/** * Download XSD * * @return void */ public function xsdTask() { $path = $this->getSchema(); if (file_exists($path)) { $server = new \Hubzero\Content\Server(); $server->filename($path); $server->disposition('attachment'); $server->acceptranges(true); $server->saveas(basename($path)); if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_PUBLICATIONS_SERVER_ERROR'), 404); } else { exit; } } App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_BATCH_ERROR_NO_XSD'), 'error'); }
// Ensure we have a path if (empty($path)) { App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND')); return; } // Add PATH_APP $filename = PATH_APP . $path; // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . ' ' . $filename); return; } // Force certain extensions to the 'attachment' disposition $ext = strtolower(Filesystem::extension($filename)); if (!in_array($ext, array('jpg', 'jpeg', 'jpe', 'gif', 'png', 'pdf', 'htm', 'html', 'txt', 'json', 'xml'))) { $d = 'attachment'; } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); //$xserver->saveas($this->model->get('title') . '.' . $ext); $xserver->disposition($d); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error App::abort(500, Lang::txt('COM_COURSES_SERVER_ERROR')); } else { // Just exit (i.e. no template) exit; }
/** * Serve publication content * Determine how to render depending on master type, attachment type and user choice * Defaults to download * * @return void */ public function serveTask() { // Incoming $aid = Request::getInt('a', 0); // Attachment id $elementId = Request::getInt('el', 1); // Element id $render = Request::getVar('render', ''); $vid = Request::getInt('vid', ''); $file = Request::getVar('file', ''); $disp = Request::getVar('disposition'); $disp = in_array($disp, array('inline', 'attachment')) ? $disp : 'attachment'; // Get our model and load publication data $this->model = new Models\Publication($this->_identifier, $this->_version, $vid); if (!$this->model->exists() || $this->model->isDeleted()) { App::redirect(Route::url('index.php?option=' . $this->_option), Lang::txt('COM_PUBLICATIONS_RESOURCE_NOT_FOUND'), 'error'); return; } // Is the visitor authorized to view content? if (!$this->model->access('view-all')) { $this->_blockAccess(); return true; } // Set curation $this->model->setCuration(); // Bundle requested? if ($render == 'archive') { // Produce archival package if ($this->model->_curationModel->package()) { // Log access if ($this->model->isPublished()) { $this->model->logAccess('primary'); } $this->model->_curationModel->serveBundle(); return; } else { throw new Exception(Lang::txt('COM_PUBLICATIONS_ERROR_FINDING_ATTACHMENTS'), 404); return; } } // Bundle requested? if ($render == 'showcontents') { // Produce archival package if ($this->model->_curationModel->package()) { // Build the HTML of the "about" tab $view = new \Hubzero\Component\View(['name' => 'view', 'layout' => '_contents']); $view->model = $this->model; $view->option = $this->_option; $view->display(); return; } else { throw new Exception(Lang::txt('COM_PUBLICATIONS_ERROR_FINDING_ATTACHMENTS'), 404); return; } } // Serving data file (dataview) if ($file) { // Ensure the file exist if (!file_exists($this->model->path('data', true) . DS . trim($file))) { throw new Exception(Lang::txt('COM_PUBLICATIONS_ERROR_FINDING_ATTACHMENTS'), 404); return; } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($this->model->path('data', true) . DS . trim($file)); $server->disposition($disp); $server->acceptranges(true); $server->saveas(basename($file)); if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_PUBLICATIONS_SERVER_ERROR'), 404); } else { exit; } } $this->model->attachments(); // Individual attachment is requested? Find element ID if ($aid) { $elementId = $this->model->_curationModel->getElementIdByAttachment($aid); } // We do need attachments if (!isset($this->model->_attachments['elements'][$elementId]) || empty($this->model->_attachments['elements'][$elementId])) { throw new Exception(Lang::txt('COM_PUBLICATIONS_ERROR_FINDING_ATTACHMENTS'), 404); return; } // Get element manifest to deliver content as intended $curation = $this->model->_curationModel->getElementManifest($elementId); // We do need manifest! if (!$curation || !isset($curation->element) || !$curation->element) { return false; } // Get attachment type model $attModel = new Models\Attachments($this->database); // Log access if ($this->model->isPublished()) { $aType = $curation->element->params->role == 1 ? 'primary' : 'support'; $this->model->logAccess($aType); } // Serve content $content = $attModel->serve($curation->element->params->type, $curation->element, $elementId, $this->model, $curation->block->params, $aid); // No content served if ($content === NULL || $content == false) { throw new Exception(Lang::txt('COM_PUBLICATIONS_ERROR_FINDING_ATTACHMENTS'), 404); } // Do we need to redirect to content? if ($attModel->get('redirect')) { App::redirect($attModel->get('redirect')); return; } return $content; }
