/** * Download a file * * @return void */ public function downloadTask() { $file = Request::getVar('file', ''); $item = Request::getInt('post', 0); $post = Post::getInstance($item); // Instantiate an attachment object $asset = Asset::getInstance($file, $post->get('item_id')); // Ensure record exist if (!$asset->get('id') || $post->item()->get('state') == 2) { throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND'), 404); } // Check authorization if ($post->item()->get('access') == 4 && User::isGuest()) { throw new Exception(Lang::txt('COM_COLLECTIONS_ERROR_ACCESS_DENIED_TO_FILE'), 403); } // Ensure we have a path if (!$asset->get('filename')) { throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND'), 404); } // Get the configured upload path $filename = $asset->filespace() . DS . $asset->get('item_id') . DS . ltrim($asset->get('filename'), DS); // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND') . ' ' . $filename, 404); } $ext = strtolower(Filesystem::extension($filename)); // Initiate a new content server and serve up the file $server = new Server(); $server->filename($filename); $server->disposition('attachment'); if (in_array($ext, array('jpg', 'jpeg', 'jpe', 'png', 'gif'))) { $server->disposition('inline'); } $server->acceptranges(false); // @TODO fix byte range support if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_COLLECTIONS_SERVER_ERROR'), 500); } else { exit; } }
/** * Download a file * * @return void */ public function downloadTask() { $archive = new Archive('site', 0); $entry = Entry::oneByScope(Request::getVar('alias', ''), 'site', 0); if (!$entry->get('id') || !$entry->access('view')) { throw new Exception(Lang::txt('Access denied.'), 403); } if (!($file = Request::getVar('file', ''))) { $filename = array_pop(explode('/', $_SERVER['REQUEST_URI'])); // Get the file name if (substr(strtolower($filename), 0, strlen('image:')) == 'image:') { $file = substr($filename, strlen('image:')); } elseif (substr(strtolower($filename), 0, strlen('file:')) == 'file:') { $file = substr($filename, strlen('file:')); } } // Decode file name $file = urldecode($file); // Build file path $file_path = $archive->filespace() . DS . $file; // Ensure the file exist if (!file_exists($file_path)) { throw new InvalidArgumentException(Lang::txt('The requested file could not be found: %s', $file), 404); } // Serve up the image $server = new Server(); $server->filename($file_path); $server->disposition('inline'); $server->acceptranges(false); // @TODO fix byte range support // Serve up file if (!$server->serve()) { // Should only get here on error throw new RuntimeException(Lang::txt('An error occurred while trying to output the file'), 500); } else { exit; } }
/** * Handle request in stack * * @param object $request Request * @return mixed */ public function handle(Request $request) { $response = $this->next($request); $filename = $this->app['moderator']->getPath(); // Ensure the file exist if (!file_exists($filename)) { // Return message header('HTTP/1.1 404 Not found'); exit; } // Initiate a new content server $server = new Server(); $server->disposition('inline'); $server->acceptranges(true); $server->allowXsendFile(); $server->filename($filename); // Serve up the file $result = $server->serve(); return $response; }
/** * Serve up an offering logo * * @return void */ public function logoTask() { if (!($logo = $this->course->offering()->section()->logo())) { $logo = $this->course->offering()->logo(); } $file = PATH_APP . $logo; // Initiate a new content server and serve up the file $server = new Server(); $server->filename($file); $server->disposition('inline'); $server->acceptranges(false); if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_COURSES_SERVER_ERROR'), 404); } else { exit; } }
