Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

temp_local_download_remote_file()

Description

Download remote file to the temp filestore location.

Parameters

ColumnTypeDefaultDescription
$url string Source URL
$key string "" Optional key to use - to prevent conflicts when simultaneous calls use same file name

Return

string|bool Returns the new temp filestore location or false otherwise.

Location

include/file_functions.php lines 125 to 223

Definition

 
function temp_local_download_remote_file(string $urlstring $key "")
    {
    $userref $GLOBALS['userref'] ?? 0;
    if($userref === 0)
        {
        return false;
        }

    if ($key != "" && preg_match('/\W+/'$key) !== 0)
        {
        // Block potential path traversal - allow only word characters.
        return false;
        }

    $url trim($url);
    $url_original $url;
    // Remove query string from URL
    $url explode('?'$url);
    $url reset($url);
    
    $path_parts pathinfo(basename($url));
    $filename safe_file_name($path_parts['filename'] ?? '');
    $extension $path_parts['extension'] ?? '';
    $filename .= ($extension !== '' ".{$extension}'');

    if(strpos($filename,".") === false && filter_var($url_originalFILTER_VALIDATE_URL))
        {
        // $filename not valid, try and get from HTTP header
        $urlinfo parse_url($url);
        if (!isset($urlinfo["scheme"]) || !in_array($urlinfo["scheme"],["http","https"]))
            {
            return false;
            }

        $headers get_headers($url_original,true);
        foreach($headers as $header=>$headervalue)
            {
            if (
                strtolower($header) == "content-disposition"
                // Check for double quotes first (e.g. attachment; filename="O'Malley's Bar.pdf")
                // OR Check for single quotes (e.g. attachment; filename='Space Travel.jpg')
                // OR Get file name up to first space
                && 
                ( 
                    preg_match('/.*filename=[\"]([^\"]+)/'$headervalue$matches)
                    || preg_match('/.*filename=[\']([^\']+)/'$headervalue$matches)
                    || preg_match("/.*filename=([^ ]+)/"$headervalue$matches
                )
                ) {
                    $filename $matches[1];
                }
            }
        
        $extension pathinfo(basename($filename), PATHINFO_EXTENSION);
        $filename safe_file_name(pathinfo(basename($filename), PATHINFO_FILENAME)) . ".{$extension}";
        }

    if (is_banned_extension($extension))
        {
        debug('[temp_local_download_remote_file] WARN: Banned extension for ' $filename);
        return false;
        }

    // Get temp location
    $tmp_uniq_path_id $userref "_" $key generateUserFilenameUID($userref);
    $tmp_dir get_temp_dir(false) . "/remote_files/" $tmp_uniq_path_id;
    if(!is_dir($tmp_dir))
        {
        mkdir($tmp_dir,0777,true);
        }
    $tmp_file_path $tmp_dir"/" $filename;
    if($tmp_file_path == $url)
        {
        // Already downloaded earlier by API call 
        return $tmp_file_path;
        }

    // Download the file
    $GLOBALS['use_error_exception'] = true;
    try
        {
        if(copy($url_original$tmp_file_path))
            {
            return $tmp_file_path;
            }
        }
    catch(Throwable $t)
        {
        debug(sprintf(
            'Failed to download remote file from "%s" to temp location "%s". Reason: %s',
            $url_original,
            $tmp_file_path,
            $t->getMessage()
        ));
        }
    unset($GLOBALS['use_error_exception']);

    return false;
    }

This article was last updated 17th November 2024 15:35 Europe/London time based on the source file dated 22nd August 2024 16:45 Europe/London time.