/** * Download a wiki file * * @return void */ public function _fileDownload() { if (!$this->view->course->access('view')) { return App::abort(404, Lang::txt('COM_COURSES_NO_COURSE_FOUND')); } // Get the scope of the parent page the file is attached to $filename = Request::getVar('group', ''); if (substr(strtolower($filename), 0, strlen('image:')) == 'image:') { $filename = substr($filename, strlen('image:')); } else { if (substr(strtolower($filename), 0, strlen('file:')) == 'file:') { $filename = substr($filename, strlen('file:')); } } $filename = urldecode($filename); // Ensure we have a path if (empty($filename)) { return App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . '[r]' . $filename); } $page = $this->view->offering->page(Request::getVar('unit', '')); if (!$page->exists()) { $pages = $this->view->offering->pages(array('url' => Request::getVar('unit', ''), 'offering_id' => array(0, $this->view->offering->get('id')), 'section_id' => array(0, $this->view->offering->section()->get('id')), 'limit' => 1, 'start' => 0), true); $page = isset($pages[0]) ? $pages[0] : null; } // Add PATH_CORE $filepath = $this->_path($page) . DS . ltrim($filename, DS); // Ensure the file exist $found = true; if (!file_exists($filepath)) { if (!$page) { Request::setVar('section_id', $this->view->offering->section()->get('id')); $filepath = $this->_path($page) . DS . ltrim($filename, DS); if (!file_exists($filepath)) { $found = false; } } else { $found = false; } if (!$found) { return App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . '[j]' . $filepath); } } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filepath); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error return App::abort(404, Lang::txt('COM_COURSES_SERVER_ERROR') . '[x]' . $filepath); } else { exit; } }
/** * Serve publication package * * @return boolean */ public function serveBundle() { if (empty($this->_pub)) { throw new Exception(Lang::txt('COM_PUBLICATIONS_FILE_NOT_FOUND'), 404); return; } $bundle = $this->_pub->path('base', true) . DS . $this->getBundleName(); $serveas = $this->_pub->version->get('title') . ' v.' . $this->_pub->version->get('version_label') . '.zip'; if (!is_file($bundle)) { throw new Exception(Lang::txt('COM_PUBLICATIONS_FILE_NOT_FOUND'), 404); return; } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($bundle); $server->disposition('download'); $server->acceptranges(true); $server->saveas($serveas); if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_PUBLICATIONS_SERVER_ERROR'), 404); } else { exit; } return; }
/** * Compiles PDF/image preview for any kind of file * * @return string */ public function compile() { // Combine file and folder data $items = $this->getCollection(); // Incoming $download = Request::getInt('download', 0); // Check that we have compile enabled // @FIXME: why are latex and compiled preview tied together? // presumedly we are also 'compiling' pdfs? if (!$this->params->get('latex')) { $this->setError(Lang::txt('PLG_PROJECTS_FILES_COMPILE_NOTALLOWED')); return; } // Output HTML $view = new \Hubzero\Plugin\View(['folder' => 'projects', 'element' => 'files', 'name' => 'connected', 'layout' => 'compiled']); // Make sure we have an item if (count($items) == 0) { $view->setError(Lang::txt('PLG_PROJECTS_FILES_ERROR_NO_FILES_TO_COMPILE')); $view->loadTemplate(); return; } // We can only handle one file at a time $file = $items->first(); // Build path for storing temp previews $imagePath = trim($this->model->config()->get('imagepath', '/site/projects'), DS); $outputDir = DS . $imagePath . DS . strtolower($this->model->get('alias')) . DS . 'compiled'; // Make sure output dir exists if (!is_dir(PATH_APP . $outputDir)) { if (!Filesystem::makeDirectory(PATH_APP . $outputDir)) { $this->setError(Lang::txt('PLG_PROJECTS_FILES_UNABLE_TO_CREATE_UPLOAD_PATH')); return; } } // Get LaTeX helper $compiler = new \Components\Projects\Helpers\Compiler(); // Tex compiler path $texPath = DS . trim($this->params->get('texpath'), DS); // Set view args and defaults $view->file = $file; $view->oWidth = '780'; $view->oHeight = '460'; $view->url = $this->model->link('files'); $cExt = 'pdf'; // Tex file? $tex = $compiler->isTexFile($file->getName()); // Build temp name $tempBase = $tex ? 'temp__' . \Components\Projects\Helpers\Html::takeOutExt($file->getName()) : $file->getName(); $tempBase = str_replace(' ', '_', $tempBase); $view->data = $file->isImage() ? NULL : $file->read(); // LaTeX file? if ($tex && !empty($view->data)) { // Clean up data from Windows characters - important! $view->data = preg_replace('/[^(\\x20-\\x7F)\\x0A]*/', '', $view->data); // Store file locally $tmpfile = PATH_APP . $outputDir . DS . $tempBase; file_put_contents($tmpfile, $view->data); // Compile and get path to PDF $contentFile = $compiler->compileTex($tmpfile, $view->data, $texPath, PATH_APP . $outputDir, 1, $tempBase); // Read log (to show in case of error) $logFile = $tempBase . '.log'; if (file_exists(PATH_APP . $outputDir . DS . $logFile)) { $view->log = Filesystem::read(PATH_APP . $outputDir . DS . $logFile); } if (!$contentFile) { $this->setError(Lang::txt('PLG_PROJECTS_FILES_ERROR_COMPILE_TEX_FAILED')); } $cType = Filesystem::mimetype(PATH_APP . $outputDir . DS . $contentFile); } else { // Make sure we can handle preview of this type of file if ($file->hasExtension('pdf') || $file->isImage() || !$file->isBinary()) { $origin = $this->connection->provider->alias . '://' . $file->getPath(); $dest = 'compiled://' . $tempBase; // Do the copy Manager::adapter('local', ['path' => PATH_APP . $outputDir . DS], 'compiled'); Manager::copy($origin, $dest); $contentFile = $tempBase; } } // Parse output if (!empty($contentFile) && file_exists(PATH_APP . $outputDir . DS . $contentFile)) { // Get compiled content mimetype $cType = Filesystem::mimetype(PATH_APP . $outputDir . DS . $contentFile); // Is image? if (strpos($cType, 'image/') !