Commit 9dbc4de8 authored by Elias Villiger's avatar Elias Villiger
Browse files

Feature #6357 - Add savePdf documentation

parent fd593ea7
Pipeline #695 passed with stage
in 1 minute and 43 seconds
......@@ -5922,6 +5922,30 @@ A limited set of attributes is supported: ::
SELECT "complete.pdf|Download PDF|fileadmin/test1.pdf|fileadmin/test2.pdf|id=export&r=1" AS _Pdf
.. _column-save-pdf:
Column: _savePdf
Generated PDFs can be stored directly on the server with this functionality. The link query consists of the following parameters:
* One or more element sources (such as `F:`, `U:`, `p:`, see download-parameter-files_), including possible wkhtmltopdf parameters
* The export filename and path as `d:` - for security reasons, this path has to start with *fileadmin/*
* Please note that this option does not render anything in the front end, but is executed each time it is parsed.
You may want to add a check to prevent multiple execution.
* It is not advised to generate the filename with user input for security reasons.
* If the target file already exists it will be overwriten. To save individual files, choose a new filename,
for example by adding a timestamp.
Examples: ::
SELECT "d:fileadmin/result.pdf|F:fileadmin/_temp_/test.pdf" AS _savePdf
SELECT "d:fileadmin/result.pdf|F:fileadmin/_temp_/test.pdf|U:id=test&--orientation=landscape" AS _savePdf
.. _column-thumbnail:
Column: _thumbnail
......@@ -6085,7 +6109,7 @@ By using the `_link` column name:
* setting `s:1` is mandatory for the download function,
* the alttext `a:...` specifies a message in the download popup.
By using `_pdf`, `_Pdf`, `_file`, `_File`, `_zip`, `_Zip`, `excel` as columnname, the options `d`, `m` and `s`
By using `_pdf`, `_Pdf`, `_file`, `_File`, `_zip`, `_Zip`, `excel` as columnname, the options `d`, `M` and `s`
will be set.
All files will be read by PHP - therefore the directory might be protected against direct web access. This is the
......@@ -6093,7 +6117,7 @@ preferred option to offer secure downloads via QFQ.
In case the download needs a persistant URL (no SIP, no user session), a regular
link, pointing directly to a file, have to be used - the download functionality described here is not appropriate for
such a scenario.
such a scenario. If necessary, column-save-pdf_ can be used to generate such a file.
.. _download-parameter-files:
......@@ -757,19 +757,21 @@ class Report {
$tokenGiven = [];
$vars = $this->link->fillParameter($columnValue, $tokenGiven);
$vars = $this->link->fillParameter($columnValue,$tokenGiven);
$download = new Download();
// Save file with specified export filename
$pathFileName = $vars[DOWNLOAD_EXPORT_FILENAME];
$sanitizedFileName = Sanitize::safeFilename($pathFileName, false, true);
if ($pathFileName !== $sanitizedFileName) {
if($pathFileName == '' ||
substr($pathFileName, 0, strlen("fileadmin/")) !== "fileadmin/" ||
substr($pathFileName, -4) !== '.pdf') {
throw new UserReportException( "savePdf filenames need to be in the fileadmin/ directory and end in .pdf for security reasons.", ERROR_INVALID_SAVE_PDF_FILENAME);
} elseif ($pathFileName !== $sanitizedFileName) {
throw new UserReportException("The provided filename '$pathFileName' does not meet sanitize criteria. Use '$sanitizedFileName' instead.", ERROR_INVALID_SAVE_PDF_FILENAME);
} elseif(substr($pathFileName, 0, strlen("fileadmin/")) !== "fileadmin/") {
throw new UserReportException( "savePdf filenames need to be in the fileadmin/ directory for security reasons.", ERROR_INVALID_SAVE_PDF_FILENAME);
} else {
$download = new Download();
$file = $download->process($vars, OUTPUT_MODE_FILE);
Support::copyFile($file, $pathFileName, true);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment