/**
* Handle request in stack
*
* @param object $request Request
* @return mixed
*/
public function handle(Request $request)
{
$response = $this->next($request);
$filename = $this->app['moderator']->getPath();
// Ensure the file exist
if (!file_exists($filename)) {
// Return message
header('HTTP/1.1 404 Not found');
exit;
}
// Initiate a new content server
$server = new Server();
$server->disposition('inline');
$server->acceptranges(true);
$server->allowXsendFile();
$server->filename($filename);
// Serve up the file
$result = $server->serve();
return $response;
}
/**
* Download a file
*
* @return void
*/
public function downloadTask()
{
$file = Request::getVar('file', '');
$item = Request::getInt('post', 0);
$post = Post::getInstance($item);
// Instantiate an attachment object
$asset = Asset::getInstance($file, $post->get('item_id'));
// Ensure record exist
if (!$asset->get('id') || $post->item()->get('state') == 2) {
throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND'), 404);
}
// Check authorization
if ($post->item()->get('access') == 4 && User::isGuest()) {
throw new Exception(Lang::txt('COM_COLLECTIONS_ERROR_ACCESS_DENIED_TO_FILE'), 403);
}
// Ensure we have a path
if (!$asset->get('filename')) {
throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND'), 404);
}
// Get the configured upload path
$filename = $asset->filespace() . DS . $asset->get('item_id') . DS . ltrim($asset->get('filename'), DS);
// Ensure the file exist
if (!file_exists($filename)) {
throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND') . ' ' . $filename, 404);
}
$ext = strtolower(Filesystem::extension($filename));
// Initiate a new content server and serve up the file
$server = new Server();
$server->filename($filename);
$server->disposition('attachment');
if (in_array($ext, array('jpg', 'jpeg', 'jpe', 'png', 'gif'))) {
$server->disposition('inline');
}
$server->acceptranges(false);
// @TODO fix byte range support
if (!$server->serve()) {
// Should only get here on error
throw new Exception(Lang::txt('COM_COLLECTIONS_SERVER_ERROR'), 500);
} else {
exit;
}
}
/**
* Serve up an offering logo
*
* @return void
*/
public function logoTask()
{
if (!($logo = $this->course->offering()->section()->logo())) {
$logo = $this->course->offering()->logo();
}
$file = PATH_APP . $logo;
// Initiate a new content server and serve up the file
$server = new Server();
$server->filename($file);
$server->disposition('inline');
$server->acceptranges(false);
if (!$server->serve()) {
// Should only get here on error
throw new Exception(Lang::txt('COM_COURSES_SERVER_ERROR'), 404);
} else {
exit;
}
}
/**
* Download a file
*
* @return void
*/
public function downloadTask()
{
$archive = new Archive('site', 0);
$entry = Entry::oneByScope(Request::getVar('alias', ''), 'site', 0);
if (!$entry->get('id') || !$entry->access('view')) {
throw new Exception(Lang::txt('Access denied.'), 403);
}
if (!($file = Request::getVar('file', ''))) {
$filename = array_pop(explode('/', $_SERVER['REQUEST_URI']));
// Get the file name
if (substr(strtolower($filename), 0, strlen('image:')) == 'image:') {
$file = substr($filename, strlen('image:'));
} elseif (substr(strtolower($filename), 0, strlen('file:')) == 'file:') {
$file = substr($filename, strlen('file:'));
}
}
// Decode file name
$file = urldecode($file);
// Build file path
$file_path = $archive->filespace() . DS . $file;
// Ensure the file exist
if (!file_exists($file_path)) {
throw new InvalidArgumentException(Lang::txt('The requested file could not be found: %s', $file), 404);
}
// Serve up the image
$server = new Server();
$server->filename($file_path);
$server->disposition('inline');
$server->acceptranges(false);
// @TODO fix byte range support
// Serve up file
if (!$server->serve()) {
// Should only get here on error
throw new RuntimeException(Lang::txt('An error occurred while trying to output the file'), 500);
} else {
exit;
}
}
/**
* Download a wiki file
*
* @return void
*/
public function downloadTask()
{
// Get some needed libraries
if (!$this->course->access('view')) {
return App::abort(404, Lang::txt('COM_COURSES_NO_COURSE_FOUND'));
}
// Get the scope of the parent page the file is attached to
$filename = Request::getVar('file', '');
if (substr(strtolower($filename), 0, strlen('image:')) == 'image:') {
$filename = substr($filename, strlen('image:'));
} else {
if (substr(strtolower($filename), 0, strlen('file:')) == 'file:') {
$filename = substr($filename, strlen('file:'));
}
}
$filename = urldecode($filename);
$filename = \Filesystem::clean($filename);
$filename = str_replace(' ', '_', $filename);
// Get the configured upload path
$base_path = DS . trim($this->config->get('filepath', '/site/courses'), DS) . DS . $this->course->get('id') . DS . 'pagefiles';
// Does the path start with a slash?
