$query = DB_query("SELECT cid,ftype,fname,tempname FROM {$_TABLES['nxfile_filesubmissions']} WHERE id={$fid}"); list($cid, $ftype, $fname, $tname) = DB_fetchARRAY($query); $directory = $_FMCONF['storage_path'] . $cid . '/submissions/'; $logfile = $_CONF['path'] . 'logs/error.log'; if ($ftype == "file") { $pos = strrpos($tname, '.') + 1; $ext = strtolower(substr($tname, $pos)); $download = new downloader(); $download->_setAvailableExtensions($_FMCONF['downloadfiletypes']); $download->setAllowedExtensions($_FMCONF['downloadfiletypes']); $download->setLogFile($logfile); $download->setLogging(true); $download->setPath($directory); $download->downloadFile($tname); DB_query("UPDATE {$_TABLES['nxfile_filedetail']} SET hits = hits +1 WHERE fid='{$fid}' "); if ($download->areErrors()) { echo $LANG_FMERR['download1']; echo $download->printWarnings(); echo $download->printErrors(); return false; } } else { $url = $fname; if ($fd = fopen($url, "rb")) { $pos = strrpos($url, "/") + 1; $fname = substr($url, $pos); if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { $fname = preg_replace('/\\./', '%2e', $fname, substr_count($fname, '.') - 1); } DB_query("UPDATE {$_TABLES['nxfile_filedetail']} SET hits = hits +1 WHERE fid='{$fid}' "); header("Cache-Control:");
public function testSetAllowedExtensionsFail() { // .pl (Perl scripts) is not allowed $dl2 = new downloader(); $dl2->setAllowedExtensions(array('jpg' => 'image/jpeg', 'pl' => 'application/x-perl')); $this->assertTrue($dl2->areErrors()); // one invalid extension will invalidate the entire list $this->assertFalse($dl2->checkExtension('jpg')); $this->assertFalse($dl2->checkExtension('jpeg')); $this->assertFalse($dl2->checkExtension('pl')); }
$dwnld = new downloader(); $logfile = $_PP_CONF['logfile']; if (!file_exists($logfile)) { $fp = fopen($logfile, "w+"); if (!$fp) { COM_errorLog("Failed to create {$logfile}", 1); } else { fwrite($fp, "**** Created Logfile ***\n"); } } if (file_exists($logfile)) { $dwnld->setLogFile($logfile); $dwnld->setLogging(true); } else { $dwnld->setLogginf(false); } $dwnld->setAllowedExtensions($_PP_CONF['allowedextensions']); $dwnld->setPath($_PP_CONF['download_path']); $dwnld->downloadFile($A['file']); // Check for errors if ($dwnld->areErrors()) { $errs = $dwnld->printErrors(false); COM_errorLog("PAYPAL-DWNLD: {$_USER['username']} tried to download " . "the file with id {$id} but for some reason could not", 1); COM_errorLog("PAYPAL-DWNLD: {$errs}", 1); echo COM_refresh($_CONF['site_url']); } $dwnld->_logItem('Download Success', "{$_USER['username']} successfully downloaded " . "the file with id {$id}."); } else { COM_errorLog("PAYPAL-DWNLD: {$_USER['username']}/{$_USER['uid']} " . "tried to download the file with id {$id} " . "but this is not a downloadable file", 1); echo COM_refresh($_CONF['site_url'] . '/index.php?msg=07&plugin=paypal'); }
function nexdoc_createArchiveFromFolder($rootfolder) { global $_CONF, $_TABLES, $_FMCONF, $_USER; $archiveDirectory = "{$_FMCONF['storage_path']}tmp/"; $zipfilename = ppRandomFilename(6) . '.zip'; if (file_exists("{$archiveDirectory}{$zipfilename}")) { @unlink("{$archiveDirectory}{$zipfilename}"); //COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename} - removing existing file"); } else { //COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename}"); } if (!fm_getPermission($rootfolder, 'view')) { COM_errorLog("User: {$_USER['uid']} does not have view access to the root folder: {$rootfolder}"); return ''; } $zip = new ZipArchive(); $zipOpenResult = $zip->open("{$archiveDirectory}{$zipfilename}", ZIPARCHIVE::CREATE); if ($zipOpenResult === TRUE) { /* If user is inside a workspace or directory then we need to process * list of files from parent folder down and add any needed folders to archive * $fileitems will contain just file id's - checking a folder will just add files to hidden form field */ $filesAdded = array(); $sql = "SELECT a.cid,a.fid,a.fname,b.pid,b.name as folder FROM {$_TABLES['nxfile_files']} a "; $sql .= "LEFT JOIN {$_TABLES['nxfile_categories']} b on b.cid=a.cid "; $sql .= "WHERE a.cid={$rootfolder}"; $query = DB_query($sql); $pfolders = array(); // Array of parent folders that I will need to create folders for in archive $files = array(); while ($A = DB_fetchArray($query)) { // Add any files now to the archive that are in the Root Folder $sourcefile = $_FMCONF['storage_path'] . "{$rootfolder}/{$A['fname']}"; if (file_exists($sourcefile)) { //COM_errorLog("$i: Adding file ({$A['fid']}): $sourcefile "); $zip->addFile($sourcefile, $A['fname']); } } if (DB_count($_TABLES['nxfile_categories'], 'pid', $cid)) { nexdoc_archiveAddParentFromFolder($zip, $rootfolder); } $zip->close(); //COM_errorLog("Completed {$archiveDirectory}{$zipfilename}, filesize: " . filesize("{$archiveDirectory}{$zipfilename}")); include_once $_CONF['path_system'] . 'classes/downloader.class.php'; $download = new downloader(); $download->setLogging(false); $download->_setAvailableExtensions(array('zip' => 'application/x-zip-compresseed')); $download->setAllowedExtensions(array('zip' => 'application/x-zip-compresseed')); $download->setPath($archiveDirectory); $download->downloadFile($zipfilename); if ($download->areErrors()) { $err = $download->printWarnings(); $err .= "\n" . $download->printErrors(); COM_errorLog("nexFile: Download error for user: {$_USER['uid']} - file: {$archiveDirectory}{$zipfilename}, Err => {$err}"); } } else { COM_errorLog("Failed to create {$archiveDirectory}{$zipfilename}, Err => {$zipOpenResult}"); } }