From 9fd5ca2ec2955ee29404be1a39ddd9affcd0c78f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Gro=CC=88nke?= Date: Sat, 19 Jan 2013 16:30:42 +0100 Subject: jQuery latest * jQuery 1.9.0 * jQuery-UI v1.9.2 * jQuery.fn.live > jQuery.fn.on * jQuery.fn.browser replacement (jquery.mb.browser.js) --- lib/exe/js.php | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/exe') diff --git a/lib/exe/js.php b/lib/exe/js.php index 42979eeed..7c1c27138 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -43,6 +43,7 @@ function js_out(){ DOKU_INC."lib/scripts/jquery/jquery$min.js", DOKU_INC.'lib/scripts/jquery/jquery.cookie.js', DOKU_INC."lib/scripts/jquery/jquery-ui$min.js", + DOKU_INC."lib/scripts/jquery/jquery.mb.browser.js", DOKU_INC."lib/scripts/fileuploader.js", DOKU_INC."lib/scripts/fileuploaderextended.js", DOKU_INC.'lib/scripts/helpers.js', -- cgit v1.2.3 From c499bfe13cc054e1a85ba63045d722c713ca8da4 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 26 Jan 2013 12:26:15 +0100 Subject: added jquery-migrate as a copatibility layer this will be removed soon again. plugins using jQuery should make sure they are compatible to jQuery 1.9 --- lib/exe/js.php | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/exe') diff --git a/lib/exe/js.php b/lib/exe/js.php index 7c1c27138..969a811cf 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -44,6 +44,7 @@ function js_out(){ DOKU_INC.'lib/scripts/jquery/jquery.cookie.js', DOKU_INC."lib/scripts/jquery/jquery-ui$min.js", DOKU_INC."lib/scripts/jquery/jquery.mb.browser.js", + DOKU_INC."lib/scripts/jquery/jquery-migrate.js", DOKU_INC."lib/scripts/fileuploader.js", DOKU_INC."lib/scripts/fileuploaderextended.js", DOKU_INC.'lib/scripts/helpers.js', -- cgit v1.2.3 From a6c670e5041ca2038caf0175ab47fced4a3258cb Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 26 Jan 2013 12:35:15 +0100 Subject: added minified version of jquery-migrate --- lib/exe/js.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/js.php b/lib/exe/js.php index 969a811cf..bec6d3d12 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -44,7 +44,7 @@ function js_out(){ DOKU_INC.'lib/scripts/jquery/jquery.cookie.js', DOKU_INC."lib/scripts/jquery/jquery-ui$min.js", DOKU_INC."lib/scripts/jquery/jquery.mb.browser.js", - DOKU_INC."lib/scripts/jquery/jquery-migrate.js", + DOKU_INC."lib/scripts/jquery/jquery-migrate$min.js", DOKU_INC."lib/scripts/fileuploader.js", DOKU_INC."lib/scripts/fileuploaderextended.js", DOKU_INC.'lib/scripts/helpers.js', -- cgit v1.2.3 From d91a4ef556635b5298c47df2856851f0694b2885 Mon Sep 17 00:00:00 2001 From: Klap-in Date: Tue, 29 Jan 2013 01:44:45 +0100 Subject: Add a break to ajax_qsearch() When the search input is still only a few characters, the number of matching pages is big. Browsers have heavy work to progress this whole return, better cut off so only the part that is directly displayed will be sent. --- lib/exe/ajax.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib/exe') diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index 9989269cf..fdc28d4f1 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -57,6 +57,7 @@ function ajax_qsearch(){ print ''.$lang['quickhits'].''; print '
    '; + $counter = 0; foreach($data as $id => $title){ if (useHeading('navigation')) { $name = $title; @@ -69,6 +70,12 @@ function ajax_qsearch(){ } } echo '
  • ' . html_wikilink(':'.$id,$name) . '
    • '; + + $counter ++; + if($counter > 50) { + echo '
  • ...
    • '; + break; + } } print '
'; } -- cgit v1.2.3 From 48606867454b93c7d11708b8193fbc2a4368aaf9 Mon Sep 17 00:00:00 2001 From: Klap-in Date: Sun, 3 Feb 2013 19:53:11 +0100 Subject: use var and remove suggestions when needed Use variable for maximum number of suggestions for quicksearch. And hide suggestions when search field is emptied, or when no suggestion are found. --- lib/exe/ajax.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index fdc28d4f1..9769503a7 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -45,6 +45,8 @@ function ajax_qsearch(){ global $lang; global $INPUT; + $maxnumbersuggestions = 50; + $query = $INPUT->post->str('q'); if(empty($query)) $query = $INPUT->get->str('q'); if(empty($query)) return; @@ -72,7 +74,7 @@ function ajax_qsearch(){ echo '
  • ' . html_wikilink(':'.$id,$name) . '
    • '; $counter ++; - if($counter > 50) { + if($counter > $maxnumbersuggestions) { echo '
  • ...
    • '; break; } -- cgit v1.2.3 From f144452ffbdd0ff09501838b3520147b6e409601 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 3 Feb 2013 21:50:46 +0100 Subject: removed obsolete browser plugin (migrate does it) --- lib/exe/js.php | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/js.php b/lib/exe/js.php index bec6d3d12..41d3e735c 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -43,7 +43,6 @@ function js_out(){ DOKU_INC."lib/scripts/jquery/jquery$min.js", DOKU_INC.'lib/scripts/jquery/jquery.cookie.js', DOKU_INC."lib/scripts/jquery/jquery-ui$min.js", - DOKU_INC."lib/scripts/jquery/jquery.mb.browser.js", DOKU_INC."lib/scripts/jquery/jquery-migrate$min.js", DOKU_INC."lib/scripts/fileuploader.js", DOKU_INC."lib/scripts/fileuploaderextended.js", -- cgit v1.2.3 From 3b399a1bd4eba22429d676bddd759ed762c9e80e Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 16 Feb 2013 11:07:36 +0100 Subject: reformatted lib/exe/fetch.php --- lib/exe/fetch.php | 295 +++++++++++++++++++++++++++--------------------------- 1 file changed, 147 insertions(+), 148 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 52e7ebe1e..f86809320 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -6,84 +6,84 @@ * @author Andreas Gohr */ - if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../'); - define('DOKU_DISABLE_GZIP_OUTPUT', 1); - require_once(DOKU_INC.'inc/init.php'); - - //close session - session_write_close(); - - $mimetypes = getMimeTypes(); - - //get input - $MEDIA = stripctl(getID('media',false)); // no cleaning except control chars - maybe external - $CACHE = calc_cache($INPUT->str('cache')); - $WIDTH = $INPUT->int('w'); - $HEIGHT = $INPUT->int('h'); - $REV = &$INPUT->ref('rev'); - //sanitize revision - $REV = preg_replace('/[^0-9]/','',$REV); - - list($EXT,$MIME,$DL) = mimetype($MEDIA,false); - if($EXT === false){ +if(!