/** * Download a wiki file * * @return void */ public function downloadTask() { // Get some needed libraries if (!$this->course->access('view')) { return App::abort(404, Lang::txt('COM_COURSES_NO_COURSE_FOUND')); } // Get the scope of the parent page the file is attached to $filename = Request::getVar('file', ''); if (substr(strtolower($filename), 0, strlen('image:')) == 'image:') { $filename = substr($filename, strlen('image:')); } else { if (substr(strtolower($filename), 0, strlen('file:')) == 'file:') { $filename = substr($filename, strlen('file:')); } } $filename = urldecode($filename); $filename = \Filesystem::clean($filename); $filename = str_replace(' ', '_', $filename); // Get the configured upload path $base_path = DS . trim($this->config->get('filepath', '/site/courses'), DS) . DS . $this->course->get('id') . DS . 'pagefiles'; // Does the path start with a slash? $filename = DS . ltrim($filename, DS); // Does the beginning of the $attachment->path match the config path? if (substr($filename, 0, strlen($base_path)) == $base_path) { // Yes - this means the full path got saved at some point } else { // No - append it $filename = $base_path . $filename; } // Add PATH_CORE $filepath = PATH_APP . $filename; // Ensure the file exist if (!file_exists($filepath)) { return App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . ' ' . $filename); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filepath); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_COURSES_SERVER_ERROR'), 500); } else { exit; } return; }
/** * Download an attachment * * @return void */ public function downloadTask() { $file = Request::getVar('file', ''); $wishid = Request::getInt('wishid', 0); $wish = new Wish($wishid); // Ensure we have a path if (!$wish->exists() || $wish->isDeleted() || $wish->isWithdrawn()) { throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND'), 404); } $attachment = new Attachment($file, $wishid); // Ensure we have a path if (!$attachment->exists()) { throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND'), 404); } //make sure that file is acceptable type if (!$attachment->isAllowedType()) { throw new Exception(Lang::txt('Unknown file type.'), 404); } // Add PATH_CORE $filename = $attachment->link('file'); // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('attachment'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_WISHLIST_SERVER_ERROR'), 500); } else { exit; } return; }
/** * Gets form images * * @apiMethod GET * @apiUri /courses/form/image * @apiParameter { * "name": "id", * "description": "Form ID", * "type": "integer", * "required": true, * "default": null * } * @apiParameter { * "name": "form_version", * "description": "Form version number", * "type": "integer", * "required": false, * "default": null * } * @apiParameter { * "name": "file", * "description": "Image filename", * "type": "string", * "required": true, * "default": null * } * @apiParameter { * "name": "token", * "description": "Session authentication token", * "type": "string", * "required": true, * "default": null * } * @return void */ public function imageTask() { $id = Request::getInt('id', 0); $version = Request::getInt('form_version', 0); $filename = Request::getVar('file', ''); $filename = urldecode($filename); $filename = PATH_APP . DS . 'site' . DS . 'courses' . DS . 'forms' . DS . $id . DS . ($version ? $version . DS : '') . ltrim($filename, DS); // Ensure the file exist if (!file_exists($filename)) { // Return message App::abort(404, 'Image not found'); } // Add silly simple security check $token = Request::getString('token', false); $session_id = App::get('session')->getId(); $secret = Config::get('secret'); $hash = hash('sha256', $session_id . ':' . $secret); if ($token !== $hash) { App::abort(401, 'You don\'t have permission to do this'); } // Initiate a new content server and serve up the file header("HTTP/1.1 200 OK"); $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); if (!$xserver->serve()) { // Return message App::abort(500, 'Failed to serve the image'); } }
/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Get the ID of the file requested $id = Request::getInt('id', 0); // Instantiate an attachment object $attach = new Tables\Attachment($this->database); $attach->load($id); if (!$attach->filename) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); return; } $file = $attach->filename; // Ensure we have a path if (empty($file)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } // Get the configured upload path $basePath = DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $attach->ticket; $file = DS . ltrim($file, DS); // Does the beginning of the $attachment->path match the config path? if (substr($file, 0, strlen($basePath)) == $basePath) { // Yes - this means the full path got saved at some point } else { // No - append it $file = $basePath . $file; } // Add root path $filename = PATH_APP . $file; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_SUPPORT_SERVER_ERROR'), 404); } else { exit; } return; }