$filename = DS . ltrim($filename, DS);
// Does the beginning of the $attachment->path match the config path?
if (substr($filename, 0, strlen($base_path)) == $base_path) {
// Yes - this means the full path got saved at some point
} else {
// No - append it
$filename = $base_path . $filename;
}
// Add PATH_CORE
$filepath = PATH_APP . $filename;
// Ensure the file exist
if (!file_exists($filepath)) {
return App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . ' ' . $filename);
}
// Initiate a new content server and serve up the file
$xserver = new Server();
$xserver->filename($filepath);
$xserver->disposition('inline');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
// Should only get here on error
throw new Exception(Lang::txt('COM_COURSES_SERVER_ERROR'), 500);
} else {
exit;
}
return;
}
/**
* Download an attachment
*
* @return void
*/
public function downloadTask()
{
$file = Request::getVar('file', '');
$wishid = Request::getInt('wishid', 0);
$wish = new Wish($wishid);
// Ensure we have a path
if (!$wish->exists() || $wish->isDeleted() || $wish->isWithdrawn()) {
throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND'), 404);
}
$attachment = new Attachment($file, $wishid);
// Ensure we have a path
if (!$attachment->exists()) {
throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND'), 404);
}
//make sure that file is acceptable type
if (!$attachment->isAllowedType()) {
throw new Exception(Lang::txt('Unknown file type.'), 404);
}
// Add PATH_CORE
$filename = $attachment->link('file');
// Ensure the file exist
if (!file_exists($filename)) {
throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND') . ' ' . $filename, 404);
}
// Initiate a new content server and serve up the file
$xserver = new Server();
$xserver->filename($filename);
$xserver->disposition('attachment');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
// Should only get here on error
throw new Exception(Lang::txt('COM_WISHLIST_SERVER_ERROR'), 500);
} else {
exit;
}
return;
}
/**
* Serves up files only after passing access checks
*
* @return void
*/
public function downloadTask()
{
// Get the ID of the file requested
$id = Request::getInt('id', 0);
// Instantiate an attachment object
$attach = new Tables\Attachment($this->database);
$attach->load($id);
if (!$attach->filename) {
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404);
return;
}
$file = $attach->filename;
// Ensure we have a path
if (empty($file)) {
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404);
}
// Get the configured upload path
$basePath = DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $attach->ticket;
$file = DS . ltrim($file, DS);
// Does the beginning of the $attachment->path match the config path?
