public function processRequest()
{
// Build the view selection form.
$select_map = array('highlighted' => 'View as Highlighted Text', 'blame' => 'View as Highlighted Text with Blame', 'plain' => 'View as Plain Text', 'plainblame' => 'View as Plain Text with Blame', 'raw' => 'View as raw document');
$request = $this->getRequest();
$drequest = $this->getDiffusionRequest();
$path = $drequest->getPath();
$selected = $request->getStr('view');
$needs_blame = $selected == 'blame' || $selected == 'plainblame';
$file_query = DiffusionFileContentQuery::newFromDiffusionRequest($this->diffusionRequest);
$file_query->setNeedsBlame($needs_blame);
$file_query->loadFileContent();
$data = $file_query->getRawData();
if ($selected === 'raw') {
$response = new AphrontFileResponse();
$response->setContent($data);
$mime_type = $this->getDocumentType($path);
if ($mime_type) {
$response->setMimeType($mime_type);
} else {
$as_filename = idx(pathinfo($path), 'basename');
$response->setDownload($as_filename);
}
return $response;
}
$select = '<select name="view">';
foreach ($select_map as $k => $v) {
$option = phutil_render_tag('option', array('value' => $k, 'selected' => $k == $selected ? 'selected' : null), phutil_escape_html($v));
$select .= $option;
}
$select .= '</select>';
require_celerity_resource('diffusion-source-css');
$view_select_panel = new AphrontPanelView();
$view_select_form = phutil_render_tag('form', array('action' => $request->getRequestURI(), 'method' => 'get', 'class' => 'diffusion-browse-type-form'), $select . '<button>View</button>');
$view_select_panel->appendChild($view_select_form);
$view_select_panel->appendChild('<div style="clear: both;"></div>');
// Build the content of the file.
$corpus = $this->buildCorpus($selected, $file_query, $needs_blame, $drequest, $path, $data);
// Render the page.
$content = array();
$content[] = $this->buildCrumbs(array('branch' => true, 'path' => true, 'view' => 'browse'));
$content[] = $view_select_panel;
$content[] = $corpus;
$content[] = $this->buildOpenRevisions();
$nav = $this->buildSideNav('browse', true);
$nav->appendChild($content);
$basename = basename($this->getDiffusionRequest()->getPath());
return $this->buildStandardPageResponse($nav, array('title' => $basename));
}
public function processRequest()
{
$request = $this->getRequest();
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
$uri = new PhutilURI($alt);
$alt_domain = $uri->getDomain();
if ($alt_domain && $alt_domain != $request->getHost()) {
return id(new AphrontRedirectResponse())->setURI($uri->setPath($request->getPath()));
}
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $this->phid);
if (!$file) {
return new Aphront404Response();
}
if (!$file->validateSecretKey($this->key)) {
return new Aphront403Response();
}
$data = $file->loadFileData();
$response = new AphrontFileResponse();
$response->setContent($data);
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
$is_view = $file->isViewableInBrowser();
if ($is_view) {
$response->setMimeType($file->getViewableMimeType());
} else {
if (!$request->isHTTPPost()) {
// NOTE: Require POST to download files. We'd rather go full-bore and
// do a real CSRF check, but can't currently authenticate users on the
// file domain. This should blunt any attacks based on iframes, script
// tags, applet tags, etc., at least. Send the user to the "info" page
// if they're using some other method.
return id(new AphrontRedirectResponse())->setURI(PhabricatorEnv::getProductionURI($file->getBestURI()));
}
$response->setMimeType($file->getMimeType());
$response->setDownload($file->getName());
}
return $response;
}
public function processRequest()
{
$request = $this->getRequest();
$user = $request->getUser();
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $this->phid);
if (!$file) {
return new Aphront404Response();
}
switch ($this->view) {
case 'download':
case 'view':
$data = $file->loadFileData();
$response = new AphrontFileResponse();
$response->setContent($data);
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
if ($this->view == 'view') {
if (!$file->isViewableInBrowser()) {
return new Aphront400Response();
}
$download = false;
} else {
$download = true;
}
if ($download) {
if (!$request->isFormPost()) {
// Require a POST to download files to hinder attacks where you
// <applet src="http://phabricator.example.com/file/..." /> on some
// other domain.
return id(new AphrontRedirectResponse())->setURI($file->getInfoURI());
}
}
if ($download) {
$mime_type = $file->getMimeType();
} else {
$mime_type = $file->getViewableMimeType();
}
// If an alternate file domain is configured, forbid all views which
// don't originate from it.
