picodav/server.php
2022-11-14 22:53:15 +01:00

1792 lines
48 KiB
PHP

<?php
namespace KD2\WebDAV
{
/*
This file is part of KD2FW -- <https://kd2.org/>
Copyright (c) 2001-2022+ BohwaZ <https://bohwaz.net/>
All rights reserved.
KD2FW is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
KD2FW is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with KD2FW. If not, see <https://www.gnu.org/licenses/>.
*/
class Exception extends \RuntimeException {}
/**
* This is a minimal, lightweight, and self-supported WebDAV server
* it does not require anything out of standard PHP, not even an XML library.
* This makes it more secure by design, and also faster and lighter.
*
* - supports PROPFIND custom properties
* - supports HTTP ranges for GET requests
* - supports GZIP encoding for GET
*
* You have to extend the AbstractStorage class and implement all the abstract methods to
* get a class-1 and 2 compliant server.
*
* By default, locking is simulated: nothing is really locked, like
* in https://docs.rs/webdav-handler/0.2.0/webdav_handler/fakels/index.html
*
* You also have to implement the actual storage of properties for
* PROPPATCH requests, by extending the 'setProperties' method.
* But it's not required for WebDAV file storage, only for CardDAV/CalDAV.
*
* Differences with SabreDAV and RFC:
* - If-Match, If-Range are not implemented
*
* @author BohwaZ <https://bohwaz.net/>
*/
class Server
{
// List of basic DAV properties that you should return if $requested_properties is NULL
const BASIC_PROPERTIES = [
'DAV::resourcetype', // should be empty for files, and 'collection' for directories
'DAV::getcontenttype', // MIME type
'DAV::getlastmodified', // File modification date (must be \DateTimeInterface)
'DAV::getcontentlength', // file size
'DAV::displayname', // File name for display
];
const EXTENDED_PROPERTIES = [
'DAV::getetag',
'DAV::creationdate',
'DAV::lastaccessed',
'DAV::ishidden', // Microsoft thingy
'DAV::quota-used-bytes',
'DAV::quota-available-bytes',
];
// Custom properties
/**
* File MD5 hash
* Your implementation should return the hexadecimal encoded MD5 hash of the file
*/
const PROP_DIGEST_MD5 = 'urn:karadav:digest_md5';
/**
* Empty value if you want to have the property found and empty, return this constant
*/
const EMPTY_PROP_VALUE = 'DAV::empty';
const SHARED_LOCK = 'shared';
const EXCLUSIVE_LOCK = 'exclusive';
/**
* Base server URI (eg. "/index.php/webdav/")
*/
protected string $base_uri;
/**
* Original URI passed to route() before trim
*/
public string $original_uri;
protected AbstractStorage $storage;
public function setStorage(AbstractStorage $storage)
{
$this->storage = $storage;
}
public function getStorage(): AbstractStorage
{
return $this->storage;
}
public function setBaseURI(string $uri): void
{
$this->base_uri = rtrim($uri, '/') . '/';
}
protected function html_directory(string $uri, iterable $list): ?string
{
// Not a file: let's serve a directory listing if you are browsing with a web browser
if (substr($this->original_uri, -1) != '/') {
http_response_code(301);
header(sprintf('Location: /%s/', trim($this->base_uri . $uri, '/')), true);
return null;
}
$out = sprintf('<!DOCTYPE html><html data-webdav-url="%s"><head><meta name="viewport" content="width=device-width, initial-scale=1.0, target-densitydpi=device-dpi" /><style>
body { font-size: 1.1em; font-family: Arial, Helvetica, sans-serif; }
table { border-collapse: collapse; }
th, td { padding: .5em; text-align: left; border: 2px solid #ccc; }
span { font-size: 40px; line-height: 40px; }
</style>', '/' . ltrim($this->base_uri, '/'));
$out .= sprintf('<title>%s</title></head><body><h1>%1$s</h1><table>', htmlspecialchars($uri ? str_replace('/', ' / ', $uri) . ' - Files' : 'Files'));
if (trim($uri)) {
$out .= '<tr><th colspan=3><a href="../"><b>Back</b></a></th></tr>';
}
$props = null;
foreach ($list as $file => $props) {
if (null === $props) {
$props = $this->storage->properties(trim($uri . '/' . $file, '/'), self::BASIC_PROPERTIES, 0);
}
$collection = !empty($props['DAV::resourcetype']) && $props['DAV::resourcetype'] == 'collection';
if ($collection) {
$out .= sprintf('<tr><td>[DIR]</td><th><a href="%s/"><b>%s</b></a></th></tr>', rawurlencode($file), htmlspecialchars($file));
}
else {
$size = $props['DAV::getcontentlength'];
if ($size > 1024*1024) {
$size = sprintf('%d MB', $size / 1024 / 1024);
}
elseif ($size) {
$size = sprintf('%d KB', $size / 1024);
}
$date = $props['DAV::getlastmodified'];
if ($date instanceof \DateTimeInterface) {
$date = $date->format('d/m/Y H:i');
}
$out .= sprintf('<tr><td></td><th><a href="%s">%s</a></th><td>%s</td><td>%s</td></tr>',
rawurlencode($file),
htmlspecialchars($file),
$size,
$date
);
}
}
$out .= '</table>';
if (null === $props) {
$out .= '<p>This directory is empty.</p>';
}
$out .= '</body></html>';
return $out;
}
public function http_delete(string $uri): ?string
{
// check RFC 2518 Section 9.2, last paragraph
if (isset($_SERVER['HTTP_DEPTH']) && $_SERVER['HTTP_DEPTH'] != 'infinity') {
throw new Exception('We can only delete to infinity', 400);
}
$this->checkLock($uri);
$this->storage->delete($uri);
if ($token = $this->getLockToken()) {
$this->storage->unlock($uri, $token);
}
http_response_code(204);
header('Content-Length: 0', true);
return null;
}
public function http_put(string $uri): ?string
{
if (!empty($_SERVER['HTTP_CONTENT_TYPE']) && !strncmp($_SERVER['HTTP_CONTENT_TYPE'], 'multipart/', 10)) {
throw new Exception('Multipart PUT requests are not supported', 501);
}
if (!empty($_SERVER['HTTP_CONTENT_ENCODING'])) {
if (false !== strpos($_SERVER['HTTP_CONTENT_ENCODING'], 'gzip')) {
// Might be supported later?
