aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormdima <michele@nt2.it>2012-03-17 10:27:40 -0700
committermdima <michele@nt2.it>2012-03-17 10:27:40 -0700
commit99bc489f73288889dd92ca921d9165ec3a1272f7 (patch)
tree80cd054a918f605ddb90f34ffbef86d01bfb731f
parent2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5 (diff)
parent337f1198886af05541232eebec5e68a32f5b0e54 (diff)
downloadpfsense-packages-99bc489f73288889dd92ca921d9165ec3a1272f7.tar.gz
pfsense-packages-99bc489f73288889dd92ca921d9165ec3a1272f7.tar.bz2
pfsense-packages-99bc489f73288889dd92ca921d9165ec3a1272f7.zip
Merge pull request #228 from mdima/master
File Manager: Fix User Authentication and redirect.
-rw-r--r--config/filemgr/rbfminc/download.tmp52
1 files changed, 29 insertions, 23 deletions
diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp
index ddc08148..57de029e 100644
--- a/config/filemgr/rbfminc/download.tmp
+++ b/config/filemgr/rbfminc/download.tmp
@@ -1,36 +1,42 @@
<?php
-include "config.php";
-include "session.php";
-require_once('config.inc');
-require("guiconfig.inc");
-include("head.inc");
+include_once("auth.inc");
include "functions.php";
-
+//Set the cache policy
+ob_end_clean();
+header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+//Gets the parameters
$_GET['file_name'] = urldecode($_GET['file_name']);
$_GET['p'] = urldecode($_GET['p']);
-
-if($_GET['file_name'] and $_GET['p']){
- $filepath = $_GET['p'].$_GET['file_name'];
- if(file_exists($filepath)){
- $type = wp_check_filetype($_GET['file_name']);
- header('Expires: 0');
- header('Cache-Control: must-revalidate');
- header('Pragma: public');
- header('Content-type: {$type[type]}');
- header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
- header('Content-Length: ' . filesize($filepath));
- ob_clean();
- flush();
- readfile($filepath);
- exit;
+//Check Authentication
+if (session_auth())
+{
+ if($_GET['file_name'] and $_GET['p']){
+ $filepath = $_GET['p'].$_GET['file_name'];
+ if(file_exists($filepath)){
+ $type = wp_check_filetype($_GET['file_name']);
+ header('Content-type: ' . $type[$_GET['file_name']]);
+ header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
+ header('Content-Length: ' . filesize($filepath));
+ header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200);
+ flush();
+ readfile($filepath);
+ exit;
+ }
+ else
+ {
+ echo("File not found");
+ }
}
else
{
- echo("file not found");
+ echo("File Unknown");
}
}
else
{
- echo("file unknown");
+ echo("Session Expired");
}
?> \ No newline at end of file