on the implemented methods found in the actual instance
* *
* @param void * @param void
@ -508,11 +545,13 @@ class HTTP_WebDAV_Server
function http_PROPFIND() function http_PROPFIND()
{ {
$options = Array(); $options = Array();
$files = Array();
$options["path"] = $this->path; $options["path"] = $this->path;
// search depth from header (default is "infinity) // search depth from header (default is "infinity)
if (isset($_SERVER['HTTP_DEPTH'])) { if (isset($this->_SERVER['HTTP_DEPTH'])) {
$options["depth"] = $_SERVER["HTTP_DEPTH"]; $options["depth"] = $this->_SERVER["HTTP_DEPTH"];
} else { } else {
$options["depth"] = "infinity"; $options["depth"] = "infinity";
} }
@ -527,9 +566,30 @@ class HTTP_WebDAV_Server
// call user handler // call user handler
if (!$this->PROPFIND($options, $files)) { if (!$this->PROPFIND($options, $files)) {
$files = array("files" => array());
if (method_exists($this, "checkLock")) {
// is locked?
$lock = $this->checkLock($this->path);
if (is_array($lock) && count($lock)) {
$created = isset($lock['created']) ? $lock['created'] : time();
$modified = isset($lock['modified']) ? $lock['modified'] : time();
$files['files'][] = array("path" => $this->_slashify($this->path),
"props" => array($this->mkprop("displayname", $this->path),
$this->mkprop("creationdate", $created),
$this->mkprop("getlastmodified", $modified),
$this->mkprop("resourcetype", ""),
$this->mkprop("getcontenttype", ""),
$this->mkprop("getcontentlength", 0))
);
}
}
if (empty($files['files'])) {
$this->http_status("404 Not Found"); $this->http_status("404 Not Found");
return; return;
} }
}
// collect namespaces here // collect namespaces here
$ns_hash = array(); $ns_hash = array();
@ -567,8 +627,11 @@ class HTTP_WebDAV_Server
// search property name in requested properties // search property name in requested properties
foreach ((array)$options["props"] as $reqprop) { foreach ((array)$options["props"] as $reqprop) {
if (!isset($reqprop["xmlns"])) {
$reqprop["xmlns"] = "";
}
if ( $reqprop["name"] == $prop["name"] if ( $reqprop["name"] == $prop["name"]
&& @$reqprop["xmlns"] == $prop["ns"]) { && $reqprop["xmlns"] == $prop["ns"]) {
$found = true; $found = true;
break; break;
} }
@ -602,10 +665,14 @@ class HTTP_WebDAV_Server
$found = false; $found = false;
if (!isset($reqprop["xmlns"])) {
$reqprop["xmlns"] = "";
}
// check if property exists in result // check if property exists in result
foreach ($file["props"] as $prop) { foreach ($file["props"] as $prop) {
if ( $reqprop["name"] == $prop["name"] if ( $reqprop["name"] == $prop["name"]
&& @$reqprop["xmlns"] == $prop["ns"]) { && $reqprop["xmlns"] == $prop["ns"]) {
$found = true; $found = true;
break; break;
} }
@ -654,7 +721,10 @@ class HTTP_WebDAV_Server
/* TODO right now the user implementation has to make sure /* TODO right now the user implementation has to make sure
collections end in a slash, this should be done in here collections end in a slash, this should be done in here
by checking the resource attribute */ by checking the resource attribute */
$href = $this->_mergePathes($_SERVER['SCRIPT_NAME'], $path); $href = $this->_mergePaths($this->_SERVER['SCRIPT_NAME'], $path);
/* minimal urlencoding is needed for the resource path */
$href = $this->_urlencode($href);
echo " <D:href>$href</D:href>\n"; echo " <D:href>$href</D:href>\n";
@ -701,6 +771,17 @@ class HTTP_WebDAV_Server
echo $prop["val"]; echo $prop["val"];
echo " </D:lockdiscovery>\n"; echo " </D:lockdiscovery>\n";
break; break;
// the following are non-standard Microsoft extensions to the DAV namespace
case "lastaccessed":
echo " <D:lastaccessed ns0:dt=\"dateTime.rfc1123\">"
. gmdate("D, d M Y H:i:s ", $prop['val'])
. "GMT</D:lastaccessed>\n";
break;
case "ishidden":
echo " <D:ishidden>"
. is_string($prop['val']) ? $prop['val'] : ($prop['val'] ? 'true' : 'false')
. "</D:ishidden>\n";
break;
default: default:
echo " <D:$prop[name]>" echo " <D:$prop[name]>"
. $this->_prop_encode(htmlspecialchars($prop['val'])) . $this->_prop_encode(htmlspecialchars($prop['val']))
@ -767,6 +848,7 @@ class HTTP_WebDAV_Server
{ {
if ($this->_check_lock_status($this->path)) { if ($this->_check_lock_status($this->path)) {
$options = Array(); $options = Array();
$options["path"] = $this->path; $options["path"] = $this->path;
$propinfo = new _parse_proppatch("php://input"); $propinfo = new _parse_proppatch("php://input");
@ -787,7 +869,7 @@ class HTTP_WebDAV_Server
echo "<D:multistatus xmlns:D=\"DAV:\">\n"; echo "<D:multistatus xmlns:D=\"DAV:\">\n";
echo " <D:response>\n"; echo " <D:response>\n";
echo " <D:href>".$this->_urlencode($this->_mergePathes($_SERVER["SCRIPT_NAME"], $this->path))."</D:href>\n"; echo " <D:href>".$this->_urlencode($this->_mergePaths($this->_SERVER["SCRIPT_NAME"], $this->path))."</D:href>\n";
foreach ($options["props"] as $prop) { foreach ($options["props"] as $prop) {
echo " <D:propstat>\n"; echo " <D:propstat>\n";
@ -823,6 +905,7 @@ class HTTP_WebDAV_Server
function http_MKCOL() function http_MKCOL()
{ {
$options = Array(); $options = Array();
$options["path"] = $this->path; $options["path"] = $this->path;
$stat = $this->MKCOL($options); $stat = $this->MKCOL($options);
@ -885,14 +968,14 @@ class HTTP_WebDAV_Server
. (isset($options['size']) ? $options['size'] : "*")); . (isset($options['size']) ? $options['size'] : "*"));
while ($size && !feof($options['stream'])) { while ($size && !feof($options['stream'])) {
$buffer = fread($options['stream'], 4096); $buffer = fread($options['stream'], 4096);
$size -= strlen($buffer); $size -= $this->bytes($buffer);
echo $buffer; echo $buffer;
} }
} else { } else {
$this->http_status("206 partial"); $this->http_status("206 partial");
if (isset($options['size'])) { if (isset($options['size'])) {
