1 | <?php |
||
2 | |||
3 | /* |
||
4 | * @copyright 2014 Mautic Contributors. All rights reserved |
||
5 | * @author Mautic |
||
6 | * |
||
7 | * @link http://mautic.org |
||
8 | * |
||
9 | * @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html |
||
10 | */ |
||
11 | |||
12 | namespace Mautic\AssetBundle\Controller; |
||
13 | |||
14 | use Mautic\CoreBundle\Controller\FormController as CommonFormController; |
||
15 | use Symfony\Component\HttpFoundation\RedirectResponse; |
||
16 | use Symfony\Component\HttpFoundation\Response; |
||
17 | |||
18 | class PublicController extends CommonFormController |
||
0 ignored issues
–
show
Deprecated Code
introduced
by
Loading history...
|
|||
19 | { |
||
20 | /** |
||
21 | * @param string $slug |
||
22 | * |
||
23 | * @return Response |
||
24 | */ |
||
25 | public function downloadAction($slug) |
||
26 | { |
||
27 | //find the asset |
||
28 | $security = $this->get('mautic.security'); |
||
29 | |||
30 | /** @var \Mautic\AssetBundle\Model\AssetModel $model */ |
||
31 | $model = $this->getModel('asset'); |
||
32 | |||
33 | /** @var \Mautic\AssetBundle\Entity\Asset $entity */ |
||
34 | $entity = $model->getEntityBySlugs($slug); |
||
35 | |||
36 | if (!empty($entity)) { |
||
37 | $published = $entity->isPublished(); |
||
38 | |||
39 | //make sure the asset is published or deny access if not |
||
40 | if ((!$published) && (!$security->hasEntityAccess('asset:assets:viewown', 'asset:assets:viewother', $entity->getCreatedBy()))) { |
||
41 | $model->trackDownload($entity, $this->request, 401); |
||
42 | |||
43 | return $this->accessDenied(); |
||
44 | } |
||
45 | |||
46 | //make sure URLs match up |
||
47 | $url = $model->generateUrl($entity, false); |
||
48 | $requestUri = $this->request->getRequestUri(); |
||
49 | //remove query |
||
50 | $query = $this->request->getQueryString(); |
||
51 | |||
52 | if (!empty($query)) { |
||
53 | $requestUri = str_replace("?{$query}", '', $url); |
||
54 | } |
||
55 | |||
56 | //redirect if they don't match |
||
57 | if ($requestUri != $url) { |
||
58 | $model->trackDownload($entity, $this->request, 301); |
||
59 | |||
60 | return $this->redirect($url, 301); |
||
61 | } |
||
62 | |||
63 | if ($entity->isRemote()) { |
||
64 | $model->trackDownload($entity, $this->request, 200); |
||
65 | |||
66 | // Redirect to remote URL |
||
67 | $response = new RedirectResponse($entity->getRemotePath()); |
||
68 | } else { |
||
69 | try { |
||
70 | //set the uploadDir |
||
71 | $entity->setUploadDir($this->get('mautic.helper.core_parameters')->get('upload_dir')); |
||
72 | $contents = $entity->getFileContents(); |
||
73 | $model->trackDownload($entity, $this->request, 200); |
||
74 | } catch (\Exception $e) { |
||
75 | $model->trackDownload($entity, $this->request, 404); |
||
76 | |||
77 | return $this->notFound(); |
||
78 | } |
||
79 | |||
80 | $response = new Response(); |
||
81 | |||
82 | if ($entity->getDisallow()) { |
||
83 | $response->headers->set('X-Robots-Tag', 'noindex, nofollow, noarchive'); |
||
84 | } |
||
85 | |||
86 | $response->headers->set('Content-Type', $entity->getFileMimeType()); |
||
87 | |||
88 | $stream = $this->request->get('stream', 0); |
||
89 | if (!$stream) { |
||
90 | $response->headers->set('Content-Disposition', 'attachment;filename="'.$entity->getOriginalFileName()); |
||
91 | } |
||
92 | $response->setContent($contents); |
||
93 | } |
||
94 | |||
95 | return $response; |
||
96 | } |
||
97 | |||
98 | $model->trackDownload($entity, $this->request, 404); |
||
99 | |||
100 | return $this->notFound(); |
||
101 | } |
||
102 | } |
||
103 |