storage = $storage; } public function getStorage(): AbstractStorage { return $this->storage; } public function setBaseURI(string $uri): void { $this->base_uri = '/' . ltrim($uri, '/'); $this->base_uri = rtrim($this->base_uri, '/') . '/'; } protected function extendExecutionTime(): void { if (false === strpos(@ini_get('disable_functions'), 'set_time_limit')) { @set_time_limit(3600); } @ini_set('max_execution_time', '3600'); @ini_set('max_input_time', '3600'); } protected function _prefix(string $uri): string { if (!$this->prefix) { return $uri; } return rtrim(rtrim($this->prefix, '/') . '/' . ltrim($uri, '/'), '/'); } protected function html_directory(string $uri, iterable $list): ?string { // Not a file: let's serve a directory listing if you are browsing with a web browser if (substr($this->original_uri, -1) != '/') { http_response_code(301); header(sprintf('Location: /%s/', trim($this->base_uri . $uri, '/')), true); return null; } $out = sprintf('', '/' . ltrim($this->base_uri, '/')); $out .= sprintf('%s

%1$s

', htmlspecialchars($uri ? str_replace('/', ' / ', $uri) . ' - Files' : 'Files')); if (trim($uri)) { $out .= ''; } $props = null; foreach ($list as $file => $props) { if (null === $props) { $props = $this->storage->propfind(trim($uri . '/' . $file, '/'), self::BASIC_PROPERTIES, 0); } $collection = !empty($props['DAV::resourcetype']) && $props['DAV::resourcetype'] == 'collection'; if ($collection) { $out .= sprintf('', rawurlencode($file), htmlspecialchars($file)); } else { $size = $props['DAV::getcontentlength']; if ($size > 1024*1024) { $size = sprintf('%d MB', $size / 1024 / 1024); } elseif ($size) { $size = sprintf('%d KB', $size / 1024); } $date = $props['DAV::getlastmodified']; if ($date instanceof \DateTimeInterface) { $date = $date->format('d/m/Y H:i'); } $out .= sprintf('', rawurlencode($file), htmlspecialchars($file), $size, $date ); } } $out .= '
Back
[DIR]%s
%s%s%s
'; if (null === $props) { $out .= '

This directory is empty.

