HOR-3286
This commit is contained in:
Paula Quispe
@@ -1,26 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
/**
|
//$RBAC->allows(basename(__FILE__), 'downloadFileHash');
|
||||||
* processes_DownloadFile.php
|
|
||||||
*
|
|
||||||
* ProcessMaker Open Source Edition
|
|
||||||
* Copyright (C) 2004 - 2008 Colosa Inc.23
|
|
||||||
*
|
|
||||||
* This program is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU Affero General Public License as
|
|
||||||
* published by the Free Software Foundation, either version 3 of the
|
|
||||||
* License, or (at your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU Affero General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU Affero General Public License
|
|
||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*
|
|
||||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
|
||||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!isset($_GET["file_hash"])) {
|
if (!isset($_GET["file_hash"])) {
|
||||||
throw new Exception("Invalid Request, param 'file_hash' was not sent.");
|
throw new Exception("Invalid Request, param 'file_hash' was not sent.");
|
||||||
@@ -28,26 +7,16 @@ if (!isset($_GET["file_hash"])) {
|
|||||||
|
|
||||||
$httpStream = new \ProcessMaker\Util\IO\HttpStream();
|
$httpStream = new \ProcessMaker\Util\IO\HttpStream();
|
||||||
$outputDir = PATH_DATA . "sites" . PATH_SEP . SYS_SYS . PATH_SEP . "files" . PATH_SEP . "output" . PATH_SEP;
|
$outputDir = PATH_DATA . "sites" . PATH_SEP . SYS_SYS . PATH_SEP . "files" . PATH_SEP . "output" . PATH_SEP;
|
||||||
$filename = urldecode(base64_decode($_GET["file_hash"]));
|
$fileName = urldecode(base64_decode($_GET["file_hash"]));
|
||||||
$fileExtension = pathinfo($outputDir . $filename, PATHINFO_EXTENSION);
|
$processFile = $outputDir . $fileName;
|
||||||
|
|
||||||
if (!file_exists($outputDir . $filename)) {
|
//Verify if the file related to process exist in the corresponding path
|
||||||
throw new Exception("Error, couldn't find request file: $filename");
|
$fileInformation = pathinfo($processFile);
|
||||||
|
$processFile = $outputDir . $fileInformation['basename'];
|
||||||
|
if (!file_exists($processFile)) {
|
||||||
|
throw new Exception("Error, couldn't find request file: $fileName");
|
||||||
}
|
}
|
||||||
|
$fileExtension = $fileInformation['extension'];
|
||||||
$httpStream->loadFromFile($outputDir . $filename);
|
$httpStream->loadFromFile($processFile);
|
||||||
$httpStream->setHeader("Content-Type", "application/$fileExtension");
|
$httpStream->setHeader("Content-Type", "application/$fileExtension");
|
||||||
$httpStream->send();
|
$httpStream->send();
|
||||||
|
|
||||||
// ************* DEPRECATED (it will be removed soon) *********************************
|
|
||||||
//add more security, and catch any error or exception
|
|
||||||
//$sFileName = $_GET['p'] . '.pm';
|
|
||||||
//$file = PATH_DOCUMENT . 'output' . PATH_SEP . $sFileName . 'tpm';
|
|
||||||
//$filex = PATH_DOCUMENT . 'output' . PATH_SEP . $sFileName;
|
|
||||||
//
|
|
||||||
//if (file_exists( $file )) {
|
|
||||||
// rename( $file, $filex );
|
|
||||||
//}
|
|
||||||
//
|
|
||||||
//$realPath = PATH_DOCUMENT . 'output' . PATH_SEP . $sFileName;
|
|
||||||
//G::streamFile( $realPath, true );
|
|
||||||
|
|||||||
@@ -1,8 +1,4 @@
|
|||||||
<?php
|
<?php
|
||||||
G::LoadSystem('inputfilter');
|
|
||||||
$filter = new InputFilter();
|
|
||||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
|
||||||
|
|
||||||
if (! isset( $_REQUEST['action'] )) {
|
if (! isset( $_REQUEST['action'] )) {
|
||||||
$res['success'] = false;
|
$res['success'] = false;
|
||||||
$res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION');
|
$res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION');
|