/** * Generate a receipt * * @return void */ public function receiptTask() { // Incoming $id = Request::getInt('id', 0); // Load the order $row = new Order($this->database); $row->load($id); // Instantiate an OrderItem object $oi = new OrderItem($this->database); if ($id) { // Get order items $orderitems = $oi->getOrderItems($id); if ($orderitems) { foreach ($orderitems as $r) { $params = new Registry($r->params); $selections = new Registry($r->selections); // Get size selection $r->sizes = $params->get('size', ''); $r->sizes = str_replace(' ', '', $r->sizes); $r->selectedsize = trim($selections->get('size', '')); $r->sizes = preg_split('/,/', $r->sizes); $r->sizeavail = in_array($r->selectedsize, $r->sizes) ? 1 : 0; // Get color selection $r->colors = $params->get('color', ''); $r->colors = str_replace(' ', '', $r->colors); $r->selectedcolor = trim($selections->get('color', '')); $r->colors = preg_split('/,/', $r->colors); } } else { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('Order empty, cannot generate receipt'), 'error'); return; } $customer = User::getInstance($row->uid); } else { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('Need order ID to issue a receipt'), 'error'); return; } // Include needed libraries // require_once(JPATH_COMPONENT . DS . 'helpers' . DS . 'receipt.pdf.php'); // Build the link displayed $sef = Route::url('index.php?option=' . $this->_option); if (substr($sef, 0, 1) == '/') { $sef = substr($sef, 1, strlen($sef)); } $webpath = str_replace('/administrator/', '/', Request::base() . $sef); $webpath = str_replace('//', '/', $webpath); if (isset($_SERVER['HTTPS'])) { $webpath = str_replace('http:', 'https:', $webpath); } if (!strstr($webpath, '://')) { $webpath = str_replace(':/', '://', $webpath); } //require_once(PATH_CORE . DS . 'libraries/tcpdf/tcpdf.php'); $pdf = new \TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false); $receipt_title = $this->config->get('receipt_title') ? $this->config->get('receipt_title') : 'Your Order'; $hubaddress = array(); $hubaddress[] = $this->config->get('hubaddress_ln1') ? $this->config->get('hubaddress_ln1') : ''; $hubaddress[] = $this->config->get('hubaddress_ln2') ? $this->config->get('hubaddress_ln2') : ''; $hubaddress[] = $this->config->get('hubaddress_ln3') ? $this->config->get('hubaddress_ln3') : ''; $hubaddress[] = $this->config->get('hubaddress_ln4') ? $this->config->get('hubaddress_ln4') : ''; $hubaddress[] = $this->config->get('hubaddress_ln5') ? $this->config->get('hubaddress_ln5') : ''; $hubaddress[] = $this->config->get('hubemail') ? $this->config->get('hubemail') : ''; $hubaddress[] = $this->config->get('hubphone') ? $this->config->get('hubphone') : ''; $headertext_ln1 = $this->config->get('headertext_ln1') ? $this->config->get('headertext_ln1') : ''; $headertext_ln2 = $this->config->get('headertext_ln2') ? $this->config->get('headertext_ln2') : Config::get('sitename'); $footertext = $this->config->get('footertext') ? $this->config->get('footertext') : 'Thank you for contributions to our HUB!'; $receipt_note = $this->config->get('receipt_note') ? $this->config->get('receipt_note') : ''; // Get front-end template name $sql = "SELECT template FROM `#__template_styles` WHERE `client_id`=0 AND `home`=1"; $this->database->setQuery($sql); $tmpl = $this->database->loadResult(); // set default header data $pdf->SetHeaderData(NULL, 0, strtoupper($receipt_title) . ' - #' . $id, NULL, array(84, 94, 124), array(146, 152, 169)); $pdf->setFooterData(array(255, 255, 255), array(255, 255, 255)); // set header and footer fonts $pdf->setHeaderFont(array(PDF_FONT_NAME_MAIN, '', PDF_FONT_SIZE_MAIN)); $pdf->setFooterFont(array(PDF_FONT_NAME_DATA, '', PDF_FONT_SIZE_DATA)); // set margins $pdf->SetMargins(PDF_MARGIN_LEFT, PDF_MARGIN_TOP, PDF_MARGIN_RIGHT); $pdf->SetHeaderMargin(10); $pdf->SetFooterMargin(PDF_MARGIN_FOOTER); // set auto page breaks $pdf->SetAutoPageBreak(TRUE, PDF_MARGIN_BOTTOM); // set image scale factor $pdf->setImageScale(PDF_IMAGE_SCALE_RATIO); // Set