public.php 8.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224
  1. <?php
  2. // Load other apps for file previews
  3. OC_App::loadApps();
  4. // Compatibility with shared-by-link items from ownCloud 4.0
  5. // requires old Sharing table !
  6. // support will be removed in OC 5.0,a
  7. if (isset($_GET['token'])) {
  8. unset($_GET['file']);
  9. $qry = \OC_DB::prepare('SELECT `source` FROM `*PREFIX*sharing` WHERE `target` = ? LIMIT 1');
  10. $filepath = $qry->execute(array($_GET['token']))->fetchOne();
  11. if(isset($filepath)) {
  12. $info = OC_FileCache_Cached::get($filepath, '');
  13. if(strtolower($info['mimetype']) == 'httpd/unix-directory') {
  14. $_GET['dir'] = $filepath;
  15. } else {
  16. $_GET['file'] = $filepath;
  17. }
  18. \OCP\Util::writeLog('files_sharing', 'You have files that are shared by link originating from ownCloud 4.0. Redistribute the new links, because backwards compatibility will be removed in ownCloud 5.', \OCP\Util::WARN);
  19. }
  20. }
  21. // Enf of backward compatibility
  22. function getID($path) {
  23. // use the share table from the db to find the item source if the file was reshared because shared files
  24. //are not stored in the file cache.
  25. if (substr(OC_Filesystem::getMountPoint($path), -7, 6) == "Shared") {
  26. $path_parts = explode('/', $path, 5);
  27. $user = $path_parts[1];
  28. $intPath = '/'.$path_parts[4];
  29. $query = \OC_DB::prepare('SELECT item_source FROM *PREFIX*share WHERE uid_owner = ? AND file_target = ? ');
  30. $result = $query->execute(array($user, $intPath));
  31. $row = $result->fetchRow();
  32. $fileSource = $row['item_source'];
  33. } else {
  34. $fileSource = OC_Filecache::getId($path, '');
  35. }
  36. return $fileSource;
  37. }
  38. if (isset($_GET['file']) || isset($_GET['dir'])) {
  39. if (isset($_GET['dir'])) {
  40. $type = 'folder';
  41. $path = $_GET['dir'];
  42. if(strlen($path)>1 and substr($path, -1, 1)==='/') {
  43. $path=substr($path, 0, -1);
  44. }
  45. $baseDir = $path;
  46. $dir = $baseDir;
  47. } else {
  48. $type = 'file';
  49. $path = $_GET['file'];
  50. if(strlen($path)>1 and substr($path, -1, 1)==='/') {
  51. $path=substr($path, 0, -1);
  52. }
  53. }
  54. $uidOwner = substr($path, 1, strpos($path, '/', 1) - 1);
  55. if (OCP\User::userExists($uidOwner)) {
  56. OC_Util::setupFS($uidOwner);
  57. $fileSource = getId($path);
  58. if ($fileSource != -1 && ($linkItem = OCP\Share::getItemSharedWithByLink($type, $fileSource, $uidOwner))) {
  59. // TODO Fix in the getItems
  60. if (!isset($linkItem['item_type']) || $linkItem['item_type'] != $type) {
  61. header('HTTP/1.0 404 Not Found');
  62. $tmpl = new OCP\Template('', '404', 'guest');
  63. $tmpl->printPage();
  64. exit();
  65. }
  66. if (isset($linkItem['share_with'])) {
  67. // Check password
  68. if (isset($_GET['file'])) {
  69. $url = OCP\Util::linkToPublic('files').'&file='.urlencode($_GET['file']);
  70. } else {
  71. $url = OCP\Util::linkToPublic('files').'&dir='.urlencode($_GET['dir']);
  72. }
  73. if (isset($_POST['password'])) {
  74. $password = $_POST['password'];
  75. $storedHash = $linkItem['share_with'];
  76. $forcePortable = (CRYPT_BLOWFISH != 1);
  77. $hasher = new PasswordHash(8, $forcePortable);
  78. if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash))) {
  79. $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
  80. $tmpl->assign('URL', $url);
  81. $tmpl->assign('error', true);
  82. $tmpl->printPage();
  83. exit();
  84. } else {
  85. // Save item id in session for future requests
  86. $_SESSION['public_link_authenticated'] = $linkItem['id'];
  87. }
  88. // Check if item id is set in session
  89. } else if (!isset($_SESSION['public_link_authenticated']) || $_SESSION['public_link_authenticated'] !== $linkItem['id']) {
  90. // Prompt for password
  91. $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
  92. $tmpl->assign('URL', $url);
  93. $tmpl->printPage();
  94. exit();
  95. }
  96. }
  97. $path = $linkItem['path'];
  98. if (isset($_GET['path'])) {
  99. $path .= $_GET['path'];
  100. $dir .= $_GET['path'];
  101. if (!OC_Filesystem::file_exists($path)) {
  102. header('HTTP/1.0 404 Not Found');
  103. $tmpl = new OCP\Template('', '404', 'guest');
  104. $tmpl->printPage();
  105. exit();
  106. }
  107. }
  108. // Download the file
  109. if (isset($_GET['download'])) {
  110. if (isset($_GET['dir'])) {
  111. if ( isset($_GET['files']) ) { // download selected files
  112. OC_Files::get($path, $_GET['files'], $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