throw new Exception('Content Encoding is not supported', 501);
}
else {
throw new Exception('Content Encoding is not supported', 501);
}
}
if (!empty($_SERVER['HTTP_CONTENT_RANGE'])) {
throw new Exception('Content Range is not supported', 501);
}
// See SabreDAV CorePlugin for reason why OS/X Finder is buggy
if (isset($_SERVER['HTTP_X_EXPECTED_ENTITY_LENGTH'])) {
throw new Exception('This server is not compatible with OS/X finder. Consider using a different WebDAV client or webserver.', 403);
}
$hash = null;
// Support for checksum matching
// https://dcache.org/old/manuals/UserGuide-6.0/webdav.shtml#checksums
if (!empty($_SERVER['HTTP_CONTENT_MD5'])) {
$hash = bin2hex(base64_decode($_SERVER['HTTP_CONTENT_MD5']));
}
$this->checkLock($uri);
if (!empty($_SERVER['HTTP_IF_MATCH'])) {
$etag = trim($_SERVER['HTTP_IF_MATCH'], '" ');
$prop = $this->storage->properties($uri, ['DAV::getetag'], 0);
if (!empty($prop['DAV::getetag']) && $prop['DAV::getetag'] != $etag) {
throw new Exception('ETag did not match condition', 412);
}
}
// Specific to NextCloud/ownCloud
$mtime = (int)($_SERVER['HTTP_X_OC_MTIME'] ?? 0) ?: null;
if ($mtime) {
header('X-OC-MTime: accepted');
}
$created = $this->storage->put($uri, fopen('php://input', 'r'), $hash, $mtime);
$prop = $this->storage->properties($uri, ['DAV::getetag'], 0);
if (!empty($prop['DAV::getetag'])) {
$value = $prop['DAV::getetag'];
if (substr($value, 0, 1) != '"') {
$value = '"' . $value . '"';
}
header(sprintf('ETag: %s', $value));
}
http_response_code($created ? 201 : 204);
return null;
}
public function http_head(string $uri, array &$props = []): ?string
{
$requested_props = self::BASIC_PROPERTIES;
$requested_props[] = 'DAV::getetag';
// RFC 3230 https://www.rfc-editor.org/rfc/rfc3230.html
if (!empty($_SERVER['HTTP_WANT_DIGEST'])) {
$requested_props[] = self::PROP_DIGEST_MD5;
}
$props = $this->storage->properties($uri, $requested_props, 0);
if (!$props) {
throw new Exception('Resource Not Found', 404);
}
http_response_code(200);
if (isset($props['DAV::getlastmodified'])
&& $props['DAV::getlastmodified'] instanceof \DateTimeInterface) {
header(sprintf('Last-Modified: %s', $props['DAV::getlastmodified']->format(\DATE_RFC7231)));
}
if (!empty($props['DAV::getetag'])) {
$value = $props['DAV::getetag'];
if (substr($value, 0, 1) != '"') {
$value = '"' . $value . '"';
}
header(sprintf('ETag: %s', $value));
}
if (empty($props['DAV::resourcetype']) || $props['DAV::resourcetype'] != 'collection') {
if (!empty($props['DAV::getcontenttype'])) {
header(sprintf('Content-Type: %s', $props['DAV::getcontenttype']));
}
if (!empty($props['DAV::getcontentlength'])) {
header(sprintf('Content-Length: %d', $props['DAV::getcontentlength']));
header('Accept-Ranges: bytes');
}
}
if (!empty($props[self::PROP_DIGEST_MD5])) {
header(sprintf('Digest: md5=%s', base64_encode(hex2bin($props[self::PROP_DIGEST_MD5]))));
}
return null;
}
public function http_get(string $uri): ?string
{
$props = [];
$this->http_head($uri, $props);
$is_collection = !empty($props['DAV::resourcetype']) && $props['DAV::resourcetype'] == 'collection';
$out = '';
if ($is_collection) {
$list = $this->storage->list($uri, self::BASIC_PROPERTIES);
if (!isset($_SERVER['HTTP_ACCEPT']) || false === strpos($_SERVER['HTTP_ACCEPT'], 'html')) {
$list = is_array($list) ? $list : iterator_to_array($list);
if (!count($list)) {
return "Nothing in this collection\n";
}
return implode("\n", array_keys($list));
}
header('Content-Type: text/html; charset=utf-8', true);
return $this->html_directory($uri, $list);
}
$file = $this->storage->get($uri);
if (!$file) {
throw new Exception('File Not Found', 404);
}
// If the file was returned to the client by the storage backend, stop here
if (!empty($file['stop'])) {
return null;
}
if (!isset($file['content']) && !isset($file['resource']) && !isset($file['path'])) {
throw new \RuntimeException('Invalid file array returned by ::get()');
}
$length = $start = $end = null;
$gzip = false;
if (isset($_SERVER['HTTP_RANGE'])
&& preg_match('/^bytes=(\d*)-(\d*)$/i', $_SERVER['HTTP_RANGE'], $match)
&& $match[1] . $match[2] !== '') {
$start = $match[1] === '' ? null : (int) $match[1];
$end = $match[2] === '' ? null : (int) $match[2];
if (null !== $start && $start < 0) {
throw new Exception('Start range cannot be satisfied', 416);
}
if (isset($props['DAV::getcontentlength']) && $start > $props['DAV::getcontentlength']) {
throw new Exception('End range cannot be satisfied', 416);
}
$this->log('HTTP Range requested: %s-%s', $start, $end);
}
elseif (isset($_SERVER['HTTP_ACCEPT_ENCODING'])
&& false !== strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')
// Don't compress already compressed content
