HOR-3286
This commit is contained in:
Paula Quispe
@@ -1,26 +1,5 @@
|
||||
<?php
|
||||
/**
|
||||
* processes_DownloadFile.php
|
||||
*
|
||||
* ProcessMaker Open Source Edition
|
||||
* Copyright (C) 2004 - 2008 Colosa Inc.23
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
//$RBAC->allows(basename(__FILE__), 'downloadFileHash');
|
||||
|
||||
if (!isset($_GET["file_hash"])) {
|
||||
throw new Exception("Invalid Request, param 'file_hash' was not sent.");
|
||||
@@ -28,26 +7,16 @@ if (!isset($_GET["file_hash"])) {
|
||||
|
||||
$httpStream = new \ProcessMaker\Util\IO\HttpStream();
|
||||
$outputDir = PATH_DATA . "sites" . PATH_SEP . SYS_SYS . PATH_SEP . "files" . PATH_SEP . "output" . PATH_SEP;
|
||||
$filename = urldecode(base64_decode($_GET["file_hash"]));
|
||||
$fileExtension = pathinfo($outputDir . $filename, PATHINFO_EXTENSION);
|
||||
$fileName = urldecode(base64_decode($_GET["file_hash"]));
|
||||
$processFile = $outputDir . $fileName;
|
||||
|
||||
if (!file_exists($outputDir . $filename)) {
|
||||
throw new Exception("Error, couldn't find request file: $filename");
|
||||
//Verify if the file related to process exist in the corresponding path
|
||||
$fileInformation = pathinfo($processFile);
|
||||
$processFile = $outputDir . $fileInformation['basename'];
|
||||
if (!file_exists($processFile)) {
|
||||
throw new Exception("Error, couldn't find request file: $fileName");
|
||||
}
|
||||
|
||||
$httpStream->loadFromFile($outputDir . $filename);
|
||||
$fileExtension = $fileInformation['extension'];
|
||||
$httpStream->loadFromFile($processFile);
|
||||
$httpStream->setHeader("Content-Type", "application/$fileExtension");
|
||||
$httpStream->send();
|
||||
|
||||
// ************* DEPRECATED (it will be removed soon) *********************************
|
||||
//add more security, and catch any error or exception
|
||||
//$sFileName = $_GET['p'] . '.pm';
|
||||
//$file = PATH_DOCUMENT . 'output' . PATH_SEP . $sFileName . 'tpm';
|
||||
//$filex = PATH_DOCUMENT . 'output' . PATH_SEP . $sFileName;
|
||||
//
|
||||
//if (file_exists( $file )) {
|
||||
// rename( $file, $filex );
|
||||
//}
|
||||
//
|
||||
//$realPath = PATH_DOCUMENT . 'output' . PATH_SEP . $sFileName;
|
||||
//G::streamFile( $realPath, true );
|
||||
|
||||
@@ -1,8 +1,4 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
if (! isset( $_REQUEST['action'] )) {
|
||||
$res['success'] = false;
|
||||
$res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION');
|
||||
@@ -17,8 +13,7 @@ if (! function_exists( $_REQUEST['action'] ) || !G::isUserFunction($_REQUEST['ac
|
||||
print G::json_encode( $res );
|
||||
die();
|
||||
}
|
||||
$restrictedFunctions = array ('copy_skin_folder','addTarFolder'
|
||||
);
|
||||
$restrictedFunctions = array ('copy_skin_folder','addTarFolder');
|
||||
if (in_array( $_REQUEST['action'], $restrictedFunctions )) {
|
||||
$res['success'] = false;
|
||||
$res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION_NOT_EXIST');
|
||||
@@ -26,9 +21,9 @@ if (in_array( $_REQUEST['action'], $restrictedFunctions )) {
|
||||
die();
|
||||
}
|
||||
|
||||
$functionName = $_REQUEST['action'];
|
||||
$functionName = $_REQUEST['action'];error_log($functionName);
|
||||
$functionParams = isset( $_REQUEST['params'] ) ? $_REQUEST['params'] : array ();
|
||||
|
||||
//$RBAC->allows(basename(__FILE__), $functionName);
|
||||
$functionName();
|
||||
|
||||
function updatePageSize ()
|
||||
@@ -166,7 +161,7 @@ function newSkin ($baseSkin = 'classic')
|
||||
$configFileFinal = PATH_CUSTOM_SKINS . $skinFolder . PATH_SEP . 'config.xml';
|
||||
|
||||
$xmlConfiguration = file_get_contents( $configFileOriginal );
|
||||
|
||||
|
||||
$workspace = ($_REQUEST['workspace'] == 'global') ? '' : SYS_SYS;
|
||||
|
||||
$xmlConfigurationObj = G::xmlParser($xmlConfiguration);
|
||||
@@ -356,9 +351,9 @@ function exportSkin ($skinToExport = "")
|
||||
$response['success'] = true;
|
||||
$response['message'] = $skinTar;
|
||||
G::auditLog("ExportSkin", "Skin Name: ".$skinName);
|
||||
|
||||
|
||||
$response = $filter->xssFilterHard($response);
|
||||
|
||||
|
||||
print_r( G::json_encode( $response ) );
|
||||
} catch (Exception $e) {
|
||||
$response['success'] = false;
|
||||
@@ -374,7 +369,7 @@ function deleteSkin ()
|
||||
$filter = new InputFilter();
|
||||
try {
|
||||
$_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']);
|
||||
|
||||
|
||||
if (! (isset( $_REQUEST['SKIN_FOLDER_ID'] ))) {
|
||||
throw (new Exception( G::LoadTranslation( 'ID_SKIN_FOLDER_REQUIRED' ) ));
|
||||
}
|
||||
@@ -400,9 +395,9 @@ function deleteSkin ()
|
||||
|
||||
function streamSkin ()
|
||||
{
|
||||
$skinTar = $_REQUEST['file'];
|
||||
$skinTar = basename($_REQUEST['file']);
|
||||
$bDownload = true;
|
||||
G::streamFile( $skinTar, $bDownload, basename( $skinTar ) );
|
||||
G::streamFile(PATH_CUSTOM_SKINS . $skinTar, $bDownload, $skinTar);
|
||||
@unlink( $fileTar );
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user