function OnBeforeProlog() { global $USER, $APPLICATION; if (isset($_SERVER["PHP_AUTH_USER"]) && (!defined("NOT_CHECK_PERMISSIONS") || NOT_CHECK_PERMISSIONS !== true) && (CWebDavBase::IsDavHeaders("check_all") || !$USER->IsAuthorized())) { if (strlen($_SERVER["PHP_AUTH_USER"]) > 0 and strlen($_SERVER["PHP_AUTH_PW"]) > 0) { if (strpos($_SERVER["PHP_AUTH_USER"], $_SERVER['HTTP_HOST'] . "\\") === 0) { $_SERVER["PHP_AUTH_USER"] = str_replace($_SERVER['HTTP_HOST'] . "\\", "", $_SERVER["PHP_AUTH_USER"]); } elseif (strpos($_SERVER["PHP_AUTH_USER"], $_SERVER['SERVER_NAME'] . "\\") === 0) { $_SERVER["PHP_AUTH_USER"] = str_replace($_SERVER['SERVER_NAME'] . "\\", "", $_SERVER["PHP_AUTH_USER"]); } $arAuthResult = $USER->Login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"], "N"); $APPLICATION->arAuthResult = $arAuthResult; } } if (($_SERVER['REQUEST_METHOD'] == 'OPTIONS' || $_SERVER['REQUEST_METHOD'] == 'PROPFIND') && (strlen($_SERVER["REAL_FILE_PATH"]) <= 0 && substr($_SERVER['REQUEST_URI'], -1, 1) == '/' || strpos($_SERVER['REQUEST_URI'], 'personal') !== false && strlen($_SERVER["REAL_FILE_PATH"]) <= 0 && !file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['REQUEST_URI']))) { $res = CUrlRewriter::GetList(array("QUERY" => $_SERVER['REQUEST_URI'])); $good_res = true; $file_path = ""; foreach ($res as $res_detail) { if (strpos($res_detail["ID"], "webdav") !== false || strpos($res_detail["ID"], "socialnetwork") !== false) { $good_res = !$USER->IsAuthorized(); break; } } if ($good_res) { header("MS-Author-Via: DAV"); if (strpos($_SERVER['HTTP_USER_AGENT'], "Microsoft-WebDAV-MiniRedir") !== false && $_SERVER['REQUEST_METHOD'] == "OPTIONS") { CWebDavBase::base_OPTIONS(); die; } if ($_SERVER['REQUEST_METHOD'] != 'PROPFIND') { if (!$USER->IsAuthorized()) { CWebDavBase::SetAuthHeader(); die; } CWebDavBase::base_OPTIONS(); die; } if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { if (!$USER->IsAuthorized()) { CWebDavBase::SetAuthHeader(); die; } CWebDavBase::SetStatus('207 Multi-Status'); echo '<?xml version="1.0" encoding="utf-8" ?> <D:multistatus xmlns:D="DAV:" xmlns:Office="urn:schemas-microsoft-com:office:office" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:Z="urn:schemas-microsoft-com:"> <D:response> <D:href>http://' . htmlspecialcharsbx($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) . '</D:href> <D:propstat> <D:prop> <D:displayname></D:displayname> <D:lockdiscovery/><D:supportedlock/> <D:isFolder>t</D:isFolder> <D:iscollection>1</D:iscollection> <D:ishidden>0</D:ishidden> <D:getcontenttype>application/octet-stream</D:getcontenttype> <D:getcontentlength>0</D:getcontentlength> <D:resourcetype><D:collection/></D:resourcetype> <Repl:authoritative-directory>t</Repl:authoritative-directory> <D:getlastmodified>2008-10-29T13:58:59Z</D:getlastmodified> <D:creationdate>2008-10-29T13:58:59Z</D:creationdate> <Repl:repl-uid>rid:{D77F5F6A-44A9-4015-AB49-4D3A439808C1}</Repl:repl-uid> <Repl:resourcetag>rt:D77F5F6A-44A9-4015-AB49-4D3A439808C1@00000000000</Repl:resourcetag> <D:getetag>"{D77F5F6A-44A9-4015-AB49-4D3A439808C1},0"</D:getetag> </D:prop> <D:status>HTTP/1.1 200 OK</D:status> </D:propstat> </D:response> </D:multistatus>'; die; } } } elseif (CWebDavBase::IsDavHeaders("check_all")) { if (!$USER->IsAuthorized()) { $res = CUrlRewriter::GetList(array("QUERY" => $_SERVER['REQUEST_URI'])); $good_res = true; $file_path = ""; foreach ($res as $res_detail) { if (strpos($res_detail["ID"], "webdav") !== false || strpos($res_detail["ID"], "socialnetwork") !== false) { $good_res = !$USER->IsAuthorized(); break; } } if ($good_res) { CWebDavBase::SetAuthHeader(); die; } } return true; } }
