extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-25 09:23:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use server's temp directory instead of /tmp

Browse Source 
Only pass filename, entire path is not needed (and a security issue)
This commit is contained in:
Nathan Gray 2010-11-05 19:29:45 +00:00
parent de9689e928
commit 5fc2ffaba6
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
importexport/inc/class.importexport_export_ui.inc.php
View File

@ -222,7 +222,7 @@ class importexport_export_ui {
return $response->getXML();
}
$tmpfname = tempnam('/tmp','export');
$tmpfname = tempnam($GLOBALS['egw_info']['server']['temp_dir'],'export');
$file = fopen($tmpfname, "w+");
if (! $charset = $definition->plugin_options['charset']) {
$charset = $GLOBALS['egw']->translation->charset();
@ -232,8 +232,9 @@ class importexport_export_ui {
if($_content['export'] == 'pressed') {
fclose($file);
$filename = pathinfo($tmpfname, PATHINFO_FILENAME);
$response->addScript("xajax_eT_wrapper();");
$response->addScript("opener.location.href='". $GLOBALS['egw']->link('/index.php','menuaction=importexport.importexport_export_ui.download&_filename='. $tmpfname.'&_appname='. $definition->application). "&_suffix=". $plugin_object->get_filesuffix(). "&_type=".$plugin_object->get_mimetype() ."';");
$response->addScript("opener.location.href='". $GLOBALS['egw']->link('/index.php','menuaction=importexport.importexport_export_ui.download&_filename='. $filename.'&_appname='. $definition->application). "&_suffix=". $plugin_object->get_filesuffix(). "&_type=".$plugin_object->get_mimetype() ."';");
$response->addScript('window.setTimeout("window.close();", 100);');
return $response->getXML();
}
@ -417,17 +418,19 @@ class importexport_export_ui {
*/
public function download($_tmpfname = '') {
$tmpfname = $_tmpfname ? $_tmpfname : $_GET['_filename'];
$tmpfname = $GLOBALS['egw_info']['server']['temp_dir'] .'/'. $tmpfname;
if (!is_readable($tmpfname)) die();
$appname = $_GET['_appname'];
$nicefname = 'egw_export_'.$appname.'-'.date('Y-m-d');
// Turn off all output buffering
while (@ob_end_clean());
header('Content-type: ' . $_GET['_type'] ? $_GET['_type'] : 'application/text');
header('Content-Disposition: attachment; filename="'.$nicefname.'.'.$_GET['_suffix'].'"');
$file = fopen($tmpfname,'r');
while(!feof($file))
echo fgets($file,1024);
fclose($file);
$file = fopen($tmpfname,'rb');
fpassthru($file);
unlink($tmpfname);
}