You are here

Home » API reference » CKEditor - WYSIWYG HTML editor 7 » ckeditor.module

function ckeditor_file_download in CKEditor - WYSIWYG HTML editor 7

Same name and namespace in other branches
  1. 6 ckeditor.module \ckeditor_file_download()

Implementation of hook_file_download(). Support for private downloads. CKEditor does not implement any kind of potection on private files.

File

./ckeditor.module, line 691
CKEditor - The text editor for the Internet - http://ckeditor.com Copyright (c) 2003-2013, CKSource - Frederico Knabben. All rights reserved.

Code

function ckeditor_file_download($uri) {
  $result = db_query("SELECT f.* FROM {file_managed} f WHERE uri = :uri", array(
    ':uri' => $uri,
  ));
  foreach ($result as $record) {
    return NULL;
  }
  if ($path = file_create_url($uri)) {

    //No info in DB? Probably a file uploaded with FCKeditor / CKFinder
    $global_profile = ckeditor_profile_load("CKEditor Global Profile");

    //Assume that files inside of ckeditor directory belong to the CKEditor. If private directory is set, let the decision about protection to the user.
    $private_dir_db = $private_dir = isset($global_profile->settings['private_dir']) ? trim($global_profile->settings['private_dir'], '\\/') : '';
    $private_dir_db = str_replace(array(
      '\\%u',
      '\\%n',
    ), array(
      '',
      '',
    ), $private_dir_db);
    $private_dir = preg_quote($private_dir, '#');
    $private_dir = strtr($private_dir, array(
      '%u' => '(\\d+)',
      '%n' => '([\\x80-\\xF7 \\w@.-]+)',
    ));

    // regex for %n taken from user_validate_name() in user.module
    $private_dir = trim($private_dir, '\\/');
    $regex = '#^' . preg_quote('private://', '#') . $private_dir . '#';
    if (!strstr($uri, 'private://') && !strstr($uri, 'public://')) {
      $path = 'private://' . $uri;
    }
    else {
      $path = $uri;
    }

    //check if CKEditor's "Enable access to files located in the private folder" option is disabled or enabled
    $allow_download_private_files = FALSE;
    if (isset($global_profile->settings['ckeditor_allow_download_private_files']) && $global_profile->settings['ckeditor_allow_download_private_files'] === 't') {
      $allow_download_private_files = TRUE;
    }

    //denied access to file if private upload is set and CKEditor's "Enable access to files located in the private folder" option is disabled
    if ($allow_download_private_files == FALSE) {
      return NULL;
    }

    //check if file can be served by comparing regex and path to file
    if (preg_match($regex, $path)) {
      $info = image_get_info($uri);
      return !empty($info['mime_type']) ? array(
        'Content-Type' => $info['mime_type'],
      ) : NULL;
    }
  }
}