&& !preg_match('/\.(?:mp4|m4a|zip|docx|xlsx|ods|odt|odp|7z|gz|bz2|rar|webm|ogg|mp3|ogm|flac|ogv|mkv|avi)$/i', $uri)) {
$gzip = true;
header('Content-Encoding: gzip', true);
}
// Try to avoid common issues with output buffering and stuff
if (function_exists('apache_setenv'))
{
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
if (@ob_get_length()) {
@ob_clean();
}
if (isset($file['content'])) {
$length = strlen($file['content']);
if ($start || $end) {
if (null !== $end && $end > $length) {
header('Content-Range: bytes */' . $length, true);
throw new Exception('End range cannot be satisfied', 416);
}
if ($start === null) {
$start = $length - $end;
$end = $start + $end;
}
elseif ($end === null) {
$end = $length;
}
http_response_code(206);
header(sprintf('Content-Range: bytes %s-%s/%s', $start, $end - 1, $length));
$file['content'] = substr($file['content'], $start, $end - $start);
$length = $end - $start;
}
if ($gzip) {
$file['content'] = gzencode($file['content'], 9);
$length = strlen($file['content']);
}
header('Content-Length: ' . $length, true);
echo $file['content'];
return null;
}
if (isset($file['path'])) {
$file['resource'] = fopen($file['path'], 'rb');
}
$seek = fseek($file['resource'], 0, SEEK_END);
if ($seek === 0) {
$length = ftell($file['resource']);
fseek($file['resource'], 0, SEEK_SET);
}
if (($start || $end) && $seek === 0) {
if (null !== $end && $end > $length) {
header('Content-Range: bytes */' . $length, true);
throw new Exception('End range cannot be satisfied', 416);
}
if ($start === null) {
$start = $length - $end;
$end = $start + $end;
}
elseif ($end === null) {
$end = $length;
}
fseek($file['resource'], $start, SEEK_SET);
http_response_code(206);
header(sprintf('Content-Range: bytes %s-%s/%s', $start, $end - 1, $length), true);
$length = $end - $start;
$end -= $start;
}
elseif (null === $length && isset($file['path'])) {
$end = $length = filesize($file['path']);
}
if ($gzip) {
$this->log('Using gzip output compression');
$gzip = deflate_init(ZLIB_ENCODING_GZIP, ['level' => 9]);
$fp = fopen('php://memory', 'wb');
while (!feof($file['resource'])) {
fwrite($fp, deflate_add($gzip, fread($file['resource'], 8192), ZLIB_NO_FLUSH));
}
fwrite($fp, deflate_add($gzip, '', ZLIB_FINISH));
$length = ftell($fp);
rewind($fp);
fclose($file['resource']);
$file['resource'] = $fp;
unset($fp);
}
if (null !== $length) {
$this->log('Length: %s', $length);
header('Content-Length: ' . $length, true);
}
while (!feof($file['resource']) && ($end === null || $end > 0)) {
$l = $end !== null ? min(8192, $end) : 8192;
echo fread($file['resource'], $l);
flush();
if (null !== $end) {
$end -= 8192;
}
}
fclose($file['resource']);
return null;
}
public function http_copy(string $uri): ?string
{
return $this->_http_copymove($uri, 'copy');
}
public function http_move(string $uri): ?string
{
return $this->_http_copymove($uri, 'move');
}
protected function _http_copymove(string $uri, string $method): ?string
{
$destination = $_SERVER['HTTP_DESTINATION'] ?? null;
$depth = $_SERVER['HTTP_DEPTH'] ?? 1;
if (!$destination) {
throw new Exception('Destination not supplied', 400);
}
$destination = $this->getURI($destination);
if (trim($destination, '/') == trim($uri, '/')) {
throw new Exception('Cannot move file to itself', 403);
}
$overwrite = ($_SERVER['HTTP_OVERWRITE'] ?? null) == 'T';
// Dolphin is removing the file name when moving to root directory
if (empty($destination)) {
$destination = basename($uri);
}
$this->log('<= Destination: %s', $destination);
$this->log('<= Overwrite: %s (%s)', $overwrite ? 'Yes' : 'No', $_SERVER['HTTP_OVERWRITE'] ?? null);
if (!$overwrite && $this->storage->exists($destination)) {
throw new Exception('File already exists and overwriting is disabled', 412);
}
if ($method == 'move') {
$this->checkLock($uri);
}
$this->checkLock($destination);
// Moving/copy of directory to an existing destination and depth=0
// should do just nothing, see 'depth_zero_copy' test in litmus
if ($depth == 0
&& $this->storage->exists($destination)
&& current($this->storage->properties($destination, ['DAV::resourcetype'], 0)) == 'collection') {
$overwritten = $this->storage->exists($uri);
}
else {
$overwritten = $this->storage->$method($uri, $destination);
}
if ($method == 'move' && ($token = $this->getLockToken())) {
$this->storage->unlock($uri, $token);
}
http_response_code($overwritten ? 204 : 201);
return null;
}
public function http_mkcol(string $uri): ?string
{
if (!empty($_SERVER['CONTENT_LENGTH'])) {
throw new Exception('Unsupported body for MKCOL', 415);
}
$this->storage->mkcol($uri);
http_response_code(201);
return null;
}
/**
* Return a list of requested properties, if any.
* We are using regexp as we don't want to depend on a XML module here.
