From 0f4e009215bfa3136d334fa557335266637a7585 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Wed, 20 Mar 2013 00:06:07 +0000
Subject: add a token to fetch urls requiring image resize/crop to prevent
 external DDOS via fetch

---
 lib/exe/fetch.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index a558a3db8..48aa22fe2 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -32,7 +32,7 @@ if(!defined('SIMPLE_TEST')) {
     }
 
     // check for permissions, preconditions and cache external files
-    list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV);
+    list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV, $WIDTH, $HEIGHT);
 
     // prepare data for plugin events
     $data = array(
@@ -180,7 +180,7 @@ function sendFile($file, $mime, $dl, $cache, $public = false) {
  * @param $file  reference to the file variable
  * @returns array(STATUS, STATUSMESSAGE)
  */
-function checkFileStatus(&$media, &$file, $rev = '') {
+function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) {
     global $MIME, $EXT, $CACHE, $INPUT;
 
     //media to local file
@@ -200,6 +200,10 @@ function checkFileStatus(&$media, &$file, $rev = '') {
         if(empty($media)) {
             return array(400, 'Bad request');
         }
+        // check token for resized images
+        if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
+            return array(412, 'Precondition Failed');
+        }
 
         //check permissions (namespace only)
         if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) {
-- 
cgit v1.2.3


From 7fb7960f92047a9bcadf9d497ae79615979e9a6d Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Fri, 22 Mar 2013 17:45:59 +0000
Subject: refactor fetch to support unittesting

---
 lib/exe/fetch.php | 160 ++++--------------------------------------------------
 1 file changed, 10 insertions(+), 150 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 48aa22fe2..7a2250373 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -7,12 +7,17 @@
  */
 
 if(!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__).'/../../');
-define('DOKU_DISABLE_GZIP_OUTPUT', 1);
+if (!defined('DOKU_DISABLE_GZIP_OUTPUT')) define('DOKU_DISABLE_GZIP_OUTPUT', 1);
 require_once(DOKU_INC.'inc/init.php');
 session_write_close(); //close session
 
-// BEGIN main (if not testing)
-if(!defined('SIMPLE_TEST')) {
+require_once(DOKU_INC.'inc/fetch.functions.php');
+
+if (defined('SIMPLE_TEST')) {
+    $INPUT = new Input();
+}
+
+// BEGIN main
     $mimetypes = getMimeTypes();
 
     //get input
@@ -64,6 +69,7 @@ if(!defined('SIMPLE_TEST')) {
         // die on errors
         if($data['status'] > 203) {
             print $data['statusmessage'];
+            if (defined('SIMPLE_TEST')) return;
             exit;
         }
     }
@@ -87,152 +93,6 @@ if(!defined('SIMPLE_TEST')) {
     // Do something after the download finished.
     $evt->advise_after();  // will not be emitted on 304 or x-sendfile
 
