/**
* Handle a request for a file
*
* @param Request $request HTTP request
* @return Response
*/
public function getResponse($request)
{
$response = new Response();
$response->prepare($request);
$path = implode('/', $request->getUrlSegments());
if (!preg_match('~download-file/g(\\d+)$~', $path, $m)) {
return $response->setStatusCode(400)->setContent('Malformatted request URL');
}
$this->application->start();
$guid = (int) $m[1];
$file = get_entity($guid);
if (!$file instanceof ElggFile) {
return $response->setStatusCode(404)->setContent("File with guid {$guid} does not exist");
}
$filenameonfilestore = $file->getFilenameOnFilestore();
if (!is_readable($filenameonfilestore)) {
return $response->setStatusCode(404)->setContent('File not found');
}
$last_updated = filemtime($filenameonfilestore);
$etag = '"' . $last_updated . '"';
$response->setPublic()->setEtag($etag);
if ($response->isNotModified($request)) {
return $response;
}
$response = new BinaryFileResponse($filenameonfilestore, 200, array(), false, 'attachment');
$response->prepare($request);
$expires = strtotime('+1 year');
$expires_dt = (new DateTime())->setTimestamp($expires);
$response->setExpires($expires_dt);
$response->setEtag($etag);
return $response;
}
/**
* Handle a request for a file
*
* @param Request $request HTTP request
* @return Response
*/
public function getResponse($request)
{
$response = new Response();
$response->prepare($request);
$path = implode('/', $request->getUrlSegments());
if (!preg_match('~serve-file/e(\\d+)/l(\\d+)/d([ia])/c([01])/([a-zA-Z0-9\\-_]+)/(.*)$~', $path, $m)) {
return $response->setStatusCode(400)->setContent('Malformatted request URL');
}
list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m;
if ($expires && $expires < time()) {
return $response->setStatusCode(403)->setContent('URL has expired');
}
$etag = '"' . $last_updated . '"';
$response->setPublic()->setEtag($etag);
if ($response->isNotModified($request)) {
return $response;
}
// @todo: change to minimal boot without plugins
$this->application->bootCore();
$hmac_data = array('expires' => (int) $expires, 'last_updated' => (int) $last_updated, 'disposition' => $disposition, 'path' => $path_from_dataroot, 'use_cookie' => (int) $use_cookie);
if ((bool) $use_cookie) {
$hmac_data['cookie'] = _elgg_services()->session->getId();
}
ksort($hmac_data);
$hmac = elgg_build_hmac($hmac_data);
if (!$hmac->matchesToken($mac)) {
return $response->setStatusCode(403)->setContent('HMAC mistmatch');
}
$dataroot = _elgg_services()->config->getDataPath();
$filenameonfilestore = "{$dataroot}{$path_from_dataroot}";
if (!is_readable($filenameonfilestore)) {
return $response->setStatusCode(404)->setContent('File not found');
}
$actual_last_updated = filemtime($filenameonfilestore);
if ($actual_last_updated != $last_updated) {
return $response->setStatusCode(403)->setContent('URL has expired');
}
$public = $use_cookie ? false : true;
$content_disposition = $disposition == 'i' ? 'inline' : 'attachment';
$response = new BinaryFileResponse($filenameonfilestore, 200, array(), $public, $content_disposition);
$response->prepare($request);
if (empty($expires)) {
$expires = strtotime('+1 year');
}
$expires_dt = (new DateTime())->setTimestamp($expires);
$response->setExpires($expires_dt);
$response->setEtag($etag);
return $response;
}
/**
* Handle a request for a file
*
* @param Request $request HTTP request
* @return Response
*/
public function getResponse(Request $request)
{
$response = new Response();
$response->prepare($request);
$path = implode('/', $request->getUrlSegments());
