/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Check logged in status if (User::isGuest()) { $return = base64_encode(Request::getVar('REQUEST_URI', Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=' . $this->_task, false, true), 'server')); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return, false)); return; } // Get the ID of the file requested $id = Request::getInt('id', 0); // Instantiate an attachment object $attach = new Tables\Attachment($this->database); $attach->load($id); if (!$attach->filename) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } $file = $attach->filename; // Get the parent ticket the file is attached to $row = new Tables\Ticket($this->database); $row->load($attach->ticket); if (!$row->report) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_TICKET_NOT_FOUND'), 404); } // Load ACL if ($row->login == User::get('username') || $row->owner == User::get('id')) { if (!$this->acl->check('read', 'tickets')) { $this->acl->setAccess('read', 'tickets', 1); } } if ($this->acl->authorize($row->group)) { $this->acl->setAccess('read', 'tickets', 1); } // Ensure the user is authorized to view this file if (!$this->acl->check('read', 'tickets')) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_NOT_AUTH'), 403); } // Ensure we have a path if (empty($file)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } // Get the configured upload path $basePath = DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $attach->ticket; // Does the path start with a slash? $file = DS . ltrim($file, DS); // Does the beginning of the $attachment->path match the config path? if (substr($file, 0, strlen($basePath)) == $basePath) { // Yes - this means the full path got saved at some point } else { // No - append it $file = $basePath . $file; } // Add root path $filename = PATH_APP . $file; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_SUPPORT_ERROR_SERVING_FILE'), 500); } else { exit; } return; }
/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Get the ID of the file requested $id = Request::getInt('id', 0); // Instantiate an attachment object $attach = new Tables\Attachment($this->database); $attach->load($id); if (!$attach->filename) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); return; } $file = $attach->filename; // Ensure we have a path if (empty($file)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } // Get the configured upload path $basePath = DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $attach->ticket; $file = DS . ltrim($file, DS); // Does the beginning of the $attachment->path match the config path? if (substr($file, 0, strlen($basePath)) == $basePath) { // Yes - this means the full path got saved at some point } else { // No - append it $file = $basePath . $file; } // Add root path $filename = PATH_APP . $file; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_SUPPORT_SERVER_ERROR'), 404); } else { exit; } return; }
/** * Process an attachment macro and output a link to the file * * @param array $matches Macro info * @return string HTML */ protected function _getAttachment($matches) { $tokens = explode('#', $matches[0]); $id = intval(end($tokens)); $attach = new Tables\Attachment($this->_db); $attach->load($id); if ($attach->id && !$attach->comment_id) { $attach->comment_id = $this->get('id'); $attach->created = $this->get('created'); $attach->created_by = $this->creator('id'); $attach->store(); } if (!$this->_cache['attachments.list'] instanceof ItemList) { $this->_cache['attachments.list'] = new ItemList(array()); } $this->_cache['attachments.list']->add(new Attachment($attach)); return ''; }