<?php
// WebSVN - Subversion repository viewing via the web using PHP
// Copyright (C) 2004-2006 Tim Armes
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
//
// --
//
// dl.php
//
// Allow for file and directory downloads, creating zip/tar/gz files if needed.
require_once 'include/setup.php';
require_once 'include/svnlook.php';
require_once 'include/utils.php';
if (!defined('USE_AUTOLOADER')) {
@include_once 'Archive/Tar.php';
}
function setDirectoryTimestamp($dir, $timestamp) {
global $config;
// Changing the timestamp of a directory in Windows is only supported in PHP 5.3.0+
touch($dir, $timestamp);
if (is_dir($dir)) {
// Set timestamp for all contents, recursing into subdirectories
$handle = opendir($dir);
if ($handle) {
while (($file = readdir($handle)) !== false) {
if ($file == '.' || $file == '..') {
continue;
}
$f = $dir.DIRECTORY_SEPARATOR.$file;
if (is_dir($f)) {
setDirectoryTimestamp($f, $timestamp);
}
}
closedir($handle);
}
}
}
// Make sure that downloading the specified file/directory is permitted
if (!$rep)
{
http_response_code(404);
exit;
}
if (!$rep->isDownloadAllowed($path)) {
http_response_code(403);
error_log('Unable to download resource at path: '.$path);
print 'Unable to download resource at path: '.xml_entities($path);
exit;
}
$svnrep = new SVNRepository($rep);
// Fetch information about a revision (if unspecified, the latest) for this path
if (empty($rev))
{
$history = $svnrep->getLog($path, 'HEAD', '', true, 1, $peg);
}
else if ($rev == $peg)
{
$history = $svnrep->getLog($path, '', 1, true, 1, $peg);
}
else
{
$history = $svnrep->getLog($path, $rev, $rev - 1, true, 1, $peg);
}
$logEntry = ($history && !empty($history->entries)) ? $history->entries[0] : null;
if (!$logEntry)
{
http_response_code(404);
error_log('Unable to download resource at path: '.$path);
print 'Unable to download resource at path: '.xml_entities($path);
exit(0);
}
if (empty($rev))
{
$rev = $logEntry->rev;
}
// Create a temporary filename to be used for a directory to archive a download.
// Here we have an unavoidable but highly unlikely to occur race condition.
$tempDir = tempnamWithCheck($config->getTempDir(), 'websvn');
@unlink($tempDir);
mkdir($tempDir);
// Create the name of the directory being archived
$archiveName = $path;
$isDir = (substr($archiveName, -1) == '/');
if ($isDir)
{
$archiveName = substr($archiveName, 0, -1);
}
$archiveName = basename($archiveName);
if ($archiveName == '')
{
$archiveName = $rep->name;
}
$plainfilename = $archiveName;
$archiveName .= '.r'.$rev;
// Export the requested path from SVN repository to the temp directory
$svnExportResult = $svnrep->exportRepositoryPath($path, $tempDir.DIRECTORY_SEPARATOR.$archiveName, $rev, $peg);
if ($svnExportResult != 0)
{
http_response_code(500);
error_log('svn export failed for: '.$archiveName);
print 'svn export failed for "'.xml_entities($archiveName).'".';
removeDirectory($tempDir);
exit(0);
}
// For security reasons, disallow direct downloads of filenames that
// are a symlink, since they may be a symlink to anywhere (/etc/passwd)
// Deciding whether the symlink is relative and legal within the
// repository would be nice but seems to error prone at this moment.
if ( is_link($tempDir.DIRECTORY_SEPARATOR.$archiveName) )
{
http_response_code(500);
error_log('to be downloaded file is symlink, aborting: '.$archiveName);
print 'Download of symlinks disallowed: "'.xml_entities($archiveName).'".';
removeDirectory($tempDir);
exit(0);
}
// Set timestamp of exported directory (and subdirectories) to timestamp of
// the revision so every archive of a given revision has the same timestamp.
