/** * send response * @access public * */ public function sendResponse() { $xml =& QFinder_Connector_Core_Factory::getInstance("Core_Xml"); $this->_connectorNode =& $xml->getConnectorNode(); $this->checkConnector(); if ($this->mustCheckRequest()) { $this->checkRequest(); } $resourceTypeName = $this->_currentFolder->getResourceTypeName(); if (!empty($resourceTypeName)) { $this->_connectorNode->addAttribute("resourceType", $this->_currentFolder->getResourceTypeName()); } if ($this->mustAddCurrentFolderNode()) { $_currentFolder = new Qfinder_Connector_Utils_XmlNode("CurrentFolder"); $this->_connectorNode->addChild($_currentFolder); $_currentFolder->addAttribute("path", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($this->_currentFolder->getClientPath())); $this->_errorHandler->setCatchAllErros(true); $_url = $this->_currentFolder->getUrl(); $_currentFolder->addAttribute("url", is_null($_url) ? "" : QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($_url)); $this->_errorHandler->setCatchAllErros(false); $_currentFolder->addAttribute("acl", $this->_currentFolder->getAclMask()); } $this->buildXml(); $_oErrorNode =& $xml->getErrorNode(); $_oErrorNode->addAttribute("number", "0"); echo $this->_connectorNode->asXML(); exit; }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ public function throwError($number, $uploaded = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& QFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); $sFileUrl = $oRegistry->get("FileUpload_url"); $sEncodedFileName = QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sFileName); header('Content-Type: text/html; charset=utf-8'); $errorMessage = QFinder_Connector_Utils_Misc::getErrorMessage($number, $sEncodedFileName); if (!$uploaded) { $sFileName = ""; $sEncodedFileName = ""; } if (!empty($_GET['response_type']) && $_GET['response_type'] == 'txt') { echo $sFileName . "|" . $errorMessage; } else { echo "<script type=\"text/javascript\">"; if (!empty($_GET['QFinderFuncNum'])) { if (!$uploaded) { $sFileUrl = ""; $sFileName = ""; } $funcNum = preg_replace("/[^0-9]/", "", $_GET['QFinderFuncNum']); echo "window.parent.QFinder.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . $sFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "');"; } else { echo "window.parent.OnUploadCompleted('" . str_replace("'", "\\'", $sEncodedFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "') ;"; } echo "</script>"; } if ($exit) { exit; } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_RENAME)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!isset($_GET["newFileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); $newFileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["newFileName"]); $oRenamedFileNode = new Qfinder_Connector_Utils_XmlNode("RenamedFile"); $this->_connectorNode->addChild($oRenamedFileNode); $oRenamedFileNode->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName)); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($newFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!QFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!QFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if ($_config->forceAscii()) { $newFileName = QFinder_Connector_Utils_FileSystem::convertToAscii($newFileName); } $filePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); $newFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName); $bMoved = false; if (!file_exists($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_writable(dirname($newFilePath))) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (!is_writable($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (file_exists($newFilePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $bMoved = @rename($filePath, $newFilePath); if (!$bMoved) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNKNOWN, "File " . QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName) . "has not been renamed"); } else { $oRenamedFileNode->addAttribute("newName", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFileName)); $thumbPath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); QFinder_Connector_Utils_FileSystem::unlink($thumbPath); } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FOLDER_RENAME)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFolderName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->forceAscii()) { $newFolderName = QFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!QFinder_Connector_Utils_FileSystem::checkFolderName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $oldFolderPath = $this->_currentFolder->getServerPath(); $bMoved = false; if (!is_dir($oldFolderPath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } //let's calculate new folder name $newFolderPath = dirname($oldFolderPath) . '/' . $newFolderName . '/'; if (file_exists(rtrim($newFolderPath, '/'))) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $bMoved = @rename($oldFolderPath, $newFolderPath); if (!$bMoved) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/'; if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) { QFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); } } $newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/'; $newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/'); $oRenameNode = new Qfinder_Connector_Utils_XmlNode("RenamedFolder"); $this->_connectorNode->addChild($oRenameNode); $oRenameNode->addAttribute("newName", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName)); $oRenameNode->addAttribute("newPath", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath)); $oRenameNode->addAttribute("newUrl", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl)); }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FOLDER_VIEW)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Map the virtual path to the local server path. $_sServerDir = $this->_currentFolder->getServerPath(); if (!is_dir($_sServerDir)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } // Create the "Folders" node. $oFoldersNode = new Qfinder_Connector_Utils_XmlNode("Folders"); $this->_connectorNode->addChild($oFoldersNode); $files = array(); if ($dh = @opendir($_sServerDir)) { while (($file = readdir($dh)) !== false) { if ($file != "." && $file != ".." && is_dir($_sServerDir . $file)) { $files[] = $file; } } closedir($dh); } else { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($files) > 0) { natcasesort($files); $i = 0; foreach ($files as $file) { $oAcl = $_config->getAccessControlConfig(); $folderPath = $this->_currentFolder->getClientPath() . $file . "/"; $aclMask = $oAcl->getComputedMask($this->_currentFolder->getResourceTypeName(), $folderPath); if (($aclMask & QFINDER_CONNECTOR_ACL_FOLDER_VIEW) != QFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if ($resourceTypeInfo->checkIsHiddenFolder($file)) { continue; } // Create the "Folder" node. $oFolderNode[$i] = new Qfinder_Connector_Utils_XmlNode("Folder"); $oFoldersNode->addChild($oFolderNode[$i]); $oFolderNode[$i]->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($file)); $oFolderNode[$i]->addAttribute("hasChildren", QFinder_Connector_Utils_FileSystem::hasChildren($folderPath, $resourceTypeInfo) ? "true" : "false"); $oFolderNode[$i]->addAttribute("acl", $aclMask); $i++; } } }
/** * handle request and build XML * @access protected */ function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $this->checkConnector(); $this->checkRequest(); // Saving empty file is equal to deleting a file, that's why FILE_DELETE permissions are required if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_POST["fileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!isset($_POST["content"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["fileName"]); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!QFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_writable(dirname($filePath))) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $fp = @fopen($filePath, 'wb'); if ($fp === false || !flock($fp, LOCK_EX)) { $result = false; } else { $result = fwrite($fp, $_POST["content"]); flock($fp, LOCK_UN); fclose($fp); } if ($result === false) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } }
/** * send response (file) * @access public * */ public function sendResponse() { if (!function_exists('ob_list_handlers') || ob_list_handlers()) { @ob_end_clean(); } header("Content-Encoding: none"); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]); $_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!QFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$_resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $fileName = QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName); header("Cache-Control: cache, must-revalidate"); header("Pragma: public"); header("Expires: 0"); if (!empty($_GET['format']) && $_GET['format'] == 'text') { header("Content-Type: text/plain; charset=utf-8"); } else { $user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; $encodedName = str_replace("\"", "\\\"", $fileName); if (strpos($user_agent, "MSIE") !== false) { $encodedName = str_replace(array("+", "%2E"), array(" ", "."), urlencode($encodedName)); } header("Content-type: application/octet-stream; name=\"" . $fileName . "\""); header("Content-Disposition: attachment; filename=\"" . $encodedName . "\""); } header("Content-Length: " . filesize($filePath)); QFinder_Connector_Utils_FileSystem::sendFile($filePath); exit; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if ($_config->forceAscii()) { $sNewFolderName = QFinder_Connector_Utils_FileSystem::convertToAscii($sNewFolderName); } if (!QFinder_Connector_Utils_FileSystem::checkFolderName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $sServerDir = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName); if (!is_writeable($this->_currentFolder->getServerPath())) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $bCreated = false; if (file_exists($sServerDir)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if ($perms = $_config->getChmodFolders()) { $oldUmask = umask(0); $bCreated = @mkdir($sServerDir, $perms); umask($oldUmask); } else { $bCreated = @mkdir($sServerDir); } if (!