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__).'/../../'); +define('DOKU_DISABLE_GZIP_OUTPUT', 1); +require_once(DOKU_INC.'inc/init.php'); +//close session +session_write_close(); + +$mimetypes = getMimeTypes(); + +//get input +$MEDIA = stripctl(getID('media', false)); // no cleaning except control chars - maybe external +$CACHE = calc_cache($INPUT->str('cache')); +$WIDTH = $INPUT->int('w'); +$HEIGHT = $INPUT->int('h'); +$REV = & $INPUT->ref('rev'); +//sanitize revision +$REV = preg_replace('/[^0-9]/', '', $REV); + +list($EXT, $MIME, $DL) = mimetype($MEDIA, false); +if($EXT === false) { $EXT = 'unknown'; $MIME = 'application/octet-stream'; $DL = true; - } - - // check for permissions, preconditions and cache external files - list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV); - - // prepare data for plugin events - $data = array('media' => $MEDIA, - 'file' => $FILE, - 'orig' => $FILE, - 'mime' => $MIME, - 'download' => $DL, - 'cache' => $CACHE, - 'ext' => $EXT, - 'width' => $WIDTH, - 'height' => $HEIGHT, - 'status' => $STATUS, - 'statusmessage' => $STATUSMESSAGE, - ); - - // handle the file status - $evt = new Doku_Event('FETCH_MEDIA_STATUS', $data); - if ( $evt->advise_before() ) { +} + +// check for permissions, preconditions and cache external files +list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV); + +// prepare data for plugin events +$data = array( + 'media' => $MEDIA, + 'file' => $FILE, + 'orig' => $FILE, + 'mime' => $MIME, + 'download' => $DL, + 'cache' => $CACHE, + 'ext' => $EXT, + 'width' => $WIDTH, + 'height' => $HEIGHT, + 'status' => $STATUS, + 'statusmessage' => $STATUSMESSAGE, +); + +// handle the file status +$evt = new Doku_Event('FETCH_MEDIA_STATUS', $data); +if($evt->advise_before()) { // redirects - if($data['status'] > 300 && $data['status'] <= 304){ - send_redirect($data['statusmessage']); + if($data['status'] > 300 && $data['status'] <= 304) { + send_redirect($data['statusmessage']); } // send any non 200 status - if($data['status'] != 200){ - header('HTTP/1.0 ' . $data['status'] . ' ' . $data['statusmessage']); + if($data['status'] != 200) { + header('HTTP/1.0 '.$data['status'].' '.$data['statusmessage']); } // die on errors - if($data['status'] > 203){ - print $data['statusmessage']; - exit; + if($data['status'] > 203) { + print $data['statusmessage']; + exit; } - } - $evt->advise_after(); - unset($evt); - - //handle image resizing/cropping - if((substr($MIME,0,5) == 'image') && $WIDTH){ - if($HEIGHT){ - $data['file'] = $FILE = media_crop_image($data['file'],$EXT,$WIDTH,$HEIGHT); - }else{ - $data['file'] = $FILE = media_resize_image($data['file'],$EXT,$WIDTH,$HEIGHT); +} +$evt->advise_after(); +unset($evt); + +//handle image resizing/cropping +if((substr($MIME, 0, 5) == 'image') && $WIDTH) { + if($HEIGHT) { + $data['file'] = $FILE = media_crop_image($data['file'], $EXT, $WIDTH, $HEIGHT); + } else { + $data['file'] = $FILE = media_resize_image($data['file'], $EXT, $WIDTH, $HEIGHT); } - } +} - // finally send the file to the client - $evt = new Doku_Event('MEDIA_SENDFILE', $data); - if ($evt->advise_before()) { - sendFile($data['file'],$data['mime'],$data['download'],$data['cache']); - } - // Do something after the download finished. - $evt->advise_after(); +// finally send the file to the client +$evt = new Doku_Event('MEDIA_SENDFILE', $data); +if($evt->advise_before()) { + sendFile($data['file'], $data['mime'], $data['download'], $data['cache']); +} +// Do something after the download finished. +$evt->advise_after(); /* ------------------------------------------------------------------------ */ @@ -93,51 +93,50 @@ * @author Andreas Gohr * @author Ben Coburn */ -function sendFile($file,$mime,$dl,$cache){ - global $conf; - $fmtime = @filemtime($file); - // send headers - header("Content-Type: $mime"); - // smart http caching headers - if ($cache==-1) { - // cache - // cachetime or one hour - header('Expires: '.gmdate("D, d M Y H:i:s", time()+max($conf['cachetime'], 3600)).' GMT'); - header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($conf['cachetime'], 3600)); - header('Pragma: public'); - } else if ($cache>0) { - // recache - // remaining cachetime + 10 seconds so the newly recached media is used - header('Expires: '.gmdate("D, d M Y H:i:s", $fmtime+$conf['cachetime']+10).' GMT'); - header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($fmtime-time()+$conf['cachetime']+10, 0)); - header('Pragma: public'); - } else if ($cache==0) { - // nocache - header('Cache-Control: must-revalidate, no-transform, post-check=0, pre-check=0'); - header('Pragma: public'); - } - //send important headers first, script stops here if '304 Not Modified' response - http_conditionalRequest($fmtime); - - - //download or display? - if($dl){ - header('Content-Disposition: attachment; filename="'.utf8_basename($file).'";'); - }else{ - header('Content-Disposition: inline; filename="'.utf8_basename($file).'";'); - } - - //use x-sendfile header to pass the delivery to compatible webservers - if (http_sendfile($file)) exit; - - // send file contents - $fp = @fopen($file,"rb"); - if($fp){ - http_rangeRequest($fp,filesize($file),$mime); - }else{ - header("HTTP/1.0 500 Internal Server Error"); - print "Could not read $file - bad permissions?"; - } +function sendFile($file, $mime, $dl, $cache) { + global $conf; + $fmtime = @filemtime($file); + // send headers + header("Content-Type: $mime"); + // smart http caching headers + if($cache == -1) { + // cache + // cachetime or one hour + header('Expires: '.gmdate("D, d M Y H:i:s", time() + max($conf['cachetime'], 3600)).' GMT'); + header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($conf['cachetime'], 3600)); + header('Pragma: public'); + } else if($cache > 0) { + // recache + // remaining cachetime + 10 seconds so the newly