/** * Download a file * * @return void */ public function downloadTask() { $file = Request::getVar('file', ''); $item = Request::getInt('post', 0); $post = Post::getInstance($item); // Instantiate an attachment object $asset = Asset::getInstance($file, $post->get('item_id')); // Ensure record exist if (!$asset->get('id') || $post->item()->get('state') == 2) { throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND'), 404); } // Check authorization if ($post->item()->get('access') == 4 && User::isGuest()) { throw new Exception(Lang::txt('COM_COLLECTIONS_ERROR_ACCESS_DENIED_TO_FILE'), 403); } // Ensure we have a path if (!$asset->get('filename')) { throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND'), 404); } // Get the configured upload path $filename = $asset->filespace() . DS . $asset->get('item_id') . DS . ltrim($asset->get('filename'), DS); // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_COLLECTIONS_FILE_NOT_FOUND') . ' ' . $filename, 404); } $ext = strtolower(Filesystem::extension($filename)); // Initiate a new content server and serve up the file $server = new Server(); $server->filename($filename); $server->disposition('attachment'); if (in_array($ext, array('jpg', 'jpeg', 'jpe', 'png', 'gif'))) { $server->disposition('inline'); } $server->acceptranges(false); // @TODO fix byte range support if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_COLLECTIONS_SERVER_ERROR'), 500); } else { exit; } }
/** * Handle request in stack * * @param object $request Request * @return mixed */ public function handle(Request $request) { $response = $this->next($request); $filename = $this->app['moderator']->getPath(); // Ensure the file exist if (!file_exists($filename)) { // Return message header('HTTP/1.1 404 Not found'); exit; } // Initiate a new content server $server = new Server(); $server->disposition('inline'); $server->acceptranges(true); $server->allowXsendFile(); $server->filename($filename); // Serve up the file $result = $server->serve(); return $response; }
/** * Download a file * * @return void */ public function downloadTask() { $archive = new Archive('site', 0); $entry = Entry::oneByScope(Request::getVar('alias', ''), 'site', 0); if (!$entry->get('id') || !$entry->access('view')) { throw new Exception(Lang::txt('Access denied.'), 403); } if (!($file = Request::getVar('file', ''))) { $filename = array_pop(explode('/', $_SERVER['REQUEST_URI'])); // Get the file name if (substr(strtolower($filename), 0, strlen('image:')) == 'image:') { $file = substr($filename, strlen('image:')); } elseif (substr(strtolower($filename), 0, strlen('file:')) == 'file:') { $file = substr($filename, strlen('file:')); } } // Decode file name $file = urldecode($file); // Build file path $file_path = $archive->filespace() . DS . $file; // Ensure the file exist if (!file_exists($file_path)) { throw new InvalidArgumentException(Lang::txt('The requested file could not be found: %s', $file), 404); } // Serve up the image $server = new Server(); $server->filename($file_path); $server->disposition('inline'); $server->acceptranges(false); // @TODO fix byte range support // Serve up file if (!$server->serve()) { // Should only get here on error throw new RuntimeException(Lang::txt('An error occurred while trying to output the file'), 500); } else { exit; } }
/** * Serve up an offering logo * * @return void */ public function logoTask() { if (!($logo = $this->course->offering()->section()->logo())) { $logo = $this->course->offering()->logo(); } $file = PATH_APP . $logo; // Initiate a new content server and serve up the file $server = new Server(); $server->filename($file); $server->disposition('inline'); $server->acceptranges(false); if (!$server->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_COURSES_SERVER_ERROR'), 404); } else { exit; } }
/** * Download a wiki file * * @return void */ public function downloadTask() { // Get some needed libraries if (!$this->course->access('view')) { return App::abort(404, Lang::txt('COM_COURSES_NO_COURSE_FOUND')); } // Get the scope of the parent page the file is attached to $filename = Request::getVar('file', ''); if (substr(strtolower($filename), 0, strlen('image:')) == 'image:') { $filename = substr($filename, strlen('image:')); } else { if (substr(strtolower($filename), 0, strlen('file:')) == 'file:') { $filename = substr($filename, strlen('file:')); } } $filename = urldecode($filename); $filename = \Filesystem::clean($filename); $filename = str_replace(' ', '_', $filename); // Get the configured upload path $base_path = DS . trim($this->config->get('filepath', '/site/courses'), DS) . DS . $this->course->get('id') . DS . 'pagefiles'; // Does the path start with a slash? $filename = DS . ltrim($filename, DS); // Does the beginning of the $attachment->path match the config path? if (substr($filename, 0, strlen($base_path)) == $base_path) { // Yes - this means the full path got saved at some point } else { // No - append it $filename = $base_path . $filename; } // Add PATH_CORE $filepath = PATH_APP . $filename; // Ensure the file exist if (!file_exists($filepath)) { return App::abort(404, Lang::txt('COM_COURSES_FILE_NOT_FOUND') . ' ' . $filename); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filepath); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_COURSES_SERVER_ERROR'), 500); } else { exit; } return; }
