/** * Handles POST requests for tree operations not handled in the SabreDAV parent clas * * @param RequestInterface $request * @param ResponseInterface $response * @return bool */ public function httpPOSTExtra(RequestInterface $request, ResponseInterface $response) { $contentType = $request->getHeader('Content-Type'); list($contentType) = explode(';', $contentType); if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') { return; } $postVars = $request->getPostData(); if (!isset($postVars['sabreActionExtra'])) { return; } $uri = $request->getPath(); switch ($postVars['sabreActionExtra']) { case 'del': if (isset($postVars['path'])) { // Using basename() because we won't allow slashes list(, $Name) = \Sabre\HTTP\URLUtil::splitPath(trim($postVars['path'])); if (!empty($Name) && $this->config->browserplugin_enable_delete === true) { $this->server->tree->delete($uri . '/' . $Name); } } break; } $response->setHeader('Location', $request->getUrl()); $response->setStatus(302); return false; }
/** * Handles POST requests for tree operations. * * @param RequestInterface $request * @param ResponseInterface $response * @return bool */ function httpPOST(RequestInterface $request, ResponseInterface $response) { $contentType = $request->getHeader('Content-Type'); list($contentType) = explode(';', $contentType); if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') { return; } $postVars = $request->getPostData(); if (!isset($postVars['sabreAction'])) { return; } $uri = $request->getPath(); if ($this->server->emit('onBrowserPostAction', [$uri, $postVars['sabreAction'], $postVars])) { switch ($postVars['sabreAction']) { case 'mkcol': if (isset($postVars['name']) && trim($postVars['name'])) { // Using basename() because we won't allow slashes list(, $folderName) = URLUtil::splitPath(trim($postVars['name'])); if (isset($postVars['resourceType'])) { $resourceType = explode(',', $postVars['resourceType']); } else { $resourceType = ['{DAV:}collection']; } $properties = []; foreach ($postVars as $varName => $varValue) { // Any _POST variable in clark notation is treated // like a property. if ($varName[0] === '{') { // PHP will convert any dots to underscores. // This leaves us with no way to differentiate // the two. // Therefore we replace the string *DOT* with a // real dot. * is not allowed in uris so we // should be good. $varName = str_replace('*DOT*', '.', $varName); $properties[$varName] = $varValue; } } $mkCol = new MkCol($resourceType, $properties); $this->server->createCollection($uri . '/' . $folderName, $mkCol); } break; // @codeCoverageIgnoreStart // @codeCoverageIgnoreStart case 'put': if ($_FILES) { $file = current($_FILES); } else { break; } list(, $newName) = URLUtil::splitPath(trim($file['name'])); if (isset($postVars['name']) && trim($postVars['name'])) { $newName = trim($postVars['name']); } // Making sure we only have a 'basename' component list(, $newName) = URLUtil::splitPath($newName); if (is_uploaded_file($file['tmp_name'])) { $this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'], 'r')); } break; // @codeCoverageIgnoreEnd } } $response->setHeader('Location', $request->getUrl()); $response->setStatus(302); return false; }
/** * Handles POST requests for tree operations. * * @param RequestInterface $request * @param ResponseInterface $response * @return bool */ function httpPOST(RequestInterface $request, ResponseInterface $response) { $contentType = $request->getHeader('Content-Type'); list($contentType) = explode(';', $contentType); if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') { return; } $postVars = $request->getPostData(); if (!isset($postVars['sabreAction'])) { return; } $uri = $request->getPath(); if ($this->server->emit('onBrowserPostAction', [$uri, $postVars['sabreAction'], $postVars])) { switch ($postVars['sabreAction']) { case 'mkcol': if (isset($postVars['name']) && trim($postVars['name'])) { // Using basename() because we won't allow slashes list(, $folderName) = URLUtil::splitPath(trim($postVars['name'])); $this->server->createDirectory($uri . '/' . $folderName); } break; // @codeCoverageIgnoreStart // @codeCoverageIgnoreStart case 'put': if ($_FILES) { $file = current($_FILES); } else { break; } list(, $newName) = URLUtil::splitPath(trim($file['name'])); if (isset($postVars['name']) && trim($postVars['name'])) { $newName = trim($postVars['name']); } // Making sure we only have a 'basename' component list(, $newName) = URLUtil::splitPath($newName); if (is_uploaded_file($file['tmp_name'])) { $this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'], 'r')); } break; // @codeCoverageIgnoreEnd } } $response->setHeader('Location', $request->getUrl()); $response->setStatus(302); return false; }