1<?php 2 3use dokuwiki\HTTP\Headers; 4use dokuwiki\Utf8\PhpString; 5 6/** 7 * Functions used by lib/exe/fetch.php 8 * (not included by other parts of dokuwiki) 9 */ 10 11/** 12 * Set headers and send the file to the client 13 * 14 * The $cache parameter influences how long files may be kept in caches, the $public parameter 15 * influences if this caching may happen in public proxis or in the browser cache only FS#2734 16 * 17 * This function will abort the current script when a 304 is sent or file sending is handled 18 * through x-sendfile 19 * 20 * @param string $file local file to send 21 * @param string $mime mime type of the file 22 * @param bool $dl set to true to force a browser download 23 * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache) 24 * @param bool $public is this a public ressource or a private one? 25 * @param string $orig original file to send - the file name will be used for the Content-Disposition 26 * @param array $csp The ContentSecurityPolicy to send 27 * @author Andreas Gohr <andi@splitbrain.org> 28 * @author Ben Coburn <btcoburn@silicodon.net> 29 * @author Gerry Weissbach <dokuwiki@gammaproduction.de> 30 * 31 */ 32function sendFile($file, $mime, $dl, $cache, $public = false, $orig = null, $csp = []) 33{ 34 global $conf; 35 // send mime headers 36 header("Content-Type: $mime"); 37 38 // send security policy if given 39 if (!empty($csp)) Headers::contentSecurityPolicy($csp); 40 41 // calculate cache times 42 if ($cache == -1) { 43 $maxage = max($conf['cachetime'], 3600); // cachetime or one hour 44 $expires = time() + $maxage; 45 } elseif ($cache > 0) { 46 $maxage = $cache; // given time 47 $expires = time() + $maxage; 48 } else { // $cache == 0 49 $maxage = 0; 50 $expires = 0; // 1970-01-01 51 } 52 53 // smart http caching headers 54 if ($maxage) { 55 if ($public) { 56 // cache publically 57 header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT'); 58 header('Cache-Control: public, proxy-revalidate, no-transform, max-age=' . $maxage); 59 } else { 60 // cache in browser 61 header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT'); 62 header('Cache-Control: private, no-transform, max-age=' . $maxage); 63 } 64 } else { 65 // no cache at all 66 header('Expires: Thu, 01 Jan 1970 00:00:00 GMT'); 67 header('Cache-Control: no-cache, no-transform'); 68 } 69 70 //send important headers first, script stops here if '304 Not Modified' response 71 $fmtime = @filemtime($file); 72 http_conditionalRequest($fmtime); 73 74 // Use the current $file if is $orig is not set. 75 if ($orig == null) { 76 $orig = $file; 77 } 78 79 //download or display? 80 if ($dl) { 81 header('Content-Disposition: attachment;' . rfc2231_encode( 82 'filename', 83 PhpString::basename($orig) 84 ) . ';'); 85 } else { 86 header('Content-Disposition: inline;' . rfc2231_encode( 87 'filename', 88 PhpString::basename($orig) 89 ) . ';'); 90 } 91 92 //use x-sendfile header to pass the delivery to compatible webservers 93 http_sendfile($file); 94 95 // send file contents 96 $fp = @fopen($file, "rb"); 97 if ($fp) { 98 http_rangeRequest($fp, filesize($file), $mime); 99 } else { 100 http_status(500); 101 echo "Could not read $file - bad permissions?"; 102 } 103} 104 105/** 106 * Try an rfc2231 compatible encoding. This ensures correct 107 * interpretation of filenames outside of the ASCII set. 108 * This seems to be needed for file names with e.g. umlauts that 109 * would otherwise decode wrongly in IE. 110 * 111 * There is no additional checking, just the encoding and setting the key=value for usage in headers 112 * 113 * @author Gerry Weissbach <gerry.w@gammaproduction.de> 114 * @param string $name name of the field to be set in the header() call 115 * @param string $value value of the field to be set in the header() call 116 * @param string $charset used charset for the encoding of value 117 * @param string $lang language used. 118 * @return string in the format " name=value" for values WITHOUT special characters 119 * @return string in the format " name*=charset'lang'value" for values WITH special characters 120 */ 121function rfc2231_encode($name, $value, $charset = 'utf-8', $lang = 'en') 122{ 123 $internal = preg_replace_callback( 124 '/[\x00-\x20*\'%()<>@,;:\\\\"\/[\]?=\x80-\xFF]/', 125 static fn($match) => rawurlencode($match[0]), 126 $value 127 ); 128 if ($value != $internal) { 129 return ' ' . $name . '*=' . $charset . "'" . $lang . "'" . $internal; 130 } else { 131 return ' ' . $name . '="' . $value . '"'; 132 } 133} 134 135/** 136 * Check for media for preconditions and return correct status code 137 * 138 * READ: MEDIA, MIME, EXT, CACHE 139 * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE ) 140 * 141 * @author Gerry Weissbach <gerry.w@gammaproduction.de> 142 * 143 * @param string $media reference to the media id 144 * @param string $file reference to the file variable 145 * @param string $rev 146 * @param int $width 147 * @param int $height 148 * @return array as array(STATUS, STATUSMESSAGE) 149 */ 150function checkFileStatus(&$media, &$file, $rev = '', $width = 0, $height = 0) 151{ 152 global $MIME, $EXT, $CACHE, $INPUT; 153 154 //media to local file 155 if (media_isexternal($media)) { 156 //check token for external image and additional for resized and cached images 157 if (media_get_token($media, $width, $height) !== $INPUT->str('tok')) { 158 return [412, 'Precondition Failed']; 159 } 160 //handle external images 161 if (str_starts_with($MIME, 'image/')) $file = media_get_from_URL($media, $EXT, $CACHE); 162 if (!$file) { 163 //download failed - redirect to original URL 164 return [302, $media]; 165 } 166 } else { 167 $media = cleanID($media); 168 if (empty($media)) { 169 return [400, 'Bad request']; 170 } 171 // check token for resized images 172 if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) { 173 return [412, 'Precondition Failed']; 174 } 175 176 //check permissions (namespace only) 177 if (auth_quickaclcheck(getNS($media) . ':X') < AUTH_READ) { 178 return [403, 'Forbidden']; 179 } 180 $file = mediaFN($media, $rev); 181 } 182 183 //check file existance 184 if (!file_exists($file)) { 185 return [404, 'Not Found']; 186 } 187 188 return [200, null]; 189} 190 191/** 192 * Returns the wanted cachetime in seconds 193 * 194 * Resolves named constants 195 * 196 * @author Andreas Gohr <andi@splitbrain.org> 197 * 198 * @param string $cache 199 * @return int cachetime in seconds 200 */ 201function calc_cache($cache) 202{ 203 global $conf; 204 205 if (strtolower($cache) == 'nocache') return 0; //never cache 206 if (strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache 207 return -1; //cache endless 208} 209