== false) { // Fix up object width & height list($width, $height, $type, $attr) = getimagesize(PATH_APP . $outputDir . DS . $contentFile); $xRatio = $view->oWidth / $width; $yRatio = $view->oHeight / $height; if ($xRatio * $height < $view->oHeight) { // Resize the image based on width $view->oHeight = ceil($xRatio * $height); } else { // Resize the image based on height $view->oWidth = ceil($yRatio * $width); } } // Download compiled file? if ($download) { $pdfName = $tex ? str_replace('temp__', '', basename($contentFile)) : basename($contentFile); // Serve up file $server = new \Hubzero\Content\Server(); $server->filename(PATH_APP . $outputDir . DS . $contentFile); $server->disposition('attachment'); $server->acceptranges(false); $server->saveas($pdfName); $result = $server->serve(); if (!$result) { // Should only get here on error throw new Exception(Lang::txt('PLG_PROJECTS_FILES_SERVER_ERROR'), 404); } else { exit; } } // Generate preview image for browsers that cannot embed pdf if ($cType == 'application/pdf') { // GS path $gspath = trim($this->params->get('gspath'), DS); if ($gspath && file_exists(DS . $gspath . DS . 'gs')) { $gspath = DS . $gspath . DS; $pdfName = $tex ? str_replace('temp__', '', basename($contentFile)) : basename($contentFile); $pdfPath = PATH_APP . $outputDir . DS . $contentFile; $exportPath = PATH_APP . $outputDir . DS . $tempBase . '%d.jpg'; exec($gspath . "gs -dNOPAUSE -sDEVICE=jpeg -r300 -dFirstPage=1 -dLastPage=1 -sOutputFile={$exportPath} {$pdfPath} 2>&1", $out); if (is_file(PATH_APP . $outputDir . DS . $tempBase . '1.jpg')) { $hi = new \Hubzero\Image\Processor(PATH_APP . $outputDir . DS . $tempBase . '1.jpg'); if (count($hi->getErrors()) == 0) { $hi->resize($view->oWidth, false, false, true); $hi->save(PATH_APP . $outputDir . DS . $tempBase . '1.jpg'); } else { return false; } } if (is_file(PATH_APP . $outputDir . DS . $tempBase . '1.jpg')) { $image = $tempBase . '1.jpg'; } } } } elseif (!$this->getError()) { $this->setError(Lang::txt('PLG_PROJECTS_FILES_ERROR_COMPILE_PREVIEW_FAILED')); } $view->file = $file; $view->outputDir = $outputDir; $view->embed = $contentFile; $view->cType = $cType; $view->subdir = $this->subdir; $view->option = $this->_option; $view->image = !empty($image) ? $image : NULL; $view->model = $this->model; $view->repo = $this->repo; $view->connection = $this->connection; if ($this->getError()) { $view->setError($this->getError()); } return $view->loadTemplate(); }
/** * Download a file * * @param string $filename File name * @return void */ public function downloadTask($filename) { //get the course $course = Course::getInstance($this->gid); //authorize $authorized = $this->_authorize(); //get the file name if (substr(strtolower($filename), 0, 5) == 'image') { $file = urldecode(substr($filename, 6)); } elseif (substr(strtolower($filename), 0, 4) == 'file') { $file = urldecode(substr($filename, 5)); } //if were on the wiki we need to output files a specific way if ($this->active == 'wiki') { //check to make sure user has access to wiki section if (!in_array(User::get('id'), $course->get('members')) || User::isGuest()) { return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file); } //load wiki page from db require_once PATH_CORE . DS . 'components' . DS . 'com_wiki' . DS . 'tables' . DS . 'page.php'; $page = new \Components\Wiki\Tables\Page($this->database); $page->load(Request::getVar('pagename'), $course->get('cn') . DS . 'wiki'); //check specific wiki page access if ($page->get('access') == 1 && !in_array(User::get('id'), $course->get('members')) && $authorized != 'admin') { return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file); } //get the config and build base path $wiki_config = Component::params('com_wiki'); $base_path = $wiki_config->get('filepath') . DS . $page->get('id'); } else { //check to make sure we can access it if (!in_array(User::get('id'), $course->get('members')) || User::isGuest()) { return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file); } // Build the path $base_path = $this->config->get('uploadpath'); $base_path .= DS . $course->get('gidNumber'); } // Final path of file $file_path = $base_path . DS . $file; // Ensure the file exist if (!file_exists(PATH_APP . DS . $file_path)) { return App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . ' ' . $file); } // Serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename(PATH_APP . DS . $file_path); $xserver->disposition('attachment'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { return App::abort(404, Lang::txt('COM_COURSES_SERVER_ERROR')); } else { exit; } return; }
/** * Serves up files only after passing access checks * * @return void */ public function download() { // Incoming $section = Request::getVar('section', ''); $category = Request::getVar('category', ''); $thread = Request::getInt('thread', 0); $post = Request::getInt('post', 0); $file = Request::getVar('file', ''); // Check logged in status if (User::isGuest()) { $return = Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=forum&scope=' . $section . '/' . $category . '/' . $thread . '/' . $post . '/' . $file); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return))); return; } // Ensure we have a database object if (!$this->database) { App::abort(500, Lang::txt('PLG_GROUPS_FORUM_DATABASE_NOT_FOUND')); return; } // Instantiate an attachment object $attach = new \Components\Forum\Tables\Attachment($this->database); if (!$post) { $attach->loadByThread($thread, $file); } else { $attach->loadByPost($post); } if (!$attach->filename) { App::abort(404, Lang::txt('PLG_GROUPS_FORUM_FILE_NOT_FOUND')); return; } $file = $attach->filename; // Get the parent ticket the file is attached to $this->model = new \Components\Forum\Tables\Post($this->database); $this->model->load($attach->post_id); if (!