dokuwiki/lib/exe/fetch.php

<?php

/**
 * DokuWiki media passthrough file
 *
 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 * @author     Andreas Gohr <andi@splitbrain.org>
 */

use dokuwiki\Input\Input;
use dokuwiki\Extension\Event;

if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/../../');
if (!defined('DOKU_DISABLE_GZIP_OUTPUT')) define('DOKU_DISABLE_GZIP_OUTPUT', 1);
require_once(DOKU_INC . 'inc/init.php');
session_write_close(); //close session

require_once(DOKU_INC . 'inc/fetch.functions.php');

if (defined('SIMPLE_TEST')) {
    $INPUT = new Input();
}

// BEGIN main
$mimetypes = getMimeTypes();

//get input
$MEDIA = stripctl(getID('media', false)); // no cleaning except control chars - maybe external
$CACHE = calc_cache($INPUT->str('cache'));
$WIDTH = $INPUT->int('w');
$HEIGHT = $INPUT->int('h');
$REV = &$INPUT->ref('rev');
//sanitize revision
$REV = preg_replace('/[^0-9]/', '', $REV);

[$EXT, $MIME, $DL] = mimetype($MEDIA, false);
if ($EXT === false) {
    $EXT = 'unknown';
    $MIME = 'application/octet-stream';
    $DL = true;
}

// check for permissions, preconditions and cache external files
[$STATUS, $STATUSMESSAGE] = checkFileStatus($MEDIA, $FILE, $REV, $WIDTH, $HEIGHT);

// prepare data for plugin events
$data = [
    'media' => $MEDIA,
    'file' => $FILE,
    'orig' => $FILE,
    'mime' => $MIME,
    'download' => $DL,
    'cache' => $CACHE,
    'ext' => $EXT,
    'width' => $WIDTH,
    'height' => $HEIGHT,
    'status' => $STATUS,
    'statusmessage' => $STATUSMESSAGE,
    'ispublic' => media_ispublic($MEDIA),
    'csp' => [
        'default-src' => "'none'",
        'style-src' => "'unsafe-inline'",
        'media-src' => "'self'",
        'object-src' => "'self'",
        'font-src' => "'self' data:",
        'form-action' => "'none'",
        'frame-ancestors' => "'self'",
    ]
];

// handle the file status
$evt = new Event('FETCH_MEDIA_STATUS', $data);
if ($evt->advise_before()) {
    // redirects
    if ($data['status'] > 300 && $data['status'] <= 304) {
        if (defined('SIMPLE_TEST')) return; //TestResponse doesn't recognize redirects
        send_redirect($data['statusmessage']);
    }
    // send any non 200 status
    if ($data['status'] != 200) {
        http_status($data['status'], $data['statusmessage']);
    }
    // die on errors
    if ($data['status'] > 203) {
        echo $data['statusmessage'];
        if (defined('SIMPLE_TEST')) return;
        exit;
    }
}
$evt->advise_after();
unset($evt);

//handle image resizing/cropping
$evt = new Event('MEDIA_RESIZE', $data);
if ($evt->advise_before()) {
    if (
        $MIME != 'image/svg+xml' &&
        str_starts_with($MIME, 'image') &&
        ($WIDTH || $HEIGHT)
    ) {
        if ($HEIGHT && $WIDTH) {
            $data['file'] = $FILE = media_crop_image($data['file'], $EXT, $WIDTH, $HEIGHT);
        } else {
            $data['file'] = $FILE = media_resize_image($data['file'], $EXT, $WIDTH, $HEIGHT);
        }
    }
}
$evt->advise_after();
unset($evt);

// finally send the file to the client
$evt = new Event('MEDIA_SENDFILE', $data);
if ($evt->advise_before()) {
    sendFile(
        $data['file'],
        $data['mime'],
        $data['download'],
        $data['cache'],
        $data['ispublic'],
        $data['orig'],
        $data['csp']
    );
}
// Do something after the download finished.
$evt->advise_after();  // will not be emitted on 304 or x-sendfile

// END DO main