/** * Download a file * * @param string $filename File name * @return void */ public function downloadTask($filename) { //get the course $course = Course::getInstance($this->gid); //authorize $authorized = $this->_authorize(); //get the file name if (substr(strtolower($filename), 0, 5) == 'image') { $file = urldecode(substr($filename, 6)); } elseif (substr(strtolower($filename), 0, 4) == 'file') { $file = urldecode(substr($filename, 5)); } //if were on the wiki we need to output files a specific way if ($this->active == 'wiki') { //check to make sure user has access to wiki section if (!in_array(User::get('id'), $course->get('members')) || User::isGuest()) { return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file); } //load wiki page from db require_once PATH_CORE . DS . 'components' . DS . 'com_wiki' . DS . 'tables' . DS . 'page.php'; $page = new \Components\Wiki\Tables\Page($this->database); $page->load(Request::getVar('pagename'), $course->get('cn') . DS . 'wiki'); //check specific wiki page access if ($page->get('access') == 1 && !in_array(User::get('id'), $course->get('members')) && $authorized != 'admin') { return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file); } //get the config and build base path $wiki_config = Component::params('com_wiki'); $base_path = $wiki_config->get('filepath') . DS . $page->get('id'); } else { //check to make sure we can access it if (!in_array(User::get('id'), $course->get('members')) || User::isGuest()) { return App::abort(403, Lang::txt('COM_COURSES_NOT_AUTH') . ' ' . $file); } // Build the path $base_path = $this->config->get('uploadpath'); $base_path .= DS . $course->get('gidNumber'); } // Final path of file $file_path = $base_path . DS . $file; // Ensure the file exist if (!file_exists(PATH_APP . DS . $file_path)) { return App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . ' ' . $file); } // Serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename(PATH_APP . DS . $file_path); $xserver->disposition('attachment'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { return App::abort(404, Lang::txt('COM_COURSES_SERVER_ERROR')); } else { exit; } return; }
/** * Download a file * * @param string $filename File name * @return void */ public function downloadTask($filename = "") { //get the group $group = Group::getInstance($this->cn); // make sure we have a group if (!is_object($group)) { return; } //authorize $authorized = $this->_authorize(); //get the file name if (substr(strtolower($filename), 0, 5) == 'image') { $file = urldecode(substr($filename, 6)); } elseif (substr(strtolower($filename), 0, 4) == 'file') { $file = urldecode(substr($filename, 5)); } else { return; } // clean up file, strip double "uploads" & trim directory sep $file = str_replace('uploads', '', $file); $file = ltrim($file, DS); // get extension $extension = pathinfo($file, PATHINFO_EXTENSION); //if were on the wiki we need to output files a specific way if ($this->active == 'wiki') { //get access level for wiki $access = Group\Helper::getPluginAccess($group, 'wiki'); //check to make sure user has access to wiki section if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) { $this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file); } //load wiki page from db require_once PATH_CORE . DS . 'components' . DS . 'com_wiki' . DS . 'tables' . DS . 'page.php'; $page = new \Components\Wiki\Tables\Page($this->database); $pagename = Request::getVar('pagename'); $scope = Request::getVar('scope', $group->get('cn') . DS . 'wiki'); if ($scope) { $parts = explode('/', $scope); if (count($parts) > 2) { $pagename = array_pop($parts); if (strtolower($filename) == strtolower($pagename)) { $pagename = array_pop($parts); } $scope = implode('/', $parts); } } $page->load($pagename, $scope); //check specific wiki page access if ($page->get('access') == 1 && !in_array(User::get('id'), $group->get('members')) && $authorized != 'admin') { $this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file); return; } //get the config and build base path $wiki_config = \Component::params('com_wiki'); $base_path = $wiki_config->get('filepath') . DS . $page->get('id'); } elseif ($this->active == 'blog') { //get access setting of group blog $access = Group\Helper::getPluginAccess($group, 'blog'); //make sure user has access to blog if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) { $this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file); } //make sure we have a group id of the proper length $groupID = Group\Helper::niceidformat($group->get('gidNumber')); //buld path to blog folder $base_path = $this->config->get('uploadpath') . DS . $groupID . DS . 'blog'; if (!file_exists(PATH_APP . DS . $base_path . DS . $file)) { $base_path = $this->config->get('uploadpath') . DS . $group->get('gidNumber') . DS . 'uploads' . DS . 'blog'; } } else { //get access level for overview or other group pages $access = Group\Helper::getPluginAccess($group, 'overview'); //check to make sure we can access it if ($access == 'members' && !in_array(User::get('id'), $group->get('members')) || $access == 'registered' && User::isGuest()) { $this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH') . ' ' . $file); } // Build the path $base_path = $this->config->get('uploadpath'); $base_path .= DS . $group->get('gidNumber') . DS . 'uploads'; } // trim base path $base_path = ltrim($base_path, DS); // only can serve files from within /site/groups/{group_id}/uploads/ $pathCheck = PATH_APP . DS . $base_path; // Final path of file $file_path = $base_path . DS . $file; $alt_file_path = null; // if super group offer alt path outside uploads if ($group->isSuperGroup()) { $alt_file_path = str_replace('/uploads', '', $base_path) . DS . $file; // if super group can serve files anywhere inside /site/groups/{group_id} $altPathCheck = PATH_APP . DS . ltrim($alt_file_path); } // Ensure the file exist if (!file_exists(PATH_APP . DS . $file_path)) { if ($alt_file_path == null || !file_exists(PATH_APP . DS . $alt_file_path)) { $this->_errorHandler(404, Lang::txt('COM_GROUPS_ERROR_FILE_NOT_FOUND') . ' ' . $file); return; } else { $file_path = $alt_file_path; $pathCheck = $altPathCheck; } } // get full path, expanding ../ if ($realPath = realpath(PATH_APP . DS . $file_path)) { // make sure requested file is within acceptable dir if (strpos($realPath, $pathCheck) === false) { $this->_errorHandler(404, Lang::txt('COM_GROUPS_ERROR_FILE_NOT_FOUND') . ' ' . $file); return; } } // new content server $contentServer = new \Hubzero\Content\Server(); $contentServer->filename(PATH_APP . DS . $file_path); $contentServer->disposition('attachment'); $contentServer->acceptranges(false); // do we need to manually set mime type if ($extension == 'css') { $contentServer->setContentType('text/css'); } // Serve up the file if (!$contentServer->serve()) { App::abort(404, Lang::txt('COM_GROUPS_SERVER_ERROR')); } else { exit; } return; }