recached media is used + header('Expires: '.gmdate("D, d M Y H:i:s", $fmtime + $conf['cachetime'] + 10).' GMT'); + header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($fmtime - time() + $conf['cachetime'] + 10, 0)); + header('Pragma: public'); + } else if($cache == 0) { + // nocache + header('Cache-Control: must-revalidate, no-transform, post-check=0, pre-check=0'); + header('Pragma: public'); + } + //send important headers first, script stops here if '304 Not Modified' response + http_conditionalRequest($fmtime); + + //download or display? + if($dl) { + header('Content-Disposition: attachment; filename="'.utf8_basename($file).'";'); + } else { + header('Content-Disposition: inline; filename="'.utf8_basename($file).'";'); + } + + //use x-sendfile header to pass the delivery to compatible webservers + if(http_sendfile($file)) exit; + + // send file contents + $fp = @fopen($file, "rb"); + if($fp) { + http_rangeRequest($fp, filesize($file), $mime); + } else { + header("HTTP/1.0 500 Internal Server Error"); + print "Could not read $file - bad permissions?"; + } } /** @@ -148,43 +147,43 @@ function sendFile($file,$mime,$dl,$cache){ * * @author Gerry Weissbach * @param $media reference to the media id - * @param $file reference to the file variable + * @param $file reference to the file variable * @returns array(STATUS, STATUSMESSAGE) */ -function checkFileStatus(&$media, &$file, $rev='') { - global $MIME, $EXT, $CACHE, $INPUT; - - //media to local file - if(preg_match('#^(https?)://#i',$media)){ - //check hash - if(substr(md5(auth_cookiesalt().$media),0,6) !== $INPUT->str('hash')){ - return array( 412, 'Precondition Failed'); - } - //handle external images - if(strncmp($MIME,'image/',6) == 0) $file = media_get_from_URL($media,$EXT,$CACHE); - if(!$file){ - //download failed - redirect to original URL - return array( 302, $media ); - } - }else{ - $media = cleanID($media); - if(empty($media)){ - return array( 400, 'Bad request' ); +function checkFileStatus(&$media, &$file, $rev = '') { + global $MIME, $EXT, $CACHE, $INPUT; + + //media to local file + if(preg_match('#^(https?)://#i', $media)) { + //check hash + if(substr(md5(auth_cookiesalt().$media), 0, 6) !== $INPUT->str('hash')) { + return array(412, 'Precondition Failed'); + } + //handle external images + if(strncmp($MIME, 'image/', 6) == 0) $file = media_get_from_URL($media, $EXT, $CACHE); + if(!$file) { + //download failed - redirect to original URL + return array(302, $media); + } + } else { + $media = cleanID($media); + if(empty($media)) { + return array(400, 'Bad request'); + } + + //check permissions (namespace only) + if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) { + return array(403, 'Forbidden'); + } + $file = mediaFN($media, $rev); } - //check permissions (namespace only) - if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ){ - return array( 403, 'Forbidden' ); + //check file existance + if(!@file_exists($file)) { + return array(404, 'Not Found'); } - $file = mediaFN($media, $rev); - } - - //check file existance - if(!@file_exists($file)){ - return array( 404, 'Not Found' ); - } - return array(200, null); + return array(200, null); } /** @@ -194,12 +193,12 @@ function checkFileStatus(&$media, &$file, $rev='') { * * @author Andreas Gohr */ -function calc_cache($cache){ - global $conf; +function calc_cache($cache) { + global $conf; - if(strtolower($cache) == 'nocache') return 0; //never cache - if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache - return -1; //cache endless + if(strtolower($cache) == 'nocache') return 0; //never cache + if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache + return -1; //cache endless } //Setup VIM: ex: et ts=2 : -- cgit v1.2.3 From 36625b969932ea8641dc1fd0461d4302c600a2a1 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 16 Feb 2013 11:10:40 +0100 Subject: run main code only for non-tests in lib/exe/fetch.php --- lib/exe/fetch.php | 141 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 72 insertions(+), 69 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index f86809320..73e74af40 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -9,81 +9,84 @@ if(!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__).'/../../'); define('DOKU_DISABLE_GZIP_OUTPUT', 1); require_once(DOKU_INC.'inc/init.php'); -//close session -session_write_close(); - -$mimetypes = getMimeTypes(); - -//get input -$MEDIA = stripctl(getID('media', false)); // no cleaning except control chars - maybe external -$CACHE = calc_cache($INPUT->str('cache')); -$WIDTH = $INPUT->int('w'); -$HEIGHT = $INPUT->int('h'); -$REV = & $INPUT->ref('rev'); -//sanitize revision -$REV = preg_replace('/[^0-9]/', '', $REV); - -list($EXT, $MIME, $DL) = mimetype($MEDIA, false); -if($EXT === false) { - $EXT = 'unknown'; - $MIME = 'application/octet-stream'; - $DL = true; -} - -// check for permissions, preconditions and cache external files -list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV); - -// prepare data for plugin events -$data = array( - 'media' => $MEDIA, - 'file' => $FILE, - 'orig' => $FILE, - 'mime' => $MIME, - 'download' => $DL, - 'cache' => $CACHE, - 'ext' => $EXT, - 'width' => $WIDTH, - 'height' => $HEIGHT, - 'status' => $STATUS, - 'statusmessage' => $STATUSMESSAGE, -); - -// handle the file status -$evt = new Doku_Event('FETCH_MEDIA_STATUS', $data); -if($evt->advise_before()) { - // redirects - if($data['status'] > 300 && $data['status'] <= 304) { - send_redirect($data['statusmessage']); +session_write_close(); //close session + +// BEGIN main (if not testing) +if(!defined('SIMPLE_TEST')) { + $mimetypes = getMimeTypes(); + + //get input + $MEDIA = stripctl(getID('media', false)); // no cleaning except control chars - maybe external + $CACHE = calc_cache($INPUT->str('cache')); + $WIDTH = $INPUT->int('w'); + $HEIGHT = $INPUT->int('h'); + $REV = & $INPUT->ref('rev'); + //sanitize revision + $REV = preg_replace('/[^0-9]/', '', $REV); + + list($EXT, $MIME, $DL) = mimetype($MEDIA, false); + if($EXT === false) { + $EXT = 'unknown'; + $MIME = 'application/octet-stream'; + $DL = true; } - // send any non 200 status - if($data['status'] != 200) { - header('HTTP/1.0 '.