From f224f0354e962e521e0668a42bbca45ce23f33c1 Mon Sep 17 00:00:00 2001 From: bohwaz Date: Tue, 22 Nov 2022 02:05:12 +0100 Subject: [PATCH] Rename JS and CSS files --- .htaccess | 10 +++++++--- README.md | 16 +++++++++++----- index.php | 24 ++++++++++++++---------- server.php | 10 +++++----- 4 files changed, 37 insertions(+), 23 deletions(-) diff --git a/.htaccess b/.htaccess index de95ec3..e259fdc 100644 --- a/.htaccess +++ b/.htaccess @@ -4,7 +4,11 @@ RedirectMatch 404 \.picodav\.ini RewriteEngine On RewriteBase / -RewriteCond %{REQUEST_FILENAME} !-f [OR] -RewriteCond %{REQUEST_URI} \.picodav\.ini [OR] -RewriteCond %{REQUEST_METHOD} !GET + +# Uncomment the following 2 lignes to make things a bit faster for +# downloading files, AND you don't use PicoDAV users to manage access, +# but a regular .htpasswd file and config for your web server. +#RewriteCond %{REQUEST_FILENAME} !-f [OR] +#RewriteCond %{REQUEST_METHOD} !GET + RewriteRule ^.*$ /index.php [END] diff --git a/README.md b/README.md index 375cf1f..cf9fefe 100644 --- a/README.md +++ b/README.md @@ -39,10 +39,6 @@ The only requirement is PHP 7.4, or more recent (8.0 and 8.1 are also supported, Note that by default, write access is disabled for security purposes. See below to enable write access. -### Other web servers than Apache - -This is designed to work best with Apache web servers. If you are using another web server, you'll have to adapt the rules described in `.htaccess` to your own server. - ### Configuration PicoDAV accepts a configuration file named `.picodav.ini`. @@ -132,12 +128,22 @@ Please note: if you do this, **EVERYONE** visiting your PicoDAV URL will be able ### Other notes -If you don't want to use the included users feature, you can also restrict access by using a [`.htpasswd` Apache file](https://www.cyberciti.biz/faq/create-update-user-authentication-files/). +#### Using the web-server auth instead PicoDAV auth + +If you don't want to use the provided auth (users and passwords) feature, you can also restrict access by using a [`.htpasswd` Apache file](https://www.cyberciti.biz/faq/create-update-user-authentication-files/), or any other mean provided by your web server. + +If you do this, you might want to uncomment the two commented `RewriteCond` lines in `.htaccess`, this way all downloads of files will happen directly from the web server, and not going through PHP, making things a bit faster. + +#### Security For security purposes, the WebDAV server will not allow to read or delete UNIX hidden files (with the file name beginning with a dot, eg. `.htaccess` etc.). Access to PHP files is also disabled for the same reasons. +### Other web servers than Apache + +This is designed to work best with Apache web servers. If you are using another web server, you'll have to adapt the rules described in `.htaccess` to your own server. + ## Dependencies This software includes the KD2\WebDAV class from the [KD2FW package](https://fossil.kd2.org/kd2fw/). diff --git a/index.php b/index.php index 66cd583..4b6472e 100644 --- a/index.php +++ b/index.php @@ -1778,7 +1778,7 @@ namespace PicoDAV $out = parent::html_directory($uri, $list); if (null !== $out) { - $out = str_replace('', sprintf('', rtrim($this->base_uri, '/')), $out); + $out = str_replace('', sprintf('', rtrim($this->base_uri, '/')), $out); } return $out; @@ -1821,17 +1821,21 @@ RedirectMatch 404 \\.picodav\\.ini RewriteEngine On RewriteBase / -RewriteCond %{REQUEST_FILENAME} !-f [OR] -RewriteCond %{REQUEST_URI} \\.picodav\\.ini [OR] -RewriteCond %{REQUEST_METHOD} !GET + +# Uncomment the following 2 lignes to make things a bit faster for +# downloading files, AND you don\'t use PicoDAV users to manage access, +# but a regular .htpasswd file and config for your web server. +#RewriteCond %{REQUEST_FILENAME} !-f [OR] +#RewriteCond %{REQUEST_METHOD} !GET + RewriteRule ^.*$ /index.php [END] '); } - if ($relative_uri == 'webdav.js' || $relative_uri == 'webdav.css') { + if ($relative_uri == '.webdav/webdav.js' || $relative_uri == '.webdav/webdav.css') { http_response_code(200); - if ($relative_uri == 'webdav.js') { + if ($relative_uri == '.webdav/webdav.js') { header('Content-Type: text/javascript', true); } else { @@ -1846,12 +1850,12 @@ RewriteRule ^.*$ /index.php [END] $fp = fopen(__FILE__, 'r'); - if ($relative_uri == 'webdav.js') { - fseek($fp, 49574, SEEK_SET); + if ($relative_uri == '.webdav/webdav.js') { + fseek($fp, 49805, SEEK_SET); echo fread($fp, 25889); } else { - fseek($fp, 49574 + 25889, SEEK_SET); + fseek($fp, 49805 + 25889, SEEK_SET); echo fread($fp, 6760); } @@ -1861,7 +1865,7 @@ RewriteRule ^.*$ /index.php [END] } const CONFIG_FILE = __DIR__ . '/.picodav.ini'; - const INTERNAL_FILES = ['.picodav.ini', 'index.php', 'webdav.js', 'webdav.css']; + define('PicoDAV\INTERNAL_FILES', ['.picodav.ini', basename(__FILE__), '.webdav/webdav.js', '.webdav/webdav.css']); const DEFAULT_CONFIG = [ 'ANONYMOUS_READ' => true, diff --git a/server.php b/server.php index 0e0bec3..147b8be 100644 --- a/server.php +++ b/server.php @@ -502,7 +502,7 @@ namespace PicoDAV $out = parent::html_directory($uri, $list); if (null !== $out) { - $out = str_replace('', sprintf('', rtrim($this->base_uri, '/')), $out); + $out = str_replace('', sprintf('', rtrim($this->base_uri, '/')), $out); } return $out; @@ -542,10 +542,10 @@ namespace { file_put_contents(__DIR__ . '/.htaccess', /*__HTACCESS__*/); } - if ($relative_uri == 'webdav.js' || $relative_uri == 'webdav.css') { + if ($relative_uri == '.webdav/webdav.js' || $relative_uri == '.webdav/webdav.css') { http_response_code(200); - if ($relative_uri == 'webdav.js') { + if ($relative_uri == '.webdav/webdav.js') { header('Content-Type: text/javascript', true); } else { @@ -560,7 +560,7 @@ namespace { $fp = fopen(__FILE__, 'r'); - if ($relative_uri == 'webdav.js') { + if ($relative_uri == '.webdav/webdav.js') { fseek($fp, __PHP_SIZE__, SEEK_SET); echo fread($fp, __JS_SIZE__); } @@ -575,7 +575,7 @@ namespace { } const CONFIG_FILE = __DIR__ . '/.picodav.ini'; - const INTERNAL_FILES = ['.picodav.ini', 'index.php', 'webdav.js', 'webdav.css']; + define('PicoDAV\INTERNAL_FILES', ['.picodav.ini', basename(__FILE__), '.webdav/webdav.js', '.webdav/webdav.css']); const DEFAULT_CONFIG = [ 'ANONYMOUS_READ' => true,