header("Content-length: ".($options['size'] - $range['start'])); header("Content-length: ".($options['size'] - $range['start']));
header("Content-range: $start-$end/" header("Content-range: ".$range['start']."-".$range['end']."/"
. (isset($options['size']) ? $options['size'] : "*")); . (isset($options['size']) ? $options['size'] : "*"));
} }
fpassthru($options['stream']); fpassthru($options['stream']);
@ -918,10 +1001,10 @@ class HTTP_WebDAV_Server
$this->_multipart_byterange_header($options['mimetype'], $from, $to, $total); $this->_multipart_byterange_header($options['mimetype'], $from, $to, $total);
fseek($options['stream'], $start, SEEK_SET); fseek($options['stream'], $from, SEEK_SET);
while ($size && !feof($options['stream'])) { while ($size && !feof($options['stream'])) {
$buffer = fread($options['stream'], 4096); $buffer = fread($options['stream'], 4096);
$size -= strlen($buffer); $size -= $this->bytes($buffer);
echo $buffer; echo $buffer;
} }
} }
@ -939,7 +1022,7 @@ class HTTP_WebDAV_Server
if (is_array($options['data'])) { if (is_array($options['data'])) {
// reply to partial request // reply to partial request
} else { } else {
header("Content-length: ".strlen($options['data'])); header("Content-length: ".$this->bytes($options['data']));
echo $options['data']; echo $options['data'];
} }
} }
@ -950,7 +1033,7 @@ class HTTP_WebDAV_Server
if (false === $status) { if (false === $status) {
$this->http_status("404 not found"); $this->http_status("404 not found");
} else { } else {
// TODO: check setting of headers in various code pathes above // TODO: check setting of headers in various code paths above
$this->http_status("$status"); $this->http_status("$status");
} }
} }
@ -966,10 +1049,10 @@ class HTTP_WebDAV_Server
function _get_ranges(&$options) function _get_ranges(&$options)
{ {
// process Range: header if present // process Range: header if present
if (isset($_SERVER['HTTP_RANGE'])) { if (isset($this->_SERVER['HTTP_RANGE'])) {
// we only support standard "bytes" range specifications for now // we only support standard "bytes" range specifications for now
if (preg_match('/bytes\s*=\s*(.+)/', $_SERVER['HTTP_RANGE'], $matches)) { if (preg_match('/bytes\s*=\s*(.+)/', $this->_SERVER['HTTP_RANGE'], $matches)) {
$options["ranges"] = array(); $options["ranges"] = array();
// ranges are comma separated // ranges are comma separated
@ -1053,6 +1136,15 @@ class HTTP_WebDAV_Server
ob_end_clean(); ob_end_clean();
} }
if (!isset($options['mimetype'])) {
$options['mimetype'] = "application/octet-stream";
}
header("Content-type: $options[mimetype]");
if (isset($options['mtime'])) {
header("Last-modified:".gmdate("D, d M Y H:i:s ", $options['mtime'])."GMT");
}
if (isset($options['size'])) { if (isset($options['size'])) {
header("Content-length: ".$options['size']); header("Content-length: ".$options['size']);
} }
@ -1078,17 +1170,17 @@ class HTTP_WebDAV_Server
if ($this->_check_lock_status($this->path)) { if ($this->_check_lock_status($this->path)) {
$options = Array(); $options = Array();
$options["path"] = $this->path; $options["path"] = $this->path;
$options["content_length"] = $_SERVER["CONTENT_LENGTH"]; $options["content_length"] = $this->_SERVER["CONTENT_LENGTH"];
// get the Content-type // get the Content-type
if (isset($_SERVER["CONTENT_TYPE"])) { if (isset($this->_SERVER["CONTENT_TYPE"])) {
// for now we do not support any sort of multipart requests // for now we do not support any sort of multipart requests
if (!strncmp($_SERVER["CONTENT_TYPE"], "multipart/", 10)) { if (!strncmp($this->_SERVER["CONTENT_TYPE"], "multipart/", 10)) {
$this->http_status("501 not implemented"); $this->http_status("501 not implemented");
echo "The service does not support mulipart PUT requests"; echo "The service does not support mulipart PUT requests";
return; return;
} }
$options["content_type"] = $_SERVER["CONTENT_TYPE"]; $options["content_type"] = $this->_SERVER["CONTENT_TYPE"];
} else { } else {
// default content type if none given // default content type if none given
$options["content_type"] = "application/octet-stream"; $options["content_type"] = "application/octet-stream";
@ -1099,7 +1191,7 @@ class HTTP_WebDAV_Server
does not understand or implement and MUST return a 501 does not understand or implement and MUST return a 501
(Not Implemented) response in such cases." (Not Implemented) response in such cases."
*/ */
foreach ($_SERVER as $key => $val) { foreach ($this->_SERVER as $key => $val) {
if (strncmp($key, "HTTP_CONTENT", 11)) continue; if (strncmp($key, "HTTP_CONTENT", 11)) continue;
switch ($key) { switch ($key) {
case 'HTTP_CONTENT_ENCODING': // RFC 2616 14.11 case 'HTTP_CONTENT_ENCODING': // RFC 2616 14.11
@ -1111,7 +1203,11 @@ class HTTP_WebDAV_Server
case 'HTTP_CONTENT_LANGUAGE': // RFC 2616 14.12 case 'HTTP_CONTENT_LANGUAGE': // RFC 2616 14.12
// we assume it is not critical if this one is ignored // we assume it is not critical if this one is ignored
// in the actual PUT implementation ... // in the actual PUT implementation ...
$options["content_language"] = $value; $options["content_language"] = $val;
break;
case 'HTTP_CONTENT_LENGTH':
// defined on IIS and has the same value as CONTENT_LENGTH
break; break;
case 'HTTP_CONTENT_LOCATION': // RFC 2616 14.14 case 'HTTP_CONTENT_LOCATION': // RFC 2616 14.14
@ -1141,6 +1237,10 @@ class HTTP_WebDAV_Server
// on implementations that do not support this ... // on implementations that do not support this ...
break; break;
case 'HTTP_CONTENT_TYPE':
// defined on IIS and has the same value as CONTENT_TYPE
break;
case 'HTTP_CONTENT_MD5': // RFC 2616 14.15 case 'HTTP_CONTENT_MD5': // RFC 2616 14.15
// TODO: maybe we can just pretend here? // TODO: maybe we can just pretend here?
