public.php 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277
  1. <?php
  2. // Load other apps for file previews
  3. OC_App::loadApps();
  4. if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
  5. header('HTTP/1.0 404 Not Found');
  6. $tmpl = new OCP\Template('', '404', 'guest');
  7. $tmpl->printPage();
  8. exit();
  9. }
  10. function fileCmp($a, $b) {
  11. if ($a['type'] == 'dir' and $b['type'] != 'dir') {
  12. return -1;
  13. } elseif ($a['type'] != 'dir' and $b['type'] == 'dir') {
  14. return 1;
  15. } else {
  16. return strnatcasecmp($a['name'], $b['name']);
  17. }
  18. }
  19. function determineIcon($file, $sharingRoot, $sharingToken) {
  20. // for folders we simply reuse the files logic
  21. if($file['type'] == 'dir') {
  22. return \OCA\Files\Helper::determineIcon($file);
  23. }
  24. $relativePath = substr($file['path'], 6);
  25. $relativePath = substr($relativePath, strlen($sharingRoot));
  26. if($file['isPreviewAvailable']) {
  27. return OCP\publicPreview_icon($relativePath, $sharingToken) . '&c=' . $file['etag'];
  28. }
  29. return OCP\mimetype_icon($file['mimetype']);
  30. }
  31. if (isset($_GET['t'])) {
  32. $token = $_GET['t'];
  33. $linkItem = OCP\Share::getShareByToken($token);
  34. if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
  35. // seems to be a valid share
  36. $type = $linkItem['item_type'];
  37. $fileSource = $linkItem['file_source'];
  38. $shareOwner = $linkItem['uid_owner'];
  39. $path = null;
  40. $rootLinkItem = OCP\Share::resolveReShare($linkItem);
  41. $fileOwner = $rootLinkItem['uid_owner'];
  42. if (isset($fileOwner)) {
  43. OC_Util::tearDownFS();
  44. OC_Util::setupFS($fileOwner);
  45. $path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
  46. }
  47. }
  48. }
  49. if (isset($path)) {
  50. if (!isset($linkItem['item_type'])) {
  51. OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);
  52. header('HTTP/1.0 404 Not Found');
  53. $tmpl = new OCP\Template('', '404', 'guest');
  54. $tmpl->printPage();
  55. exit();
  56. }
  57. if (isset($linkItem['share_with'])) {
  58. // Authenticate share_with
  59. $url = OCP\Util::linkToPublic('files') . '&t=' . $token;
  60. if (isset($_GET['file'])) {
  61. $url .= '&file=' . urlencode($_GET['file']);
  62. } else {
  63. if (isset($_GET['dir'])) {
  64. $url .= '&dir=' . urlencode($_GET['dir']);
  65. }
  66. }
  67. if (isset($_POST['password'])) {
  68. $password = $_POST['password'];
  69. if ($linkItem['share_type'] == OCP\Share::SHARE_TYPE_LINK) {
  70. // Check Password
  71. $forcePortable = (CRYPT_BLOWFISH != 1);
  72. $hasher = new PasswordHash(8, $forcePortable);
  73. if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''),
  74. $linkItem['share_with']))) {
  75. OCP\Util::addStyle('files_sharing', 'authenticate');
  76. $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
  77. $tmpl->assign('URL', $url);
  78. $tmpl->assign('wrongpw', true);
  79. $tmpl->printPage();
  80. exit();
  81. } else {
  82. // Save item id in session for future requests
  83. \OC::$session->set('public_link_authenticated', $linkItem['id']);
  84. }
  85. } else {
  86. OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
  87. .' for share id '.$linkItem['id'], \OCP\Util::ERROR);
  88. header('HTTP/1.0 404 Not Found');
  89. $tmpl = new OCP\Template('', '404', 'guest');
  90. $tmpl->printPage();
  91. exit();
  92. }
  93. } else {
  94. // Check if item id is set in session
  95. if ( ! \OC::$session->exists('public_link_authenticated')
  96. || \OC::$session->get('public_link_authenticated') !== $linkItem['id']
  97. ) {
  98. // Prompt for password
  99. OCP\Util::addStyle('files_sharing', 'authenticate');
