public function move(ezcWebdavMoveRequest $request) { global $prefs; global $filegallib; include_once 'lib/filegals/filegallib.php'; print_debug("-- HTTP method: MOVE --\n"); $this->acquireLock(); // Indicates wheather a destiantion resource has been replaced or not. // The success response code depends on this. $replaced = false; // Extract paths from request $source = $request->requestUri; $dest = $request->getHeader('Destination'); // Check authorization // Need to do this before checking of node existence is checked, to // avoid leaking information if (!ezcWebdavServer::getInstance()->isAuthorized($dest, $request->getHeader('Authorization'), ezcWebdavAuthorizer::ACCESS_WRITE)) { $this->freeLock(); return $this->createUnauthorizedResponse($dest, $request->getHeader('Authorization')); } // Check if resource is available if (!$this->nodeExists($source)) { $this->freeLock(); return new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_404, $source); } // If source and destination are equal, the request should always fail. if ($source === $dest) { $this->freeLock(); return new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_403, $source); } // Check if destination resource exists and throw error, when // overwrite header is F if ($request->getHeader('Overwrite') === 'F' && $this->nodeExists($dest)) { $this->freeLock(); return new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_412, $dest); } // Check if the destination parent directory already exists, otherwise // bail out. if (!$this->nodeExists($destDir = dirname($dest))) { $this->freeLock(); return new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_409, $dest); } // Verify If-[None-]Match headers on the $dest if it exists if ($this->nodeExists($dest) && ($res = $this->checkIfMatchHeaders($request, $dest)) !== null) { $this->freeLock(); return $res; } elseif (($res = $this->checkIfMatchHeaders($request, $destDir)) !== null) { // Verify If-[None-]Match headers on the on $dests parent dir, if it // does not exist $this->freeLock(); return $res; } // The destination resource should be deleted if it exists and the // overwrite headers is T if ($request->getHeader('Overwrite') === 'T' && $this->nodeExists($dest)) { // Check sub-sequent authorization on destination $authState = $this->recursiveAuthCheck($request, $dest, ezcWebdavAuthorizer::ACCESS_WRITE, true); if (count($authState['errors']) !== 0) { // Permission denied on deleting destination $this->freeLock(); return $authState['errors'][0]; } $replaced = true; if (count($delteErrors = $this->performDelete($dest)) > 0) { $this->freeLock(); return new ezcWebdavMultistatusResponse($delteErrors); } } // All checks are passed, we can actually move now. $infos = array(); $doRename = false; $doMove = false; foreach (array('source', 'dest') as $k) { // Get source and dest infos if (($infos[$k] = $filegallib->get_objectid_from_virtual_path(${$k})) !== false) { switch ($infos[$k]['type']) { case 'filegal': $infos[$k]['infos'] = $filegallib->get_file_gallery_info($infos[$k]['id']); $infos[$k]['parentId'] = $infos[$k]['infos']['parentId']; $infos[$k]['name'] = $infos[$k]['infos']['name']; break; case 'file': ///TODO: Throw an error if dest is a file, but source is a filegal $infos[$k]['infos'] = $filegallib->get_file($infos[$k]['id']); $infos[$k]['parentId'] = $infos[$k]['infos']['galleryId']; $infos[$k]['name'] = $infos[$k]['infos']['filename']; break; } } elseif ($k == 'dest') { // If dest doesn't exist, it usually means that the file / filegal has to be renamed ///TODO: Throw an error if dest is a new filegal, but source is a file if (($objectId = $filegallib->get_objectid_from_virtual_path(dirname(${$k}))) !== false && $objectId['type'] == 'filegal') { $infos[$k] = array('id' => $infos['source']['id'], 'type' => $infos['source']['type'], 'infos' => $infos['source']['infos'], 'parentId' => $objectId['id'], 'name' => basename(${$k})); switch ($infos[$k]['type']) { case 'filegal': $infos[$k]['infos']['name'] = $infos[$k]['name']; $infos[$k]['infos']['parentId'] = $infos[$k]['parentId']; break; case 'file': $infos[$k]['infos']['name'] = $infos[$k]['name']; $infos[$k]['infos']['filename'] = $infos[$k]['name']; $infos[$k]['infos']['galleryId'] = $infos[$k]['parentId']; break; } $doRename = true; } } else { // If source doesn't exist, we stop here break; } } $doMove = $infos['source']['parentId'] != $infos['dest']['parentId']; $noErrors = true; switch ($infos['source']['type']) { case 'filegal': if ($doRename) { $noErrors = (bool) $filegallib->replace_file_gallery($infos['dest']['infos']); } elseif ($doMove) { // Move is not needed if the rename occurred, since filegal renaming function handle the move already $noErrors = (bool) $filegallib->move_file_gallery($infos['source']['id'], $infos['dest']['parentId']); } break; case 'file': if ($doRename) { if ($prefs['fgal_use_db'] === 'n') { $newPath = md5($infos['dest']['name']); do { $newPath = md5(uniqid($newPath)); } while (file_exists($this->root . '/' . $newPath)); if (@rename($this->root . '/' . $infos['source']['infos']['path'], $this->root . '/' . $newPath) === false || @file_put_contents($this->root . '/' . $infos['source']['infos']['path'], '') === false) { $this->freeLock(); return