/** * Rolls back any changes made to the DB during the update process. * * @param $backupPath * * @return null */ public static function rollBackDatabaseChanges($backupPath) { $dbBackup = new DbBackup(); $fileName = $backupPath . '.sql'; $fullBackupPath = craft()->path->getDbBackupPath() . $fileName; if (PathHelper::ensurePathIsContained($fileName)) { $dbBackup->restore($fullBackupPath); } else { Craft::log('Someone tried to restore a database from outside of the Craft backups folder: ' . $fullBackupPath, LogLevel::Warning); } }
/** * Sends a resource back to the browser. * * @param string $path * * @throws HttpException * @return null */ public function sendResource($path) { if (PathHelper::ensurePathIsContained($path) === false) { throw new HttpException(404); } $cachedPath = $this->getCachedResourcePath($path); if ($cachedPath) { if ($cachedPath == ':(') { // 404 $realPath = false; } else { // We've got it already $realPath = $cachedPath; } } else { // We don't have a cache of the file system path, so let's get it $realPath = $this->getResourcePath($path); // Now cache it $this->cacheResourcePath($path, $realPath); } if ($realPath === false || !IOHelper::fileExists($realPath)) { throw new HttpException(404); } // If there is a timestamp and HTTP_IF_MODIFIED_SINCE exists, check the timestamp against requested file's last // modified date. If the last modified date is less than the timestamp, return a 304 not modified and let the // browser serve it from cache. $timestamp = craft()->request->getParam($this->dateParam, null); if ($timestamp !== null && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) { $requestDate = DateTime::createFromFormat('U', $timestamp); $lastModifiedFileDate = IOHelper::getLastTimeModified($realPath); if ($lastModifiedFileDate && $lastModifiedFileDate <= $requestDate) { // Let the browser serve it from cache. HeaderHelper::setHeader('HTTP/1.1 304 Not Modified'); craft()->end(); } } // Note that $content may be empty -- they could be requesting a blank text file or something. It doens't matter. // No need to throw a 404. $content = IOHelper::getFileContents($realPath); // Normalize URLs in CSS files $mimeType = IOHelper::getMimeTypeByExtension($realPath); if (mb_strpos($mimeType, 'css') !== false) { $content = preg_replace_callback('/(url\\(([\'"]?))(.+?)(\\2\\))/', array(&$this, '_normalizeCssUrl'), $content); } if (!craft()->config->get('useXSendFile')) { $options['forceDownload'] = false; if (craft()->request->getQuery($this->dateParam)) { $options['cache'] = true; } craft()->request->sendFile($realPath, $content, $options); } else { craft()->request->xSendFile($realPath); } // You shall not pass. craft()->end(); }
/** * Ensures that a template name isn't null, and that it doesn't lead outside the template folder. Borrowed from * {@link Twig_Loader_Filesystem}. * * @param string $name * * @throws \Twig_Error_Loader */ private function _validateTemplateName($name) { if (mb_strpos($name, "") !== false) { throw new \Twig_Error_Loader(Craft::t('A template name cannot contain NUL bytes.')); } if (PathHelper::ensurePathIsContained($name) === false) { throw new \Twig_Error_Loader(Craft::t('Looks like you try to load a template outside the template folder: {template}.', array('template' => $name))); } }