'; } $out .= ''; return $out; } public function http_delete(string $uri): ?string { // check RFC 2518 Section 9.2, last paragraph if (isset($_SERVER['HTTP_DEPTH']) && $_SERVER['HTTP_DEPTH'] != 'infinity') { throw new Exception('We can only delete to infinity', 400); } $uri = $this->_prefix($uri); $this->checkLock($uri); $this->storage->delete($uri); if ($token = $this->getLockToken()) { $this->storage->unlock($uri, $token); } http_response_code(204); header('Content-Length: 0', true); return null; } public function http_put(string $uri): ?string { if (!empty($_SERVER['HTTP_CONTENT_TYPE']) && !strncmp($_SERVER['HTTP_CONTENT_TYPE'], 'multipart/', 10)) { throw new Exception('Multipart PUT requests are not supported', 501); } if (!empty($_SERVER['HTTP_CONTENT_ENCODING'])) { if (false !== strpos($_SERVER['HTTP_CONTENT_ENCODING'], 'gzip')) { // Might be supported later? throw new Exception('Content Encoding is not supported', 501); } else { throw new Exception('Content Encoding is not supported', 501); } } if (!empty($_SERVER['HTTP_CONTENT_RANGE'])) { throw new Exception('Content Range is not supported', 501); } // See SabreDAV CorePlugin for reason why OS/X Finder is buggy if (isset($_SERVER['HTTP_X_EXPECTED_ENTITY_LENGTH'])) { throw new Exception('This server is not compatible with OS/X finder. Consider using a different WebDAV client or webserver.', 403); } $hash = null; $hash_algo = null; // Support for checksum matching // https://dcache.org/old/manuals/UserGuide-6.0/webdav.shtml#checksums if (!empty($_SERVER['HTTP_CONTENT_MD5'])) { $hash = bin2hex(base64_decode($_SERVER['HTTP_CONTENT_MD5'])); $hash_algo = 'MD5'; } // Support for ownCloud/NextCloud checksum // https://github.com/owncloud-archive/documentation/issues/2964 elseif (!empty($_SERVER['HTTP_OC_CHECKSUM']) && preg_match('/MD5:[a-f0-9]{32}|SHA1:[a-f0-9]{40}/', $_SERVER['HTTP_OC_CHECKSUM'], $match)) { $hash_algo = strtok($match[0], ':'); $hash = strtok(''); } $uri = $this->_prefix($uri); $this->checkLock($uri); if (!empty($_SERVER['HTTP_IF_MATCH'])) { $etag = trim($_SERVER['HTTP_IF_MATCH'], '" '); $prop = $this->storage->propfind($uri, ['DAV::getetag'], 0); if (!empty($prop['DAV::getetag']) && $prop['DAV::getetag'] != $etag) { throw new Exception('ETag did not match condition', 412); } } // Specific to NextCloud/ownCloud, to allow setting file mtime // This expects a UNIX timestamp $mtime = (int)($_SERVER['HTTP_X_OC_MTIME'] ?? 0) ?: null; $this->extendExecutionTime(); $stream = fopen('php://input', 'r'); // mod_fcgid <= 2.3.9 doesn't handle chunked transfer encoding for PUT requests // see https://github.com/kd2org/picodav/issues/6 if (strstr($_SERVER['HTTP_TRANSFER_ENCODING'] ?? '', 'chunked') && PHP_SAPI == 'fpm-fcgi') { // We can't seek here // see https://github.com/php/php-src/issues/9441 $l = strlen(fread($stream, 1)); if ($l === 0) { throw new Exception('This server cannot accept "Transfer-Encoding: chunked" uploads (please upgrade to mod_fcgid >= 2.3.10).', 500); } // reset stream fseek($stream, 0, SEEK_SET); } $created = $this->storage->put($uri, $stream, $hash_algo, $hash); if ($mtime) { $mtime = new \DateTime('@' . $mtime); if ($this->storage->touch($uri, $mtime)) { header('X-OC-MTime: accepted'); } } $prop = $this->storage->propfind($uri, ['DAV::getetag'], 0); if (!empty($prop['DAV::getetag'])) { $value = $prop['DAV::getetag']; if (substr($value, 0, 1) != '"') { $value = '"' . $value . '"'; } header(sprintf('ETag: %s', $value)); } http_response_code($created ? 201 : 204); return null; } public function http_head(string $uri, array &$props = []): ?string { $uri = $this->_prefix($uri); $requested_props = self::BASIC_PROPERTIES; $requested_props[] = 'DAV::getetag'; // RFC 3230 https://www.rfc-editor.org/rfc/rfc3230.html if (!empty($_SERVER['HTTP_WANT_DIGEST'])) { $requested_props[] = self::PROP_DIGEST_MD5; } $props = $this->storage->propfind($uri, $requested_props, 0); if (!$props) { throw new Exception('Resource Not Found', 404); } http_response_code(200); if (isset($props['DAV::getlastmodified']) && $props['DAV::getlastmodified'] instanceof \DateTimeInterface) { header(sprintf('Last-Modified: %s', $props['DAV::getlastmodified']->format(\DATE_RFC7231))); } if (!empty($props['DAV::getetag'])) { $value = $props['DAV::getetag']; if (substr($value, 0, 1) != '"') { $value = '"' . $value . '"'; } header(sprintf('ETag: %s', $value)); } if (empty($props['DAV::resourcetype']) || $props['DAV::resourcetype'] != 'collection') { if (!empty($props['DAV::getcontenttype'])) { header(sprintf('Content-Type: %s', $props['DAV::getcontenttype'])); } if (!empty($props['DAV::getcontentlength'])) { header(sprintf('Content-Length: %d', $props['DAV::getcontentlength'])); header('Accept-Ranges: bytes'); } } if (!empty($props[self::PROP_DIGEST_MD5])) { header(sprintf('Digest: md5=%s', base64_encode(hex2bin($props[self::PROP_DIGEST_MD5])))); } return null; } public function http_get(string $uri): ?string { $props = []; $this->http_head($uri, $props); $uri = $this->_prefix($uri); $is_collection = !empty($props['DAV::resourcetype']) && $props['DAV::resourcetype'] == 'collection'; $out = ''; if ($is_collection) { $list = $this->storage->list($uri, self::BASIC_PROPERTIES); if (!isset($_SERVER['HTTP_ACCEPT']) || false === strpos($_SERVER['HTTP_ACCEPT'], 'html')) { $list = is_array($list) ? $list : iterator_to_array($list); if (!count($list)) { return "Nothing in this collection\n"; } return implode("\n", array_keys($list)); } header('Content-Type: text/html; charset=utf-8', true); return $this->html_directory($uri, $list); } $file = $this->storage->get($uri); if (!$file) { throw new Exception('File Not Found', 404); } // If the file was returned to the client by the storage backend, stop here if (!empty($file['stop'])) { return null; } if (!isset($file['content']) && !isset($file['resource']) && !isset($file['path'])) { throw new \RuntimeException('Invalid file array returned by ::get(): ' . print_r($file, true)); } $this->extendExecutionTime(); $length = $start = $end = null; $gzip = false; if (isset($_SERVER['HTTP_RANGE']) && preg_match('/^bytes=(\d*)-(\d*)$/i', $_SERVER['HTTP_RANGE'], $match) && $match[1] . $match[2] !== '') { $start = $match[1] === '' ? null : (int) $match[1]; $end = $match[2] === '' ? null : (int) $match[2]; if (null !== $start && $start < 0) { throw new Exception('Start range cannot be satisfied', 416); } if (isset($props['DAV::getcontentlength']) && $start > $props['DAV::getcontentlength']) { throw new Exception('End range cannot be satisfied', 416); } $this->log('HTTP Range requested: %s-%s', $start, $end); } elseif ($this->enable_gzip && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && false !== strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && isset($props['DAV::getcontentlength']) // Don't compress if size is larger than 8 MiB && $props['DAV::getcontentlength'] < 8*1024*1024 // Don't compress already compressed content && !preg_match('/\.(?:cbz|cbr|cb7|mp4|m4a|zip|docx|xlsx|pptx|ods|odt|odp|7z|gz|bz2|lzma|lz|xz|apk|dmg|jar|rar|webm|ogg|mp3|ogm|flac|ogv|mkv|avi)$/i', $uri)) { $gzip = true; header('Content-Encoding: gzip', true); } // Try to avoid common issues with output buffering and stuff if (function_exists('apache_setenv')) { @apache_setenv('no-gzip', 1); } @ini_set('zlib.output_compression', 'Off'); if (@ob_get_length()) { @ob_clean(); } if (isset($file['content'])) { $length = strlen($file['content']); if ($start || $end) { if (null !== $end && $end > $length) { header('Content-Range: bytes */' . $length, true); throw new Exception('End range cannot be satisfied', 416); } if ($start === null) { $start = $length - $end; $end = $start + $end; } elseif ($end === null) { $end = $length; } http_response_code(206); header(sprintf('Content-Range: bytes %s-%s/%s', $start, $end - 1, $length)); $file['content'] = substr($file['content'], $start, $end - $start); $length = $end - $start; } if ($gzip) { $file['content'] = gzencode($file['content'], 9); $length = strlen($file['content']); } header('Content-Length: ' . $length, true); echo $file['content']; return null; } if (isset($file['path'])) { $file['resource'] = fopen($file['path'], 'rb'); } $seek = fseek($file['resource'], 0, SEEK_END); if ($seek === 0) { $length = ftell($file['resource']); fseek($file['resource'], 0, SEEK_SET); } if (($start || $end) && $seek === 0) { if (null !