aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichele Di Maria <michele@nt2.it>2012-03-17 18:26:05 +0100
committerMichele Di Maria <michele@nt2.it>2012-03-17 18:26:05 +0100
commit337f1198886af05541232eebec5e68a32f5b0e54 (patch)
treeadabd61a7589d330fa5cc37a7ddd702a5ba2c12f
parentb65f147e3065c389164911cc83746105fd053f4e (diff)
downloadpfsense-packages-337f1198886af05541232eebec5e68a32f5b0e54.tar.gz
pfsense-packages-337f1198886af05541232eebec5e68a32f5b0e54.tar.bz2
pfsense-packages-337f1198886af05541232eebec5e68a32f5b0e54.zip
File Manager: Fix User Authentication and redirect.
-rw-r--r--config/filemgr/rbfminc/download.tmp52
1 files changed, 29 insertions, 23 deletions
diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp
index ddc08148..57de029e 100644
--- a/config/filemgr/rbfminc/download.tmp
+++ b/config/filemgr/rbfminc/download.tmp
@@ -1,36 +1,42 @@
<?php
-include "config.php";
-include "session.php";
-require_once('config.inc');
-require("guiconfig.inc");
-include("head.inc");
+include_once("auth.inc");
include "functions.php";
-
+//Set the cache policy
+ob_end_clean();
+header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+//Gets the parameters
$_GET['file_name'] = urldecode($_GET['file_name']);
$_GET['p'] = urldecode($_GET['p']);
-
-if($_GET['file_name'] and $_GET['p']){
- $filepath = $_GET['p'].$_GET['file_name'];
- if(file_exists($filepath)){
- $type = wp_check_filetype($_GET['file_name']);
- header('Expires: 0');
- header('Cache-Control: must-revalidate');
- header('Pragma: public');
- header('Content-type: {$type[type]}');
- header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
- header('Content-Length: ' . filesize($filepath));
- ob_clean();
- flush();
- readfile($filepath);
- exit;
+//Check Authentication
+if (session_auth())
+{
+ if($_GET['file_name'] and $_GET['p']){
+ $filepath = $_GET['p'].$_GET['file_name'];
+ if(file_exists($filepath)){
+ $type = wp_check_filetype($_GET['file_name']);
+ header('Content-type: ' . $type[$_GET['file_name']]);
+ header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
+ header('Content-Length: ' . filesize($filepath));
+ header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200);
+ flush();
+ readfile($filepath);
+ exit;
+ }
+ else
+ {
+ echo("File not found");
+ }
}
else
{
- echo("file not found");
+ echo("File Unknown");
}
}
else
{
- echo("file unknown");
+ echo("Session Expired");
}
?> \ No newline at end of file