* Your are free to re-implement this using a XML parser if you wish
*/
protected function extractRequestedProperties(string $body): ?array
{
// We only care about properties if the client asked for it
// If not, we consider that the client just requested to get everything
if (!preg_match('!<(?:\w+:)?propfind!', $body)) {
return null;
}
$ns = [];
$dav_ns = null;
$default_ns = null;
if (preg_match('/<propfind[^>]+xmlns="DAV:"/', $body)) {
$default_ns = 'DAV:';
}
preg_match_all('!xmlns:(\w+)\s*=\s*"([^"]+)"!', $body, $match, PREG_SET_ORDER);
// Find all aliased xmlns
foreach ($match as $found) {
$ns[$found[2]] = $found[1];
}
if (isset($ns['DAV:'])) {
$dav_ns = $ns['DAV:'] . ':';
}
$regexp = '/<(' . $dav_ns . 'prop(?!find))[^>]*?>(.*?)<\/\1\s*>/s';
if (!preg_match($regexp, $body, $match)) {
return null;
}
// Find all properties
// Allow for empty namespace, see Litmus FAQ for propnullns
// https://github.com/tolsen/litmus/blob/master/FAQ
preg_match_all('!<([\w-]+)[^>]*xmlns="([^"]*)"|<(?:([\w-]+):)?([\w-]+)!', $match[2], $match, PREG_SET_ORDER);
$properties = [];
foreach ($match as $found) {
if (isset($found[4])) {
$url = array_search($found[3], $ns) ?: $default_ns;
$name = $found[4];
}
else {
$url = $found[2];
$name = $found[1];
}
$properties[$url . ':' . $name] = [
'name' => $name,
'ns_alias' => $found[3] ?? null,
'ns_url' => $url,
];
}
return $properties;
}
public function http_propfind(string $uri): ?string
{
// We only support depth of 0 and 1
$depth = isset($_SERVER['HTTP_DEPTH']) && empty($_SERVER['HTTP_DEPTH']) ? 0 : 1;
$body = file_get_contents('php://input');
if (false !== strpos($body, '<!DOCTYPE ')) {
throw new Exception('Invalid XML', 400);
}
$this->log('Requested depth: %s', $depth);
// We don't really care about having a correct XML string,
// but we can get better WebDAV compliance if we do
if (isset($_SERVER['HTTP_X_LITMUS'])) {
if (false !== strpos($body, '<!DOCTYPE ')) {
throw new Exception('Invalid XML', 400);
}
$xml = @simplexml_load_string($body);
if ($e = libxml_get_last_error()) {
throw new Exception('Invalid XML', 400);
}
}
$requested = $this->extractRequestedProperties($body);
$requested_keys = $requested ? array_keys($requested) : null;
// Find root element properties
$properties = $this->storage->properties($uri, $requested_keys, $depth);
if (null === $properties) {
throw new Exception('This does not exist', 404);
}
$items = [$uri => $properties];
if ($depth) {
foreach ($this->storage->list($uri, $requested) as $file => $properties) {
$path = trim($uri . '/' . $file, '/');
$properties = $properties ?? $this->storage->properties($path, $requested_keys, 0);
if (!$properties) {
$this->log('!!! Cannot find "%s"', $path);
continue;
}
$items[$path] = $properties;
}
}
// http_response_code doesn't know the 207 status code
header('HTTP/1.1 207 Multi-Status', true);
$this->dav_header();
header('Content-Type: application/xml; charset=utf-8');
$root_namespaces = [
'DAV:' => 'd',
// Microsoft Clients need this special namespace for date and time values (from PEAR/WebDAV)
'urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/' => 'ns0',
];
$i = 0;
$requested ??= [];
foreach ($requested as $prop) {
if ($prop['ns_url'] == 'DAV:' || !$prop['ns_url']) {
continue;
}
if (!array_key_exists($prop['ns_url'], $root_namespaces)) {
$root_namespaces[$prop['ns_url']] = $prop['ns_alias'] ?: 'rns' . $i++;
}
}
foreach ($items as $properties) {
foreach ($properties as $name => $value) {
$pos = strrpos($name, ':');
$ns = substr($name, 0, strrpos($name, ':'));
// NULL namespace, see Litmus FAQ for propnullns
if (!$ns) {
continue;
}
if (!array_key_exists($ns, $root_namespaces)) {
$root_namespaces[$ns] = 'rns' . $i++;
}
}
}
$out = '<?xml version="1.0" encoding="utf-8"?>';
$out .= '<d:multistatus';
foreach ($root_namespaces as $url => $alias) {
$out .= sprintf(' xmlns:%s="%s"', $alias, $url);
}
$out .= '>';
foreach ($items as $uri => $item) {
$e = '<d:response>';
$path = '/' . str_replace('%2F', '/', rawurlencode(trim($this->base_uri . $uri, '/')));
if (($item['DAV::resourcetype'] ?? null) == 'collection') {
$path .= '/';
}
$e .= sprintf('<d:href>%s</d:href>', htmlspecialchars($path, ENT_XML1));
$e .= '<d:propstat><d:prop>';
foreach ($item as $name => $value) {
if (null === $value) {
continue;
}
$pos = strrpos($name, ':');
$ns = substr($name, 0, strrpos($name, ':'));
$tag_name = substr($name, strrpos($name, ':') + 1);
$alias = $root_namespaces[$ns] ?? null;
$attributes = '';
// The ownCloud Android app doesn't like formatted dates, it makes it crash.
// so force it to have a timestamp
if ($name == 'DAV::creationdate'
&& ($value instanceof \DateTimeInterface)
&& false !== stripos($_SERVER['HTTP_USER_AGENT'] ?? '', 'owncloud')) {
$value = $value->getTimestamp();
}
// ownCloud app crashes if mimetype is provided for a directory
// https://github.com/owncloud/android/issues/3768
elseif ($name == 'DAV::getcontenttype'
&& ($item['DAV::resourcetype'] ?? null) == 'collection') {
$value = null;
}
if ($name == 'DAV::resourcetype' && $value == 'collection') {
$value = '<d:collection />';
}
elseif ($name == 'DAV::getetag' && strlen($value) && $value[0] != '"') {
$value = '"' . $value . '"';
}
elseif ($value instanceof \DateTimeInterface) {
// Change value to GMT
$value = clone $value;
$value->setTimezone(new \DateTimeZone('GMT'));
$value = $value->format(DATE_RFC7231);
}
elseif (is_array($value)) {
$attributes = $value['attributes'] ?? '';
$value = $value['xml'] ?? null;
}
else {
$value = htmlspecialchars($value, ENT_XML1);
}
// NULL namespace, see Litmus FAQ for propnullns
if (!$ns) {
