lib/exe/fetch.php

   1 <?php
   2 /**
   3  * DokuWiki media passthrough file
   4  *
   5  * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
   6  * @author     Andreas Gohr <andi@splitbrain.org>
   7  */
   8
   9   if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../');
  10   define('DOKU_DISABLE_GZIP_OUTPUT', 1);
  11   require_once(DOKU_INC.'inc/init.php');
  12   require_once(DOKU_INC.'inc/common.php');
  13   require_once(DOKU_INC.'inc/media.php');
  14   require_once(DOKU_INC.'inc/pageutils.php');
  15   require_once(DOKU_INC.'inc/httputils.php');
  16   require_once(DOKU_INC.'inc/confutils.php');
  17   require_once(DOKU_INC.'inc/auth.php');
  18
  19   //close sesseion
  20   session_write_close();
  21
  22   $mimetypes = getMimeTypes();
  23
  24   //get input
  25   $MEDIA  = stripctl(getID('media',false)); // no cleaning except control chars - maybe external
  26   $CACHE  = calc_cache($_REQUEST['cache']);
  27   $WIDTH  = (int) $_REQUEST['w'];
  28   $HEIGHT = (int) $_REQUEST['h'];
  29   list($EXT,$MIME,$DL) = mimetype($MEDIA,false);
  30   if($EXT === false){
  31     $EXT  = 'unknown';
  32     $MIME = 'application/octet-stream';
  33     $DL   = true;
  34   }
  35
  36   //media to local file
  37   if(preg_match('#^(https?)://#i',$MEDIA)){
  38     //check hash
  39     if(substr(md5(auth_cookiesalt().$MEDIA),0,6) != $_REQUEST['hash']){
  40       header("HTTP/1.0 412 Precondition Failed");
  41       print 'Precondition Failed';
  42       exit;
  43     }
  44     //handle external images
  45     if(strncmp($MIME,'image/',6) == 0) $FILE = media_get_from_URL($MEDIA,$EXT,$CACHE);
  46     if(!$FILE){
  47       //download failed - redirect to original URL
  48       header('Location: '.$MEDIA);
  49       exit;
  50     }
  51   }else{
  52     $MEDIA = cleanID($MEDIA);
  53     if(empty($MEDIA)){
  54       header("HTTP/1.0 400 Bad Request");
  55       print 'Bad request';
  56       exit;
  57     }
  58
  59     //check permissions (namespace only)
  60     if(auth_quickaclcheck(getNS($MEDIA).':X') < AUTH_READ){
  61       header("HTTP/1.0 401 Unauthorized");
  62       //fixme add some image for imagefiles
  63       print 'Unauthorized';
  64       exit;
  65     }
  66     $FILE  = mediaFN($MEDIA);
  67   }
  68
  69   //check file existance
  70   if(!@file_exists($FILE)){
  71     header("HTTP/1.0 404 Not Found");
  72     //FIXME add some default broken image
  73     print 'Not Found';
  74     exit;
  75   }
  76
  77   $ORIG = $FILE;
  78
  79   //handle image resizing/cropping
  80   if((substr($MIME,0,5) == 'image') && $WIDTH){
  81     if($HEIGHT){
  82         $FILE = media_crop_image($FILE,$EXT,$WIDTH,$HEIGHT);
  83     }else{
  84         $FILE = media_resize_image($FILE,$EXT,$WIDTH,$HEIGHT);
  85     }
  86   }
  87
  88   // finally send the file to the client
  89   $data = array('file'     => $FILE,
  90                 'mime'     => $MIME,
  91                 'download' => $DL,
  92                 'cache'    => $CACHE,
  93                 'orig'     => $ORIG,
  94                 'ext'      => $EXT,
  95                 'width'    => $WIDTH,
  96                 'height'   => $HEIGHT);
  97
  98   $evt = new Doku_Event('MEDIA_SENDFILE', $data);
  99   if ($evt->advise_before()) {
 100     sendFile($data['file'],$data['mime'],$data['download'],$data['cache']);
 101   }
 102
 103 /* ------------------------------------------------------------------------ */
 104
 105 /**
 106  * Set headers and send the file to the client
 107  *
 108  * @author Andreas Gohr <andi@splitbrain.org>
 109  * @author Ben Coburn <btcoburn@silicodon.net>
 110  */
 111 function sendFile($file,$mime,$dl,$cache){
 112   global $conf;
 113   $fmtime = @filemtime($file);
 114   // send headers
 115   header("Content-Type: $mime");
 116   // smart http caching headers
 117   if ($cache==-1) {
 118     // cache
 119     // cachetime or one hour
 120     header('Expires: '.gmdate("D, d M Y H:i:s", time()+max($conf['cachetime'], 3600)).' GMT');
 121     header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($conf['cachetime'], 3600));
 122     header('Pragma: public');
 123   } else if ($cache>0) {
 124     // recache
 125     // remaining cachetime + 10 seconds so the newly recached media is used
 126     header('Expires: '.gmdate("D, d M Y H:i:s", $fmtime+$conf['cachetime']+10).' GMT');
 127     header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($fmtime-time()+$conf['cachetime']+10, 0));
 128     header('Pragma: public');
 129   } else if ($cache==0) {
 130     // nocache
 131     header('Cache-Control: must-revalidate, no-transform, post-check=0, pre-check=0');
 132     header('Pragma: public');
 133   }
 134   //send important headers first, script stops here if '304 Not Modified' response
 135   http_conditionalRequest($fmtime);
 136
 137
 138   //download or display?
 139   if($dl){
 140     header('Content-Disposition: attachment; filename="'.basename($file).'";');
 141   }else{
 142     header('Content-Disposition: inline; filename="'.basename($file).'";');
 143   }
 144
 145   //use x-sendfile header to pass the delivery to compatible webservers
 146   if (http_sendfile($file)) exit;
 147
 148   // send file contents
 149   $fp = @fopen($file,"rb");
 150   if($fp){
 151     http_rangeRequest($fp,filesize($file),$mime);
 152   }else{
 153     header("HTTP/1.0 500 Internal Server Error");
 154     print "Could not read $file - bad permissions?";
 155   }
 156 }
 157
 158 /**
 159  * Returns the wanted cachetime in seconds
 160  *
 161  * Resolves named constants
 162  *
 163  * @author  Andreas Gohr <andi@splitbrain.org>
 164  */
 165 function calc_cache($cache){
 166   global $conf;
 167
 168   if(strtolower($cache) == 'nocache') return 0; //never cache
 169   if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache
 170   return -1; //cache endless
 171 }
 172
 173 //Setup VIM: ex: et ts=2 enc=utf-8 :