$arError = array(); /******************************************************************** Check Socnet Permission and Main Data ********************************************************************/ /************** Can View *******************************************/ if ($arParams["PERMISSION"] < "R") { $arError[] = array("id" => "access_denied", "text" => GetMessage("SONET_ACCESS_DENIED")); /************** Active Feature *************************************/ } elseif ($object == "user" && !CSocNetFeatures::IsActiveFeature(SONET_ENTITY_USER, $arResult["VARIABLES"]["user_id"], "files") || $object == "group" && !CSocNetFeatures::IsActiveFeature(SONET_ENTITY_GROUP, $arResult["VARIABLES"]["group_id"], "files")) { $arError[] = array("id" => "fiture_is_not_active", "text" => GetMessage("SONET_FILES_IS_NOT_ACTIVE")); /************** Check Iblock ID ************************************/ } elseif ($object == "user" && $arParams["FILES_USER_IBLOCK_ID"] <= 0 || $object == "group" && $arParams["FILES_GROUP_IBLOCK_ID"] <= 0) { $arError[] = array("id" => "iblock_id_empty", "text" => GetMessage("SONET_IBLOCK_ID_EMPTY")); } elseif ($arParams["USE_AUTH"] == "Y" && (CWebDavBase::IsDavHeaders() || $_SERVER['REQUEST_METHOD'] != "GET" && $_SERVER['REQUEST_METHOD'] != "POST") && !$USER->IsAuthorized()) { $APPLICATION->RestartBuffer(); CWebDavBase::SetAuthHeader(); header('Content-length: 0'); die; } /************** Set Page Title or Add Navigation *******************/ if ($arParams["SET_NAV_CHAIN"] == "Y" || $arParams["SET_TITLE"] == "Y") { $strTitle = ""; if ($object == "group") { $arResult["GROUP"] = $arGroup = CSocNetGroup::GetByID($arResult["VARIABLES"]["group_id"]); $db_res = CSocNetFeatures::GetList(array(), array("ENTITY_ID" => $arResult["GROUP"]["ID"], "ENTITY_TYPE" => SONET_ENTITY_GROUP, "FEATURE" => "files")); if ($db_res && ($arResult["GROUP"]["FEATURE"] = $db_res->GetNext())) { $arParams["STR_TITLE"] = $arResult["GROUP"]["FEATURE"]["FEATURE_NAME"] = empty($arResult["GROUP"]["FEATURE"]["FEATURE_NAME"]) ? $arParams["STR_TITLE"] : $arResult["GROUP"]["FEATURE"]["FEATURE_NAME"]; } else { $arResult["GROUP"]["FEATURE"] = array("FEATURE_NAME" => $arParams["STR_TITLE"]); } $strTitle = $arGroup["~NAME"] . ": " . $arParams["STR_TITLE"];
function MakeDavRedirect($ob, $currentPageUrl, $baseURL, $path, $is_root = false) { global $APPLICATION, $USER; if ($ob->IsDavHeaders('check_all') || $_SERVER['REQUEST_METHOD'] == 'DELETE') { if (!$USER->IsAuthorized()) { $APPLICATION->RestartBuffer(); CWebDavBase::SetAuthHeader(); header('Content-length: 0'); die; } if (!$ob->CheckWebRights()) { $ob->SetStatus('403 Forbidden'); ShowError(GetMessage("WD_DAV_INSUFFICIENT_RIGHTS")); die; } elseif (!$ob->IsMethodAllow($_SERVER['REQUEST_METHOD'])) { CHTTP::SetStatus('405 Method not allowed'); header('Allow: ' . join(',', array_keys($ob->allow))); ShowError(GetMessage("WD_DAV_UNSUPORTED_METHOD")); die; } else { $APPLICATION->RestartBuffer(); if (isset($_SERVER['HTTP_DESTINATION'])) { $pu = parse_url(CWebDavBase::get_request_url($_SERVER['HTTP_DESTINATION'])); $ob->SetBaseURL($baseURL); $pu['path'] = urldecode($pu['path']); if (strpos($pu['path'], $baseURL) === false) { CHTTP::SetStatus('405 Method not allowed'); header('Allow: ' . join(',', array_keys($ob->allow))); ShowError(GetMessage("WD_DAV_UNSUPORTED_METHOD")); die; } } else { $ob->SetBaseURL($baseURL); } $ob->SetPath($path); $fn = 'base_' . $_SERVER['REQUEST_METHOD']; call_user_func(array(&$ob, $fn)); die; } } else { $ob->SetBaseURL($baseURL); $ob->SetPath(rtrim($path, '/')); if ($is_root) { return; } $ob->IsDir(); if ($ob->arParams['is_file']) { $APPLICATION->RestartBuffer(); $ob->base_GET(); die; } else { LocalRedirect($currentPageUrl); } } }