== $end && $end > $length) { header('Content-Range: bytes */' . $length, true); throw new Exception('End range cannot be satisfied', 416); } if ($start === null) { $start = $length - $end; $end = $start + $end; } elseif ($end === null) { $end = $length; } fseek($file['resource'], $start, SEEK_SET); http_response_code(206); header(sprintf('Content-Range: bytes %s-%s/%s', $start, $end - 1, $length), true); $length = $end - $start; $end -= $start; } elseif (null === $length && isset($file['path'])) { $end = $length = filesize($file['path']); } if ($gzip) { $this->log('Using gzip output compression'); $gzip = deflate_init(ZLIB_ENCODING_GZIP); $fp = fopen('php://temp', 'wb'); while (!feof($file['resource'])) { fwrite($fp, deflate_add($gzip, fread($file['resource'], 8192), ZLIB_NO_FLUSH)); } fwrite($fp, deflate_add($gzip, '', ZLIB_FINISH)); $length = ftell($fp); rewind($fp); fclose($file['resource']); $file['resource'] = $fp; unset($fp); } if (null !== $length) { $this->log('Length: %s', $length); header('Content-Length: ' . $length, true); } $block_size = 8192*4; while (!feof($file['resource']) && ($end === null || $end > 0)) { $l = $end !== null ? min($block_size, $end) : $block_size; echo fread($file['resource'], $l); flush(); if (null !== $end) { $end -= $block_size; } } fclose($file['resource']); return null; } public function http_copy(string $uri): ?string { return $this->_http_copymove($uri, 'copy'); } public function http_move(string $uri): ?string { return $this->_http_copymove($uri, 'move'); } protected function _http_copymove(string $uri, string $method): ?string { $uri = $this->_prefix($uri); $destination = $_SERVER['HTTP_DESTINATION'] ?? null; $depth = $_SERVER['HTTP_DEPTH'] ?? 1; if (!$destination) { throw new Exception('Destination not supplied', 400); } $destination = $this->getURI($destination); if (trim($destination, '/') == trim($uri, '/')) { throw new Exception('Cannot move file to itself', 403); } $overwrite = ($_SERVER['HTTP_OVERWRITE'] ?? null) == 'T'; // Dolphin is removing the file name when moving to root directory if (empty($destination)) { $destination = basename($uri); } $this->log('<= Destination: %s', $destination); $this->log('<= Overwrite: %s (%s)', $overwrite ? 'Yes' : 'No', $_SERVER['HTTP_OVERWRITE'] ?? null); if (!$overwrite && $this->storage->exists($destination)) { throw new Exception('File already exists and overwriting is disabled', 412); } if ($method == 'move') { $this->checkLock($uri); } $this->checkLock($destination); // Moving/copy of directory to an existing destination and depth=0 // should do just nothing, see 'depth_zero_copy' test in litmus if ($depth == 0 && $this->storage->exists($destination) && current($this->storage->propfind($destination, ['DAV::resourcetype'], 0)) == 'collection') { $overwritten = $this->storage->exists($uri); } else { $overwritten = $this->storage->$method($uri, $destination); } if ($method == 'move' && ($token = $this->getLockToken())) { $this->storage->unlock($uri, $token); } http_response_code($overwritten ? 204 : 201); return null; } public function http_mkcol(string $uri): ?string { if (!empty($_SERVER['CONTENT_LENGTH'])) { throw new Exception('Unsupported body for MKCOL', 415); } $uri = $this->_prefix($uri); $this->storage->mkcol($uri); http_response_code(201); return null; } protected function extractRequestedProperties(string $body): ?array { // We only care about properties if the client asked for it // If not, we consider that the client just requested to get everything if (!preg_match('!<(?:\w+:)?propfind!', $body)) { return null; } $ns = []; $dav_ns = null; $default_ns = null; if (preg_match('/]+xmlns="DAV:"/', $body)) { $default_ns = 'DAV:'; } preg_match_all('!xmlns:(\w+)\s*=\s*"([^"]+)"!', $body, $match, PREG_SET_ORDER); // Find all aliased xmlns foreach ($match as $found) { $ns[$found[2]] = $found[1]; } if (isset($ns['DAV:'])) { $dav_ns = $ns['DAV:'] . ':'; } $regexp = '/<(' . $dav_ns . 'prop(?!find))[^>]*?>(.*?)<\/\1\s*>/s'; if (!preg_match($regexp, $body, $match)) { return null; } // Find all properties // Allow for empty namespace, see Litmus FAQ for propnullns // https://github.com/tolsen/litmus/blob/master/FAQ preg_match_all('!<([\w-]+)[^>]*xmlns="([^"]*)"|<(?:([\w-]+):)?([\w-]+)!', $match[2], $match, PREG_SET_ORDER); $properties = []; foreach ($match as $found) { if (isset($found[4])) { $url = array_search($found[3], $ns) ?: $default_ns; $name = $found[4]; } else { $url = $found[2]; $name = $found[1]; } $properties[$url . ':' . $name] = [ 'name' => $name, 'ns_alias' => $found[3] ?? null, 'ns_url' => $url, ]; } return $properties; } public function http_propfind(string $uri): ?string { // We only support depth of 0 and 1 $depth = isset($_SERVER['HTTP_DEPTH']) && empty($_SERVER['HTTP_DEPTH']) ? 0 : 1; $uri = $this->_prefix($uri); $body = file_get_contents('php://input'); if (false !== strpos($body, 'log('Requested depth: %s', $depth); // We don't really care about having a correct XML string, // but we can get better WebDAV compliance if we do if (isset($_SERVER['HTTP_X_LITMUS'])) { if (false !== strpos($body, 'extractRequestedProperties($body); $requested_keys = $requested ? array_keys($requested) : null; // Find root element properties $properties = $this->storage->propfind($uri, $requested_keys, $depth); if (null === $properties) { throw new Exception('This does not exist', 404); } if (isset($properties['DAV::getlastmodified'])) { foreach (self::MODIFICATION_TIME_PROPERTIES as $name) { $properties[$name] = $properties['DAV::getlastmodified']; } } $items = [$uri => $properties]; if ($depth) { foreach ($this->storage->list($uri, $requested) as $file => $properties) { $path = trim($uri . '/' . $file, '/'); $properties = $properties ?? $this->storage->propfind($path, $requested_keys, 0); if (!$properties) { $this->log('!!! Cannot find "%s"', $path); continue; } $items[$path] = $properties; } } // http_response_code doesn't know the 207 status code header('HTTP/1.1 207 Multi-Status', true); $this->dav_header(); header('Content-Type: application/xml; charset=utf-8'); $root_namespaces = [ 'DAV:' => 'd', // Microsoft Clients need this special namespace for date and time values (from PEAR/WebDAV) 'urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/' => 'ns0', ]; $i = 0; $requested ??= []; foreach ($requested as $prop) { if ($prop['ns_url'] == 'DAV:' || !$prop['ns_url']) { continue; } if (!array_key_exists($prop['ns_url'], $root_namespaces)) { $root_namespaces[$prop['ns_url']] = $prop['ns_alias'] ?: 'rns' . $i++; } } foreach ($items as $properties) { foreach ($properties as $name => $value) { $pos = strrpos($name, ':'); $ns = substr($name, 0, strrpos($name, ':')); // NULL namespace, see Litmus FAQ for propnullns if (!$ns) { continue; } if (!array_key_exists($ns, $root_namespaces)) { $root_namespaces[$ns] = 'rns' . $i++; } } } $out = ''; $out .= ' $alias) { $out .= sprintf(' xmlns:%s="%s"', $alias, $url); } $out .= '>'; foreach ($items as $uri => $item) { $e = ''; if ($this->prefix) { $uri = substr($uri, strlen($this->prefix)); } $uri = trim(rtrim($this->base_uri, '/') . '/' . ltrim($uri, '/'), '/'); $path = '/' . str_replace('%2F', '/', rawurlencode($uri)); if (($item['DAV::resourcetype'] ?? null) == 'collection' && $path != '/') { $path .= '/'; } $e .= sprintf('%s', htmlspecialchars($path, ENT_XML1)); $e .