You are here

Home » API reference » CKEditor - WYSIWYG HTML editor 6 » ckeditor.module

function ckeditor_file_download in CKEditor - WYSIWYG HTML editor 6

Same name and namespace in other branches
  1. 7 ckeditor.module \ckeditor_file_download()

Implementation of hook_file_download(). Support for private downloads. CKEditor does not implement any kind of potection on private files.

File

./ckeditor.module, line 427
CKEditor - The text editor for the Internet - http://ckeditor.com Copyright (c) 2003-2013, CKSource - Frederico Knabben. All rights reserved.

Code

function ckeditor_file_download($file) {
  if ($path = file_create_path($file)) {
    $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $path);
    if (db_fetch_object($result)) {
      return NULL;
    }

    //No info in DB? Probably a file uploaded with FCKeditor / CKFinder
    $global_profile = ckeditor_profile_load("CKEditor Global Profile");

    //Assume that files inside of ckeditor directory belong to the CKEditor. If private directory is set, let the decision about protection to the user.
    $private_dir = isset($global_profile->settings['private_dir']) ? trim($global_profile->settings['private_dir'], '\\/') : '';
    $private_dir = preg_quote($private_dir, '#');
    $private_dir = strtr($private_dir, array(
      '%u' => '(\\d+)',
      '%n' => '([\\x80-\\xF7 \\w@.-]+)',
    ));

    // regex for %n taken from user_validate_name() in user.module
    $private_dir = trim($private_dir, '\\/');
    $regex = '#^' . preg_quote(file_directory_path() . '/', '#') . $private_dir . '#';

    //check if CKEditor's "Enable access to files located in the private folder" option is disabled or enabled
    $allow_download_private_files = FALSE;
    if (isset($global_profile->settings['ckeditor_allow_download_private_files']) && $global_profile->settings['ckeditor_allow_download_private_files'] === 't') {
      $allow_download_private_files = TRUE;
    }

    //denied access to file if private upload is set and CKEditor's "Enable access to files located in the private folder" option is disabled
    if ($allow_download_private_files == FALSE) {
      return NULL;
    }

    //check if file can be served by comparing regex and path to file
    if (preg_match($regex, $path)) {
      $ctype = ($info = @getimagesize($path)) ? $info['mime'] : (function_exists('mime_content_type') ? mime_content_type($path) : 'application/x-download');
      return array(
        'Content-Type: ' . $ctype,
      );
    }
  }
}