Esempio n. 1
0
 /**
  * Display a form for updating/editing an attachment
  */
 public function update()
 {
     // Call with: index.php?option=com_attachments&task=update&id=1&tmpl=component
     //		  or: component/attachments/update/id/1/tmpl/component
     // Make sure we have a valid attachment ID
     $id = JRequest::getInt('id');
     if (is_numeric($id)) {
         $id = (int) $id;
     } else {
         $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 24)';
         JError::raiseError(500, $errmsg);
     }
     // Get the attachment record
     require_once JPATH_COMPONENT_SITE . '/models/attachment.php';
     $model = new AttachmentsModelAttachment();
     $model->setId($id);
     $attachment = $model->getAttachment();
     if (!$attachment) {
         $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_UPDATE_ATTACHMENT_INVALID_ID_N', $id) . ' (ERR 25)';
         JError::raiseError(500, $errmsg);
     }
     // Get the component parameters
     jimport('joomla.application.component.helper');
     $params = JComponentHelper::getParams('com_attachments');
     // Get the article/parent handler
     $parent_id = $attachment->parent_id;
     $parent_type = $attachment->parent_type;
     $parent_entity = $attachment->parent_entity;
     JPluginHelper::importPlugin('attachments');
     $apm = getAttachmentsPluginManager();
     if (!$apm->attachmentsPluginInstalled($parent_type)) {
         $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 26)';
         JError::raiseError(500, $errmsg);
     }
     $parent = $apm->getAttachmentsPlugin($parent_type);
     // Check to make sure we can edit it
     if (!$parent->userMayEditAttachment($attachment)) {
         return JError::raiseError(404, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 27)');
     }
     // Set up the entity name for display
     $parent_entity_name = JText::_('ATTACH_' . $parent_entity);
     // Verify that this user may add attachments to this parent
     $user = JFactory::getUser();
     $new_parent = false;
     if ($parent_id === null) {
         $parent_id = 0;
         $new_parent = true;
     }
     // Make sure the attachments directory exists
     $upload_dir = JPATH_BASE . '/' . AttachmentsDefines::$ATTACHMENTS_SUBDIR;
     $secure = $params->get('secure', false);
     if (!AttachmentsHelper::setup_upload_directory($upload_dir, $secure)) {
         $errmsg = JText::sprintf('ATTACH_ERROR_UNABLE_TO_SETUP_UPLOAD_DIR_S', $upload_dir) . ' (ERR 28)';
         JError::raiseError(500, $errmsg);
     }
     // Make sure the update parameter is legal
     $update = JRequest::getWord('update');
     if ($update && !in_array($update, AttachmentsDefines::$LEGAL_URI_TYPES)) {
         $update = false;
     }
     // Suppress the display filename if we are switching from file to url
     $display_name = $attachment->display_name;
     if ($update && $update != $attachment->uri_type) {
         $attachment->display_name = '';
     }
     // Set up the view
     require_once JPATH_COMPONENT_SITE . '/views/update/view.html.php';
     $view = new AttachmentsViewUpdate();
     $from = JRequest::getWord('from', 'closeme');
     AttachmentsHelper::add_view_urls($view, 'update', $parent_id, $attachment->parent_type, $id, $from);
     $view->update = $update;
     $view->new_parent = $new_parent;
     $view->attachment = $attachment;
     $view->parent = $parent;
     $view->params = $params;
     $view->from = $from;
     $view->Itemid = JRequest::getInt('Itemid', 1);
     $view->error = false;
     $view->error_msg = false;
     $view->display();
 }
Esempio n. 2
0
 /**
  * Download an attachment (in secure mode)
  *
  * @param int $id the attachment id
  */
 public static function download_attachment($id)
 {
     // Get the info about the attachment
     require_once JPATH_COMPONENT_SITE . '/models/attachment.php';
     $model = new AttachmentsModelAttachment();
     $model->setId($id);
     $attachment = $model->getAttachment();
     if (!$attachment) {
         $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 41)';
         JError::raiseError(500, $errmsg);
     }
     $parent_id = $attachment->parent_id;
     $parent_type = $attachment->parent_type;
     $parent_entity = $attachment->parent_entity;
     // Get the article/parent handler
     JPluginHelper::importPlugin('attachments');
     $apm = getAttachmentsPluginManager();
     if (!$apm->attachmentsPluginInstalled($parent_type)) {
         $errmsg = JText::sprintf('ATTACH_ERROR_UNKNOWN_PARENT_TYPE_S', $parent_type) . ' (ERR 42)';
         JError::raiseError(500, $errmsg);
     }
     $parent = $apm->getAttachmentsPlugin($parent_type);
     // Get the component parameters
     jimport('joomla.application.component.helper');
     $params = JComponentHelper::getParams('com_attachments');
