1f62ea8a1Sandi<?php 2f62ea8a1Sandi/** 3f62ea8a1Sandi * DokuWiki media passthrough file 4f62ea8a1Sandi * 5f62ea8a1Sandi * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 6f62ea8a1Sandi * @author Andreas Gohr <andi@splitbrain.org> 7f62ea8a1Sandi */ 8f62ea8a1Sandi 9d0a27cb0SAndreas Gohr if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../'); 103138b5c7SAndreas Gohr define('DOKU_DISABLE_GZIP_OUTPUT', 1); 11f62ea8a1Sandi require_once(DOKU_INC.'inc/init.php'); 12f62ea8a1Sandi require_once(DOKU_INC.'inc/common.php'); 1313c08e2fSMichael Klier require_once(DOKU_INC.'inc/media.php'); 14f62ea8a1Sandi require_once(DOKU_INC.'inc/pageutils.php'); 15758447cfSAndreas Gohr require_once(DOKU_INC.'inc/httputils.php'); 16f62ea8a1Sandi require_once(DOKU_INC.'inc/confutils.php'); 17f62ea8a1Sandi require_once(DOKU_INC.'inc/auth.php'); 186106ad89SChris Smith 198746e727Sandi //close sesseion 208746e727Sandi session_write_close(); 218746e727Sandi 22f62ea8a1Sandi $mimetypes = getMimeTypes(); 23f62ea8a1Sandi 24f62ea8a1Sandi //get input 2502b0b681SAndreas Gohr $MEDIA = stripctl(getID('media',false)); // no cleaning except control chars - maybe external 26f62ea8a1Sandi $CACHE = calc_cache($_REQUEST['cache']); 278fcc3410SAndreas Gohr $WIDTH = (int) $_REQUEST['w']; 288fcc3410SAndreas Gohr $HEIGHT = (int) $_REQUEST['h']; 2927bf7924STom N Harris list($EXT,$MIME,$DL) = mimetype($MEDIA,false); 30f62ea8a1Sandi if($EXT === false){ 31f62ea8a1Sandi $EXT = 'unknown'; 32f62ea8a1Sandi $MIME = 'application/octet-stream'; 33ecebf3a8SAndreas Gohr $DL = true; 34f62ea8a1Sandi } 35f62ea8a1Sandi 36*cd98d9c3SGerry Weißbach // prepare data for error handling / clean download handling 37*cd98d9c3SGerry Weißbach list($STATUS, $STATUSMESSAGE) = check4XErrors($MEDIA, $FILE); // here goes the old 4X error checking 38*cd98d9c3SGerry Weißbach $data = array('media' => $MEDIA, 39*cd98d9c3SGerry Weißbach 'file' => $FILE, 40*cd98d9c3SGerry Weißbach 'orig' => $FILE, 41*cd98d9c3SGerry Weißbach 'mime' => $MIME, 42*cd98d9c3SGerry Weißbach 'download' => $DL, 43*cd98d9c3SGerry Weißbach 'cache' => $CACHE, 44*cd98d9c3SGerry Weißbach 'ext' => $EXT, 45*cd98d9c3SGerry Weißbach 'width' => $WIDTH, 46*cd98d9c3SGerry Weißbach 'height' => $HEIGHT, 47*cd98d9c3SGerry Weißbach 'status' => $STATUS, 48*cd98d9c3SGerry Weißbach 'statusmessage' => $STATUSMESSAGE, 49*cd98d9c3SGerry Weißbach ); 50f62ea8a1Sandi 51*cd98d9c3SGerry Weißbach // handle any 4XX status messages 52*cd98d9c3SGerry Weißbach if ( $STATUS >= 400 && $STATUSMESSAGE < 500 ) { 53*cd98d9c3SGerry Weißbach $evt = new Doku_Event('FETCH_MEDIA_4XERROR', $data); 54*cd98d9c3SGerry Weißbach if ( $evt->advise_before() ) { 55*cd98d9c3SGerry Weißbach header('HTTP/1.0 ' . $data['status'] . ' ' . $data['statusmessage']); 56*cd98d9c3SGerry Weißbach print $data['statusmessage']; 57f62ea8a1Sandi exit; 58f62ea8a1Sandi } 59*cd98d9c3SGerry Weißbach unset($evt); 60f62ea8a1Sandi } 61f62ea8a1Sandi 6220bc86cfSAndreas Gohr //handle image resizing/cropping 63f62ea8a1Sandi if((substr($MIME,0,5) == 'image') && $WIDTH){ 64d52a56e1SAndreas Gohr if($HEIGHT){ 65*cd98d9c3SGerry Weißbach $data['file'] = $FILE = media_crop_image($data['file'],$EXT,$WIDTH,$HEIGHT); 6620bc86cfSAndreas Gohr }else{ 67*cd98d9c3SGerry Weißbach $data['file'] = $FILE = media_resize_image($data['file'],$EXT,$WIDTH,$HEIGHT); 68f62ea8a1Sandi } 6920bc86cfSAndreas Gohr } 70f62ea8a1Sandi 71e935fb4aSAndreas Gohr // finally send the file to the client 72b80bedd6SAndreas Gohr $evt = new Doku_Event('MEDIA_SENDFILE', $data); 73b80bedd6SAndreas Gohr if ($evt->advise_before()) { 74ecebf3a8SAndreas Gohr sendFile($data['file'],$data['mime'],$data['download'],$data['cache']); 75b80bedd6SAndreas Gohr } 76*cd98d9c3SGerry Weißbach // Do something after the download finished. 