if (!$download) {
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
if ($alt) {
$domain = id(new PhutilURI($alt))->getDomain();
if ($domain != $request->getHost()) {
return new Aphront400Response();
}
}
}
$response->setMimeType($mime_type);
if ($download) {
$response->setDownload($file->getName());
}
return $response;
default:
break;
}
$author_child = null;
if ($file->getAuthorPHID()) {
$author = id(new PhabricatorUser())->loadOneWhere('phid = %s', $file->getAuthorPHID());
if ($author) {
$author_child = id(new AphrontFormStaticControl())->setLabel('Author')->setName('author')->setValue($author->getUserName());
}
}
$form = new AphrontFormView();
if ($file->isViewableInBrowser()) {
$form->setAction($file->getViewURI());
$button_name = 'View File';
} else {
$form->setAction('/file/download/' . $file->getPHID() . '/');
$button_name = 'Download File';
}
$file_id = 'F' . $file->getID();
$form->setUser($user);
$form->appendChild(id(new AphrontFormStaticControl())->setLabel('Name')->setName('name')->setValue($file->getName()))->appendChild(id(new AphrontFormStaticControl())->setLabel('ID')->setName('id')->setValue($file_id)->setCaption('Download this file with: <tt>arc download ' . phutil_escape_html($file_id) . '</tt>'))->appendChild(id(new AphrontFormStaticControl())->setLabel('PHID')->setName('phid')->setValue($file->getPHID()))->appendChild($author_child)->appendChild(id(new AphrontFormStaticControl())->setLabel('Created')->setName('created')->setValue(phabricator_datetime($file->getDateCreated(), $user)))->appendChild(id(new AphrontFormStaticControl())->setLabel('Mime Type')->setName('mime')->setValue($file->getMimeType()))->appendChild(id(new AphrontFormStaticControl())->setLabel('Size')->setName('size')->setValue($file->getByteSize() . ' bytes'))->appendChild(id(new AphrontFormStaticControl())->setLabel('Engine')->setName('storageEngine')->setValue($file->getStorageEngine()))->appendChild(id(new AphrontFormStaticControl())->setLabel('Format')->setName('storageFormat')->setValue($file->getStorageFormat()))->appendChild(id(new AphrontFormStaticControl())->setLabel('Handle')->setName('storageHandle')->setValue($file->getStorageHandle()))->appendChild(id(new AphrontFormSubmitControl())->setValue($button_name));
$panel = new AphrontPanelView();
$panel->setHeader('File Info - ' . $file->getName());
$panel->appendChild($form);
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$transformations = id(new PhabricatorTransformedFile())->loadAllWhere('originalPHID = %s', $file->getPHID());
$rows = array();
foreach ($transformations as $transformed) {
$phid = $transformed->getTransformedPHID();
$rows[] = array(phutil_escape_html($transformed->getTransform()), phutil_render_tag('a', array('href' => PhabricatorFileURI::getViewURIForPHID($phid)), $phid));
}
$table = new AphrontTableView($rows);
$table->setHeaders(array('Transform', 'File'));
$xform_panel = new AphrontPanelView();
$xform_panel->appendChild($table);
$xform_panel->setWidth(AphrontPanelView::WIDTH_FORM);
$xform_panel->setHeader('Transformations');
return $this->buildStandardPageResponse(array($panel, $xform_panel), array('title' => 'File Info - ' . $file->getName()));
}
public function processRequest()
{
$request = $this->getRequest();
$viewer = $this->getViewer();
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
$alt_uri = new PhutilURI($alt);
$alt_domain = $alt_uri->getDomain();
$req_domain = $request->getHost();
$main_domain = id(new PhutilURI($base_uri))->getDomain();
$cache_response = true;
if (empty($alt) || $main_domain == $alt_domain) {
// Alternate files domain isn't configured or it's set
// to the same as the default domain
$response = $this->loadFile($viewer);
if ($response) {
return $response;
}
$file = $this->getFile();
// when the file is not CDNable, don't allow cache
$cache_response = $file->getCanCDN();
} else {
if ($req_domain != $alt_domain) {
// Alternate domain is configured but this request isn't using it
$response = $this->loadFile($viewer);
if ($response) {
return $response;
}
$file = $this->getFile();
// if the user can see the file, generate a token;
// redirect to the alt domain with the token;
$token_uri = $file->getCDNURIWithToken();
$token_uri = new PhutilURI($token_uri);
$token_uri = $this->addURIParameters($token_uri);
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI($token_uri);
} else {
// We are using the alternate domain. We don't have authentication
// on this domain, so we bypass policy checks when loading the file.
$bypass_policies = PhabricatorUser::getOmnipotentUser();
$response = $this->loadFile($bypass_policies);
if ($response) {
return $response;
}
$file = $this->getFile();
$acquire_token_uri = id(new PhutilURI($file->getViewURI()))->setDomain($main_domain);
$acquire_token_uri = $this->addURIParameters($acquire_token_uri);
if ($this->token) {
// validate the token, if it is valid, continue
$validated_token = $file->validateOneTimeToken($this->token);
if (!$validated_token) {
$dialog = $this->newDialog()->setShortTitle(pht('Expired File'))->setTitle(pht('File Link Has Expired'))->appendParagraph(pht('The link you followed to view this file is invalid or ' . 'expired.'))->appendParagraph(pht('Continue to generate a new link to the file. You may be ' . 'required to log in.'))->addCancelButton($acquire_token_uri, pht('Continue'));
// Build an explicit response so we can respond with HTTP/403 instead
// of HTTP/200.
