Exemple #1
0
 function testParseHTTPDateFail()
 {
     $times = array('NOW', 'Wednesday, 13-Oct-10 10:26:00 UTC', 'Wed Oct 6 10:26:00 2010');
     foreach ($times as $time) {
         $this->assertFalse(Sabre_HTTP_Util::parseHTTPDate($time), 'We used the string: ' . $time);
     }
 }
Exemple #2
0
 function testStrtotimeFail()
 {
     // Strtotime may return -1 when the date cannot be parsed.
     // We are simulating this situation by testing a date that actually
     // results in -1. (because I have found no other way to break this
     // code)
     $time = 'Wed, 13 Oct 1960 10:26:00 GMT';
     $this->assertNull(Sabre_HTTP_Util::parseHTTPDate($time));
 }
 /**
  * Makes sure the supplied value is a valid RFC2616 date.
  *
  * If we would just use strtotime to get a valid timestamp, we have no way of checking if a 
  * user just supplied the word 'now' for the date header.
  *
  * This function also makes sure the Date header is within 15 minutes of the operating 
  * system date, to prevent replay attacks.
  * 
  * @param string $dateHeader 
  * @return bool 
  */
 protected function validateRFC2616Date($dateHeader)
 {
     $date = Sabre_HTTP_Util::parseHTTPDate($dateHeader);
     // Unknown format
     if (!$date) {
         $this->errorCode = self::ERR_INVALIDDATEFORMAT;
         return false;
     }
     $min = new DateTime('-15 minutes');
     $max = new DateTime('+15 minutes');
     // We allow 15 minutes around the current date/time
     if ($date > $max || $date < $min) {
         $this->errorCode = self::ERR_REQUESTTIMESKEWED;
         return false;
     }
     return $date;
 }
 /**
  * This method checks the main HTTP preconditions.
  *
  * Currently these are:
  *   * If-Match
  *   * If-None-Match
  *   * If-Modified-Since
  *   * If-Unmodified-Since
  *
  * The method will return true if all preconditions are met
  * The method will return false, or throw an exception if preconditions
  * failed. If false is returned the operation should be aborted, and
  * the appropriate HTTP response headers are already set.
  *
  * Normally this method will throw 412 Precondition Failed for failures
  * related to If-None-Match, If-Match and If-Unmodified Since. It will
  * set the status to 304 Not Modified for If-Modified_since.
  *
  * If the $handleAsGET argument is set to true, it will also return 304
  * Not Modified for failure of the If-None-Match precondition. This is the
  * desired behaviour for HTTP GET and HTTP HEAD requests.
  *
  * @param bool $handleAsGET
  * @return bool
  */
 public function checkPreconditions($handleAsGET = false)
 {
     $uri = $this->getRequestUri();
     $node = null;
     $lastMod = null;
     $etag = null;
     if ($ifMatch = $this->httpRequest->getHeader('If-Match')) {
         // If-Match contains an entity tag. Only if the entity-tag
         // matches we are allowed to make the request succeed.
         // If the entity-tag is '*' we are only allowed to make the
         // request succeed if a resource exists at that url.
         try {
             $node = $this->tree->getNodeForPath($uri);
         } catch (Sabre_DAV_Exception_NotFound $e) {
             throw new Sabre_DAV_Exception_PreconditionFailed('An If-Match header was specified and the resource did not exist', 'If-Match');
         }
         // Only need to check entity tags if they are not *
         if ($ifMatch !== '*') {
             // There can be multiple etags
             $ifMatch = explode(',', $ifMatch);
             $haveMatch = false;
             foreach ($ifMatch as $ifMatchItem) {
                 // Stripping any extra spaces
                 $ifMatchItem = trim($ifMatchItem, ' ');
                 $etag = $node->getETag();
                 if ($etag === $ifMatchItem) {
                     $haveMatch = true;
                 }
             }
             if (!$haveMatch) {
                 throw new Sabre_DAV_Exception_PreconditionFailed('An If-Match header was specified, but none of the specified the ETags matched.', 'If-Match');
             }
         }
     }
     if ($ifNoneMatch = $this->httpRequest->getHeader('If-None-Match')) {
         // The If-None-Match header contains an etag.
         // Only if the ETag does not match the current ETag, the request will succeed
         // The header can also contain *, in which case the request
         // will only succeed if the entity does not exist at all.
         $nodeExists = true;
         if (!$node) {
             try {
                 $node = $this->tree->getNodeForPath($uri);
             } catch (Sabre_DAV_Exception_NotFound $e) {
                 $nodeExists = false;
             }
         }
         if ($nodeExists) {
             $haveMatch = false;
             if ($ifNoneMatch === '*') {
                 $haveMatch = true;
             } else {
                 // There might be multiple etags
                 $ifNoneMatch = explode(',', $ifNoneMatch);
                 $etag = $node->getETag();
                 foreach ($ifNoneMatch as $ifNoneMatchItem) {
                     // Stripping any extra spaces
                     $ifNoneMatchItem = trim($ifNoneMatchItem, ' ');
                     if ($etag === $ifNoneMatchItem) {
                         $haveMatch = true;
                     }
                 }
             }
             if ($haveMatch) {
                 if ($handleAsGET) {
                     $this->httpResponse->sendStatus(304);
                     return false;
                 } else {
                     throw new Sabre_DAV_Exception_PreconditionFailed('An If-None-Match header was specified, but the ETag matched (or * was specified).', 'If-None-Match');
                 }
             }
         }
     }
     if (!$ifNoneMatch && ($ifModifiedSince = $this->httpRequest->getHeader('If-Modified-Since'))) {
         // The If-Modified-Since header contains a date. We
         // will only return the entity if it has been changed since
         // that date. If it hasn't been changed, we return a 304
         // header
         // Note that this header only has to be checked if there was no If-None-Match header
         // as per the HTTP spec.
         $date = Sabre_HTTP_Util::parseHTTPDate($ifModifiedSince);
         if ($date) {
             if (is_null($node)) {
                 $node = $this->tree->getNodeForPath($uri);
             }
             $lastMod = $node->getLastModified();
             if ($lastMod) {
                 $lastMod = new DateTime('@' . $lastMod);
                 if ($lastMod <= $date) {
                     $this->httpResponse->sendStatus(304);
                     $this->httpResponse->setHeader('Last-Modified', Sabre_HTTP_Util::toHTTPDate($lastMod));
                     return false;
                 }
             }
         }
     }
     if ($ifUnmodifiedSince = $this->httpRequest->getHeader('If-Unmodified-Since')) {
         // The If-Unmodified-Since will allow allow the request if the
         // entity has not changed since the specified date.
         $date = Sabre_HTTP_Util::parseHTTPDate($ifUnmodifiedSince);
         // We must only check the date if it's valid
         if ($date) {
             if (is_null($node)) {
                 $node = $this->tree->getNodeForPath($uri);
             }
             $lastMod = $node->getLastModified();
             if ($lastMod) {
                 $lastMod = new DateTime('@' . $lastMod);
                 if ($lastMod > $date) {
                     throw new Sabre_DAV_Exception_PreconditionFailed('An If-Unmodified-Since header was specified, but the entity has been changed since the specified date.', 'If-Unmodified-Since');
                 }
             }
         }
     }
     return true;
 }