projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
(dev/core#1044) Extension/MIME matching should be case insensitive
[civicrm-core.git] / CRM / Core / Page / File.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2019 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2019
32 * $Id$
33 *
34 */
35 class CRM_Core_Page_File extends CRM_Core_Page {
36
37 /**
38 * Run page.
39 */
40 public function run() {
41 $action = CRM_Utils_Request::retrieve('action', 'String', $this);
42 $download = CRM_Utils_Request::retrieve('download', 'Integer', $this, FALSE, 1);
43 $disposition = $download == 0 ? 'inline' : 'download';
44
45 // Entity ID (e.g. Contact ID)
46 $entityId = CRM_Utils_Request::retrieve('eid', 'Positive', $this, FALSE);
47 // Field ID
48 $fieldId = CRM_Utils_Request::retrieve('fid', 'Positive', $this, FALSE);
49 // File ID
50 $fileId = CRM_Utils_Request::retrieve('id', 'Positive', $this, FALSE);
51 $fileName = CRM_Utils_Request::retrieve('filename', 'String', $this, FALSE);
52 if (empty($fileName) && (empty($entityId) || empty($fileId))) {
53 CRM_Core_Error::statusBounce("Cannot access file: Must pass either \"Filename\" or the combination of \"Entity ID\" + \"File ID\"");
54 }
55
56 if (empty($fileName)) {
57 $hash = CRM_Utils_Request::retrieve('fcs', 'Alphanumeric', $this);
58 if (!CRM_Core_BAO_File::validateFileHash($hash, $entityId, $fileId)) {
59 CRM_Core_Error::statusBounce('URL for file is not valid');
60 }
61
62 list($path, $mimeType) = CRM_Core_BAO_File::path($fileId, $entityId);
63 }
64 else {
65 if (!CRM_Utils_File::isValidFileName($fileName)) {
66 throw new CRM_Core_Exception("Malformed filename");
67 }
68 $mimeType = '';
69 $path = CRM_Core_Config::singleton()->customFileUploadDir . $fileName;
70 }
71
72 if (!$path) {
73 CRM_Core_Error::statusBounce('Could not retrieve the file');
74 }
75
76 if (empty($mimeType)) {
77 $passedInMimeType = self::convertBadMimeAliasTypes(CRM_Utils_Request::retrieveValue('mime-type', 'String', $mimeType, FALSE));
78 if (!in_array($passedInMimeType, explode(',', Civi::settings()->get('requestableMimeTypes')))) {
79 throw new CRM_Core_Exception("Supplied mime-type is not accepted");
80 }
81 $extension = CRM_Utils_File::getExtensionFromPath($path);
82 $candidateExtensions = CRM_Utils_File::getAcceptableExtensionsForMimeType($passedInMimeType);
83 if (!in_array(strtolower($extension), array_map('strtolower', $candidateExtensions))) {
84 throw new CRM_Core_Exception("Supplied mime-type does not match file extension");
85 }
86 // Now that we have validated mime-type supplied as much as possible lets now set the MimeType variable/
87 $mimeType = $passedInMimeType;
88 }
89
90 $buffer = file_get_contents($path);
91 if (!$buffer) {
92 CRM_Core_Error::statusBounce('The file is either empty or you do not have permission to retrieve the file');
93 }
94
95 if ($action & CRM_Core_Action::DELETE) {
96 if (CRM_Utils_Request::retrieve('confirmed', 'Boolean')) {
97 CRM_Core_BAO_File::deleteFileReferences($fileId, $entityId, $fieldId);
98 CRM_Core_Session::setStatus(ts('The attached file has been deleted.'), ts('Complete'), 'success');
99
100 $session = CRM_Core_Session::singleton();
101 $toUrl = $session->popUserContext();
102 CRM_Utils_System::redirect($toUrl);
103 }
104 }
105 else {
106 CRM_Utils_System::download(
107 CRM_Utils_File::cleanFileName(basename($path)),
108 $mimeType,
109 $buffer,
110 NULL,
111 TRUE,
112 $disposition
113 );
114 }
115 }
116
117 /**
118 * Translate one mime type to another.
119 *
120 * Certain non-standard/weird MIME types have been common. Unfortunately, because
121 * of the way this controller is used, the weird types may baked-into URLs.
122 * We clean these up for compatibility.
123 *
124 * @param string $type
125 * Ex: 'image/jpg'
126 * @return string
127 * Ex: 'image/jpeg'.
128 */
129 protected static function convertBadMimeAliasTypes($type) {
130 $badTypes = [
131 // Before PNG format was ubiquitous, it was image/x-png?
132 'image/x-png' => 'image/png',
133
134 // People see "image/gif" and "image/png" and wrongly guess "image/jpg"?
135 'image/jpg' => 'image/jpeg',
136 'image/tif' => 'image/tiff',
137 'image/svg' => 'image/svg+xml',
138
139 // StackExchange attributes "pjpeg" to some quirk in an old version of IE?
140 'image/pjpeg' => 'image/jpeg',
141
142 ];
143 return isset($badTypes[$type]) ? $badTypes[$type] : $type;
144 }
145
146 }