||||||
@@ -17,8 +13,7 @@ if (! function_exists( $_REQUEST['action'] ) || !G::isUserFunction($_REQUEST['ac
|
|||||||
print G::json_encode( $res );
|
print G::json_encode( $res );
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
$restrictedFunctions = array ('copy_skin_folder','addTarFolder'
|
$restrictedFunctions = array ('copy_skin_folder','addTarFolder');
|
||||||
);
|
|
||||||
if (in_array( $_REQUEST['action'], $restrictedFunctions )) {
|
if (in_array( $_REQUEST['action'], $restrictedFunctions )) {
|
||||||
$res['success'] = false;
|
$res['success'] = false;
|
||||||
$res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION_NOT_EXIST');
|
$res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION_NOT_EXIST');
|
||||||
@@ -26,9 +21,9 @@ if (in_array( $_REQUEST['action'], $restrictedFunctions )) {
|
|||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
$functionName = $_REQUEST['action'];
|
$functionName = $_REQUEST['action'];error_log($functionName);
|
||||||
$functionParams = isset( $_REQUEST['params'] ) ? $_REQUEST['params'] : array ();
|
$functionParams = isset( $_REQUEST['params'] ) ? $_REQUEST['params'] : array ();
|
||||||
|
//$RBAC->allows(basename(__FILE__), $functionName);
|
||||||
$functionName();
|
$functionName();
|
||||||
|
|
||||||
function updatePageSize ()
|
function updatePageSize ()
|
||||||
@@ -166,7 +161,7 @@ function newSkin ($baseSkin = 'classic')
|
|||||||
$configFileFinal = PATH_CUSTOM_SKINS . $skinFolder . PATH_SEP . 'config.xml';
|
$configFileFinal = PATH_CUSTOM_SKINS . $skinFolder . PATH_SEP . 'config.xml';
|
||||||
|
|
||||||
$xmlConfiguration = file_get_contents( $configFileOriginal );
|
$xmlConfiguration = file_get_contents( $configFileOriginal );
|
||||||
|
|
||||||
$workspace = ($_REQUEST['workspace'] == 'global') ? '' : SYS_SYS;
|
$workspace = ($_REQUEST['workspace'] == 'global') ? '' : SYS_SYS;
|
||||||
|
|
||||||
$xmlConfigurationObj = G::xmlParser($xmlConfiguration);
|
$xmlConfigurationObj = G::xmlParser($xmlConfiguration);
|
||||||
@@ -356,9 +351,9 @@ function exportSkin ($skinToExport = "")
|
|||||||
$response['success'] = true;
|
$response['success'] = true;
|
||||||
$response['message'] = $skinTar;
|
$response['message'] = $skinTar;
|
||||||
G::auditLog("ExportSkin", "Skin Name: ".$skinName);
|
G::auditLog("ExportSkin", "Skin Name: ".$skinName);
|
||||||
|
|
||||||
$response = $filter->xssFilterHard($response);
|
$response = $filter->xssFilterHard($response);
|
||||||
|
|
||||||
print_r( G::json_encode( $response ) );
|
print_r( G::json_encode( $response ) );
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
$response['success'] = false;
|
$response['success'] = false;
|
||||||
@@ -374,7 +369,7 @@ function deleteSkin ()
|
|||||||
$filter = new InputFilter();
|
$filter = new InputFilter();
|
||||||
try {
|
try {
|
||||||
$_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']);
|
$_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']);
|
||||||
|
|
||||||
if (! (isset( $_REQUEST['SKIN_FOLDER_ID'] ))) {
|
if (! (isset( $_REQUEST['SKIN_FOLDER_ID'] ))) {
|
||||||
throw (new Exception( G::LoadTranslation( 'ID_SKIN_FOLDER_REQUIRED' ) ));
|
throw (new Exception( G::LoadTranslation( 'ID_SKIN_FOLDER_REQUIRED' ) ));
|
||||||
}
|
}
|
||||||
@@ -400,9 +395,9 @@ function deleteSkin ()
|
|||||||
|
|
||||||
function streamSkin ()
|
function streamSkin ()
|
||||||
{
|
{
|
||||||
$skinTar = $_REQUEST['file'];
|
$skinTar = basename($_REQUEST['file']);
|
||||||
$bDownload = true;
|
$bDownload = true;
|
||||||
G::streamFile( $skinTar, $bDownload, basename( $skinTar ) );
|
G::streamFile(PATH_CUSTOM_SKINS . $skinTar, $bDownload, $skinTar);
|
||||||
@unlink( $fileTar );
|
@unlink( $fileTar );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user