Saving Data from Drupal to Local System File - drupal-6

I have created a drupal module which displays some reporting data. I would like to include an option that enables a user viewing the page to save data as a txt or csv file on their local system, but I am running into the following problems:
How to specify local directory to save to.
How to actually save the data to the directory.
I've read through the drupal api documentation for forms. There is a 'file' input type that allows a user to browse their system and select a location to upload from. I've also looked at the file_save_data() function, but it seems that data is only saved within the drupal site directory.
Any help would be greatly appreciated.

How to specify local directory to save to.
You can't. The user's browser will save your files to either the browser's default downloads directory, or it'll prompt the user to pick a location. Letting a website pick where a file gets saved would be a major security hole - they could create desktop shortcuts to viruses, add startup items, etc.

This worked for me:
$file = file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME);
drupal_set_header($header = "Content-type: text");
drupal_set_header($header = "Content-Disposition: attachment; filename=$file.xls");
readfile($file);
die();
The die() needs to go in there, or else the page html will be appended to the file.

Related

Script in server saving locally

I wrote a script that is using slack API to parse AWS S3 files looking for strings or samples. As this is in testing, I'm using my local machine and ngrok to forward localhost traffic.
The thing is that the generated files are getting stores in my machine and will be stored in server once the script is ready for production.
Ideally, I'd like to avoid users needing to grab files from server. Do you think it's possible to store directly in user local machine?
No. Slack does not allow you to access the local machine of their users through a Slack app / API.
Solution 1: Download via browser
The easiest solution would be to offer a direct download link in a Slack message, e.g. via a Link button. Once the user clicks it he is prompted to download the file to his local machine.
Here is an example from one of my apps:
And once you click it you get this window:
To enable downloading via browser you need to set appropriate headers and send the file contents to the browser.
One approach is to have a helper script for the actual download and include a link to the helper script in the link button (you may also want to include some parameters in the link that defines what which file is downloaded).
The helper script then does the following:
Fetch the file to be downloaded (e.g. an PNG image)
Set headers to enable downloading via browser
Send the file to the browser
Here is an example in PHP:
<?php
$filename = "demo.png";
$file = file_get_contents($filename);
header('Content-Disposition: attachment;filename=' . $filename);
header('Content-Type: image/png');
echo $file;
die();
For more infos on download headers see also this answer on SO.
Solution 2: Upload to Slack
Alternatively you could upload the file to the user's Slack workspace via file.upload API method. That way the user does not need to download anything and and you can remove the file from your server after your app has finished processing.

Export report to Excel

I want to export a table to an Excel file. I need to export a report.
ORA_EXCEL.new_document;
ORA_EXCEL.add_sheet('Sheet name');
ORA_EXCEL.query_to_sheet('select * from mytable');
ORA_EXCEL.save_to_blob(myblob);
I saved my table to blob.
How do I export/respond to the user (client)?
I need something that is simple to allow a user to be able to download an Excel file to their own computer. I tried doing this procedure in an Oracle workflow:
ORA_EXCEL.save_to_file('EXPORT_DIR', 'example.xlsx');
But this did not help, because it is saves the file to a directory on the server and I need it in the real server.
The way I have handled similar issues in the past was to work with the systems people to mount a directory from either a web server or file server on the Database server.
Then create a directory object so that the procedure can save to a location that is accessible to the user.
If the files are not sensitive and there are a limited number of users then a file server makes sense as it is then just a matter of giving the user access to the file share.
If files are sensitive or this is a large number or unknown users we then used the Web server and sent a email with a link to the user enabling them to download their file. Naturally there needs to be security built into this to stop people being able to download other users files.
We didn't just email the files as an attachment because...
1) Emails with attachments tend to get blocked
2) We always advise not to open attachments on emails. (Yes I know we advise not to click on links as well but nothing is perfect)
Who or what is invoking the production of the document?
If it´s done by an application, which the user is working on, this application can fetch the BLOB, stores it at f.e. TEMP-Directory and calls
System.Diagnostics.Process.Start("..."); to open it with the associated application. (see Open file with associated application)
If it´s a website, this one could stream the blob back as Excel-Mimetype (see Setting mime type for excel document)
Also you could store in an Oracle-DIRECTORY, but this one has to be on the server and should be a netword-share to be accessible for clients (which is rarely accepted in a productive environment!)
If MAIL isn´t the solution, then maybe FTP can be a way to store files in a common share. See UTL_TCP - Package, with this a FTP-transfer can be achieved (a bit hard to code, but there are solutions to find in the web) and I guess, professional tools that generate Office-documents out of Oracle-DB and distribute them do it like this.