-}// END DO main
-
-/* ------------------------------------------------------------------------ */
-
-/**
- * Set headers and send the file to the client
- *
- * The $cache parameter influences how long files may be kept in caches, the $public parameter
- * influences if this caching may happen in public proxis or in the browser cache only FS#2734
- *
- * This function will abort the current script when a 304 is sent or file sending is handled
- * through x-sendfile
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- * @author Ben Coburn <btcoburn@silicodon.net>
- * @param string $file   local file to send
- * @param string $mime   mime type of the file
- * @param bool   $dl     set to true to force a browser download
- * @param int    $cache  remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)
- * @param bool   $public is this a public ressource or a private one?
- */
-function sendFile($file, $mime, $dl, $cache, $public = false) {
-    global $conf;
-    // send mime headers
-    header("Content-Type: $mime");
-
-    // calculate cache times
-    if($cache == -1) {
-        $maxage  = max($conf['cachetime'], 3600); // cachetime or one hour
-        $expires = time() + $maxage;
-    } else if($cache > 0) {
-        $maxage  = $cache; // given time
-        $expires = time() + $maxage;
-    } else { // $cache == 0
-        $maxage  = 0;
-        $expires = 0; // 1970-01-01
-    }
-
-    // smart http caching headers
-    if($maxage) {
-        if($public) {
-            // cache publically
-            header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
-            header('Cache-Control: public, proxy-revalidate, no-transform, max-age='.$maxage);
-            header('Pragma: public');
-        } else {
-            // cache in browser
-            header('Expires: '.gmdate("D, d M Y H:i:s", $expires).' GMT');
-            header('Cache-Control: private, no-transform, max-age='.$maxage);
-            header('Pragma: no-cache');
-        }
-    } else {
-        // no cache at all
-        header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
-        header('Cache-Control: no-cache, no-transform');
-        header('Pragma: no-cache');
-    }
-
-    //send important headers first, script stops here if '304 Not Modified' response
-    $fmtime = @filemtime($file);
-    http_conditionalRequest($fmtime);
-
-    //download or display?
-    if($dl) {
-        header('Content-Disposition: attachment; filename="'.utf8_basename($file).'";');
-    } else {
-        header('Content-Disposition: inline; filename="'.utf8_basename($file).'";');
-    }
-
-    //use x-sendfile header to pass the delivery to compatible webservers
-    if(http_sendfile($file)) exit;
-
-    // send file contents
-    $fp = @fopen($file, "rb");
-    if($fp) {
-        http_rangeRequest($fp, filesize($file), $mime);
-    } else {
-        http_status(500);
-        print "Could not read $file - bad permissions?";
-    }
-}
-
-/**
- * Check for media for preconditions and return correct status code
- *
- * READ: MEDIA, MIME, EXT, CACHE
- * WRITE: MEDIA, FILE, array( STATUS, STATUSMESSAGE )
- *
- * @author Gerry Weissbach <gerry.w@gammaproduction.de>
- * @param $media reference to the media id
- * @param $file  reference to the file variable
- * @returns array(STATUS, STATUSMESSAGE)
- */
-function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) {
-    global $MIME, $EXT, $CACHE, $INPUT;
-
-    //media to local file
-    if(preg_match('#^(https?)://#i', $media)) {
-        //check hash
-        if(substr(md5(auth_cookiesalt().$media), 0, 6) !== $INPUT->str('hash')) {
-            return array(412, 'Precondition Failed');
-        }
-        //handle external images
-        if(strncmp($MIME, 'image/', 6) == 0) $file = media_get_from_URL($media, $EXT, $CACHE);
-        if(!$file) {
-            //download failed - redirect to original URL
-            return array(302, $media);
-        }
-    } else {
-        $media = cleanID($media);
-        if(empty($media)) {
-            return array(400, 'Bad request');
-        }
-        // check token for resized images
-        if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) {
-            return array(412, 'Precondition Failed');
-        }
-
-        //check permissions (namespace only)
-        if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ) {
-            return array(403, 'Forbidden');
-        }
-        $file = mediaFN($media, $rev);
-    }
-
-    //check file existance
-    if(!@file_exists($file)) {
-        return array(404, 'Not Found');
-    }
-
-    return array(200, null);
-}
-
-/**
- * Returns the wanted cachetime in seconds
- *
- * Resolves named constants
- *
- * @author  Andreas Gohr <andi@splitbrain.org>
- */
-function calc_cache($cache) {
-    global $conf;
-
-    if(strtolower($cache) == 'nocache') return 0; //never cache
-    if(strtolower($cache) == 'recache') return $conf['cachetime']; //use standard cache
-    return -1; //cache endless
-}
+// END DO main
 
 //Setup VIM: ex: et ts=2 :
-- 
cgit v1.2.3


From 25cfdf73de200b6ae57a47960bc3100e4aba3c7b Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Mon, 8 Apr 2013 12:21:28 +0200
Subject: indexer.php: disable the GIF output only with debug parameter and
 allowdebug

Before this fix the debug parameter always prevent the GIF from being
sent even though no actual debug information was returned unless the
allowdebug configuration option was set. Now the GIF is only disabled if
debugging is actually allowed.
---
 lib/exe/indexer.php | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/indexer.php b/lib/exe/indexer.php
index 27576f76d..57bee8925 100644
--- a/lib/exe/indexer.php
+++ b/lib/exe/indexer.php
@@ -16,15 +16,16 @@ if(!defined('NL')) define('NL',"\n");
 
 // check if user abort worked, if yes send output early
 $defer = !@ignore_user_abort() || $conf['broken_iua'];
-if(!$defer){
+$output = $INPUT->has('debug') && $conf['allowdebug'];
+if(!$defer && !$output){
     sendGIF(); // send gif
 }
 
 $ID = cleanID($INPUT->str('id'));
 
 // Catch any possible output (e.g. errors)
-$output = $INPUT->has('debug') && $conf['allowdebug'];
 if(!$output) ob_start();
+else header('Content-Type: text/plain');
 
 // run one of the jobs
 $tmp = array(); // No event data
@@ -192,11 +193,6 @@ function sendDigest() {
  * @author Harry Fuecks <fuecks@gmail.com>
  */
 function sendGIF(){
-    global $INPUT;
-    if($INPUT->has('debug')){
-        header('Content-Type: text/plain');
-        return;
-    }
     $img = base64_decode('R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7');
     header('Content-Type: image/gif');
     header('Content-Length: '.strlen($img));
-- 
cgit v1.2.3