= ''; foreach ($item as $name => $value) { if (null === $value) { continue; } $pos = strrpos($name, ':'); $ns = substr($name, 0, strrpos($name, ':')); $tag_name = substr($name, strrpos($name, ':') + 1); $alias = $root_namespaces[$ns] ?? null; $attributes = ''; // The ownCloud Android app doesn't like formatted dates, it makes it crash. // so force it to have a timestamp if ($name == 'DAV::creationdate' && ($value instanceof \DateTimeInterface) && false !== stripos($_SERVER['HTTP_USER_AGENT'] ?? '', 'owncloud')) { $value = $value->getTimestamp(); } // ownCloud app crashes if mimetype is provided for a directory // https://github.com/owncloud/android/issues/3768 elseif ($name == 'DAV::getcontenttype' && ($item['DAV::resourcetype'] ?? null) == 'collection') { $value = null; } if ($name == 'DAV::resourcetype' && $value == 'collection') { $value = ''; } elseif ($name == 'DAV::getetag' && strlen($value) && $value[0] != '"') { $value = '"' . $value . '"'; } elseif ($value instanceof \DateTimeInterface) { // Change value to GMT $value = clone $value; $value->setTimezone(new \DateTimeZone('GMT')); $value = $value->format(DATE_RFC7231); } elseif (is_array($value)) { $attributes = $value['attributes'] ?? ''; $value = $value['xml'] ?? null; } else { $value = htmlspecialchars($value, ENT_XML1); } // NULL namespace, see Litmus FAQ for propnullns if (!$ns) { $attributes .= ' xmlns=""'; } else { $tag_name = $alias . ':' . $tag_name; } if (null === $value || self::EMPTY_PROP_VALUE === $value) { $e .= sprintf('<%s%s />', $tag_name, $attributes ? ' ' . $attributes : ''); } else { $e .= sprintf('<%s%s>%s', $tag_name, $attributes ? ' ' . $attributes : '', $value); } } $e .= 'HTTP/1.1 200 OK' . "\n"; // Append missing properties if (!empty($requested)) { $missing_properties = array_diff($requested_keys, array_keys($item)); if (count($missing_properties)) { $e .= ''; foreach ($missing_properties as $name) { $pos = strrpos($name, ':'); $ns = substr($name, 0, strrpos($name, ':')); $name = substr($name, strrpos($name, ':') + 1); $alias = $root_namespaces[$ns] ?? null; // NULL namespace, see Litmus FAQ for propnullns if (!$alias) { $e .= sprintf('<%s xmlns="" />', $name); } else { $e .= sprintf('<%s:%s />', $alias, $name); } } $e .= 'HTTP/1.1 404 Not Found'; } } $e .= '' . "\n"; $out .= $e; } $out .= ''; return $out; } static public function parsePropPatch(string $body): array { if (false !== strpos($body, 'getDocNameSpaces()))) { $_ns = 'DAV:'; } $out = []; // Process set/remove instructions in order (important) foreach ($xml->children($_ns) as $child) { foreach ($child->children($_ns) as $prop) { $prop = $prop->children(); if ($child->getName() == 'set') { $ns = $prop->getNamespaces(true); $ns = array_flip($ns); $name = key($ns) . ':' . $prop->getName(); $attributes = $prop->attributes(); $attributes = $attributes === null ? null : iterator_to_array($attributes); foreach ($ns as $xmlns => $alias) { foreach (iterator_to_array($prop->attributes($alias)) as $key => $v) { $attributes[$xmlns . ':' . $key] = $value; } } if ($prop->count() > 1) { $text = ''; foreach ($prop->children() as $c) { $text .= $c->asXML(); } } else { $text = (string)$prop; } $out[$name] = ['action' => 'set', 'attributes' => $attributes ?: null, 'content' => $text ?: null]; } else { $ns = $prop->getNamespaces(); $name = current($ns) . ':' . $prop->getName(); $out[$name] = ['action' => 'remove']; } } } return $out; } public function http_proppatch(string $uri): ?string { $uri = $this->_prefix($uri); $this->checkLock($uri); $prefix = '' . "\n"; $prefix.= 'parsePropPatch($body); $root_namespaces = []; $i = 0; $set_time = null; $set_time_name = null; foreach ($properties as $name => $value) { $pos = strrpos($name, ':'); $ns = substr($name, 0, $pos); if (!array_key_exists($ns, $root_namespaces)) { $alias = 'rns' . $i++; $root_namespaces[$ns] = $alias; $prefix .= sprintf(' xmlns:%s="%s"', $alias, htmlspecialchars($ns, ENT_XML1)); } } // See if the client wants to set the modification time foreach (self::MODIFICATION_TIME_PROPERTIES as $name) { if (!array_key_exists($name, $properties) || $value['action'] !== 'set' || empty($value['content'])) { continue; } $ts = $value['content']; if (ctype_digit($ts)) { $ts = '@' . $ts; } $set_time = new \DateTime($value['content']); $set_time_name = $name; } $prefix .= sprintf(">\n\n %s\n", htmlspecialchars($url, ENT_XML1)); // http_response_code doesn't know the 207 status code header('HTTP/1.1 207 Multi-Status', true); header('Content-Type: application/xml; charset=utf-8', true); if (!count($properties)) { return $prefix . $suffix; } if ($set_time) { unset($properties[$set_time_name]); } $return = $this->storage->proppatch($uri, $properties); if ($set_time && $this->touch($uri, $set_time)) { $return[$set_time_name] = 200; } $out = ''; static $messages = [ 200 => 'OK', 403 => 'Forbidden', 409 => 'Conflict', 427 => 'Failed Dependency', 507 => 'Insufficient Storage', ]; foreach ($return as $name => $status) { $pos = strrpos($name, ':'); $ns = substr($name, 0, $pos); $name = substr($name, $pos + 1); $out .= " \n "; $out .= sprintf("<%s:%s />\n HTTP/1.1 %d %s", $root_namespaces[$ns], $name, $status, $messages[$status] ?? '' ); $out .= "\n \n"; } $out .= "\n"; return $prefix . $out . $suffix; } public function http_lock(string $uri): ?string { $uri = $this->_prefix($uri); // We don't use this currently, but maybe later? //$depth = !empty($this->_SERVER['HTTP_DEPTH']) ? 1 : 0; //$timeout = isset($_SERVER['HTTP_TIMEOUT']) ? explode(',', $_SERVER['HTTP_TIMEOUT']) : []; //$timeout = array_map('trim', $timeout); if (empty($_SERVER['CONTENT_LENGTH']) && !empty($_SERVER['HTTP_IF'])) { $token = $this->getLockToken(); if (!$token) { throw new Exception('Invalid If header', 400); } $info = null; $ns = 'D'; $scope = self::EXCLUSIVE_LOCK; $this->checkLock($uri, $token); $this->log('Requesting LOCK refresh: %s = %s', $uri, $scope); } else { $locked_scope = $this->storage->getLock($uri); if ($locked_scope == self::EXCLUSIVE_LOCK) { throw new Exception('Cannot acquire another lock, resource is locked for exclusive use', 423); } if ($locked_scope && $token = $this->getLockToken()) { $token = $this->getLockToken(); if (!$token) { throw new Exception('Missing lock token', 423); } $this->checkLock($uri, $token); } $xml = file_get_contents('php://input'); if (!preg_match('!<((?:(\w+):)?lockinfo)[^>]*>(.*?)!is', $xml, $match)) { throw new Exception('Invalid XML', 400); } $ns = $match[2]; $info = $match[3]; // Quick and dirty UUID $uuid = random_bytes(16); $uuid[6] = chr(ord($uuid[6]) & 0x0f | 0x40); // set version to 0100 $uuid[8] = chr(ord($uuid[8]) & 0x3f | 0x80); // set bits 6-7 to 10 $uuid = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($uuid), 4)); $token = 'opaquelocktoken:' . $uuid; $scope = false !== stripos($info, sprintf('<%sexclusive', $ns ? $ns . ':' : '')) ? self::EXCLUSIVE_LOCK : self::SHARED_LOCK; $this->log('Requesting LOCK: %s = %s', $uri, $scope); } $this->storage->lock($uri, $token, $scope); $timeout = 60*5; $info = sprintf(' unknown %d Second-%d %s ', $scope, 1, $timeout, $token); http_response_code(200); header('Content-Type: application/xml; charset=utf-8'); header(sprintf('Lock-Token: <%s>', $token)); $out = '' . "\n"; $out .= ''; $out .= ''; $out .= $info; $out .= ''; if ($ns != 'D') { $out = str_replace('D:', $ns ? $ns . ':' : '', $out); $out = str_replace('xmlns:D', $ns ? 'xmlns:' . $ns : 'xmlns', $out); } return $out; } public function http_unlock(string $uri): ?string { $uri = $this->_prefix($uri); $token = $this->getLockToken(); if (!$token) { throw new Exception('Invalid Lock-Token header', 400); } $this->log('<= Lock Token: %s', $token); $this->checkLock($uri, $token); $this->storage->unlock($uri, $token); http_response_code(204); return null; } protected function getLockToken(): ?string { if (isset($_SERVER['HTTP_LOCK_TOKEN']) && preg_match('/<(.*?)>/', trim($_SERVER['HTTP_LOCK_TOKEN']), $match)) { return $match[1]; } elseif (isset($_SERVER['HTTP_IF']) && preg_match('/\(<(.*?)