PageRenderTime 74ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/lib/Sabre/DAV/Browser/Plugin.php

https://code.google.com/
PHP | 489 lines | 258 code | 97 blank | 134 comment | 35 complexity | 04cfa753ee1aa0d0e1069fef540aa752 MD5 | raw file
Possible License(s): BSD-3-Clause
  1. <?php
  2. /**
  3. * Browser Plugin
  4. *
  5. * This plugin provides a html representation, so that a WebDAV server may be accessed
  6. * using a browser.
  7. *
  8. * The class intercepts GET requests to collection resources and generates a simple
  9. * html index.
  10. *
  11. * @package Sabre
  12. * @subpackage DAV
  13. * @copyright Copyright (C) 2007-2012 Rooftop Solutions. All rights reserved.
  14. * @author Evert Pot (http://www.rooftopsolutions.nl/)
  15. * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  16. */
  17. class Sabre_DAV_Browser_Plugin extends Sabre_DAV_ServerPlugin {
  18. /**
  19. * List of default icons for nodes.
  20. *
  21. * This is an array with class / interface names as keys, and asset names
  22. * as values.
  23. *
  24. * The evaluation order is reversed. The last item in the list gets
  25. * precendence.
  26. *
  27. * @var array
  28. */
  29. public $iconMap = array(
  30. 'Sabre_DAV_IFile' => 'icons/file',
  31. 'Sabre_DAV_ICollection' => 'icons/collection',
  32. 'Sabre_DAVACL_IPrincipal' => 'icons/principal',
  33. 'Sabre_CalDAV_ICalendar' => 'icons/calendar',
  34. 'Sabre_CardDAV_IAddressBook' => 'icons/addressbook',
  35. 'Sabre_CardDAV_ICard' => 'icons/card',
  36. );
  37. /**
  38. * The file extension used for all icons
  39. *
  40. * @var string
  41. */
  42. public $iconExtension = '.png';
  43. /**
  44. * reference to server class
  45. *
  46. * @var Sabre_DAV_Server
  47. */
  48. protected $server;
  49. /**
  50. * enablePost turns on the 'actions' panel, which allows people to create
  51. * folders and upload files straight from a browser.
  52. *
  53. * @var bool
  54. */
  55. protected $enablePost = true;
  56. /**
  57. * By default the browser plugin will generate a favicon and other images.
  58. * To turn this off, set this property to false.
  59. *
  60. * @var bool
  61. */
  62. protected $enableAssets = true;
  63. /**
  64. * Creates the object.
  65. *
  66. * By default it will allow file creation and uploads.
  67. * Specify the first argument as false to disable this
  68. *
  69. * @param bool $enablePost
  70. * @param bool $enableAssets
  71. */
  72. public function __construct($enablePost=true, $enableAssets = true) {
  73. $this->enablePost = $enablePost;
  74. $this->enableAssets = $enableAssets;
  75. }
  76. /**
  77. * Initializes the plugin and subscribes to events
  78. *
  79. * @param Sabre_DAV_Server $server
  80. * @return void
  81. */
  82. public function initialize(Sabre_DAV_Server $server) {
  83. $this->server = $server;
  84. $this->server->subscribeEvent('beforeMethod',array($this,'httpGetInterceptor'));
  85. $this->server->subscribeEvent('onHTMLActionsPanel', array($this, 'htmlActionsPanel'),200);
  86. if ($this->enablePost) $this->server->subscribeEvent('unknownMethod',array($this,'httpPOSTHandler'));
  87. }
  88. /**
  89. * This method intercepts GET requests to collections and returns the html
  90. *
  91. * @param string $method
  92. * @param string $uri
  93. * @return bool
  94. */
  95. public function httpGetInterceptor($method, $uri) {
  96. if ($method !== 'GET') return true;
  97. // We're not using straight-up $_GET, because we want everything to be
  98. // unit testable.
  99. $getVars = array();
  100. parse_str($this->server->httpRequest->getQueryString(), $getVars);
  101. if (isset($getVars['sabreAction']) && $getVars['sabreAction'] === 'asset' && isset($getVars['assetName'])) {
  102. $this->serveAsset($getVars['assetName']);
  103. return false;
  104. }
  105. try {
  106. $node = $this->server->tree->getNodeForPath($uri);
  107. } catch (Sabre_DAV_Exception_NotFound $e) {
  108. // We're simply stopping when the file isn't found to not interfere
  109. // with other plugins.