font $pdf->SetFont('dejavusans', '', 11, '', true); $pdf->AddPage(); // HTML content $this->view->setLayout('receipt'); $this->view->hubaddress = $hubaddress; $this->view->headertext_ln1 = $headertext_ln1; $this->view->headertext_ln2 = $headertext_ln2; $this->view->receipt_note = $receipt_note; $this->view->receipt_title = $receipt_title; $this->view->option = $this->_option; $this->view->url = $webpath; $this->view->customer = $customer; $this->view->row = $row; $this->view->orderitems = $orderitems; $html = $this->view->loadTemplate(); // output the HTML content $pdf->writeHTML($html, true, false, true, false, ''); // --------------------------------------------------------- $dir = PATH_APP . DS . 'site' . DS . 'store' . DS . 'temp'; $tempFile = $dir . DS . 'receipt_' . $id . '.pdf'; if (!is_dir($dir)) { if (!\Filesystem::makeDirectory($dir)) { throw new Exception(Lang::txt('Failed to create folder to store receipts'), 500); } } // Close and output PDF document $pdf->Output($tempFile, 'F'); if (is_file($tempFile)) { $xserver = new Server(); $xserver->filename($tempFile); $xserver->serve_inline($tempFile); exit; } else { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('There was an error creating a receipt'), 'error'); return; } return; }
/** * Displays a list of courses * * @return void */ public function displayTask() { $course = Course::getInstance(Request::getVar('course', '')); $offering = $course->offering(Request::getVar('offering', '')); // Ensure the course exists if (!$course->exists() || !$offering->exists()) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=courses'), Lang::txt('COM_COURSES_ERROR_COURSE_OR_OFFERING_NOT_FOUND'), 'error'); return; } // Ensure specified user is enrolled in the course //$student = $offering->member(User::get('id')); $student = Member::getInstance(User::get('id'), $course->get('id'), $offering->get('id'), null, 1); if (!$student->exists()) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=courses'), Lang::txt('COM_COURSES_ERROR_STUDENT_RECORD_NOT_FOUND'), 'error'); return; } $certificate = $course->certificate(); if (!$certificate->exists() || !$certificate->hasFile()) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=courses'), Lang::txt('COM_COURSES_ERROR_NO_CERTIFICATE_FOR_COURSE'), 'error'); return; } // Path and file name $dir = PATH_APP . DS . 'site' . DS . 'courses' . DS . 'certificates'; $file = $dir . DS . 'certificate_' . $course->get('id') . '_' . $offering->get('id') . '_' . User::get('id') . '.pdf'; // If the file exists and we want to force regenerate it if (is_file($file) && Request::getInt('regenerate', 0)) { if (!Filesystem::delete($file)) { throw new Exception(Lang::txt('UNABLE_TO_DELETE_FILE'), 500); } } // Does the file exist already? if (!is_file($file)) { // Create the upload directory if needed if (!is_dir($dir)) { if (!Filesystem::makeDirectory($dir)) { throw new Exception(Lang::txt('COM_COURSES_ERROR_FAILED_TO_CREATE_DIRECTORY'), 500); } } $certificate->render(User::getRoot(), $file); } // If file exists if (is_file($file)) { $student->token(); // Serve up the file $xserver = new Server(); $xserver->filename($file); $xserver->serve_attachment($file); // Firefox and Chrome fail if served inline exit; } // Output failure message $this->view->display(); }
/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Check logged in status if (User::isGuest()) { $return = base64_encode(Request::getVar('REQUEST_URI', Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=' . $this->_task, false, true), 'server')); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return, false)); return; } // Get the ID of the file requested $id = Request::getInt('id', 0); // Instantiate an attachment object $attach = new Tables\Attachment($this->database); $attach->load($id); if (!$attach->filename) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } $file = $attach->filename; // Get the parent ticket the file is attached to $row = new Tables\Ticket($this->database); $row->load($attach->ticket); if (!$row->report) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_TICKET_NOT_FOUND'), 404); } // Load ACL if ($row->login == User::get('username') || $row->owner == User::get('id')) { if (!