$this->http_status("501 not implemented"); $this->http_status("501 not implemented");
@ -1208,8 +1308,8 @@ class HTTP_WebDAV_Server
function http_DELETE() function http_DELETE()
{ {
// check RFC 2518 Section 9.2, last paragraph // check RFC 2518 Section 9.2, last paragraph
if (isset($_SERVER["HTTP_DEPTH"])) { if (isset($this->_SERVER["HTTP_DEPTH"])) {
if ($_SERVER["HTTP_DEPTH"] != "infinity") { if ($this->_SERVER["HTTP_DEPTH"] != "infinity") {
$this->http_status("400 Bad Request"); $this->http_status("400 Bad Request");
return; return;
} }
@ -1283,17 +1383,17 @@ class HTTP_WebDAV_Server
$options = Array(); $options = Array();
$options["path"] = $this->path; $options["path"] = $this->path;
if (isset($_SERVER['HTTP_DEPTH'])) { if (isset($this->_SERVER['HTTP_DEPTH'])) {
$options["depth"] = $_SERVER["HTTP_DEPTH"]; $options["depth"] = $this->_SERVER["HTTP_DEPTH"];
} else { } else {
$options["depth"] = "infinity"; $options["depth"] = "infinity";
} }
if (isset($_SERVER["HTTP_TIMEOUT"])) { if (isset($this->_SERVER["HTTP_TIMEOUT"])) {
$options["timeout"] = explode(",", $_SERVER["HTTP_TIMEOUT"]); $options["timeout"] = explode(",", $this->_SERVER["HTTP_TIMEOUT"]);
} }
if(empty($_SERVER['CONTENT_LENGTH']) && !empty($_SERVER['HTTP_IF'])) { if (empty($this->_SERVER['CONTENT_LENGTH']) && !empty($this->_SERVER['HTTP_IF'])) {
// check if locking is possible // check if locking is possible
if (!$this->_check_lock_status($this->path)) { if (!$this->_check_lock_status($this->path)) {
$this->http_status("423 Locked"); $this->http_status("423 Locked");
@ -1301,7 +1401,15 @@ class HTTP_WebDAV_Server
} }
// refresh lock // refresh lock
$options["update"] = substr($_SERVER['HTTP_IF'], 2, -2); $options["locktoken"] = substr($this->_SERVER['HTTP_IF'], 2, -2);
$options["update"] = $options["locktoken"];
// setting defaults for required fields, LOCK() SHOULD overwrite these
$options['owner'] = "unknown";
$options['scope'] = "exclusive";
$options['type'] = "write";
$stat = $this->LOCK($options); $stat = $this->LOCK($options);
} else { } else {
// extract lock request information from request XML payload // extract lock request information from request XML payload
@ -1320,7 +1428,6 @@ class HTTP_WebDAV_Server
$options["scope"] = $lockinfo->lockscope; $options["scope"] = $lockinfo->lockscope;
$options["type"] = $lockinfo->locktype; $options["type"] = $lockinfo->locktype;
$options["owner"] = $lockinfo->owner; $options["owner"] = $lockinfo->owner;
$options["locktoken"] = $this->_new_locktoken(); $options["locktoken"] = $this->_new_locktoken();
$stat = $this->LOCK($options); $stat = $this->LOCK($options);
@ -1329,13 +1436,19 @@ class HTTP_WebDAV_Server
if (is_bool($stat)) { if (is_bool($stat)) {
$http_stat = $stat ? "200 OK" : "423 Locked"; $http_stat = $stat ? "200 OK" : "423 Locked";
} else { } else {
$http_stat = $stat; $http_stat = (string)$stat;
} }
$this->http_status($http_stat); $this->http_status($http_stat);
if ($http_stat{0} == 2) { // 2xx states are ok if ($http_stat{0} == 2) { // 2xx states are ok
if ($options["timeout"]) { if ($options["timeout"]) {
// if multiple timeout values were given we take the first only
if (is_array($options["timeout"])) {
reset($options["timeout"]);
$options["timeout"] = current($options["timeout"]);
}
// if the timeout is numeric only we need to reformat it
if (is_numeric($options["timeout"])) {
// more than a million is considered an absolute timestamp // more than a million is considered an absolute timestamp
// less is more likely a relative value // less is more likely a relative value
if ($options["timeout"]>1000000) { if ($options["timeout"]>1000000) {
@ -1343,6 +1456,12 @@ class HTTP_WebDAV_Server
} else { } else {
$timeout = "Second-$options[timeout]"; $timeout = "Second-$options[timeout]";
} }
} else {
// non-numeric values are passed on verbatim,
// no error checking is performed here in this case
// TODO: send "Infinite" on invalid timeout strings?
$timeout = $options["timeout"];
}
} else { } else {
$timeout = "Infinite"; $timeout = "Infinite";
} }
@ -1381,14 +1500,14 @@ class HTTP_WebDAV_Server
$options = Array(); $options = Array();
$options["path"] = $this->path; $options["path"] = $this->path;
if (isset($_SERVER['HTTP_DEPTH'])) { if (isset($this->_SERVER['HTTP_DEPTH'])) {
$options["depth"] = $_SERVER["HTTP_DEPTH"]; $options["depth"] = $this->_SERVER["HTTP_DEPTH"];
} else { } else {
$options["depth"] = "infinity"; $options["depth"] = "infinity";
} }
// strip surrounding <> // strip surrounding <>
$options["token"] = substr(trim($_SERVER["HTTP_LOCK_TOKEN"]), 1, -1); $options["token"] = substr(trim($this->_SERVER["HTTP_LOCK_TOKEN"]), 1, -1);
// call user method // call user method
$stat = $this->UNLOCK($options); $stat = $this->UNLOCK($options);
@ -1407,36 +1526,43 @@ class HTTP_WebDAV_Server
$options = Array(); $options = Array();
$options["path"] = $this->path; $options["path"] = $this->path;
if (isset($_SERVER["HTTP_DEPTH"])) { if (isset($this->_SERVER["HTTP_DEPTH"])) {
$options["depth"] = $_SERVER["HTTP_DEPTH"]; $options["depth"] = $this->_SERVER["HTTP_DEPTH"];
} else { } else {
$options["depth"] = "infinity"; $options["depth"] = "infinity";
} }