/** * Download an attachment * * @return void */ public function downloadTask() { $file = Request::getVar('file', ''); $wishid = Request::getInt('wishid', 0); $wish = new Wish($wishid); // Ensure we have a path if (!$wish->exists() || $wish->isDeleted() || $wish->isWithdrawn()) { throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND'), 404); } $attachment = new Attachment($file, $wishid); // Ensure we have a path if (!$attachment->exists()) { throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND'), 404); } //make sure that file is acceptable type if (!$attachment->isAllowedType()) { throw new Exception(Lang::txt('Unknown file type.'), 404); } // Add PATH_CORE $filename = $attachment->link('file'); // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_WISHLIST_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('attachment'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_WISHLIST_SERVER_ERROR'), 500); } else { exit; } return; }
/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Get the ID of the file requested $id = Request::getInt('id', 0); // Instantiate an attachment object $attach = new Tables\Attachment($this->database); $attach->load($id); if (!$attach->filename) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); return; } $file = $attach->filename; // Ensure we have a path if (empty($file)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } // Get the configured upload path $basePath = DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $attach->ticket; $file = DS . ltrim($file, DS); // Does the beginning of the $attachment->path match the config path? if (substr($file, 0, strlen($basePath)) == $basePath) { // Yes - this means the full path got saved at some point } else { // No - append it $file = $basePath . $file; } // Add root path $filename = PATH_APP . $file; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_SUPPORT_SERVER_ERROR'), 404); } else { exit; } return; }
/** * Gets form images * * @apiMethod GET * @apiUri /courses/form/image * @apiParameter { * "name": "id", * "description": "Form ID", * "type": "integer", * "required": true, * "default": null * } * @apiParameter { * "name": "form_version", * "description": "Form version number", * "type": "integer", * "required": false, * "default": null * } * @apiParameter { * "name": "file", * "description": "Image filename", * "type": "string", * "required": true, * "default": null * } * @apiParameter { * "name": "token", * "description": "Session authentication token", * "type": "string", * "required": true, * "default": null * } * @return void */ public function imageTask() { $id = Request::getInt('id', 0); $version = Request::getInt('form_version', 0); $filename = Request::getVar('file', ''); $filename = urldecode($filename); $filename = PATH_APP . DS . 'site' . DS . 'courses' . DS . 'forms' . DS . $id . DS . ($version ? $version . DS : '') . ltrim($filename, DS); // Ensure the file exist if (!file_exists($filename)) { // Return message App::abort(404, 'Image not found'); } // Add silly simple security check $token = Request::getString('token', false); $session_id = App::get('session')->getId(); $secret = Config::get('secret'); $hash = hash('sha256', $session_id . ':' . $secret); if ($token !== $hash) { App::abort(401, 'You don\'t have permission to do this'); } // Initiate a new content server and serve up the file header("HTTP/1.1 200 OK"); $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); if (!$xserver->serve()) { // Return message App::abort(500, 'Failed to serve the image'); } }
/** * Serves up files only after passing access checks * * @return void */ public function downloadTask() { // Check logged in status if (User::isGuest()) { $return = base64_encode(Request::getVar('REQUEST_URI', Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=' . $this->_task, false, true), 'server')); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return, false)); return; } // Get the ID of the file requested $id = Request::getInt('id', 0); // Instantiate an attachment object $attach = new Tables\Attachment($this->database); $attach->load($id); if (!$attach->filename) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } $file = $attach->filename; // Get the parent ticket the file is attached to $row = new Tables\Ticket($this->database); $row->load($attach->ticket); if (!