');
addJavaScriptVar('completed_formats', '[\'' . implode('\', \'', array_unique($existing_export_formats)) . '\']', false);
}
/**
* Downloads exported profile data file.
*
* @param int $uid The ID of the member whose data we're exporting.
*/
function download_export_file($uid)
{
global $modSettings, $maintenance, $context, $txt, $smcFunc;
$export_formats = get_export_formats();
// This is done to clear any output that was made before now.
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput']) && !headers_sent() && ob_get_length() == 0)
{
if (@ini_get('zlib.output_compression') == '1' || @ini_get('output_handler') == 'ob_gzhandler')
$modSettings['enableCompressedOutput'] = 0;
else
ob_start('ob_gzhandler');
}
if (empty($modSettings['enableCompressedOutput']))
{
ob_start();
header('content-encoding: none');
}
// No access in strict maintenance mode.
if (!empty($maintenance) && $maintenance == 2)
{
send_http_status(404);
exit;
}
// We can't give them anything without these.
if (empty($_GET['t']) || empty($_GET['format']) || !isset($export_formats[$_GET['format']]))
{
send_http_status(400);
exit;
}
$export_dir_slash = $modSettings['export_dir'] . DIRECTORY_SEPARATOR;
$idhash = hash_hmac('sha1', $uid, get_auth_secret());
$part = isset($_GET['part']) ? (int) $_GET['part'] : 1;
$extension = $export_formats[$_GET['format']]['extension'];
$filepath = $export_dir_slash . $part . '_' . $idhash . '.' . $extension;
$progressfile = $export_dir_slash . $idhash . '.' . $extension . '.progress.json';
// Make sure they gave the correct authentication token.
// We use these tokens so the user can download without logging in, as required by the GDPR.
$dltoken = hash_hmac('sha1', $idhash, get_auth_secret());
if ($_GET['t'] !== $dltoken)
{
send_http_status(403);
exit;
}
// Obviously we can't give what we don't have.
if (empty($modSettings['export_dir']) || !file_exists($filepath))
{
send_http_status(404);
exit;
}
// Figure out the filename we'll tell the browser.
$datatypes = file_exists($progressfile) ? array_keys($smcFunc['json_decode'](file_get_contents($progressfile), true)) : array('profile');
$included_desc = array_map(
function ($datatype) use ($txt)
{
return $txt[$datatype];
},
$datatypes
);
$dlfilename = array_merge(array($context['forum_name'], $context['member']['username']), $included_desc);
$dlfilename = preg_replace('/[^\p{L}\p{M}\p{N}_]+/u', '-', str_replace('"', '', un_htmlspecialchars(strip_tags(implode('_', $dlfilename)))));
$suffix = ($part > 1 || file_exists($export_dir_slash . '2_' . $idhash . '.' . $extension)) ? '_' . $part : '';
$dlbasename = $dlfilename . $suffix . '.' . $extension;
$mtime = filemtime($filepath);
$size = filesize($filepath);
// If it hasn't been modified since the last time it was retrieved, there's no need to serve it again.
if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']))
{
list($modified_since) = explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
if (strtotime($modified_since) >= $mtime)
{
ob_end_clean();
header_remove('content-encoding');
// Answer the question - no, it hasn't been modified ;).
send_http_status(304);
exit;
}
}
// Check whether the ETag was sent back, and cache based on that...
$eTag = md5(implode(' ', array($dlbasename, $size, $mtime)));
if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $eTag) !== false)
{
ob_end_clean();
header_remove('content-encoding');
send_http_status(304);
exit;
}
// If this is a partial download, we need to determine what data range to send
$range = 0;
if (isset($_SERVER['HTTP_RANGE']))
{
list($a, $range) = explode("=", $_SERVER['HTTP_RANGE'], 2);
list($range) = explode(",", $range, 2);
list($range, $range_end) = explode("-", $range);
$range = intval($range);
$range_end = !$range_end ? $size - 1 : intval($range_end);
$new_length = $range_end - $range + 1;
}
header('pragma: ');
if (!isBrowser('gecko'))
header('content-transfer-encoding: binary');
header('expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');
header('last-modified: ' . gmdate('D, d M Y H:i:s', $mtime) . ' GMT');
header('accept-ranges: bytes');
header('connection: close');
header('etag: ' . $eTag);
header('content-type: ' . $export_formats[$_GET['format']]['mime']);
// Convert the file to UTF-8, cuz most browsers dig that.
