Merge pull request #1107 from anaggh/master

Fix #941 Allow backup downloads for admin role

bl-kernel/functions.php

@@ -872,4 +872,18 @@ function transformImage($file, $imageDir, $thumbnailDir=false) {
 	}
 
 	return $image;
-}
+}
+
+function downloadRestrictedFile($file) {
+	if (is_file($file)) {
+	    header('Content-Description: File Transfer');
+	    header('Content-Type: application/octet-stream');
+	    header('Content-Disposition: attachment; filename="'.basename($file).'"');
+	    header('Expires: 0');
+	    header('Cache-Control: must-revalidate');
+	    header('Pragma: public');
+	    header('Content-Length: ' . filesize($file));
+	    readfile($file);
+	    exit(0);
+	}
+}

bl-kernel/helpers/filesystem.class.php

@@ -264,4 +264,32 @@ class Filesystem {
 	public static function extension($file) {
 		return pathinfo($file, PATHINFO_EXTENSION);
 	}
+
+	/**
+	 * Get Size of file or directory in bytes
+	 * @param  [string] $fileOrDirectory
+	 * @return [int|bool                  [bytes or false on error]
+	 */
+	public static function getSize($fileOrDirectory) {
+		// Files
+		if (is_file($fileOrDirectory)) {
+			return filesize($fileOrDirectory);
+		}
+		// Directories
+		if (file_exists($fileOrDirectory)) {
+		    $size = 0;
+		    foreach(new RecursiveIteratorIterator(new RecursiveDirectoryIterator($fileOrDirectory)) as $file){
+		        $size += $file->getSize();
+		    }
+		    return $size;
+		}
+		return false;
+	}
+
+	public static function bytesToHumanFileSize($bytes, $decimals = 2) {
+	    $size = array('B','kB','MB','GB','TB','PB','EB','ZB','YB');
+	    $factor = floor((strlen($bytes) - 1) / 3);
+	    return sprintf("%.{$decimals}f ", $bytes / pow(1024, $factor)) . @$size[$factor];
+	}
+
 }

bl-plugins/backup/plugin.php

@@ -36,8 +36,13 @@ class pluginBackup extends Plugin {
 
 	public function adminSidebar()
 	{
-		$backups = $this->backupList();
-		return '<a class="nav-link" href="'.HTML_PATH_ADMIN_ROOT.'configure-plugin/'.$this->className().'">Backups <span class="badge badge-primary badge-pill">'.count($backups).'</span></a>';
+		global $login;
+		if ($login->role() === 'admin') {
+			$backups = $this->backupList();
+			return '<a class="nav-link" href="'.HTML_PATH_ADMIN_ROOT.'configure-plugin/'.$this->className().'">Backups <span class="badge badge-primary badge-pill">'.count($backups).'</span></a>';
+		} else {
+			return '';
+		}
 	}
 
 	public function form()
@@ -66,7 +71,7 @@ class pluginBackup extends Plugin {
 			$html .= '<h4 class="font-weight-normal">'.Date::format($filename, BACKUP_DATE_FORMAT, 'F j, Y, g:i a').'</h4>';
 			// Allow download if a zip file
 			if ($this->zip) {
-				$html .= '<a class="btn btn-outline-secondary btn-sm mr-1 mt-1" href="'.DOMAIN_CONTENT.'workspaces/backup/'.$filename.'.zip"><span class="fa fa-download"></span> '.$L->get('download').'</a>';
+				$html .= '<a class="btn btn-outline-secondary btn-sm mr-1 mt-1" href="'.DOMAIN_BASE.'plugin-backup-download?file='.$filename.'.zip"><span class="fa fa-download"></span> '.$L->get('download').'</a>';
 			}
 			$html .= '<button name="restoreBackup" value="'.$filename.'" class="btn btn-outline-secondary btn-sm mr-1 mt-1" type="submit"><span class="fa fa-rotate-left"></span> '.$L->get('restore-backup').'</button>';
 			$html .= '<button name="deleteBackup"  value="'.$filename.'" class="btn btn-outline-danger btn-sm mr-1 mt-1" type="submit"><span class="fa fa-trash"></span> '.$L->get('delete-backup').'</button>';
@@ -76,6 +81,29 @@ class pluginBackup extends Plugin {
 		return $html;
 	}
 
