protected void Page_Load(object sender, EventArgs e) { string filename = Request["File"]; if (filename == null) { Response.StatusCode = 404; Response.Write(Properties.Messages.FileNotFound); return; } // Remove ".." sequences that might be a security issue filename = filename.Replace("..", ""); bool isPageAttachment = !string.IsNullOrEmpty(Request["Page"]); PageInfo pageInfo = isPageAttachment ? Pages.FindPage(Request["Page"]) : null; if (isPageAttachment && pageInfo == null) { Response.StatusCode = 404; Response.Write(Properties.Messages.FileNotFound); return; } IFilesStorageProviderV30 provider; if (!string.IsNullOrEmpty(Request["Provider"])) { provider = Collectors.FilesProviderCollector.GetProvider(Request["Provider"]); } else { if (isPageAttachment) { provider = FilesAndAttachments.FindPageAttachmentProvider(pageInfo, filename); } else { provider = FilesAndAttachments.FindFileProvider(filename); } } if (provider == null) { Response.StatusCode = 404; Response.Write("File not found."); return; } // Use canonical path format (leading with /) if (!isPageAttachment) { if (!filename.StartsWith("/")) { filename = "/" + filename; } filename = filename.Replace("\\", "/"); } bool countHit = CountHit(filename); // Verify permissions bool canDownload = false; if (isPageAttachment) { canDownload = AuthChecker.CheckActionForPage(pageInfo, Actions.ForPages.DownloadAttachments, SessionFacade.GetCurrentUsername(), SessionFacade.GetCurrentGroupNames()); } else { string dir = Tools.GetDirectoryName(filename); canDownload = AuthChecker.CheckActionForDirectory(provider, dir, Actions.ForDirectories.DownloadFiles, SessionFacade.GetCurrentUsername(), SessionFacade.GetCurrentGroupNames()); } if (!canDownload) { Response.StatusCode = 401; return; } long size = -1; FileDetails details = null; if (isPageAttachment) { details = provider.GetPageAttachmentDetails(pageInfo, filename); } else { details = provider.GetFileDetails(filename); } if (details != null) { size = details.Size; } else { Log.LogEntry("Attempted to download an inexistent file/attachment (" + (pageInfo != null ? pageInfo.FullName + "/" : "") + filename + ")", EntryType.Warning, Log.SystemUsername); Response.StatusCode = 404; Response.Write("File not found."); return; } string mime = ""; try { string ext = Path.GetExtension(filename); if (ext.StartsWith(".")) { ext = ext.Substring(1).ToLowerInvariant(); // Remove trailing dot } mime = GetMimeType(ext); } catch { // ext is null -> no mime type -> abort Response.Write(filename + "<br />"); Response.StatusCode = 404; Response.Write("File not found."); //mime = "application/octet-stream"; return; } // Prepare response Response.Clear(); Response.AddHeader("content-type", mime); if (Request["AsStreamAttachment"] != null) { Response.AddHeader("content-disposition", "attachment;filename=\"" + Path.GetFileName(filename) + "\""); } else { Response.AddHeader("content-disposition", "inline;filename=\"" + Path.GetFileName(filename) + "\""); } Response.AddHeader("content-length", size.ToString()); bool retrieved = false; if (isPageAttachment) { try { retrieved = provider.RetrievePageAttachment(pageInfo, filename, Response.OutputStream, countHit); } catch (ArgumentException ex) { Log.LogEntry("Attempted to download an inexistent attachment (" + pageInfo.FullName + "/" + filename + ")\n" + ex.ToString(), EntryType.Warning, Log.SystemUsername); } } else { try { retrieved = provider.RetrieveFile(filename, Response.OutputStream, countHit); } catch (ArgumentException ex) { Log.LogEntry("Attempted to download an inexistent file/attachment (" + filename + ")\n" + ex.ToString(), EntryType.Warning, Log.SystemUsername); } } if (!retrieved) { Response.StatusCode = 404; Response.Write("File not found."); return; } // Set the cache duration accordingly to the file date/time //Response.AddFileDependency(filename); //Response.Cache.SetETagFromFileDependencies(); //Response.Cache.SetLastModifiedFromFileDependencies(); Response.Cache.SetETag(filename.GetHashCode().ToString() + "-" + size.ToString()); Response.Cache.SetCacheability(HttpCacheability.Public); Response.Cache.SetSlidingExpiration(true); Response.Cache.SetValidUntilExpires(true); Response.Cache.VaryByParams["File"] = true; Response.Cache.VaryByParams["Provider"] = true; Response.Cache.VaryByParams["Page"] = true; Response.Cache.VaryByParams["IsPageAttachment"] = true; }
public void PrintCat() { StringBuilder sb = new StringBuilder(); sb.Append("<ul>"); sb.Append(@"<li><a href="""); UrlTools.BuildUrl(sb, "AllPages.aspx?Cat=-"); sb.Append(@""">"); sb.Append(Properties.Messages.UncategorizedPages); sb.Append("</a> ("); sb.Append(Pages.GetUncategorizedPages(currentNamespace).Length.ToString()); sb.Append(")"); sb.Append(@" - <small><a href="""); UrlTools.BuildUrl(sb, "RSS.aspx?Category=-"); sb.Append(@""" title="""); sb.Append(Properties.Messages.RssForThisCategory); sb.Append(@""">RSS</a> - <a href="""); UrlTools.BuildUrl(sb, "RSS.aspx?Discuss=1&Category=-"); sb.Append(@""" title="""); sb.Append(Properties.Messages.RssForThisCategoryDiscussion); sb.Append(@""">"); sb.Append(Properties.Messages.DiscussionsRss); sb.Append("</a>"); sb.Append("</small>"); sb.Append("</li></ul><br />"); sb.Append("<ul>"); List <CategoryInfo> categories = Pages.GetCategories(currentNamespace); for (int i = 0; i < categories.Count; i++) { if (categories[i].Pages.Length > 0) { sb.Append(@"<li>"); sb.Append(@"<a href="""); UrlTools.BuildUrl(sb, "AllPages.aspx?Cat=", Tools.UrlEncode(categories[i].FullName)); sb.Append(@""">"); sb.Append(NameTools.GetLocalName(categories[i].FullName)); sb.Append("</a> ("); sb.Append(categories[i].Pages.Length.ToString()); sb.Append(")"); sb.Append(@" - <small><a href="""); UrlTools.BuildUrl(sb, "RSS.aspx?Category=", Tools.UrlEncode(categories[i].FullName)); sb.Append(@""" title="""); sb.Append(Properties.Messages.RssForThisCategory); sb.Append(@""">RSS</a> - <a href="""); UrlTools.BuildUrl(sb, "RSS.aspx?Discuss=1&Category=", Tools.UrlEncode(categories[i].FullName)); sb.Append(@""" title="""); sb.Append(Properties.Messages.RssForThisCategoryDiscussion); sb.Append(@""">"); sb.Append(Properties.Messages.DiscussionsRss); sb.Append("</a>"); sb.Append("</small>"); sb.Append("</li>"); } else { sb.Append(@"<li><i>"); sb.Append(NameTools.GetLocalName(categories[i].FullName)); sb.Append("</i></li>"); } } sb.Append("</ul>"); lblCatList.Text = sb.ToString(); }