How to access pdf file outside of public_html in joomla site? - pdf

Actually i want to edit a module to fetch PDF file outside from public_html.
I already tried to change permission of that file from which i want to fetch PDF to 777.
I am trying to fetch PDF by following codes
$baseurl = JURI::base();
$outside_baseurl = $baseurl.'../pdf/name.pdf';
Shows this error
Cannot access file!
https://mysitedomain.com/../pdf/name.pdf

It's really not safe to access a file outside the scope of your public folder in the open like that. It has the potential to open serious security holes. If you are trying to do this to modify or use the PDF file for something inside PHP, you should be able to. If you are trying to send it to a user for download or preview, you might wanna try fpassthru(). Something like the example below.
<?php
$path = 'path/to/file.pdf';
$public_name = basename($path);
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $path);
header("Content-Disposition: attachment; filename=$public_name;");
header("Content-Type: $mime_type");
header('Content-Length: ' . filesize($path));
$fop = fopen($path, 'rb');
fpassthru($fop);
exit;
This should serve your purpose.

Related

nodejs npm libraries to access and modify microsoft word documents

Do you know if it is possible to search specific text like "xAx" into a Microsoft Word file (.doc or .docx) hosted on a website, replace it with some other text input by the user and make the file available for download using nodejs?
Is there a npm library that can do that?
If not it is possible to manipulate a PDF file instead? Please note that I do not want to create the document but manipulate a template file in the server.
Thank you for your help.
There is project https://github.com/open-xml-templating/docxtemplater which serves for replacing {placeholders} in a .docx files.
Also supports loops and images, check out demo (examples) on http://javascript-ninja.fr/docxtemplater/v1/examples/demo.html
If odt is an option (these files are open directly by MS Word besides Open and Libre Office and can be set with extension .doc so end users do not freak out) you can use HTML52PDF.
For example something like the following code will replace a string of text by a link:
require_once 'path/to/CreateDocument.inc';
$doc = new Html52pdf\createDocument(array('template' => 'template.odt'));
$format = '.odt';//.pdf, .doc, .docx, .odt, .rtf
//replace natural text
$doc->replace(array('replace me, please' => array('value' => 'external link')), array('format' => array('','')));
$doc->render('replaced_content' . $format);

How to modify .INI file with using sharpconfig?

I am using sharpconfig for Load my .INI file. i got success in reading ini file and its very user friendly.
Dim config As New SharpConfig.Configuration
config = SharpConfig.Configuration.Load("D:\Myini.ini")
Now i want to replace particular word of .ini file. SharpConfig showing that its also providing the .INI file modify functionality but i can not able to find how i can modify my file with sharpconfig
Please help me. Thanks!
Given an INI file that looks like this:
[MySection]
MySetting = 123
You read it with SharpConfig.Configuration.Load:
Dim yourpath = "c:\WhatEver.ini"
Dim config = SharpConfig.Configuration.Load(yourpath)
Console.WriteLine(config("MySection")("MySetting").Value)
This code will print
123
Now, to change the INI file, simply assign a new value and save it like:
config("MySection")("MySetting").Value = "Foobar"
config.Save(yourpath)
The INI file will now look like this:
[MySection]
MySetting = Foobar
You already refered to the codeplex page and there you can even find a a test app that shows how to do stuff with it: TestApp
If you have the Category and the Setting you can get/set the value of the Setting with .Value
In the Sourcecode of SharpConfig it is easy readable what can be accessed. I'm a VB guy myself but it should be no problem to read the c# stuff >> Settings

Adobe reader online doesn't read all pdf?