$data['status'].' '.$data['statusmessage']); + + // check for permissions, preconditions and cache external files + list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV); + + // prepare data for plugin events + $data = array( + 'media' => $MEDIA, + 'file' => $FILE, + 'orig' => $FILE, + 'mime' => $MIME, + 'download' => $DL, + 'cache' => $CACHE, + 'ext' => $EXT, + 'width' => $WIDTH, + 'height' => $HEIGHT, + 'status' => $STATUS, + 'statusmessage' => $STATUSMESSAGE, + ); + + // handle the file status + $evt = new Doku_Event('FETCH_MEDIA_STATUS', $data); + if($evt->advise_before()) { + // redirects + if($data['status'] > 300 && $data['status'] <= 304) { + send_redirect($data['statusmessage']); + } + // send any non 200 status + if($data['status'] != 200) { + header('HTTP/1.0 '.$data['status'].' '.$data['statusmessage']); + } + // die on errors + if($data['status'] > 203) { + print $data['statusmessage']; + exit; + } } - // die on errors - if($data['status'] > 203) { - print $data['statusmessage']; - exit; + $evt->advise_after(); + unset($evt); + + //handle image resizing/cropping + if((substr($MIME, 0, 5) == 'image') && $WIDTH) { + if($HEIGHT) { + $data['file'] = $FILE = media_crop_image($data['file'], $EXT, $WIDTH, $HEIGHT); + } else { + $data['file'] = $FILE = media_resize_image($data['file'], $EXT, $WIDTH, $HEIGHT); + } } -} -$evt->advise_after(); -unset($evt); -//handle image resizing/cropping -if((substr($MIME, 0, 5) == 'image') && $WIDTH) { - if($HEIGHT) { - $data['file'] = $FILE = media_crop_image($data['file'], $EXT, $WIDTH, $HEIGHT); - } else { - $data['file'] = $FILE = media_resize_image($data['file'], $EXT, $WIDTH, $HEIGHT); + // finally send the file to the client + $evt = new Doku_Event('MEDIA_SENDFILE', $data); + if($evt->advise_before()) { + sendFile($data['file'], $data['mime'], $data['download'], $data['cache']); } -} + // Do something after the download finished. + $evt->advise_after(); -// finally send the file to the client -$evt = new Doku_Event('MEDIA_SENDFILE', $data); -if($evt->advise_before()) { - sendFile($data['file'], $data['mime'], $data['download'], $data['cache']); -} -// Do something after the download finished. -$evt->advise_after(); +}// END DO main /* ------------------------------------------------------------------------ */ -- cgit v1.2.3 From 9d2e1be699d573eebda922cf67f030d3d2aa462d Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 16 Feb 2013 18:29:20 +0100 Subject: introduced http_status() for sending HTTP status code FS#1698 It seems, some servers require a special Status: header for sending the HTTP status code from PHP (F)CGI to the server. This patch introduces a new function (adopted from CodeIgniter) for simplifying the status handling. --- lib/exe/detail.php | 2 +- lib/exe/fetch.php | 4 ++-- lib/exe/mediamanager.php | 4 ++-- lib/exe/xmlrpc.php | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/detail.php b/lib/exe/detail.php index e597db3a2..db635c016 100644 --- a/lib/exe/detail.php +++ b/lib/exe/detail.php @@ -31,7 +31,7 @@ if($AUTH >= AUTH_READ){ $SRC = mediaFN($IMG); if(!@file_exists($SRC)){ //doesn't exist! - header("HTTP/1.0 404 File not Found"); + http_status(404); $ERROR = 'File not found'; } }else{ diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 73e74af40..9bac4d272 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -58,7 +58,7 @@ if(!defined('SIMPLE_TEST')) { } // send any non 200 status if($data['status'] != 200) { - header('HTTP/1.0 '.$data['status'].' '.$data['statusmessage']); + http_status($data['status'], $data['statusmessage']); } // die on errors if($data['status'] > 203) { @@ -137,7 +137,7 @@ function sendFile($file, $mime, $dl, $cache) { if($fp) { http_rangeRequest($fp, filesize($file), $mime); } else { - header("HTTP/1.0 500 Internal Server Error"); + http_status(500); print "Could not read $file - bad permissions?"; } } diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index 04dd178cc..e0a90a291 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -36,7 +36,7 @@ // do not display the manager if user does not have read access if($AUTH < AUTH_READ && !$fullscreen) { - header('HTTP/1.0 403 Forbidden'); + http_status(403); die($lang['accessdenied']); } @@ -48,7 +48,7 @@ $_FILES['upload'] =& $_FILES['Filedata']; $JUMPTO = media_upload($NS,$AUTH); if($JUMPTO == false){ - header("HTTP/1.0 400 Bad Request"); + http_status(400); echo 'Upload failed'; } echo 'ok'; diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 5e6c197d0..c09daa17c 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -29,10 +29,10 @@ class dokuwiki_xmlrpc_server extends IXR_Server { return $result; } catch (RemoteAccessDeniedException $e) { if (!isset($_SERVER['REMOTE_USER'])) { - header('HTTP/1.1 401 Unauthorized'); + http_status(401); return new IXR_Error(-32603, "server error. not authorized to call method $methodname"); } else { - header('HTTP/1.1 403 Forbidden'); + http_status(403); return new IXR_Error(-32604, "server error. forbidden to call the method $methodname"); } } catch (RemoteException $e) { -- cgit v1.2.3 From 994211890f92c1678536b003354146fbb44b8f2f Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 16 Feb 2013 18:38:11 +0100 Subject: disabled JavaScript compatibility layer this disables the JavaScript compatibility layer which let pre-jQuery migration plugins run with their old code. This will break plugins using outdated JavaScript. These plugins have to be updated according to https://www.dokuwiki.org/devel:jqueryfaq As a courtesy to users, the compatibility.js is not deleted, yet. Undoing this single patch can be used as a temporary workaround. --- lib/exe/js.