diff options
| author | Michele Di Maria <michele@nt2.it> | 2012-03-17 18:26:05 +0100 |
|---|---|---|
| committer | Michele Di Maria <michele@nt2.it> | 2012-03-17 18:26:05 +0100 |
| commit | 337f1198886af05541232eebec5e68a32f5b0e54 (patch) | |
| tree | adabd61a7589d330fa5cc37a7ddd702a5ba2c12f /config/filemgr | |
| parent | b65f147e3065c389164911cc83746105fd053f4e (diff) | |
| download | pfsense-packages-337f1198886af05541232eebec5e68a32f5b0e54.tar.gz pfsense-packages-337f1198886af05541232eebec5e68a32f5b0e54.tar.bz2 pfsense-packages-337f1198886af05541232eebec5e68a32f5b0e54.zip | |
File Manager: Fix User Authentication and redirect.
Diffstat (limited to 'config/filemgr')
| -rw-r--r-- | config/filemgr/rbfminc/download.tmp | 52 |
1 files changed, 29 insertions, 23 deletions
diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp index ddc08148..57de029e 100644 --- a/config/filemgr/rbfminc/download.tmp +++ b/config/filemgr/rbfminc/download.tmp @@ -1,36 +1,42 @@ <?php -include "config.php"; -include "session.php"; -require_once('config.inc'); -require("guiconfig.inc"); -include("head.inc"); +include_once("auth.inc"); include "functions.php"; - +//Set the cache policy +ob_end_clean(); +header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); +//Gets the parameters $_GET['file_name'] = urldecode($_GET['file_name']); $_GET['p'] = urldecode($_GET['p']); - -if($_GET['file_name'] and $_GET['p']){ - $filepath = $_GET['p'].$_GET['file_name']; - if(file_exists($filepath)){ - $type = wp_check_filetype($_GET['file_name']); - header('Expires: 0'); - header('Cache-Control: must-revalidate'); - header('Pragma: public'); - header('Content-type: {$type[type]}'); - header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"'); - header('Content-Length: ' . filesize($filepath)); - ob_clean(); - flush(); - readfile($filepath); - exit; +//Check Authentication +if (session_auth()) +{ + if($_GET['file_name'] and $_GET['p']){ + $filepath = $_GET['p'].$_GET['file_name']; + if(file_exists($filepath)){ + $type = wp_check_filetype($_GET['file_name']); + header('Content-type: ' . $type[$_GET['file_name']]); + header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"'); + header('Content-Length: ' . filesize($filepath)); + header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200); + flush(); + readfile($filepath); + exit; + } + else + { + echo("File not found"); + } } else { - echo("file not found"); + echo("File Unknown"); } } else { - echo("file unknown"); + echo("Session Expired"); } ?>
\ No newline at end of file |