/**
* Download a file
*
* @param string $filename File name
* @return void
*/
public function downloadTask($filename)
{
//get the course
$course = Course::getInstance($this->gid);
//authorize
$authorized = $this->_authorize();
//get the file name
if (substr(strtolower($filename), 0, 5) == 'image') {
$file = urldecode(substr($filename, 6));
} elseif (substr(strtolower($filename), 0, 4) == 'file') {
$file = urldecode(substr($filename, 5));
}
//if were on the wiki we need to output files a specific way
if ($this->active == 'wiki') {
//check to make sure user has access to wiki section
if (!in_array(User::get('id'), $course->get('members')) || User::isGuest()) {
return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file);
}
//load wiki page from db
require_once PATH_CORE . DS . 'components' . DS . 'com_wiki' . DS . 'tables' . DS . 'page.php';
$page = new \Components\Wiki\Tables\Page($this->database);
$page->load(Request::getVar('pagename'), $course->get('cn') . DS . 'wiki');
//check specific wiki page access
if ($page->get('access') == 1 && !in_array(User::get('id'), $course->get('members')) && $authorized != 'admin') {
return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file);
}
//get the config and build base path
$wiki_config = Component::params('com_wiki');
$base_path = $wiki_config->get('filepath') . DS . $page->get('id');
} else {
//check to make sure we can access it
if (!in_array(User::get('id'), $course->get('members')) || User::isGuest()) {
return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file);
}
// Build the path
$base_path = $this->config->get('uploadpath');
$base_path .= DS . $course->get('gidNumber');
}
// Final path of file
$file_path = $base_path . DS . $file;
// Ensure the file exist
if (!file_exists(PATH_APP . DS . $file_path)) {
return App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . ' ' . $file);
}
// Serve up the file
$xserver = new \Hubzero\Content\Server();
$xserver->filename(PATH_APP . DS . $file_path);
$xserver->disposition('attachment');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
return App::abort(404, Lang::txt('COM_COURSES_SERVER_ERROR'));
} else {
exit;
}
return;
}
/**
* Download a file
*
* @param string $filename File name
* @return void
*/
public function downloadTask($filename = "")
{
//get the group
$group = Group::getInstance($this->cn);
// make sure we have a group
if (!is_object($group)) {
return;
}
//authorize
$authorized = $this->_authorize();
//get the file name
if (substr(strtolower($filename), 0, 5) == 'image') {
$file = urldecode(substr($filename, 6));
} elseif (substr(strtolower($filename), 0, 4) == 'file') {
$file = urldecode(substr($filename, 5));
} else {
return;
}
// clean up file, strip double "uploads" & trim directory sep
$file = str_replace('uploads', '', $file);
$file = ltrim($file, DS);
// get extension
$extension = pathinfo($file, PATHINFO_EXTENSION);
//if were on the wiki we need to output files a specific way
if ($this->active == 'wiki') {
//get access level for wiki
$access = Group\Helper::getPluginAccess($group, 'wiki');
//check to make sure user has access to wiki section
if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) {
$this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file);
}
//load wiki page from db
require_once PATH_CORE . DS . 'components' . DS . 'com_wiki' . DS . 'tables' . DS . 'page.php';
$page = new \Components\Wiki\Tables\Page($this->database);
$pagename = Request::getVar('pagename');
$scope = Request::getVar('scope', $group->get('cn') . DS . 'wiki');
if ($scope) {
$parts = explode('/', $scope);
if (count($parts) > 2) {
$pagename = array_pop($parts);
if (strtolower($filename) == strtolower($pagename)) {
$pagename = array_pop($parts);
}
$scope = implode('/', $parts);
}
}
$page->load($pagename, $scope);
//check specific wiki page access
if ($page->get('access') == 1 && !in_array(User::get('id'), $group->get('members')) && $authorized != 'admin') {
$this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file);
return;
}
//get the config and build base path
$wiki_config = \Component::params('com_wiki');
$base_path = $wiki_config->get('filepath') . DS . $page->get('id');
} elseif ($this->active == 'blog') {
//get access setting of group blog
$access = Group\Helper::getPluginAccess($group, 'blog');
//make sure user has access to blog
if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) {
$this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file);
}
//make sure we have a group id of the proper length
$groupID = Group\Helper::niceidformat($group->get('gidNumber'));
//buld path to blog folder
$base_path = $this->config->get('uploadpath') . DS . $groupID . DS . 'blog';
if (!file_exists(PATH_APP . DS . $base_path . DS . $file)) {
$base_path = $this->config->get('uploadpath') . DS . $group->get('gidNumber') . DS . 'uploads' . DS . 'blog';
}
} else {
//get access level for overview or other group pages
$access = Group\Helper::getPluginAccess($group, 'overview');
//check to make sure we can access it
if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) {
$this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file);
}
// Build the path
$base_path = $this->config->get('uploadpath');
$base_path .= DS . $group->get('gidNumber') . DS . 'uploads';
}
// trim base path
$base_path = ltrim($base_path, DS);
// only can serve files from within /site/groups/{group_id}/uploads/
$pathCheck = PATH_APP . DS . $base_path;
// Final path of file
$file_path = $base_path . DS . $file;
$alt_file_path = null;
// if super group offer alt path outside uploads
if ($group->isSuperGroup()) {
$alt_file_path = str_replace('/uploads', '', $base_path) . DS . $file;
// if super group can serve files anywhere inside /site/groups/{group_id}
$altPathCheck = PATH_APP . DS . ltrim($alt_file_path);
}
// Ensure the file exist
if (!file_exists(PATH_APP . DS . $file_path)) {
if ($alt_file_path == null || !file_exists(PATH_APP . DS . $alt_file_path)) {
$this->_errorHandler(404, Lang::txt('COM_GROUPS_ERROR_FILE_NOT_FOUND') . ' ' . $file);
return;
} else {
$file_path = $alt_file_path;
$pathCheck = $altPathCheck;
}
}
// get full path, expanding ../
if ($realPath = realpath(PATH_APP . DS . $file_path)) {
// make sure requested file is within acceptable dir
if (strpos($realPath, $pathCheck) === false) {
$this->_errorHandler(404, Lang::txt('COM_GROUPS_ERROR_FILE_NOT_FOUND') . ' ' . $file);
return;
}
}
// new content server
$contentServer = new \Hubzero\Content\Server();
$contentServer->filename(PATH_APP . DS . $file_path);
$contentServer->disposition('attachment');
$contentServer->acceptranges(false);
// do we need to manually set mime type
if ($extension == 'css') {
$contentServer->setContentType('text/css');
}
// Serve up the file
if (!$contentServer->serve()) {
App::abort(404, Lang::txt('COM_GROUPS_SERVER_ERROR'));
} else {
exit;
}
return;
}
