Beispiel #1
0
 private function appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path)
 {
     $oErrorNode = new QFinder_Connector_Utils_XmlNode("Error");
     $oErrorNode->addAttribute("code", $errorCode);
     $oErrorNode->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($name));
     $oErrorNode->addAttribute("type", $type);
     $oErrorNode->addAttribute("folder", $path);
     $oErrorsNode->addChild($oErrorNode);
 }
Beispiel #2
0
 /**
  * Handle request and build XML
  */
 public function buildXml()
 {
     if (!extension_loaded('zip')) {
         $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_COMMAND);
     }
     $this->checkConnector();
     $this->checkRequest();
     if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
         $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
     }
     $this->_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config");
     $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig();
     $_sServerDir = $this->_currentFolder->getServerPath();
     $files = array();
     $_zipFilesSize = 0;
     $config = $this->getConfig();
     $zipMaxSize = $config['zipMaxSize'];
     if (!empty($zipMaxSize) && $zipMaxSize == 'default') {
         $zipMaxSize = $currentResourceTypeConfig->getMaxSize();
     }
     $_isBasket = isset($_POST['basket']) && $_POST['basket'] == 'true' ? true : false;
     if (!empty($_POST['files'])) {
         $_aclConfig = $this->_config->getAccessControlConfig();
         $aclMasks = array();
         $_resourceTypeConfig = array();
         foreach ($_POST['files'] as $arr) {
             if (empty($arr['name']) || empty($arr['type']) || empty($arr['folder'])) {
                 continue;
             }
             // file name
             $name = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']);
             // resource type
             $type = $arr['type'];
             // client path
             $path = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']);
             // check #1 (path)
             if (!QFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(QFINDER_REGEX_INVALID_PATH, $path)) {
                 continue;
             }
             // get resource type config for current file
             if (!isset($_resourceTypeConfig[$type])) {
                 $_resourceTypeConfig[$type] = $this->_config->getResourceTypeConfig($type);
             }
             // check #2 (resource type)
             if (is_null($_resourceTypeConfig[$type])) {
                 continue;
             }
             // check #3 (extension)
             if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) {
                 continue;
             }
             // check #4 (extension) - when moving to another resource type, double check extension
             if ($currentResourceTypeConfig->getName() != $type && !$currentResourceTypeConfig->checkExtension($name, false)) {
                 continue;
             }
             // check #5 (hidden folders)
             // cache results
             if (empty($checkedPaths[$path])) {
                 $checkedPaths[$path] = true;
                 if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) {
                     continue;
                 }
             }
             // check #6 (hidden file name)
             if ($currentResourceTypeConfig->checkIsHiddenFile($name)) {
                 continue;
             }
             // check #7 (Access Control, need file view permission to source files)
             if (!isset($aclMasks[$type . "@" . $path])) {
                 $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path);
             }
             $isAuthorized = ($aclMasks[$type . "@" . $path] & QFINDER_CONNECTOR_ACL_FILE_VIEW) == QFINDER_CONNECTOR_ACL_FILE_VIEW;
             if (!$isAuthorized) {
                 continue;
             }
             $sourceFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($_resourceTypeConfig[$type]->getDirectory() . $path, $name);
             // check #8 (invalid file name)
             if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) {
                 continue;
             }
             // check #9 - max file size
             if (!empty($zipMaxSize)) {
                 clearstatcache();
                 $_zipFilesSize += filesize($sourceFilePath);
                 if ($_zipFilesSize > $zipMaxSize) {
                     $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_CREATED_FILE_TOO_BIG);
                 }
             }
             $zipPathPart = $_isBasket ? QFinder_Connector_Utils_FileSystem::combinePaths($type, $path) : '';
             $files[$sourceFilePath] = $zipPathPart . pathinfo($sourceFilePath, PATHINFO_BASENAME);
         }
     } else {
         if (!is_dir($_sServerDir)) {
             $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND);
         }
         $files = $this->getFilesRecursively($_sServerDir, $zipMaxSize);
     }
     if (sizeof($files) < 1) {
         $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
     }
     // default destination dir - temp
     $dest_dir = QFinder_Connector_Utils_FileSystem::getTmpDir();
     $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
     // default file name - hash
     $zip_filename = substr(md5(serialize($files)), 0, 16) . $resourceTypeInfo->getHash() . '.zip';
     // compress files - do not download them
     // change destination and name
     if (isset($_POST['download']) && $_POST['download'] == 'false') {
         $dest_dir = $_sServerDir;
         if (isset($_POST['zipName']) && !empty($_POST['zipName'])) {
             $zip_filename = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST['zipName']);
             if (!$resourceTypeInfo->checkExtension($zip_filename)) {
                 $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
             }
         }
     }
     if (!QFinder_Connector_Utils_FileSystem::checkFileName($zip_filename) || $resourceTypeInfo->checkIsHiddenFile($zip_filename)) {
         $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME);
     }
     if ($this->_config->forceAscii()) {
         $zip_filename = QFinder_Connector_Utils_FileSystem::convertToAscii($zip_filename);
     }
     $zipFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename);
     if (!is_writable(dirname($zipFilePath))) {
         $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
     }
     // usually we would need to create zip?
     $createZip = true;
     // only if file already exists and we want download it
     // do not create new one - because hash of previously created is the same - existing archive is ok
     if (file_exists($zipFilePath) && isset($_POST['download']) && $_POST['download'] == 'true') {
         $createZip = false;
     } else {
         if (file_exists($zipFilePath) && (!isset($_POST['fileExistsAction']) || !in_array($_POST['fileExistsAction'], array('autorename', 'overwrite')))) {
             $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
         }
         if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
             $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
         }
         // check how to deal with existing file
         if (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'autorename') {
             if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD | QFINDER_CONNECTOR_ACL_FILE_RENAME)) {
                 $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
             }
             $zip_filename = QFinder_Connector_Utils_FileSystem::autoRename($dest_dir, $zip_filename);
             $zipFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename);
         } elseif (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'overwrite') {
             if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_RENAME | QFINDER_CONNECTOR_ACL_FILE_DELETE)) {
                 $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
             }
             if (!QFinder_Connector_Utils_FileSystem::unlink($zipFilePath)) {
                 $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
             }
         }
     }
     if ($createZip) {
         $zip = new ZipArchive();
         $result = $zip->open($zipFilePath, ZIPARCHIVE::CREATE);
         if ($result !== TRUE) {
             $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNKNOWN);
         }
         foreach ($files as $pathname => $filename) {
             if (!empty($filename)) {
                 if (file_exists($pathname) && is_readable($pathname)) {
                     $zip->addFile($pathname, $filename);
                 }
             } else {
                 $zip->addEmptyDir($pathname);
             }
         }
         $zip->close();
     }
     $file = new QFinder_Connector_Utils_XmlNode("ZipFile");
     $file->addAttribute("name", $zip_filename);
     $this->_connectorNode->addChild($file);
 }