extract(parse_url($_SERVER["HTTP_DESTINATION"])); $http_header_host = preg_replace("/:80$/", "", $this->_SERVER["HTTP_HOST"]);
$path = urldecode($path);
$http_host = $host;
if (isset($port) && $port != 80)
$http_host.= ":$port";
$http_header_host = preg_replace("/:80$/", "", $_SERVER["HTTP_HOST"]); $url = parse_url($this->_SERVER["HTTP_DESTINATION"]);
$path = urldecode($url["path"]);
if (isset($url["host"])) {
// TODO check url scheme, too
$http_host = $url["host"];
if (isset($url["port"]) && $url["port"] != 80)
$http_host.= ":".$url["port"];
} else {
// only path given, set host to self
$http_host == $http_header_host;
}
if ($http_host == $http_header_host && if ($http_host == $http_header_host &&
!strncmp($_SERVER["SCRIPT_NAME"], $path, !strncmp($this->_SERVER["SCRIPT_NAME"], $path,
strlen($_SERVER["SCRIPT_NAME"]))) { strlen($this->_SERVER["SCRIPT_NAME"]))) {
$options["dest"] = substr($path, strlen($_SERVER["SCRIPT_NAME"])); $options["dest"] = substr($path, strlen($this->_SERVER["SCRIPT_NAME"]));
if (!$this->_check_lock_status($options["dest"])) { if (!$this->_check_lock_status($options["dest"])) {
$this->http_status("423 Locked"); $this->http_status("423 Locked");
return; return;
} }
} else { } else {
$options["dest_url"] = $_SERVER["HTTP_DESTINATION"]; $options["dest_url"] = $this->_SERVER["HTTP_DESTINATION"];
} }
// see RFC 2518 Sections 9.6, 8.8.4 and 8.9.3 // see RFC 2518 Sections 9.6, 8.8.4 and 8.9.3
if (isset($_SERVER["HTTP_OVERWRITE"])) { if (isset($this->_SERVER["HTTP_OVERWRITE"])) {
$options["overwrite"] = $_SERVER["HTTP_OVERWRITE"] == "T"; $options["overwrite"] = $this->_SERVER["HTTP_OVERWRITE"] == "T";
} else { } else {
$options["overwrite"] = true; $options["overwrite"] = true;
} }
@ -1519,16 +1645,24 @@ class HTTP_WebDAV_Server
*/ */
function _check_auth() function _check_auth()
{ {
$auth_type = isset($this->_SERVER["AUTH_TYPE"])
? $this->_SERVER["AUTH_TYPE"]
: null;
$auth_user = isset($this->_SERVER["PHP_AUTH_USER"])
? $this->_SERVER["PHP_AUTH_USER"]
: null;
$auth_pw = isset($this->_SERVER["PHP_AUTH_PW"])
? $this->_SERVER["PHP_AUTH_PW"]
: null;
if (method_exists($this, "checkAuth")) { if (method_exists($this, "checkAuth")) {
// PEAR style method name // PEAR style method name
return $this->checkAuth(@$_SERVER["AUTH_TYPE"], return $this->checkAuth($auth_type, $auth_user, $auth_pw);
@$_SERVER["PHP_AUTH_USER"],
@$_SERVER["PHP_AUTH_PW"]);
} else if (method_exists($this, "check_auth")) { } else if (method_exists($this, "check_auth")) {
// old (pre 1.0) method name // old (pre 1.0) method name
return $this->check_auth(@$_SERVER["AUTH_TYPE"], return $this->check_auth($auth_type, $auth_user, $auth_pw);
@$_SERVER["PHP_AUTH_USER"],
@$_SERVER["PHP_AUTH_PW"]);
} else { } else {
// no method found -> no authentication required // no method found -> no authentication required
return true; return true;
@ -1649,7 +1783,6 @@ class HTTP_WebDAV_Server
{ {
$pos = 0; $pos = 0;
$len = strlen($str); $len = strlen($str);
$uris = array(); $uris = array();
// parser loop // parser loop
@ -1711,7 +1844,7 @@ class HTTP_WebDAV_Server
$not = ""; $not = "";
} }
if (@is_array($uris[$uri])) { if (isset($uris[$uri]) && is_array($uris[$uri])) {
$uris[$uri] = array_merge($uris[$uri], $list); $uris[$uri] = array_merge($uris[$uri], $list);
} else { } else {
$uris[$uri] = $list; $uris[$uri] = $list;
@ -1732,9 +1865,9 @@ class HTTP_WebDAV_Server
*/ */
function _check_if_header_conditions() function _check_if_header_conditions()
{ {
if (isset($_SERVER["HTTP_IF"])) { if (isset($this->_SERVER["HTTP_IF"])) {
$this->_if_header_uris = $this->_if_header_uris =
$this->_if_header_parser($_SERVER["HTTP_IF"]); $this->_if_header_parser($this->_SERVER["HTTP_IF"]);
foreach ($this->_if_header_uris as $uri => $conditions) { foreach ($this->_if_header_uris as $uri => $conditions) {
if ($uri == "") { if ($uri == "") {
@ -1783,6 +1916,13 @@ class HTTP_WebDAV_Server
{ {
// not really implemented here, // not really implemented here,
// implementations must override // implementations must override
// a lock token can never be from the DAV: scheme
// litmus uses DAV:no-lock in some tests
if (!strncmp("<DAV:", $condition, 5)) {
return false;
}
return true; return true;
} }
@ -1803,7 +1943,7 @@ class HTTP_WebDAV_Server
// ... and lock is not owned? // ... and lock is not owned?
if (is_array($lock) && count($lock)) { if (is_array($lock) && count($lock)) {
// FIXME doesn't check uri restrictions yet // FIXME doesn't check uri restrictions yet
if (!isset($_SERVER["HTTP_IF"]) || !strstr($_SERVER["HTTP_IF"], $lock["token"])) { if (!isset($this->_SERVER["HTTP_IF"]) || !strstr($this->_SERVER["HTTP_IF"], $lock["token"])) {
if (!$exclusive_only || ($lock["scope"] !== "shared")) if (!$exclusive_only || ($lock["scope"] !== "shared"))
return false; return false;
} }
@ -1887,7 +2027,7 @@ class HTTP_WebDAV_Server
/** /**
* private minimalistic version of PHP urlencode() * private minimalistic version of PHP urlencode()
* *
* only blanks and XML special chars must be encoded here * only blanks, percent and XML special chars must be encoded here
* full urlencode() encoding confuses some clients ... * full urlencode() encoding confuses some clients ...