>\)/', trim($_SERVER['HTTP_IF']), $match)) { return $match[1]; } else { return null; } } protected function checkLock(string $uri, ?string $token = null): void { if ($token === null) { $token = $this->getLockToken(); } // Trying to access using a parent directory if (isset($_SERVER['HTTP_IF']) && preg_match('/<([^>]+)>\s*\(<[^>]*>\)/', $_SERVER['HTTP_IF'], $match)) { $root = $this->getURI($match[1]); if (0 !== strpos($uri, $root)) { throw new Exception('Invalid "If" header path: ' . $root, 400); } $uri = $root; } // Try to validate token elseif (isset($_SERVER['HTTP_IF']) && preg_match('/\(<([^>]*)>\s+\["([^""]+)"\]\)/', $_SERVER['HTTP_IF'], $match)) { $token = $match[1]; $request_etag = $match[2]; $etag = current($this->storage->propfind($uri, ['DAV::getetag'], 0)); if ($request_etag != $etag) { throw new Exception('Resource is locked and etag does not match', 412); } } if ($token == 'DAV:no-lock') { throw new Exception('Resource is locked', 412); } // Token is valid if ($token && $this->storage->getLock($uri, $token)) { return; } elseif ($token) { throw new Exception('Invalid token', 400); } // Resource is locked elseif ($this->storage->getLock($uri)) { throw new Exception('Resource is locked', 423); } } protected function dav_header() { header('DAV: 1, 2, 3'); } public function http_options(): void { http_response_code(200); $methods = 'GET HEAD PUT DELETE COPY MOVE PROPFIND MKCOL LOCK UNLOCK'; $this->dav_header(); header('Allow: ' . $methods); header('Content-length: 0'); header('Accept-Ranges: bytes'); header('MS-Author-Via: DAV'); } public function log(string $message, ...$params) { if (PHP_SAPI == 'cli-server') { file_put_contents('php://stderr', vsprintf($message, $params) . "\n"); } } protected function getURI(string $source): string { $uri = parse_url($source, PHP_URL_PATH); $uri = rawurldecode($uri); $uri = trim($uri, '/'); $uri = '/' . $uri; if ($uri . '/' === $this->base_uri) { $uri .= '/'; } if (strpos($uri, $this->base_uri) !== 0) { throw new Exception(sprintf('Invalid URI, "%s" is outside of scope "%s"', $uri, $this->base_uri), 400); } $uri = preg_replace('!/{2,}!', '/', $uri); if (false !== strpos($uri, '..')) { throw new Exception(sprintf('Invalid URI: "%s"', $uri), 403); } $uri = substr($uri, strlen($this->base_uri)); $uri = $this->_prefix($uri); return $uri; } public function route(?string $uri = null): bool { if (null === $uri) { $uri = $_SERVER['REQUEST_URI'] ?? '/'; } $uri = '/' . ltrim($uri, '/'); $this->original_uri = $uri; if ($uri . '/' == $this->base_uri) { $uri .= '/'; } if (0 === strpos($uri, $this->base_uri)) { $uri = substr($uri, strlen($this->base_uri)); } else { $this->log('<= %s is not a managed URL (%s)', $uri, $this->base_uri); return false; } // Add some extra-logging for Litmus tests if (isset($_SERVER['HTTP_X_LITMUS']) || isset($_SERVER['HTTP_X_LITMUS_SECOND'])) { $this->log('X-Litmus: %s', $_SERVER['HTTP_X_LITMUS'] ?? $_SERVER['HTTP_X_LITMUS_SECOND']); } $method = $_SERVER['REQUEST_METHOD'] ?? null; header_remove('Expires'); header_remove('Pragma'); header_remove('Cache-Control'); header('X-Server: KD2', true); // Stop and send reply to OPTIONS before anything else if ($method == 'OPTIONS') { $this->log('<= OPTIONS'); $this->http_options(); return true; } $uri = rawurldecode($uri); $uri = trim($uri, '/'); $uri = preg_replace('!/{2,}!', '/', $uri); $this->log('<= %s /%s', $method, $uri); try { if (false !== strpos($uri, '..')) { throw new Exception(sprintf('Invalid URI: "%s"', $uri), 403); } // Call 'http_method' class method $method = 'http_' . strtolower($method); if (!method_exists($this, $method)) { throw new Exception('Invalid request method', 405); } $out = $this->$method($uri); $this->log('=> %d', http_response_code()); if (null !== $out) { $this->log('=> %s', $out); } echo $out; } catch (Exception $e) { $this->error($e); } return true; } function error(Exception $e) { $this->log('=> %d - %s', $e->getCode(), $e->getMessage()); if ($e->getCode() == 423) { // http_response_code doesn't know about 423 Locked header('HTTP/1.1 423 Locked'); } else { http_response_code($e->getCode()); } header('Content-Type: application/xml; charset=utf-8', true); printf('%s', htmlspecialchars($e->getMessage(), ENT_XML1)); } static public function hmac(array $data, string $key = '') { // Protect against length attacks by pre-hashing data $data = array_map('sha1', $data); $data = implode(':', $data); return hash_hmac('sha1', $data, sha1($key)); } } abstract class AbstractStorage { abstract public function get(string $uri): ?array; abstract public function exists(string $uri): bool; abstract public function propfind(string $uri, ?array $requested_properties, int $depth): ?array; public function proppatch(string $uri, array $properties): array { // By default, properties are not saved } abstract public function put(string $uri, $pointer, ?string $hash_algo, ?string $hash): bool; abstract public function delete(string $uri): void; abstract public function copy(string $uri, string $destination): bool; abstract public function move(string $uri, string $destination): bool; abstract public function mkcol(string $uri): void; abstract public function list(string $uri, array $properties): iterable; abstract public function touch(string $uri, \DateTimeInterface $timestamp): bool; public function lock(string $uri, string $token, string $scope): void { // By default locking is not implemented } public function unlock(string $uri, string $token): void { // By default locking is not implemented } public function getLock(string $uri, ?string $token = null): ?string { // By default locking is not implemented, so NULL is always returned return null; } } } namespace PicoDAV { use KD2\WebDAV\AbstractStorage; use KD2\WebDAV\Exception as WebDAV_Exception; class Storage extends AbstractStorage { /** * These file names will be ignored when doing a PUT * as they are garbage, coming from some OS */ const PUT_IGNORE_PATTERN = '!^~(?:lock\.|^\._)|^(?:\.DS_Store|Thumbs\.db|desktop\.ini)$!'; protected string $path; protected ?string $user = null; public array $users = []; public function __construct(string $path) { $this->path = $path . '/'; } public function auth(): bool { if (ANONYMOUS_WRITE && ANONYMOUS_READ) { return true; } if ($this->user) { return true; } $user = $_SERVER['PHP_AUTH_USER'] ?? null; $password = $_SERVER['PHP_AUTH_PW'] ?? null; if (!array_key_exists($user, $this->users)) { return false; } $hash = $this->users[$user]['password'] ?? null; // If no password is set, we accept any password as we consider that a .htaccess/.htpasswd // access has been granted if (null !== $hash && !password_verify($password, $hash)) { return false; } $this->user = $user; return true; } static protected function glob(string $path, string $pattern = '', int $flags = 0): array { $path = preg_replace('/[\*\?\[\]]/', '\\\\$0', $path); return glob($path . $pattern, $flags); } public function canRead(string $uri): bool { if (in_array($uri, INTERNAL_FILES)) { return false; } if (preg_match('/\.(?:php\d?|phtml|phps)$|^\./i', $uri)) { return false; } if (ANONYMOUS_READ) { return true; } if (!$this->auth()) { return false; } $restrict = $this->users[$this->user]['restrict'] ?? []; if (!is_array($restrict) || empty($restrict)) { return true; } foreach ($restrict as $match) { if (0 === strpos($uri, $match)) { return true; } } return false; } public function canWrite(string $uri): bool { if (!$this->auth() && !ANONYMOUS_WRITE) { return false; } if (!$this->canRead($uri)) { return false; } if (ANONYMOUS_WRITE) { return true; } if (!$this->auth() || empty($this->users[$this->user]['write'])) { return false; } $restrict = $this->users[$this->user]['restrict_write'] ?? []; if (!is_array($restrict) || empty($restrict)) { return true; } foreach ($restrict as $match) { if (0 === strpos($uri, $match)) { return true; } } return false; } public function canOnlyCreate(string $uri): bool { $restrict = $this->users[$this->user]['restrict_write'] ?? []; if (in_array($uri, $restrict, true)) { return true; } $restrict = $this->users[$this->user]['restrict'] ?? []; if (in_array($uri, $restrict, true)) { return true; } return false; } public function list(string $uri, ?array $properties): iterable { if (!