aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Attach.php50
-rw-r--r--view/js/mod_cloud.js38
2 files changed, 66 insertions, 22 deletions
diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php
index e012b1449..0bf7689be 100644
--- a/Zotlabs/Module/Attach.php
+++ b/Zotlabs/Module/Attach.php
@@ -3,6 +3,7 @@ namespace Zotlabs\Module;
use ZipArchive;
use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Verify;
require_once('include/security.php');
require_once('include/attach.php');
@@ -32,34 +33,31 @@ class Attach extends Controller {
if (! is_dir($zip_dir))
mkdir($zip_dir, STORAGE_DEFAULT_PERMISSIONS, true);
- $rnd = random_string(10);
+ $token = random_string(32);
- $zip_file = 'download_' . $rnd . '.zip';
+ $zip_file = 'download_' . $token . '.zip';
$zip_path = $zip_dir . '/' . $zip_file;
$zip = new ZipArchive();
if ($zip->open($zip_path, ZipArchive::CREATE) === true) {
- $filename = self::zip_archive_handler($zip, $attach_ids, $attach_path);
+ $zip_filename = self::zip_archive_handler($zip, $attach_ids, $attach_path);
$zip->close();
- header('Content-Type: application/zip');
- header('Content-Disposition: attachment; filename="' . $filename . '"');
- header('Content-Length: ' . filesize($zip_path));
+ $meta = [
+ 'zip_filename' => $zip_filename,
+ 'zip_path' => $zip_path
+ ];
- $istream = fopen($zip_path, 'rb');
- $ostream = fopen('php://output', 'wb');
+ Verify::create('zip_token', 0, $token, json_encode($meta));
- if ($istream && $ostream) {
- pipe_streams($istream,$ostream);
- fclose($istream);
- fclose($ostream);
- }
+ json_return_and_die([
+ 'success' => true,
+ 'token' => $token
+ ]);
- unlink($zip_path);
- killme();
}
}
}
@@ -71,6 +69,28 @@ class Attach extends Controller {
return;
}
+ if(argv(1) === 'download') {
+
+ $token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : '');
+ $meta = Verify::get_meta('zip_token', 0, $token);
+ $meta = json_decode($meta, true);
+
+ header('Content-Type: application/zip');
+ header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"');
+ header('Content-Length: ' . filesize($meta['zip_path']));
+
+ $istream = fopen($meta['zip_path'], 'rb');
+ $ostream = fopen('php://output', 'wb');
+ if($istream && $ostream) {
+ pipe_streams($istream,$ostream);
+ fclose($istream);
+ fclose($ostream);
+ }
+
+ unlink($meta['zip_path']);
+ killme();
+ }
+
$r = attach_by_hash(argv(1),get_observer_hash(),((argc() > 2) ? intval(argv(2)) : 0));
if(! $r['success']) {
diff --git a/view/js/mod_cloud.js b/view/js/mod_cloud.js
index 516284d9b..35a28d3b9 100644
--- a/view/js/mod_cloud.js
+++ b/view/js/mod_cloud.js
@@ -67,12 +67,21 @@ $(document).ready(function () {
close_and_deactivate_all_panels();
- // some trickery to trigger download action via ajax
- let form = $('<form></form>').attr('action', 'attach').attr('method', 'post');
- form.append($("<input></input>").attr('type', 'hidden').attr('name', 'attach_path').attr('value', window.location.pathname));
- form.append($("<input></input>").attr('type', 'hidden').attr('name', 'channel_id').attr('value', channelId));
- form.append($("<input></input>").attr('type', 'hidden').attr('name', 'attach_ids[]').attr('value', id));
- form.appendTo('body').submit().remove();
+ $('body').css('cursor', 'wait');
+
+ let data = [
+ {name: 'attach_path', value: window.location.pathname},
+ {name: 'channel_id', value: channelId},
+ {name: 'attach_ids[]', value: id}
+ ]
+
+ $.post('attach', data, function (data) {
+ if (data.success) {
+ $('body').css('cursor', 'auto');
+ window.location.href = '/attach/download?token=' + data.token;
+ }
+ });
+
});
$('.cloud-tool-delete-btn').on('click', function (e) {
@@ -277,7 +286,7 @@ $(document).ready(function () {
$('#cloud-multi-tool-download-btn').on('click', function (e) {
e.preventDefault();
- let post_data = $('.cloud-multi-tool-checkbox:checked');
+ let post_data = $('.cloud-multi-tool-checkbox:checked').serializeArray();
if(! post_data.length) {
return false;
@@ -285,6 +294,20 @@ $(document).ready(function () {
close_and_deactivate_all_panels();
+ $('body').css('cursor', 'wait');
+
+ post_data.push(
+ {name: 'attach_path', value: window.location.pathname},
+ {name: 'channel_id', value: channelId},
+ );
+
+ $.post('attach', post_data, function (data) {
+ if (data.success) {
+ $('body').css('cursor', 'auto');
+ window.location.href = '/attach/download?token=' + data.token;
+ }
+ });
+/*
// some trickery to trigger download action via ajax
var form = $('<form></form>').attr('action', 'attach').attr('method', 'post');
form.append($("<input></input>").attr('type', 'hidden').attr('name', 'attach_path').attr('value', window.location.pathname));
@@ -293,6 +316,7 @@ $(document).ready(function () {
form.append($("<input></input>").attr('type', 'hidden').attr('name', 'attach_ids[]').attr('value', this.value));
});
form.appendTo('body').submit().remove();
+*/
});
$('#cloud-multi-tool-delete-btn').on('click', function (e) {