false; } } else { $newPath = ''; } global $user; $noErrors = (bool) $filegallib->replace_file($infos['source']['id'], $infos['dest']['name'], $infos['source']['infos']['description'], $infos['dest']['name'], $infos['source']['infos']['data'], $infos['source']['infos']['filesize'], $infos['source']['infos']['filetype'], $user, $newPath, '', $filegallib->get_file_gallery_info($infos['source']['parentId']), false, $infos['source']['infos']['author'], $infos['source']['infos']['created'], $infos['source']['infos']['lockedby']); } if ($doMove && $noErrors) { $noErrors = (bool) $filegallib->set_file_gallery($infos['source']['id'], $infos['dest']['parentId']); } break; } $this->freeLock(); // Send proper response on success if ($noErrors) { $return = new ezcWebdavMoveResponse($replaced); } else { $return = new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_500); } print_debug("-- HTTP method: MOVE end --\n"); return $return; }
/** * Serves MOVE requests. * * The method receives a {@link ezcWebdavMoveRequest} objects containing * all relevant information obout the clients request and will return an * instance of {@link ezcWebdavErrorResponse} on error or {@link * ezcWebdavMoveResponse} on success. If only some operations failed, this * method may return an instance of {@link ezcWebdavMultistatusResponse}. * * @param ezcWebdavMoveRequest $request * @return ezcWebdavResponse */ public function move(ezcWebdavMoveRequest $request) { // Indicates wheather a destiantion resource has been replaced or not. // The success response code depends on this. $replaced = false; // Extract paths from request $source = $request->requestUri; $dest = $request->getHeader('Destination'); // Check authorization // Need to do this before checking of node existence is checked, to // avoid leaking information $authState = $this->recursiveAuthCheck($request, $dest, ezcWebdavAuthorizer::ACCESS_WRITE, true); if (count($authState['errors']) !== 0) { // Source permission denied return $authState['errors'][0]; } if (!ezcWebdavServer::getInstance()->isAuthorized($dest, $request->getHeader('Authorization'), ezcWebdavAuthorizer::ACCESS_WRITE)) { return $this->createUnauthorizedResponse($dest, $request->getHeader('Authorization')); } // Check if resource is available if (!$this->nodeExists($source)) { return new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_404, $source); } // If source and destination are equal, the request should always fail. if ($source === $dest) { return new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_403, $source); } // Check if destination resource exists and throw error, when // overwrite header is F if ($request->getHeader('Overwrite') === 'F' && $this->nodeExists($dest)) { return new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_412, $dest); } // Check if the destination parent directory already exists, otherwise // bail out. if (!$this->nodeExists($destDir = dirname($dest))) { return new ezcWebdavErrorResponse(ezcWebdavResponse::STATUS_409, $dest); } // Verify If-[None-]Match headers on the $source $res = $this->checkIfMatchHeadersRecursive($request, $source, ezcWebdavRequest::DEPTH_INFINITY); if ($res !== null) { return $res; } // Verify If-[None-]Match headers on the $dest if it exists if ($this->nodeExists($dest) && ($res = $this->checkIfMatchHeaders($request, $dest)) !== null) { return $res; } elseif (($res = $this->checkIfMatchHeaders($request, $destDir)) !== null) { return $res; } // The destination resource should be deleted if it exists and the // overwrite headers is T if ($request->getHeader('Overwrite') === 'T' && $this->nodeExists($dest)) { // Check sub-sequent authorization on destination $authState = $this->recursiveAuthCheck($request, $dest, ezcWebdavAuthorizer::ACCESS_WRITE, true); if (count($authState['errors']) !== 0) { // Permission denied on deleting destination return $authState['errors'][0]; } $replaced = true; if (count($delteErrors = $this->performDelete($dest)) > 0) { return new ezcWebdavMultistatusResponse($delteErrors); } } // All checks are passed, we can actuall copy now. // // MOVEd contents should always be copied using infinity depth. // // @todo: handle keepalive setting somehow - even the RFC is quite // vague how to handle them exactly. $errors = $this->performCopy($source, $dest, ezcWebdavRequest::DEPTH_INFINITY); // If an error occured we skip deletion of source. // // @IMPORTANT: This is a definition / assumption made by us, because it // is not defined in the RFC how to handle such a case. if (count($errors)) { // We need a multistatus response, because some errors occured for some // of the resources. return new ezcWebdavMultistatusResponse($errors); } // Delete the source, COPY has been successful $deletion = $this->performDelete($source); // If deletion failed, this has again been caused by the automatic // error causing facilities of the backend. Send 423 by choice. // // @todo: The error generated here should depend on the actual backend // implementation and not be generated guessing what may fit. if (count($deletion) > 0) { return new ezcWebdavMultistatusResponse($deletion); } // Send proper response on success return new ezcWebdavMoveResponse($replaced); }