/** * Process all incoming requests passed to this controller, checking * that the file exists and passing the file through if possible. */ public function handleRequest(SS_HTTPRequest $request, DataModel $model) { $response = new SS_HTTPResponse(); $filename = $request->getURL(); if (strpos($filename, 'cdnassets') === 0) { $filename = 'assets/' . substr($filename, strlen('cdnassets/')); } $file = null; if (strpos($filename, '_resampled') !== false) { $file = ContentServiceAsset::get()->filter('Filename', $filename)->first(); } else { if (strpos($filename, '/_versions/') !== false) { $file = FileVersion::get()->filter('Filename', "/" . $filename)->first(); } else { $file = File::get()->filter('filename', $filename)->first(); } } if ($file && $file->canView()) { if (!$file->CDNFile && !$file->FilePointer) { return $this->httpError(404); } // Permission passed redirect to file $redirectLink = ''; if ($file->getViewType() != CDNFile::ANYONE_PERM) { if ($file->hasMethod('getSecureURL')) { $redirectLink = $file->getSecureURL(180); } if (!strlen($redirectLink)) { // can we stream it? return $this->sendFile($file); } } else { $redirectLink = $file->getURL(); } if ($redirectLink && trim($redirectLink, '/') != $request->getURL()) { $response->redirect($redirectLink); } else { return $this->httpError(404); } } else { if (class_exists('SecureFileController')) { $handoff = SecureFileController::create(); return $handoff->handleRequest($request, $model); } elseif ($file instanceof File) { // Permission failure Security::permissionFailure($this, 'You are not authorised to access this resource. Please log in.'); } else { // File doesn't exist $response = new SS_HTTPResponse('File Not Found', 404); } } return $response; }
/** * For folders, will need to add or remove the htaccess rules * Assumptions: * - the folder exists (after write!) * - no one else is trying to put htaccess rules here * - (follows from above) existing htaccess file was put there by this module * @todo Add better support for existing htaccess files */ function onAfterWrite() { parent::onAfterWrite(); if ($this->owner instanceof Folder) { $htaccess = $this->owner->getFullPath() . SecureFileController::get_access_filename(); if ($this->owner->Secured && !file_exists($htaccess)) { file_put_contents($htaccess, $this->htaccessContent()); } elseif (!$this->owner->Secured && file_exists($htaccess)) { unlink($htaccess); } } }
function checkHasHtaccess($folder) { $htaccess_path = BASE_PATH . "/{$folder->Filename}" . SecureFileController::get_access_filename(); if (!file_exists($htaccess_path)) { return false; } $content = file_get_contents($htaccess_path); return $content == singleton('File')->htaccessContent(); }
/** * Set a 'not found' message to replace the standard string * @param $message HTML body of 404 Not Found response * @param $i18n Reference to i18n path */ static function set_not_found_text($message = "Not Found", $i18n = "SecureFiles.NOTFOUND") { self::$i18n_not_found = array($i18n, $message); }