$utf8name = !$context['utf8'] && function_exists('iconv') ? iconv($context['character_set'], 'UTF-8', $dlbasename) : (!$context['utf8'] && function_exists('mb_convert_encoding') ? mb_convert_encoding($dlbasename, 'UTF-8', $context['character_set']) : $dlbasename);
// Different browsers like different standards...
if (isBrowser('firefox'))
header('content-disposition: attachment; filename*=UTF-8\'\'' . rawurlencode(preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name)));
elseif (isBrowser('opera'))
header('content-disposition: attachment; filename="' . preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name) . '"');
elseif (isBrowser('ie'))
header('content-disposition: attachment; filename="' . urlencode(preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name)) . '"');
else
header('content-disposition: attachment; filename="' . $utf8name . '"');
header('cache-control: max-age=' . (525600 * 60) . ', private');
// Multipart and resuming support
if (isset($_SERVER['HTTP_RANGE']))
{
send_http_status(206);
header("content-length: $new_length");
header("content-range: bytes $range-$range_end/$size");
}
else
header("content-length: $size");
// Try to buy some time...
@set_time_limit(600);
// For multipart/resumable downloads, send the requested chunk(s) of the file
if (isset($_SERVER['HTTP_RANGE']))
{
while (@ob_get_level() > 0)
@ob_end_clean();
header_remove('content-encoding');
// 40 kilobytes is a good-ish amount
$chunksize = 40 * 1024;
$bytes_sent = 0;
$fp = fopen($filepath, 'rb');
fseek($fp, $range);
while (!feof($fp) && (!connection_aborted()) && ($bytes_sent < $new_length))
{
$buffer = fread($fp, $chunksize);
echo($buffer);
flush();
$bytes_sent += strlen($buffer);
}
fclose($fp);
}
// Since we don't do output compression for files this large...
elseif ($size > 4194304)
{
// Forcibly end any output buffering going on.
while (@ob_get_level() > 0)
@ob_end_clean();
header_remove('content-encoding');
$fp = fopen($filepath, 'rb');
while (!feof($fp))
{
echo fread($fp, 8192);
flush();
}
fclose($fp);
}
// On some of the less-bright hosts, readfile() is disabled. It's just a faster, more byte safe, version of what's in the if.
elseif (@readfile($filepath) === null)
echo file_get_contents($filepath);
exit;
}
/**
* Allows a member to export their attachments.
* Mostly just a wrapper for showAttachment() but with a few tweaks.
*
* @param int $uid The ID of the member whose data we're exporting.
*/
function export_attachment($uid)
{
global $sourcedir, $context, $smcFunc;
$idhash = hash_hmac('sha1', $uid, get_auth_secret());
$dltoken = hash_hmac('sha1', $idhash, get_auth_secret());
if (!isset($_GET['t']) || $_GET['t'] !== $dltoken)
{
send_http_status(403);
exit;
}
$attachId = isset($_REQUEST['attach']) ? (int) $_REQUEST['attach'] : 0;
if (empty($attachId))
{
send_http_status(404, 'File Not Found');
die('404 File Not Found');
}
// Does this attachment belong to this member?
$request = $smcFunc['db_query']('', '
SELECT m.id_topic
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}attachments AS a ON (m.id_msg = a.id_msg)
WHERE m.id_member = {int:uid}
AND a.id_attach = {int:attachId}',
array(
'uid' => $uid,
'attachId' => $attachId,
)
);
if ($smcFunc['db_num_rows']($request) == 0)
{
$smcFunc['db_free_result']($request);
send_http_status(403);
exit;
}
$smcFunc['db_free_result']($request);
// This doesn't count as a normal download.
$context['skip_downloads_increment'] = true;
// Try to avoid collisons when attachment names are not unique.
$context['prepend_attachment_id'] = true;
// Allow access to their attachments even if they can't see the board.
// This is just like what we do with posts during export.
$context['attachment_allow_hidden_boards'] = true;
// We should now have what we need to serve the file.
require_once($sourcedir . DIRECTORY_SEPARATOR . 'ShowAttachments.php');
showAttachment();
}
/**
* Helper function that defines data export formats in a single location.
*
* @return array Information about supported data formats for profile exports.