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/js.php b/lib/exe/js.php index 41d3e735c..4ff48133e 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -62,7 +62,7 @@ function js_out(){ DOKU_INC.'lib/scripts/locktimer.js', DOKU_INC.'lib/scripts/linkwiz.js', DOKU_INC.'lib/scripts/media.js', - DOKU_INC.'lib/scripts/compatibility.js', +# deprecated DOKU_INC.'lib/scripts/compatibility.js', # disabled for FS#1958 DOKU_INC.'lib/scripts/hotkeys.js', DOKU_INC.'lib/scripts/behaviour.js', DOKU_INC.'lib/scripts/page.js', -- cgit v1.2.3 From dd90013a5a9ce204250f4d94072e089f617e09db Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sat, 16 Feb 2013 18:06:47 +0100 Subject: Media manager: don't create empty namespaces FS#2642 Previously the media manager created an empty namespace whenever you opened a non-existing namespace with upload permissions. Now the current namespace is only displayed in the tree but not actually created. --- lib/exe/mediamanager.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index e0a90a291..53d438321 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -40,9 +40,6 @@ die($lang['accessdenied']); } - // create the given namespace (just for beautification) - if($AUTH >= AUTH_UPLOAD) { io_createNamespace("$NS:xxx", 'media'); } - // handle flash upload if(isset($_FILES['Filedata'])){ $_FILES['upload'] =& $_FILES['Filedata']; -- cgit v1.2.3 From 1015a57dff9a6f85b8e0534d280aa1e09945a598 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sat, 16 Feb 2013 21:08:09 +0000 Subject: FS#2415 add to mediamanager (refactor pageinfo() and shift MEDIAMANAGER_STARTED after mediainfo() sets up ) --- lib/exe/mediamanager.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index 04dd178cc..7e0543540 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -7,15 +7,11 @@ require_once(DOKU_INC.'inc/init.php'); - trigger_event('MEDIAMANAGER_STARTED',$tmp=array()); - session_write_close(); //close session - global $INPUT; // handle passed message if($INPUT->str('msg1')) msg(hsc($INPUT->str('msg1')),1); if($INPUT->str('err')) msg(hsc($INPUT->str('err')),-1); - // get namespace to display (either direct or from deletion order) if($INPUT->str('delete')){ $DEL = cleanID($INPUT->str('delete')); @@ -29,10 +25,14 @@ $NS = getNS($IMG); }else{ $NS = cleanID($INPUT->str('ns')); + $IMG = null; } - // check auth - $AUTH = auth_quickaclcheck("$NS:*"); + $INFO = mediainfo(); + $AUTH = $INFO['perm']; // shortcut for historical reasons + + trigger_event('MEDIAMANAGER_STARTED',$tmp=array()); + session_write_close(); //close session // do not display the manager if user does not have read access if($AUTH < AUTH_READ && !$fullscreen) { -- cgit v1.2.3 From add8678f233ad74892a96444e3013e0465616200 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 1 Mar 2013 12:54:01 +0100 Subject: alternative fix for FS#2734 --- lib/exe/fetch.php | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 9bac4d272..a9147a6c0 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -47,6 +47,7 @@ if(!defined('SIMPLE_TEST')) { 'height' => $HEIGHT, 'status' => $STATUS, 'statusmessage' => $STATUSMESSAGE, + 'ispublic' => media_ispublic($MEDIA), ); // handle the file status @@ -81,10 +82,13 @@ if(!defined('SIMPLE_TEST')) { // finally send the file to the client $evt = new Doku_Event('MEDIA_SENDFILE', $data); if($evt->advise_before()) { - sendFile($data['file'], $data['mime'], $data['download'], $data['cache']); + $cache = $data['cache']; + if($cache != 0 && !$data['ispublic']) $cache = 0; // no cache headers for private files FS#2734 + + sendFile($data['file'], $data['mime'], $data['download'], $cache); } // Do something after the download finished. - $evt->advise_after(); + $evt->advise_after(); // will not be emitted on 304 or x-sendfile }// END DO main @@ -93,8 +97,18 @@ if(!defined('SIMPLE_TEST')) { /** * Set headers and send the file to the client * + * Unless $cache is set to 0, the data may end up in intermediate proxy servers. Therefor, + * if you're sending (ACL protected) private files, $cache should be 0. + * + * This function will abort the current script when a 304 is sent or file sending is handled + * through x-sendfile + * * @author Andreas Gohr * @author Ben Coburn + * @param string $file local file to send + * @param string $mime mime type of the file + * @param bool $dl set to true to force a browser download + * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for off) */ function sendFile($file, $mime, $dl, $cache) { global $conf; @@ -115,9 +129,10 @@ function sendFile($file, $mime, $dl, $cache) { header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($fmtime - time() + $conf['cachetime'] + 10, 0)); header('Pragma: public'); } else if($cache == 0) { - // nocache - header('Cache-Control: must-revalidate, no-transform, post-check=0, pre-check=0'); - header('Pragma: public'); + // nocache, avoid resending files from intermediate caches without revalidation FS#2734 + header('Expires: Thu, 01 Jan 1970 00:00:00 GMT'); + header('Cache-Control: private, no-transform, max-age=0'); + header('Pragma: no-cache'); } //send important headers first, script stops here if '304 Not Modified' response http_conditionalRequest($fmtime); -- cgit v1.2.3 From 4a516840077e2d3bb26c9ffca8316b3c9968d018 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 3 Mar 2013 12:47:40 +0100 Subject: handle public vs. private ressource in sendFile() --- lib/exe/fetch.php | 66 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 27 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index a9147a6c0..e8853dca7 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -82,10 +82,7 @@ if(!defined('SIMPLE_TEST')) { // finally send the file to the client $evt = new Doku_Event('MEDIA_SENDFILE', $data); if($evt->advise_before()) { - $cache = $data['cache']; - if($cache != 0 && !