Platon Technologies
neprihlásený Prihlásiť Registrácia
SlovakEnglish
open source software development oslavujeme 10 rokov vývoja otvoreného softvéru! Pondelok, 10. február 2025

Súbor: [Platon] / Metafox / lib / phpWebFileManager / plugins / file.php (stiahnutie)

Revízia 1.3, Wed Nov 20 15:48:04 2024 UTC (2 months, 3 weeks ago) by igor


Zmeny od 1.2: +6 -6 [lines]

added Feedback required items,
other fixes for PHP/8.2

<?php

/**************************************************************************
 *
 * file.php
 *
 * This is a plugin for phpWebFileManager that allows you to restrict
 * access to View files.
 *
 * Although it wouldn't technically be required, it works best to set up a
 * mod_rewrite rule in apache so that when a user choses to download a file
 * their browser doesn't ask them to save "file.php", but the actual file
 * name.  You can set up mod_rewrite like this:
 *
 * RewriteEngine On RewriteRule ^/fm/file(.*)$ /fm/file.php?fm_path=$1 [L]
 *
 * where /fm/ is where phpWebFileManager is installed.
 *
 * Then change $fm_cfg['url']['root'] variable in your config.inc.php file
 * to be "file/". If you can't use mod_rewrite for whatever reason,
 * set $fm_cfg['url']['root'] to "file.php?fm_path=".
 *
 * Tony J. White, tjw@tjw.org, 2002-04-15
 **************************************************************************/

/* $Platon: Metafox/lib/phpWebFileManager/plugins/file.php,v 1.2 2005-10-01 23:59:47 nepto Exp $ */

/*
 * phpWebFileManager initialization
 *
 * Config file is read from init.inc.php file.
 */

$fm_init_file = dirname(__FILE__)
    . (strlen(dirname(__FILE__)) > 0 ? '/' : '')
    . '../init.inc.php';

    if (! @file_exists($fm_init_file)) {
        exit;
    }

require_once $fm_init_file;
require_once $PN_PathPrefix . 'functions.inc.php';

/*
 * Moving from plugins/ subdirectory to phpWebFileManager root directory
 */

$fm_file_plugin_orig_dir = getcwd();
chdir('../');

/*
 * Main job
 */

fm_main();

/*
 * Moving back, just for certainty and security
 */

chdir($fm_file_plugin_orig_dir);


/*******************
  F U N C T I O N S
 *******************/

function fm_parse_apache_mime_types($file)
{
    $mimes_by_ext = array();
    $mime_types   = file($file);

    if (is_array($mime_types)) {
        foreach ($mime_types as $line) {
            if ($line[0] == '#')
                continue;

            $parts = preg_split('/(\s+)/', $line);
            if (is_array($parts) && sizeof($parts) > 2) {
                $mime = array_shift($parts);
                foreach ($parts as $ext) {
                    if (trim($ext) != '')
                        $mimes_by_ext[$ext] = $mime;
                }
            }
        }
    }

    return $mimes_by_ext;
}

function fm_main()
{
    global $fm_cfg;
    global $HTTP_GET_VARS;

    /*
     * Permission check
     */

    if (! $fm_cfg['perm']['file']['view']) {
        echo 'Insufficient privileges for file viewing.';
        return false;
    }

    /*
     * Creating $file variable from CGI $fm_path variable
     */

    if (! isset($HTTP_GET_VARS[$fm_cfg['cgi'].'path'])) {
        echo 'CGI variable "'.$fm_cfg['cgi'].'path" is not present.';
        return false;
    }

    $file = $HTTP_GET_VARS[$fm_cfg['cgi'].'path'];
    if ($file{0} != '/') {
        echo 'Incorrect "'.$fm_cfg['cgi'].'path" CGI variable.';
        return false;
    }

    $file = substr($file, 1);
    $file = preg_replace('|\.\./|', '', $file);
    $file = preg_replace('|\.\.$|', '', $file);
    $file = fm_append_slash($fm_cfg['dir']['root']).$file;

    /*
     * Testing file
     */

    if (! @file_exists($file) || ! @is_readable($file)) {
        echo 'File "'.$file.'" not found or is not readable.';
        return false;
    }

    /*
     * Parsing of apache-mime.types file
     */

    $mimes_by_ext = array();
    foreach ($fm_cfg['res']['mime_types'] as $mimes_fname) {
        if (@file_exists($mimes_fname) && @is_readable($mimes_fname)) {
            $mimes_by_ext = fm_parse_apache_mime_types($mimes_fname);
            break;
        }
    }

    /*
     * Writting file on output
     */

    if (preg_match('/.*\.([a-z]{2,5})$/i', $file, $matches)
            && trim($mimes_by_ext[$matches[1]]) != '') {
        header('Content-Type: '.trim($mimes_by_ext[$matches[1]]));
    } else {
        header('Content-Type: text/plain');
    }
    header('Content-Length: '.filesize($file));
    header('Content-Disposition: attachment; filename="'.basename($file).'"');

    @readfile($file);
    return true;
}

?>

Platon Group <platon@platon.sk> http://platon.sk/
Copyright © 2002-2006 Platon Group
Stránka používa redakčný systém Metafox
Na začiatok