Ajax
2 years ago
BackgroundProcessing
2 years ago
Dto
2 years ago
Entity
2 years ago
Exceptions
2 years ago
Interfaces
2 years ago
Job
2 years ago
Request
2 years ago
Service
2 years ago
Storage
2 years ago
Task
2 years ago
AfterRestore.php
3 years ago
BackupDeleter.php
3 years ago
BackupDownload.php
2 years ago
BackupFileIndex.php
2 years ago
BackupHeader.php
2 years ago
BackupProcessLock.php
2 years ago
BackupRepairer.php
3 years ago
BackupRetentionHandler.php
2 years ago
BackupScheduler.php
2 years ago
BackupServiceProvider.php
2 years ago
BackupValidator.php
2 years ago
FileHeader.php
2 years ago
FileHeaderAttribute.php
2 years ago
WithBackupIdentifier.php
2 years ago
wpstgBackupHeader.txt
3 years ago
BackupDownload.php
85 lines
| 1 | <?php |
| 2 | |
| 3 | namespace WPStaging\Backup; |
| 4 | |
| 5 | use WPStaging\Core\WPStaging; |
| 6 | use WPStaging\Framework\Facades\Sanitize; |
| 7 | use WPStaging\Framework\Security\Capabilities; |
| 8 | use WPStaging\Backup\Service\BackupsFinder; |
| 9 | use WPStaging\Framework\Adapter\Directory; |
| 10 | |
| 11 | class BackupDownload |
| 12 | { |
| 13 | /** |
| 14 | * @todo seems to be unused. Can we delete it? |
| 15 | * @return void |
| 16 | */ |
| 17 | public function listenDownload() |
| 18 | { |
| 19 | // Early bail: Not a download request. |
| 20 | if (!isset($_GET['wpstgBackupDownloadMd5'])) { |
| 21 | return; |
| 22 | } |
| 23 | |
| 24 | // Early bail: Not enough access to download. |
| 25 | if (!current_user_can((new Capabilities())->manageWPSTG())) { |
| 26 | die('Not enough access.'); |
| 27 | } |
| 28 | |
| 29 | // Early bail: Invalid nonce, request does not come from expected context. |
| 30 | if (!isset($_GET['wpstgBackupDownloadNonce']) || !wp_verify_nonce($_GET['wpstgBackupDownloadNonce'], 'wpstg_download_nonce')) { |
| 31 | die('Invalid nonce.'); |
| 32 | } |
| 33 | |
| 34 | // Early bail: Invalid MD5. |
| 35 | $wpstgMd5 = Sanitize::sanitizeString($_GET['wpstgBackupDownloadMd5']); |
| 36 | if (!isset($_GET['wpstgBackupDownloadMd5']) || !preg_match('/^[a-f0-9]{32}$/', $wpstgMd5)) { |
| 37 | die('Invalid MD5.'); |
| 38 | } |
| 39 | |
| 40 | try { |
| 41 | // Not using DI here since this runs on every request, so it can early bail without building dependencies. |
| 42 | $backup = WPStaging::getInstance()->getContainer()->make(BackupsFinder::class)->findBackupByMd5Hash($wpstgMd5); |
| 43 | } catch (\Exception $e) { |
| 44 | die($e->getMessage()); |
| 45 | } |
| 46 | |
| 47 | // Clean the outbut buffer to avoid issues with the file content |
| 48 | while (ob_get_level() > 0) { |
| 49 | ob_end_clean(); |
| 50 | } |
| 51 | |
| 52 | header('Content-Description: File Transfer'); |
| 53 | header('Content-Type: application/octet-stream'); |
| 54 | header('Content-Disposition: attachment; filename="' . $backup->getBasename() . '"'); |
| 55 | header('Expires: 0'); |
| 56 | header('Cache-Control: must-revalidate'); |
| 57 | header('Pragma: public'); |
| 58 | header('Content-Length: ' . $backup->getSize()); |
| 59 | readfile($backup->getPathname()); |
| 60 | exit; |
| 61 | } |
| 62 | |
| 63 | /** |
| 64 | * @return void |
| 65 | */ |
| 66 | public function deleteUnfinishedDownloads() |
| 67 | { |
| 68 | $dir = WPStaging::make(Directory::class)->getDownloadsDirectory(); |
| 69 | if (!is_dir($dir)) { |
| 70 | return; |
| 71 | } |
| 72 | |
| 73 | $extension = ".wpstg"; // Extension of the file created when download starts. |
| 74 | if ($dh = opendir($dir)) { |
| 75 | while (($file = readdir($dh)) !== false) { |
| 76 | if (strpos($file, $extension) !== false) { |
| 77 | unlink($dir . '/' . $file); |
| 78 | } |
| 79 | } |
| 80 | |
| 81 | closedir($dh); |
| 82 | } |
| 83 | } |
| 84 | } |
| 85 |