E:\WebSite\limesurvey\application\controllers\admin\responses.php(643)
631 } 632 633 if (Permission::model()->hasSurveyPermission($iSurveyId, 'responses', 'read')) { 634 $oResponse = Response::model($iSurveyId)->findByPk($iResponseId); 635 $aQuestionFiles = $oResponse->getFiles($iQID); 636 if (isset($aQuestionFiles[$iIndex])) { 637 $aFile = $aQuestionFiles[$iIndex]; 638 // Real path check from here: https://stackoverflow.com/questions/4205141/preventing-directory-traversal-in-php-but-allowing-paths 639 $sDir = Yii::app()->getConfig('uploaddir') . "/surveys/" . $iSurveyId . "/files/"; 640 $sFileRealName = $sDir . $aFile['filename']; 641 $sRealUserPath = realpath($sFileRealName); 642 if ($sRealUserPath === false || strpos($sRealUserPath, $sDir) !== 0) { 643 throw new CHttpException(403, "Disable for security reasons."); 644 } else { 645 $mimeType = CFileHelper::getMimeType($sFileRealName, null, false); 646 if (is_null($mimeType)) { 647 $mimeType = "application/octet-stream"; 648 } 649 @ob_clean(); 650 header('Content-Description: File Transfer'); 651 header('Content-Type: '.$mimeType); 652 header('Content-Disposition: attachment; filename="'.sanitize_filename(rawurldecode($aFile['name'])).'"'); 653 header('Content-Transfer-Encoding: binary'); 654 header('Expires: 0'); 655 header("Cache-Control: must-revalidate, no-store, no-cache");
| #0 |
unknown(0): responses->actionDownloadfile("558129", 51, 730708, 0)
|
| #1 |
+
–
E:\WebSite\limesurvey\framework\web\actions\CAction.php(115): ReflectionMethod->invokeArgs(responses, array("558129", "51", "730708", "0")) 110 elseif($param->isDefaultValueAvailable()) 111 $ps[]=$param->getDefaultValue(); 112 else 113 return false; 114 } 115 $method->invokeArgs($object,$ps); 116 return true; 117 } 118 } |
| #2 |
+
–
E:\WebSite\limesurvey\application\core\Survey_Common_Action.php(83): CAction->runWithParamsInternal(responses, ReflectionMethod, array("r" => "admin/responses", "sa" => "actionDownloadfile", "surveyid" => "558129", "iResponseId" => "51", ...)) 78 $oMethod = new ReflectionMethod($this, $sDefault); 79 } 80 81 // We're all good to go, let's execute it 82 // runWithParamsInternal would automatically get the parameters of the method and populate them as required with the params 83 return parent::runWithParamsInternal($this, $oMethod, $params); 84 } 85 86 /** 87 * Some functions have different parameters, which are just an alias of the 88 * usual parameters we're getting in the url. This function just populates |
| #3 |
+
–
E:\WebSite\limesurvey\framework\web\CController.php(308): Survey_Common_Action->runWithParams(array("r" => "admin/responses", "sa" => "actionDownloadfile", "surveyid" => "558129", "iResponseId" => "51", ...)) 303 { 304 $priorAction=$this->_action; 305 $this->_action=$action; 306 if($this->beforeAction($action)) 307 { 308 if($action->runWithParams($this->getActionParams())===false) 309 $this->invalidActionParams($action); 310 else 311 $this->afterAction($action); 312 } 313 $this->_action=$priorAction; |
| #4 |
+
–
E:\WebSite\limesurvey\framework\web\CController.php(286): CController->runAction(responses) 281 * @see runAction 282 */ 283 public function runActionWithFilters($action,$filters) 284 { 285 if(empty($filters)) 286 $this->runAction($action); 287 else 288 { 289 $priorAction=$this->_action; 290 $this->_action=$action; 291 CFilterChain::create($this,$action,$filters)->run(); |
| #5 |
+
–
E:\WebSite\limesurvey\framework\web\CController.php(265): CController->runActionWithFilters(responses, array()) 260 { 261 if(($parent=$this->getModule())===null) 262 $parent=Yii::app(); 263 if($parent->beforeControllerAction($this,$action)) 264 { 265 $this->runActionWithFilters($action,$this->filters()); 266 $parent->afterControllerAction($this,$action); 267 } 268 } 269 else 270 $this->missingAction($actionID); |
| #6 |
+
–
E:\WebSite\limesurvey\application\controllers\AdminController.php(165): CController->run("responses") 160 $this->redirect(array('/admin/authentication/sa/login')); 161 } 162 } 163 } 164 165 return parent::run($action); 166 } 167 168 /** 169 * Routes all the actions to their respective places 170 * |
| #7 |
+
–
E:\WebSite\limesurvey\framework\web\CWebApplication.php(282): AdminController->run("responses") 277 { 278 list($controller,$actionID)=$ca; 279 $oldController=$this->_controller; 280 $this->_controller=$controller; 281 $controller->init(); 282 $controller->run($actionID); 283 $this->_controller=$oldController; 284 } 285 else 286 throw new CHttpException(404,Yii::t('yii','Unable to resolve the request "{route}".', 287 array('{route}'=>$route===''?$this->defaultController:$route))); |
| #8 |
+
–
E:\WebSite\limesurvey\framework\web\CWebApplication.php(141): CWebApplication->runController("admin/responses") 136 foreach(array_splice($this->catchAllRequest,1) as $name=>$value) 137 $_GET[$name]=$value; 138 } 139 else 140 $route=$this->getUrlManager()->parseUrl($this->getRequest()); 141 $this->runController($route); 142 } 143 144 /** 145 * Registers the core application components. 146 * This method overrides the parent implementation by registering additional core components. |
| #9 |
+
–
E:\WebSite\limesurvey\framework\base\CApplication.php(185): CWebApplication->processRequest() 180 public function run() 181 { 182 if($this->hasEventHandler('onBeginRequest')) 183 $this->onBeginRequest(new CEvent($this)); 184 register_shutdown_function(array($this,'end'),0,false); 185 $this->processRequest(); 186 if($this->hasEventHandler('onEndRequest')) 187 $this->onEndRequest(new CEvent($this)); 188 } 189 190 /** |
| #10 |
+
–
E:\WebSite\limesurvey\index.php(194): CApplication->run() 189 require_once APPPATH . 'core/LSYii_Application' . EXT; 190 191 $config = require_once(APPPATH . 'config/internal' . EXT); 192 193 Yii::$enableIncludePath = false; 194 Yii::createApplication('LSYii_Application', $config)->run(); 195 196 /* End of file index.php */ 197 /* Location: ./index.php */ |