protected function runUntrustedAction($action)
{
switch ($action) {
case 'backup':
include_once 'HTTP/Download.php';
include_once 'Archive/Tar.php';
if (!$this->data_engine->dump(TIP::buildDataPath('dump'))) {
TIP::notifyError('backup');
return false;
}
$tar_file = TIP::buildCachePath($this->id . '-' . TIP::formatDate('date_sql') . '.tar.gz');
$tar_object = new Archive_Tar($tar_file, 'gz');
$result = $tar_object->createModify(TIP::buildDataPath(), '', TIP::buildPath());
unset($tar_object);
if ($result !== true) {
return false;
}
HTTP_Download::staticSend(array('file' => $tar_file, 'contenttype' => 'application/x-gzip', 'contentdisposition' => HTTP_DOWNLOAD_ATTACHMENT));
exit;
}
return null;
}
/**
* Perform a view action
*
* Runs the file identified by the 'view_template' property for the
* specified row. The rendered result is appended to the page.
*
* @param mixed $id The identifier of the row to view
* @return bool true on success or false on errors
*/
protected function actionView($id)
{
// The query is not strictly necessary but it is still performed
// to avoid read actions on arbitrary files
if (is_null($row =& $this->fromRow($id, false)) || !$this->_onView($row)) {
return false;
}
// Check for html file existence
$file = TIP::buildDataPath($this->id, $id);
if (!is_readable($file)) {
$this->endView();
return false;
}
$content =& TIP_Application::getGlobal('content');
$this->keys['id'] = $id;
$this->keys[$this->title_field] = str_replace('.html', '', $id);
$this->keys['content'] = file_get_contents($file);
$this->keys[$this->creation_field] = TIP::formatDate('datetime_sql', filectime($file));
$this->keys[$this->edited_field] = TIP::formatDate('datetime_sql', filemtime($file));
if (empty($this->view_template)) {
// On empty template, output the whole html file content
// and set a viable "title" metatag
$content .= $this->keys['content'];
$title =& TIP_Application::getGlobal('title');
$title = $this->keys[$this->title_field] . ' (' . $title . ')';
} else {
// Use a custom template
$content .= $this->tagRun($this->view_template);
}
// Discard the generated content to decrease memory consumption
unset($this->keys);
$this->endView();
return true;
}
/**
* Configure an attachment based element
*
* This code can be shared by every HTML_QuickForm_attachment based element.
*
* @param HTML_QuickForm_element &$element The element to configure
* @param string $args The widget args
* @return HTML_QuickForm_element The configured element
*/
private function &_configAttachment(&$element, $args)
{
// Common base path and uri
$element->setBasePath(TIP::buildDataPath((string) $this->master));
$element->setBaseUrl(TIP::buildDataUri((string) $this->master));
// Unload the element data, if needed
$unload_id = 'unload_' . $element->getName();
if ($this->action == TIP_FORM_ACTION_DELETE && TIP::getGet('process', 'int') == 1 || array_key_exists($unload_id, $_POST)) {
$element->setState(QF_ATTACHMENT_TO_UNLOAD);
} else {
// Add the unload element
$unload_label = $this->getLocale('label.' . $unload_id);
$unload_element = $this->_form->createElement('checkbox', $unload_id, $unload_label, $unload_label, array('tabindex' => $this->_tabindex));
$element->setUnloadElement($unload_element);
}
return $element;
}
private function &_getRows(&$data, $fields)
{
$path = $data->getProperty('path');
if (!array_key_exists($path, $this->_rows)) {
if (strncmp($path, 'http://', 7) == 0) {
$uri = $path;
if (function_exists('curl_init')) {
// CURL extension available: this should be the
// first attempt because the dumb 'open_basedir'
// directive can f**k up file_get_contents()
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $uri);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$xml_data = curl_exec($curl);
curl_close($curl);
} else {
if (in_array('http', stream_get_wrappers())) {
// http wrapper present
$xml_data = file_get_contents($uri);
} else {
// No viable way to use the http protocol
$xml_data = false;
}
}
} else {
$uri = TIP::buildDataPath($data->getProperty('path'));
$xml_data = file_get_contents($uri);
}
$xml_tree = false;
if (is_string($xml_data)) {
// Work-around to let SimpleXML be happy with the f*****g
// default namespace
$xml_data = str_replace(' xmlns=', ' fakens=', $xml_data);
$xml_tree = @simplexml_load_string($xml_data);
}
if ($xml_tree) {
// Takes only the first element matching "base_xpath"
$xml = reset($xml_tree->xpath($this->base_xpath));
$this->_data =& $data;
if (empty($fields)) {
$this->_fields = array_keys($this->fields_xpath);
} else {
$this->_fields = $fields;
}
$nodes = $xml->xpath($this->row_xpath);
$rows = $this->_nodesToRows($nodes);
unset($nodes, $this->_fields, $this->_data);
} else {
$rows = array();
TIP::error("failed to load XML file ({$uri})");
}
$this->_rows[$path] = $rows;
}
return $this->_rows[$path];
}