$this->model->id) { App::abort(404, Lang::txt('PLG_GROUPS_FORUM_POST_NOT_FOUND')); return; } // Load ACL $this->_authorize('thread', $this->model->id); // Ensure the user is authorized to view this file if (!$this->params->get('access-view-thread')) { App::abort(403, Lang::txt('PLG_GROUPS_FORUM_NOT_AUTH_FILE')); return; } // Ensure we have a path if (empty($file)) { App::abort(404, Lang::txt('PLG_GROUPS_FORUM_FILE_NOT_FOUND')); return; } // Get the configured upload path $basePath = DS . trim($this->params->get('filepath', '/site/forum'), DS) . DS . $attach->parent . DS . $attach->post_id; // Does the path start with a slash? if (substr($file, 0, 1) != DS) { $file = DS . $file; // Does the beginning of the $attachment->filename match the config path? if (substr($file, 0, strlen($basePath)) == $basePath) { // Yes - this means the full path got saved at some point } else { // No - append it $file = $basePath . $file; } } // Add PATH_CORE $filename = PATH_APP . $file; // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('PLG_GROUPS_FORUM_FILE_NOT_FOUND')); return; } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error App::abort(404, Lang::txt('PLG_GROUPS_FORUM_SERVER_ERROR')); } else { exit; } return; }
/** * Download a file * Runs through various permissions checks to ensure user has access * * @return void */ public function downloadTask() { // Incoming $id = Request::getInt('id', 0); $alias = Request::getVar('alias', ''); $d = Request::getVar('d', 'inline'); //make sure we have a proper disposition if ($d != "inline" && $d != "attachment") { $d = "inline"; } // Load the resource $resource = new Resource($this->database); if ($alias && !$resource->loadAlias($alias)) { App::abort(404, Lang::txt('COM_RESOURCES_RESOURCE_NOT_FOUND')); return; } elseif (substr($id, 0, 4) == '9999') { $resource->id = $id; $resource->standalone = 1; $resource->path = null; $resource->created = Date::of('now')->format('Y-m-d 00:00:00'); } elseif (!$resource->load($id)) { App::abort(404, Lang::txt('COM_RESOURCES_RESOURCE_NOT_FOUND')); return; } // Check if the resource is for logged-in users only and the user is logged-in if ($token = Request::getVar('token', '', 'get')) { $token = base64_decode($token); $key = App::hash(@$_SERVER['HTTP_USER_AGENT']); $crypter = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key)); $session_id = $crypter->decrypt($token); $session = \Hubzero\Session\Helper::getSession($session_id); $user = User::getInstance($session->userid); $user->guest = 0; $user->id = $session->userid; $user->usertype = $session->usertype; } else { $user = User::getRoot(); } if ($resource->access == 1 && $user->get('guest')) { App::abort(403, Lang::txt('COM_RESOURCES_ALERTNOTAUTH')); return; } // Check if the resource is "private" and the user is allowed to view it if ($resource->access == 4 || $resource->access == 3 || !$resource->standalone) { if ($this->checkGroupAccess($resource, $user)) { App::abort(403, Lang::txt('COM_RESOURCES_ALERTNOTAUTH')); return; } } if ($resource->standalone && !$resource->path) { $resource->path = DS . trim($this->config->get('uploadpath', '/site/resources'), DS) . Html::build_path($resource->created, $resource->id, '') . DS . 'media' . DS . Request::getVar('file'); } $resource->path = trim($resource->path); // Ensure we have a path // Ensure resource is published - stemedhub #472 if (empty($resource->path) && $resource->published != 1) { App::abort(404, Lang::txt('COM_RESOURCES_FILE_NOT_FOUND')); return; } // Get the configured upload path $base_path = $this->config->get('uploadpath', '/site/resources'); if ($base_path) { $base_path = DS . trim($base_path, DS); } // Does the path start with a slash? if (substr($resource->path, 0, 1) != DS) { $resource->path = DS . $resource->path; // Does the beginning of the $resource->path match the config path? if (substr($resource->path, 0, strlen($base_path)) == $base_path) { // Yes - this means the full path got saved at some point } else { // No - append it $resource->path = $base_path . $resource->path; } } // Add root path $filename = PATH_APP . $resource->path; // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('COM_RESOURCES_FILE_NOT_FOUND') . ' ' . $filename); return; } $ext = strtolower(\Filesystem::extension($filename)); if (!in_array($ext, array('jpg', 'jpeg', 'jpe', 'gif', 'png', 'pdf', 'htm', 'html', 'txt', 'json', 'xml'))) { $d = 'attachment'; } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition($d); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_RESOURCES_SERVER_ERROR'), 500); } else { exit; } return; }
/** * Download a file * * @return void */ public function downloadTask() { //get vars $id = Request::getInt('id', 0); //check to make sure we have an id if (!$id || $id == 0) { return; } //Load member profile $member = \Hubzero\User\Profile::getInstance($id); // check to make sure we have member profile if (!$member) { return; } //get the file name // make sure to leave out any query params (ex. ?v={timestamp}) $uri = Request::getVar('SCRIPT_URL', '', 'server'); if (strstr($uri, 'Image:')) { $file = str_replace('Image:', '', strstr($uri, 'Image:')); } elseif (strstr($uri, 'File:')) { $file = str_replace('File:', '', strstr($uri, 'File:')); } //decode file name $file = urldecode($file); // build base path $base_path = $this->filespace() . DS . \Hubzero\User\Profile\Helper::niceidformat($member->get('uidNumber')); //if we are on the blog if (Request::getVar('active', 'profile') == 'blog') { // @FIXME Check still needs to occur for non-public entries //authorize checks /*if ($this->_authorize() != 'admin') { if (User::get('id') != $member->get('uidNumber')) { App::abort(403, Lang::txt('You are not authorized to download the file: ') . ' ' . $file); return; } }*/ //get the params from the members blog plugin $blog_params = Plugin::params('members', 'blog'); //build the base path to file based of upload path param $base_path = str_replace('{{uid}}', \Hubzero\User\Profile\Helper::niceidformat($member->get('uidNumber')), $blog_params->get('uploadpath')); } //build file path $file_path = $base_path . DS . $file; // Ensure the file exist if (!file_exists(PATH_APP . DS . $file_path)) { App::abort(404, Lang::txt('The requested file could not be found: ') . ' ' . $file); return; } // Serve up the image $xserver = new \Hubzero\Content\Server(); $xserver->filename(PATH_APP . DS . $file_path); $xserver->disposition('attachment'); $xserver->acceptranges(false); // @TODO fix byte range support //serve up file if (!