$attributes .= ' xmlns=""';
}
else {
$tag_name = $alias . ':' . $tag_name;
}
if (null === $value || self::EMPTY_PROP_VALUE === $value) {
$e .= sprintf('<%s%s />', $tag_name, $attributes ? ' ' . $attributes : '');
}
else {
$e .= sprintf('<%s%s>%s</%1$s>', $tag_name, $attributes ? ' ' . $attributes : '', $value);
}
}
$e .= '</d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat>' . "\n";
// Append missing properties
if (!empty($requested)) {
$missing_properties = array_diff($requested_keys, array_keys($item));
if (count($missing_properties)) {
$e .= '<d:propstat><d:prop>';
foreach ($missing_properties as $name) {
$pos = strrpos($name, ':');
$ns = substr($name, 0, strrpos($name, ':'));
$name = substr($name, strrpos($name, ':') + 1);
$alias = $root_namespaces[$ns] ?? null;
// NULL namespace, see Litmus FAQ for propnullns
if (!$alias) {
$e .= sprintf('<%s xmlns="" />', $name);
}
else {
$e .= sprintf('<%s:%s />', $alias, $name);
}
}
$e .= '</d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat>';
}
}
$e .= '</d:response>' . "\n";
$out .= $e;
}
$out .= '</d:multistatus>';
return $out;
}
static public function parsePropPatch(string $body): array
{
if (false !== strpos($body, '<!DOCTYPE ')) {
throw new Exception('Invalid XML', 400);
}
$xml = @simplexml_load_string($body);
if (false === $xml) {
throw new WebDAV_Exception('Invalid XML', 400);
}
$_ns = null;
// Select correct namespace if required
if (!empty(key($xml->getDocNameSpaces()))) {
$_ns = 'DAV:';
}
$out = [];
// Process set/remove instructions in order (important)
foreach ($xml->children($_ns) as $child) {
foreach ($child->children($_ns) as $prop) {
$prop = $prop->children();
if ($child->getName() == 'set') {
$ns = $prop->getNamespaces(true);
$ns = array_flip($ns);
$name = key($ns) . ':' . $prop->getName();
$attributes = $prop->attributes();
$attributes = $attributes === null ? null : iterator_to_array($attributes);
foreach ($ns as $xmlns => $alias) {
foreach (iterator_to_array($prop->attributes($alias)) as $key => $v) {
$attributes[$xmlns . ':' . $key] = $value;
}
}
if ($prop->count() > 1) {
$text = '';
foreach ($prop->children() as $c) {
$text .= $c->asXML();
}
}
else {
$text = (string)$prop;
}
$out[$name] = ['action' => 'set', 'attributes' => $attributes ?: null, 'content' => $text ?: null];
}
else {
$ns = $prop->getNamespaces();
$name = current($ns) . ':' . $prop->getName();
$out[$name] = ['action' => 'remove'];
}
}
}
return $out;
}
public function http_proppatch(string $uri): ?string
{
$this->checkLock($uri);
$body = file_get_contents('php://input');
$this->storage->setProperties($uri, $body);
// http_response_code doesn't know the 207 status code
header('HTTP/1.1 207 Multi-Status', true);
header('Content-Type: application/xml; charset=utf-8');
$out = '<?xml version="1.0" encoding="utf-8"?>' . "\n";
$out .= '<d:multistatus xmlns:d="DAV:">';
$out .= '</d:multistatus>';
return $out;
}
public function http_lock(string $uri): ?string
{
// We don't use this currently, but maybe later?
//$depth = !empty($this->_SERVER['HTTP_DEPTH']) ? 1 : 0;
//$timeout = isset($_SERVER['HTTP_TIMEOUT']) ? explode(',', $_SERVER['HTTP_TIMEOUT']) : [];
//$timeout = array_map('trim', $timeout);
if (empty($_SERVER['CONTENT_LENGTH']) && !empty($_SERVER['HTTP_IF'])) {
$token = $this->getLockToken();
if (!$token) {
throw new Exception('Invalid If header', 400);
}
$info = null;
$ns = 'D';
$scope = self::EXCLUSIVE_LOCK;
$this->checkLock($uri, $token);
$this->log('Requesting LOCK refresh: %s = %s', $uri, $scope);
}
else {
$locked_scope = $this->storage->getLock($uri);
if ($locked_scope == self::EXCLUSIVE_LOCK) {
throw new Exception('Cannot acquire another lock, resource is locked for exclusive use', 423);
}
if ($locked_scope && $token = $this->getLockToken()) {
$token = $this->getLockToken();
if (!$token) {
throw new Exception('Missing lock token', 423);
}
$this->checkLock($uri, $token);
}
$xml = file_get_contents('php://input');
if (!preg_match('!<((?:(\w+):)?lockinfo)[^>]*>(.*?)</\1>!is', $xml, $match)) {
throw new Exception('Invalid XML', 400);
}
$ns = $match[2];
$info = $match[3];
// Quick and dirty UUID
$uuid = random_bytes(16);
$uuid[6] = chr(ord($uuid[6]) & 0x0f | 0x40); // set version to 0100
$uuid[8] = chr(ord($uuid[8]) & 0x3f | 0x80); // set bits 6-7 to 10
$uuid = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($uuid), 4));
$token = 'opaquelocktoken:' . $uuid;
$scope = false !== stripos($info, sprintf('<%sexclusive', $ns ? $ns . ':' : '')) ? self::EXCLUSIVE_LOCK : self::SHARED_LOCK;
$this->log('Requesting LOCK: %s = %s', $uri, $scope);
}
$this->storage->lock($uri, $token, $scope);
$timeout = 60*5;
$info = sprintf('
<d:lockscope><d:%s /></d:lockscope>
<d:locktype><d:write /></d:locktype>
<d:owner>unknown</d:owner>
<d:depth>%d</d:depth>
<d:timeout>Second-%d</d:timeout>
<d:locktoken><d:href>%s</d:href></d:locktoken>
', $scope, 1, $timeout, $token);
http_response_code(200);
header('Content-Type: application/xml; charset=utf-8');
header(sprintf('Lock-Token: <%s>', $token));
$out = '<?xml version="1.0" encoding="utf-8"?>' . "\n";
$out .= '<d:prop xmlns:d="DAV:">';
$out .= '<d:lockdiscovery><d:activelock>';
$out .= $info;
$out .= '</d:activelock></d:lockdiscovery></d:prop>';
if ($ns != 'D') {
$out = str_replace('D:', $ns ? $ns . ':' : '', $out);
$out = str_replace('xmlns:D', $ns ? 'xmlns:' . $ns : 'xmlns', $out);
}
return $out;
}
public function http_unlock(string $uri): ?string
{
$token = $this->getLockToken();
if (!$token) {
throw new Exception('Invalid Lock-Token header', 400);
}
$this->log('<= Lock Token: %s', $token);
$this->checkLock($uri, $token);