     // Make sure that the user can access the attachment
     if (!$parent->userMayAccessAttachment($attachment)) {
         // If not logged in, warn them to log in
         $user = JFactory::getUser();
         if ($user->get('username') == '') {
             $guest_levels = $params->get('show_guest_access_levels', array('1'));
             if (in_array($attachment->access, $guest_levels)) {
                 // Construct the login request with return URL
                 $app = JFactory::getApplication();
                 $return = $app->getUserState('com_attachments.current_url', '');
                 $redirect_to = JRoute::_('index.php?option=com_attachments&task=requestLogin' . $return);
                 $app = JFactory::getApplication();
                 $app->redirect($redirect_to);
             }
         }
         // Otherwise, just error out
         $errmsg = JText::_('ATTACH_ERROR_NO_PERMISSION_TO_DOWNLOAD') . ' (ERR 43)';
         JError::raiseError(500, $errmsg);
     }
     // Get the other info about the attachment
     $download_mode = $params->get('download_mode', 'attachment');
     $content_type = $attachment->file_type;
     if ($attachment->uri_type == 'file') {
         $filename = $attachment->filename;
         $filename_sys = $attachment->filename_sys;
         // Make sure the file exists
         jimport('joomla.filesystem.file');
         if (!JFile::exists($filename_sys)) {
             $errmsg = JText::sprintf('ATTACH_ERROR_FILE_S_NOT_FOUND_ON_SERVER', $filename) . ' (ERR 44)';
             JError::raiseError(500, $errmsg);
         }
         $file_size = filesize($filename_sys);
         // Construct the downloaded filename
         $filename_info = pathinfo($filename);
         $extension = "." . $filename_info['extension'];
         $basename = basename($filename, $extension);
         // Modify the following line insert a string into
         // the filename of the downloaded file, for example:
         //	  $mod_filename = $basename . "(yoursite)" . $extension;
         $mod_filename = $basename . $extension;
         $model->incrementDownloadCount();
         // Begin writing headers
         ob_clean();
         // Clear any previously written headers in the output buffer
         // Handle MSIE differently...
         jimport('joomla.environment.browser');
         $browser = JBrowser::getInstance();
         $browserType = $browser->getBrowser();
         $browserVersion = $browser->getMajor();
         // Handle older versions of MS Internet Explorer
         if ($browserType == 'msie' and $browserVersion <= 8) {
             // Ensure UTF8 characters in filename are encoded correctly in IE
             $mod_filename = rawurlencode($mod_filename);
             // Tweak the headers for MSIE
             header('Pragma: private');
             header('Cache-control: private, must-revalidate');
             header("Content-Length: " . $file_size);
             // MUST be a number for IE
         } else {
             header('Cache-Control: private, max-age=0, must-revalidate, no-store');
             header("Content-Length: " . (string) $file_size);
         }
         // Force the download
         if ($download_mode == 'attachment') {
             // attachment
             header("Content-Disposition: attachment; filename=\"{$mod_filename}\"");
         } else {
             // inline
             header("Content-Disposition: inline; filename=\"{$mod_filename}\"");
         }
         header('Content-Transfer-Encoding: binary');
         header("Content-Type: {$content_type}");
         // If x-sendfile is available, use it
         if (function_exists('apache_get_modules') && in_array('mod_xsendfile', apache_get_modules())) {
             header("X-Sendfile: {$filename_sys}");
         } else {
             if ($file_size <= 1048576) {
                 // If the file size is one MB or less, use readfile
                 // ??? header("Content-Length: ".$file_size);
                 @readfile($filename_sys);
             } else {
                 // Send it in 8K chunks
                 set_time_limit(0);
                 $file = @fopen($filename_sys, "rb");
                 while (!feof($file) and connection_status() == 0) {
                     print @fread($file, 8 * 1024);
                     ob_flush();
                     flush();
                 }
             }
         }
         exit;
     } else {
         if ($attachment->uri_type == 'url') {
             // Note the download
             $model->incrementDownloadCount();
             // Forward to the URL
             ob_clean();
             // Clear any previously written headers in the output buffer
             header("Location: {$attachment->url}");
         }
     }
 }