$row->report) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_TICKET_NOT_FOUND'), 404); } // Load ACL if ($row->login == User::get('username') || $row->owner == User::get('id')) { if (!$this->acl->check('read', 'tickets')) { $this->acl->setAccess('read', 'tickets', 1); } } if ($this->acl->authorize($row->group)) { $this->acl->setAccess('read', 'tickets', 1); } // Ensure the user is authorized to view this file if (!$this->acl->check('read', 'tickets')) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_NOT_AUTH'), 403); } // Ensure we have a path if (empty($file)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND'), 404); } // Get the configured upload path $basePath = DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $attach->ticket; // Does the path start with a slash? $file = DS . ltrim($file, DS); // Does the beginning of the $attachment->path match the config path? if (substr($file, 0, strlen($basePath)) == $basePath) { // Yes - this means the full path got saved at some point } else { // No - append it $file = $basePath . $file; } // Add root path $filename = PATH_APP . $file; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_SUPPORT_ERROR_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_SUPPORT_ERROR_SERVING_FILE'), 500); } else { exit; } return; }
/** * Download a wiki file * * @return void */ public function downloadTask() { $pagename = urldecode(Request::getVar('pagename', '', 'default', 'none', 2)); $pagename = explode('/', $pagename); $filename = array_pop($pagename); $pagename = implode('/', $pagename); // Get the parent page the file is attached to $this->page = Page::oneByPath($pagename, $this->page->get('scope'), $this->page->get('scope_id')); // Load the page if ($this->page->exists()) { // Check if the page is group restricted and the user is not authorized if ($this->page->get('scope') != 'site' && $this->page->get('access') != 0 && !$this->page->access('view')) { App::abort(403, Lang::txt('COM_WIKI_WARNING_NOT_AUTH')); } } else { if ($this->page->getNamespace() == 'tmp') { $this->page->set('id', $this->page->stripNamespace()); } else { App::abort(404, Lang::txt('COM_WIKI_PAGE_NOT_FOUND')); } } $filename = $this->page->stripNamespace($filename); // Instantiate an attachment object $attachment = $this->page->attachments()->whereEquals('filename', $filename)->row(); // Ensure we have a path if (!$attachment->get('filename')) { App::abort(404, Lang::txt('COM_WIKI_FILE_NOT_FOUND')); } // Add root $filename = $attachment->filespace() . DS . $this->page->get('id') . DS . ltrim($attachment->get('filename'), DS); // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('COM_WIKI_FILE_NOT_FOUND') . ' ' . $attachment->get('filename')); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error App::abort(500, Lang::txt('COM_WIKI_SERVER_ERROR')); } exit; }
/** * Download a wiki file * * @return void */ public function downloadTask() { $this->page->set('pagename', trim(Request::getVar('pagename', '', 'default', 'none', 2))); // Instantiate an attachment object $attachment = new Tables\Attachment($this->database); if ($this->page->get('namespace') == 'image' || $this->page->get('namespace') == 'file') { $attachment->filename = $this->page->denamespaced(); } $attachment->filename = urldecode($attachment->filename); // Get the scope of the parent page the file is attached to if (!$this->scope) { $this->scope = trim(Request::getVar('scope', '')); } $segments = explode('/', $this->scope); $pagename = array_pop($segments); $scope = implode('/', $segments); // Get the parent page the file is attached to $this->page = new Page($pagename, $scope); // Load the page if ($this->page->exists()) { // Check if the page is group restricted and the user is authorized if ($this->page->get('group_cn') != '' && $this->page->get('access') != 0 && !$this->page->access('view')) { throw new Exception(Lang::txt('COM_WIKI_WARNING_NOT_AUTH'), 403); } } else { if ($this->page->get('namespace') == 'tmp') { $this->page->set('id', $this->page->denamespaced()); } else { throw new Exception(Lang::txt('COM_WIKI_PAGE_NOT_FOUND'), 404); } } // Ensure we have a path if (empty($attachment->filename)) { throw new Exception(Lang::txt('COM_WIKI_FILE_NOT_FOUND'), 404); } // Does the path start with a slash? $attachment->filename = DS . ltrim($attachment->filename, DS); // Add root $filename = $attachment->filespace() . DS . $this->page->get('id') . $attachment->filename; // Ensure the file exist if (!file_exists($filename)) { throw new Exception(Lang::txt('COM_WIKI_FILE_NOT_FOUND') . ' ' . $filename, 404); } // Initiate a new content server and serve up the file $xserver = new Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_WIKI_SERVER_ERROR'), 500); } else { exit; } return; }