diff options
| -rw-r--r-- | Zotlabs/Module/Attach.php | 50 | ||||
| -rw-r--r-- | view/js/mod_cloud.js | 38 |
2 files changed, 66 insertions, 22 deletions
diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index e012b1449..0bf7689be 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -3,6 +3,7 @@ namespace Zotlabs\Module; use ZipArchive; use Zotlabs\Web\Controller; +use Zotlabs\Lib\Verify; require_once('include/security.php'); require_once('include/attach.php'); @@ -32,34 +33,31 @@ class Attach extends Controller { if (! is_dir($zip_dir)) mkdir($zip_dir, STORAGE_DEFAULT_PERMISSIONS, true); - $rnd = random_string(10); + $token = random_string(32); - $zip_file = 'download_' . $rnd . '.zip'; + $zip_file = 'download_' . $token . '.zip'; $zip_path = $zip_dir . '/' . $zip_file; $zip = new ZipArchive(); if ($zip->open($zip_path, ZipArchive::CREATE) === true) { - $filename = self::zip_archive_handler($zip, $attach_ids, $attach_path); + $zip_filename = self::zip_archive_handler($zip, $attach_ids, $attach_path); $zip->close(); - header('Content-Type: application/zip'); - header('Content-Disposition: attachment; filename="' . $filename . '"'); - header('Content-Length: ' . filesize($zip_path)); + $meta = [ + 'zip_filename' => $zip_filename, + 'zip_path' => $zip_path + ]; - $istream = fopen($zip_path, 'rb'); - $ostream = fopen('php://output', 'wb'); + Verify::create('zip_token', 0, $token, json_encode($meta)); - if ($istream && $ostream) { - pipe_streams($istream,$ostream); - fclose($istream); - fclose($ostream); - } + json_return_and_die([ + 'success' => true, + 'token' => $token + ]); - unlink($zip_path); - killme(); } } } @@ -71,6 +69,28 @@ class Attach extends Controller { return; } + if(argv(1) === 'download') { + + $token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : ''); + $meta = Verify::get_meta('zip_token', 0, $token); + $meta = json_decode($meta, true); + + header('Content-Type: application/zip'); + header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"'); + header('Content-Length: ' . filesize($meta['zip_path'])); + + $istream = fopen($meta['zip_path'], 'rb'); + $ostream = fopen('php://output', 'wb'); + if($istream && $ostream) { + pipe_streams($istream,$ostream); + fclose($istream); + fclose($ostream); + } + + unlink($meta['zip_path']); + killme(); + } + $r = attach_by_hash(argv(1),get_observer_hash(),((argc() > 2) ? intval(argv(2)) : 0)); if(! $r['success']) { diff --git a/view/js/mod_cloud.js b/view/js/mod_cloud.js index 516284d9b..35a28d3b9 100644 --- a/view/js/mod_cloud.js +++ b/view/js/mod_cloud.js @@ -67,12 +67,21 @@ $(document).ready(function () { close_and_deactivate_all_panels(); - // some trickery to trigger download action via ajax - let form = $('<form></form>').attr('action', 'attach').attr('method', 'post'); - form.append($("<input></input>").attr('type', 'hidden').attr('name', 'attach_path').attr('value', window.location.pathname)); - form.append($("<input></input>").attr('type', 'hidden').attr('name', 'channel_id').attr('value', channelId)); - form.append($("<input></input>").attr('type', 'hidden').attr('name', 'attach_ids[]').attr('value', id)); - form.appendTo('body').submit().remove(); + $('body').css('cursor', 'wait'); + + let data = [ + {name: 'attach_path', value: window.location.pathname}, + {name: 'channel_id', value: channelId}, + {name: 'attach_ids[]', value: id} + ] + + $.post('attach', data, function (data) { + if (data.success) { + $('body').css('cursor', 'auto'); + window.location.href = '/attach/download?token=' + data.token; + } + }); + }); $('.cloud-tool-delete-btn').on('click', function (e) { @@ -277,7 +286,7 @@ $(document).ready(function () { $('#cloud-multi-tool-download-btn').on('click', function (e) { e.preventDefault(); - let post_data = $('.cloud-multi-tool-checkbox:checked'); + let post_data = $('.cloud-multi-tool-checkbox:checked').serializeArray(); if(! post_data.length) { return false; @@ -285,6 +294,20 @@ $(document).ready(function () { close_and_deactivate_all_panels(); + $('body').css('cursor', 'wait'); + + post_data.push( + {name: 'attach_path', value: window.location.pathname}, + {name: 'channel_id', value: channelId}, + ); + + $.post('attach', post_data, function (data) { + if (data.success) { + $('body').css('cursor', 'auto'); + window.location.href = '/attach/download?token=' + data.token; + } + }); +/* // some trickery to trigger download action via ajax var form = $('<form></form>').attr('action', 'attach').attr('method', 'post'); form.append($("<input></input>").attr('type', 'hidden').attr('name', 'attach_path').attr('value', window.location.pathname)); @@ -293,6 +316,7 @@ $(document).ready(function () { form.append($("<input></input>").attr('type', 'hidden').attr('name', 'attach_ids[]').attr('value', this.value)); }); form.appendTo('body').submit().remove(); +*/ }); $('#cloud-multi-tool-delete-btn').on('click', function (e) { |