$this->canRead($uri . '/')) { //throw new WebDAV_Exception('Access forbidden', 403); } $dirs = self::glob($this->path . $uri, '/*', \GLOB_ONLYDIR); $dirs = array_map('basename', $dirs); $dirs = array_filter($dirs, fn($a) => $this->canRead(ltrim($uri . '/' . $a, '/') . '/')); natcasesort($dirs); $files = self::glob($this->path . $uri, '/*'); $files = array_map('basename', $files); $files = array_diff($files, $dirs); // Remove PHP files and dot-files from listings $files = array_filter($files, fn($a) => $this->canRead(ltrim($uri . '/' . $a, '/'))); natcasesort($files); $files = array_flip(array_merge($dirs, $files)); $files = array_map(fn($a) => null, $files); return $files; } public function get(string $uri): ?array { if (!$this->canRead($uri)) { throw new WebDAV_Exception('Access forbidden', 403); } $path = $this->path . $uri; if (!file_exists($path)) { return null; } return ['path' => $path]; } public function exists(string $uri): bool { return file_exists($this->path . $uri); } public function get_file_property(string $uri, string $name, int $depth) { $target = $this->path . $uri; switch ($name) { case 'DAV::displayname': return basename($uri); case 'DAV::getcontentlength': return is_dir($target) ? null : filesize($target); case 'DAV::getcontenttype': // ownCloud app crashes if mimetype is provided for a directory // https://github.com/owncloud/android/issues/3768 return is_dir($target) ? null : mime_content_type($target); case 'DAV::resourcetype': return is_dir($target) ? 'collection' : ''; case 'DAV::getlastmodified': $mtime = filemtime($target); if (!$mtime) { return null; } return new \DateTime('@' . $mtime); case 'DAV::ishidden': return basename($target)[0] == '.'; case 'DAV::getetag': $hash = filemtime($target) . filesize($target); return md5($hash . $target); case 'DAV::lastaccessed': return new \DateTime('@' . fileatime($target)); case 'DAV::creationdate': return new \DateTime('@' . filectime($target)); case 'http://owncloud.org/ns:permissions': $permissions = 'G'; if (is_dir($target)) { $uri .= '/'; } if (is_writeable($target) && $this->canWrite($uri)) { // If the directory is one of the restricted paths, // then we can only do stuff INSIDE, and not delete/rename the directory itself if ($this->canOnlyCreate($uri)) { $permissions .= 'CK'; } else { $permissions .= 'DNVWCK'; } } return $permissions; case Server::PROP_DIGEST_MD5: if (!is_file($target) || is_dir($target) || !is_readable($target)) { return null; } return md5_file($target); default: break; } return null; } public function propfind(string $uri, ?array $properties, int $depth): ?array { $target = $this->path . $uri; if (!file_exists($target)) { return null; } if (null === $properties) { $properties = Server::BASIC_PROPERTIES; } $out = []; foreach ($properties as $name) { $v = $this->get_file_property($uri, $name, $depth); if (null !== $v) { $out[$name] = $v; } } return $out; } public function put(string $uri, $pointer, ?string $hash_algo, ?string $hash): bool { if (preg_match(self::PUT_IGNORE_PATTERN, basename($uri))) { return false; } if (!$this->canWrite($uri)) { throw new WebDAV_Exception('Access forbidden', 403); } $target = $this->path . $uri; $parent = dirname($target); if (is_dir($target)) { throw new WebDAV_Exception('Target is a directory', 409); } if (!file_exists($parent)) { mkdir($parent, 0770, true); } $new = !file_exists($target); $delete = false; $size = 0; $quota = disk_free_space($this->path); $tmp_file = $this->path . '.tmp.' . sha1($target); $out = fopen($tmp_file, 'w'); while (!feof($pointer)) { $bytes = fread($pointer, 8192); $size += strlen($bytes); if ($size > $quota) { $delete = true; break; } fwrite($out, $bytes); } fclose($out); fclose($pointer); if ($delete) { @unlink($tmp_file); throw new WebDAV_Exception('Your quota is exhausted', 507); } elseif ($hash && $hash_algo == 'MD5' && md5_file($tmp_file) != $hash) { @unlink($tmp_file); throw new WebDAV_Exception('The data sent does not match the supplied MD5 hash', 400); } elseif ($hash && $hash_algo == 'SHA1' && sha1_file($tmp_file) != $hash) { @unlink($tmp_file); throw new WebDAV_Exception('The data sent does not match the supplied SHA1 hash', 400); } else { rename($tmp_file, $target); } return $new; } public function delete(string $uri): void { if (!$this->canWrite($uri)) { throw new WebDAV_Exception('Access forbidden', 403); } if ($this->canOnlyCreate($uri)) { throw new WebDAV_Exception('Access forbidden', 403); } $target = $this->path . $uri; if (!file_exists($target)) { throw new WebDAV_Exception('Target does not exist', 404); } if (!is_writeable($target)) { throw new WebDAV_Exception('File permissions says that you cannot delete this, sorry.', 403); } if (is_dir($target)) { foreach (self::glob($target, '/*') as $file) { $this->delete(substr($file, strlen($this->path))); } rmdir($target); } else { unlink($target); } } public function copymove(bool $move, string $uri, string $destination): bool { if (!$this->canWrite($uri) || !$this->canWrite($destination) || $this->canOnlyCreate($uri)) { throw new WebDAV_Exception('Access forbidden', 403); } $source = $this->path . $uri; $target = $this->path . $destination; $parent = dirname($target); if (!file_exists($source)) { throw new WebDAV_Exception('File not found', 404); } $overwritten = file_exists($target); if (!is_dir($parent)) { throw new WebDAV_Exception('Target parent directory does not exist', 409); } if (false === $move) { $quota = disk_free_space($this->path); if (filesize($source) > $quota) { throw new WebDAV_Exception('Your quota is exhausted', 507); } } if ($overwritten) { $this->delete($destination); } $method = $move ? 'rename' : 'copy'; if ($method == 'copy' && is_dir($source)) { @mkdir($target, 0770, true); foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($source), \RecursiveIteratorIterator::SELF_FIRST) as $item) { if ($item->isDir()) { @mkdir($target . DIRECTORY_SEPARATOR . $iterator->getSubPathname()); } else { copy($item, $target . DIRECTORY_SEPARATOR . $iterator->getSubPathname()); } } } else { $method($source, $target); $this->getResourceProperties($uri)->move($destination); } return $overwritten; } public function copy(string $uri, string $destination): bool { return $this->copymove(false, $uri, $destination); } public function move(string $uri, string $destination): bool { return $this->copymove(true, $uri, $destination); } public function mkcol(string $uri): void { if (!$this->canWrite($uri)) { throw new WebDAV_Exception('Access forbidden', 403); } if (!disk_free_space($this->path)) { throw new WebDAV_Exception('Your quota is exhausted', 507); } $target = $this->path . $uri; $parent = dirname($target); if (file_exists($target)) { throw new WebDAV_Exception('There is already a file with that name', 405); } if (!file_exists($parent)) { throw new WebDAV_Exception('The parent directory does not exist', 409); } mkdir($target, 0770); } public function touch(string $uri, \DateTimeInterface $datetime): bool { $target = $this->path . $uri; return @touch($target, $datetime->getTimestamp()); } } class Server extends \KD2\WebDAV\Server { protected function html_directory(string $uri, iterable $list): ?string { $out = parent::html_directory($uri, $list); if (null !== $out) { $out = str_replace('', sprintf('', rtrim($this->base_uri, '/')), $out); } return $out; } public function route(?string $uri = null): bool { if (!ANONYMOUS_WRITE && !ANONYMOUS_READ && !$this->storage->auth()) { $this->requireAuth(); return true; } return parent::route($uri); } protected function requireAuth(): void { http_response_code(401); header('WWW-Authenticate: Basic realm="Please login"'); echo '

