Blame view

pub/im.file.php 6.64 KB
2fe1e5ce8   Андрей Ларионов   Первый коммит на ...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
  <?php
  use \Bitrix\Main\Error,
  	\Bitrix\Main\Result;
  
  define('IM_AJAX_INIT', true);
  define('PUBLIC_AJAX_MODE', true);
  define('NO_KEEP_STATISTIC', 'Y');
  define('NO_AGENT_STATISTIC', 'Y');
  define('NO_AGENT_CHECK', true);
  define('DisableEventsCheck', true);
  define('STOP_STATISTICS', true);
  
  require_once $_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/main/include/prolog_before.php';
  
  if(
  	!\Bitrix\Main\Loader::includeModule('disk')
  	|| !\Bitrix\Main\Loader::includeModule('im')
  )
  {
  	die;
  }
  $request = Bitrix\Main\Application::getInstance()->getContext()->getRequest();
  $result = new Result();
  
  if ($request->get('FILE_ID') && $request->get('SIGN'))
  {
  	$diskFileId = (int)$request->get('FILE_ID');
  	$sign = htmlspecialcharsbx($request->get('SIGN'));
  
  	try
  	{
  		$signer = new \Bitrix\Main\Security\Sign\Signer;
  		$signKey = \CIMDisk::GetFileLinkSign();
  		if (is_string($signKey))
  		{
  			$signer->setKey($signKey);
  		}
  		$sign = (int)$signer->unsign($sign);
  	}
  	catch (\Bitrix\Main\Security\Sign\BadSignatureException $e)
  	{
  		try
  		{
  			$signer = new \Bitrix\Main\Security\Sign\Signer;
  			$sign = (int)$signer->unsign($sign);
  		}
  		catch (\Bitrix\Main\Security\Sign\BadSignatureException $e)
  		{
  		}
  	}
  
