3 +--------------------------------------------------------------------+
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2019 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2019
35 class CRM_Core_Page_File
extends CRM_Core_Page
{
40 public function run() {
41 $action = CRM_Utils_Request
::retrieve('action', 'String', $this);
42 $download = CRM_Utils_Request
::retrieve('download', 'Integer', $this, FALSE, 1);
43 $disposition = $download == 0 ?
'inline' : 'download';
45 // Entity ID (e.g. Contact ID)
46 $entityId = CRM_Utils_Request
::retrieve('eid', 'Positive', $this, FALSE);
48 $fieldId = CRM_Utils_Request
::retrieve('fid', 'Positive', $this, FALSE);
50 $fileId = CRM_Utils_Request
::retrieve('id', 'Positive', $this, FALSE);
51 $fileName = CRM_Utils_Request
::retrieve('filename', 'String', $this, FALSE);
52 if (empty($fileName) && (empty($entityId) ||
empty($fileId))) {
53 CRM_Core_Error
::statusBounce("Cannot access file: Must pass either \"Filename\" or the combination of \"Entity ID\" + \"File ID\"");
56 if (empty($fileName)) {
57 $hash = CRM_Utils_Request
::retrieve('fcs', 'Alphanumeric', $this);
58 if (!CRM_Core_BAO_File
::validateFileHash($hash, $entityId, $fileId)) {
59 CRM_Core_Error
::statusBounce('URL for file is not valid');
62 list($path, $mimeType) = CRM_Core_BAO_File
::path($fileId, $entityId);
65 if (!CRM_Utils_File
::isValidFileName($fileName)) {
66 throw new CRM_Core_Exception("Malformed filename");
69 $path = CRM_Core_Config
::singleton()->customFileUploadDir
. $fileName;
73 CRM_Core_Error
::statusBounce('Could not retrieve the file');
76 if (empty($mimeType)) {
77 $passedInMimeType = self
::convertBadMimeAliasTypes(CRM_Utils_Request
::retrieveValue('mime-type', 'String', $mimeType, FALSE));
78 if (!in_array($passedInMimeType, explode(',', Civi
::settings()->get('requestableMimeTypes')))) {
79 throw new CRM_Core_Exception("Supplied mime-type is not accepted");
81 $extension = CRM_Utils_File
::getExtensionFromPath($path);
82 $candidateExtensions = CRM_Utils_File
::getAcceptableExtensionsForMimeType($passedInMimeType);
83 if (!in_array(strtolower($extension), array_map('strtolower', $candidateExtensions))) {
84 throw new CRM_Core_Exception("Supplied mime-type does not match file extension");
86 // Now that we have validated mime-type supplied as much as possible lets now set the MimeType variable/
87 $mimeType = $passedInMimeType;
90 $buffer = file_get_contents($path);
92 CRM_Core_Error
::statusBounce('The file is either empty or you do not have permission to retrieve the file');
95 if ($action & CRM_Core_Action
::DELETE
) {
96 if (CRM_Utils_Request
::retrieve('confirmed', 'Boolean')) {
97 CRM_Core_BAO_File
::deleteFileReferences($fileId, $entityId, $fieldId);
98 CRM_Core_Session
::setStatus(ts('The attached file has been deleted.'), ts('Complete'), 'success');
100 $session = CRM_Core_Session
::singleton();
101 $toUrl = $session->popUserContext();
102 CRM_Utils_System
::redirect($toUrl);
106 CRM_Utils_System
::download(
107 CRM_Utils_File
::cleanFileName(basename($path)),
118 * Translate one mime type to another.
120 * Certain non-standard/weird MIME types have been common. Unfortunately, because
121 * of the way this controller is used, the weird types may baked-into URLs.
122 * We clean these up for compatibility.
124 * @param string $type
129 protected static function convertBadMimeAliasTypes($type) {
131 // Before PNG format was ubiquitous, it was image/x-png?
132 'image/x-png' => 'image/png',
134 // People see "image/gif" and "image/png" and wrongly guess "image/jpg"?
135 'image/jpg' => 'image/jpeg',
136 'image/tif' => 'image/tiff',
137 'image/svg' => 'image/svg+xml',
139 // StackExchange attributes "pjpeg" to some quirk in an old version of IE?
140 'image/pjpeg' => 'image/jpeg',
143 return isset($badTypes[$type]) ?
$badTypes[$type] : $type;