Error 401

You need to login to access this.

'; } public function error(WebDAV_Exception $e) { if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) { return; } parent::error($e); } protected string $_log = ''; public function log(string $message, ...$params): void { if (!HTTP_LOG_FILE) { return; } $this->_log .= vsprintf($message, $params) . "\n"; } public function __destruct() { if (!$this->_log) { return; } file_put_contents(HTTP_LOG_FILE, $this->_log, \FILE_APPEND); } } } namespace { use PicoDAV\Server; use PicoDAV\Storage; $uri = strtok($_SERVER['REQUEST_URI'], '?'); $self = $_SERVER['SCRIPT_FILENAME']; $self_dir = dirname($self); $root = substr(dirname($_SERVER['SCRIPT_FILENAME']), strlen($_SERVER['DOCUMENT_ROOT'])); $root = '/' . ltrim($root, '/'); if (false !== strpos($uri, '..')) { http_response_code(404); die('Invalid URL'); } $relative_uri = ltrim(substr($uri, strlen($root)), '/'); if (!empty($_SERVER['SERVER_SOFTWARE']) && stristr($_SERVER['SERVER_SOFTWARE'], 'apache') && !file_exists($self_dir . '/.htaccess')) { file_put_contents($self_dir . '/.htaccess', str_replace('index.php', basename($self), 'DirectoryIndex disabled RedirectMatch 404 \\.picodav\\.ini RewriteEngine On RewriteBase / # Uncomment the following 2 lignes to make things a bit faster for # downloading files, AND you don\'t use PicoDAV users to manage access, # but a regular .htpasswd file and config for your web server. #RewriteCond %{REQUEST_FILENAME} !-f [OR] #RewriteCond %{REQUEST_METHOD} !GET RewriteRule ^.*$ /index.php [END] ')); } if ($relative_uri == '.webdav/webdav.js' || $relative_uri == '.webdav/webdav.css') { http_response_code(200); if ($relative_uri == '.webdav/webdav.js') { header('Content-Type: text/javascript', true); } else { header('Content-Type: text/css', true); } $seconds_to_cache = 3600 * 24 * 5; $ts = gmdate("D, d M Y H:i:s", time() + $seconds_to_cache) . " GMT"; header("Expires: " . $ts); header("Pragma: cache"); header("Cache-Control: max-age=" . $seconds_to_cache); $fp = fopen(__FILE__, 'r'); if ($relative_uri == '.webdav/webdav.js') { fseek($fp, 55024, SEEK_SET); echo fread($fp, 27891); } else { fseek($fp, 55024 + 27891, SEEK_SET); echo fread($fp, 7004); } fclose($fp); exit; } $config_file = $self_dir . '/.picodav.ini'; define('PicoDAV\INTERNAL_FILES', ['.picodav.ini', $self_dir, '.webdav/webdav.js', '.webdav/webdav.css']); const DEFAULT_CONFIG = [ 'ANONYMOUS_READ' => true, 'ANONYMOUS_WRITE' => false, 'HTTP_LOG_FILE' => null, ]; $config = []; $storage = new Storage($self_dir); if (file_exists($config_file)) { $config = parse_ini_file($config_file, true); $users = array_filter($config, 'is_array'); $config = array_diff_key($config, $users); $config = array_change_key_case($config, \CASE_UPPER); $replace = []; // Encrypt plaintext passwords foreach ($users as $name => $properties) { if (isset($properties['password']) && substr($properties['password'], 0, 1) != '$') { $users[$name]['password'] = $replace[$name] = password_hash($properties['password'], null); } } if (count($replace)) { $lines = file($config_file); $current = null; foreach ($lines as &$line) { if (preg_match('/^\s*\[(\w+)\]\s*$/', $line, $match)) { $current = $match[1]; continue; } if ($current && isset($replace[$current]) && preg_match('/^\s*password\s*=/', $line)) { $line = sprintf("password = %s\n", var_export($replace[$current], true)); } } unset($line, $current); file_put_contents($config_file, implode('', $lines)); } $storage->users = $users; } foreach (DEFAULT_CONFIG as $key => $value) { if (array_key_exists($key, $config)) { $value = $config[$key]; } if (is_bool(DEFAULT_CONFIG[$key])) { $value = boolval($value); } define('PicoDAV\\' . $key, $value); } $dav = new Server(); $dav->setStorage($storage); $dav->setBaseURI($root); if (!$dav->route($uri)) { http_response_code(404); die('Unknown URL, sorry.'); } exit; ?> var css_url = document.currentScript.src.replace(/\/[^\/]+$/, '') + '/webdav.css'; const WebDAVNavigator = (url, options) => { // Microdown // https://github.com/commit-intl/micro-down const microdown=function(){function l(n,e,r){return"<"+n+(r?" "+Object.keys(r).map(function(n){return r[n]?n+'="'+(a(r[n])||"")+'"':""}).join(" "):"")+">"+e+""}function c(n,e){return e=n.match(/^[+-]/m)?"ul":"ol",n?"<"+e+">"+n.replace(/(?:[+-]|\d+\.) +(.*)\n?(([ \t].*\n?)*)/g,function(n,e,r){return"
  • "+g(e+"\n"+(t=r||"").replace(new RegExp("^"+(t.match(/^\s+/)||"")[0],"gm"),"").replace(o,c))+"
  • ";var t})+"":""}function e(r,t,u,c){return function(n,e){return n=n.replace(t,u),l(r,c?c(n):n)}}function t(n,u){return f(n,[//g,"\x3c!--$1--\x3e",/^("""|```)(.*)\n((.*\n)*?)\1/gm,function(n,e,r,t){return'"""'===e?l("div",p(t,u),{class:r}):u&&u.preCode?l("pre",l("code",a(t),{class:r})):l("pre",a(t),{class:r})},/(^>.*\n?)+/gm,e("blockquote",/^> ?(.*)$/gm,"$1",r),/((^|\n)\|.+)+/g,e("table",/^.*(\n\|---.*?)?$/gm,function(n,t){return e("tr",/\|(-?)([^|]*)\1(\|$)?/gm,function(n,e,r){return l(e||t?"th":"td",g(r))})(n.slice(0,n.length-(t||"").length))}),o,c,/#\[([^\]]+?)]/g,'',/^(#+) +(.*)(?:$)/gm,function(n,e,r){return l("h"+e.length,g(r))},/^(===+|---+)(?=\s*$)/gm,"
    "],p,u)}var i=this,a=function(n){return n?n.replace(/"/g,""").replace(//g,">"):""},o=/(?:(^|\n)([+-]|\d+\.) +(.*(\n[ \t]+.*)*))+/g,g=function c(n,i){var o=[];return n=(n||"").trim().replace(/`([^`]*)`/g,function(n,e){return"\\"+o.push(l("code",a(e)))}).replace(/[!&]?\[([!&]?\[.*?\)|[^\]]*?)]\((.*?)( .*?)?\)|(\w+:\/\/[$\-.+!*'()/,\w]+)/g,function(n,e,r,t,u){return u?i?n:"\\"+o.push(l("a",u,{href:u})):"&"==n[0]?(e=e.match(/^(.+),(.+),([^ \]]+)( ?.+?)?$/),"\\"+o.push(l("iframe","",{width:e[1],height:e[2],frameborder:e[3],class:e[4],src:r,title:t}))):"\\"+o.push("!"==n[0]?l("img","",{src:r,alt:e,title:t}):l("a",c(e,1),{href:r,title:t}))}),n=function r(n){return n.replace(/\\(\d+)/g,function(n,e){return r(o[Number.parseInt(e)-1])})}(i?n:r(n))},r=function t(n){return f(n,[/([*_]{1,3})((.|\n)+?)\1/g,function(n,e,r){return e=e.length,r=t(r),1"],t)},f=function(n,e,r,t){for(var u,c=0;c typeof lang_strings != 'undefined' && key in lang_strings ? lang_strings[key] : key; const rename_button = ``; const delete_button = ``; const edit_button = ``; const mkdir_dialog = ``; const mkfile_dialog = ``; const rename_dialog = ``; const paste_upload_dialog = `

    Upload this file?