$xserver->serve()) { // Should only get here on error App::abort(404, Lang::txt('An error occured while trying to output the file')); } else { exit; } return; }
/** * Download a picture * * @return void */ public function pictureTask() { // Get vars $id = Request::getInt('id', 0); // Check to make sure we have an id if (!$id || $id == 0) { return; } // Load member $member = Member::oneOrFail($id); $file = DS . trim($this->config->get('webpath', '/site/members'), DS); $file .= DS . Profile\Helper::niceidformat($member->get('uidNumber')); $file .= DS . Request::getVar('image', $member->get('picture')); // Ensure the file exist if (!file_exists(PATH_APP . DS . $file)) { App::abort(404, Lang::txt('COM_MEMBERS_FILE_NOT_FOUND') . ' ' . $file); } // Serve up the image $xserver = new \Hubzero\Content\Server(); $xserver->filename(PATH_APP . DS . $file); $xserver->disposition('attachment'); $xserver->acceptranges(false); // @TODO fix byte range support // Serve up file if (!$xserver->serve()) { // Should only get here on error App::abort(404, Lang::txt('COM_MEMBERS_MEDIA_ERROR_SERVING_FILE')); } exit; }
/** * Download a wiki file * * @param object $course \Components\Courses\Models\Course * @return void */ public function download($course) { // Get some needed libraries if (!$course->access('view')) { App::abort(404, Lang::txt('COM_COURSES_NO_COURSE_FOUND')); return; } // Get the scope of the parent page the file is attached to $filename = Request::getVar('file', ''); if (substr(strtolower($filename), 0, strlen('image:')) == 'image:') { $filename = substr($filename, strlen('image:')); } else { if (substr(strtolower($filename), 0, strlen('file:')) == 'file:') { $filename = substr($filename, strlen('file:')); } } $filename = urldecode($filename); // Get the configured upload path $config = Component::params('com_courses'); $base_path = $this->path($course->get('id')); // Does the path start with a slash? $filename = DS . ltrim($filename, DS); // Does the beginning of the $attachment->path match the config path? if (substr($filename, 0, strlen($base_path)) == $base_path) { // Yes - this means the full path got saved at some point } else { // No - append it $filename = $base_path . $filename; } // Add PATH_CORE $filename = PATH_APP . $filename; // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . ' ' . $filename); return; } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error App::abort(404, Lang::txt('COM_COURSES_SERVER_ERROR')); } else { exit; } return; }
/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Incoming $section = Request::getVar('section', ''); $category = Request::getVar('category', ''); $thread_id = Request::getInt('thread', 0); $post_id = Request::getInt('post', 0); $file = Request::getVar('file', ''); // Instantiate an attachment object if (!$post_id) { $attach = Attachment::oneByThread($thread_id, $file); } else { $attach = Attachment::oneByPost($post_id); } if (!$attach->get('filename')) { App::abort(404, Lang::txt('COM_FORUM_FILE_NOT_FOUND')); } // Get the parent ticket the file is attached to $post = $attach->post(); if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) { App::abort(404, ang::txt('COM_FORUM_POST_NOT_FOUND')); } // Check logged in status if (User::isGuest() && !in_array($post->get('access'), User::getAuthorisedViewLevels())) { $return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '§ion=' . $section . '&category=' . $category . '&thread=' . $thread_id . '&post=' . $post_id . '&file=' . $file)); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return)); } // Load ACL $this->_authorize('thread', $post->get('thread')); // Ensure the user is authorized to view this file if (!$this->config->get('access-view-thread')) { App::abort(403, Lang::txt('COM_FORUM_NOT_AUTH_FILE')); } // Get the configured upload path $filename = $attach->path(); // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('COM_FORUM_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT))); } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($filename); $server->disposition('inline'); $server->acceptranges(false); // @TODO fix byte range support if (!$server->serve()) { // Should only get here on error App::abort(500, Lang::txt('COM_FORUM_SERVER_ERROR')); } exit; }
