/** * Send a file to the browser so the "save as …" dialogue opens * * @param string $strFile The file path */ public static function sendFileToBrowser($strFile) { // Make sure there are no attempts to hack the file system if (preg_match('@^\\.+@i', $strFile) || preg_match('@\\.+/@i', $strFile) || preg_match('@(://)+@i', $strFile)) { throw new PageNotFoundException('Invalid file name'); } // Limit downloads to the files directory if (!preg_match('@^' . preg_quote(\Config::get('uploadPath'), '@') . '@i', $strFile)) { throw new PageNotFoundException('Invalid path'); } // Check whether the file exists if (!file_exists(TL_ROOT . '/' . $strFile)) { throw new PageNotFoundException('File not found'); } $objFile = new \File($strFile); $arrAllowedTypes = trimsplit(',', strtolower(\Config::get('allowedDownload'))); // Check whether the file type is allowed to be downloaded if (!in_array($objFile->extension, $arrAllowedTypes)) { throw new AccessDeniedException(sprintf('File type "%s" is not allowed', $objFile->extension)); } // HOOK: post download callback if (isset($GLOBALS['TL_HOOKS']['postDownload']) && is_array($GLOBALS['TL_HOOKS']['postDownload'])) { foreach ($GLOBALS['TL_HOOKS']['postDownload'] as $callback) { static::importStatic($callback[0])->{$callback}[1]($strFile); } } // Send the file (will stop the script execution) $objFile->sendToBrowser(); }
/** * Export a theme * * @param DataContainer $dc */ public function exportTheme(DataContainer $dc) { // Get the theme meta data $objTheme = $this->Database->prepare("SELECT * FROM tl_theme WHERE id=?")->limit(1)->execute($dc->id); if ($objTheme->numRows < 1) { return; } // Romanize the name $strName = Utf8::toAscii($objTheme->name); $strName = strtolower(str_replace(' ', '_', $strName)); $strName = preg_replace('/[^A-Za-z0-9._-]/', '', $strName); $strName = basename($strName); // Create a new XML document $xml = new \DOMDocument('1.0', 'UTF-8'); $xml->formatOutput = true; // Root element $tables = $xml->createElement('tables'); $tables = $xml->appendChild($tables); // Add the tables $this->addTableTlTheme($xml, $tables, $objTheme); $this->addTableTlStyleSheet($xml, $tables, $objTheme); $this->addTableTlImageSize($xml, $tables, $objTheme); $this->addTableTlModule($xml, $tables, $objTheme); $this->addTableTlLayout($xml, $tables, $objTheme); // Generate the archive $strTmp = md5(uniqid(mt_rand(), true)); $objArchive = new \ZipWriter('system/tmp/' . $strTmp); // Add the files $this->addTableTlFiles($xml, $tables, $objTheme, $objArchive); // Add the template files $this->addTemplatesToArchive($objArchive, $objTheme->templates); // HOOK: add custom logic if (isset($GLOBALS['TL_HOOKS']['exportTheme']) && is_array($GLOBALS['TL_HOOKS']['exportTheme'])) { foreach ($GLOBALS['TL_HOOKS']['exportTheme'] as $callback) { \System::importStatic($callback[0])->{$callback[1]}($xml, $objArchive, $objTheme->id); } } // Add the XML document $objArchive->addString($xml->saveXML(), 'theme.xml'); // Close the archive $objArchive->close(); // Open the "save as …" dialogue $objFile = new \File('system/tmp/' . $strTmp); $objFile->sendToBrowser($strName . '.cto'); }
/** * Run the controller and parse the template * * @return Response */ public function run() { if ($this->strFile == '') { die('No file given'); } // Make sure there are no attempts to hack the file system if (preg_match('@^\\.+@i', $this->strFile) || preg_match('@\\.+/@i', $this->strFile) || preg_match('@(://)+@i', $this->strFile)) { die('Invalid file name'); } // Limit preview to the files directory if (!preg_match('@^' . preg_quote(\Config::get('uploadPath'), '@') . '@i', $this->strFile)) { die('Invalid path'); } // Check whether the file exists if (!file_exists(TL_ROOT . '/' . $this->strFile)) { die('File not found'); } // Check whether the file is mounted (thanks to Marko Cupic) if (!$this->User->hasAccess($this->strFile, 'filemounts')) { die('Permission denied'); } // Open the download dialogue if (\Input::get('download')) { $objFile = new \File($this->strFile); $objFile->sendToBrowser(); } /** @var BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_popup'); // Add the resource (see #6880) if (($objModel = \FilesModel::findByPath($this->strFile)) === null) { if (\Dbafs::shouldBeSynchronized($this->strFile)) { $objModel = \Dbafs::addResource($this->strFile); } } if ($objModel !== null) { $objTemplate->uuid = \StringUtil::binToUuid($objModel->uuid); // see #5211 } // Add the file info if (is_dir(TL_ROOT . '/' . $this->strFile)) { $objFile = new \Folder($this->strFile); $objTemplate->filesize = $this->getReadableSize($objFile->size) . ' (' . number_format($objFile->size, 0, $GLOBALS['TL_LANG']['MSC']['decimalSeparator'], $GLOBALS['TL_LANG']['MSC']['thousandsSeparator']) . ' Byte)'; } else { $objFile = new \File($this->strFile); // Image if ($objFile->isImage) { $objTemplate->isImage = true; $objTemplate->width = $objFile->width; $objTemplate->height = $objFile->height; $objTemplate->src = $this->urlEncode($this->strFile); } $objTemplate->href = ampersand(\Environment::get('request'), true) . '&download=1'; $objTemplate->filesize = $this->getReadableSize($objFile->filesize) . ' (' . number_format($objFile->filesize, 0, $GLOBALS['TL_LANG']['MSC']['decimalSeparator'], $GLOBALS['TL_LANG']['MSC']['thousandsSeparator']) . ' Byte)'; } $objTemplate->icon = $objFile->icon; $objTemplate->mime = $objFile->mime; $objTemplate->ctime = \Date::parse(\Config::get('datimFormat'), $objFile->ctime); $objTemplate->mtime = \Date::parse(\Config::get('datimFormat'), $objFile->mtime); $objTemplate->atime = \Date::parse(\Config::get('datimFormat'), $objFile->atime); $objTemplate->path = specialchars($this->strFile); $objTemplate->theme = \Backend::getTheme(); $objTemplate->base = \Environment::get('base'); $objTemplate->language = $GLOBALS['TL_LANGUAGE']; $objTemplate->title = specialchars($this->strFile); $objTemplate->charset = \Config::get('characterSet'); $objTemplate->label_uuid = $GLOBALS['TL_LANG']['MSC']['fileUuid']; $objTemplate->label_imagesize = $GLOBALS['TL_LANG']['MSC']['fileImageSize']; $objTemplate->label_filesize = $GLOBALS['TL_LANG']['MSC']['fileSize']; $objTemplate->label_ctime = $GLOBALS['TL_LANG']['MSC']['fileCreated']; $objTemplate->label_mtime = $GLOBALS['TL_LANG']['MSC']['fileModified']; $objTemplate->label_atime = $GLOBALS['TL_LANG']['MSC']['fileAccessed']; $objTemplate->label_path = $GLOBALS['TL_LANG']['MSC']['filePath']; $objTemplate->download = specialchars($GLOBALS['TL_LANG']['MSC']['fileDownload']); return $objTemplate->getResponse(); }