  113. } else if (isset($_GET['path']) && $_GET['path'] != '' ) { // download a file from a shared directory
  114. OC_Files::get('', $path, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
  115. } else { // download the whole shared directory
  116. OC_Files::get($path, '', $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
  117. }
  118. } else { // download a single shared file
  119. OC_Files::get("", $path, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
  120. }
  121. } else {
  122. OCP\Util::addStyle('files_sharing', 'public');
  123. OCP\Util::addScript('files_sharing', 'public');
  124. OCP\Util::addScript('files', 'fileactions');
  125. $tmpl = new OCP\Template('files_sharing', 'public', 'base');
  126. $tmpl->assign('owner', $uidOwner);
  127. // Show file list
  128. if (OC_Filesystem::is_dir($path)) {
  129. OCP\Util::addStyle('files', 'files');
  130. OCP\Util::addScript('files', 'files');
  131. OCP\Util::addScript('files', 'filelist');
  132. $files = array();
  133. $rootLength = strlen($baseDir) + 1;
  134. foreach (OC_Files::getDirectoryContent($path) as $i) {
  135. $i['date'] = OCP\Util::formatDate($i['mtime']);
  136. if ($i['type'] == 'file') {
  137. $fileinfo = pathinfo($i['name']);
  138. $i['basename'] = $fileinfo['filename'];
  139. $i['extension'] = isset($fileinfo['extension']) ? ('.'.$fileinfo['extension']) : '';
  140. }
  141. $i['directory'] = '/'.substr('/'.$uidOwner.'/files'.$i['directory'], $rootLength);
  142. if ($i['directory'] == '/') {
  143. $i['directory'] = '';
  144. }
  145. $i['permissions'] = OCP\Share::PERMISSION_READ;
  146. $files[] = $i;
  147. }
  148. // Make breadcrumb
  149. $breadcrumb = array();
  150. $pathtohere = '';
  151. $count = 1;
  152. foreach (explode('/', $dir) as $i) {
  153. if ($i != '') {
  154. if ($i != $baseDir) {
  155. $pathtohere .= '/'.$i;
  156. }
  157. if ( strlen($pathtohere) < strlen($_GET['dir'])) {
  158. continue;
  159. }
  160. $breadcrumb[] = array('dir' => str_replace($_GET['dir'], "", $pathtohere, $count), 'name' => $i);
  161. }
  162. }
  163. $list = new OCP\Template('files', 'part.list', '');
  164. $list->assign('files', $files, false);
  165. $list->assign('publicListView', true);
  166. $list->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.urlencode($_GET['dir']).'&path=', false);
  167. $list->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path=', false);
  168. $breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '' );
  169. $breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
  170. $breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.urlencode($_GET['dir']).'&path=', false);
  171. $folder = new OCP\Template('files', 'index', '');
  172. $folder->assign('fileList', $list->fetchPage(), false);
  173. $folder->assign('breadcrumb', $breadcrumbNav->fetchPage(), false);
  174. $folder->assign('dir', basename($dir));
  175. $folder->assign('isCreatable', false);
  176. $folder->assign('permissions', 0);
  177. $folder->assign('files', $files);
  178. $folder->assign('uploadMaxFilesize', 0);
  179. $folder->assign('uploadMaxHumanFilesize', 0);
  180. $folder->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
  181. $tmpl->assign('folder', $folder->fetchPage(), false);
  182. $tmpl->assign('uidOwner', $uidOwner);
  183. $tmpl->assign('dir', basename($dir));
  184. $tmpl->assign('filename', basename($path));
  185. $tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
  186. $tmpl->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
  187. if (isset($_GET['path'])) {
  188. $getPath = $_GET['path'];
  189. } else {
  190. $getPath = '';
  191. }
  192. $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path='.urlencode($getPath), false);
  193. } else {
  194. // Show file preview if viewer is available
  195. $tmpl->assign('uidOwner', $uidOwner);
  196. $tmpl->assign('dir', dirname($path));
  197. $tmpl->assign('filename', basename($path));
  198. $tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
  199. if ($type == 'file') {
  200. $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&file='.urlencode($_GET['file']).'&download', false);
  201. } else {
  202. if (isset($_GET['path'])) {
  203. $getPath = $_GET['path'];
  204. } else {
  205. $getPath = '';
  206. }
  207. $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path='.urlencode($getPath), false);
  208. }
  209. }
  210. $tmpl->printPage();
  211. }
  212. exit();
  213. }
  214. }
  215. }
  216. header('HTTP/1.0 404 Not Found');
  217. $tmpl = new OCP\Template('', '404', 'guest');
  218. $tmpl->printPage();