  110. return;
  111. }
  112. if ($node instanceof Sabre_DAV_IFile)
  113. return;
  114. $this->server->httpResponse->sendStatus(200);
  115. $this->server->httpResponse->setHeader('Content-Type','text/html; charset=utf-8');
  116. $this->server->httpResponse->sendBody(
  117. $this->generateDirectoryIndex($uri)
  118. );
  119. return false;
  120. }
  121. /**
  122. * Handles POST requests for tree operations.
  123. *
  124. * @param string $method
  125. * @param string $uri
  126. * @return bool
  127. */
  128. public function httpPOSTHandler($method, $uri) {
  129. if ($method!='POST') return;
  130. $contentType = $this->server->httpRequest->getHeader('Content-Type');
  131. list($contentType) = explode(';', $contentType);
  132. if ($contentType !== 'application/x-www-form-urlencoded' &&
  133. $contentType !== 'multipart/form-data') {
  134. return;
  135. }
  136. $postVars = $this->server->httpRequest->getPostVars();
  137. if (!isset($postVars['sabreAction']))
  138. return;
  139. if ($this->server->broadcastEvent('onBrowserPostAction', array($uri, $postVars['sabreAction'], $postVars))) {
  140. switch($postVars['sabreAction']) {
  141. case 'mkcol' :
  142. if (isset($postVars['name']) && trim($postVars['name'])) {
  143. // Using basename() because we won't allow slashes
  144. list(, $folderName) = Sabre_DAV_URLUtil::splitPath(trim($postVars['name']));
  145. $this->server->createDirectory($uri . '/' . $folderName);
  146. }
  147. break;
  148. case 'put' :
  149. if ($_FILES) $file = current($_FILES);
  150. else break;
  151. list(, $newName) = Sabre_DAV_URLUtil::splitPath(trim($file['name']));
  152. if (isset($postVars['name']) && trim($postVars['name']))
  153. $newName = trim($postVars['name']);
  154. // Making sure we only have a 'basename' component
  155. list(, $newName) = Sabre_DAV_URLUtil::splitPath($newName);
  156. if (is_uploaded_file($file['tmp_name'])) {
  157. $this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'],'r'));
  158. }
  159. break;
  160. }
  161. }
  162. $this->server->httpResponse->setHeader('Location',$this->server->httpRequest->getUri());
  163. $this->server->httpResponse->sendStatus(302);
  164. return false;
  165. }
  166. /**
  167. * Escapes a string for html.
  168. *
  169. * @param string $value
  170. * @return string
  171. */
  172. public function escapeHTML($value) {
  173. return htmlspecialchars($value,ENT_QUOTES,'UTF-8');
  174. }
  175. /**
  176. * Generates the html directory index for a given url
  177. *
  178. * @param string $path
  179. * @return string
  180. */
  181. public function generateDirectoryIndex($path) {
  182. $version = '';
  183. if (Sabre_DAV_Server::$exposeVersion) {
  184. $version = Sabre_DAV_Version::VERSION ."-". Sabre_DAV_Version::STABILITY;
  185. }
  186. $html = "<html>
  187. <head>
  188. <title>Index for " . $this->escapeHTML($path) . "/ - SabreDAV " . $version . "</title>
  189. <style type=\"text/css\">
  190. body { Font-family: arial}
  191. h1 { font-size: 150% }
  192. </style>
  193. ";
  194. if ($this->enableAssets) {
  195. $html.='<link rel="shortcut icon" href="'.$this->getAssetUrl('favicon.ico').'" type="image/vnd.microsoft.icon" />';
  196. }
  197. $html .= "</head>
  198. <body>
  199. <h1>Index for " . $this->escapeHTML($path) . "/</h1>
  200. <table>
  201. <tr><th width=\"24\"></th><th>Name</th><th>Type</th><th>Size</th><th>Last modified</th></tr>
  202. <tr><td colspan=\"5\"><hr /></td></tr>";
  203. $files = $this->server->getPropertiesForPath($path,array(
  204. '{DAV:}displayname',
  205. '{DAV:}resourcetype',
  206. '{DAV:}getcontenttype',
  207. '{DAV:}getcontentlength',
  208. '{DAV:}getlastmodified',
  209. ),1);
  210. $parent = $this->server->tree->getNodeForPath($path);
  211. if ($path) {
  212. list($parentUri) = Sabre_DAV_URLUtil::splitPath($path);