$bCreated) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $oNewFolderNode = new Qfinder_Connector_Utils_XmlNode("NewFolder"); $this->_connectorNode->addChild($oNewFolderNode); $oNewFolderNode->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName)); } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FOLDER_DELETE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $folderServerPath = $this->_currentFolder->getServerPath(); if (!file_exists($folderServerPath) || !is_dir($folderServerPath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } if (!QFinder_Connector_Utils_FileSystem::unlink($folderServerPath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } QFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ public function throwError($number, $uploaded = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& QFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); $sFileUrl = $oRegistry->get("FileUpload_url"); $sEncodedFileName = QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sFileName); header('Content-Type: text/html; charset=utf-8'); /** * echo <script> is not called before QFinder_Connector_Utils_Misc::getErrorMessage * because PHP has problems with including files that contain BOM character. * Having BOM character after <script> tag causes a javascript error. */ echo "<script type=\"text/javascript\">"; if (!empty($_GET['CKEditor'])) { $errorMessage = QFinder_Connector_Utils_Misc::getErrorMessage($number, $sEncodedFileName); if (!$uploaded) { $sFileUrl = ""; $sFileName = ""; $sEncodedFileName = ""; } $funcNum = preg_replace("/[^0-9]/", "", $_GET['CKEditorFuncNum']); echo "window.parent.CKEDITOR.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . QFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName)) . "', '" . str_replace("'", "\\'", $errorMessage) . "');"; } else { if (!$uploaded) { echo "window.parent.OnUploadCompleted(" . $number . ", '', '', '') ;"; } else { echo "window.parent.OnUploadCompleted(" . $number . ", '" . str_replace("'", "\\'", $sFileUrl . QFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName)) . "', '" . str_replace("'", "\\'", $sEncodedFileName) . "', '') ;"; } } echo "</script>"; if ($exit) { exit; } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Map the virtual path to the local server path. $_sServerDir = $this->_currentFolder->getServerPath(); // Create the "Files" node. $oFilesNode = new Qfinder_Connector_Utils_XmlNode("Files"); $this->_connectorNode->addChild($oFilesNode); if (!is_dir($_sServerDir)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } $files = array(); $thumbFiles = array(); if ($dh = @opendir($_sServerDir)) { while (($file = readdir($dh)) !== false) { if ($file != "." && $file != ".." && !is_dir($_sServerDir . $file)) { $files[] = $file; } } closedir($dh); } else { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($files) > 0) { $_thumbnailsConfig = $_config->getThumbnailsConfig(); $_thumbServerPath = ''; $_showThumbs = !empty($_GET['showThumbs']) && $_GET['showThumbs'] == 1; if ($_thumbnailsConfig->getIsEnabled() && ($_thumbnailsConfig->getDirectAccess() || $_showThumbs)) { $_thumbServerPath = $this->_currentFolder->getThumbsServerPath(); } natcasesort($files); $i = 0; foreach ($files as $file) { $filemtime = @filemtime($_sServerDir . $file); //otherwise file doesn't exist or we can't get it's filename properly if ($filemtime !== false) { $filename = QFinder_Connector_Utils_Misc::mbBasename($file); if (!$resourceTypeInfo->checkExtension($filename, false)) { continue; } if ($resourceTypeInfo->checkIsHiddenFile($filename)) { continue; } $oFileNode[$i] = new Qfinder_Connector_Utils_XmlNode("File"); $oFilesNode->addChild($oFileNode[$i]); $oFileNode[$i]->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding(QFinder_Connector_Utils_Misc::mbBasename($file))); $oFileNode[$i]->addAttribute("date", @date("YmdHi", $filemtime)); if (!empty($_thumbServerPath) && preg_match(QFINDER_REGEX_IMAGES_EXT, $filename)) { if (file_exists($_thumbServerPath . $filename)) { $oFileNode[$i]->addAttribute("thumb", $filename); } elseif ($_showThumbs) { $oFileNode[$i]->addAttribute("thumb", "?" . $filename); } } $size = filesize($_sServerDir . $file); if ($size && $size < 1024) { $size = 1; } else { $size = (int) round($size / 1024); } $oFileNode[$i]->addAttribute("size", $size); $i++; } } } }
