aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormdima <michele@nt2.it>2012-03-17 00:23:50 -0700
committermdima <michele@nt2.it>2012-03-17 00:23:50 -0700
commit2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5 (patch)
tree9ef668798116da04f4450e8d8b4e3ed21de0108b
parenta32a9dd4d3cdf9042a618f09787e358fe7efb54d (diff)
parentb65f147e3065c389164911cc83746105fd053f4e (diff)
downloadpfsense-packages-2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5.tar.gz
pfsense-packages-2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5.tar.bz2
pfsense-packages-2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5.zip
Merge pull request #227 from mdima/master
File Manager: Solves an authentication issue in the download function.
-rw-r--r--config/filemgr/rbfminc/download.tmp44
1 files changed, 29 insertions, 15 deletions
diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp
index 232e90d0..ddc08148 100644
--- a/config/filemgr/rbfminc/download.tmp
+++ b/config/filemgr/rbfminc/download.tmp
@@ -1,22 +1,36 @@
<?php
include "config.php";
include "session.php";
-
-if($user_login == 'ok'){
-
- include "functions.php";
-
- $_GET['file_name'] = urldecode($_GET['file_name']);
- $_GET['p'] = urldecode($_GET['p']);
+require_once('config.inc');
+require("guiconfig.inc");
+include("head.inc");
+include "functions.php";
- if($_GET['file_name'] and $_GET['p']){
- if(file_exists($_GET['p'].$_GET['file_name'])){
- $file = file_get_contents($_GET['p'].$_GET['file_name']);
- $type = wp_check_filetype($_GET['file_name']);
- header('Content-type: {$type[type]}');
- header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
- echo $file;
- }
+$_GET['file_name'] = urldecode($_GET['file_name']);
+$_GET['p'] = urldecode($_GET['p']);
+
+if($_GET['file_name'] and $_GET['p']){
+ $filepath = $_GET['p'].$_GET['file_name'];
+ if(file_exists($filepath)){
+ $type = wp_check_filetype($_GET['file_name']);
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate');
+ header('Pragma: public');
+ header('Content-type: {$type[type]}');
+ header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
+ header('Content-Length: ' . filesize($filepath));
+ ob_clean();
+ flush();
+ readfile($filepath);
+ exit;
+ }
+ else
+ {
+ echo("file not found");
}
}
+else
+{
+ echo("file unknown");
+}
?> \ No newline at end of file