/** * Serves up files only after passing access checks * * @return void */ public function download() { // Incoming $thread = Request::getInt('group', 0); $post = Request::getInt('asset', 0); $file = Request::getVar('file', ''); // Check logged in status if (User::isGuest()) { $return = Route::url($this->offering->link() . '&active=' . $this->_name . '&unit=download&b=' . $thread . '&file=' . $file); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return))); return; } // Ensure we have a database object if (!$this->database) { App::abort(500, Lang::txt('PLG_COURSES_DISCUSSIONS_DATABASE_NOT_FOUND')); return; } // Instantiate an attachment object if (!$post_id) { $attach = Attachment::oneByThread($thread_id, $file); } else { $attach = Attachment::oneByPost($post_id); } if (!$attach->get('filename')) { App::abort(404, Lang::txt('PLG_COURSES_FORUM_FILE_NOT_FOUND')); } // Get the parent ticket the file is attached to $post = $attach->post(); if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) { App::abort(404, Lang::txt('PLG_COURSES_FORUM_POST_NOT_FOUND')); } // Load ACL $this->_authorize('thread', $post->get('thread')); // Ensure the user is authorized to view this file if (!$this->course->access('view')) { App::abort(403, Lang::txt('PLG_COURSES_DISCUSSIONS_NOT_AUTH_FILE')); } // Get the configured upload path $filename = $attach->path(); // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('PLG_COURSES_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT))); } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error App::abort(404, Lang::txt('PLG_COURSES_DISCUSSIONS_SERVER_ERROR')); } exit; }
/** * Asset delivery function. * * @return exit */ public function assetsTask() { $file = Request::getVar('file'); $file = self::normalize_path('/' . trim($file, '/'), true); if (empty($file)) { echo 'file:' . $file; die; return $this->notFoundTask(); } $zone = new \Components\Tools\Models\Middleware\Zone(Request::getInt('id', 0)); if (!$zone->exists()) { echo 'zone: ' . $zone->get('id'); die; return $this->notFoundTask(); } $file = $zone->logo('path') . '/' . ltrim($file, '/'); if (!is_file($file) || !is_readable($file)) { return $this->notFoundTask(); } $xserver = new \Hubzero\Content\Server(); $xserver->filename($file); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { App::abort(404, Lang::txt('COM_TOOLS_SERVER_ERROR')); } exit; }
/** * Download a file * * @param string $filename File name * @return void */ public function downloadTask($filename = "") { //get the group $group = Group::getInstance($this->cn); // make sure we have a group if (!is_object($group)) { return; } //authorize $authorized = $this->_authorize(); //get the file name if (substr(strtolower($filename), 0, 5) == 'image') { $file = urldecode(substr($filename, 6)); } elseif (substr(strtolower($filename), 0, 4) == 'file') { $file = urldecode(substr($filename, 5)); } else { return; } // clean up file, strip double "uploads" & trim directory sep $file = str_replace('uploads', '', $file); $file = ltrim($file, DS); // get extension $extension = pathinfo($file, PATHINFO_EXTENSION); //if were on the wiki we need to output files a specific way if ($this->active == 'wiki') { //get access level for wiki $access = Group\Helper::getPluginAccess($group, 'wiki'); //check to make sure user has access to wiki section if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) { $this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file); } //load wiki page from db require_once PATH_CORE . DS . 'components' . DS . 'com_wiki' . DS . 'tables' . DS . 'page.php'; $page = new \Components\Wiki\Tables\Page($this->database); $pagename = Request::getVar('pagename'); $scope = Request::getVar('scope', $group->get('cn') . DS . 'wiki'); if ($scope) { $parts = explode('/', $scope); if (count($parts) > 2) { $pagename = array_pop($parts); if (strtolower($filename) == strtolower($pagename)) { $pagename = array_pop($parts); } $scope = implode('/', $parts); } } $page->load($pagename, $scope); //check specific wiki page access if ($page->get('access') == 1 && !in_array(User::get('id'), $group->get('members')) && $authorized != 'admin') { $this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file); return; } //get the config and build base path $wiki_config = \Component::params('com_wiki'); $base_path = $wiki_config->get('filepath') . DS . $page->get('id'); } elseif ($this->active == 'blog') { //get access setting of group blog $access = Group\Helper::getPluginAccess($group, 'blog'); //make sure user has access to blog if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) { $this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file); } //make sure we have a group id of the proper length $groupID = Group\Helper::niceidformat($group->get('gidNumber')); //buld path to blog folder $base_path = $this->config->get('uploadpath') . DS . $groupID . DS . 'blog'; if (!file_exists(PATH_APP . DS . $base_path . DS . $file)) { $base_path = $this->config->get('uploadpath') . DS . $group->get('gidNumber') . DS . 'uploads' . DS . 'blog'; } } else { //get access level for overview or other group pages $access = Group\Helper::getPluginAccess($group, 'overview'); //check to make sure we can access it if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) { $this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file); } // Build the path $base_path = $this->config->get('uploadpath'); $base_path .= DS . $group->get('gidNumber') . DS . 