$this->acl->check('read', 'tickets')) { $this->acl->setAccess('read', 'tickets', 1); } } if ($this->acl->authorize($row->group)) { $this->acl->setAccess('read', 'tickets', 1); } // Ensure the user is authorized to view this file if (!$this->acl->check('read', 'tickets')) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_NOT_AUTH'), 403); } // Ensure we have a path if (empty($file)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } // Get the configured upload path $basePath = DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $attach->ticket; // Does the path start with a slash? $file = DS . ltrim($file, DS); // Does the beginning of the $attachment->path match the config path? if (substr($file, 0, strlen($basePath)) == $basePath) { // Yes - this means the full path got saved at some point } else { // No - append it $file = $basePath . $file; } // Add root path $filename = PATH_APP . $file; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_SUPPORT_ERROR_SERVING_FILE'), 500); } else { exit; } return; }
/** * Download a wiki file * * @return void */ public function downloadTask() { $pagename = urldecode(Request::getVar('pagename', '', 'default', 'none', 2)); $pagename = explode('/', $pagename); $filename = array_pop($pagename); $pagename = implode('/', $pagename); // Get the parent page the file is attached to $this->page = Page::oneByPath($pagename, $this->page->get('scope'), $this->page->get('scope_id')); // Load the page if ($this->page->exists()) { // Check if the page is group restricted and the user is not authorized if ($this->page->get('scope') != 'site' && $this->page->get('access') != 0 && !$this->page->access('view')) { App::abort(403, Lang::txt('COM_WIKI_WARNING_NOT_AUTH')); } } else { if ($this->page->getNamespace() == 'tmp') { $this->page->set('id', $this->page->stripNamespace()); } else { App::abort(404, Lang::txt('COM_WIKI_PAGE_NOT_FOUND')); } } $filename = $this->page->stripNamespace($filename); // Instantiate an attachment object $attachment = $this->page->attachments()->whereEquals('filename', $filename)->row(); // Ensure we have a path if (!$attachment->get('filename')) { App::abort(404, Lang::txt('COM_WIKI_FILE_NOT_FOUND')); } // Add root $filename = $attachment->filespace() . DS . $this->page->get('id') . DS . ltrim($attachment->get('filename'), DS); // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('COM_WIKI_FILE_NOT_FOUND') . ' ' . $attachment->get('filename')); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error App::abort(500, Lang::txt('COM_WIKI_SERVER_ERROR')); } exit; }
/** * Download a wiki file * * @return void */ public function downloadTask() { $this->page->set('pagename', trim(Request::getVar('pagename', '', 'default', 'none', 2))); // Instantiate an attachment object $attachment = new Tables\Attachment($this->database); if ($this->page->get('namespace') == 'image' || $this->page->get('namespace') == 'file') { $attachment->filename = $this->page->denamespaced(); } $attachment->filename = urldecode($attachment->filename); // Get the scope of the parent page the file is attached to if (!$this->scope) { $this->scope = trim(Request::getVar('scope', '')); } $segments = explode('/', $this->scope); $pagename = array_pop($segments); $scope = implode('/', $segments); // Get the parent page the file is attached to $this->page = new Page($pagename, $scope); // Load the page if ($this->page->exists()) { // Check if the page is group restricted and the user is authorized if ($this->page->get('group_cn') != '' && $this->page->get('access') != 0 && !$this->page->access('view')) { throw new Exception(Lang::txt('COM_WIKI_WARNING_NOT_AUTH'), 403); } } else { if ($this->page->get('namespace') == 'tmp') { $this->page->set('id', $this->page->denamespaced()); } else { throw new Exception(Lang::txt('COM_WIKI_PAGE_NOT_FOUND'), 404); } } // Ensure we have a path if (empty($attachment->filename)) { throw new Exception(Lang::txt('COM_WIKI_FILE_NOT_FOUND'), 404); } // Does the path start with a slash? $attachment->filename = DS . ltrim($attachment->filename, DS); // Add root $filename = $attachment->filespace() . DS . $this->page->get('id') . $attachment->filename; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_WIKI_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_WIKI_SERVER_ERROR'), 500); } else { exit; } return; }