/**
* Send a file to the browser so the "save as …" dialogue opens
*
* @param string $strFile The file path
*/
public static function sendFileToBrowser($strFile)
{
// Make sure there are no attempts to hack the file system
if (preg_match('@^\\.+@i', $strFile) || preg_match('@\\.+/@i', $strFile) || preg_match('@(://)+@i', $strFile)) {
throw new PageNotFoundException('Invalid file name');
}
// Limit downloads to the files directory
if (!preg_match('@^' . preg_quote(\Config::get('uploadPath'), '@') . '@i', $strFile)) {
throw new PageNotFoundException('Invalid path');
}
// Check whether the file exists
if (!file_exists(TL_ROOT . '/' . $strFile)) {
throw new PageNotFoundException('File not found');
}
$objFile = new \File($strFile);
$arrAllowedTypes = trimsplit(',', strtolower(\Config::get('allowedDownload')));
// Check whether the file type is allowed to be downloaded
if (!in_array($objFile->extension, $arrAllowedTypes)) {
throw new AccessDeniedException(sprintf('File type "%s" is not allowed', $objFile->extension));
}
// HOOK: post download callback
if (isset($GLOBALS['TL_HOOKS']['postDownload']) && is_array($GLOBALS['TL_HOOKS']['postDownload'])) {
foreach ($GLOBALS['TL_HOOKS']['postDownload'] as $callback) {
static::importStatic($callback[0])->{$callback}[1]($strFile);
}
}
// Send the file (will stop the script execution)
$objFile->sendToBrowser();
}
/**
* Export a theme
*
* @param DataContainer $dc
*/
public function exportTheme(DataContainer $dc)
{
// Get the theme meta data
$objTheme = $this->Database->prepare("SELECT * FROM tl_theme WHERE id=?")->limit(1)->execute($dc->id);
if ($objTheme->numRows < 1) {
return;
}
// Romanize the name
$strName = Utf8::toAscii($objTheme->name);
$strName = strtolower(str_replace(' ', '_', $strName));
$strName = preg_replace('/[^A-Za-z0-9._-]/', '', $strName);
$strName = basename($strName);
// Create a new XML document
$xml = new \DOMDocument('1.0', 'UTF-8');
$xml->formatOutput = true;
// Root element
$tables = $xml->createElement('tables');
$tables = $xml->appendChild($tables);
// Add the tables
$this->addTableTlTheme($xml, $tables, $objTheme);
$this->addTableTlStyleSheet($xml, $tables, $objTheme);
$this->addTableTlImageSize($xml, $tables, $objTheme);
$this->addTableTlModule($xml, $tables, $objTheme);
$this->addTableTlLayout($xml, $tables, $objTheme);
// Generate the archive
$strTmp = md5(uniqid(mt_rand(), true));
$objArchive = new \ZipWriter('system/tmp/' . $strTmp);
// Add the files
$this->addTableTlFiles($xml, $tables, $objTheme, $objArchive);
// Add the template files
$this->addTemplatesToArchive($objArchive, $objTheme->templates);
// HOOK: add custom logic
if (isset($GLOBALS['TL_HOOKS']['exportTheme']) && is_array($GLOBALS['TL_HOOKS']['exportTheme'])) {
foreach ($GLOBALS['TL_HOOKS']['exportTheme'] as $callback) {
\System::importStatic($callback[0])->{$callback[1]}($xml, $objArchive, $objTheme->id);
}
}
// Add the XML document
$objArchive->addString($xml->saveXML(), 'theme.xml');
// Close the archive
$objArchive->close();
// Open the "save as …" dialogue
$objFile = new \File('system/tmp/' . $strTmp);
$objFile->sendToBrowser($strName . '.cto');
}
/**
* Run the controller and parse the template
*
* @return Response
*/
public function run()
{
if ($this->strFile == '') {
die('No file given');
}
// Make sure there are no attempts to hack the file system
if (preg_match('@^\\.+@i', $this->strFile) || preg_match('@\\.+/@i', $this->strFile) || preg_match('@(://)+@i', $this->strFile)) {
die('Invalid file name');
}
// Limit preview to the files directory
if (!preg_match('@^' . preg_quote(\Config::get('uploadPath'), '@') . '@i', $this->strFile)) {
die('Invalid path');
}
// Check whether the file exists
if (!file_exists(TL_ROOT . '/' . $this->strFile)) {
die('File not found');
}
// Check whether the file is mounted (thanks to Marko Cupic)
if (!$this->User->hasAccess($this->strFile, 'filemounts')) {
die('Permission denied');
}
// Open the download dialogue
if (\Input::get('download')) {
$objFile = new \File($this->strFile);
$objFile->sendToBrowser();
}
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_popup');
// Add the resource (see #6880)
if (($objModel = \FilesModel::findByPath($this->strFile)) === null) {
if (\Dbafs::shouldBeSynchronized($this->strFile)) {
$objModel = \Dbafs::addResource($this->strFile);
}
}
if ($objModel !== null) {
$objTemplate->uuid = \StringUtil::binToUuid($objModel->uuid);
// see #5211
}
// Add the file info
if (is_dir(TL_ROOT . '/' . $this->strFile)) {
$objFile = new \Folder($this->strFile);
$objTemplate->filesize = $this->getReadableSize($objFile->size) . ' (' . number_format($objFile->size, 0, $GLOBALS['TL_LANG']['MSC']['decimalSeparator'], $GLOBALS['TL_LANG']['MSC']['thousandsSeparator']) . ' Byte)';
} else {
$objFile = new \File($this->strFile);
// Image
if ($objFile->isImage) {
$objTemplate->isImage = true;
$objTemplate->width = $objFile->width;
$objTemplate->height = $objFile->height;
$objTemplate->src = $this->urlEncode($this->strFile);
}
$objTemplate->href = ampersand(\Environment::get('request'), true) . '&download=1';
$objTemplate->filesize = $this->getReadableSize($objFile->filesize) . ' (' . number_format($objFile->filesize, 0, $GLOBALS['TL_LANG']['MSC']['decimalSeparator'], $GLOBALS['TL_LANG']['MSC']['thousandsSeparator']) . ' Byte)';
}
$objTemplate->icon = $objFile->icon;
$objTemplate->mime = $objFile->mime;
$objTemplate->ctime = \Date::parse(\Config::get('datimFormat'), $objFile->ctime);
$objTemplate->mtime = \Date::parse(\Config::get('datimFormat'), $objFile->mtime);
$objTemplate->atime = \Date::parse(\Config::get('datimFormat'), $objFile->atime);
$objTemplate->path = specialchars($this->strFile);
$objTemplate->theme = \Backend::getTheme();
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->title = specialchars($this->strFile);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->label_uuid = $GLOBALS['TL_LANG']['MSC']['fileUuid'];
$objTemplate->label_imagesize = $GLOBALS['TL_LANG']['MSC']['fileImageSize'];
$objTemplate->label_filesize = $GLOBALS['TL_LANG']['MSC']['fileSize'];
$objTemplate->label_ctime = $GLOBALS['TL_LANG']['MSC']['fileCreated'];
$objTemplate->label_mtime = $GLOBALS['TL_LANG']['MSC']['fileModified'];
$objTemplate->label_atime = $GLOBALS['TL_LANG']['MSC']['fileAccessed'];
$objTemplate->label_path = $GLOBALS['TL_LANG']['MSC']['filePath'];
$objTemplate->download = specialchars($GLOBALS['TL_LANG']['MSC']['fileDownload']);
return $objTemplate->getResponse();
}