As the title says i made a script to read pdf files. Only specifical files can be opened. All files last modified till 29-09-2008 can be opened. All files after can't.
Here is my code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Stienser Omroeper</title>
</head>
<body>
<?php
$file = 'E:/Omrop/'.$_GET['y'].'/'.$_GET['f'];
$filename = $_GET['f'];
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $filename . '"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($file));
header('Accept-Ranges: bytes');
#readfile($file);
?>
</body>
</html>
The $_GET contains y (year for map structure) and f (the filename). If i echo $file after and use the link in run on my pc it works perfectly. In browser i get the message This file is broken and can't be repaired..
Anybody ideas?
This code contains a filesystem traversal vulnerability. You are performing no validation of the arguments that lead to the file. Files on disk are blindly opened and fed to the client.
What if you were on a Unix system? What would happen if someone submitted ?y=&f=../../../etc/passwd?
That doesn't even touch the fact that you aren't doing any sort of sanitization on the user's desired filename for the file. The user could submit entirely bogus data there and get an entirely bogus filename.
This code performs no error checking, and even expressly turns errors off when throwing the file at the user using readfile. This is the root of your problem. Nobody has any idea what's going wrong.
So, we can fix this.
First things first, you're going to want to do some validation on y and f. You mentioned that y is a year, so
$year = (int)$_GET['y'];
should do the trick. By forcing it into an integer, you remove any horibleness there.
f is going to be a bit more tricky. You haven't given us an idea about what the files are named. You're going to want to add some pattern matching validation to ensure that only valid filenames are looked for. For example, if all the PDFs are named "report_something_0000.pdf", then you'd want to validate against, say
$file = null;
if(preg_match('/^report_something_\d{4}\.pdf$/', $_GET['f'])) {
$file = $_GET['f'];
}
Now that we've got a valid filename and a valid year directory, the next step is making sure the file exists.
$path = 'E:/Omrop/' . $year . '/' . $file;
if(!$file || !file_exists($path) || !is_readable($path)) {
header('HTTP/1.0 404 File Not Found', true, 404);
header('Content-type: text/html');
echo "<h1>404 File Not Found</h1>";
exit;
}
If $file ended up not being set because the pattern match failed, or if the resulting file path wasn't found, then the script will bail with an error message.
I'm going to guess that your problems opening older PDFs are caused by the files not existing or having bad permissions. You're feeding Adobe Reader the right headers and then no data.
You'll also want to perform the same kind of sanity checking on the user-supplied desired filename. Again, I don't know your requirements here, but make sure that nothing bogus can sneak in.
Next, get rid of the # in front of readfile. It's suppressing any actual errors, and you're going to want to see them. Because you probably don't want to see them in the output, make sure to set up an error log instead.
Finally... how is this code even working? You're emitting headers in the middle of HTML! Not only that, you're giving explicit content-lengths while doing so. You should be getting a hell of a lot of errors from this. Are you sure that you didn't accidentally copy/paste some code wrong here? Maybe you forgot a section at the top where you're calling ob_start()? Regardless, ditch everything before the opening <?php tag.

How can I allow more file extensions with drupal file uploads?

I've got a module that has to let users upload files and everything works as long as the files are in the standard array of allowed extensions. I've tried using file_validate_extensions, but this doesn't seem to change anything.
This is the code I'm using to upload now (the docx extension is added to the standard drupal allowed ones, but it doesn't seem to get picked up):
$fid = $form_state['values']['attachment'];
$file = file_load($fid);
if($file != null){
file_validate_extensions($file, "jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp docx");
$file->status = FILE_STATUS_PERMANENT;
file_save($file);
}
I just looked to this Drupal API, and it seems that you can use the function "file_save_upload" (with $validator as an array of valid extension), this get the file in a temporary state. And then, you have to call "file_save" to make it permanent.

Create dummy index.html inside a new MKDR directory

I know this may be a silly question but i cant seem to find just a simple answer.
I have a php script that makes a directory for me when the user starts a new entry.
That directory holds photos for their gallery.
What i would like to do is also create One index.html file inside that new directory with a few lines of html code in it.
How do i do this?
Im guessing that the file would be made like so:
mkdir('users/'.$id.'/index.html',0755);
But how do i add the html into that index.html file?
Or do i have one file on the server and copy it over into there during the MKDIR process?
Anyways a really simple answer would be best as i am very slow in this learning thing.
Thank you
John
New edits.....
<?php
$id = 812;
mkdir('users/'.$id,0755);
chmod('users/'.$id,0777);
$fh = fopen( "users/".$id, "w+" ) or die( "Couldn't open file" );
fwrite( $fh, "<html><head /><body><h1>It Works!</h1></html>" );
fclose( $fh );
?>
Its giving me this error?
Warning: fopen(users/812) [function.fopen]: failed to open stream: Permission denied in stackoverflowtest1.php on line 9
Couldn't open file
Any ideas? I am on a wamp windows 7 server and not using ftp to edit files but just the www wamp explorer foler.
I'm not sure which language you are using so you'll either need to update your question or forgive the lack of concrete code. mkdir is for generating directories and not flat files. To do that you'll need to open then the file handle then print the HTML lines to that handle and then close it.
A file handle is a pointer to a file. It allows you to manipulate the data in that file ( i.e. read or write it ).
example code:
$fh = fopen( "path/to/file/index.html", "w+" ) or die( "Couldn't open file" );
fwrite( $fh, "<html><head /><body><h1>It Works!</h1></html>" );
fclose( $fh );
The path to the file needs a file name as a target, sorry that wasn't clear.