*/
function get_export_formats()
{
global $txt;
$export_formats = array(
'XML_XSLT' => array(
'extension' => 'styled.xml',
'mime' => 'text/xml',
'description' => $txt['export_format_xml_xslt'],
'per_page' => 500,
),
'HTML' => array(
'extension' => 'html',
'mime' => 'text/html',
'description' => $txt['export_format_html'],
'per_page' => 500,
),
'XML' => array(
'extension' => 'xml',
'mime' => 'text/xml',
'description' => $txt['export_format_xml'],
'per_page' => 2000,
),
// 'CSV' => array(
// 'extension' => 'csv',
// 'mime' => 'text/csv',
// 'description' => $txt['export_format_csv'],
// 'per_page' => 2000,
// ),
// 'JSON' => array(
// 'extension' => 'json',
// 'mime' => 'application/json',
// 'description' => $txt['export_format_json'],
// 'per_page' => 2000,
// ),
);
// If these are missing, we can't transform the XML on the server.
if (!class_exists('DOMDocument') || !class_exists('XSLTProcessor'))
unset($export_formats['HTML']);
return $export_formats;
}
/**
* Returns the path to a secure directory for storing exported profile data.
*
* The directory is created if it does not yet exist, and is secured using the
* same method that we use to secure attachment directories. Files in this
* directory can only be downloaded via the download_export_file() function.
*
* @return string|bool The path to the directory, or false on error.
*/
function create_export_dir($fallback = '')
{
global $boarddir, $modSettings, $txt;
// No supplied fallback, so use the default location.
if (empty($fallback))
$fallback = $boarddir . DIRECTORY_SEPARATOR . 'exports';
// Automatically set it to the fallback if it is missing.
if (empty($modSettings['export_dir']))
updateSettings(array('export_dir' => $fallback));
// Make sure the directory exists.
if (!file_exists($modSettings['export_dir']))
@mkdir($modSettings['export_dir'], null, true);
// Make sure the directory has the correct permissions.
if (!is_dir($modSettings['export_dir']) || !smf_chmod($modSettings['export_dir']))
{
loadLanguage('Errors');
// Try again at the fallback location.
if ($modSettings['export_dir'] != $fallback)
{
log_error(sprintf($txt['export_dir_forced_change'], $modSettings['export_dir'], $fallback));
updateSettings(array('export_dir' => $fallback));
// Secondary fallback will be the default location, so no parameter this time.
create_export_dir();
}
// Uh-oh. Even the default location failed.
else
{
log_error($txt['export_dir_not_writable']);
return false;
}
}
return secureDirectory(array($modSettings['export_dir']), true);
}
/**
* Provides an XSLT stylesheet to transform an XML-based profile export file
* into the desired output format.
*
* @param string $format The desired output format. Currently accepts 'HTML' and 'XML_XSLT'.
* @param int $uid The ID of the member whose data we're exporting.
* @return array The XSLT stylesheet and a (possibly empty) DTD to insert into the XML document.
*/
function get_xslt_stylesheet($format, $uid)
{
global $context, $txt, $settings, $modSettings, $sourcedir, $forum_copyright, $scripturl, $smcFunc;
static $xslts = array();
$doctype = '';
$stylesheet = array();
$xslt_variables = array();
// Do not change any of these to HTTPS URLs. For explanation, see comments in the buildXmlFeed() function.
$smf_ns = 'htt'.'p:/'.'/ww'.'w.simple'.'machines.o'.'rg/xml/profile';
$xslt_ns = 'htt'.'p:/'.'/ww'.'w.w3.o'.'rg/1999/XSL/Transform';
$html_ns = 'htt'.'p:/'.'/ww'.'w.w3.o'.'rg/1999/xhtml';
require_once($sourcedir . DIRECTORY_SEPARATOR . 'News.php');
if (in_array($format, array('HTML', 'XML_XSLT')))
{
if (!class_exists('DOMDocument') || !class_exists('XSLTProcessor'))
$format = 'XML_XSLT';
$export_formats = get_export_formats();
/* Notes:
* 1. The 'value' can be one of the following:
* - an integer or string
* - an XPath expression
* - raw XML, which may or not not include other XSLT statements.
*
* 2. Always set 'no_cdata_parse' to true when the value is raw XML.
*
* 3. Set 'xpath' to true if the value is an XPath expression. When this
* is true, the value will be placed in the 'select' attribute of the
* element rather than in a child node.
*
* 4. Set 'param' to true in order to create an instead
* of an .
*
* A word to PHP coders: Do not let the term "variable" mislead you.
* XSLT variables are roughly equivalent to PHP constants rather
* than PHP variables; once the value has been set, it is immutable.
* Keeping this in mind may spare you from some confusion and
* frustration while working with XSLT.
