xref: /dokuwiki/lib/exe/fetch.php (revision add8678f233ad74892a96444e3013e0465616200) 
1<?php
2/**
3 * DokuWiki media passthrough file
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author     Andreas Gohr <andi@splitbrain.org>
7 */
8
9if(!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__).'/../../');
10define('DOKU_DISABLE_GZIP_OUTPUT', 1);
11require_once(DOKU_INC.'inc/init.php');
12session_write_close(); //close session
13
14// BEGIN main (if not testing)
15if(!defined('SIMPLE_TEST')) {
16    $mimetypes = getMimeTypes();
17
18    //get input
19    $MEDIA  = stripctl(getID('media', false)); // no cleaning except control chars - maybe external
20    $CACHE  = calc_cache($INPUT->str('cache'));
21    $WIDTH  = $INPUT->int('w');
22    $HEIGHT = $INPUT->int('h');
23    $REV    = & $INPUT->ref('rev');
24    //sanitize revision
25    $REV = preg_replace('/[^0-9]/', '', $REV);
26
27    list($EXT, $MIME, $DL) = mimetype($MEDIA, false);
28    if($EXT === false) {
29        $EXT  = 'unknown';
30        $MIME = 'application/octet-stream';
31        $DL   = true;
32    }
33
34    // check for permissions, preconditions and cache external files
35    list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV);
36
37    // prepare data for plugin events
38    $data = array(
39        'media'         => $MEDIA,
40        'file'          => $FILE,
41        'orig'          => $FILE,
42        'mime'          => $MIME,
43        'download'      => $DL,
44        'cache'         => $CACHE,
45        'ext'           => $EXT,
46        'width'         => $WIDTH,
47        'height'        => $HEIGHT,
48        'status'        => $STATUS,
49        'statusmessage' => $STATUSMESSAGE,
50        'ispublic'      => media_ispublic($MEDIA),
51    );
52
53    // handle the file status
54    $evt = new Doku_Event('FETCH_MEDIA_STATUS', $data);
55    if($evt->advise_before()) {
56        // redirects
57        if($data['status'] > 300 && $data['status'] <= 304) {
58            send_redirect($data['statusmessage']);
59        }
60        // send any non 200 status
61        if($data['status'] != 200) {
62            http_status($data['status'], $data['statusmessage']);
63        }
64        // die on errors
65        if($data['status'] > 203) {
66            print $data['statusmessage'];
67            exit;
68        }
69    }
70    $evt->advise_after();
71    unset($evt);
72
73    //handle image resizing/cropping
74    if((substr($MIME, 0, 5) == 'image') && $WIDTH) {
75        if($HEIGHT) {
76            $data['file'] = $FILE = media_crop_image($data['file'], $EXT, $WIDTH, $HEIGHT);
77        } else {
78            $data['file'] = $FILE = media_resize_image($data['file'], $EXT, $WIDTH, $HEIGHT);
79        }
80    }
81
82    // finally send the file to the client
83    $evt = new Doku_Event('MEDIA_SENDFILE', $data);
84    if($evt->advise_before()) {
85        $cache = $data['cache'];
86        if($cache != 0 && !$data['ispublic']) $cache = 0; // no cache headers for private files FS#2734
87
88        sendFile($data['file'], $data['mime'], $data['download'], $cache);
89    }
90    // Do something after the download finished.
91    $evt->advise_after();  // will not be emitted on 304 or x-sendfile
92
93}// END DO main
94
95/* ------------------------------------------------------------------------ */
96
97/**
98 * Set headers and send the file to the client
99 *
100 * Unless $cache is set to 0, the data may end up in intermediate proxy servers. Therefor,
101 * if you're sending (ACL protected) private files, $cache should be 0.