$this->storage->unlock($uri, $token);
http_response_code(204);
return null;
}
/**
* Return current lock token supplied by client
*/
protected function getLockToken(): ?string
{
if (isset($_SERVER['HTTP_LOCK_TOKEN'])
&& preg_match('/<(.*?)>/', trim($_SERVER['HTTP_LOCK_TOKEN']), $match)) {
return $match[1];
}
elseif (isset($_SERVER['HTTP_IF'])
&& preg_match('/\(<(.*?)>\)/', trim($_SERVER['HTTP_IF']), $match)) {
return $match[1];
}
else {
return null;
}
}
/**
* Check if the resource is protected
* @throws Exception if the resource is locked
*/
protected function checkLock(string $uri, ?string $token = null): void
{
if ($token === null) {
$token = $this->getLockToken();
}
// Trying to access using a parent directory
if (isset($_SERVER['HTTP_IF'])
&& preg_match('/<([^>]+)>\s*\(<[^>]*>\)/', $_SERVER['HTTP_IF'], $match)) {
$root = $this->getURI($match[1]);
if (0 !== strpos($uri, $root)) {
throw new Exception('Invalid "If" header path: ' . $root, 400);
}
$uri = $root;
}
// Try to validate token
elseif (isset($_SERVER['HTTP_IF'])
&& preg_match('/\(<([^>]*)>\s+\["([^""]+)"\]\)/', $_SERVER['HTTP_IF'], $match)) {
$token = $match[1];
$request_etag = $match[2];
$etag = current($this->storage->properties($uri, ['DAV::getetag'], 0));
if ($request_etag != $etag) {
throw new Exception('Resource is locked and etag does not match', 412);
}
}
if ($token == 'DAV:no-lock') {
throw new Exception('Resource is locked', 412);
}
// Token is valid
if ($token && $this->storage->getLock($uri, $token)) {
return;
}
elseif ($token) {
throw new Exception('Invalid token', 400);
}
// Resource is locked
elseif ($this->storage->getLock($uri)) {
throw new Exception('Resource is locked', 423);
}
}
protected function dav_header()
{
header('DAV: 1, 2, 3');
}
public function http_options(): void
{
http_response_code(200);
$methods = 'GET HEAD PUT DELETE COPY MOVE PROPFIND MKCOL LOCK UNLOCK';
$this->dav_header();
header('Allow: ' . $methods);
header('Content-length: 0');
header('Accept-Ranges: bytes');
header('MS-Author-Via: DAV');
}
public function log(string $message, ...$params)
{
if (PHP_SAPI == 'cli-server') {
file_put_contents('php://stderr', vsprintf($message, $params) . "\n");
}
}
protected function getURI(string $source): string
{
$uri = parse_url($source, PHP_URL_PATH);
$uri = rawurldecode($uri);
$uri = rtrim($uri, '/');
if ($uri . '/' == $this->base_uri) {
$uri .= '/';
}
if (strpos($uri, $this->base_uri) !== 0) {
throw new Exception(sprintf('Invalid URI, "%s" is outside of scope "%s"', $uri, $this->base_uri), 400);
}
$uri = preg_replace('!/{2,}!', '/', $uri);
if (false !== strpos($uri, '..')) {
throw new Exception(sprintf('Invalid URI: "%s"', $uri), 403);
}
$uri = substr($uri, strlen($this->base_uri));
return $uri;
}
public function route(?string $uri = null): bool
{
if (null === $uri) {
$uri = $_SERVER['REQUEST_URI'] ?? '/';
}
$this->original_uri = $uri;
if ($uri . '/' == $this->base_uri) {
$uri .= '/';
}
if (0 === strpos($uri, $this->base_uri)) {
$uri = substr($uri, strlen($this->base_uri));
}
else {
$this->log('<= %s is not a managed URL', $uri);
return false;
}
// Add some extra-logging for Litmus tests
if (isset($_SERVER['HTTP_X_LITMUS']) || isset($_SERVER['HTTP_X_LITMUS_SECOND'])) {
$this->log('X-Litmus: %s', $_SERVER['HTTP_X_LITMUS'] ?? $_SERVER['HTTP_X_LITMUS_SECOND']);
}
$method = $_SERVER['REQUEST_METHOD'] ?? null;
header_remove('Expires');
header_remove('Pragma');
header_remove('Cache-Control');
header('X-Server: KD2', true);
// Stop and send reply to OPTIONS before anything else
if ($method == 'OPTIONS') {
$this->log('<= OPTIONS');
$this->http_options();
return true;
}
$uri = rawurldecode($uri);
$uri = trim($uri, '/');
$uri = preg_replace('!/{2,}!', '/', $uri);
$this->log('<= %s /%s', $method, $uri);
try {
if (false !== strpos($uri, '..')) {
throw new Exception(sprintf('Invalid URI: "%s"', $uri), 403);
}
// Call 'http_method' class method
$method = 'http_' . strtolower($method);
if (!method_exists($this, $method)) {
throw new Exception('Invalid request method', 405);
}
$out = $this->$method($uri);
$this->log('=> %d', http_response_code());
if (null !== $out) {
$this->log('=> %s', $out);
}
echo $out;
}
catch (Exception $e) {
$this->error($e);
}
return true;
}
function error(Exception $e)
{
$this->log('=> %d - %s', $e->getCode(), $e->getMessage());
if ($e->getCode() == 423) {
// http_response_code doesn't know about 423 Locked
header('HTTP/1.1 423 Locked');
}
else {
http_response_code($e->getCode());
}
header('Content-Type: application/xml; charset=utf-8', true);
printf('<?xml version="1.0" encoding="utf-8"?><d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns"><s:message>%s</s:message></d:error>', htmlspecialchars($e->getMessage(), ENT_XML1));
}
/**
* Utility function to create HMAC hash of data, useful for NextCloud and WOPI
*/
static public function hmac(array $data, string $key = '')
{
// Protect against length attacks by pre-hashing data
$data = array_map('sha1', $data);
$data = implode(':', $data);
return hash_hmac('sha1', $data, sha1($key));
}
}
abstract class AbstractStorage
{
/**
* Return the requested resource
*
* @param string $uri Path to resource
* @return null|array An array containing one of those keys:
* path => Full filesystem path to a local file, it will be streamed directly to the client
* resource => a PHP resource (eg. returned by fopen) that will be streamed directly to the client
* content => a string that will be returned
* or NULL if the resource cannot be returned (404)
*
* It is recommended to use X-SendFile inside this method to make things faster.