$response = id(new AphrontDialogResponse())->setDialog($dialog)->setHTTPResponseCode(403);
return $response;
}
// return the file data without cache headers
$cache_response = false;
} else {
if (!$file->getCanCDN()) {
// file cannot be served via cdn, and no token given
// redirect to the main domain to aquire a token
// This is marked as an "external" URI because it is fully qualified.
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI($acquire_token_uri);
}
}
}
}
$response = new AphrontFileResponse();
if ($cache_response) {
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
}
$begin = null;
$end = null;
// NOTE: It's important to accept "Range" requests when playing audio.
// If we don't, Safari has difficulty figuring out how long sounds are
// and glitches when trying to loop them. In particular, Safari sends
// an initial request for bytes 0-1 of the audio file, and things go south
// if we can't respond with a 206 Partial Content.
$range = $request->getHTTPHeader('range');
if ($range) {
$matches = null;
if (preg_match('/^bytes=(\\d+)-(\\d+)$/', $range, $matches)) {
// Note that the "Range" header specifies bytes differently than
// we do internally: the range 0-1 has 2 bytes (byte 0 and byte 1).
$begin = (int) $matches[1];
$end = (int) $matches[2] + 1;
$response->setHTTPResponseCode(206);
$response->setRange($begin, $end - 1);
}
} else {
if (isset($validated_token)) {
// We set this on the response, and the response deletes it after the
// transfer completes. This allows transfers to be resumed, in theory.
$response->setTemporaryFileToken($validated_token);
}
}
$is_viewable = $file->isViewableInBrowser();
$force_download = $request->getExists('download');
if ($is_viewable && !$force_download) {
$response->setMimeType($file->getViewableMimeType());
} else {
if (!$request->isHTTPPost() && !$alt_domain) {
// NOTE: Require POST to download files from the primary domain. We'd
// rather go full-bore and do a real CSRF check, but can't currently
// authenticate users on the file domain. This should blunt any
// attacks based on iframes, script tags, applet tags, etc., at least.
// Send the user to the "info" page if they're using some other method.
// This is marked as "external" because it is fully qualified.
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI(PhabricatorEnv::getProductionURI($file->getBestURI()));
}
$response->setMimeType($file->getMimeType());
$response->setDownload($file->getName());
}
$iterator = $file->getFileDataIterator($begin, $end);
$response->setContentLength($file->getByteSize());
$response->setContentIterator($iterator);
return $response;
}
public function handleRequest(AphrontRequest $request)
{
$viewer = $request->getViewer();
$this->phid = $request->getURIData('phid');
$this->key = $request->getURIData('key');
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
$alt_uri = new PhutilURI($alt);
$alt_domain = $alt_uri->getDomain();
$req_domain = $request->getHost();
$main_domain = id(new PhutilURI($base_uri))->getDomain();
if (!strlen($alt) || $main_domain == $alt_domain) {
// No alternate domain.
$should_redirect = false;
$is_alternate_domain = false;
} else {
if ($req_domain != $alt_domain) {
// Alternate domain, but this request is on the main domain.
$should_redirect = true;
$is_alternate_domain = false;
} else {
// Alternate domain, and on the alternate domain.
$should_redirect = false;
$is_alternate_domain = true;
}
}
$response = $this->loadFile();
if ($response) {
return $response;
}
$file = $this->getFile();
if ($should_redirect) {
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI($file->getCDNURI());
}
$response = new AphrontFileResponse();
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
$response->setCanCDN($file->getCanCDN());
$begin = null;
$end = null;
// NOTE: It's important to accept "Range" requests when playing audio.
// If we don't, Safari has difficulty figuring out how long sounds are
// and glitches when trying to loop them. In particular, Safari sends
// an initial request for bytes 0-1 of the audio file, and things go south
// if we can't respond with a 206 Partial Content.
$range = $request->getHTTPHeader('range');
if ($range) {
$matches = null;
if (preg_match('/^bytes=(\\d+)-(\\d+)$/', $range, $matches)) {
// Note that the "Range" header specifies bytes differently than
// we do internally: the range 0-1 has 2 bytes (byte 0 and byte 1).