'uploads'; } // trim base path $base_path = ltrim($base_path, DS); // only can serve files from within /site/groups/{group_id}/uploads/ $pathCheck = PATH_APP . DS . $base_path; // Final path of file $file_path = $base_path . DS . $file; $alt_file_path = null; // if super group offer alt path outside uploads if ($group->isSuperGroup()) { $alt_file_path = str_replace('/uploads', '', $base_path) . DS . $file; // if super group can serve files anywhere inside /site/groups/{group_id} $altPathCheck = PATH_APP . DS . ltrim($alt_file_path); } // Ensure the file exist if (!file_exists(PATH_APP . DS . $file_path)) { if ($alt_file_path == null || !file_exists(PATH_APP . DS . $alt_file_path)) { $this->_errorHandler(404, Lang::txt('COM_GROUPS_ERROR_FILE_NOT_FOUND') . ' ' . $file); return; } else { $file_path = $alt_file_path; $pathCheck = $altPathCheck; } } // get full path, expanding ../ if ($realPath = realpath(PATH_APP . DS . $file_path)) { // make sure requested file is within acceptable dir if (strpos($realPath, $pathCheck) === false) { $this->_errorHandler(404, Lang::txt('COM_GROUPS_ERROR_FILE_NOT_FOUND') . ' ' . $file); return; } } // new content server $contentServer = new \Hubzero\Content\Server(); $contentServer->filename(PATH_APP . DS . $file_path); $contentServer->disposition('attachment'); $contentServer->acceptranges(false); // do we need to manually set mime type if ($extension == 'css') { $contentServer->setContentType('text/css'); } // Serve up the file if (!$contentServer->serve()) { App::abort(404, Lang::txt('COM_GROUPS_SERVER_ERROR')); } else { exit; } return; }
/** * Serve * * @return boolean */ public function serve($element, $elementId, $pub, $blockParams, $itemId = 0) { // Incoming $forceDownload = Request::getInt('download', 0); // Force downlaod action? // Get configs $configs = $this->getConfigs($element->params, $elementId, $pub, $blockParams); $attachments = $pub->_attachments; $attachments = isset($attachments['elements'][$elementId]) ? $attachments['elements'][$elementId] : NULL; // Sort out attachments for this element $attachments = $this->_parent->getElementAttachments($elementId, $attachments, $this->_name); if (!$forceDownload && $configs->handler) { // serve through handler // TBD } else { // Default action - download // Build download path $download = NULL; // Default serve - download if ($itemId) { foreach ($attachments as $attach) { if ($attach->id == $itemId) { $download = $this->getFilePath($attach->path, $attach->id, $configs, $attach->params); break; } } } elseif (count($attachments) > 1) { $overwrite = $pub->state == 1 ? false : true; $download = $this->bundle($attachments, $configs, $overwrite); } elseif (count($attachments) == 1) { $download = $this->getFilePath($attachments[0]->path, $attachments[0]->id, $configs, $attachments[0]->params); } // Perform download if ($download && is_file($download)) { // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($download); $server->disposition('attachment'); $server->acceptranges(true); $server->saveas(basename($download)); if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('PLG_PROJECTS_PUBLICATIONS_ERROR_SERVE'), 404); } else { exit; } } else { $this->setError(Lang::txt('PLG_PROJECTS_PUBLICATIONS_ERROR_DOWNLOAD')); return false; } } return false; }
/** * Generate detailed responses CSV files and zip and offer up as download * * @return void **/ private function downloadresponses() { require_once PATH_CORE . DS . 'components' . DS . 'com_courses' . DS . 'models' . DS . 'formReport.php'; // Only allow for instructors if (!$this->course->offering()->section()->access('manage')) { App::abort(403, 'Sorry, you don\'t have permission to do this'); } if (!($asset_ids = Request::getVar('assets', false))) { App::abort(422, 'Sorry, we don\'t know what results you\'re trying to retrieve'); } $protected = 'site' . DS . 'protected'; $tmp = $protected . DS . 'tmp'; // We're going to temporarily house this in PATH_APP/site/protected/tmp if (!Filesystem::exists($protected)) { App::abort(500, 'Missing temporary directory'); } // Make sure tmp folder exists if (!Filesystem::exists($tmp)) { Filesystem::makeDirectory($tmp); } else { // Folder was already there - do a sanity check and make sure no old responses zips are lying around $files = Filesystem::files($tmp); if ($files && count($files) > 0) { foreach ($files as $file) { if (strstr($file, 'responses.zip') !== false) { Filesystem::delete($tmp . DS . $file); } } } } // Get the individual asset ids $asset_ids = explode('-', $asset_ids); // Set up our zip archive $zip = new ZipArchive(); $path = PATH_APP . DS . $tmp . DS . time() . '.responses.zip'; $zip->open($path, ZipArchive::CREATE); // Loop through the assets foreach ($asset_ids as $asset_id) { // Is it a number? if (!is_numeric($asset_id)) { continue; } // Get the rest of the asset row $asset = new \Components\Courses\Tables\Asset($this->db); $asset->load($asset_id); // Make sure asset is a part of this course if ($asset->get('course_id') != $this->course->get('id')) { continue; } if ($details = \Components\Courses\Models\FormReport::getLetterResponsesForAssetId($this->db, $asset_id, true, $this->course->offering()->section()->get('id'))) { $output = implode(',', $details['headers']) . "\n"; if (isset($details['responses']) && count($details['responses']) > 0) { foreach ($details['responses'] as $response) { $output .= implode(',', $response) . "\n"; } } $zip->addFromString($asset_id . '.responses.csv', $output); } else { continue; } } // Close the zip archive handler $zip->close(); if (is_file($path)) { // Set up the server $xserver = new \Hubzero\Content\Server(); $xserver->filename($path); $xserver->saveas('responses.zip'); $xserver->disposition('attachment'); $xserver->acceptranges(false); // Serve the file $xserver->serve(); // Now delete the file Filesystem::delete($path); } // All done! exit; }