    `; const edit_dialog = ``; const markdown_dialog = `
    `; const delete_dialog = `

    ${_('Confirm delete?')}

    `; const wopi_dialog = ``; const dialog_tpl = `

    %s
    %b
    `; const html_tpl = ` Files
    `; const body_tpl = `

    %title%

    %table%
    `; const create_buttons = ` `; const dir_row_tpl = `%icon%%name%%modified%
    `; const file_row_tpl = `%icon%%name%%size_bytes%%modified%`; const propfind_tpl = '<'+ `?xml version="1.0" encoding="UTF-8"?> `; const wopi_propfind_tpl = '<' + `?xml version="1.0" encoding="UTF-8"?> `; const html = (unsafe) => { return unsafe.replace(/&/g, "&").replace(//g, ">").replace(/"/g, """).replace(/'/g, "'"); }; const reqXML = (method, url, body, headers) => { return req(method, url, body, headers).then((r) => { if (!r.ok) { throw new Error(r.status + ' ' + r.statusText); } return r.text(); }).then(str => new window.DOMParser().parseFromString(str, "text/xml")); }; const reqAndReload = (method, url, body, headers) => { animateLoading(); req(method, url, body, headers).then(r => { stopLoading(); if (!r.ok) { return r.text().then(t => { var message; if (a = t.match(/<((?:\w+:)?message)>(.*)<\/\1>/)) { message = "\n" + a[2]; } throw new Error(r.status + ' ' + r.statusText + message); }); } reloadListing(); }).catch(e => { console.error(e); alert(e); }); return false; }; const req = (method, url, body, headers) => { if (!headers) { headers = {}; } if (auth_header) { headers.Authorization = auth_header; } return fetch(url, {method, body, headers}); }; const xhr = (method, url, progress_callback) => { var xhr = new XMLHttpRequest(); current_xhr = xhr; xhr.responseType = 'blob'; var p = new Promise((resolve, reject) => { xhr.open(method, url); xhr.onload = function () { if (this.status >= 200 && this.status < 300) { resolve(xhr.response); } else { reject({ status: this.status, statusText: xhr.statusText }); } }; xhr.onerror = function () { reject({ status: this.status, statusText: xhr.statusText }); }; xhr.onprogress = progress_callback; xhr.send(); }); return p; }; const get_url = async (url) => { var progress = (e) => { var p = $('progress'); if (!p || e.loaded <= 0) return; p.value = e.loaded; $('.progress_bytes').innerHTML = formatBytes(e.loaded); }; if (temp_object_url) { window.URL.revokeObjectURL(temp_object_url); } return await xhr('GET', url, progress).then(blob => { temp_object_url = window.URL.createObjectURL(blob); return temp_object_url; }); }; const wopi_init = async () => { try { var d = await reqXML('GET', wopi_discovery_url); } catch (e) { reloadListing(); return; } d.querySelectorAll('app').forEach(app => { var mime = (a = app.getAttribute('name').match(/^.*\/.*$/)) ? a[0] : null; wopi_mimes[mime] = {}; app.querySelectorAll('action').forEach(action => { var ext = action.getAttribute('ext').toUpperCase(); var url = action.getAttribute('urlsrc').replace(/<[^>]*&>/g, ''); var name = action.getAttribute('name'); if (mime) { wopi_mimes[mime][name] = url; } else { if (!wopi_extensions.hasOwnProperty(ext)) { wopi_extensions[ext] = {}; } wopi_extensions[ext][name] = url; } }); }); reloadListing(); }; const wopi_getEditURL = (name, mime) => { var file_ext = name.replace(/^.*\.(\w+)$/, '$1').toUpperCase(); if (wopi_mimes.hasOwnProperty(mime) && wopi_mimes[mime].hasOwnProperty('edit')) { return wopi_mimes[mime].edit; } else if (wopi_extensions.hasOwnProperty(file_ext) && wopi_extensions[file_ext].hasOwnProperty('edit')) { return wopi_extensions[file_ext].edit; } return null; }; const wopi_getViewURL = (name, mime) => { var file_ext = name.replace(/^.*\.(\w+)$/, '$1').toUpperCase(); if (wopi_mimes.hasOwnProperty(mime) && wopi_mimes[mime].hasOwnProperty('view')) { return wopi_mimes[mime].view; } else if (wopi_extensions.hasOwnProperty(file_ext) && wopi_extensions[file_ext].hasOwnProperty('view')) { return wopi_extensions[file_ext].view; } return wopi_getEditURL(name, mime); }; const wopi_open = async (document_url, wopi_url) => { var properties = await reqXML('PROPFIND', document_url, wopi_propfind_tpl, {'Depth': '0'}); var src = (a = properties.querySelector('file-url')) ? a.textContent : null; var token = (a = properties.querySelector('token')) ? a.textContent : null; var token_ttl = (a = properties.querySelector('token-ttl')) ? a.textContent : +(new Date(Date.now() + 3600 * 1000)); if (!src || !token) { alert('Cannot open document: WebDAV server did not return WOPI properties'); } wopi_url += '&WOPISrc=' + encodeURIComponent(src); openDialog(wopi_dialog, false); $('dialog').className = 'preview'; var f = $('dialog form'); f.target = 'wopi_frame'; f.action = wopi_url; f.method = 'post'; f.insertAdjacentHTML('beforeend', ``); f.submit(); }; const template = (tpl, params) => { return tpl.replace(/%(\w+)%/g, (a, b) => { return params[b]; }); }; const openDialog = (html, ok_btn = true) => { var tpl = dialog_tpl.replace(/%b/, ok_btn ? `

    ` : ''); $('body').classList.add('dialog'); $('body').insertAdjacentHTML('beforeend', tpl.replace(/%s/, html)); $('.close input').onclick = closeDialog; evt = window.addEventListener('keyup', (e) => { if (e.key != 'Escape') return; closeDialog(); return false; }); if (a = $('dialog form input, dialog form textarea')) a.focus(); }; const closeDialog = (e) => { if (!$('body').classList.contains('dialog')) { return; } if (current_xhr) { current_xhr.abort(); current_xhr = null; } window.onbeforeunload = null; $('body').classList.remove('dialog'); if (!$('dialog')) return; $('dialog').remove(); window.removeEventListener('keyup', evt); evt = null; }; const download = async (name, size, url) => { window.onbeforeunload = () => { if (current_xhr) { current_xhr.abort(); } return true; }; openDialog(`

    ${html(name)}

    / ${formatBytes(size)}

    `, false); await get_url(url); const a = document.createElement('a'); a.style.display = 'none'; a.href = temp_object_url; a.download = name; document.body.appendChild(a); a.click(); window.URL.revokeObjectURL(temp_object_url); a.remove(); closeDialog(); window.onbeforeunload = null; }; const download_all = async () => { for (var i = 0; i < items.length; i++) { var item = items[i]; if (item.is_dir) { continue; } await download(item.name, item.size, item.uri) } }; const preview = (type, url) => { if (type.match(/^image\//)) { openDialog(``, false); } else if (type.match(/^audio\//)) { openDialog(`