$data['ispublic']) $cache = 0; // no cache headers for private files FS#2734 - - sendFile($data['file'], $data['mime'], $data['download'], $cache); + sendFile($data['file'], $data['mime'], $data['download'], $cache, $data['ispublic']); } // Do something after the download finished. $evt->advise_after(); // will not be emitted on 304 or x-sendfile @@ -97,44 +94,59 @@ if(!defined('SIMPLE_TEST')) { /** * Set headers and send the file to the client * - * Unless $cache is set to 0, the data may end up in intermediate proxy servers. Therefor, - * if you're sending (ACL protected) private files, $cache should be 0. + * The $cache parameter influences how long files may be kept in caches, the $public parameter + * influences if this caching may happen in public proxis or in the browser cache only FS#2734 * * This function will abort the current script when a 304 is sent or file sending is handled * through x-sendfile * * @author Andreas Gohr * @author Ben Coburn - * @param string $file local file to send - * @param string $mime mime type of the file - * @param bool $dl set to true to force a browser download - * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for off) + * @param string $file local file to send + * @param string $mime mime type of the file + * @param bool $dl set to true to force a browser download + * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache) + * @param bool $public is this a public ressource or a private one? */ -function sendFile($file, $mime, $dl, $cache) { +function sendFile($file, $mime, $dl, $cache, $public = false) { global $conf; - $fmtime = @filemtime($file); - // send headers + // send mime headers header("Content-Type: $mime"); - // smart http caching headers + + // calculate cache times if($cache == -1) { - // cache - // cachetime or one hour - header('Expires: '.gmdate("D, d M Y H:i:s", time() + max($conf['cachetime'], 3600)).' GMT'); - header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($conf['cachetime'], 3600)); - header('Pragma: public'); + $maxage = max($conf['cachetime'], 3600); // cachetime or one hour + $expires = time() + $maxage; } else if($cache > 0) { - // recache - // remaining cachetime + 10 seconds so the newly recached media is used - header('Expires: '.gmdate("D, d M Y H:i:s", $fmtime + $conf['cachetime'] + 10).' GMT'); - header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.max($fmtime - time() + $conf['cachetime'] + 10, 0)); - header('Pragma: public'); - } else if($cache == 0) { - // nocache, avoid resending files from intermediate caches without revalidation FS#2734 + $maxage = $cache; // given time + $expires = time() + $maxage; + } else { // $cache == 0 + $maxage = 0; + $expires = 0; // 1970-01-01 + } + + // smart http caching headers + if($maxage) { + if($public) { + // cache publically + header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT'); + header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.$maxage); + header('Pragma: public'); + } else { + // cache in browser + header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT'); + header('Cache-Control: private, no-transform, max-age='.$maxage); + header('Pragma: private'); + } + } else { + // no cache at all header('Expires: Thu, 01 Jan 1970 00:00:00 GMT'); header('Cache-Control: private, no-transform, max-age=0'); - header('Pragma: no-cache'); + header('Pragma: no-store'); } + //send important headers first, script stops here if '304 Not Modified' response + $fmtime = @filemtime($file); http_conditionalRequest($fmtime); //download or display? -- cgit v1.2.3 From 1c7d84bee69b8965844a960fa91551634986b35f Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 3 Mar 2013 12:51:16 +0100 Subject: fixed passed cache parameter --- lib/exe/fetch.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index e8853dca7..28401ab39 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -82,7 +82,7 @@ if(!defined('SIMPLE_TEST')) { // finally send the file to the client $evt = new Doku_Event('MEDIA_SENDFILE', $data); if($evt->advise_before()) { - sendFile($data['file'], $data['mime'], $data['download'], $cache, $data['ispublic']); + sendFile($data['file'], $data['mime'], $data['download'], $data['cache'], $data['ispublic']); } // Do something after the download finished. $evt->advise_after(); // will not be emitted on 304 or x-sendfile -- cgit v1.2.3 From ca22711e6b0caa2525d6134c28bf0af78e8fcda3 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 3 Mar 2013 18:30:48 +0000 Subject: make global, ensure created in mediamanager is global and merged with any pre-existing --- lib/exe/mediamanager.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index a205c4570..3ec749cd8 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -12,6 +12,7 @@ if($INPUT->str('msg1')) msg(hsc($INPUT->str('msg1')),1); if($INPUT->str('err')) msg(hsc($INPUT->str('err')),-1); + global $DEL; // get namespace to display (either direct or from deletion order) if($INPUT->str('delete')){ $DEL = cleanID($INPUT->str('delete')); @@ -28,7 +29,8 @@ $IMG = null; } - $INFO = mediainfo(); + global $INFO; + $INFO = !empty($INFO) ? array_merge($INFO, mediainfo()) : mediainfo(); $AUTH = $INFO['perm']; // shortcut for historical reasons trigger_event('MEDIAMANAGER_STARTED',$tmp=array()); -- cgit v1.2.3 From b613287149ac4707ec40a96b1b6fe8b190fa6439 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 3 Mar 2013 18:34:33 +0000 Subject: include image info in in detail.php; ensure populated before DETAIL_STARTED event --- lib/exe/detail.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/detail.php b/lib/exe/detail.php index db635c016..7008b126f 100644 --- a/lib/exe/detail.php +++ b/lib/exe/detail.php @@ -2,13 +2,18 @@ if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../'); define('DOKU_MEDIADETAIL',1); require_once(DOKU_INC.'inc/init.php'); -trigger_event('DETAIL_STARTED', $tmp=array()); -//close session -session_write_close(); $IMG = getID('media'); $ID = cleanID($INPUT->str('id')); +// this makes some general infos available as well as the info about the +// "parent" page +$INFO = array_merge(pageinfo(),mediainfo()); +trigger_event('DETAIL_STARTED', $tmp=array()); + +//close session +session_write_close(); + if($conf['allowdebug'] && $INPUT->has('debug')){ print '
    ';
     foreach(explode(' ','basedir userewrite baseurl useslash') as $x){
@@ -39,10 +44,6 @@ if($AUTH >= AUTH_READ){
     $ERROR = p_locale_xhtml('denied');
 }
 
