echo 'You do not have access rights to this file. Your attempt has been logged.'; echo COM_endBlock(); echo COM_siteFooter(); } if (DB_count($_TABLES['nxfile_filesubmissions'], 'id', $fid) > 0) { include_once $_CONF['path_system'] . 'classes/downloader.class.php'; $query = DB_query("SELECT cid,ftype,fname,tempname FROM {$_TABLES['nxfile_filesubmissions']} WHERE id={$fid}"); list($cid, $ftype, $fname, $tname) = DB_fetchARRAY($query); $directory = $_FMCONF['storage_path'] . $cid . '/submissions/'; $logfile = $_CONF['path'] . 'logs/error.log'; if ($ftype == "file") { $pos = strrpos($tname, '.') + 1; $ext = strtolower(substr($tname, $pos)); $download = new downloader(); $download->_setAvailableExtensions($_FMCONF['downloadfiletypes']); $download->setAllowedExtensions($_FMCONF['downloadfiletypes']); $download->setLogFile($logfile); $download->setLogging(true); $download->setPath($directory); $download->downloadFile($tname); DB_query("UPDATE {$_TABLES['nxfile_filedetail']} SET hits = hits +1 WHERE fid='{$fid}' "); if ($download->areErrors()) { echo $LANG_FMERR['download1']; echo $download->printWarnings(); echo $download->printErrors(); return false; } } else { $url = $fname; if ($fd = fopen($url, "rb")) { $pos = strrpos($url, "/") + 1;
/** * Download a backup file * * @param string $file Filename (without the path) * @return void * @note Filename should have been sanitized and checked before calling this. * */ function DBADMIN_download($file) { global $_CONF; require_once $_CONF['path_system'] . 'classes/downloader.class.php'; $dl = new downloader(); $dl->setLogFile($_CONF['path'] . 'logs/error.log'); $dl->setLogging(true); $dl->setDebug(true); $dl->setPath($_CONF['backup_path']); $dl->setAllowedExtensions(array('sql' => 'application/x-gzip-compressed', 'gz' => 'application/x-gzip-compressed')); $dl->downloadFile($file); }
$dwnld = new downloader(); $logfile = $_PP_CONF['logfile']; if (!file_exists($logfile)) { $fp = fopen($logfile, "w+"); if (!$fp) { COM_errorLog("Failed to create {$logfile}", 1); } else { fwrite($fp, "**** Created Logfile ***\n"); } } if (file_exists($logfile)) { $dwnld->setLogFile($logfile); $dwnld->setLogging(true); } else { $dwnld->setLogginf(false); } $dwnld->setAllowedExtensions($_PP_CONF['allowedextensions']); $dwnld->setPath($_PP_CONF['download_path']); $dwnld->downloadFile($A['file']); // Check for errors if ($dwnld->areErrors()) { $errs = $dwnld->printErrors(false); COM_errorLog("PAYPAL-DWNLD: {$_USER['username']} tried to download " . "the file with id {$id} but for some reason could not", 1); COM_errorLog("PAYPAL-DWNLD: {$errs}", 1); echo COM_refresh($_CONF['site_url']); } $dwnld->_logItem('Download Success', "{$_USER['username']} successfully downloaded " . "the file with id {$id}."); } else { COM_errorLog("PAYPAL-DWNLD: {$_USER['username']}/{$_USER['uid']} " . "tried to download the file with id {$id} " . "but this is not a downloadable file", 1); echo COM_refresh($_CONF['site_url'] . '/index.php?msg=07&plugin=paypal'); }
$exportscript .= '<?php' . LB; $exportscript .= '// Export Form Defintion for: ' . DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$formid}'") . LB; $exportscript .= '// Date: ' . $date[0] . LB . LB; $i = 1; foreach ($exportforms as $formid) { $exportscript .= LB . LB . '# Export Form Definitions ' . LB; $exportscript .= generateSQL('formDefinitions', $formid, "900{$i}"); $exportscript .= LB . '# Export Field Definitions ' . LB; $exportscript .= generateSQL('formFields', $formid, "900{$i}"); $i++; } $exportscript .= LB . '?>'; if (!($fp = @fopen($downloadDirectory . $file, "w"))) { COM_errorLog("Error exporting form definition - Unable to write to file: {$exportfile}"); } else { fwrite($fp, $exportscript); fclose($fp); // Send new file to user's browser $download = new downloader(); $download->_setAvailableExtensions($downloadFileType); $download->setAllowedExtensions($downloadFileType); $download->setPath($downloadDirectory); $logfile = $_CONF['path'] . 'logs/error.log'; $download->setLogFile($logfile); $download->setLogging(true); $download->downloadFile($file); if ($download->areErrors()) { COM_errorLog("Error downloading nexform Export SQL file: " . $download->printErrors()); } } }
