fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMC-398

Browse Source
This commit is contained in:
Julio Cesar Laura Avendaño
2019-01-16 12:21:17 -04:00
parent 28105f8766
commit 9a186bf525
3 changed files with 83 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
workflow/engine/methods/processes/processes_GetFile.php
View File

@@ -4,14 +4,11 @@ $RBAC->allows(basename(__FILE__), $_GET['MAIN_DIRECTORY']);
$mainDirectory = !empty($_GET['MAIN_DIRECTORY']) ? $_GET['MAIN_DIRECTORY'] : '';
$proUid = !empty($_GET['PRO_UID']) ? $_GET['PRO_UID'] : '';
$currentDirectory = !empty($_GET['CURRENT_DIRECTORY']) ? realpath($_GET['CURRENT_DIRECTORY']) . PATH_SEP : '';
$file = !empty($_GET['FILE']) ? realpath($_GET['FILE']) : '';
$currentDirectory = !empty($_GET['CURRENT_DIRECTORY']) ? $_GET['CURRENT_DIRECTORY'] . PATH_SEP : '';
$file = !empty($_GET['FILE']) ? $_GET['FILE'] : '';
$extension = (!empty($_GET['sFilextension']) && $_GET['sFilextension'] === 'javascript') ? '.js' : '';
//validated process exists, return throw if not exists.
$process = new Process();
$process->load($proUid);
// Validate the main directory
switch ($mainDirectory) {
case 'mailTemplates':
$directory = PATH_DATA_MAILTEMPLATES;
@@ -24,9 +21,20 @@ switch ($mainDirectory) {
break;
}
// Validate if process exists, an exception is throwed if not exists
$process = new Process();
$process->load($proUid);
// Validate directory and file requested
$filter = new InputFilter();
$currentDirectory = $filter->validatePath($currentDirectory);
$file = $filter->validatePath($file);
// Build requested path
$directory .= $proUid . PATH_SEP . $currentDirectory;
$file .= $extension;
// Stream the file if path exists
if (file_exists($directory . $file)) {
G::streamFile($directory . $file, true);
}