* *
* @param string URL to encode * @param string URL to encode
@ -1896,6 +2036,7 @@ class HTTP_WebDAV_Server
function _urlencode($url) function _urlencode($url)
{ {
return strtr($url, array(" "=>"%20", return strtr($url, array(" "=>"%20",
"%"=>"%25",
"&"=>"%26", "&"=>"%26",
"<"=>"%3C", "<"=>"%3C",
">"=>"%3E", ">"=>"%3E",
@ -1912,7 +2053,7 @@ class HTTP_WebDAV_Server
*/ */
function _urldecode($path) function _urldecode($path)
{ {
return urldecode($path); return rawurldecode($path);
} }
/** /**
@ -1940,7 +2081,8 @@ class HTTP_WebDAV_Server
* @param string directory path * @param string directory path
* @returns string directory path wiht trailing slash * @returns string directory path wiht trailing slash
*/ */
function _slashify($path) { function _slashify($path)
{
if ($path[strlen($path)-1] != '/') { if ($path[strlen($path)-1] != '/') {
$path = $path."/"; $path = $path."/";
} }
@ -1953,21 +2095,22 @@ class HTTP_WebDAV_Server
* @param string directory path * @param string directory path
* @returns string directory path wihtout trailing slash * @returns string directory path wihtout trailing slash
*/ */
function _unslashify($path) { function _unslashify($path)
{
if ($path[strlen($path)-1] == '/') { if ($path[strlen($path)-1] == '/') {
$path = substr($path, 0, strlen($path, 0, -1)); $path = substr($path, 0, strlen($path) -1);
} }
return $path; return $path;
} }
/** /**
* Merge two pathes, make sure there is exactly one slash between them * Merge two paths, make sure there is exactly one slash between them
* *
* @param string parent path * @param string parent path
* @param string child path * @param string child path
* @return string merged path * @return string merged path
*/ */
function _mergePathes($parent, $child) function _mergePaths($parent, $child)
{ {
if ($child{0} == '/') { if ($child{0} == '/') {
return $this->_unslashify($parent).$child; return $this->_unslashify($parent).$child;
@ -1975,6 +2118,23 @@ class HTTP_WebDAV_Server
return $this->_slashify($parent).$child; return $this->_slashify($parent).$child;
} }
} }
/**
* mbstring.func_overload save strlen version: counting the bytes not the chars
*
* @param string $str
* @return int
*/
function bytes($str)
{
static $func_overload;
if (is_null($func_overload))
{
$func_overload = @extension_loaded('mbstring') ? ini_get('mbstring.func_overload') : 0;
}
return $func_overload & 2 ? mb_strlen($str,'ascii') : strlen($str);
}
} }
/* /*

290
inc/HTTP/WebDAV/Server/Filesystem.php Executable file → Normal file
View File

@ -1,5 +1,37 @@
<?php <?php // $Id$
/*
+----------------------------------------------------------------------+
| Copyright (c) 2002-2007 Christian Stocker, Hartmut Holzgraefe |
| All rights reserved |
| |
| Redistribution and use in source and binary forms, with or without |
| modification, are permitted provided that the following conditions |
| are met: |
| |
| 1. Redistributions of source code must retain the above copyright |
| notice, this list of conditions and the following disclaimer. |
| 2. Redistributions in binary form must reproduce the above copyright |
| notice, this list of conditions and the following disclaimer in |
| the documentation and/or other materials provided with the |
| distribution. |
| 3. The names of the authors may not be used to endorse or promote |
| products derived from this software without specific prior |
| written permission. |
| |
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
| CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
| ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| POSSIBILITY OF SUCH DAMAGE. |
+----------------------------------------------------------------------+
*/
require_once "lib_base.php"; require_once "lib_base.php";
require_once "HTTP/WebDAV/Server.php"; require_once "HTTP/WebDAV/Server.php";
require_once "System.php"; require_once "System.php";
@ -8,6 +40,8 @@
* Filesystem access using WebDAV * Filesystem access using WebDAV
* *
* @access public * @access public
* @author Hartmut Holzgraefe <hartmut@php.net>
* @version @package-version@
*/ */
class HTTP_WebDAV_Server_Filesystem extends HTTP_WebDAV_Server class HTTP_WebDAV_Server_Filesystem extends HTTP_WebDAV_Server
{ {
@ -32,22 +66,23 @@
// special treatment for litmus compliance test // special treatment for litmus compliance test
// reply on its identifier header // reply on its identifier header
// not needed for the test itself but eases debugging // not needed for the test itself but eases debugging
if (function_exists("apache_request_headers")) { if (isset($this->_SERVER['HTTP_X_LITMUS'])) {
foreach(apache_request_headers() as $key => $value) { error_log("Litmus test ".$this->_SERVER['HTTP_X_LITMUS']);
if (stristr($key,"litmus")) { header("X-Litmus-reply: ".$this->_SERVER['HTTP_X_LITMUS']);
error_log("Litmus test $value");
header("X-Litmus-reply: ".$value);
}
}
} }
// set root directory, defaults to webserver document root if not set // set root directory, defaults to webserver document root if not set
if ($base) { if ($base) {
$this->base = realpath($base); // TODO throw if not a directory $this->base = realpath($base); // TODO throw if not a directory
} else if (!$this->base) { } else if (!$this->base) {
$this->base = $_SERVER['DOCUMENT_ROOT']; $this->base = $this->_SERVER['DOCUMENT_ROOT'];
} }
// establish connection to property/locking db
// mysql_connect($this->db_host, $this->db_user, $this->db_passwd) or die(mysql_error());
// mysql_select_db($this->db_name) or die(mysql_error());
// TODO throw on connection problems
// let the base class do all the work // let the base class do all the work
parent::ServeRequest(); parent::ServeRequest();
} }
@ -91,13 +126,13 @@
$files["files"][] = $this->fileinfo($options["path"]); $files["files"][] = $this->fileinfo($options["path"]);
// information for contained resources requested? // information for contained resources requested?
if (!empty($options["depth"])) { // TODO check for is_dir() first? if (!empty($options["depth"]) && is_dir($fspath) && is_readable($fspath)) {
// make sure path ends with '/' // make sure path ends with '/'
$options["path"] = $this->_slashify($options["path"]); $options["path"] = $this->_slashify($options["path"]);
// try to open directory // try to open directory
$handle = @opendir($fspath); $handle = opendir($fspath);
if ($handle) { if ($handle) {
// ok, now get all its contents // ok, now get all its contents
@ -138,6 +173,10 @@
$info["props"][] = $this->mkprop("creationdate", filectime($fspath)); $info["props"][] = $this->mkprop("creationdate", filectime($fspath));
$info["props"][] = $this->mkprop("getlastmodified", filemtime($fspath)); $info["props"][] = $this->mkprop("getlastmodified", filemtime($fspath));
// Microsoft extensions: last access time and 'hidden' status
$info["props"][] = $this->mkprop("lastaccessed", fileatime($fspath));
$info["props"][] = $this->mkprop("ishidden", ('.' === substr(basename($fspath), 0, 1)));
// type and size (caller already made sure that path exists) // type and size (caller already made sure that path exists)
if (is_dir($fspath)) { if (is_dir($fspath)) {
// directory (WebDAV collection) // directory (WebDAV collection)
@ -155,12 +194,14 @@
} }
// get additional properties from database // get additional properties from database
$query = "SELECT ns, name, value FROM properties WHERE path = '$path'"; $query = "SELECT ns, name, value
$res = OC_DB::query($query); FROM {$this->db_prefix}properties
while ($row = OC_DB::fetch_assoc($res)) { WHERE path = '$path'";
$res = mysql_query($query);
while ($row = mysql_fetch_assoc($res)) {
$info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]); $info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]);
} }
OC_DB::free_result($res); mysql_free_result($res);
return $info; return $info;
} }
@ -217,7 +258,7 @@
*/ */
function _mimetype($fspath) function _mimetype($fspath)
{ {
if (@is_dir($fspath)) { if (is_dir($fspath)) {
// directories are easy // directories are easy
return "httpd/unix-directory"; return "httpd/unix-directory";
} else if (function_exists("mime_content_type")) { } else if (function_exists("mime_content_type")) {
@ -238,7 +279,7 @@
if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) { if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) {
$reply = substr($reply, strlen($fspath)+2); $reply = substr($reply, strlen($fspath)+2);
// followed by the mime type (maybe including options) // followed by the mime type (maybe including options)
if (preg_match('/^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*/', $reply, $matches)) { if (preg_match('|^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*|', $reply, $matches)) {
$mime_type = $matches[0]; $mime_type = $matches[0];
} }
} }
@ -278,12 +319,12 @@
} }
/** /**
* GET method handler * HEAD method handler
* *
* @param array parameter passing array * @param array parameter passing array
* @return bool true on success * @return bool true on success
*/ */
function GET(&$options) function HEAD(&$options)
{ {
// get absolute fs path to requested resource // get absolute fs path to requested resource
$fspath = $this->base . $options["path"]; $fspath = $this->base . $options["path"];
@ -291,11 +332,6 @@
// sanity check // sanity check
if (!file_exists($fspath)) return false; if (!file_exists($fspath)) return false;
// is this a collection?
