Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/mautic.corals.io/app/bundles/AssetBundle/Controller/ |
<?php
namespace Mautic\AssetBundle\Controller;
use Mautic\CoreBundle\Controller\FormController as CommonFormController;
use Mautic\CoreBundle\Helper\CoreParametersHelper;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
class PublicController extends CommonFormController
{
/**
* @param string $slug
*
* @return Response
*/
public function downloadAction(Request $request, CoreParametersHelper $parametersHelper, $slug)
{
// find the asset
/** @var \Mautic\AssetBundle\Model\AssetModel $model */
$model = $this->getModel('asset');
/** @var \Mautic\AssetBundle\Entity\Asset $entity */
$entity = $model->getEntityBySlugs($slug);
if (!empty($entity)) {
$published = $entity->isPublished();
// make sure the asset is published or deny access if not
if ((!$published) && (!$this->security->hasEntityAccess('asset:assets:viewown', 'asset:assets:viewother', $entity->getCreatedBy()))) {
$model->trackDownload($entity, $request, 401);
return $this->accessDenied();
}
// make sure URLs match up
$url = $model->generateUrl($entity, false);
$requestUri = $request->getRequestUri();
// remove query
$query = $request->getQueryString();
if (!empty($query)) {
$requestUri = str_replace("?{$query}", '', $url);
}
// redirect if they don't match
if ($requestUri != $url) {
$model->trackDownload($entity, $request, 301);
return $this->redirect($url, 301);
}
if ($entity->isRemote()) {
$model->trackDownload($entity, $request, 200);
// Redirect to remote URL
$response = new RedirectResponse($entity->getRemotePath());
} else {
try {
// set the uploadDir
$entity->setUploadDir($parametersHelper->get('upload_dir'));
$contents = $entity->getFileContents();
$model->trackDownload($entity, $request, 200);
} catch (\Exception) {
$model->trackDownload($entity, $request, 404);
return $this->notFound();
}
$response = new Response();
if ($entity->getDisallow()) {
$response->headers->set('X-Robots-Tag', 'noindex, nofollow, noarchive');
}
$response->headers->set('Content-Type', $entity->getFileMimeType());
// Display the file directly in the browser just for selected extensions
$stream = $request->get('stream', in_array($entity->getExtension(), $this->coreParametersHelper->get('streamed_extensions')));
if (!$stream) {
$response->headers->set('Content-Disposition', 'attachment;filename="'.$entity->getOriginalFileName());
}
$response->setContent($contents);
}
return $response;
}
$model->trackDownload($entity, $request, 404);
return $this->notFound();
}
}