/** * handle request and build XML * @access protected * */ function buildXml() { $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); if (!QFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } list($width, $height) = getimagesize($filePath); $oNode = new Qfinder_Connector_Utils_XmlNode("ImageInfo"); $oNode->addAttribute("width", $width); $oNode->addAttribute("height", $height); $this->_connectorNode->addChild($oNode); }
/** * Get server path to thumbnails directory * * @access public * @return string */ public function getThumbsServerPath() { if (is_null($this->_thumbsServerPath)) { $this->_resourceTypeConfig = $this->getResourceTypeConfig(); $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $_thumbnailsConfig = $_config->getThumbnailsConfig(); // Get the resource type directory. $this->_thumbsServerPath = QFinder_Connector_Utils_FileSystem::combinePaths($_thumbnailsConfig->getDirectory(), $this->_resourceTypeConfig->getName()); // Return the resource type directory combined with the required path. $this->_thumbsServerPath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_thumbsServerPath, ltrim($this->_clientPath, '/')); if (!is_dir($this->_thumbsServerPath)) { if (!QFinder_Connector_Utils_FileSystem::createDirectoryRecursively($this->_thumbsServerPath)) { /** * @todo Qfinder_Connector_Utils_Xml::raiseError(); perhaps we should return error * */ } } } return $this->_thumbsServerPath; }
/** * Get the dditional Nginx X-Sendfile configuration (location => root) */ public function getXSendfileNginx() { $xsendfileNginx = array(); foreach ($this->_xsendfileNginx as $location => $root) { $root = (string) $root; $location = rtrim((string) $location, '/') . '/'; if (substr($root, -1, 1) != '/' && substr($root, -1, 1) != '\\') { // root and location paths are concatenated // @see http://wiki.nginx.org/XSendfile $root = QFinder_Connector_Utils_FileSystem::combinePaths(rtrim($root, '/'), $location); } $xsendfileNginx[$location] = $root; } return $xsendfileNginx; }
/** * Check request * @access protected * */ protected function checkRequest() { if (preg_match(QFINDER_REGEX_INVALID_PATH, $this->_currentFolder->getClientPath())) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (is_null($_resourceTypeConfig)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_TYPE); } $_clientPath = $this->_currentFolder->getClientPath(); $_clientPathParts = explode("/", trim($_clientPath, "/")); if ($_clientPathParts) { foreach ($_clientPathParts as $_part) { if ($_resourceTypeConfig->checkIsHiddenFolder($_part)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } } if (!is_dir($this->_currentFolder->getServerPath())) { if ($_clientPath == "/") { if (!QFinder_Connector_Utils_FileSystem::createDirectoryRecursively($this->_currentFolder->getServerPath())) { /** * @todo handle error */ } } else { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } } }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = QFINDER_CONNECTOR_ERROR_NONE; $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& QFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(QFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = QFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName); if ($sFileName != $sUnsafeFileName) { $iErrorNumber = QFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!QFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = QFinder_Connector_Utils_FileSystem::getExtension($sFileName); if ($htmlExtensions && !QFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = QFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = QFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); while (true) { $sFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $sFileName = QFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = QFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = QFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && QFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && QFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } } if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { $oldumask = umask(0); chmod($sFilePath, $perms); umask($oldumask); } break; } } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once QFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); if ($_imagesConfig->getMaxWidth() > 0 && $_imagesConfig->getMaxHeight() > 0 && $_imagesConfig->getQuality() > 0) { QFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } QFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }
