/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Incoming $section = Request::getVar('section', ''); $category = Request::getVar('category', ''); $thread_id = Request::getInt('thread', 0); $post_id = Request::getInt('post', 0); $file = Request::getVar('file', ''); // Instantiate an attachment object if (!$post_id) { $attach = Attachment::oneByThread($thread_id, $file); } else { $attach = Attachment::oneByPost($post_id); } if (!$attach->get('filename')) { App::abort(404, Lang::txt('COM_FORUM_FILE_NOT_FOUND')); } // Get the parent ticket the file is attached to $post = $attach->post(); if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) { App::abort(404, ang::txt('COM_FORUM_POST_NOT_FOUND')); } // Check logged in status if (User::isGuest() && !in_array($post->get('access'), User::getAuthorisedViewLevels())) { $return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '§ion=' . $section . '&category=' . $category . '&thread=' . $thread_id . '&post=' . $post_id . '&file=' . $file)); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return)); } // Load ACL $this->_authorize('thread', $post->get('thread')); // Ensure the user is authorized to view this file if (!$this->config->get('access-view-thread')) { App::abort(403, Lang::txt('COM_FORUM_NOT_AUTH_FILE')); } // Get the configured upload path $filename = $attach->path(); // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('COM_FORUM_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT))); } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($filename); $server->disposition('inline'); $server->acceptranges(false); // @TODO fix byte range support if (!$server->serve()) { // Should only get here on error App::abort(500, Lang::txt('COM_FORUM_SERVER_ERROR')); } exit; }
/** * Serves up files only after passing access checks * * @return void */ public function download() { // Incoming $thread = Request::getInt('group', 0); $post = Request::getInt('asset', 0); $file = Request::getVar('file', ''); // Check logged in status if (User::isGuest()) { $return = Route::url($this->offering->link() . '&active=' . $this->_name . '&unit=download&b=' . $thread . '&file=' . $file); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return))); return; } // Ensure we have a database object if (!$this->database) { App::abort(500, Lang::txt('PLG_COURSES_DISCUSSIONS_DATABASE_NOT_FOUND')); return; } // Instantiate an attachment object if (!$post_id) { $attach = Attachment::oneByThread($thread_id, $file); } else { $attach = Attachment::oneByPost($post_id); } if (!$attach->get('filename')) { App::abort(404, Lang::txt('PLG_COURSES_FORUM_FILE_NOT_FOUND')); } // Get the parent ticket the file is attached to $post = $attach->post(); if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) { App::abort(404, Lang::txt('PLG_COURSES_FORUM_POST_NOT_FOUND')); } // Load ACL $this->_authorize('thread', $post->get('thread')); // Ensure the user is authorized to view this file if (!$this->course->access('view')) { App::abort(403, Lang::txt('PLG_COURSES_DISCUSSIONS_NOT_AUTH_FILE')); } // Get the configured upload path $filename = $attach->path(); // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('PLG_COURSES_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT))); } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error App::abort(404, Lang::txt('PLG_COURSES_DISCUSSIONS_SERVER_ERROR')); } exit; }