+	/**
+	 * Downloading Backups is not allowed by default server config
+	 * This webhook is to allow downloads for admins
+	 * Webhook: plugin-backup-download?file={backup-name.zip}
+	 */
+	public function beforeAll()
+	{
+		global $L;
+		$webhook = 'plugin-backup-download';
+		if ($this->webhook($webhook)) {
+			if (!empty($_GET['file'])) {
+				$login = new Login();
+				if ($login->role() === 'admin') {
+					downloadRestrictedFile(PATH_WORKSPACES.'backup/'.$_GET['file']);
+				} else {
+					Alert::set($L->g('You do not have sufficient permissions'));
+					Redirect::page('dashboard');
+				}
+			}
+			exit(0);
+		}
+	}
+
 	public function backupList()
 	{
 		if ($this->zip) {

bl-plugins/simple-stats/languages/de_CH.json

@@ -8,5 +8,6 @@
 	"visits-today": "Seitenaufrufe heute",
 	"unique-visitors-today": "Besucher heute",
 	"chart": "Chart",
-	"table": "Table"
+	"table": "Table",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/de_DE.json

@@ -8,5 +8,6 @@
 	"visits-today": "Seitenaufrufe heute",
 	"unique-visitors-today": "Besucher heute",
     "chart": "Chart",
-    "table": "Table"
+    "table": "Table",
+    "disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/en.json

@@ -8,5 +8,6 @@
 	"visits-today": "Visits today",
 	"unique-visitors-today": "Unique visitors today",
 	"chart": "Chart",
-	"table": "Table"
+	"table": "Table",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/es.json

@@ -8,5 +8,6 @@
 	"visits-today": "Visitas de hoy",
 	"unique-visitors-today": "Visitantes únicos de hoy",
 	"chart": "Gráfico",
-	"table": "Tabla"
-}
+	"table": "Tabla",
+	"disk-usage" : "Disk Usage"
+}

bl-plugins/simple-stats/languages/fa_IR.json

@@ -8,5 +8,6 @@
 	"visits-today": "بازدیدهای امروز",
 	"unique-visitors-today": "بازدید کنندگان منحصر به فرد امروز",
 	"chart": "چارت",
-	"table": "جدول"
+	"table": "جدول",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/fr_FR.json

@@ -8,5 +8,6 @@
 	"visits-today": "Visites du jour",
 	"unique-visitors-today": "Visiteurs uniques du jour",
 	"chart": "Graphique",
-	"table": "Tableau"
+	"table": "Tableau",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/it.json

@@ -8,5 +8,6 @@
 	"visits-today": "Visite oggi",
 	"unique-visitors-today": "Visitatori unici oggi",
 	"chart": "Grafico",
-	"table": "Tabella"
+	"table": "Tabella",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/ja_JP.json

@@ -8,5 +8,6 @@
 	"visits-today": "Visits today",
 	"unique-visitors-today": "Unique visitors today",
 	"chart": "Chart",
-	"table": "テーブル"
+	"table": "テーブル",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/nl_NL.json

@@ -8,5 +8,6 @@
 	"visits-today": "Aantal bezoeken vandaag",
 	"unique-visitors-today": "Unieke bezoekers vandaag",
 	"chart": "Grafiek",
-	"table": "Tabel"
+	"table": "Tabel",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/ru_RU.json

@@ -8,5 +8,6 @@
 	"visits-today": "Посещений сегодня",
 	"unique-visitors-today": "Уникальных посетителей сегодня",
 	"chart": "Диаграмма",
-	"table": "Таблица"
+	"table": "Таблица",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/languages/tr.json

@@ -8,5 +8,6 @@
 	"visits-today": "Bugün yapılan ziyaretler",
 	"unique-visitors-today": "Bugün yapılan benzersiz ziyaretler",
 	"chart": "Grafik",
-	"table": "Tablo"
+	"table": "Tablo",
+	"disk-usage" : "Disk Usage"
 }

bl-plugins/simple-stats/plugin.php

@@ -220,6 +220,11 @@ EOF;
 
 	public function renderContentStatistics($data)
 	{
+		global $L;
+		$diskUsage = Filesystem::bytesToHumanFileSize(
+			Filesystem::getSize(PATH_ROOT)
+		);
+
 		$html = '<div class="my-5 pt-4 border-top">';
 		$html .= "<h4 class='pb-2'>{$data['title']}</h4>";
 		$html .= '
@@ -237,6 +242,7 @@ EOF;
 			<table class="table table-borderless table-sm table-striped mt-3">
 			  <tbody>';
 
+		$html .= "<tr><th>{$L->get('disk-usage')}</th><td>$diskUsage</td></tr>";
 		foreach ($data['data'] as $th => $td) {
 			$html .= "
 				<tr>