$revDate = $logEntry->date;
$timestamp = mktime(substr($revDate, 11, 2), // hour
substr($revDate, 14, 2), // minute
substr($revDate, 17, 2), // second
substr($revDate, 5, 2), // month
substr($revDate, 8, 2), // day
substr($revDate, 0, 4)); // year
setDirectoryTimestamp($tempDir, $timestamp);
// Change to temp directory so that only relative paths are stored in archive.
$oldcwd = getcwd();
chdir($tempDir);
if ($isDir)
{
$downloadMode = $config->getDefaultDirectoryDlMode();
}
else
{
$downloadMode = $config->getDefaultFileDlMode();
}
// $_REQUEST parameter can override dlmode
if (!empty($_REQUEST['dlmode']))
{
$downloadMode = $_REQUEST['dlmode'];
if (substr($logEntry->path, -1) == '/')
{
if (!in_array($downloadMode, $config->validDirectoryDlModes))
{
$downloadMode = $config->getDefaultDirectoryDlMode();
}
}
else
{
if (!in_array($downloadMode, $config->validFileDlModes))
{
$downloadMode = $config->getDefaultFileDlMode();
}
}
}
$downloadArchive = $archiveName;
if ($downloadMode == 'plain')
{
$downloadMimeType = 'application/octet-stream';
}
else if ($downloadMode == 'zip')
{
$downloadMimeType = 'application/zip';
$downloadArchive .= '.zip';
// Create zip file
$cmd = $config->zip.' --symlinks -r '.quote($downloadArchive).' '.quote($archiveName);
execCommand($cmd, $retcode);
if ($retcode != 0)
{
error_log('Unable to call zip command: '.$cmd);
print 'Unable to call zip command. See webserver error log for details.';
}
}
else
{
$downloadMimeType = 'application/gzip';
$downloadArchive .= '.tar.gz';
$tarArchive = $archiveName.'.tar';
// Create the tar file
$retcode = 0;
if (class_exists('Archive_Tar'))
{
$tar = new Archive_Tar($tarArchive);
$created = $tar->create(array($archiveName));
if (!$created)
{
$retcode = 1;
http_response_code(500);
print 'Unable to create tar archive.';
}
}
else
{
$cmd = $config->tar.' -cf '.quote($tarArchive).' '.quote($archiveName);
execCommand($cmd, $retcode);
if ($retcode != 0)
{
http_response_code(500);
error_log('Unable to call tar command: '.$cmd);
print 'Unable to call tar command. See webserver error log for details.';
}
}
if ($retcode != 0)
{
chdir($oldcwd);
removeDirectory($tempDir);
exit(0);
}
// Set timestamp of tar file to timestamp of revision
touch($tarArchive, $timestamp);
// GZIP it up
if (function_exists('gzopen'))
{
$srcHandle = fopen($tarArchive, 'rb');
$dstHandle = gzopen($downloadArchive, 'wb');
if (!$srcHandle || !$dstHandle)
{
http_response_code(500);
print 'Unable to open file for gz-compression.';
chdir($oldcwd);
removeDirectory($tempDir);
exit(0);
}
while (!feof($srcHandle))
{
gzwrite($dstHandle, fread($srcHandle, 1024 * 512));
}
fclose($srcHandle);
gzclose($dstHandle);
}
else
{
$cmd = $config->gzip.' '.quote($tarArchive);
$retcode = 0;
execCommand($cmd, $retcode);
if ($retcode != 0)
{
http_response_code(500);
error_log('Unable to call gzip command: '.$cmd);
print 'Unable to call gzip command. See webserver error log for details.';
chdir($oldcwd);
removeDirectory($tempDir);
exit(0);
}
}
}
// Give the file to the browser
if (is_readable($downloadArchive))
{
if ($downloadMode == 'plain')
{
$downloadFilename = $plainfilename;
}
else
{
$downloadFilename = $rep->name.'-'.$downloadArchive;
}
header('Content-Type: '.$downloadMimeType);
header('Content-Length: '.filesize($downloadArchive));
header("Content-Disposition: attachment; filename*=UTF-8''".rawurlencode($downloadFilename));
readfile($downloadArchive);
}
else
{
http_response_code(404);
print 'Unable to open file: '.xml_entities($downloadArchive);
}
chdir($oldcwd);
removeDirectory($tempDir);