diff options
author | mdima <michele@nt2.it> | 2012-03-17 08:24:35 +0100 |
---|---|---|
committer | mdima <michele@nt2.it> | 2012-03-17 08:24:35 +0100 |
commit | b65f147e3065c389164911cc83746105fd053f4e (patch) | |
tree | 1d28db5027a2b2bd7af618e05a5656bdb1a2bb0f /config | |
parent | 870ac0b6796f382ed52faa6c9eb026fc58720320 (diff) | |
download | pfsense-packages-b65f147e3065c389164911cc83746105fd053f4e.tar.gz pfsense-packages-b65f147e3065c389164911cc83746105fd053f4e.tar.bz2 pfsense-packages-b65f147e3065c389164911cc83746105fd053f4e.zip |
File Manager: Solves an authentication issue in the download function.
See http://forum.pfsense.org/index.php/topic,47248.0.html for details.
Diffstat (limited to 'config')
-rw-r--r-- | config/filemgr/rbfminc/download.tmp | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp index 232e90d0..ddc08148 100644 --- a/config/filemgr/rbfminc/download.tmp +++ b/config/filemgr/rbfminc/download.tmp @@ -1,22 +1,36 @@ <?php include "config.php"; include "session.php"; - -if($user_login == 'ok'){ - - include "functions.php"; - - $_GET['file_name'] = urldecode($_GET['file_name']); - $_GET['p'] = urldecode($_GET['p']); +require_once('config.inc'); +require("guiconfig.inc"); +include("head.inc"); +include "functions.php"; - if($_GET['file_name'] and $_GET['p']){ - if(file_exists($_GET['p'].$_GET['file_name'])){ - $file = file_get_contents($_GET['p'].$_GET['file_name']); - $type = wp_check_filetype($_GET['file_name']); - header('Content-type: {$type[type]}'); - header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"'); - echo $file; - } +$_GET['file_name'] = urldecode($_GET['file_name']); +$_GET['p'] = urldecode($_GET['p']); + +if($_GET['file_name'] and $_GET['p']){ + $filepath = $_GET['p'].$_GET['file_name']; + if(file_exists($filepath)){ + $type = wp_check_filetype($_GET['file_name']); + header('Expires: 0'); + header('Cache-Control: must-revalidate'); + header('Pragma: public'); + header('Content-type: {$type[type]}'); + header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"'); + header('Content-Length: ' . filesize($filepath)); + ob_clean(); + flush(); + readfile($filepath); + exit; + } + else + { + echo("file not found"); } } +else +{ + echo("file unknown"); +} ?>
\ No newline at end of file |