/** * Send files using X-Sendfile server module * * @param string $filePath */ public static function sendWithXSendfile($filePath) { if (stripos($_SERVER['SERVER_SOFTWARE'], 'nginx') !== FALSE) { $fallback = true; $config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $XSendfileNginx = $config->getXSendfileNginx(); foreach ($XSendfileNginx as $location => $root) { if (false !== stripos($filePath, $root)) { $fallback = false; $filePath = str_ireplace($root, $location, $filePath); header("X-Accel-Redirect: " . $filePath); // Nginx break; } } // fallback to standar method if ($fallback) { QFinder_Connector_Utils_FileSystem::readfileChunked($filePath); } } elseif (stripos($_SERVER['SERVER_SOFTWARE'], 'lighttpd/1.4') !== FALSE) { header("X-LIGHTTPD-send-file: " . $filePath); // Lighttpd v1.4 } else { header("X-Sendfile: " . $filePath); // Apache, Lighttpd v1.5, Cherokee } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); // Create the "ConnectorInfo" node. $_oConnInfo = new Qfinder_Connector_Utils_XmlNode("ConnectorInfo"); $this->_connectorNode->addChild($_oConnInfo); $_oConnInfo->addAttribute("enabled", $_config->getIsEnabled() ? "true" : "false"); if (!$_config->getIsEnabled()) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_CONNECTOR_DISABLED); } $_ln = ''; $_lc = $_config->getLicenseKey() . ' '; $pos = strpos(QFINDER_CHARS, $_lc[0]) % 5; if ($pos == 1 || $pos == 4) { $_ln = $_config->getLicenseName(); } $_oConnInfo->addAttribute("s", $_ln); $_oConnInfo->addAttribute("c", trim($_lc[11] . $_lc[0] . $_lc[8] . $_lc[12] . $_lc[26] . $_lc[2] . $_lc[3] . $_lc[25] . $_lc[1])); $_thumbnailsConfig = $_config->getThumbnailsConfig(); $_thumbnailsEnabled = $_thumbnailsConfig->getIsEnabled(); $_oConnInfo->addAttribute("thumbsEnabled", $_thumbnailsEnabled ? "true" : "false"); if ($_thumbnailsEnabled) { $_oConnInfo->addAttribute("thumbsUrl", $_thumbnailsConfig->getUrl()); $_oConnInfo->addAttribute("thumbsDirectAccess", $_thumbnailsConfig->getDirectAccess() ? "true" : "false"); $_oConnInfo->addAttribute("thumbsWidth", $_thumbnailsConfig->getMaxWidth()); $_oConnInfo->addAttribute("thumbsHeight", $_thumbnailsConfig->getMaxHeight()); } $_imagesConfig = $_config->getImagesConfig(); $_oConnInfo->addAttribute("imgWidth", $_imagesConfig->getMaxWidth()); $_oConnInfo->addAttribute("imgHeight", $_imagesConfig->getMaxHeight()); // Create the "ResourceTypes" node. $_oResourceTypes = new Qfinder_Connector_Utils_XmlNode("ResourceTypes"); $this->_connectorNode->addChild($_oResourceTypes); // Create the "PluginsInfo" node. $_oPluginsInfo = new Qfinder_Connector_Utils_XmlNode("PluginsInfo"); $this->_connectorNode->addChild($_oPluginsInfo); // Load the resource types in an array. $_aTypes = $_config->getDefaultResourceTypes(); if (!sizeof($_aTypes)) { $_aTypes = $_config->getResourceTypeNames(); } $_aTypesSize = sizeof($_aTypes); if ($_aTypesSize) { $phpMaxSize = 0; $max_upload = QFinder_Connector_Utils_Misc::returnBytes(ini_get('upload_max_filesize')); if ($max_upload) { $phpMaxSize = $max_upload; } $max_post = QFinder_Connector_Utils_Misc::returnBytes(ini_get('post_max_size')); if ($max_post) { $phpMaxSize = $phpMaxSize ? min($phpMaxSize, $max_post) : $max_post; } //ini_get('memory_limit') only works if compiled with "--enable-memory-limit" $memory_limit = QFinder_Connector_Utils_Misc::returnBytes(@ini_get('memory_limit')); if ($memory_limit && $memory_limit != -1) { $phpMaxSize = $phpMaxSize ? min($phpMaxSize, $memory_limit) : $memory_limit; } $_oConnInfo->addAttribute("uploadMaxSize", $phpMaxSize); $_oConnInfo->addAttribute("uploadCheckImages", $_config->checkSizeAfterScaling() ? "false" : "true"); for ($i = 0; $i < $_aTypesSize; $i++) { $_resourceTypeName = $_aTypes[$i]; $_acl = $_config->getAccessControlConfig(); $_aclMask = $_acl->getComputedMask($_resourceTypeName, "/"); if (($_aclMask & QFINDER_CONNECTOR_ACL_FOLDER_VIEW) != QFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if (!isset($_GET['type']) || $_GET['type'] === $_resourceTypeName) { //print $_resourceTypeName; $_oTypeInfo = $_config->getResourceTypeConfig($_resourceTypeName); //print_r($_oTypeInfo); $_oResourceType[$i] = new Qfinder_Connector_Utils_XmlNode("ResourceType"); $_oResourceTypes->addChild($_oResourceType[$i]); $_oResourceType[$i]->addAttribute("name", $_resourceTypeName); $_oResourceType[$i]->addAttribute("url", $_oTypeInfo->getUrl()); $_oResourceType[$i]->addAttribute("allowedExtensions", implode(",", $_oTypeInfo->getAllowedExtensions())); $_oResourceType[$i]->addAttribute("deniedExtensions", implode(",", $_oTypeInfo->getDeniedExtensions())); $_oResourceType[$i]->addAttribute("hash", $_oTypeInfo->getHash()); $_oResourceType[$i]->addAttribute("hasChildren", QFinder_Connector_Utils_FileSystem::hasChildren('/', $_oTypeInfo) ? "true" : "false"); $_oResourceType[$i]->addAttribute("acl", $_aclMask); $maxSize = $_oTypeInfo->getMaxSize(); if ($phpMaxSize) { $maxSize = $maxSize ? min($maxSize, $phpMaxSize) : $phpMaxSize; } $_oResourceType[$i]->addAttribute("maxSize", $maxSize); } } } $config = $GLOBALS['config']; if (!empty($config['Plugins']) && is_array($config['Plugins'])) { $_oConnInfo->addAttribute("plugins", implode(",", $config['Plugins'])); } QFinder_Connector_Core_Hooks::run('InitCommand', array(&$this->_connectorNode)); }