if (is_dir($fspath)) {
return $this->GetDir($fspath, $options);
}
// detect resource type // detect resource type
$options['mimetype'] = $this->_mimetype($fspath); $options['mimetype'] = $this->_mimetype($fspath);
@ -308,6 +344,30 @@
// detect resource size // detect resource size
$options['size'] = filesize($fspath); $options['size'] = filesize($fspath);
return true;
}
/**
* GET method handler
*
* @param array parameter passing array
* @return bool true on success
*/
function GET(&$options)
{
// get absolute fs path to requested resource
$fspath = $this->base . $options["path"];
// is this a collection?
if (is_dir($fspath)) {
return $this->GetDir($fspath, $options);
}
// the header output is the same as for HEAD
if (!$this->HEAD($options)) {
return false;
}
// no need to check result here, it is handled by the base class // no need to check result here, it is handled by the base class
$options['stream'] = fopen($fspath, "r"); $options['stream'] = fopen($fspath, "r");
@ -334,7 +394,11 @@
// fixed width directory column format // fixed width directory column format
$format = "%15s %-19s %-s\n"; $format = "%15s %-19s %-s\n";
$handle = @opendir($fspath); if (!is_readable($fspath)) {
return false;
}
$handle = opendir($fspath);
if (!$handle) { if (!$handle) {
return false; return false;
} }
@ -354,7 +418,7 @@
printf($format, printf($format,
number_format(filesize($fullpath)), number_format(filesize($fullpath)),
strftime("%Y-%m-%d %H:%M:%S", filemtime($fullpath)), strftime("%Y-%m-%d %H:%M:%S", filemtime($fullpath)),
"<a href='$this->base_uri$path$name'>$name</a>"); "<a href='$name'>$name</a>");
} }
} }
@ -377,12 +441,23 @@
{ {
$fspath = $this->base . $options["path"]; $fspath = $this->base . $options["path"];
if (!@is_dir(dirname($fspath))) { $dir = dirname($fspath);
return "409 Conflict"; if (!file_exists($dir) || !is_dir($dir)) {
return "409 Conflict"; // TODO right status code for both?
} }
$options["new"] = ! file_exists($fspath); $options["new"] = ! file_exists($fspath);
if ($options["new"] && !is_writeable($dir)) {
return "403 Forbidden";
}
if (!$options["new"] && !is_writeable($fspath)) {
return "403 Forbidden";
}
if (!$options["new"] && is_dir($fspath)) {
return "403 Forbidden";
}
$fp = fopen($fspath, "w"); $fp = fopen($fspath, "w");
return $fp; return $fp;
@ -413,7 +488,7 @@
return "405 Method not allowed"; return "405 Method not allowed";
} }
if (!empty($_SERVER["CONTENT_LENGTH"])) { // no body parsing yet if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
return "415 Unsupported media type"; return "415 Unsupported media type";
} }
@ -441,14 +516,16 @@
} }
if (is_dir($path)) { if (is_dir($path)) {
$query = "DELETE FROM properties WHERE path LIKE '".$this->_slashify($options["path"])."%'"; $query = "DELETE FROM {$this->db_prefix}properties
OC_DB::query($query); WHERE path LIKE '".$this->_slashify($options["path"])."%'";
System::rm("-rf $path"); mysql_query($query);
System::rm(array("-rf", $path));
} else { } else {
unlink($path); unlink($path);
} }
$query = "DELETE FROM properties WHERE path = '$options[path]'"; $query = "DELETE FROM {$this->db_prefix}properties
OC_DB::query($query); WHERE path = '$options[path]'";
mysql_query($query);
return "204 No Content"; return "204 No Content";
} }
@ -475,7 +552,7 @@
{ {
// TODO Property updates still broken (Litmus should detect this?) // TODO Property updates still broken (Litmus should detect this?)
if (!empty($_SERVER["CONTENT_LENGTH"])) { // no body parsing yet if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
return "415 Unsupported media type"; return "415 Unsupported media type";
} }
@ -485,9 +562,32 @@
} }
$source = $this->base . $options["path"]; $source = $this->base . $options["path"];
if (!file_exists($source)) return "404 Not found"; if (!file_exists($source)) {
return "404 Not found";
}
if (is_dir($source)) { // resource is a collection
switch ($options["depth"]) {
case "infinity": // valid
break;
case "0": // valid for COPY only
if ($del) { // MOVE?
return "400 Bad request";
}
break;
case "1": // invalid for both COPY and MOVE
default:
return "400 Bad request";
}
}
$dest = $this->base . $options["dest"]; $dest = $this->base . $options["dest"];
$destdir = dirname($dest);
if (!file_exists($destdir) || !is_dir($destdir)) {
return "409 Conflict";
}
$new = !file_exists($dest); $new = !file_exists($dest);
$existing_col = false; $existing_col = false;
@ -518,27 +618,22 @@
} }
} }
if (is_dir($source) && ($options["depth"] != "infinity")) {
// RFC 2518 Section 9.2, last paragraph
return "400 Bad request";
}
if ($del) { if ($del) {
if (!rename($source, $dest)) { if (!rename($source, $dest)) {
return "500 Internal server error"; return "500 Internal server error";
} }
$destpath = $this->_unslashify($options["dest"]); $destpath = $this->_unslashify($options["dest"]);
if (is_dir($source)) { if (is_dir($source)) {
$query = "UPDATE properties $query = "UPDATE {$this->db_prefix}properties
SET path = REPLACE(path, '".$options["path"]."', '".$destpath."') SET path = REPLACE(path, '".$options["path"]."', '".$destpath."')
WHERE path LIKE '".$this->_slashify($options["path"])."%'"; WHERE path LIKE '".$this->_slashify($options["path"])."%'";
OC_DB::query($query); mysql_query($query);
} }
$query = "UPDATE properties $query = "UPDATE {$this->db_prefix}properties
SET path = '".$destpath."' SET path = '".$destpath."'