* @see https://tn123.org/mod_xsendfile/
*/
abstract public function get(string $uri): ?array;
/**
* Return TRUE if the requested resource exists, or FALSE
*
* @param string $uri
* @return bool
*/
abstract public function exists(string $uri): bool;
/**
* Return the requested resource properties
*
* This method is used for HEAD requests, for PROPFIND, and other places
*
* @param string $uri Path to resource
* @param null|array $requested_properties Properties requested by the client, NULL if all available properties are requested,
* or if specific properties are requested, each item will be a key,
* like 'namespace_url:property_name', eg. 'DAV::getcontentlength' or 'http://owncloud.org/ns:size'
* See Server::BASIC_PROPERTIES for default properties.
* @param int $depth Depth, can be 0 or 1
* @return null|array An array containing the requested properties, each item must have a key
* of the same form as the requested properties.
*
* This method MUST return NULL if the resource does not exist.
* Or it MUST return an array, where the keys are 'namespace_url:property_name' tuples,
* and the value is the content of the property tag.
*/
abstract public function properties(string $uri, ?array $requested_properties, int $depth): ?array;
/**
* Store resource properties
* @param string $uri
* @param string $body XML PROPPATCH request, parsing it is up to you
*/
public function setProperties(string $uri, string $body): void
{
// By default, properties are not saved
}
/**
* Create or replace a resource
* @param string $uri Path to resource
* @param resource $pointer A PHP file resource containing the sent data (note that this might not always be seekable)
* @param null|string $hash A MD5 hash of the resource to store, if it is supplied,
* this method should fail with a 400 code WebDAV exception and not proceed to store the resource.
* @param null|int $mtime The modification timestamp to set on the file
* @return bool Return TRUE if the resource has been created, or FALSE it has just been updated.
*/
abstract public function put(string $uri, $pointer, ?string $hash, ?int $mtime): bool;
/**
* Delete a resource
* @param string $uri
* @return void
*/
abstract public function delete(string $uri): void;
/**
* Copy a resource from $uri to $destination
* @param string $uri
* @param string $destination
* @return bool TRUE if the destination has been overwritten
*/
abstract public function copy(string $uri, string $destination): bool;
/**
* Move (rename) a resource from $uri to $destination
* @param string $uri
* @param string $destination
* @return bool TRUE if the destination has been overwritten
*/
abstract public function move(string $uri, string $destination): bool;
/**
* Create collection of resources (eg. a directory)
* @param string $uri
* @return void
*/
abstract public function mkcol(string $uri): void;
/**
* Return a list of resources for target $uri
*
* @param string $uri
* @param array $properties List of properties requested by client (see ::properties)
* @return iterable An array or other iterable (eg. a generator)
* where each item has a key string containing the name of the resource (eg. file name),
* and the value being an array of properties, or NULL.
*
* If the array value IS NULL, then a subsequent call to properties() will be issued for each element.
*/
abstract public function list(string $uri, array $properties): iterable;
/**
* Lock the requested resource
* @param string $uri Requested resource
* @param string $token Unique token given to the client for this resource
* @param string $scope Locking scope, either ::SHARED_LOCK or ::EXCLUSIVE_LOCK constant
* @return void
*/
public function lock(string $uri, string $token, string $scope): void
{
// By default locking is not implemented
}
/**
* Unlock the requested resource
* @param string $uri Requested resource
* @param string $token Unique token sent by the client
* @return void
*/
public function unlock(string $uri, string $token): void
{
// By default locking is not implemented
}
/**
* If $token is supplied, this method MUST return ::SHARED_LOCK or ::EXCLUSIVE_LOCK
* if the resource is locked with this token. If the resource is unlocked, or if it is
* locked with another token, it MUST return NULL.
*
* If $token is left NULL, then this method must return ::EXCLUSIVE_LOCK if there is any
* exclusive lock on the resource. If there are no exclusive locks, but one or more
* shared locks, it MUST return ::SHARED_LOCK. If the resource has no lock, it MUST
* return NULL.
*
* @param string $uri
* @param string|null $token
* @return string|null
*/
public function getLock(string $uri, ?string $token = null): ?string
{
// By default locking is not implemented, so NULL is always returned
return null;
}
}
}
namespace NanoKaraDAV
{
use KD2\WebDAV\AbstractStorage;
use KD2\WebDAV\Exception as WebDAV_Exception;
class Storage extends AbstractStorage
{
/**
* These file names will be ignored when doing a PUT
* as they are garbage, coming from some OS
*/
const PUT_IGNORE_PATTERN = '!^~(?:lock\.|^\._)|^(?:\.DS_Store|Thumbs\.db|desktop\.ini)$!';
protected string $path;
public function __construct()
{
$this->path = __DIR__ . '/';
}
public function list(string $uri, ?array $properties): iterable
{
$dirs = glob($this->path . $uri . '/*', \GLOB_ONLYDIR);
$dirs = array_map('basename', $dirs);
natcasesort($dirs);
$files = glob($this->path . $uri . '/*');
$files = array_map('basename', $files);
$files = array_diff($files, $dirs);
// Remove PHP files from listings
$files = array_filter($files, fn($a) => !preg_match('/\.(?:php\d?|phtml|phps)$/i', $a));
if (!$uri) {
$files = array_diff($files, ['webdav.js', 'webdav.css']);
}
natcasesort($files);
$files = array_flip(array_merge($dirs, $files));
$files = array_map(fn($a) => null, $files);
return $files;
}
public function get(string $uri): ?array
{
$path = $this->path . $uri;
if (!file_exists($path)) {
return null;
}
return ['path' => $path];
}
public function exists(string $uri): bool
{
return file_exists($this->path . $uri);
}
public function get_file_property(string $uri, string $name, int $depth)