-// this makes some general infos available as well as the info about the
-// "parent" page
-$INFO = pageinfo();
-
 //start output and load template
 header('Content-Type: text/html; charset=utf-8');
 include(template('detail.php'));
-- 
cgit v1.2.3


From 3074e3428bd5d1e38078dbac80a1eb9b96f917d7 Mon Sep 17 00:00:00 2001
From: Christopher Smith 
Date: Sun, 3 Mar 2013 18:35:27 +0000
Subject: fix comment grammar

---
 lib/exe/mediamanager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/exe')

diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 3ec749cd8..66e5ddc82 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -54,7 +54,7 @@
         exit;
     }
 
-    // give info on PHP catched upload errors
+    // give info on PHP caught upload errors
     if($_FILES['upload']['error']){
         switch($_FILES['upload']['error']){
             case 1:
-- 
cgit v1.2.3


From 3b6f95e62fc7049712b96aacd245be507f83d5ee Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Sun, 3 Mar 2013 20:03:57 +0100
Subject: adjusted cache=0 headers again

---
 lib/exe/fetch.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 28401ab39..8b77fa0b2 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -141,8 +141,8 @@ function sendFile($file, $mime, $dl, $cache, $public = false) {
     } else {
         // no cache at all
         header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
-        header('Cache-Control: private, no-transform, max-age=0');
-        header('Pragma: no-store');
+        header('Cache-Control: no-cache, no-transform, max-age=0');
+        header('Pragma: no-cache');
     }
 
     //send important headers first, script stops here if '304 Not Modified' response
-- 
cgit v1.2.3


From a6c362b61d32c897d430e72356b4efe5a399c0ac Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Sun, 3 Mar 2013 20:08:57 +0100
Subject: max-age not allowed with no-cache

---
 lib/exe/fetch.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 8b77fa0b2..b9270d277 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -141,7 +141,7 @@ function sendFile($file, $mime, $dl, $cache, $public = false) {
     } else {
         // no cache at all
         header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
-        header('Cache-Control: no-cache, no-transform, max-age=0');
+        header('Cache-Control: no-cache, no-transform');
         header('Pragma: no-cache');
     }
 
-- 
cgit v1.2.3


From 1b8b28faf419d50137b455d4d9a39cfd0fff3f4c Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Sun, 3 Mar 2013 21:01:21 +0100
Subject: there's no pragma: private

---
 lib/exe/fetch.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index b9270d277..a558a3db8 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -136,7 +136,7 @@ function sendFile($file, $mime, $dl, $cache, $public = false) {
             // cache in browser
             header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
             header('Cache-Control: private, no-transform, max-age='.$maxage);
-            header('Pragma: private');
+            header('Pragma: no-cache');
         }
     } else {
         // no cache at all
-- 
cgit v1.2.3


From 0f4e009215bfa3136d334fa557335266637a7585 Mon Sep 17 00:00:00 2001
From: Christopher Smith 
Date: Wed, 20 Mar 2013 00:06:07 +0000
Subject: add a token to fetch urls requiring image resize/crop to prevent
 external DDOS via fetch

---
 lib/exe/fetch.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index a558a3db8..48aa22fe2 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -32,7 +32,7 @@ if(!defined('SIMPLE_TEST')) {
     }
 
     // check for permissions, preconditions and cache external files
-    list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV);
+    list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV, $WIDTH, $HEIGHT);
 
     // prepare data for plugin events
     $data = array(
@@ -180,7 +180,7 @@ function sendFile($file, $mime, $dl, $cache, $public = false) {
  * @param $file  reference to the file variable
  * @returns array(STATUS, STATUSMESSAGE)
  */
-function checkFileStatus(&$media, &$file, $rev = '') {
+function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) {
     global $MIME, $EXT, $CACHE, $INPUT;
 
     //media to local file
@@ -200,6 +200,10 @@ function checkFileStatus(&$media, &$file, $rev = '') {
         if(empty($media)) {
             return array(400, 'Bad request');
         }
+        // check token for resized images
+        if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
+            return array(412, 'Precondition Failed');
+        }
 
         //check permissions (namespace only)
         if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) {
-- 
cgit v1.2.3


From 7fb7960f92047a9bcadf9d497ae79615979e9a6d Mon Sep 17 00:00:00 2001
From: Christopher Smith 
Date: Fri, 22 Mar 2013 17:45:59 +0000
Subject: refactor fetch to support unittesting

---
 lib/exe/fetch.php | 160 ++++--------------------------------------------------
 1 file changed, 10 insertions(+), 150 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 48aa22fe2..7a2250373 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -7,12 +7,17 @@
  */
 
 if(!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__).'/../../');
-define('DOKU_DISABLE_GZIP_OUTPUT', 1);
+if (!defined('DOKU_DISABLE_GZIP_OUTPUT')) define('DOKU_DISABLE_GZIP_OUTPUT', 1);
 require_once(DOKU_INC.'inc/init.php');
 session_write_close(); //close session
 
-// BEGIN main (if not testing)
-if(!defined('SIMPLE_TEST')) {
+require_once(DOKU_INC.'inc/fetch.functions.php');
+
+if (defined('SIMPLE_TEST')) {
+    $INPUT = new Input();
+}
+
+// BEGIN main
     $mimetypes = getMimeTypes();
 
     //get input
@@ -64,6 +69,7 @@ if(!defined('SIMPLE_TEST')) {
         // die on errors
         if($data['status'] > 203) {
             print $data['statusmessage'];
+            if (defined('SIMPLE_TEST')) return;
             exit;
         }
     }
@@ -87,152 +93,6 @@ if(!defined('SIMPLE_TEST')) {
     // Do something after the download finished.
     $evt->advise_after();  // will not be emitted on 304 or x-sendfile
 
