diff options
author | mdima <michele@nt2.it> | 2012-03-17 00:23:50 -0700 |
---|---|---|
committer | mdima <michele@nt2.it> | 2012-03-17 00:23:50 -0700 |
commit | 2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5 (patch) | |
tree | 9ef668798116da04f4450e8d8b4e3ed21de0108b | |
parent | a32a9dd4d3cdf9042a618f09787e358fe7efb54d (diff) | |
parent | b65f147e3065c389164911cc83746105fd053f4e (diff) | |
download | pfsense-packages-2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5.tar.gz pfsense-packages-2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5.tar.bz2 pfsense-packages-2a2c998d7eade8f26aaace712c4f6da9c2d4b6d5.zip |
Merge pull request #227 from mdima/master
File Manager: Solves an authentication issue in the download function.
-rw-r--r-- | config/filemgr/rbfminc/download.tmp | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp index 232e90d0..ddc08148 100644 --- a/config/filemgr/rbfminc/download.tmp +++ b/config/filemgr/rbfminc/download.tmp @@ -1,22 +1,36 @@ <?php include "config.php"; include "session.php"; - -if($user_login == 'ok'){ - - include "functions.php"; - - $_GET['file_name'] = urldecode($_GET['file_name']); - $_GET['p'] = urldecode($_GET['p']); +require_once('config.inc'); +require("guiconfig.inc"); +include("head.inc"); +include "functions.php"; - if($_GET['file_name'] and $_GET['p']){ - if(file_exists($_GET['p'].$_GET['file_name'])){ - $file = file_get_contents($_GET['p'].$_GET['file_name']); - $type = wp_check_filetype($_GET['file_name']); - header('Content-type: {$type[type]}'); - header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"'); - echo $file; - } +$_GET['file_name'] = urldecode($_GET['file_name']); +$_GET['p'] = urldecode($_GET['p']); + +if($_GET['file_name'] and $_GET['p']){ + $filepath = $_GET['p'].$_GET['file_name']; + if(file_exists($filepath)){ + $type = wp_check_filetype($_GET['file_name']); + header('Expires: 0'); + header('Cache-Control: must-revalidate'); + header('Pragma: public'); + header('Content-type: {$type[type]}'); + header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"'); + header('Content-Length: ' . filesize($filepath)); + ob_clean(); + flush(); + readfile($filepath); + exit; + } + else + { + echo("file not found"); } } +else +{ + echo("file unknown"); +} ?>
\ No newline at end of file |