# mailto:admin@bitrix.ru # ############################################## */ require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_before.php"; require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/workflow/prolog.php"; $WORKFLOW_RIGHT = $APPLICATION->GetGroupRight("workflow"); if ($WORKFLOW_RIGHT == "D") { $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED")); } require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/workflow/include.php"; IncludeModuleLangFile(__FILE__); $fname = $_REQUEST["fname"]; $path = ""; $filename = ""; if ($USER->IsAdmin() || !in_array(GetFileExtension($fname), GetScriptFileExt())) { $z = CWorkflow::GetFileByID($did, $fname); if ($zr = $z->Fetch()) { $path = CWorkflow::GetTempDir() . $zr["TEMP_FILENAME"]; if (file_exists($path)) { $filename = basename($zr["FILENAME"]); } } } else { $strError = GetMessage("FLOW_ACCESS_DENIED_PHP_DOWNLOAD"); } if (strlen($strError) <= 0) { $fsize = filesize($path); header("Content-Type: application/force-download; name=\"" . $filename . "\""); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . $fsize); header("Content-Disposition: attachment; filename=\"" . $filename . "\"");
$arFile["name"] = GetFileName($arFile["name"]); $fname = ${"fname_" . $i}; if (strlen($fname) <= 0) { $fname = $arFile["name"]; } $path = GetDirPath($FILENAME); $pathto = Rel2Abs($path, $fname); $ext = GetFileExtension($pathto); if (!$USER->IsAdmin() && in_array($ext, $arExt)) { $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => GetMessage("FLOW_FILEUPLOAD_PHPERROR") . " \"" . $pathto . "\"", "TYPE" => "ERROR")); } elseif (!$USER->CanDoFileOperation('fm_edit_in_workflow', array($SITE_ID, $pathto))) { $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => GetMessage("FLOW_FILEUPLOAD_ACCESS_DENIED") . " \"" . $pathto . "\": " . GetMessage("FLOW_MIN_RIGHTS"), "TYPE" => "ERROR")); } elseif (!CBXVirtualIoFileSystem::ValidatePathString($pathto)) { $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => GetMessage("FLOW_FILE_NAME_NOT_VALID"), "TYPE" => "ERROR")); } else { $z = CWorkflow::GetFileByID($ID, $pathto); if ($zr = $z->Fetch()) { $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => str_replace("#FILE#", "{$pathto}", GetMessage("FLOW_FILE_ALREADY_EXIST")), "TYPE" => "ERROR")); } else { $temp_file = CWorkflow::GetUniqueFilename($pathto); $temp_dir = CWorkflow::GetTempDir(); if (!file_exists($temp_dir)) { mkdir($temp_dir, BX_DIR_PERMISSIONS); } $temp_path = $temp_dir . $temp_file; if (!copy($arFile["tmp_name"], $temp_path)) { $message = new CAdminMessage(array("MESSAGE" => GetMessage("FLOW_ERROR"), "DETAILS" => GetMessage("FLOW_FILEUPLOAD_FILE_CREATE_ERROR") . " \"" . $temp_path . "\"", "TYPE" => "ERROR")); } else { $arFields = array("DOCUMENT_ID" => $ID > 0 ? $ID : "null", "TIMESTAMP_X" => $DB->GetNowFunction(), "MODIFIED_BY" => "'" . $USER->GetID() . "'", "TEMP_FILENAME" => "'" . $DB->ForSql($temp_file, 255) . "'", "FILENAME" => "'" . $DB->ForSql($pathto, 255) . "'", "FILESIZE" => intval($arFile["size"])); $FILE_ID = $DB->Insert("b_workflow_file", $arFields, $err_mess . __LINE__); $arUploadedFiles[] = intval($FILE_ID);
public static function GetFileContent($did, $fname, $wf_path = "", $site = false) { $err_mess = CAllWorkflow::err_mess() . "<br>Function: GetFileContent<br>Line: "; global $DB, $APPLICATION, $USER; $did = intval($did); // check if executable if ($USER->IsAdmin() || CBXVirtualIoFileSystem::ValidatePathString($fname) && !HasScriptExtension($fname)) { if ($did > 0) { // check if it is associated wtih document $z = CWorkflow::GetFileByID($did, $fname); // found one if ($zr = $z->Fetch()) { // get it's contents $path = CWorkflow::GetTempDir() . $zr["TEMP_FILENAME"]; if (file_exists($path)) { return $APPLICATION->GetFileContent($path); } } else { // lookup in database $strSql = "SELECT FILENAME, SITE_ID FROM b_workflow_document WHERE ID='{$did}'"; $y = $DB->Query($strSql, false, $err_mess . __LINE__); // found if ($yr = $y->Fetch()) { // get it's directory $path = GetDirPath($yr["FILENAME"]); // absolute path $pathto = Rel2Abs($path, $fname); $DOC_ROOT = CSite::GetSiteDocRoot($yr["SITE_ID"]); $path = $DOC_ROOT . $pathto; // give it another try $u = CWorkflow::GetFileByID($did, $pathto); // found if ($ur = $u->Fetch()) { // get it's contents $path = CWorkflow::GetTempDir() . $ur["TEMP_FILENAME"]; if (file_exists($path)) { return $APPLICATION->GetFileContent($path); } } elseif (file_exists($path)) { // get it's contents if ($USER->CanDoFileOperation('fm_view_file', array($yr["SITE_ID"], $pathto))) { return $APPLICATION->GetFileContent($path); } } } } } $DOC_ROOT = CSite::GetSiteDocRoot($site); // new one if (strlen($wf_path) > 0) { $pathto = Rel2Abs($wf_path, $fname); $path = $DOC_ROOT . $pathto; if (file_exists($path)) { // get it's contents if ($USER->CanDoFileOperation('fm_view_file', array($site, $pathto))) { $src = $APPLICATION->GetFileContent($path); return $src; } } } // still failed to find // get path $path = $DOC_ROOT . $fname; if (file_exists($path)) { // get it's contents if ($USER->CanDoFileOperation('fm_view_file', array($site, $fname))) { return $APPLICATION->GetFileContent($path); } } } else { return GetMessage("FLOW_ACCESS_DENIED_PHP_VIEW"); } }