-}// END DO main
-
-/* ------------------------------------------------------------------------ */
-
-/**
- * Set headers and send the file to the client
- *
- * The $cache parameter influences how long files may be kept in caches, the $public parameter
- * influences if this caching may happen in public proxis or in the browser cache only FS#2734
- *
- * This function will abort the current script when a 304 is sent or file sending is handled
- * through x-sendfile
- *
- * @author Andreas Gohr 
- * @author Ben Coburn 
- * @param string $file   local file to send
- * @param string $mime   mime type of the file
- * @param bool   $dl     set to true to force a browser download
- * @param int    $cache  remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)
- * @param bool   $public is this a public ressource or a private one?
- */
-function sendFile($file, $mime, $dl, $cache, $public = false) {
-    global $conf;
-    // send mime headers
-    header("Content-Type: $mime");
-
-    // calculate cache times
-    if($cache == -1) {
-        $maxage  = max($conf['cachetime'], 3600); // cachetime or one hour
-        $expires = time() + $maxage;
-    } else if($cache > 0) {
-        $maxage  = $cache; // given time
-        $expires = time() + $maxage;
-    } else { // $cache == 0
-        $maxage  = 0;
-        $expires = 0; // 1970-01-01
-    }
-
-    // smart http caching headers
-    if($maxage) {
-        if($public) {
-            // cache publically
-            header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
-            header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.$maxage);
-            header('Pragma: public');
-        } else {
-            // cache in browser
-            header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
-            header('Cache-Control: private, no-transform, max-age='.$maxage);
-            header('Pragma: no-cache');
-        }
-    } else {
-        // no cache at all
-        header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
-        header('Cache-Control: no-cache, no-transform');
-        header('Pragma: no-cache');
-    }
-
-    //send important headers first, script stops here if '304 Not Modified' response
-    $fmtime = @filemtime($file);
-    http_conditionalRequest($fmtime);
-
-    //download or display?
-    if($dl) {
-        header('Content-Disposition: attachment; filename="'.utf8_basename($file).'";');
-    } else {
-        header('Content-Disposition: inline; filename="'.utf8_basename($file).'";');
-    }
-
-    //use x-sendfile header to pass the delivery to compatible webservers
-    if(http_sendfile($file)) exit;
-
-    // send file contents
-    $fp = @fopen($file, "rb");
-    if($fp) {
-        http_rangeRequest($fp, filesize($file), $mime);
-    } else {
-        http_status(500);
-        print "Could not read $file - bad permissions?";
-    }
-}
-
-/**
- * Check for media for preconditions and return correct status code
- *
- * READ: MEDIA, MIME, EXT, CACHE
- * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE )
- *
- * @author Gerry Weissbach 
- * @param $media reference to the media id
- * @param $file  reference to the file variable
- * @returns array(STATUS, STATUSMESSAGE)
- */
-function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) {
-    global $MIME, $EXT, $CACHE, $INPUT;
-
-    //media to local file
-    if(preg_match('#^(https?)://#i', $media)) {
-        //check hash
-        if(substr(md5(auth_cookiesalt().$media), 0, 6) !== $INPUT->str('hash')) {
-            return array(412, 'Precondition Failed');
-        }
-        //handle external images
-        if(strncmp($MIME, 'image/', 6) == 0) $file = media_get_from_URL($media, $EXT, $CACHE);
-        if(!$file) {
-            //download failed - redirect to original URL
-            return array(302, $media);
-        }
-    } else {
-        $media = cleanID($media);
-        if(empty($media)) {
-            return array(400, 'Bad request');
-        }
-        // check token for resized images
-        if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
-            return array(412, 'Precondition Failed');
-        }
-
-        //check permissions (namespace only)
-        if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) {
-            return array(403, 'Forbidden');
-        }
-        $file = mediaFN($media, $rev);
-    }
-
-    //check file existance
-    if(!@file_exists($file)) {
-        return array(404, 'Not Found');
-    }
-
-    return array(200, null);
-}
-
-/**
- * Returns the wanted cachetime in seconds
- *
- * Resolves named constants
- *
- * @author  Andreas Gohr 
- */
-function calc_cache($cache) {
-    global $conf;
-
-    if(strtolower($cache) == 'nocache') return 0; //never cache
-    if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache
-    return -1; //cache endless
-}
+// END DO main
 
 //Setup VIM: ex: et ts=2 :
-- 
cgit v1.2.3


From 25cfdf73de200b6ae57a47960bc3100e4aba3c7b Mon Sep 17 00:00:00 2001
From: Michael Hamann 
Date: Mon, 8 Apr 2013 12:21:28 +0200
Subject: indexer.php: disable the GIF output only with debug parameter and
 allowdebug

Before this fix the debug parameter always prevent the GIF from being
sent even though no actual debug information was returned unless the
allowdebug configuration option was set. Now the GIF is only disabled if
debugging is actually allowed.
---
 lib/exe/indexer.php | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/indexer.php b/lib/exe/indexer.php
index 27576f76d..57bee8925 100644
--- a/lib/exe/indexer.php
+++ b/lib/exe/indexer.php
@@ -16,15 +16,16 @@ if(!defined('NL')) define('NL',"\n");
 
 // check if user abort worked, if yes send output early
 $defer = !@ignore_user_abort() || $conf['broken_iua'];
-if(!$defer){
+$output = $INPUT->has('debug') && $conf['allowdebug'];
+if(!$defer && !$output){
     sendGIF(); // send gif
 }
 
 $ID = cleanID($INPUT->str('id'));
 
 // Catch any possible output (e.g. errors)
-$output = $INPUT->has('debug') && $conf['allowdebug'];
 if(!$output) ob_start();
+else header('Content-Type: text/plain');
 
 // run one of the jobs
 $tmp = array(); // No event data
@@ -192,11 +193,6 @@ function sendDigest() {
  * @author Harry Fuecks 
  */
 function sendGIF(){
-    global $INPUT;
-    if($INPUT->has('debug')){
-        header('Content-Type: text/plain');
-        return;
-    }
     $img = base64_decode('R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7');
     header('Content-Type: image/gif');
     header('Content-Length: '.strlen($img));
-- 
cgit v1.2.3