1 files changed, 48 insertions, 28 deletions

diff --git a/config/filemgr/rbfminc/download.php b/config/filemgr/rbfminc/download.php
index 172ec896..88ff1788 100644
--- a/config/filemgr/rbfminc/download.php
+++ b/config/filemgr/rbfminc/download.php
@@ -1,29 +1,54 @@
 <?php
+/*
+	download.php
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2010 Tom Schaefer <tom@tomschaefer.org>
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
 include_once("auth.inc");
-include "functions.php";
-//Set the cache policy
+include("functions.php");
+
+// Set the cache policy
 ob_end_clean();
 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
 header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
 header("Cache-Control: post-check=0, pre-check=0", false);
-header("Pragma: no-cache");	
-//Gets the parameters
+header("Pragma: no-cache");
+
+// Gets the parameters
 $_GET['file_name'] = urldecode($_GET['file_name']);
 $_GET['p'] = urldecode($_GET['p']);
-//Check Authentication
+
+// Check Authentication
 $candownload = false;
-if (function_exists("session_auth"))
-	{//pfSense 2.X
-	$candownload = session_auth();}
-else
-	{//pfSense 1.2.3
-	$candownload = htpasswd_backed_basic_auth();}
-if ($candownload)
-{
-	if($_GET['file_name'] and $_GET['p']){
+$candownload = session_auth();
+if ($candownload) {
+	if (($_GET['file_name']) && ($_GET['p'])) {
 		$filepath = $_GET['p'].$_GET['file_name'];
-		if(file_exists($filepath)){
-			$type = wp_check_filetype($_GET['file_name']);	
+		if (file_exists($filepath)) {
+			$type = wp_check_filetype($_GET['file_name']);
 			header('Content-type: ' . $type[$_GET['file_name']]);
 			header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
 			header('Content-Length: ' . filesize($filepath));
@@ -31,19 +56,14 @@ if ($candownload)
 			flush();
 			readfile($filepath);
 			exit;
+		} else {
+			echo "File not found";
 		}
-		else
-		{
-			echo("File not found");
-		}
-	}
-	else
-	{
-		echo("File Unknown");
+	} else {
+		echo "File Unknown";
 	}
+} else {
+	echo "Session Expired";
 }
-else
-{
-	echo("Session Expired");
-}
+
 ?>