1<?php
2/**
3 * Copyright since 2007 PrestaShop SA and Contributors
4 * PrestaShop is an International Registered Trademark & Property of PrestaShop SA
5 *
6 * NOTICE OF LICENSE
7 *
8 * This source file is subject to the Open Software License (OSL 3.0)
9 * that is bundled with this package in the file LICENSE.md.
10 * It is also available through the world-wide-web at this URL:
11 * https://opensource.org/licenses/OSL-3.0
12 * If you did not receive a copy of the license and are unable to
13 * obtain it through the world-wide-web, please send an email
14 * to license@prestashop.com so we can send you a copy immediately.
15 *
16 * DISCLAIMER
17 *
18 * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
19 * versions in the future. If you wish to customize PrestaShop for your
20 * needs please refer to https://devdocs.prestashop.com/ for more information.
21 *
22 * @author    PrestaShop SA and Contributors <contact@prestashop.com>
23 * @copyright Since 2007 PrestaShop SA and Contributors
24 * @license   https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
25 */
26@trigger_error('Using '.__FILE__.' to make an ajax call is deprecated since 1.7.6.0 and will be removed in the next major version. Use a controller instead.', E_USER_DEPRECATED);
27
28/**
29 * @deprecated
30 * Opens a backup file for download
31 *
32 * -> Duplicated in Symfony (route: admin_backup_download)
33 */
34
35if (!defined('_PS_ADMIN_DIR_')) {
36    define('_PS_ADMIN_DIR_', __DIR__);
37}
38include _PS_ADMIN_DIR_.'/../config/config.inc.php';
39
40if (!Context::getContext()->employee->isLoggedBack()) {
41    Tools::redirectAdmin(Context::getContext()->link->getAdminLink('AdminLogin'));
42}
43
44$tabAccess = Profile::getProfileAccess(
45    Context::getContext()->employee->id_profile,
46    Tab::getIdFromClassName('AdminBackup')
47);
48
49if ($tabAccess['view'] !== '1') {
50    die(Context::getContext()->getTranslator()->trans(
51        'You do not have permission to view this.',
52        array(),
53        'Admin.Advparameters.Notification'
54    ));
55}
56
57$backupdir = realpath(PrestaShopBackup::getBackupPath());
58
59if ($backupdir === false) {
60    die(Context::getContext()->getTranslator()->trans(
61        'There is no "/backup" directory.',
62        array(),
63        'Admin.Advparameters.Notification'
64    ));
65}
66
67if (!$backupfile = Tools::getValue('filename')) {
68    die(Context::getContext()->getTranslator()->trans(
69        'No file has been specified.',
70        array(),
71        'Admin.Advparameters.Notification'
72    ));
73}
74
75// Check the realpath so we can validate the backup file is under the backup directory
76$backupfile = realpath($backupdir.DIRECTORY_SEPARATOR.$backupfile);
77
78if ($backupfile === false || strncmp($backupdir, $backupfile, strlen($backupdir)) != 0) {
79    die(Tools::dieOrLog('The backup file does not exist.'));
80}
81
82if (substr($backupfile, -4) == '.bz2') {
83    $contentType = 'application/x-bzip2';
84} elseif (substr($backupfile, -3) == '.gz') {
85    $contentType = 'application/x-gzip';
86} else {
87    $contentType = 'text/x-sql';
88}
89$fp = @fopen($backupfile, 'rb');
90
91if ($fp === false) {
92    die(Context::getContext()->getTranslator()->trans(
93            'Unable to open backup file(s).',
94            array(),
95            'Admin.Advparameters.Notification'
96        ).' "'.addslashes($backupfile).'"'
97    );
98}
99
100// Add the correct headers, this forces the file is saved
101header('Content-Type: '.$contentType);
102header('Content-Disposition: attachment; filename="'.Tools::getValue('filename'). '"');
103
104if (ob_get_level() && ob_get_length() > 0) {
105    ob_clean();
106}
107$ret = @fpassthru($fp);
108
109fclose($fp);
110
111if ($ret === false) {
112    die(Context::getContext()->getTranslator()->trans(
113            'Unable to display backup file(s).',
114            array(),
115            'Admin.Advparameters.Notification'
116        ).' "'.addslashes($backupfile).'"'
117    );
118}
119