  213. $fullPath = Sabre_DAV_URLUtil::encodePath($this->server->getBaseUri() . $parentUri);
  214. $icon = $this->enableAssets?'<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl('icons/parent' . $this->iconExtension) . '" width="24" alt="Parent" /></a>':'';
  215. $html.= "<tr>
  216. <td>$icon</td>
  217. <td><a href=\"{$fullPath}\">..</a></td>
  218. <td>[parent]</td>
  219. <td></td>
  220. <td></td>
  221. </tr>";
  222. }
  223. foreach($files as $file) {
  224. // This is the current directory, we can skip it
  225. if (rtrim($file['href'],'/')==$path) continue;
  226. list(, $name) = Sabre_DAV_URLUtil::splitPath($file['href']);
  227. $type = null;
  228. if (isset($file[200]['{DAV:}resourcetype'])) {
  229. $type = $file[200]['{DAV:}resourcetype']->getValue();
  230. // resourcetype can have multiple values
  231. if (!is_array($type)) $type = array($type);
  232. foreach($type as $k=>$v) {
  233. // Some name mapping is preferred
  234. switch($v) {
  235. case '{DAV:}collection' :
  236. $type[$k] = 'Collection';
  237. break;
  238. case '{DAV:}principal' :
  239. $type[$k] = 'Principal';
  240. break;
  241. case '{urn:ietf:params:xml:ns:carddav}addressbook' :
  242. $type[$k] = 'Addressbook';
  243. break;
  244. case '{urn:ietf:params:xml:ns:caldav}calendar' :
  245. $type[$k] = 'Calendar';
  246. break;
  247. case '{urn:ietf:params:xml:ns:caldav}schedule-inbox' :
  248. $type[$k] = 'Schedule Inbox';
  249. break;
  250. case '{urn:ietf:params:xml:ns:caldav}schedule-outbox' :
  251. $type[$k] = 'Schedule Outbox';
  252. break;
  253. case '{http://calendarserver.org/ns/}calendar-proxy-read' :
  254. $type[$k] = 'Proxy-Read';
  255. break;
  256. case '{http://calendarserver.org/ns/}calendar-proxy-write' :
  257. $type[$k] = 'Proxy-Write';
  258. break;
  259. }
  260. }
  261. $type = implode(', ', $type);
  262. }
  263. // If no resourcetype was found, we attempt to use
  264. // the contenttype property
  265. if (!$type && isset($file[200]['{DAV:}getcontenttype'])) {
  266. $type = $file[200]['{DAV:}getcontenttype'];
  267. }
  268. if (!$type) $type = 'Unknown';
  269. $size = isset($file[200]['{DAV:}getcontentlength'])?(int)$file[200]['{DAV:}getcontentlength']:'';
  270. $lastmodified = isset($file[200]['{DAV:}getlastmodified'])?$file[200]['{DAV:}getlastmodified']->getTime()->format(DateTime::ATOM):'';
  271. $fullPath = Sabre_DAV_URLUtil::encodePath('/' . trim($this->server->getBaseUri() . ($path?$path . '/':'') . $name,'/'));
  272. $displayName = isset($file[200]['{DAV:}displayname'])?$file[200]['{DAV:}displayname']:$name;
  273. $displayName = $this->escapeHTML($displayName);
  274. $type = $this->escapeHTML($type);
  275. $icon = '';
  276. if ($this->enableAssets) {
  277. $node = $this->server->tree->getNodeForPath(($path?$path.'/':'') . $name);
  278. foreach(array_reverse($this->iconMap) as $class=>$iconName) {
  279. if ($node instanceof $class) {
  280. $icon = '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl($iconName . $this->iconExtension) . '" alt="" width="24" /></a>';
  281. break;
  282. }
  283. }
  284. }
  285. $html.= "<tr>
  286. <td>$icon</td>
  287. <td><a href=\"{$fullPath}\">{$displayName}</a></td>
  288. <td>{$type}</td>
  289. <td>{$size}</td>
  290. <td>{$lastmodified}</td>
  291. </tr>";
  292. }
  293. $html.= "<tr><td colspan=\"5\"><hr /></td></tr>";
  294. $output = '';
  295. if ($this->enablePost) {
  296. $this->server->broadcastEvent('onHTMLActionsPanel',array($parent, &$output));
  297. }
  298. $html.=$output;
  299. $html.= "</table>
  300. <address>Generated by SabreDAV " . $version . " (c)2007-2012 <a href=\"http://code.google.com/p/sabredav/\">http://code.google.com/p/sabredav/</a></address>
  301. </body>
  302. </html>";
  303. return $html;
  304. }
  305. /**
  306. * This method is used to generate the 'actions panel' output for
  307. * collections.
