From 142395591e3cc92d32ddf3e4431d75a7e688781f Mon Sep 17 00:00:00 2001 From: Thilina Date: Sun, 27 Jun 2021 17:08:16 +0200 Subject: [PATCH] Generated PDF download action and the data file download wrapper --- core/service.php | 94 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 72 insertions(+), 22 deletions(-) diff --git a/core/service.php b/core/service.php index 65ef782c..c02c27c8 100644 --- a/core/service.php +++ b/core/service.php @@ -3,7 +3,10 @@ use Classes\BaseService; use Classes\IceResponse; use Classes\PasswordManager; +use Classes\Pdf\PDFRegister; +use Classes\SettingsManager; use Metadata\Common\Model\SupportedLanguage; +use Model\File; use Users\Common\Model\User; use Utils\LogManager; use Classes\Exception\IceHttpException; @@ -173,19 +176,20 @@ try {// Domain aware input cleanup $type = strtolower(substr($file->filename, strrpos($file->filename, ".") + 1)); if ($file->name == $name) { $ret['status'] = "SUCCESS"; - if (\Classes\SettingsManager::getInstance()->getSetting("Files: Upload Files to S3") == '1') { - $uploadFilesToS3Key = \Classes\SettingsManager::getInstance()->getSetting("Files: Amazon S3 Key for File Upload"); - $uploadFilesToS3Secret = \Classes\SettingsManager::getInstance()->getSetting("Files: Amazone S3 Secret for File Upload"); + $file->ext = explode('.', $file->filename)[1]; + if (SettingsManager::getInstance()->getSetting("Files: Upload Files to S3") == '1') { + $uploadFilesToS3Key = SettingsManager::getInstance()->getSetting("Files: Amazon S3 Key for File Upload"); + $uploadFilesToS3Secret = SettingsManager::getInstance()->getSetting("Files: Amazon S3 Secret for File Upload"); $s3FileSys = new \Classes\S3FileSystem($uploadFilesToS3Key, $uploadFilesToS3Secret); - $s3WebUrl = \Classes\SettingsManager::getInstance()->getSetting("Files: S3 Web Url"); + $s3WebUrl = SettingsManager::getInstance()->getSetting("Files: S3 Web Url"); $fileUrl = $s3WebUrl . CLIENT_NAME . "/" . $file->filename; $fileUrl = $s3FileSys->generateExpiringURL($fileUrl); $file->filename = $fileUrl; } else { - $file->filename = CLIENT_BASE_URL . 'data/' . $file->filename; + $file->filename = \Classes\FileService::getInstance()->getLocalSecureUrl($file->filename); } - $ret['data'] = $file; + $ret['data'] = BaseService::getInstance()->cleanUpAll($file); } else { $ret['status'] = "ERROR"; } @@ -193,21 +197,49 @@ try {// Domain aware input cleanup $fileName = $_REQUEST['file']; $fileName = str_replace("..", "", $fileName); $fileName = str_replace("/", "", $fileName); - $fileName = CLIENT_BASE_PATH . 'data/' . $fileName; - if (!file_exists($fileName)) { + + $file = new File(); + $file->Load('name = ?', array($fileName)); + + if ($fileName !== $file->name) { + $file->Load('filename = ?', array($fileName)); + } + + if (empty($file->id)) { exit; } + + if (!file_exists(CLIENT_BASE_PATH . 'data/' . $file->filename)) { + exit; + } + + $extension = explode('.', $file->filename)[1]; + header('Content-Description: File Transfer'); - header('Content-Type: application/octet-stream'); - header('Content-Disposition: attachment; filename=' . basename($fileName)); - header('Content-Transfer-Encoding: binary'); - header('Expires: 0'); - header('Cache-Control: must-revalidate'); - header('Pragma: public'); - header('Content-Length: ' . filesize($fileName)); + if ('png' === $extension) { + header('Content-Type: image/png'); + } elseif ('gif' === $extension) { + header('Content-Type: image/png'); + } elseif ('jpg' === $extension || 'jpeg' === $extension) { + header('Content-Type: image/jpeg'); + } elseif ('pdf' === $extension) { + header('Content-Type: application/pdf'); + } elseif ('xml' === $extension) { + header('Content-Type: application/xml'); + } else { + header('Content-Type: application/octet-stream'); + header('Content-Transfer-Encoding: binary'); + header('Expires: 0'); + header('Cache-Control: must-revalidate'); + header('Pragma: public'); + } + + header('Content-Disposition: attachment; filename=' . basename($file->filename)); + + header('Content-Length: ' . filesize(CLIENT_BASE_PATH . 'data/' . $file->filename)); ob_clean(); flush(); - readfile($fileName); + readfile(CLIENT_BASE_PATH . 'data/' . $file->filename); exit; } else if ($action == 'rsp') { // linked clicked from password change email @@ -305,13 +337,31 @@ try {// Domain aware input cleanup } } } - try { - echo BaseService::getInstance()->safeJsonEncode($ret); - } catch (Exception $e) { - LogManager::getInstance()->error($e->getMessage()); - LogManager::getInstance()->notifyException($e); - echo json_encode(['status' => 'Error']); + + if ($action == 'pdf') { + $data = $_REQUEST['data']; + $hash = $_REQUEST['h']; + PDFRegister::init(); + $callback = PDFRegister::get($hash); + if (empty($callback) || !$callback($data)->granted()) { + $ret['status'] = "ERROR"; + $ret['message'] = "Invalid request"; + } else { + $pdfBuilder = $callback($data); + $pdf = $pdfBuilder->createPdf(); + $pdf->SetAuthor(SettingsManager::getInstance()->getSetting('Company: Name')); + $pdf->Output(); + } + } else { + try { + echo BaseService::getInstance()->safeJsonEncode($ret); + } catch (Exception $e) { + LogManager::getInstance()->error($e->getMessage()); + LogManager::getInstance()->notifyException($e); + echo json_encode(['status' => 'Error']); + } } + } catch (IceHttpException $e) { http_response_code($e->getCode()); echo json_encode(['message' => $e->getMessage()]);