$begin = (int) $matches[1];
$end = (int) $matches[2] + 1;
$response->setHTTPResponseCode(206);
$response->setRange($begin, $end - 1);
}
}
$is_viewable = $file->isViewableInBrowser();
$force_download = $request->getExists('download');
$request_type = $request->getHTTPHeader('X-Phabricator-Request-Type');
$is_lfs = $request_type == 'git-lfs';
if ($is_viewable && !$force_download) {
$response->setMimeType($file->getViewableMimeType());
} else {
if (!$request->isHTTPPost() && !$is_alternate_domain && !$is_lfs) {
// NOTE: Require POST to download files from the primary domain. We'd
// rather go full-bore and do a real CSRF check, but can't currently
// authenticate users on the file domain. This should blunt any
// attacks based on iframes, script tags, applet tags, etc., at least.
// Send the user to the "info" page if they're using some other method.
// This is marked as "external" because it is fully qualified.
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI(PhabricatorEnv::getProductionURI($file->getBestURI()));
}
$response->setMimeType($file->getMimeType());
$response->setDownload($file->getName());
}
$iterator = $file->getFileDataIterator($begin, $end);
$response->setContentLength($file->getByteSize());
$response->setContentIterator($iterator);
return $response;
}
public function processRequest()
{
$request = $this->getRequest();
$user = $request->getUser();
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $this->phid);
if (!$file) {
return new Aphront404Response();
}
switch ($this->view) {
case 'download':
case 'view':
$data = $file->loadFileData();
$response = new AphrontFileResponse();
$response->setContent($data);
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
if ($this->view == 'view') {
if (!$file->isViewableInBrowser()) {
return new Aphront400Response();
}
$download = false;
} else {
$download = true;
}
if ($download) {
$mime_type = $file->getMimeType();
} else {
$mime_type = $file->getViewableMimeType();
}
$response->setMimeType($mime_type);
if ($download) {
$response->setDownload($file->getName());
}
return $response;
default:
break;
}
$author_child = null;
if ($file->getAuthorPHID()) {
$author = id(new PhabricatorUser())->loadOneWhere('phid = %s', $file->getAuthorPHID());
if ($author) {
$author_child = id(new AphrontFormStaticControl())->setLabel('Author')->setName('author')->setValue($author->getUserName());
}
}
$form = new AphrontFormView();
if ($file->isViewableInBrowser()) {
$form->setAction('/file/view/' . $file->getPHID() . '/');
$button_name = 'View File';
} else {
$form->setAction('/file/download/' . $file->getPHID() . '/');
$button_name = 'Download File';
}
$file_id = 'F' . $file->getID();
$form->setUser($user);
$form->appendChild(id(new AphrontFormStaticControl())->setLabel('Name')->setName('name')->setValue($file->getName()))->appendChild(id(new AphrontFormStaticControl())->setLabel('ID')->setName('id')->setValue($file_id)->setCaption('Download this file with: <tt>arc download ' . phutil_escape_html($file_id) . '</tt>'))->appendChild(id(new AphrontFormStaticControl())->setLabel('PHID')->setName('phid')->setValue($file->getPHID()))->appendChild($author_child)->appendChild(id(new AphrontFormStaticControl())->setLabel('Created')->setName('created')->setValue(phabricator_datetime($file->getDateCreated(), $user)))->appendChild(id(new AphrontFormStaticControl())->setLabel('Mime Type')->setName('mime')->setValue($file->getMimeType()))->appendChild(id(new AphrontFormStaticControl())->setLabel('Size')->setName('size')->setValue($file->getByteSize() . ' bytes'))->appendChild(id(new AphrontFormStaticControl())->setLabel('Engine')->setName('storageEngine')->setValue($file->getStorageEngine()))->appendChild(id(new AphrontFormStaticControl())->setLabel('Format')->setName('storageFormat')->setValue($file->getStorageFormat()))->appendChild(id(new AphrontFormStaticControl())->setLabel('Handle')->setName('storageHandle')->setValue($file->getStorageHandle()))->appendChild(id(new AphrontFormSubmitControl())->setValue($button_name));
$panel = new AphrontPanelView();
$panel->setHeader('File Info - ' . $file->getName());
$panel->appendChild($form);
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$transformations = id(new PhabricatorTransformedFile())->loadAllWhere('originalPHID = %s', $file->getPHID());
$rows = array();
foreach ($transformations as $transformed) {
$phid = $transformed->getTransformedPHID();
$rows[] = array(phutil_escape_html($transformed->getTransform()), phutil_render_tag('a', array('href' => PhabricatorFileURI::getViewURIForPHID($phid)), $phid));
}
$table = new AphrontTableView($rows);
$table->setHeaders(array('Transform', 'File'));
$xform_panel = new AphrontPanelView();
$xform_panel->appendChild($table);
$xform_panel->setWidth(AphrontPanelView::WIDTH_FORM);
$xform_panel->setHeader('Transformations');
return $this->buildStandardPageResponse(array($panel, $xform_panel), array('title' => 'File Info - ' . $file->getName()));
}