  308. *
  309. * This specifically generates the interfaces for creating new files, and
  310. * creating new directories.
  311. *
  312. * @param Sabre_DAV_INode $node
  313. * @param mixed $output
  314. * @return void
  315. */
  316. public function htmlActionsPanel(Sabre_DAV_INode $node, &$output) {
  317. if (!$node instanceof Sabre_DAV_ICollection)
  318. return;
  319. // We also know fairly certain that if an object is a non-extended
  320. // SimpleCollection, we won't need to show the panel either.
  321. if (get_class($node)==='Sabre_DAV_SimpleCollection')
  322. return;
  323. $output.= '<tr><td colspan="2"><form method="post" action="">
  324. <h3>Create new folder</h3>
  325. <input type="hidden" name="sabreAction" value="mkcol" />
  326. Name: <input type="text" name="name" /><br />
  327. <input type="submit" value="create" />
  328. </form>
  329. <form method="post" action="" enctype="multipart/form-data">
  330. <h3>Upload file</h3>
  331. <input type="hidden" name="sabreAction" value="put" />
  332. Name (optional): <input type="text" name="name" /><br />
  333. File: <input type="file" name="file" /><br />
  334. <input type="submit" value="upload" />
  335. </form>
  336. </td></tr>';
  337. }
  338. /**
  339. * This method takes a path/name of an asset and turns it into url
  340. * suiteable for http access.
  341. *
  342. * @param string $assetName
  343. * @return string
  344. */
  345. protected function getAssetUrl($assetName) {
  346. return $this->server->getBaseUri() . '?sabreAction=asset&assetName=' . urlencode($assetName);
  347. }
  348. /**
  349. * This method returns a local pathname to an asset.
  350. *
  351. * @param string $assetName
  352. * @return string
  353. */
  354. protected function getLocalAssetPath($assetName) {
  355. // Making sure people aren't trying to escape from the base path.
  356. $assetSplit = explode('/', $assetName);
  357. if (in_array('..',$assetSplit)) {
  358. throw new Sabre_DAV_Exception('Incorrect asset path');
  359. }
  360. $path = __DIR__ . '/assets/' . $assetName;
  361. return $path;
  362. }
  363. /**
  364. * This method reads an asset from disk and generates a full http response.
  365. *
  366. * @param string $assetName
  367. * @return void
  368. */
  369. protected function serveAsset($assetName) {
  370. $assetPath = $this->getLocalAssetPath($assetName);
  371. if (!file_exists($assetPath)) {
  372. throw new Sabre_DAV_Exception_NotFound('Could not find an asset with this name');
  373. }
  374. // Rudimentary mime type detection
  375. switch(strtolower(substr($assetPath,strpos($assetPath,'.')+1))) {
  376. case 'ico' :
  377. $mime = 'image/vnd.microsoft.icon';
  378. break;
  379. case 'png' :
  380. $mime = 'image/png';
  381. break;
  382. default:
  383. $mime = 'application/octet-stream';
  384. break;
  385. }
  386. $this->server->httpResponse->setHeader('Content-Type', $mime);
  387. $this->server->httpResponse->setHeader('Content-Length', filesize($assetPath));
  388. $this->server->httpResponse->setHeader('Cache-Control', 'public, max-age=1209600');
  389. $this->server->httpResponse->sendStatus(200);
  390. $this->server->httpResponse->sendBody(fopen($assetPath,'r'));
  391. }
  392. }