function getDav() { global $gbl, $sgbl, $login, $ghtml; $string = null; $bdir = "/home/httpd/{$this->main->nname}/__webdav"; lxfile_mkdir($bdir); foreach ($this->main->__var_davuser as $k => $v) { $file = get_file_from_path($k); $file = "{$bdir}/{$file}"; $string .= "\t<Location {$k}>\n"; $string .= "\t\tDAV On\n"; $string .= "\t\tAuthType Basic\n"; $string .= "\t\tAuthName \"WebDAV Restricted\"\n"; $string .= "\t\tAuthUserFile {$file}\n"; $string .= "\t\t<Limit HEAD GET POST OPTIONS PROPFIND>\n"; $string .= "\t\t\tAllow from all\n"; $string .= "\t\t</Limit>\n"; $string .= "\t\t<Limit MKCOL PUT DELETE LOCK UNLOCK COPY MOVE PROPPATCH>\n"; $string .= "\t\t\tallow from all\n"; $string .= "\t\t</Limit>\n"; $string .= "\t\tRequire valid-user\n"; $string .= "\t</Location>\n\n"; } return $string; }
function getDav() { global $gbl, $sgbl, $login, $ghtml; $string = null; $bdir = "/home/httpd/{$this->main->nname}/__webdav"; lxfile_mkdir($bdir); foreach ($this->main->__var_davuser as $k => $v) { $file = get_file_from_path($k); $dbf = "/tmp/{$file}.db"; $file = "{$bdir}/{$file}"; lxfile_touch($file); $string .= "\$HTTP[\"url\"] =~ \"^{$k}(\$|/)\" {\n"; $string .= "webdav.activate = \"enable\"\n"; $string .= "webdav.is-readonly = \"disable\"\n"; $string .= "auth.backend = \"htpasswd\"\n"; $string .= "auth.backend.htpasswd.userfile = \"{$file}\"\n"; $string .= "webdav.sqlite-db-name = \"{$dbf}\"\n"; $string .= "auth.require = ( \"\" => ( \"method\" => \"basic\",\n"; $string .= "\"realm\" => \"webdav\",\n"; $string .= "\"require\" => \"valid-user\" ) )\n"; $string .= "}\n"; } return $string; }
function createHtpasswordFile($object, $sdir, $list) { $dir = "__path_httpd_root/{$object->main->getParentName()}/{$sdir}/"; $loc = $object->main->directory; $file = get_file_from_path($loc); $dirfile = "{$dir}/{$file}"; if (!lxfile_exists($dir)) { lxfile_mkdir($dir); lxfile_unix_chown($dir, $object->main->__var_username); } $fstr = null; foreach ($list as $k => $p) { $cr = crypt($p); $fstr .= "{$k}:{$cr}\n"; } dprint($fstr); lfile_write_content($dirfile, $fstr, $object->main->__var_username); lxfile_unix_chmod($dirfile, "0755"); }
check_status(ACCESS_GUEST); function do_error($code, $str) { error_log($code . ' ' . $str . ' ' . filter_input(INPUT_SERVER, 'REMOTE_ADDR')); set_status_header($code); echo $str; exit; } function get_file_from_path($path) { $match = []; \preg_match('/\\d{4}\\/\\d{2}\\/\\d{2}\\/(pwg_representative\\/)?(\\d{14}-[0-9a-f]{8})/', $path, $match); return isset($match[1]) ? $match[1] : null; } $path = filter_input(INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_URL); $file_part = get_file_from_path($path); if (!$file_part) { do_error(400, 'Invalid request - path'); } $query = 'SELECT * FROM ' . IMAGES_TABLE . ' WHERE path LIKE \'%' . pwg_db_real_escape_string($file_part) . '%\' LIMIT 1;'; $element_info = pwg_db_fetch_assoc(pwg_query($query)); if (empty($element_info)) { //make sure reply is the same for forbidden and nonexisiting files do_error(401, 'Access denied'); } // $filter['visible_categories'] and $filter['visible_images'] // are not used because it's not necessary (filter <> restriction) $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' ON category_id = id