*/
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_before.php";
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/workflow/prolog.php";
$WORKFLOW_RIGHT = $APPLICATION->GetGroupRight("workflow");
if ($WORKFLOW_RIGHT == "D") {
    $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED"));
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/workflow/include.php";
IncludeModuleLangFile(__FILE__);
$fname = $_REQUEST["fname"];
$path = "";
$filename = "";
if ($USER->IsAdmin() || !in_array(GetFileExtension($fname), GetScriptFileExt())) {
    $z = CWorkflow::GetFileByID($did, $fname);
    if ($zr = $z->Fetch()) {
        $path = CWorkflow::GetTempDir() . $zr["TEMP_FILENAME"];
        if (file_exists($path)) {
            $filename = basename($zr["FILENAME"]);
        }
    }
} else {
    $strError = GetMessage("FLOW_ACCESS_DENIED_PHP_DOWNLOAD");
}
if (strlen($strError) <= 0) {
    $fsize = filesize($path);
    header("Content-Type: application/force-download; name=\"" . $filename . "\"");
    header("Content-Transfer-Encoding: binary");
    header("Content-Length: " . $fsize);
    header("Content-Disposition: attachment; filename=\"" . $filename . "\"");
    header("Expires: 0");
    header("Cache-Control: no-cache, must-revalidate");
         $path = GetDirPath($FILENAME);
         $pathto = Rel2Abs($path, $fname);
         $ext = GetFileExtension($pathto);
         if (!$USER->IsAdmin() && in_array($ext, $arExt)) {
             $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => GetMessage("FLOW_FILEUPLOAD_PHPERROR") . " \"" . $pathto . "\"", "TYPE" => "ERROR"));
         } elseif (!$USER->CanDoFileOperation('fm_edit_in_workflow', array($SITE_ID, $pathto))) {
             $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => GetMessage("FLOW_FILEUPLOAD_ACCESS_DENIED") . " \"" . $pathto . "\": " . GetMessage("FLOW_MIN_RIGHTS"), "TYPE" => "ERROR"));
         } elseif (!CBXVirtualIoFileSystem::ValidatePathString($pathto)) {
             $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => GetMessage("FLOW_FILE_NAME_NOT_VALID"), "TYPE" => "ERROR"));
         } else {
             $z = CWorkflow::GetFileByID($ID, $pathto);
             if ($zr = $z->Fetch()) {
                 $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => str_replace("#FILE#", "{$pathto}", GetMessage("FLOW_FILE_ALREADY_EXIST")), "TYPE" => "ERROR"));
             } else {
                 $temp_file = CWorkflow::GetUniqueFilename($pathto);
                 $temp_dir = CWorkflow::GetTempDir();
                 if (!file_exists($temp_dir)) {
                     mkdir($temp_dir, BX_DIR_PERMISSIONS);
                 }
                 $temp_path = $temp_dir . $temp_file;
                 if (!copy($arFile["tmp_name"], $temp_path)) {
                     $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => GetMessage("FLOW_FILEUPLOAD_FILE_CREATE_ERROR") . " \"" . $temp_path . "\"", "TYPE" => "ERROR"));
                 } else {
                     $arFields = array("DOCUMENT_ID" => $ID > 0 ? $ID : "null", "TIMESTAMP_X" => $DB->GetNowFunction(), "MODIFIED_BY" => "'" . $USER->GetID() . "'", "TEMP_FILENAME" => "'" . $DB->ForSql($temp_file, 255) . "'", "FILENAME" => "'" . $DB->ForSql($pathto, 255) . "'", "FILESIZE" => intval($arFile["size"]));
                     $FILE_ID = $DB->Insert("b_workflow_file", $arFields, $err_mess . __LINE__);
                     $arUploadedFiles[] = intval($FILE_ID);
                 }
             }
         }
     }
 }
Beispiel #3
0
 public static function GetFileContent($did, $fname, $wf_path = "", $site = false)
 {
     $err_mess = CAllWorkflow::err_mess() . "<br>Function: GetFileContent<br>Line: ";
     global $DB, $APPLICATION, $USER;
     $did = intval($did);
     // check if executable
     if ($USER->IsAdmin() || CBXVirtualIoFileSystem::ValidatePathString($fname) && !HasScriptExtension($fname)) {
         if ($did > 0) {
             // check if it is associated wtih document
             $z = CWorkflow::GetFileByID($did, $fname);
             // found one
             if ($zr = $z->Fetch()) {
                 // get it's contents
                 $path = CWorkflow::GetTempDir() . $zr["TEMP_FILENAME"];
                 if (file_exists($path)) {
                     return $APPLICATION->GetFileContent($path);
                 }
             } else {
                 // lookup in database
                 $strSql = "SELECT FILENAME, SITE_ID FROM b_workflow_document WHERE ID='{$did}'";
                 $y = $DB->Query($strSql, false, $err_mess . __LINE__);
                 // found
                 if ($yr = $y->Fetch()) {
                     // get it's directory
                     $path = GetDirPath($yr["FILENAME"]);
                     // absolute path
                     $pathto = Rel2Abs($path, $fname);
                     $DOC_ROOT = CSite::GetSiteDocRoot($yr["SITE_ID"]);
                     $path = $DOC_ROOT . $pathto;
                     // give it another try
                     $u = CWorkflow::GetFileByID($did, $pathto);
                     // found
                     if ($ur = $u->Fetch()) {
                         // get it's contents
                         $path = CWorkflow::GetTempDir() . $ur["TEMP_FILENAME"];
                         if (file_exists($path)) {
                             return $APPLICATION->GetFileContent($path);
                         }
                     } elseif (file_exists($path)) {
                         // get it's contents
                         if ($USER->CanDoFileOperation('fm_view_file', array($yr["SITE_ID"], $pathto))) {
                             return $APPLICATION->GetFileContent($path);
                         }
                     }
                 }
             }
         }
         $DOC_ROOT = CSite::GetSiteDocRoot($site);
         // new one
         if (strlen($wf_path) > 0) {
             $pathto = Rel2Abs($wf_path, $fname);
             $path = $DOC_ROOT . $pathto;
             if (file_exists($path)) {
                 // get it's contents
                 if ($USER->CanDoFileOperation('fm_view_file', array($site, $pathto))) {
                     $src = $APPLICATION->GetFileContent($path);
                     return $src;
                 }
             }
         }
         // still failed to find
         // get path
         $path = $DOC_ROOT . $fname;
         if (file_exists($path)) {
             // get it's contents
             if ($USER->CanDoFileOperation('fm_view_file', array($site, $fname))) {
                 return $APPLICATION->GetFileContent($path);
             }
         }
     } else {
         return GetMessage("FLOW_ACCESS_DENIED_PHP_VIEW");
     }
 }