echo 'You do not have access rights to this file. Your attempt has been logged.';
echo COM_endBlock();
echo COM_siteFooter();
}
if (DB_count($_TABLES['nxfile_filesubmissions'], 'id', $fid) > 0) {
include_once $_CONF['path_system'] . 'classes/downloader.class.php';
$query = DB_query("SELECT cid,ftype,fname,tempname FROM {$_TABLES['nxfile_filesubmissions']} WHERE id={$fid}");
list($cid, $ftype, $fname, $tname) = DB_fetchARRAY($query);
$directory = $_FMCONF['storage_path'] . $cid . '/submissions/';
$logfile = $_CONF['path'] . 'logs/error.log';
if ($ftype == "file") {
$pos = strrpos($tname, '.') + 1;
$ext = strtolower(substr($tname, $pos));
$download = new downloader();
$download->_setAvailableExtensions($_FMCONF['downloadfiletypes']);
$download->setAllowedExtensions($_FMCONF['downloadfiletypes']);
$download->setLogFile($logfile);
$download->setLogging(true);
$download->setPath($directory);
$download->downloadFile($tname);
DB_query("UPDATE {$_TABLES['nxfile_filedetail']} SET hits = hits +1 WHERE fid='{$fid}' ");
if ($download->areErrors()) {
echo $LANG_FMERR['download1'];
echo $download->printWarnings();
echo $download->printErrors();
return false;
}
} else {
$url = $fname;
if ($fd = fopen($url, "rb")) {
$pos = strrpos($url, "/") + 1;
/**
* Download a backup file
*
* @param string $file Filename (without the path)
* @return void
* @note Filename should have been sanitized and checked before calling this.
*
*/
function DBADMIN_download($file)
{
global $_CONF;
require_once $_CONF['path_system'] . 'classes/downloader.class.php';
$dl = new downloader();
$dl->setLogFile($_CONF['path'] . 'logs/error.log');
$dl->setLogging(true);
$dl->setDebug(true);
$dl->setPath($_CONF['backup_path']);
$dl->setAllowedExtensions(array('sql' => 'application/x-gzip-compressed', 'gz' => 'application/x-gzip-compressed'));
$dl->downloadFile($file);
}
$dwnld = new downloader();
$logfile = $_PP_CONF['logfile'];
if (!file_exists($logfile)) {
$fp = fopen($logfile, "w+");
if (!$fp) {
COM_errorLog("Failed to create {$logfile}", 1);
} else {
fwrite($fp, "**** Created Logfile ***\n");
}
}
if (file_exists($logfile)) {
$dwnld->setLogFile($logfile);
$dwnld->setLogging(true);
} else {
$dwnld->setLogginf(false);
}
$dwnld->setAllowedExtensions($_PP_CONF['allowedextensions']);
$dwnld->setPath($_PP_CONF['download_path']);
$dwnld->downloadFile($A['file']);
// Check for errors
if ($dwnld->areErrors()) {
$errs = $dwnld->printErrors(false);
COM_errorLog("PAYPAL-DWNLD: {$_USER['username']} tried to download " . "the file with id {$id} but for some reason could not", 1);
COM_errorLog("PAYPAL-DWNLD: {$errs}", 1);
echo COM_refresh($_CONF['site_url']);
}
$dwnld->_logItem('Download Success', "{$_USER['username']} successfully downloaded " . "the file with id {$id}.");
} else {
COM_errorLog("PAYPAL-DWNLD: {$_USER['username']}/{$_USER['uid']} " . "tried to download the file with id {$id} " . "but this is not a downloadable file", 1);
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=07&plugin=paypal');
}
$exportscript .= '<?php' . LB;
$exportscript .= '// Export Form Defintion for: ' . DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$formid}'") . LB;
$exportscript .= '// Date: ' . $date[0] . LB . LB;
$i = 1;
foreach ($exportforms as $formid) {
$exportscript .= LB . LB . '# Export Form Definitions ' . LB;
$exportscript .= generateSQL('formDefinitions', $formid, "900{$i}");
$exportscript .= LB . '# Export Field Definitions ' . LB;
$exportscript .= generateSQL('formFields', $formid, "900{$i}");
$i++;
}
$exportscript .= LB . '?>';
if (!($fp = @fopen($downloadDirectory . $file, "w"))) {
COM_errorLog("Error exporting form definition - Unable to write to file: {$exportfile}");
} else {
fwrite($fp, $exportscript);
fclose($fp);
// Send new file to user's browser
$download = new downloader();
$download->_setAvailableExtensions($downloadFileType);
$download->setAllowedExtensions($downloadFileType);
$download->setPath($downloadDirectory);
$logfile = $_CONF['path'] . 'logs/error.log';
$download->setLogFile($logfile);
$download->setLogging(true);
$download->downloadFile($file);
if ($download->areErrors()) {
COM_errorLog("Error downloading nexform Export SQL file: " . $download->printErrors());
}
}
}
// | |
// +---------------------------------------------------------------------------+
/**
* For really strict webhosts, this file an be used to show images in pages that
* serve the images from outside of the webtree to a place that the webserver
* user can actually write too
*
* @author Tony Bibbs, tony AT tonybibbs DOT com
*
*/
require_once 'lib-common.php';
require_once $_CONF['path_system'] . 'classes/downloader.class.php';
$downloader = new downloader();
$downloader->setLogFile($_CONF['path_log'] . 'error.log');
$downloader->setLogging(true);
$downloader->setAllowedExtensions(array('gif' => 'image/gif', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'png' => 'image/png', 'png' => 'image/x-png'));
COM_setArgNames(array('mode', 'image'));
$mode = COM_applyFilter(COM_getArgument('mode'));
$image = COM_applyFilter(COM_getArgument('image'));
if (strstr($image, '..')) {
// Can you believe this, some jackass tried to relative pathing to access
// files they shouldn't have access to?
