public function load()
{
// In case of the page:
if (isset($_GET['download'])) {
header('Content-Disposition: attachment; filename=' . $_GET['download']);
}
// In case of a file:
if (isset($_GET['file'])) {
// include_once('event.force_download.config.php');
$driver = ExtensionManager::getInstance('force_download');
/* @var $driver extension_force_download */
$allowedDirs = $driver->getLocations();
$pathInfo = pathinfo($_GET['file']);
// Check to see if the directory is allowed to direct-download from:
$wildCardMatch = false;
$info = pathinfo($_GET['file']);
foreach ($allowedDirs as $allowedDir) {
if (strstr($allowedDir, '/*') !== false) {
$match = str_replace('/*', '', $allowedDir);
if (strstr($match, $info['dirname']) !== false) {
$wildCardMatch = true;
}
}
}
if (in_array($pathInfo['dirname'], $allowedDirs) || $wildCardMatch) {
// Force the download:
if (file_exists($_GET['file'])) {
// Determine the mimetype:
if (function_exists('mime_content_type')) {
$mimeType = mime_content_type($_GET['file']);
} elseif (function_exists('finfo_open')) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimeType = finfo_file($finfo, $_GET['file']);
} else {
$mimeType = "application/force-download";
}
header('Content-Description: File Transfer');
header('Content-Type: ' . $mimeType);
header('Content-Disposition: attachment; filename=' . $pathInfo['basename']);
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($_GET['file']));
ob_clean();
flush();
readfile($_GET['file']);
exit;
} else {
die('File does not exist!');
}
} else {
die('Permission denied!');
}
}
}
/**
* Triggers XSS filter functionality
*
* @param $context
*/
private function triggerXSS($context)
{
// make sure extension is enabled
$xss_ext_status = ExtensionManager::fetchStatus(array('handle' => 'xssfilter'));
if ($xss_ext_status[0] !== EXTENSION_ENABLED) {
return;
}
// check for filter presence
if (!in_array('xss-fail', $context['filters']) && !in_array('xss-remove', $context['filters'])) {
return;
}
/** @var $xss_filter Extension_XssFilter */
$xss_filter = ExtensionManager::getInstance('xssfilter');
$contains_xss = false;
// Loop over the fields to check for XSS, this loop will
// break as soon as XSS is detected
foreach ($context['original_fields'] as $value) {
if (is_array($value)) {
if ($xss_filter::detectXSSInArray($value)) {
$contains_xss = true;
break;
}
} else {
if ($xss_filter::detectXSS($value)) {
$contains_xss = true;
break;
}
}
}
// "fail" filter
if (in_array('xss-fail', $context['filters']) && $contains_xss === true) {
$context['filter_results'][] = array('xss', false, __("Possible XSS attack detected in submitted data"));
}
}
$sectionID = $invoice->get('section_id');
$fieldID = FieldManager::fetchFieldIDFromElementName('status', $sectionID);
$invoice->setData($fieldID, array('value' => $state, 'handle' => General::createHandle($state)));
$invoice->commit();
$itemFieldID = FieldManager::fetchFieldIDFromElementName('item', $sectionID);
if (in_array("JCI Malta Membership", $invoice->getData($itemFieldID)['description'])) {
//user paid for a membership kindly convert user to a member
$memberFieldID = FieldManager::fetchFieldIDFromElementName('member', $sectionID);
$memberID = $invoice->getData($memberFieldID)['relation_id'];
$member = current(EntryManager::fetch($memberID));
$roleFieldID = FieldManager::fetchFieldIDFromElementName('role', $member->get('section_id'));
$member->setData($roleFieldID, array('role_id' => 2));
$member->commit();
$emailID = FieldManager::fetchFieldIDFromElementName('email', $member->get('section_id'));
$email = $member->getData($emailID)['value'];
$member = ExtensionManager::getInstance('members')->getMemberDriver()->login(array('email' => $email));
}
header('Location: ' . URL . '/register/?thankyou=1', true, 302);
exit;
var_dump($invoice->getData($itemFieldID)['description']);
// if item contains membership change the role of the user to a member.
echo $state;
} catch (Exception $ex) {
//getting payment
var_dump($ex);
die;
}
} catch (Exception $ex) {
//executing payment
var_dump($ex);
die;
/**
* Get member driver powering ACL.
*
* @return SymphonyMember
*/
protected final function memberGetDriver()
{
return ExtensionManager::getInstance('members')->getMemberDriver();
}