*/
$xslt_variables = array(
'scripturl' => array(
'value' => $scripturl,
),
'themeurl' => array(
'value' => $settings['default_theme_url'],
),
'member_id' => array(
'value' => $uid,
),
'last_page' => array(
'param' => true,
'value' => !empty($context['export_last_page']) ? $context['export_last_page'] : 1,
'xpath' => true,
),
'dlfilename' => array(
'param' => true,
'value' => !empty($context['export_dlfilename']) ? $context['export_dlfilename'] : '',
),
'ext' => array(
'value' => $export_formats[$format]['extension'],
),
'forum_copyright' => array(
'value' => sprintf($forum_copyright, SMF_FULL_VERSION, SMF_SOFTWARE_YEAR, $scripturl),
),
'txt_summary_heading' => array(
'value' => $txt['summary'],
),
'txt_posts_heading' => array(
'value' => $txt['posts'],
),
'txt_personal_messages_heading' => array(
'value' => $txt['personal_messages'],
),
'txt_view_source_button' => array(
'value' => $txt['export_view_source_button'],
),
'txt_download_original' => array(
'value' => $txt['export_download_original'],
),
'txt_help' => array(
'value' => $txt['help'],
),
'txt_terms_rules' => array(
'value' => $txt['terms_and_rules'],
),
'txt_go_up' => array(
'value' => $txt['go_up'],
),
'txt_pages' => array(
'value' => $txt['pages'],
),
);
// Let mods adjust the XSLT variables.
call_integration_hook('integrate_export_xslt_variables', array(&$xslt_variables, $format));
$idhash = hash_hmac('sha1', $uid, get_auth_secret());
$xslt_variables['dltoken'] = array(
'value' => hash_hmac('sha1', $idhash, get_auth_secret())
);
// Efficiency = good.
$xslt_key = $smcFunc['json_encode'](array($format, $uid, $xslt_variables));
if (isset($xslts[$xslt_key]))
return $xslts[$xslt_key];
if ($format == 'XML_XSLT')
{
$doctype = implode("\n", array(
'',
'',
'',
']>',
));
$stylesheet['header'] = "\n" . implode("\n", array(
'',
"\t" . '',
'',
"\t\t" . '',
"\t\t" . '',
));
}
else
{
$doctype = '';
$stylesheet['header'] = implode("\n", array(
'',
'',
));
}
// Output control settings.
$stylesheet['output_control'] = '
';
// Insert the XSLT variables.
$stylesheet['variables'] = '';
foreach ($xslt_variables as $name => $var)
{
$element = !empty($var['param']) ? 'param' : 'variable';
$stylesheet['variables'] .= "\n\t\t" . '';
else
$stylesheet['variables'] .= '>' . (!empty($var['no_cdata_parse']) ? $var['value'] : cdata_parse($var['value'])) . '';
}
// The top-level template. Creates the shell of the HTML document.
$stylesheet['html'] = '
<!DOCTYPE html>
<xsl:value-of select="@title"/>
';
// Template to show the content of the export file.
$stylesheet['content_section'] = '
';
// Template for user profile summary
$stylesheet['summary'] = '
';
// Some helper templates for details inside the summary.
$stylesheet['detail_default'] = '
';
// Helper template for printing a signature
$stylesheet['signature'] = '
';
// Helper template for printing a list of PM recipients
$stylesheet['recipient'] = '
, . ';
// Helper template for special handling of the contents of the [html] BBCode
$stylesheet['bbc_html'] = '
[html][/html]';
// Helper templates to build a page index
$stylesheet['page_index'] = '
... ';
// Template to insert CSS and JavaScript
$stylesheet['css_js'] = '
';
export_load_css_js();
if (!empty($context['export_css_files']))
{
foreach ($context['export_css_files'] as $css_file)
{
$stylesheet['css_js'] .= '
' . $css_file['fileUrl'] . '';
if (!empty($css_file['options']['attributes']))
{
foreach ($css_file['options']['attributes'] as $key => $value)
$stylesheet['css_js'] .= '
' . (is_bool($value) ? $key : $value) . '';
}
$stylesheet['css_js'] .= '
';
}
}
if (!empty($context['export_css_header']))
{
$stylesheet['css_js'] .= '
';
}
if (!empty($context['export_javascript_vars']))
{
$stylesheet['css_js'] .= '
';
}
if (!empty($context['export_javascript_files']))
{
foreach ($context['export_javascript_files'] as $js_file)
{
$stylesheet['css_js'] .= '
';
}
}
if (!empty($context['export_javascript_inline']['standard']))
{
$stylesheet['css_js'] .= '
';
}
if (!empty($context['export_javascript_inline']['defer']))
{
$stylesheet['css_js'] .= '
';
}
$stylesheet['css_js'] .= '
';
// End of the XSLT stylesheet
$stylesheet['footer'] = ($format == 'XML_XSLT' ? "\t" : '') . '';
}
// Let mods adjust the XSLT stylesheet.
call_integration_hook('integrate_export_xslt_stylesheet', array(&$stylesheet, $format));
// Remember for later.
