public function download()
{
//init controller data
$this->extensions->hk_InitData($this, __FUNCTION__);
if ($this->user->canAccess('tool/files')) {
$filename = str_replace(array('../', '..\\', '\\', '/'), '', $this->request->get['filename']);
if ($this->request->get['attribute_type'] == 'field') {
$this->loadModel('tool/file_uploads');
$attribute_data = $this->model_tool_file_uploads->getField($this->request->get['attribute_id']);
} elseif (strpos($this->request->get['attribute_type'], 'AForm:') === 0) {
// for aform fields
$form_info = explode(':', $this->request->get['attribute_type']);
$aform = new AForm('ST');
$aform->loadFromDb($form_info[1]);
$attribute_data = $aform->getField($form_info[2]);
} elseif ($this->request->get['order_option_id']) {
$this->loadModel('sale/order');
$attribute_data = $this->model_sale_order->getOrderOption($this->request->get['order_option_id']);
$attribute_data['settings'] = unserialize($attribute_data['settings']);
} else {
$am = new AAttribute($this->request->get['attribute_type']);
$attribute_data = $am->getAttribute($this->request->get['attribute_id']);
}
if (has_value($attribute_data['settings']['directory'])) {
$file = DIR_APP_SECTION . 'system/uploads/' . $attribute_data['settings']['directory'] . '/' . $filename;
} else {
$file = DIR_APP_SECTION . 'system/uploads/' . $filename;
}
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/x-gzip');
header('Content-Disposition: attachment; filename=' . $filename);
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_end_clean();
flush();
readfile($file);
exit;
} else {
echo 'Error: File ' . $file . ' does not exists!';
exit;
}
} else {
return $this->dispatch('error/permission');
}
}