/** * Upload a file * * @return void */ public function downloadTask() { // Check for request forgeries Request::checkToken(['get', 'post']); $file = urldecode(Request::getVar('file', '', 'get', 'none', 2)); if (!file_exists(PATH_ROOT . DS . $file)) { App::abort(404, Lang::txt('COM_GROUPS_ERROR_FILE_NOT_FOUND') . ' ' . PATH_ROOT . DS . $file); } $extension = Filesystem::extension($file); // new content server $contentServer = new \Hubzero\Content\Server(); $contentServer->filename(PATH_ROOT . DS . $file); $contentServer->disposition('attachment'); $contentServer->acceptranges(false); // do we need to manually set mime type if ($extension == 'css') { $contentServer->setContentType('text/css'); } if ($extension == 'php') { $contentServer->setContentType('text/plain'); } // Serve up the file if (!$contentServer->serve()) { App::abort(500, Lang::txt('COM_GROUPS_SERVER_ERROR')); } exit; }
/** * Serves up the file to the web * * @param string $as What to serve the file as * @return bool **/ public function serve($as = null) { // Initiate a new content server $server = new \Hubzero\Content\Server(); $server->disposition('attachment'); $server->acceptranges(false); if (!$this->isLocal()) { // Create a temp file and write to it $temp = tmpfile(); fwrite($temp, $this->read()); $server->filename(stream_get_meta_data($temp)['uri']); } else { $server->filename($this->getAbsolutePath()); } $server->saveas($as ?: $this->getName()); // Serve up the file $result = $server->serve(); // Clean up after serving if (isset($temp) && is_resource($temp)) { fclose($temp); } return $result; }
/** * Serve publication-related file (via public link) * * @param int $projectid * @return void */ public function serve($type = '', $projectid = 0, $query = '') { $this->_area = $this->onProjectAreas(); if ($type != $this->_area['name']) { return false; } $data = json_decode($query); if (!isset($data->pid) || !$projectid) { return false; } $disp = isset($data->disp) ? $data->disp : 'inline'; $type = isset($data->type) ? $data->type : 'file'; $folder = isset($data->folder) ? $data->folder : 'wikicontent'; $fpath = isset($data->path) ? $data->path : 'inline'; $limited = isset($data->limited) ? $data->limited : 0; if ($type != 'file') { return false; } $database = App::get('db'); // Instantiate a project $model = new \Components\Projects\Models\Project($projectid); if (!$model->exists() || $limited == 1 && !$model->access('member')) { // Throw error throw new Exception(Lang::txt('COM_PROJECTS_ERROR_ACTION_NOT_AUTHORIZED'), 403); return; } // Get referenced path $pubconfig = Component::params('com_publications'); $base_path = $pubconfig->get('webpath'); $pubPath = \Components\Publications\Helpers\Html::buildPubPath($data->pid, $data->vid, $base_path, $folder, $root = 0); $serve = PATH_APP . $pubPath . DS . $fpath; // Ensure the file exist if (!file_exists($serve)) { // Throw error throw new Exception(Lang::txt('COM_PROJECTS_FILE_NOT_FOUND'), 404); return; } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($serve); $server->disposition($disp); $server->acceptranges(false); // @TODO fix byte range support $server->saveas(basename($fpath)); if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_PUBLICATIONS_SERVER_ERROR'), 404); } else { exit; } return; }
/** * Serve file (usually via public link) * * @param string $type * @param integer $projectid * @param string $query * @return void */ public function serve($type = '', $projectid = 0, $query = '') { $this->_area = $this->onProjectAreas(); if ($type != $this->_area['name']) { return false; } $data = json_decode($query); if (!isset($data->file) || !$projectid) { return false; } $file = $data->file; $disp = isset($data->disp) ? $data->disp : 'inline'; $limited = isset($data->limited) ? $data->limited : 0; $hash = isset($data->hash) ? $data->hash : 0; $repoName = isset($data->repo) ? $data->repo : 'local'; // Instantiate a project $model = new \Components\Projects\Models\Project($projectid); if (!$model->exists() || $limited == 1 && !$model->access('member')) { // Throw error App::abort(403, Lang::txt('COM_PROJECTS_ERROR_ACTION_NOT_AUTHORIZED')); } // Load repo $repo = new \Components\Projects\Models\Repo($model, $repoName); $deleteTemp = false; if ($hash) { $tempPath = sys_get_temp_dir(); $tempName = 'temp-' . \Components\Projects\Helpers\Html::generateCode(4, 4, 0, 1, 0) . basename($file); $serve = $tempPath . DS . $tempName; // Get file content $repo->call('content', $params = array('fileName' => $file, 'hash' => $hash, 'target' => $serve)); $deleteTemp = true; } else { $serve = $repo->get('path') . DS . $file; } // Ensure the file exist if (!file_exists($serve)) { // Throw error App::abort(404, Lang::txt('COM_PROJECTS_FILE_NOT_FOUND')); } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($serve); $server->disposition($disp); $server->acceptranges(false); // @TODO fix byte range support $server->saveas(basename($file)); $result = $server->serve(); if ($deleteTemp) { // Delete downloaded temp file Filesystem::delete($serve); } if (!$result) { // Should only get here on error App::abort(404, Lang::txt('PLG_PROJECTS_FILES_SERVER_ERROR')); } else { exit; } return; }
/** * Serve publication package * * @return boolean */ public function serveBundle() { if (empty($this->_pub)) { throw new Exception(Lang::txt('COM_PUBLICATIONS_FILE_NOT_FOUND'), 404); return; } $bundle = $this->_pub->path('base', true) . DS . $this->getBundleName(); $doi = $this->_pub->version->get('doi'); if ($doi != '') { $doi = str_replace('.', '_', $doi); $doi = str_replace('/', '_', $doi); $serveas = $doi . '.zip'; } else { // Already contains a '.zip' on the end. $serveas = $this->getBundleName(); } if (!is_file($bundle)) { throw new Exception(Lang::txt('COM_PUBLICATIONS_FILE_NOT_FOUND'), 404); return; } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($bundle); $server->disposition('download'); $server->acceptranges(true); $server->saveas($serveas); if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_PUBLICATIONS_SERVER_ERROR'), 404); } else { exit; } return; }