{
$target = $this->path . $uri;
switch ($name) {
case 'DAV::getcontentlength':
return is_dir($target) ? null : filesize($target);
case 'DAV::getcontenttype':
// ownCloud app crashes if mimetype is provided for a directory
// https://github.com/owncloud/android/issues/3768
return is_dir($target) ? null : mime_content_type($target);
case 'DAV::resourcetype':
return is_dir($target) ? 'collection' : '';
case 'DAV::getlastmodified':
return new \DateTime('@' . filemtime($target));
case 'DAV::displayname':
return basename($target);
case 'DAV::ishidden':
return basename($target)[0] == '.';
case 'DAV::getetag':
$hash = filemtime($target) . filesize($target);
return md5($hash . $target);
case 'DAV::lastaccessed':
return new \DateTime('@' . fileatime($target));
case 'DAV::creationdate':
return new \DateTime('@' . filectime($target));
case WebDAV::PROP_DIGEST_MD5:
if (!is_file($target)) {
return null;
}
return md5_file($target);
default:
break;
}
return null;
}
public function properties(string $uri, ?array $properties, int $depth): ?array
{
$target = $this->path . $uri;
if (!file_exists($target)) {
return null;
}
if (null === $properties) {
$properties = WebDAV::BASIC_PROPERTIES;
}
$out = [];
foreach ($properties as $name) {
$v = $this->get_file_property($uri, $name, $depth);
if (null !== $v) {
$out[$name] = $v;
}
}
return $out;
}
public function put(string $uri, $pointer, ?string $hash, ?int $mtime): bool
{
if (preg_match(self::PUT_IGNORE_PATTERN, basename($uri))) {
return false;
}
$target = $this->path . $uri;
$parent = dirname($target);
if (is_dir($target)) {
throw new WebDAV_Exception('Target is a directory', 409);
}
if (!file_exists($parent)) {
mkdir($parent, 0770, true);
}
$new = !file_exists($target);
$delete = false;
$size = 0;
$quota = disk_free_space($this->path);
$tmp_file = '.tmp.' . sha1($target);
$out = fopen($tmp_file, 'w');
while (!feof($pointer)) {
$bytes = fread($pointer, 8192);
$size += strlen($bytes);
if ($size > $quota) {
$delete = true;
break;
}
fwrite($out, $bytes);
}
fclose($out);
fclose($pointer);
if ($delete) {
@unlink($tmp_file);
throw new WebDAV_Exception('Your quota is exhausted', 403);
}
elseif ($hash && md5_file($tmp_file) != $hash) {
@unlink($tmp_file);
throw new WebDAV_Exception('The data sent does not match the supplied MD5 hash', 400);
}
else {
rename($tmp_file, $target);
}
if ($mtime) {
@touch($target, $mtime);
}
return $new;
}
public function delete(string $uri): void
{
$target = $this->path . $uri;
if (!file_exists($target)) {
throw new WebDAV_Exception('Target does not exist', 404);
}
if (is_dir($target)) {
foreach (glob($target . '/*') as $file) {
$this->delete(substr($file, strlen($this->path)));
}
rmdir($target);
}
else {
unlink($target);
}
}
public function copymove(bool $move, string $uri, string $destination): bool
{
$source = $this->path . $uri;
$target = $this->path . $destination;
$parent = dirname($target);
if (!file_exists($source)) {
throw new WebDAV_Exception('File not found', 404);
}
$overwritten = file_exists($target);
if (!is_dir($parent)) {
throw new WebDAV_Exception('Target parent directory does not exist', 409);
}
if (false === $move) {
$quota = disk_free_space($this->path);
if (filesize($source) > $quota) {
throw new WebDAV_Exception('Your quota is exhausted', 403);
}
}
if ($overwritten) {
$this->delete($destination);
}
$method = $move ? 'rename' : 'copy';
if ($method == 'copy' && is_dir($source)) {
@mkdir($target, 0770, true);
foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($source), \RecursiveIteratorIterator::SELF_FIRST) as $item)
{
if ($item->isDir()) {
@mkdir($target . DIRECTORY_SEPARATOR . $iterator->getSubPathname());
} else {
copy($item, $target . DIRECTORY_SEPARATOR . $iterator->getSubPathname());
}
}
}
else {
$method($source, $target);
$this->getResourceProperties($uri)->move($destination);
}
return $overwritten;
}
public function copy(string $uri, string $destination): bool
{
return $this->copymove(false, $uri, $destination);
}
public function move(string $uri, string $destination): bool
{
return $this->copymove(true, $uri, $destination);
}
public function mkcol(string $uri): void
{
if (!disk_free_space($this->path)) {
throw new WebDAV_Exception('Your quota is exhausted', 403);
}
$target = $this->path . $uri;
$parent = dirname($target);
if (file_exists($target)) {
throw new WebDAV_Exception('There is already a file with that name', 405);
}
if (!file_exists($parent)) {
throw new WebDAV_Exception('The parent directory does not exist', 409);
}
mkdir($target, 0770);
}
}
class Server extends \KD2\WebDAV\Server
{
protected function html_directory(string $uri, iterable $list): ?string
{
$out = parent::html_directory($uri, $list);
if (null !== $out) {
$out = str_replace('<body>', sprintf('<body style="opacity: 0"><script type="text/javascript" src="%s/webdav.js"></script>', rtrim($this->base_uri, '/')), $out);
}
return $out;
}
}
}
namespace {
use NanoKaraDAV\Server;
use NanoKaraDAV\Storage;
$uri = strtok($_SERVER['REQUEST_URI'], '?');
$root = substr(__DIR__, strlen($_SERVER['DOCUMENT_ROOT']));
if (false !== strpos($uri, '..')) {
http_response_code(404);
die('Invalid URL');
}
$relative_uri = ltrim(substr($uri, strlen($root)), '/');
if ($relative_uri == 'webdav.js' || $relative_uri == 'webdav.css') {
http_response_code(200);
if ($relative_uri == 'webdav.js') {
header('Content-Type: text/javascript', true);
}
else {
header('Content-Type: text/css', true);
}
$seconds_to_cache = 3600 * 24 * 365;
$ts = gmdate("D, d M Y H:i:s", time() + $seconds_to_cache) . " GMT";
header("Expires: " . $ts);
header("Pragma: cache");
header("Cache-Control: max-age=" . $seconds_to_cache);
$fp = fopen(__FILE__, 'r');
if ($relative_uri == 'webdav.js') {
fseek($fp, __PHP_SIZE__, SEEK_SET);
echo fread($fp, __JS_SIZE__);
}
else {
fseek($fp, __PHP_SIZE__ + __JS_SIZE__, SEEK_SET);
echo fread($fp, __CSS_SIZE__);
}
fclose($fp);
exit;
}
$dav = new Server;
$dav->setStorage(new Storage);
$dav->setBaseURI($root);
if (!$dav->route($uri)) {
http_response_code(404);
die('Invalid URL, sorry');
}
exit;
}