$xslt_key = isset($xslt_key) ? $xslt_key : $smcFunc['json_encode'](array($format, $uid, $xslt_variables));
$xslts[$xslt_key] = array('stylesheet' => implode("\n", (array) $stylesheet), 'doctype' => $doctype);
return $xslts[$xslt_key];
}
/**
* Loads and prepares CSS and JavaScript for insertion into an XSLT stylesheet.
*/
function export_load_css_js()
{
global $context, $modSettings, $sourcedir, $smcFunc, $user_info;
// If we're not running a background task, we need to preserve any existing CSS and JavaScript.
if (SMF != 'BACKGROUND')
{
foreach (array('css_files', 'css_header', 'javascript_vars', 'javascript_files', 'javascript_inline') as $var)
{
if (isset($context[$var]))
$context['real_' . $var] = $context[$var];
if ($var == 'javascript_inline')
{
foreach ($context[$var] as $key => $value)
$context[$var][$key] = array();
}
else
$context[$var] = array();
}
}
// Autoloading is unavailable for background tasks, so we have to do things the hard way...
else
{
if (!empty($modSettings['minimize_files']) && (!class_exists('MatthiasMullie\\Minify\\CSS') || !class_exists('MatthiasMullie\\Minify\\JS')))
{
// Include, not require, because minimization is nice to have but not vital here.
include_once(implode(DIRECTORY_SEPARATOR, array($sourcedir, 'minify', 'src', 'Exception.php')));
include_once(implode(DIRECTORY_SEPARATOR, array($sourcedir, 'minify', 'src', 'Exceptions', 'BasicException.php')));
include_once(implode(DIRECTORY_SEPARATOR, array($sourcedir, 'minify', 'src', 'Exceptions', 'FileImportException.php')));
include_once(implode(DIRECTORY_SEPARATOR, array($sourcedir, 'minify', 'src', 'Exceptions', 'IOException.php')));
include_once(implode(DIRECTORY_SEPARATOR, array($sourcedir, 'minify', 'src', 'Minify.php')));
include_once(implode(DIRECTORY_SEPARATOR, array($sourcedir, 'minify', 'path-converter', 'src', 'Converter.php')));
include_once(implode(DIRECTORY_SEPARATOR, array($sourcedir, 'minify', 'src', 'CSS.php')));
include_once(implode(DIRECTORY_SEPARATOR, array($sourcedir, 'minify', 'src', 'JS.php')));
if (!class_exists('MatthiasMullie\\Minify\\CSS') || !class_exists('MatthiasMullie\\Minify\\JS'))
$modSettings['minimize_files'] = false;
}
}
// Load our standard CSS files.
loadCSSFile('index.css', array('minimize' => true, 'order_pos' => 1), 'smf_index');
loadCSSFile('responsive.css', array('force_current' => false, 'validate' => true, 'minimize' => true, 'order_pos' => 9000), 'smf_responsive');
if ($context['right_to_left'])
loadCSSFile('rtl.css', array('order_pos' => 4000), 'smf_rtl');
// In case any mods added relevant CSS.
call_integration_hook('integrate_pre_css_output');
// This next chunk mimics some of template_css()
$css_to_minify = array();
$normal_css_files = array();
usort(
$context['css_files'],
function ($a, $b)
{
return $a['options']['order_pos'] < $b['options']['order_pos'] ? -1 : ($a['options']['order_pos'] > $b['options']['order_pos'] ? 1 : 0);
}
);
foreach ($context['css_files'] as $css_file)
{
if (!isset($css_file['options']['minimize']))
$css_file['options']['minimize'] = true;
if (!empty($css_file['options']['minimize']) && !empty($modSettings['minimize_files']))
$css_to_minify[] = $css_file;
else
$normal_css_files[] = $css_file;
}
$minified_css_files = !empty($css_to_minify) ? custMinify($css_to_minify, 'css') : array();
$context['css_files'] = array();
foreach (array_merge($minified_css_files, $normal_css_files) as $css_file)
{
// Embed the CSS in a