  100. $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
  101. $tmpl->assign('URL', $url);
  102. $tmpl->printPage();
  103. exit();
  104. }
  105. }
  106. }
  107. $basePath = $path;
  108. if (isset($_GET['path']) && \OC\Files\Filesystem::isReadable($basePath . $_GET['path'])) {
  109. $getPath = \OC\Files\Filesystem::normalizePath($_GET['path']);
  110. $path .= $getPath;
  111. } else {
  112. $getPath = '';
  113. }
  114. $dir = dirname($path);
  115. $file = basename($path);
  116. // Download the file
  117. if (isset($_GET['download'])) {
  118. if (isset($_GET['files'])) { // download selected files
  119. $files = urldecode($_GET['files']);
  120. $files_list = json_decode($files);
  121. // in case we get only a single file
  122. if ($files_list === NULL ) {
  123. $files_list = array($files);
  124. }
  125. OC_Files::get($path, $files_list, $_SERVER['REQUEST_METHOD'] == 'HEAD');
  126. } else {
  127. OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD');
  128. }
  129. exit();
  130. } else {
  131. OCP\Util::addScript('files', 'file-upload');
  132. OCP\Util::addStyle('files_sharing', 'public');
  133. OCP\Util::addScript('files_sharing', 'public');
  134. OCP\Util::addScript('files', 'fileactions');
  135. OCP\Util::addScript('files', 'jquery.iframe-transport');
  136. OCP\Util::addScript('files', 'jquery.fileupload');
  137. $maxUploadFilesize=OCP\Util::maxUploadFilesize($path);
  138. $tmpl = new OCP\Template('files_sharing', 'public', 'base');
  139. $tmpl->assign('uidOwner', $shareOwner);
  140. $tmpl->assign('displayName', \OCP\User::getDisplayName($shareOwner));
  141. $tmpl->assign('filename', $file);
  142. $tmpl->assign('directory_path', $linkItem['file_target']);
  143. $tmpl->assign('mimetype', \OC\Files\Filesystem::getMimeType($path));
  144. $tmpl->assign('fileTarget', basename($linkItem['file_target']));
  145. $tmpl->assign('dirToken', $linkItem['token']);
  146. $tmpl->assign('sharingToken', $token);
  147. $tmpl->assign('disableSharing', true);
  148. $allowPublicUploadEnabled = (bool) ($linkItem['permissions'] & OCP\PERMISSION_CREATE);
  149. if (\OCP\App::isEnabled('files_encryption')) {
  150. $allowPublicUploadEnabled = false;
  151. }
  152. if (OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes') === 'no') {
  153. $allowPublicUploadEnabled = false;
  154. }
  155. if ($linkItem['item_type'] !== 'folder') {
  156. $allowPublicUploadEnabled = false;
  157. }
  158. $tmpl->assign('allowPublicUploadEnabled', $allowPublicUploadEnabled);
  159. $tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
  160. $tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
  161. $urlLinkIdentifiers= (isset($token)?'&t='.$token:'')
  162. .(isset($_GET['dir'])?'&dir='.$_GET['dir']:'')
  163. .(isset($_GET['file'])?'&file='.$_GET['file']:'');
  164. // Show file list
  165. if (\OC\Files\Filesystem::is_dir($path)) {
  166. $tmpl->assign('dir', $getPath);
  167. OCP\Util::addStyle('files', 'files');
  168. OCP\Util::addStyle('files', 'upload');
  169. OCP\Util::addScript('files', 'files');
  170. OCP\Util::addScript('files', 'filelist');
  171. OCP\Util::addscript('files', 'keyboardshortcuts');
  172. $files = array();
  173. $rootLength = strlen($basePath) + 1;
  174. $totalSize = 0;
  175. foreach (\OC\Files\Filesystem::getDirectoryContent($path) as $i) {
  176. $totalSize += $i['size'];
  177. $i['date'] = OCP\Util::formatDate($i['mtime']);
  178. if ($i['type'] == 'file') {
  179. $fileinfo = pathinfo($i['name']);
  180. $i['basename'] = $fileinfo['filename'];
  181. if (!empty($fileinfo['extension'])) {
  182. $i['extension'] = '.' . $fileinfo['extension'];
  183. } else {
  184. $i['extension'] = '';
  185. }
