/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Incoming $section = Request::getVar('section', ''); $category = Request::getVar('category', ''); $thread = Request::getInt('thread', 0); $post = Request::getInt('post', 0); $file = Request::getVar('file', ''); // Ensure we have a database object if (!$this->database) { throw new Exception(Lang::txt('COM_FORUM_DATABASE_NOT_FOUND'), 500); } // Instantiate an attachment object $attach = new Tables\Attachment($this->database); if (!$post) { $attach->loadByThread($thread, $file); } else { $attach->loadByPost($post); } if (!$attach->filename) { throw new Exception(Lang::txt('COM_FORUM_FILE_NOT_FOUND'), 404); } $file = $attach->filename; // Get the parent ticket the file is attached to $row = new Tables\Post($this->database); $row->load($attach->post_id); if (!$row->id) { throw new Exception(Lang::txt('COM_FORUM_POST_NOT_FOUND'), 404); } // Check logged in status if ($row->access > 0 && User::isGuest()) { $return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '§ion=' . $section . '&category=' . $category . '&thread=' . $thread . '&post=' . $post . '&file=' . $file)); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return)); return; } // Load ACL $this->_authorize('thread', $row->id); // Ensure the user is authorized to view this file if (!$this->config->get('access-view-thread')) { throw new Exception(Lang::txt('COM_FORUM_NOT_AUTH_FILE'), 403); } // Ensure we have a path if (empty($file)) { throw new Exception(Lang::txt('COM_FORUM_FILE_NOT_FOUND'), 404); } // Get the configured upload path $basePath = DS . trim($this->config->get('webpath', '/site/forum'), DS) . DS . $attach->parent . DS . $attach->post_id; // Does the path start with a slash? if (substr($file, 0, 1) != DS) { $file = DS . $file; // Does the beginning of the $attachment->filename match the config path? if (substr($file, 0, strlen($basePath)) == $basePath) { // Yes - this means the full path got saved at some point } else { // No - append it $file = $basePath . $file; } } // Add PATH_CORE $filename = PATH_APP . $file; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_FORUM_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($filename); $server->disposition('inline'); $server->acceptranges(false); // @TODO fix byte range support if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_FORUM_SERVER_ERROR'), 500); } else { exit; } return; }
/** * Sets the state of one or more entries * * @return void */ public function accessTask() { // Check for request forgeries Request::checkToken(['get', 'post']); // Incoming $category = Request::getInt('category_id', 0); $state = Request::getInt('access', 0); $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // Check for an ID if (count($ids) < 1) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&category_id=' . $category, false), Lang::txt('COM_FORUM_SELECT_ENTRY_TO_CHANGE_ACCESS'), 'error'); return; } foreach ($ids as $id) { // Update record(s) $row = new Post($this->database); $row->load(intval($id)); $row->access = $state; if (!$row->store()) { throw new Exception($row->getError(), 500); } } // set message App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&category_id=' . $category, false), Lang::txt('COM_FORUM_ITEMS_ACCESS_CHANGED', count($ids))); }