Why save file with original name is dangerous in an upload?

Currently I'm working on a web project (Classic Asp) and I'm going to make an upload form.
Folklore says:
"Don't use the real name to save the uploaded files"
.
What are the problems, dangers, from the security point of view ?
Proper directory permissions should stop most of this stuff but I suppose for file names a potential danger is that they could name it something like "../Default.asp" or "../Malware.asp" or some other malicious path attempting to overwrite files and/or have an executable script on your server.
If I'm using a single upload folder, I always save my users uploads with a GUID file name just because users aren't very original and you get name conflicts very often otherwise.

CF and PDF in secure environment

I'm using CF9. My problem pertains to an admin application that sets session variables at login to identify the user and user permissions. Depending on the user level, certain pages are allowed for viewing and other pages are not allowed. (I'll refer to this as my 'security framework'. This is wrapped around everything in the root.)
This security framework consists of a cfif statement at the top of the CFM page and a closing cfelse and (</)cfif at the bottom of the page. Everything between this opening cfif and closing cfif displays if the user has that level permission - standard stuff.
Certain users can upload PDF files, no problem here. PDF files are uploaded to a folder outside of the root and then moved and renamed to folders inside the root.
When uploading, the user chooses categories and subcategories etc. and these variables are inserted in a SQL database during the upload process. Therefore, I have filePaths and fileNames, etc. to set up dynamic links on a page for a user to click and load the PDF (password protected) in the browser.
I have the dynamic link pointing to a ShowThisPDF.cfm? with URL variables filePath= #filePath# & fileName = #fileName#. I've set up the ShowThisPDF.cfm with the security framework at the top and bottom of the page and am trying to copy the uploaded PDF into this page so that the PDF will display in the browser.
I've tried many ways to do this with cfdocument and cfpdf and cfcontent, etc. When I read the error that this is throwing, it does look like it is reaching the uploaded file but I get an "access denied" every time, due to the security framework I suppose.
On a side note, elsewhere in this application I can create a PDF from my cf pages with cfdocument with the security framework wrapped around the page and this works perfectly - displaying the PDF in the browser. My problem is in loading an existing PDF into a CFM page that has the security framework - which should allow the PDF to load.
Anyone have an idea as to how I can accomplish the above? I hate to try and bypass my security and it seems logical to "copy" the uploaded PDF into a CFM page that wraps the PDF in the security framework and then display the PDF in the browser.
Agree with Dan - I had similar issue. So I ended up doing https: with a windows login and also a ColdFusion Login to Web Application. At end of day - they need 2 logins to get into the system - then they can see the pdf files etc or what they need.

Possible for Word to edit documents directly off an web server without Sharepoint?

I have a use case that seems pretty simple, but after Googling around I can't find a solution. I have some Word documents on an FTP server and I'd like to be able to create a link that would download them into Word and then allow the saved changes to be sent back to the FTP server.
The problem is that I can only get Word to either open the file from the FTP server as read-only and I can't save the changes back to the server automatically, or the file downloads to a temporary location which isn't automatically saved back to the server. I'm creating my link like this:
Test
Frustratingly, if I go into Word File|Open and paste the link "ftp://ftp.example.com/www/uploads/Image/test.doc" I can save back to the server. What gives? Is there a solution? From Googling around it seems that Sharepoint offers this ability, but that's not practical for us. We're using IE7 and Office 2003.
I believe Microsoft Word can read / write WebDAV - see this question:
Editable Word Document from JSP
Can you set up some kind of proxy that can connect via FTP?
Read this link http://www.webdavsystem.com/server/documentation/ms_office_read_only (is actually about webdav, but I'd guess this is the same issue for FTP), there is a section on on opening weblinked documents in non-readonly mode. Which needs some changes on the client side...
HTH
Tim
Solution for IE:
Put a file on ajaxbrowser.com (this is WebDAV Server for testing) and replace file's full path in the next code:
var openDocumentsObject = new ActiveXObject("SharePoint.OpenDocuments");
openDocumentsObject.EditDocument('http://ajaxbrowser.com/mydoc.docx');
Another example:
<a href='http://ajaxbrowser.com/mydoc.docx' id='urltarget' target='_blank'>Edit through URI</a>

Resources