if (!preg_match('~serve-file/e(\\d+)/l(\\d+)/d([ia])/c([01])/([a-zA-Z0-9\\-_]+)/(.*)$~', $path, $m)) {
return $response->setStatusCode(400)->setContent('Malformatted request URL');
}
list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m;
if ($expires && $expires < time()) {
return $response->setStatusCode(403)->setContent('URL has expired');
}
$hmac_data = array('expires' => (int) $expires, 'last_updated' => (int) $last_updated, 'disposition' => $disposition, 'path' => $path_from_dataroot, 'use_cookie' => (int) $use_cookie);
if ((bool) $use_cookie) {
$hmac_data['cookie'] = $this->getCookieValue($request);
}
ksort($hmac_data);
$hmac = $this->crypto->getHmac($hmac_data);
if (!$hmac->matchesToken($mac)) {
return $response->setStatusCode(403)->setContent('HMAC mistmatch');
}
$dataroot = $this->config->getDataPath();
$filenameonfilestore = "{$dataroot}{$path_from_dataroot}";
if (!is_readable($filenameonfilestore)) {
return $response->setStatusCode(404)->setContent('File not found');
}
$actual_last_updated = filemtime($filenameonfilestore);
if ($actual_last_updated != $last_updated) {
return $response->setStatusCode(403)->setContent('URL has expired');
}
$if_none_match = $request->headers->get('if_none_match');
if (!empty($if_none_match)) {
// strip mod_deflate suffixes
$request->headers->set('if_none_match', str_replace('-gzip', '', $if_none_match));
}
$etag = '"' . $actual_last_updated . '"';
$response->setPublic()->setEtag($etag);
if ($response->isNotModified($request)) {
return $response;
}
$public = $use_cookie ? false : true;
$content_disposition = $disposition == 'i' ? 'inline' : 'attachment';
$headers = ['Content-Type' => (new MimeTypeDetector())->getType($filenameonfilestore)];
$response = new BinaryFileResponse($filenameonfilestore, 200, $headers, $public, $content_disposition);
$sendfile_type = $this->config->getVolatile('X-Sendfile-Type');
if ($sendfile_type) {
$request->headers->set('X-Sendfile-Type', $sendfile_type);
$mapping = (string) $this->config->getVolatile('X-Accel-Mapping');
$request->headers->set('X-Accel-Mapping', $mapping);
$response->trustXSendfileTypeHeader();
}
$response->prepare($request);
if (empty($expires)) {
$expires = strtotime('+1 year');
}
$expires_dt = (new DateTime())->setTimestamp($expires);
$response->setExpires($expires_dt);
$response->setEtag($etag);
return $response;
}
});
$app->get('/tidus_laugh.{ext}', function ($ext) use($app) {
$sth = $app['db']->prepare('SELECT mime_type FROM extensions WHERE extension = ?');
$sth->bindValue(1, $ext, \PDO::PARAM_STR);
$sth->execute();
$mimeType = $sth->fetchColumn();
if (!is_string($mimeType)) {
$app->abort(404, 'No such extension');
}
$filename = __DIR__ . "/repository/tidus_laugh.{$ext}";
$expiresDate = new \DateTime();
$expiresDate->modify('+1 day');
$response = new BinaryFileResponse($filename);
$response->headers->set('Content-Type', $mimeType);
$response->setPublic();
$response->setExpires($expiresDate);
return $response;
})->assert('ext', '^[0-9a-z]+$');
$app->get('/manage', function () use($app) {
$extensions = $app['db']->fetchAll('SELECT * FROM extensions ORDER BY extension ASC');
return $app->render('manage.html.twig', ['extensions' => $extensions]);
});
$app->post('/new', function (Request $request) use($app) {
$extension = $request->request->get('extension');
$mimeType = $request->request->get('mime_type');
$password = $request->request->get('password');
foreach ([$extension, $mimeType, $password] as $input) {
if (!is_string($input) || !strlen($input)) {
$app->abort(403, 'Bad input');
}
}