if (substr($file, 0, strlen($basePath)) == $basePath) {
// Yes - this means the full path got saved at some point
} else {
// No - append it
$file = $basePath . $file;
}
// Add root path
$filename = PATH_APP . $file;
// Ensure the file exist
if (!file_exists($filename)) {
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND') . ' ' . $filename, 404);
}
// Initiate a new content server and serve up the file
$xserver = new \Hubzero\Content\Server();
$xserver->filename($filename);
$xserver->disposition('inline');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
// Should only get here on error
throw new Exception(Lang::txt('COM_SUPPORT_SERVER_ERROR'), 404);
} else {
exit;
}
return;
}
/**
* Gets form images
*
* @apiMethod GET
* @apiUri /courses/form/image
* @apiParameter {
* "name": "id",
* "description": "Form ID",
* "type": "integer",
* "required": true,
* "default": null
* }
* @apiParameter {
* "name": "form_version",
* "description": "Form version number",
* "type": "integer",
* "required": false,
* "default": null
* }
* @apiParameter {
* "name": "file",
* "description": "Image filename",
* "type": "string",
* "required": true,
* "default": null
* }
* @apiParameter {
* "name": "token",
* "description": "Session authentication token",
* "type": "string",
* "required": true,
* "default": null
* }
* @return void
*/
public function imageTask()
{
$id = Request::getInt('id', 0);
$version = Request::getInt('form_version', 0);
$filename = Request::getVar('file', '');
$filename = urldecode($filename);
$filename = PATH_APP . DS . 'site' . DS . 'courses' . DS . 'forms' . DS . $id . DS . ($version ? $version . DS : '') . ltrim($filename, DS);
// Ensure the file exist
if (!file_exists($filename)) {
// Return message
App::abort(404, 'Image not found');
}
// Add silly simple security check
$token = Request::getString('token', false);
$session_id = App::get('session')->getId();
$secret = Config::get('secret');
$hash = hash('sha256', $session_id . ':' . $secret);
if ($token !== $hash) {
App::abort(401, 'You don\'t have permission to do this');
}
// Initiate a new content server and serve up the file
header("HTTP/1.1 200 OK");
$xserver = new Server();
$xserver->filename($filename);
$xserver->disposition('inline');
$xserver->acceptranges(false);
if (!$xserver->serve()) {
// Return message
App::abort(500, 'Failed to serve the image');
}
}
/**
* Serves up files only after passing access checks
*
* @return void
*/
public function downloadTask()
{
// Check logged in status
if (User::isGuest()) {
$return = base64_encode(Request::getVar('REQUEST_URI', Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=' . $this->_task, false, true), 'server'));
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return, false));
return;
}
// Get the ID of the file requested
$id = Request::getInt('id', 0);
// Instantiate an attachment object
$attach = new Tables\Attachment($this->database);
$attach->load($id);
if (!$attach->filename) {
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404);
}
$file = $attach->filename;
// Get the parent ticket the file is attached to
$row = new Tables\Ticket($this->database);
$row->load($attach->ticket);
if (!$row->report) {
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_TICKET_NOT_FOUND'), 404);
}
// Load ACL
if ($row->login == User::get('username') || $row->owner == User::get('id')) {
if (!$this->acl->check('read', 'tickets')) {
$this->acl->setAccess('read', 'tickets', 1);
}
}
if ($this->acl->authorize($row->group)) {
$this->acl->setAccess('read', 'tickets', 1);
}
// Ensure the user is authorized to view this file
if (!$this->acl->check('read', 'tickets')) {
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_NOT_AUTH'), 403);
}
// Ensure we have a path
if (empty($file)) {
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404);
}
// Get the configured upload path
$basePath = DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $attach->ticket;
// Does the path start with a slash?
$file = DS . ltrim($file, DS);
// Does the beginning of the $attachment->path match the config path?