COM_accessLog('Someone tried to illegally access files using getimage.php');
exit;
}
// Set the path properly
switch ($mode) {
case 'show':
case 'articles':
$downloader->setPath($_CONF['path_images'] . 'articles/');
break;
public function testSetAllowedExtensionsFail()
{
// .pl (Perl scripts) is not allowed
$dl2 = new downloader();
$dl2->setAllowedExtensions(array('jpg' => 'image/jpeg', 'pl' => 'application/x-perl'));
$this->assertTrue($dl2->areErrors());
// one invalid extension will invalidate the entire list
$this->assertFalse($dl2->checkExtension('jpg'));
$this->assertFalse($dl2->checkExtension('jpeg'));
$this->assertFalse($dl2->checkExtension('pl'));
}
function nexdoc_createArchiveFromFolder($rootfolder)
{
global $_CONF, $_TABLES, $_FMCONF, $_USER;
$archiveDirectory = "{$_FMCONF['storage_path']}tmp/";
$zipfilename = ppRandomFilename(6) . '.zip';
if (file_exists("{$archiveDirectory}{$zipfilename}")) {
@unlink("{$archiveDirectory}{$zipfilename}");
//COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename} - removing existing file");
} else {
//COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename}");
}
if (!fm_getPermission($rootfolder, 'view')) {
COM_errorLog("User: {$_USER['uid']} does not have view access to the root folder: {$rootfolder}");
return '';
}
$zip = new ZipArchive();
$zipOpenResult = $zip->open("{$archiveDirectory}{$zipfilename}", ZIPARCHIVE::CREATE);
if ($zipOpenResult === TRUE) {
/* If user is inside a workspace or directory then we need to process
* list of files from parent folder down and add any needed folders to archive
* $fileitems will contain just file id's - checking a folder will just add files to hidden form field
*/
$filesAdded = array();
$sql = "SELECT a.cid,a.fid,a.fname,b.pid,b.name as folder FROM {$_TABLES['nxfile_files']} a ";
$sql .= "LEFT JOIN {$_TABLES['nxfile_categories']} b on b.cid=a.cid ";
$sql .= "WHERE a.cid={$rootfolder}";
$query = DB_query($sql);
$pfolders = array();
// Array of parent folders that I will need to create folders for in archive
$files = array();
while ($A = DB_fetchArray($query)) {
// Add any files now to the archive that are in the Root Folder
$sourcefile = $_FMCONF['storage_path'] . "{$rootfolder}/{$A['fname']}";
if (file_exists($sourcefile)) {
//COM_errorLog("$i: Adding file ({$A['fid']}): $sourcefile ");
$zip->addFile($sourcefile, $A['fname']);
}
}
if (DB_count($_TABLES['nxfile_categories'], 'pid', $cid)) {
nexdoc_archiveAddParentFromFolder($zip, $rootfolder);
}
$zip->close();
//COM_errorLog("Completed {$archiveDirectory}{$zipfilename}, filesize: " . filesize("{$archiveDirectory}{$zipfilename}"));
include_once $_CONF['path_system'] . 'classes/downloader.class.php';
$download = new downloader();
$download->setLogging(false);
$download->_setAvailableExtensions(array('zip' => 'application/x-zip-compresseed'));
$download->setAllowedExtensions(array('zip' => 'application/x-zip-compresseed'));
$download->setPath($archiveDirectory);
$download->downloadFile($zipfilename);
if ($download->areErrors()) {
$err = $download->printWarnings();
$err .= "\n" . $download->printErrors();
COM_errorLog("nexFile: Download error for user: {$_USER['uid']} - file: {$archiveDirectory}{$zipfilename}, Err => {$err}");
}
} else {
COM_errorLog("Failed to create {$archiveDirectory}{$zipfilename}, Err => {$zipOpenResult}");
}
}
