/** * Handle request and build XML */ protected function buildXml() { parent::buildXml(); $extractDir = !empty($_POST['extractDir']) ? ltrim($_POST['extractDir'], '/') : ''; $extractDir = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($extractDir); if (preg_match(QFINDER_REGEX_INVALID_PATH, $extractDir)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $extractPath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $extractDir . '/'); $extractClientPath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getClientPath(), $extractDir); // acl for upload dir $_aclConfig = $this->_config->getAccessControlConfig(); $aclMask = $_aclConfig->getComputedMask($this->_currentFolder->getResourceTypeName(), $extractDir); if (!(($aclMask & QFINDER_CONNECTOR_ACL_FOLDER_CREATE) == QFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (empty($_POST['force']) && file_exists($extractPath) && is_dir($extractPath) && !QFinder_Connector_Utils_FileSystem::isEmptyDir($extractPath)) { $dirExists = new QFinder_Connector_Utils_XmlNode("FolderExists"); $oErrorNode = new QFinder_Connector_Utils_XmlNode("Folder"); $oErrorNode->addAttribute("name", $extractDir); $dirExists->addChild($oErrorNode); $this->_connectorNode->addChild($dirExists); return; } elseif (!empty($_POST['force']) && $_POST['force'] == 'overwrite') { if (!(($aclMask & QFINDER_CONNECTOR_ACL_FILE_UPLOAD | QFINDER_CONNECTOR_ACL_FILE_DELETE) == QFINDER_CONNECTOR_ACL_FILE_UPLOAD | QFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if ($extractDir && file_exists($extractPath) && is_dir($extractPath)) { if (!(($aclMask & QFINDER_CONNECTOR_ACL_FOLDER_CREATE | QFINDER_CONNECTOR_ACL_FOLDER_DELETE) == QFINDER_CONNECTOR_ACL_FOLDER_CREATE | QFINDER_CONNECTOR_ACL_FOLDER_DELETE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!QFinder_Connector_Utils_FileSystem::unlink($extractPath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } } } else { if (!empty($_POST['force']) && $_POST['force'] !== 'merge') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } for ($i = 0; $i < $this->zip->numFiles; $i++) { $fileName = $this->zip->getNameIndex($i); $filePathInfo = pathinfo($fileName); $sFileName = $this->checkOneFile($filePathInfo, $fileName); // security test failed, add to skipped if ($sFileName) { $this->extractTo($extractPath, $extractClientPath, $filePathInfo, $sFileName, $fileName); } } $this->zip->close(); $this->_connectorNode->addChild($this->unzippedNodes); if ($this->errorCode != QFINDER_CONNECTOR_ERROR_NONE) { $this->_connectorNode->addChild($this->skippedFilesNode); $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ZIP_FAILED); } }