// | | // +---------------------------------------------------------------------------+ /** * For really strict webhosts, this file an be used to show images in pages that * serve the images from outside of the webtree to a place that the webserver * user can actually write too * * @author Tony Bibbs, tony AT tonybibbs DOT com * */ require_once 'lib-common.php'; require_once $_CONF['path_system'] . 'classes/downloader.class.php'; $downloader = new downloader(); $downloader->setLogFile($_CONF['path_log'] . 'error.log'); $downloader->setLogging(true); $downloader->setAllowedExtensions(array('gif' => 'image/gif', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'png' => 'image/png', 'png' => 'image/x-png')); COM_setArgNames(array('mode', 'image')); $mode = COM_applyFilter(COM_getArgument('mode')); $image = COM_applyFilter(COM_getArgument('image')); if (strstr($image, '..')) { // Can you believe this, some jackass tried to relative pathing to access // files they shouldn't have access to? COM_accessLog('Someone tried to illegally access files using getimage.php'); exit; } // Set the path properly switch ($mode) { case 'show': case 'articles': $downloader->setPath($_CONF['path_images'] . 'articles/'); break;
public function testSetAllowedExtensionsFail() { // .pl (Perl scripts) is not allowed $dl2 = new downloader(); $dl2->setAllowedExtensions(array('jpg' => 'image/jpeg', 'pl' => 'application/x-perl')); $this->assertTrue($dl2->areErrors()); // one invalid extension will invalidate the entire list $this->assertFalse($dl2->checkExtension('jpg')); $this->assertFalse($dl2->checkExtension('jpeg')); $this->assertFalse($dl2->checkExtension('pl')); }
function nexdoc_createArchiveFromFolder($rootfolder) { global $_CONF, $_TABLES, $_FMCONF, $_USER; $archiveDirectory = "{$_FMCONF['storage_path']}tmp/"; $zipfilename = ppRandomFilename(6) . '.zip'; if (file_exists("{$archiveDirectory}{$zipfilename}")) { @unlink("{$archiveDirectory}{$zipfilename}"); //COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename} - removing existing file"); } else { //COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename}"); } if (!fm_getPermission($rootfolder, 'view')) { COM_errorLog("User: {$_USER['uid']} does not have view access to the root folder: {$rootfolder}"); return ''; } $zip = new ZipArchive(); $zipOpenResult = $zip->open("{$archiveDirectory}{$zipfilename}", ZIPARCHIVE::CREATE); if ($zipOpenResult === TRUE) { /* If user is inside a workspace or directory then we need to process * list of files from parent folder down and add any needed folders to archive * $fileitems will contain just file id's - checking a folder will just add files to hidden form field */ $filesAdded = array(); $sql = "SELECT a.cid,a.fid,a.fname,b.pid,b.name as folder FROM {$_TABLES['nxfile_files']} a "; $sql .= "LEFT JOIN {$_TABLES['nxfile_categories']} b on b.cid=a.cid "; $sql .= "WHERE a.cid={$rootfolder}"; $query = DB_query($sql); $pfolders = array(); // Array of parent folders that I will need to create folders for in archive $files = array(); while ($A = DB_fetchArray($query)) { // Add any files now to the archive that are in the Root Folder $sourcefile = $_FMCONF['storage_path'] . "{$rootfolder}/{$A['fname']}"; if (file_exists($sourcefile)) { //COM_errorLog("$i: Adding file ({$A['fid']}): $sourcefile "); $zip->addFile($sourcefile, $A['fname']); } } if (DB_count($_TABLES['nxfile_categories'], 'pid', $cid)) { nexdoc_archiveAddParentFromFolder($zip, $rootfolder); } $zip->close(); //COM_errorLog("Completed {$archiveDirectory}{$zipfilename}, filesize: " . filesize("{$archiveDirectory}{$zipfilename}")); include_once $_CONF['path_system'] . 'classes/downloader.class.php'; $download = new downloader(); $download->setLogging(false); $download->_setAvailableExtensions(array('zip' => 'application/x-zip-compresseed')); $download->setAllowedExtensions(array('zip' => 'application/x-zip-compresseed')); $download->setPath($archiveDirectory); $download->downloadFile($zipfilename); if ($download->areErrors()) { $err = $download->printWarnings(); $err .= "\n" . $download->printErrors(); COM_errorLog("nexFile: Download error for user: {$_USER['uid']} - file: {$archiveDirectory}{$zipfilename}, Err => {$err}"); } } else { COM_errorLog("Failed to create {$archiveDirectory}{$zipfilename}, Err => {$zipOpenResult}"); } }