WHERE path = '".$options["path"]."'"; WHERE path = '".$options["path"]."'";
OC_DB::query($query); mysql_query($query);
} else { } else {
if (is_dir($source)) { if (is_dir($source)) {
$files = System::find($source); $files = System::find($source);
@ -560,22 +655,28 @@
$destfile = str_replace($source, $dest, $file); $destfile = str_replace($source, $dest, $file);
if (is_dir($file)) { if (is_dir($file)) {
if (!is_dir($destfile)) { if (!file_exists($destfile)) {
// TODO "mkdir -p" here? (only natively supported by PHP 5) if (!is_writeable(dirname($destfile))) {
return "403 Forbidden";
}
if (!mkdir($destfile)) { if (!mkdir($destfile)) {
return "409 Conflict"; return "409 Conflict";
} }
} else { } else if (!is_dir($destfile)) {
error_log("existing dir '$destfile'"); return "409 Conflict";
} }
} else { } else {
if (!copy($file, $destfile)) { if (!copy($file, $destfile)) {
return "409 Conflict"; return "409 Conflict";
} }
} }
} }
$query = "INSERT INTO properties SELECT ... FROM properties WHERE path = '".$options['path']."'"; $query = "INSERT INTO {$this->db_prefix}properties
SELECT *
FROM {$this->db_prefix}properties
WHERE path = '".$options['path']."'";
} }
return ($new && !$existing_col) ? "201 Created" : "204 No Content"; return ($new && !$existing_col) ? "201 Created" : "204 No Content";
@ -592,9 +693,7 @@
global $prefs, $tab; global $prefs, $tab;
$msg = ""; $msg = "";
$path = $options["path"]; $path = $options["path"];
$dir = dirname($path)."/"; $dir = dirname($path)."/";
$base = basename($path); $base = basename($path);
@ -603,12 +702,18 @@
$options["props"][$key]['status'] = "403 Forbidden"; $options["props"][$key]['status'] = "403 Forbidden";
} else { } else {
if (isset($prop["val"])) { if (isset($prop["val"])) {
$query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'"; $query = "REPLACE INTO {$this->db_prefix}properties
error_log($query); SET path = '$options[path]'
, name = '$prop[name]'
, ns= '$prop[ns]'
, value = '$prop[val]'";
} else { } else {
$query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'"; $query = "DELETE FROM {$this->db_prefix}properties
WHERE path = '$options[path]'
AND name = '$prop[name]'
AND ns = '$prop[ns]'";
} }
OC_DB::query($query); mysql_query($query);
} }
} }
@ -624,30 +729,54 @@
*/ */
function LOCK(&$options) function LOCK(&$options)
{ {
if (isset($options["update"])) { // Lock Update // get absolute fs path to requested resource
$query = "UPDATE locks SET expires = ".(time()+300); $fspath = $this->base . $options["path"];
OC_DB::query($query);
// TODO recursive locks on directories not supported yet
// makes litmus test "32. lock_collection" fail
if (is_dir($fspath) && !empty($options["depth"])) {
return "409 Conflict";
}
$options["timeout"] = time()+300; // 5min. hardcoded
if (isset($options["update"])) { // Lock Update
$where = "WHERE path = '$options[path]' AND token = '$options[update]'";
$query = "SELECT owner, exclusivelock FROM {$this->db_prefix}locks $where";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
mysql_free_result($res);
if (is_array($row)) {
$query = "UPDATE {$this->db_prefix}locks
SET expires = '$options[timeout]'
, modified = ".time()."
$where";
mysql_query($query);
$options['owner'] = $row['owner'];
$options['scope'] = $row["exclusivelock"] ? "exclusive" : "shared";
$options['type'] = $row["exclusivelock"] ? "write" : "read";
if (OC_DB::affected_rows()) {
$options["timeout"] = 300; // 5min hardcoded
return true; return true;
} else { } else {
return false; return false;
} }
} }
$options["timeout"] = time()+300; // 5min. hardcoded $query = "INSERT INTO {$this->db_prefix}locks
$query = "INSERT INTO locks
SET token = '$options[locktoken]' SET token = '$options[locktoken]'
, path = '$options[path]' , path = '$options[path]'
, created = ".time()."
, modified = ".time()."
, owner = '$options[owner]' , owner = '$options[owner]'
, expires = '$options[timeout]' , expires = '$options[timeout]'
, exclusivelock = " .($options['scope'] === "exclusive" ? "1" : "0") , exclusivelock = " .($options['scope'] === "exclusive" ? "1" : "0")
; ;
OC_DB::query($query); mysql_query($query);
return OC_DB::affected_rows() ? "200 OK" : "409 Conflict"; return mysql_affected_rows() ? "200 OK" : "409 Conflict";
} }
/** /**
@ -658,12 +787,12 @@
*/ */
function UNLOCK(&$options) function UNLOCK(&$options)
{ {
$query = "DELETE FROM locks $query = "DELETE FROM {$this->db_prefix}locks
WHERE path = '$options[path]' WHERE path = '$options[path]'
AND token = '$options[token]'"; AND token = '$options[token]'";
OC_DB::query($query); mysql_query($query);
return OC_DB::affected_rows() ? "204 No Content" : "409 Conflict"; return mysql_affected_rows() ? "204 No Content" : "409 Conflict";
} }
/** /**
@ -676,15 +805,15 @@
{ {
$result = false; $result = false;
$query = "SELECT owner, token, expires, exclusivelock $query = "SELECT owner, token, created, modified, expires, exclusivelock
FROM locks FROM {$this->db_prefix}locks
WHERE path = '$path' WHERE path = '$path'
"; ";
$res = OC_DB::query($query); $res = mysql_query($query);
if ($res) { if ($res) {
$row = OC_DB::fetch_assoc($res); $row = mysql_fetch_array($res);
OC_DB::free_result($res); mysql_free_result($res);
if ($row) { if ($row) {
$result = array( "type" => "write", $result = array( "type" => "write",
@ -692,6 +821,8 @@
"depth" => 0, "depth" => 0,
"owner" => $row['owner'], "owner" => $row['owner'],
"token" => $row['token'], "token" => $row['token'],
"created" => $row['created'],
"modified" => $row['modified'],
"expires" => $row['expires'] "expires" => $row['expires']
); );
} }
@ -712,8 +843,13 @@
// TODO // TODO
return false; return false;
} }
} }
?> /*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* indent-tabs-mode:nil
* End:
*/

58
inc/HTTP/WebDAV/Tools/_parse_lockinfo.php Executable file → Normal file
View File

@ -1,31 +1,45 @@
<?php <?php // $Id$
// /*
// +----------------------------------------------------------------------+ +----------------------------------------------------------------------+
// | PHP Version 4 | | Copyright (c) 2002-2007 Christian Stocker, Hartmut Holzgraefe |
// +----------------------------------------------------------------------+ | All rights reserved |
// | Copyright (c) 1997-2003 The PHP Group | | |
// +----------------------------------------------------------------------+ | Redistribution and use in source and binary forms, with or without |
// | This source file is subject to version 2.02 of the PHP license, | | modification, are permitted provided that the following conditions |
// | that is bundled with this package in the file LICENSE, and is | | are met: |
// | available at through the world-wide-web at | | |
// | http://www.php.net/license/2_02.txt. | | 1. Redistributions of source code must retain the above copyright |
// | If you did not receive a copy of the PHP license and are unable to | | notice, this list of conditions and the following disclaimer. |
// | obtain it through the world-wide-web, please send a note to | | 2. Redistributions in binary form must reproduce the above copyright |
// | license@php.net so we can mail you a copy immediately. | | notice, this list of conditions and the following disclaimer in |
// +----------------------------------------------------------------------+ | the documentation and/or other materials provided with the |
