mirror/php-ifm
1
0
Fork 0
mirror of https://github.com/misterunknown/ifm.git synced 2025-08-10 10:04:01 +02:00
Code Issues Releases Wiki Activity

misterunknown: new file_download function which should safely download a file

Browse Source
This commit is contained in:
Marco Dickert
2016-12-01 17:18:46 +01:00
parent d8e69c9011
commit e1a575e4f8
2 changed files with 42 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
ifm.php
View File

@@ -1521,9 +1521,7 @@ $(document).ready(function() {ifm.init()}); // init ifm
echo json_encode( array( "status" => "ERROR", "message" => "Not allowed to download hidden files" ) );
else {
$this->chDirIfNecessary( $d["dir"] );
header( "Content-Type: application/octet-stream" );
header( "Content-Disposition: attachment; filename=\"" . $d["filename"] . "\"" );
@readfile( $d["filename"] );
$this->file_download( $d['filename'] );
}
}
@@ -1661,8 +1659,7 @@ $(document).ready(function() {ifm.init()}); // init ifm
else
$d['filename'] = basename( getcwd() );
}
header( "Content-Disposition: attachment; filename=\"".$d['filename'].".zip\"" );
readfile( $dfile );
$this->file_download( $dfile, $d['filename'] . ".zip" );
} catch ( Exception $e ) {
echo "An error occured: " . $e->getMessage();
} finally {
@@ -1822,7 +1819,7 @@ $(document).ready(function() {ifm.init()}); // init ifm
private function isPathValid($p) {
if( $p == "" ) {
return true;
} elseif( $this->getScriptRoot() == substr( realpath( $p ), 0, strlen( $this->getScriptRoot() ) ) ) {
} elseif( str_replace( "\\", "/", $this->getScriptRoot() ) == str_replace( "\\", "/", substr( realpath( dirname( $p ) ), 0, strlen( $this->getScriptRoot() ) ) ) ) {
return true;
}
return false;
@@ -1947,6 +1944,24 @@ $(document).ready(function() {ifm.init()}); // init ifm
else return true;
}
private function file_download( $file, $name="" ) {
header( 'Content-Description: File Transfer' );
header( 'Content-Type: application/octet-stream' );
header( 'Content-Disposition: attachment; filename="' . ( trim( $name ) == "" ? basename( $file ) : $name ) . '"' );
header( 'Expires: 0' );
header( 'Cache-Control: must-revalidate' );
header( 'Pragma: public' );
header( 'Content-Length: ' . filesize( $file ) );
$file_stream = fopen( $file, 'rb' );
$stdout_stream = fopen('php://output', 'wb');
stream_copy_to_stream($file_stream, $stdout_stream);
fclose($file_stream);
fclose($stdout_stream);
}
///helper
}

27
src/main.php
View File

@@ -388,9 +388,7 @@ class IFM {
echo json_encode( array( "status" => "ERROR", "message" => "Not allowed to download hidden files" ) );
else {
$this->chDirIfNecessary( $d["dir"] );
header( "Content-Type: application/octet-stream" );
header( "Content-Disposition: attachment; filename=\"" . $d["filename"] . "\"" );
@readfile( $d["filename"] );
$this->file_download( $d['filename'] );
}
}
@@ -528,8 +526,7 @@ class IFM {
else
$d['filename'] = basename( getcwd() );
}
header( "Content-Disposition: attachment; filename=\"".$d['filename'].".zip\"" );
readfile( $dfile );
$this->file_download( $dfile, $d['filename'] . ".zip" );
} catch ( Exception $e ) {
echo "An error occured: " . $e->getMessage();
} finally {
@@ -689,7 +686,7 @@ class IFM {
private function isPathValid($p) {
if( $p == "" ) {
return true;
} elseif( $this->getScriptRoot() == substr( realpath( $p ), 0, strlen( $this->getScriptRoot() ) ) ) {
} elseif( str_replace( "\\", "/", $this->getScriptRoot() ) == str_replace( "\\", "/", substr( realpath( dirname( $p ) ), 0, strlen( $this->getScriptRoot() ) ) ) ) {
return true;
}
return false;
@@ -814,6 +811,24 @@ class IFM {
else return true;
}
private function file_download( $file, $name="" ) {
header( 'Content-Description: File Transfer' );
header( 'Content-Type: application/octet-stream' );
header( 'Content-Disposition: attachment; filename="' . ( trim( $name ) == "" ? basename( $file ) : $name ) . '"' );
header( 'Expires: 0' );
header( 'Cache-Control: must-revalidate' );
header( 'Pragma: public' );
header( 'Content-Length: ' . filesize( $file ) );
$file_stream = fopen( $file, 'rb' );
$stdout_stream = fopen('php://output', 'wb');
stream_copy_to_stream($file_stream, $stdout_stream);
fclose($file_stream);
fclose($stdout_stream);
}
///helper
}