  	if ($diskFileId === $sign)
  	{
  		$file = \Bitrix\Disk\File::getById($diskFileId);
  		if ($file !== null)
  		{
  			$fileId = $file->getFileId();
  			CFile::ViewByUser($fileId);
  		}
  		else
  		{
  			$result->addError(new Error('Missing file'));
  			if ($request->get('img') === 'y')
  			{
  				$errorImageSrc = 'iVBORw0KGgoAAAANSUhEUgAAAEsAAABiCAYAAAAY7S4UAAAN7UlEQVR4Xu1cSW8jxxV+FLvZ3LRL1D4URa1jA0Fix2M7mLEdG7GDBDkFvsVAcs09h/yBHPIHcsshtwD5AT4HyC2HADPSaCe1UhupjVs3yQ6+onrcprq7qlqUbUh8wICSWN1V9fXrV+99770J7OdOTHqAsru395f33/3xn9u5tcBDBevV8iqFw+qfXnz47K/tAuxBg2Wa1FDU4B8/ffHB39oB2IMGCwCZplk3qf77Lz79+B93BezBgwWAGg1T7+2J/u6D9975510AexRgNQHq0uO92m8+fOedr/0C9ojAIgoEAmU1qnz+8bNn//YD2KMCi9kwoitVNT/5+fPn/5UF7NGBxWyYSflazfjo159/8lIGsEcJFgBSgsphVIu89/77P9oTBezRggWAgoFgVg1qP33x4icnIoA9arDYGUldq/nT0LMvv3z3ggfYower6bjS/472iz/76qvPi16AdcC6QcekwH9+8cmHLwKBQN0NsA5YNmRURf364+fv/coNsA5YLWp0A9gvA4HALeqqA5bDO9cVDP7rs48++G3rVx2wXAxUwzT//sWnz/9g/7oDlsfx19MT+xbb2gGL41zZ2dYOWByw7GxrByye225jWx8sWMVrT2dcAKJvDzEbjd0HC5Y0GgIXdMASAMka0gGrA5YEAhJDO5rVAUsCAYmhHc3qgCWBgMTQ71yzdKNGhq6Toiikqgp1dXVJLPf7HXovYNVqNarqOulVg6p6lXRdp4puMJDMG0ptZHiIhocHv9/dS87uG6xarU66oVO12vwHQHS9CY4FiNNaVEUlk0ymUfOzKanlXl5d0/n5xY1WqqQEg6SoQVIVhYIKPlWp+8kO9gSrUW80NcQwqFJpagj+VXWDGo2G61x4vbRQiEIhlTRNo5CqUkgLkRbCZgJ0cXlFu3sHlE4lKRIJC6/Zus7rAjyEJngKqUqQfYZafmd/DyoUCAhPzQZ6grW8ukGNunOy4xtAQqRpTWBCoRBpqooKDM9VmKZJK6/Xqb+/j8ZGE8IrLpXKtJXZoYGBfmo06lSv1alWb/7Dz14P0GmSri5oY5BpqnLzmUgMUdDFjnqCtbmdIdMMUDQSZoBAW1RoSygkvEG3gfsHR3R1dUWLC7PC94JWr21s09xsynENeP3xcBmAtRrVrZ/xaXzzO/u70RzHSkVs8nRxzvXQ8QRrd/+QumNR6uvrFd6Q6MBiqUzbmR1KPpmg7nhc6DKYheXVdUolpygWiwpdwxtUbzSoUatT1TBoZ2ePni7Nu17iCdbRySkDfiQxxJvT1/ev1zYpHovS5MSY8PUvl1dpcny07Q8Qdjib3aX5uRl/YBXOL+j6ukhTk+PCm5EZeHR8QqdnBVpamBX2t1bXt2igr7ftbkepVKLc0QnNpJL+wCqVy3SYO2an1n2IZYOgWX29PUJTbG5lKRLRaHxsVGi86CCctOcXl5ScmvAHFowkDCqM3n0JDhEc49NPJoWmyO7us0qOpOB4oZsS0Vn+nCqVCk2Muz8ErlO6/HqdFmZnmNN3H4LXMHd0TIvzaXaE8+TgMEelUoVm09O8oVLfH5+ckWk2aCQx7E+zcNXGVobGx0YoGolITS46GNoLQz86kqChwX7uZTh0oAVPPVwOaIiqhigYFI87Dw6PmHs0OOC+Bq5m7ewdUE93XNimcHfrMCCzs0f1eo3SKb625PMFOsgdM9NgD8IRZezv56hYKr2ZIRaN0nBikOJRvpuBiKKnp5t6e7r9axZOrECgixL3GPTCsO7tH7JYEVGAl1ghz3w6xUIoCDRpO7tL9bpzCCbiaiAySAwPMVfGTbiaBfehWCxJ+UKy2oUwZWV1g72GXjYD97VCnunkFNsYAFrb2HQFCtfgdUzPTLMY1U3WNrcpOTFOWljzDxY8bfgf6dQTWQykxkOzroslZui9xHI3cGr19/USmIgdnJAcQRQCDXOTldV1mk97H2RczTJqNWbkl+bFYzjewp2+h/ML2zUzPUVRDxuDIPzVyholEsOUGBqg45NTwknGk1gsQqmkywM3TXq5skZvP13wvA0XLFyNEGNpcc41GuctVOR7gIBTEQYWp6+XLL9eo97eXpoYG2kLWIZRI/h7ixyFEAILmjUxPkYRj/dZBBDeGEQLhYsLerrg7QTDUQY3BscUZODeQY53a3ZAwYA7Cbg63GN2xjtSEQIL7gOeuNexyl2twADrVESsGAy6O8E4uXAozM40XQ3Ei4ZhuM4AfiqddjfwV9fXdHZ2TtNJ7yhCCCwY+K5gFyWG7pczv7i4JNBCiwtptIu4bh4+0XWp9MaOMtchs0ugW5yE5zqInvhCYOULF+zInpxob/DaujHrZFuYS7PMj5vsH+QIG7QbZDileI1LxdIb0GDUh+E7cZxShFzQTB5rKwQWnuLx8SnNTN+v+3B1dU0IlMEpeflE29kdglGen3XmnqBp4bA4t483J6h00fCg95sjBBZyfVsCp4WAWfIcAucXnvjc7MxNcsN5OIJ7OKRPPOgUmbXAuMejES6hKASW5T68tbTAy0XIrPHWWItqnpuZdvWk4fetrm2+8bPuNOHNxfDvBvv7qbs7dnc/C3dY38wwmxWRUO/WmfF6HOZOaGx02PE1Adm4tb1D6Zmk6zw4ubI7+5ScmuRuThRI5hqNjXLTcsKaBVsCNtOv+4AYDrYGPg1itbGRxC21L5erzDn0yieenuYpd3xCC/Nplh9sh0BTZ1JPSPWIHTGPMFiHR8cst8Yzgm6Lh12AA2mXvt5edgJZvFOlWqWNzQxbuBt/hhgSp2Y72VsW6oAN5uQ7hcEC4VatVnxx315edjissQAXp5de1QnRP2I4HPtOglcGjKooDc3TPMZarG+ycI4nwmBdF4t0epKn6ekp3j2/9T2Pa8Jg67WMxqK0tr7lmhdE/Li8skaDgwM0OuJO/8osEHUa2d09VzfEfi9hsOD0ISkKh1FU8NSgCV6hiP1eYCovL69cE6/VSpXWtzIsNefXdrauHScwCE4RH1IYLD/uAw4FOJqyAuM/6MDHWyzpXDrF+PJ2CO6JBySSG5UCS4RNtDZgZW38bAha47R4aMDJaZ7eWprH//7h59a3rgGnX9F1Gh/1poWkTkMMbjpvfdTd7V2bADu1sZX1vRk3sOBfIbHhlTWWnRTkIcqgRHIMUpqFQBUxm9MrYi1S1k45bQ7ZJKdQBlRMPB5jpF+75CB3ROGQRgMDfdxbSoF1li+w4jYvlYXjWSyWuRN7DXACC/wVYkKwqAP9/I2JLkCGq5MCi0eSifLhvI10x2O30vNWKNTqsOKU9mIoeHOBSBxNDHny/tY9pMCCVmWze45lOaBxMpld3tqEvncCq3B+TiiAsxt3OLuILOZn01LZZ/si4NchrYbKRZ5IgYXKulcrq+TEPqDs0Y2p5C2i9ft4LHaL4j04PKZiqUhwGyyx6GREAfD6ZdL11j2w7vk5MbClwMIESBZMT028yQZbk7bDVln3AleFp20XOMQIcyyXojWEQpwpzeQiBfZ6nd72qPazr0EaLDfux68D6qR1KIFEKaRdkCtE7fzQ0AD7s1OSAkUdPGrYfk+QmtuZrHBUIg0WXgdNU29Vm7TLuGMzsWiEUjYKG5tCsIvsC15Rr8Ccl5ywgwVK6CB3KFSQguukwTrNF1inxFiLxyuavxOxX61gWdy8lSLjpb6Q/xPh4HHffOFcuDBOGqzL6yIV8oVbE7TzNASXBRfBkpOzPMHHW5xLCyVVYejxGvMAwwO+LopnraTBcqM04LmjuKIdgrp7e0gDwg/3Rxk4T6us+UVOSLCuqIkfEaR7pMHych9QE9EOAc8PHt4SsKfdPXHWvSGSqrcDZmWtndYFHy2keIdvdzoNrZMolZy8VXjWLvcBNRWop4JYhB9qLVAiKcqNWZv0cimgsYg1RSulpTULi0Bub3hwgE1kl3a4D7A3Wkh7Y7MsXh5uAeyWH3GrV4UbNDTQf2sfbnP4Amv/8IgiWog1HNlF1H0Av44mI2gQ4jolpFJECzMPHDQMPq2uC5BzSNeDvnIrgxQB0MmlaFYHiaf3fIF1epYnJDvBaNrFch9QtRKOaK6AeG0ORR8Qy1MH4XdxccXa+O4ieABLLaVMSIHBNoqUlGNuX2AhFVUoXLDTyS548n7iM/s9ABb6tJ7ctMBkd/aoXKkQmkHvKq2VfTiQeNV+dzbw1WqVdnYPWCvbXQQcFWv+1I1m02dVp6tikeUMrbYQuApgMVE/CoGGWVpWKVdZ3yGkXPnmZzc+zQ4M2ufWN7elyj99aZblPog8FTAR8PhZe7BhEDI0bMO67mqDcHAgL2gRfuimCGvuVcReDwzOMkSBabCVHmA9IP7mJDo1fIGFyV+vb1J6upnyrjfqrHmc9UyjT7qCVuEq+5sXbYMaLNYBq4ZIC4eanzftwkhIoO1kK5NlFTOKqpAabHbsN1t6b/qigwortJOVYrnMyqhaA3av+/gGC5V2aCWBoffsl2ZgNLtfZbthkQU/zB1xcQCwVttus/9Zbbbz4qRVlWbjOXqlVZReNrNCqDKE7RVJgVkL8A2WVX2HI10FENAIgGJrIMfTv2vGCr3PRr3GDDwK2Oq1Guk1g/2OVl48MNgf0f5otLCgaQuQxeNxGpfo0fYNllFrHuX3/d8DcNXqZgA8faOGxvIaGTc90fD2LTCbQNfJWjcus2rpRefwDZboBD/EcbCx0EpURIv6WL79rB8iAN/Fmh6lZvkFtgOWBHIdsDpgSSAgMbSjWR2wJBCQGNrRLAmw/g9+pxl9BakXNwAAAABJRU5ErkJggg==';
  				header('Content-type: image/png');
  				echo base64_decode($errorImageSrc);
  			}
  		}
  	}
  	else
  	{
  		$result->addError(new Error('Wrong signature or file id'));
  	}
  }
  else
  {
  	$result->addError(new Error('Missing signature or file id'));
  }
  
  if (!$result->isSuccess())
  {
  	foreach ($result->getErrorMessages() as $errorMessage)
  	{
  		$lastError = $errorMessage;
  	}
  	CHTTP::SetStatus('403 Forbidden');
  	header("BX-File-Error: $lastError");
  }
  CMain::FinalActions();
  die();