public function download() { //init controller data $this->extensions->hk_InitData($this, __FUNCTION__); if ($this->user->canAccess('tool/files')) { $filename = str_replace(array('../', '..\\', '\\', '/'), '', $this->request->get['filename']); if ($this->request->get['attribute_type'] == 'field') { $this->loadModel('tool/file_uploads'); $attribute_data = $this->model_tool_file_uploads->getField($this->request->get['attribute_id']); } elseif (strpos($this->request->get['attribute_type'], 'AForm:') === 0) { // for aform fields $form_info = explode(':', $this->request->get['attribute_type']); $aform = new AForm('ST'); $aform->loadFromDb($form_info[1]); $attribute_data = $aform->getField($form_info[2]); } elseif ($this->request->get['order_option_id']) { $this->loadModel('sale/order'); $attribute_data = $this->model_sale_order->getOrderOption($this->request->get['order_option_id']); $attribute_data['settings'] = unserialize($attribute_data['settings']); } else { $am = new AAttribute($this->request->get['attribute_type']); $attribute_data = $am->getAttribute($this->request->get['attribute_id']); } if (has_value($attribute_data['settings']['directory'])) { $file = DIR_APP_SECTION . 'system/uploads/' . $attribute_data['settings']['directory'] . '/' . $filename; } else { $file = DIR_APP_SECTION . 'system/uploads/' . $filename; } if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/x-gzip'); header('Content-Disposition: attachment; filename=' . $filename); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); ob_end_clean(); flush(); readfile($file); exit; } else { echo 'Error: File ' . $file . ' does not exists!'; exit; } } else { return $this->dispatch('error/permission'); } }