  186. $i['isPreviewAvailable'] = \OC::$server->getPreviewManager()->isMimeSupported($i['mimetype']);
  187. }
  188. $i['directory'] = $getPath;
  189. $i['permissions'] = OCP\PERMISSION_READ;
  190. $i['icon'] = determineIcon($i, $basePath, $token);
  191. $files[] = $i;
  192. }
  193. usort($files, "fileCmp");
  194. // Make breadcrumb
  195. $breadcrumb = array();
  196. $pathtohere = '';
  197. foreach (explode('/', $getPath) as $i) {
  198. if ($i != '') {
  199. $pathtohere .= '/' . $i;
  200. $breadcrumb[] = array('dir' => $pathtohere, 'name' => $i);
  201. }
  202. }
  203. $list = new OCP\Template('files', 'part.list', '');
  204. $list->assign('files', $files);
  205. $list->assign('baseURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&path=');
  206. $list->assign('downloadURL',
  207. OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download&path=');
  208. $list->assign('isPublic', true);
  209. $list->assign('sharingtoken', $token);
  210. $list->assign('sharingroot', $basePath);
  211. $breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '');
  212. $breadcrumbNav->assign('breadcrumb', $breadcrumb);
  213. $breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&path=');
  214. $maxUploadFilesize=OCP\Util::maxUploadFilesize($path);
  215. $fileHeader = (!isset($files) or count($files) > 0);
  216. $emptyContent = ($allowPublicUploadEnabled and !$fileHeader);
  217. $folder = new OCP\Template('files', 'index', '');
  218. $folder->assign('fileList', $list->fetchPage());
  219. $folder->assign('breadcrumb', $breadcrumbNav->fetchPage());
  220. $folder->assign('dir', $getPath);
  221. $folder->assign('isCreatable', false);
  222. $folder->assign('permissions', OCP\PERMISSION_READ);
  223. $folder->assign('isPublic',true);
  224. $folder->assign('publicUploadEnabled', 'no');
  225. $folder->assign('files', $files);
  226. $folder->assign('uploadMaxFilesize', $maxUploadFilesize);
  227. $folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
  228. $folder->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
  229. $folder->assign('usedSpacePercent', 0);
  230. $folder->assign('fileHeader', $fileHeader);
  231. $folder->assign('disableSharing', true);
  232. $folder->assign('trash', false);
  233. $folder->assign('emptyContent', $emptyContent);
  234. $folder->assign('ajaxLoad', false);
  235. $tmpl->assign('folder', $folder->fetchPage());
  236. $maxInputFileSize = OCP\Config::getSystemValue('maxZipInputSize', OCP\Util::computerFileSize('800 MB'));
  237. $allowZip = OCP\Config::getSystemValue('allowZipDownload', true)
  238. && ( $maxInputFileSize === 0 || $totalSize <= $maxInputFileSize);
  239. $tmpl->assign('allowZipDownload', intval($allowZip));
  240. $tmpl->assign('downloadURL',
  241. OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download&path=' . urlencode($getPath));
  242. } else {
  243. $tmpl->assign('dir', $dir);
  244. // Show file preview if viewer is available
  245. if ($type == 'file') {
  246. $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download');
  247. } else {
  248. $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files')
  249. .$urlLinkIdentifiers.'&download&path='.urlencode($getPath));
  250. }
  251. }
  252. $tmpl->printPage();
  253. }
  254. exit();
  255. } else {
  256. OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG);
  257. }
  258. $errorTemplate = new OCP\Template('files_sharing', 'part.404', '');
  259. $errorContent = $errorTemplate->fetchPage();
  260. header('HTTP/1.0 404 Not Found');
  261. OCP\Util::addStyle('files_sharing', '404');
  262. $tmpl = new OCP\Template('', '404', 'guest');
  263. $tmpl->assign('content', $errorContent);
  264. $tmpl->printPage();