// | Authors: Hartmut Holzgraefe <hholzgra@php.net> | | distribution. |
// | Christian Stocker <chregu@bitflux.ch> | | 3. The names of the authors may not be used to endorse or promote |
// +----------------------------------------------------------------------+ | products derived from this software without specific prior |
// | written permission. |
// $Id: _parse_lockinfo.php,v 1.2 2004/01/05 12:32:40 hholzgra Exp $ | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
| CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
| ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| POSSIBILITY OF SUCH DAMAGE. |
+----------------------------------------------------------------------+
*/
/** /**
* helper class for parsing LOCK request bodies * helper class for parsing LOCK request bodies
* *
* @package HTTP_WebDAV_Server * @package HTTP_WebDAV_Server
* @author Hartmut Holzgraefe <hholzgra@php.net> * @author Hartmut Holzgraefe <hholzgra@php.net>
* @version 0.99.1dev * @version @package-version@
*/ */
class _parse_lockinfo class _parse_lockinfo
{ {

57
inc/HTTP/WebDAV/Tools/_parse_propfind.php Executable file → Normal file
View File

@ -1,31 +1,44 @@
<?php <?php // $Id$
// /*
// +----------------------------------------------------------------------+ +----------------------------------------------------------------------+
// | PHP Version 4 | | Copyright (c) 2002-2007 Christian Stocker, Hartmut Holzgraefe |
// +----------------------------------------------------------------------+ | All rights reserved |
// | Copyright (c) 1997-2003 The PHP Group | | |
// +----------------------------------------------------------------------+ | Redistribution and use in source and binary forms, with or without |
// | This source file is subject to version 2.02 of the PHP license, | | modification, are permitted provided that the following conditions |
// | that is bundled with this package in the file LICENSE, and is | | are met: |
// | available at through the world-wide-web at | | |
// | http://www.php.net/license/2_02.txt. | | 1. Redistributions of source code must retain the above copyright |
// | If you did not receive a copy of the PHP license and are unable to | | notice, this list of conditions and the following disclaimer. |
// | obtain it through the world-wide-web, please send a note to | | 2. Redistributions in binary form must reproduce the above copyright |
// | license@php.net so we can mail you a copy immediately. | | notice, this list of conditions and the following disclaimer in |
// +----------------------------------------------------------------------+ | the documentation and/or other materials provided with the |
// | Authors: Hartmut Holzgraefe <hholzgra@php.net> | | distribution. |
// | Christian Stocker <chregu@bitflux.ch> | | 3. The names of the authors may not be used to endorse or promote |
// +----------------------------------------------------------------------+ | products derived from this software without specific prior |
// | written permission. |
// $Id: _parse_propfind.php,v 1.2 2004/01/05 12:33:22 hholzgra Exp $ | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
| CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
| ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| POSSIBILITY OF SUCH DAMAGE. |
+----------------------------------------------------------------------+
*/
/** /**
* helper class for parsing PROPFIND request bodies * helper class for parsing PROPFIND request bodies
* *
* @package HTTP_WebDAV_Server * @package HTTP_WebDAV_Server
* @author Hartmut Holzgraefe <hholzgra@php.net> * @author Hartmut Holzgraefe <hholzgra@php.net>
* @version 0.99.1dev * @version @package-version@
*/ */
class _parse_propfind class _parse_propfind
{ {

71
inc/HTTP/WebDAV/Tools/_parse_proppatch.php Executable file → Normal file
View File

@ -1,31 +1,45 @@
<?php <?php // $Id$
// /*
// +----------------------------------------------------------------------+ +----------------------------------------------------------------------+
// | PHP Version 4 | | Copyright (c) 2002-2007 Christian Stocker, Hartmut Holzgraefe |
// +----------------------------------------------------------------------+ | All rights reserved |
// | Copyright (c) 1997-2003 The PHP Group | | |
// +----------------------------------------------------------------------+ | Redistribution and use in source and binary forms, with or without |
// | This source file is subject to version 2.02 of the PHP license, | | modification, are permitted provided that the following conditions |
// | that is bundled with this package in the file LICENSE, and is | | are met: |
// | available at through the world-wide-web at | | |
// | http://www.php.net/license/2_02.txt. | | 1. Redistributions of source code must retain the above copyright |
// | If you did not receive a copy of the PHP license and are unable to | | notice, this list of conditions and the following disclaimer. |
// | obtain it through the world-wide-web, please send a note to | | 2. Redistributions in binary form must reproduce the above copyright |
// | license@php.net so we can mail you a copy immediately. | | notice, this list of conditions and the following disclaimer in |
// +----------------------------------------------------------------------+ | the documentation and/or other materials provided with the |
// | Authors: Hartmut Holzgraefe <hholzgra@php.net> | | distribution. |
// | Christian Stocker <chregu@bitflux.ch> | | 3. The names of the authors may not be used to endorse or promote |
// +----------------------------------------------------------------------+ | products derived from this software without specific prior |
// | written permission. |
// $Id: _parse_proppatch.php,v 1.3 2004/01/05 12:41:34 hholzgra Exp $ | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
| CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
| ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| POSSIBILITY OF SUCH DAMAGE. |
+----------------------------------------------------------------------+
*/
/** /**
* helper class for parsing PROPPATCH request bodies * helper class for parsing PROPPATCH request bodies
* *
* @package HTTP_WebDAV_Server * @package HTTP_WebDAV_Server
* @author Hartmut Holzgraefe <hholzgra@php.net> * @author Hartmut Holzgraefe <hholzgra@php.net>
* @version 0.99.1dev * @version @package-version@
*/ */
class _parse_proppatch class _parse_proppatch
{ {
@ -152,9 +166,11 @@ class _parse_proppatch
if ($this->depth >= 4) { if ($this->depth >= 4) {
$this->current["val"] .= "<$tag"; $this->current["val"] .= "<$tag";
if (isset($attr)) {
foreach ($attr as $key => $val) { foreach ($attr as $key => $val) {
$this->current["val"] .= ' '.$key.'="'.str_replace('"','&quot;', $val).'"'; $this->current["val"] .= ' '.$key.'="'.str_replace('"','&quot;', $val).'"';
} }
}
$this->current["val"] .= ">"; $this->current["val"] .= ">";
} }
@ -204,11 +220,18 @@ class _parse_proppatch
* @return void * @return void
* @access private * @access private
*/ */
function _data($parser, $data) { function _data($parser, $data)
{
if (isset($this->current)) { if (isset($this->current)) {
$this->current["val"] .= $data; $this->current["val"] .= $data;
} }
} }
} }
?> /*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* indent-tabs-mode:nil
* End:
*/