/** * handle request and send response * @access public * */ public function sendResponse() { // Get rid of BOM markers if (ob_get_level()) { while (@ob_end_clean() && ob_get_level()) { } } header("Content-Encoding: none"); $this->checkConnector(); $this->checkRequest(); $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $_thumbnails = $_config->getThumbnailsConfig(); if (!$_thumbnails->getIsEnabled()) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_THUMBNAILS_DISABLED); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["FileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]); $_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!QFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $sourceFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($sourceFilePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $thumbFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); // If the thumbnail file doesn't exists, create it now. if (!file_exists($thumbFilePath)) { if (!$this->createThumb($sourceFilePath, $thumbFilePath, $_thumbnails->getMaxWidth(), $_thumbnails->getMaxHeight(), $_thumbnails->getQuality(), true, $_thumbnails->getBmpSupported())) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } } $size = filesize($thumbFilePath); $sourceImageAttr = getimagesize($thumbFilePath); $mime = $sourceImageAttr["mime"]; $rtime = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? @strtotime($_SERVER["HTTP_IF_MODIFIED_SINCE"]) : 0; $mtime = filemtime($thumbFilePath); $etag = dechex($mtime) . "-" . dechex($size); $is304 = false; if (isset($_SERVER["HTTP_IF_NONE_MATCH"]) && $_SERVER["HTTP_IF_NONE_MATCH"] === $etag) { $is304 = true; } else { if ($rtime == $mtime) { $is304 = true; } } if ($is304) { header("HTTP/1.0 304 Not Modified"); exit; } //header("Cache-Control: cache, must-revalidate"); //header("Pragma: public"); //header("Expires: 0"); header('Cache-control: public'); header('Etag: ' . $etag); header("Content-type: " . $mime . "; name=\"" . QFinder_Connector_Utils_Misc::mbBasename($thumbFilePath) . "\""); header("Last-Modified: " . gmdate('D, d M Y H:i:s', $mtime) . " GMT"); //header("Content-type: application/octet-stream; name=\"{$file}\""); //header("Content-Disposition: attachment; filename=\"{$file}\""); header("Content-Length: " . $size); readfile($thumbFilePath); exit; }
private function appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path) { $oErrorNode = new QFinder_Connector_Utils_XmlNode("Error"); $oErrorNode->addAttribute("code", $errorCode); $oErrorNode->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($name)); $oErrorNode->addAttribute("type", $type); $oErrorNode->addAttribute("folder", $path); $oErrorsNode->addChild($oErrorNode); }
/** * Sends generated zip file to the user */ protected function sendZipFile() { if (!function_exists('ob_list_handlers') || ob_list_handlers()) { @ob_end_clean(); } header("Content-Encoding: none"); $this->checkConnector(); $this->checkRequest(); // empty wystarczy if (empty($_GET['FileName'])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); $hash = $resourceTypeInfo->getHash(); if ($hash !== $_GET['hash'] || $hash !== substr($_GET['FileName'], 16, 16)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(trim($_GET['FileName'])); if (!QFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (strtolower(pathinfo($fileName, PATHINFO_EXTENSION)) !== 'zip') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $dest_dir = QFinder_Connector_Utils_FileSystem::getTmpDir(); $filePath = QFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_readable($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $zipFileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(trim($_GET['ZipName'])); if (!QFinder_Connector_Utils_FileSystem::checkFileName($zipFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $fileFilename = pathinfo($zipFileName, PATHINFO_BASENAME); header("Content-Encoding: none"); header("Cache-Control: cache, must-revalidate"); header("Pragma: public"); header("Expires: 0"); $user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; $encodedName = str_replace("\"", "\\\"", $fileFilename); if (strpos($user_agent, "MSIE") !== false) { $encodedName = str_replace(array("+", "%2E"), array(" ", "."), urlencode($encodedName)); } header("Content-type: application/octet-stream; name=\"" . $fileFilename . "\""); header("Content-Disposition: attachment; filename=\"" . $encodedName . "\""); header("Content-Length: " . filesize($filePath)); QFinder_Connector_Utils_FileSystem::sendFile($filePath); exit; }