XOOPS  2.6.0
force_download.php
Go to the documentation of this file.
1 <?php
2 include('config/config.php');
3 if($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") die('forbiden');
4 include('include/utils.php');
5 
6 if(strpos($_POST['path'],'/')===0
7  || strpos($_POST['path'],'../')!==FALSE
8  || strpos($_POST['path'],'./')===0)
9  die('wrong path');
10 
11 if(strpos($_POST['name'],'/')!==FALSE)
12  die('wrong path');
13 
14 $path=$current_path.$_POST['path'];
15 $name=$_POST['name'];
16 
17 $info=pathinfo($name);
18 if(!in_array(fix_strtolower($info['extension']), $ext)){
19  die('wrong extension');
20 }
21 
22 header('Pragma: private');
23 header('Cache-control: private, must-revalidate');
24 header("Content-Type: application/octet-stream");
25 header("Content-Length: " .(string)(filesize($path.$name)) );
26 header('Content-Disposition: attachment; filename="'.($name).'"');
27 readfile($path.$name);
28 
29 exit;
30 ?>
$current_path
$current_path
Definition: config.php:3
$_SESSION
$_SESSION['RF']["verify"]
Definition: dialog.php:4
fix_strtolower
fix_strtolower($str)
Definition: utils.php:203
exit
exit
Definition: force_download.php:29
$ext
$ext
Definition: browse.php:87
$path
$path
Definition: force_download.php:14
$name
$name
Definition: force_download.php:15
$info
$info
Definition: force_download.php:17