if (substr($file, 0, strlen($basePath)) == $basePath) {
// Yes - this means the full path got saved at some point
} else {
// No - append it
$file = $basePath . $file;
}
// Add root path
$filename = PATH_APP . $file;
// Ensure the file exist
if (!file_exists($filename)) {
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND') . ' ' . $filename, 404);
}
// Initiate a new content server and serve up the file
$xserver = new Server();
$xserver->filename($filename);
$xserver->disposition('inline');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
// Should only get here on error
throw new Exception(Lang::txt('COM_SUPPORT_ERROR_SERVING_FILE'), 500);
} else {
exit;
}
return;
}
/**
* Download a wiki file
*
* @return void
*/
public function downloadTask()
{
$pagename = urldecode(Request::getVar('pagename', '', 'default', 'none', 2));
$pagename = explode('/', $pagename);
$filename = array_pop($pagename);
$pagename = implode('/', $pagename);
// Get the parent page the file is attached to
$this->page = Page::oneByPath($pagename, $this->page->get('scope'), $this->page->get('scope_id'));
// Load the page
if ($this->page->exists()) {
// Check if the page is group restricted and the user is not authorized
if ($this->page->get('scope') != 'site' && $this->page->get('access') != 0 && !$this->page->access('view')) {
App::abort(403, Lang::txt('COM_WIKI_WARNING_NOT_AUTH'));
}
} else {
if ($this->page->getNamespace() == 'tmp') {
$this->page->set('id', $this->page->stripNamespace());
} else {
App::abort(404, Lang::txt('COM_WIKI_PAGE_NOT_FOUND'));
}
}
$filename = $this->page->stripNamespace($filename);
// Instantiate an attachment object
$attachment = $this->page->attachments()->whereEquals('filename', $filename)->row();
// Ensure we have a path
if (!$attachment->get('filename')) {
App::abort(404, Lang::txt('COM_WIKI_FILE_NOT_FOUND'));
}
// Add root
$filename = $attachment->filespace() . DS . $this->page->get('id') . DS . ltrim($attachment->get('filename'), DS);
// Ensure the file exist
if (!file_exists($filename)) {
App::abort(404, Lang::txt('COM_WIKI_FILE_NOT_FOUND') . ' ' . $attachment->get('filename'));
}
// Initiate a new content server and serve up the file
$xserver = new Server();
$xserver->filename($filename);
$xserver->disposition('inline');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
// Should only get here on error
App::abort(500, Lang::txt('COM_WIKI_SERVER_ERROR'));
}
exit;
}
/**
* Download a wiki file
*
* @return void
*/
public function downloadTask()
{
$this->page->set('pagename', trim(Request::getVar('pagename', '', 'default', 'none', 2)));
// Instantiate an attachment object
$attachment = new Tables\Attachment($this->database);
if ($this->page->get('namespace') == 'image' || $this->page->get('namespace') == 'file') {
$attachment->filename = $this->page->denamespaced();
}
$attachment->filename = urldecode($attachment->filename);
// Get the scope of the parent page the file is attached to
if (!$this->scope) {
$this->scope = trim(Request::getVar('scope', ''));
}
$segments = explode('/', $this->scope);
$pagename = array_pop($segments);
$scope = implode('/', $segments);
// Get the parent page the file is attached to
$this->page = new Page($pagename, $scope);
// Load the page
if ($this->page->exists()) {
// Check if the page is group restricted and the user is authorized
if ($this->page->get('group_cn') != '' && $this->page->get('access') != 0 && !$this->page->access('view')) {
throw new Exception(Lang::txt('COM_WIKI_WARNING_NOT_AUTH'), 403);
}
} else {
if ($this->page->get('namespace') == 'tmp') {
$this->page->set('id', $this->page->denamespaced());
} else {
throw new Exception(Lang::txt('COM_WIKI_PAGE_NOT_FOUND'), 404);
}
}
// Ensure we have a path
if (empty($attachment->filename)) {
throw new Exception(Lang::txt('COM_WIKI_FILE_NOT_FOUND'), 404);
}
// Does the path start with a slash?
$attachment->filename = DS . ltrim($attachment->filename, DS);
// Add root
$filename = $attachment->filespace() . DS . $this->page->get('id') . $attachment->filename;
// Ensure the file exist
if (!file_exists($filename)) {
throw new Exception(Lang::txt('COM_WIKI_FILE_NOT_FOUND') . ' ' . $filename, 404);
}
// Initiate a new content server and serve up the file
$xserver = new Server();
$xserver->filename($filename);
$xserver->disposition('inline');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
// Should only get here on error
throw new Exception(Lang::txt('COM_WIKI_SERVER_ERROR'), 500);
} else {
exit;
}
return;
}