77*cd98d9c3SGerry Weißbach $evt->advise_after(); 78f62ea8a1Sandi 79e935fb4aSAndreas Gohr/* ------------------------------------------------------------------------ */ 80f62ea8a1Sandi 81e935fb4aSAndreas Gohr/** 82e935fb4aSAndreas Gohr * Set headers and send the file to the client 83e935fb4aSAndreas Gohr * 84e935fb4aSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 8583730152SBen Coburn * @author Ben Coburn <btcoburn@silicodon.net> 86e935fb4aSAndreas Gohr */ 87ecebf3a8SAndreas Gohrfunction sendFile($file,$mime,$dl,$cache){ 8883730152SBen Coburn global $conf; 8909a5b61fSgweissbach $fmtime = @filemtime($file); 90e935fb4aSAndreas Gohr // send headers 91e935fb4aSAndreas Gohr header("Content-Type: $mime"); 9283730152SBen Coburn // smart http caching headers 9383730152SBen Coburn if ($cache==-1) { 9483730152SBen Coburn // cache 9583730152SBen Coburn // cachetime or one hour 9683730152SBen Coburn header('Expires: '.gmdate("D, d M Y H:i:s", time()+max($conf['cachetime'], 3600)).' GMT'); 9783730152SBen Coburn header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($conf['cachetime'], 3600)); 98e935fb4aSAndreas Gohr header('Pragma: public'); 9983730152SBen Coburn } else if ($cache>0) { 10083730152SBen Coburn // recache 10183730152SBen Coburn // remaining cachetime + 10 seconds so the newly recached media is used 10283730152SBen Coburn header('Expires: '.gmdate("D, d M Y H:i:s", $fmtime+$conf['cachetime']+10).' GMT'); 10383730152SBen Coburn header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($fmtime-time()+$conf['cachetime']+10, 0)); 10483730152SBen Coburn header('Pragma: public'); 10583730152SBen Coburn } else if ($cache==0) { 10683730152SBen Coburn // nocache 10783730152SBen Coburn header('Cache-Control: must-revalidate, no-transform, post-check=0, pre-check=0'); 10883730152SBen Coburn header('Pragma: public'); 10983730152SBen Coburn } 110ff4f5ee7SBen Coburn //send important headers first, script stops here if '304 Not Modified' response 11183730152SBen Coburn http_conditionalRequest($fmtime); 1129a87c72aSAndreas Gohr 113f62ea8a1Sandi 114ecebf3a8SAndreas Gohr //download or display? 115ecebf3a8SAndreas Gohr if($dl){ 116e935fb4aSAndreas Gohr header('Content-Disposition: attachment; filename="'.basename($file).'";'); 117ecebf3a8SAndreas Gohr }else{ 118ecebf3a8SAndreas Gohr header('Content-Disposition: inline; filename="'.basename($file).'";'); 119f62ea8a1Sandi } 120f62ea8a1Sandi 1219a87c72aSAndreas Gohr //use x-sendfile header to pass the delivery to compatible webservers 1226106ad89SChris Smith if (http_sendfile($file)) exit; 1239a87c72aSAndreas Gohr 124e935fb4aSAndreas Gohr // send file contents 125e935fb4aSAndreas Gohr $fp = @fopen($file,"rb"); 126f62ea8a1Sandi if($fp){ 127758447cfSAndreas Gohr http_rangeRequest($fp,filesize($file),$mime); 128f62ea8a1Sandi }else{ 129f62ea8a1Sandi header("HTTP/1.0 500 Internal Server Error"); 130e935fb4aSAndreas Gohr print "Could not read $file - bad permissions?"; 131e935fb4aSAndreas Gohr } 132f62ea8a1Sandi} 133f62ea8a1Sandi 134*cd98d9c3SGerry Weißbach/* 135*cd98d9c3SGerry Weißbach * File fetch 4XX error checker 136*cd98d9c3SGerry Weißbach * 137*cd98d9c3SGerry Weißbach * Check for preconditions and return 4XX errors if needed 138*cd98d9c3SGerry Weißbach * READ: MEDIA, MIME, EXT, CACHE 139*cd98d9c3SGerry Weißbach * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE ) 140*cd98d9c3SGerry Weißbach * 141*cd98d9c3SGerry Weißbach * @author Gerry Weissbach <gerry.w@gammaproduction.de> 142*cd98d9c3SGerry Weißbach * @param $media reference to the media id 143*cd98d9c3SGerry Weißbach * @param $file reference to the file variable 144*cd98d9c3SGerry Weißbach * @returns array(STATUS, STATUSMESSAGE) 145*cd98d9c3SGerry Weißbach */ 146*cd98d9c3SGerry Weißbachfunction check4XErrors(&$media, &$file) { 147*cd98d9c3SGerry Weißbach global $MIME, $EXT, $CACHE; 148*cd98d9c3SGerry Weißbach 149*cd98d9c3SGerry Weißbach //media to local file 150*cd98d9c3SGerry Weißbach if(preg_match('#^(https?)://#i',$media)){ 151*cd98d9c3SGerry Weißbach //check hash 152*cd98d9c3SGerry Weißbach if(substr(md5(auth_cookiesalt().$media),0,6) != $_REQUEST['hash']){ 153*cd98d9c3SGerry Weißbach return array( 412, 'Precondition Failed'); 154*cd98d9c3SGerry Weißbach } 155*cd98d9c3SGerry Weißbach //handle external images 156*cd98d9c3SGerry Weißbach if(strncmp($MIME,'image/',6) == 0) $file = media_get_from_URL($media,$EXT,$CACHE); 157*cd98d9c3SGerry Weißbach if(!$file){ 158*cd98d9c3SGerry Weißbach //download failed - redirect to original URL 159*cd98d9c3SGerry Weißbach header('Location: '.$media); 160*cd98d9c3SGerry Weißbach exit; 161*cd98d9c3SGerry Weißbach } 162*cd98d9c3SGerry Weißbach }else{ 163*cd98d9c3SGerry Weißbach $media = cleanID($media); 164*cd98d9c3SGerry Weißbach if(empty($media)){ 165*cd98d9c3SGerry Weißbach return array( 400, 'Bad request' ); 166*cd98d9c3SGerry Weißbach } 167*cd98d9c3SGerry Weißbach 168*cd98d9c3SGerry Weißbach //check permissions (namespace only) 169*cd98d9c3SGerry Weißbach if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ){ 170*cd98d9c3SGerry Weißbach return array( 401, 'Unauthorized' ); 171*cd98d9c3SGerry Weißbach } 172*cd98d9c3SGerry Weißbach $file = mediaFN($media); 173*cd98d9c3SGerry Weißbach } 174*cd98d9c3SGerry Weißbach 175*cd98d9c3SGerry Weißbach //check file existance 176*cd98d9c3SGerry Weißbach if(!@file_exists($file)){ 177*cd98d9c3SGerry Weißbach // FIXME add some default broken image 178*cd98d9c3SGerry Weißbach return array( 404, 'Not Found' ); 179*cd98d9c3SGerry Weißbach } 180*cd98d9c3SGerry Weißbach 181*cd98d9c3SGerry Weißbach return array(null, null); 182*cd98d9c3SGerry Weißbach} 183*cd98d9c3SGerry Weißbach 184e935fb4aSAndreas Gohr/** 185f62ea8a1Sandi * Returns the wanted cachetime in seconds 186f62ea8a1Sandi * 187f62ea8a1Sandi * Resolves named constants 188f62ea8a1Sandi * 189f62ea8a1Sandi * @author Andreas Gohr <andi@splitbrain.org> 190f62ea8a1Sandi */ 191f62ea8a1Sandifunction calc_cache($cache){ 192f62ea8a1Sandi global $conf; 193f62ea8a1Sandi 194f62ea8a1Sandi if(strtolower($cache) == 'nocache') return 0; //never cache 195f62ea8a1Sandi if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache 196f62ea8a1Sandi return -1; //cache endless 197f62ea8a1Sandi} 198f62ea8a1Sandi 199f62ea8a1Sandi//Setup VIM: ex: et ts=2 enc=utf-8 : 200