source: branches/1.6/action.php @ 22323

Last change on this file since 22323 was 1559, checked in by rub, 18 years ago

Resolved Issue ID 0000556:

o Error on Save a High Definition Picture stored on distant site

  • Property svn:keywords set to Date Author Rev URL
File size: 3.6 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $URL: branches/1.6/action.php $
9// | last update   : $Date: 2006-10-10 21:20:57 +0000 (Tue, 10 Oct 2006) $
10// | last modifier : $Author: rub $
11// | revision      : $Rev: 1559 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28define('PHPWG_ROOT_PATH','./');
29include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
30
31// Check Access and exit when user status is not ok
32check_status(ACCESS_GUEST);
33
34function force_download ($filename)
35{
36//TODO : messages in "lang"
37  if (!url_is_remote($filename))
38  {
39    $filename = realpath($filename);
40    if (!file_exists($filename))
41    {
42      die("NO FILE HERE");
43    }
44    $file_size = @filesize($filename);
45  }
46  else
47  {
48    $file_size = 0;
49  }
50
51  $file_extension = strtolower(substr(strrchr($filename,"."),1));
52
53  switch ($file_extension) {
54      case "jpe": case "jpeg":
55      case "jpg": $ctype="image/jpg"; break;
56      case "png": $ctype="image/png"; break;
57      case "gif": $ctype="image/gif"; break;
58      case "pdf": $ctype="application/pdf"; break;
59      case "zip": $ctype="application/zip"; break;
60      case "php": 
61        // never allow download of php scripts to protect our conf files
62        die('Hacking attempt!'); break;
63      default: $ctype="application/octet-stream";
64  }
65
66  header("Pragma: public");
67  header("Expires: 0");
68  header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
69  header("Cache-Control: private",false);
70  header("Content-Type: $ctype");
71  header("Content-Disposition: attachment; filename=\""
72         .basename($filename)."\";");
73  header("Content-Transfer-Encoding: binary");
74  if (isset($file_size) and ($file_size != 0))
75  {
76    header("Content-Length: ".@filesize($filename));
77  }
78  // Looking at the safe_mode configuration for execution time
79  if (ini_get('safe_mode') == 0)
80  {
81    @set_time_limit(0);
82  }
83
84  @readfile("$filename") or die("File not found.");
85}
86
87//--------------------------------------------------------- download big picture
88if ( isset( $_GET['dwn'] ) )
89{
90//TODO : verify the path begins with something in galleries_url and that user has access rights to the picture
91// in order to avoid hacking atempts by forged url
92  if (preg_match('/\.\./',$_GET['dwn'])) {
93    die('Hacking attempt!');
94  }
95  force_download($_GET['dwn']);
96}
97
98?>
Note: See TracBrowser for help on using the repository browser.