102 *
103 * This function will abort the current script when a 304 is sent or file sending is handled
104 * through x-sendfile
105 *
106 * @author Andreas Gohr <andi@splitbrain.org>
107 * @author Ben Coburn <btcoburn@silicodon.net>
108 * @param string $file  local file to send
109 * @param string $mime  mime type of the file
110 * @param bool   $dl    set to true to force a browser download
111 * @param int    $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for off)
112 */
113function sendFile($file, $mime, $dl, $cache) {
114    global $conf;
115    $fmtime = @filemtime($file);
116    // send headers
117    header("Content-Type: $mime");
118    // smart http caching headers
119    if($cache == -1) {
120        // cache
121        // cachetime or one hour
122        header('Expires: '.gmdate("D, d M Y H:i:s", time() + max($conf['cachetime'], 3600)).' GMT');
123        header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($conf['cachetime'], 3600));
124        header('Pragma: public');
125    } else if($cache > 0) {
126        // recache
127        // remaining cachetime + 10 seconds so the newly recached media is used
128        header('Expires: '.gmdate("D, d M Y H:i:s", $fmtime + $conf['cachetime'] + 10).' GMT');
129        header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($fmtime - time() + $conf['cachetime'] + 10, 0));
130        header('Pragma: public');
131    } else if($cache == 0) {
132        // nocache, avoid resending files from intermediate caches without revalidation FS#2734
133        header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
134        header('Cache-Control: private, no-transform, max-age=0');
135        header('Pragma: no-cache');
136    }
137    //send important headers first, script stops here if '304 Not Modified' response
138    http_conditionalRequest($fmtime);
139
140    //download or display?
141    if($dl) {
142        header('Content-Disposition: attachment; filename="'.utf8_basename($file).'";');
143    } else {
144        header('Content-Disposition: inline; filename="'.utf8_basename($file).'";');
145    }
146
147    //use x-sendfile header to pass the delivery to compatible webservers
148    if(http_sendfile($file)) exit;
149
150    // send file contents
151    $fp = @fopen($file, "rb");
152    if($fp) {
153        http_rangeRequest($fp, filesize($file), $mime);
154    } else {
155        http_status(500);
156        print "Could not read $file - bad permissions?";
157    }
158}
159
160/**
161 * Check for media for preconditions and return correct status code
162 *
163 * READ: MEDIA, MIME, EXT, CACHE
164 * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE )
165 *
166 * @author Gerry Weissbach <gerry.w@gammaproduction.de>
167 * @param $media reference to the media id
168 * @param $file  reference to the file variable
169 * @returns array(STATUS, STATUSMESSAGE)
170 */
171function checkFileStatus(&$media, &$file, $rev = '') {
172    global $MIME, $EXT, $CACHE, $INPUT;
173
174    //media to local file
175    if(preg_match('#^(https?)://#i', $media)) {
176        //check hash
177        if(substr(md5(auth_cookiesalt().$media), 0, 6) !== $INPUT->str('hash')) {
178            return array(412, 'Precondition Failed');
179        }
180        //handle external images
181        if(strncmp($MIME, 'image/', 6) == 0) $file = media_get_from_URL($media, $EXT, $CACHE);
182        if(!$file) {
183            //download failed - redirect to original URL
184            return array(302, $media);
185        }
186    } else {
187        $media = cleanID($media);
188        if(empty($media)) {
189            return array(400, 'Bad request');
190        }
191
192        //check permissions (namespace only)
193        if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) {
194            return array(403, 'Forbidden');
195        }
196        $file = mediaFN($media, $rev);
197    }
198
199    //check file existance
200    if(!@file_exists($file)) {
201        return array(404, 'Not Found');
202    }
203
204    return array(200, null);
205}
206
207/**
208 * Returns the wanted cachetime in seconds
209 *
210 * Resolves named constants
211 *
212 * @author  Andreas Gohr <andi@splitbrain.org>
213 */
214function calc_cache($cache) {
215    global $conf;
216
217    if(strtolower($cache) == 'nocache') return 0; //never cache
218    if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache
219    return -1; //cache endless
220}
221
222//Setup VIM: ex: et ts=2 :
223