$file = realpath($_REQUEST['file']); if (!$file || !startsWith($file, realpath($_SESSION['dataDir']))) { mpLog("security:Attempt to access '{$file}' as '{$_REQUEST['file']}'"); die("Security failure: illegal file request '{$_REQUEST['file']}'"); } $tmp = mpTempfile('tmp_pdb_trim_'); reduceTrim($file, $tmp); $name = basename($file); if (preg_match('/H[0-9]*.pdb$/', $name)) { // uses preg_split to split the name into an array with the H from the name missing. $nameArray = preg_split('/H([0-9]*.pdb)$/', $name, -1, PREG_SPLIT_DELIM_CAPTURE); $name = $nameArray[0] . $nameArray[1]; } elseif (preg_match('/H_reg[0-9]*.pdb$/', $name)) { // uses preg_split to split the name into an array with the H from the name missing. $nameArray = preg_split('/H_reg([0-9]*.pdb)$/', $name, -1, PREG_SPLIT_DELIM_CAPTURE); $name = $nameArray[0] . $nameArray[1]; } ### FUNKY: This turns into a binary file download rather than an HTML page, ### and then calls die(), leaving the user on the original HTML page. // These lines may be required by Internet Explorer header("Pragma: public"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); // See PHP manual on header() for how this works. header('Content-Type: application/octet-stream'); header('Content-Length: ' . filesize($tmp)); header('Content-Disposition: attachment; filename="' . $name . '"'); mpReadfile($tmp); unlink($tmp); // Don't output the HTML version of this page into that nice file, // and don't wipe out the event links from the previous page. die;
/** * FUNKY: This turns into a binary file download rather than an HTML page, * and then calls die(), leaving the user on the original HTML page. * * This code has been shown to cause cancer in lab rats. */ function onDownload($file) { // These lines may be required by Internet Explorer header("Pragma: public"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); // See PHP manual on header() for how this works. header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($file) . '"'); mpReadfile($file); die; // don't output the HTML version of this page into that nice file! }
echo mpPageHeader("Viewing {$name}"); ?> <form> <table border='0' width='100%'><tr> <td align='left'><small> When finished, you should <input type="button" value="close this window" language="JavaScript" onclick="self.close();">. </small></td><td align='right'><small><i> Hint: Use File | Save As... to save a copy of this page. </i></small></td> </tr></table> </form> <hr> <?php $mode = $_REQUEST['mode']; if ($mode == 'kin') { passthru("java -cp " . MP_BASE_DIR . "/public_html/king.jar king.core.KinfileTokenizer -css < {$file}"); } elseif ($mode == 'html') { mpReadfile($file); } else { echo "<pre>"; //readfile($file); $h = fopen($file, 'rb'); while (!feof($h)) { echo htmlspecialchars(fgets($h, 4096)); } fclose($h); echo "</pre>\n"; } echo mpPageFooter();
/** * FUNKY: This turns into a binary file download rather than an HTML page, * and then calls die(), leaving the user on the original HTML page. * * This code has been shown to cause cancer in lab rats. */ function onDownloadPopularZip() { if (isset($_SESSION['ensembles'][$_SESSION['lastUsedModelID']])) { $model = $_SESSION['ensembles'][$_SESSION['lastUsedModelID']]; } else { $model = $_SESSION['models'][$_SESSION['lastUsedModelID']]; } $files = array(MP_DIR_MODELS . '/' . $model['pdb']); $files = array_merge($files, $model['primaryDownloads']); $zipfile = makeZipForFiles($_SESSION['dataDir'], $files); // These lines may be required by Internet Explorer header("Pragma: public"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); // See PHP manual on header() for how this works. header('Content-type: application/zip'); header('Content-Disposition: attachment; filename="' . $model['id'] . '.zip"'); mpReadfile($zipfile); unlink($zipfile); die; // don't output the HTML version of this page into that nice file! }
/** * FUNKY: This turns into a binary file download rather than an HTML page, * and then calls die(), leaving the user on the original HTML page. * * This code has been shown to cause cancer in lab rats. */ function onDownloadMarkedZip() { // Input files come with absolute paths, so we have to check them against // our session directory to avoid security holes! $basedir = realpath($_SESSION['dataDir']); $files = array(); foreach ($_REQUEST['zipfiles'] as $file) { $file = realpath($file); if (!$file || !startsWith($file, $basedir)) { continue; } $files[] = substr($file, strlen($basedir) + 1); } //print_r($files); $zipfile = makeZipForFiles($basedir, $files); // These lines may be required by Internet Explorer header("Pragma: public"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); // See PHP manual on header() for how this works. header('Content-type: application/zip'); header('Content-Disposition: attachment; filename="molprobity.zip"'); mpReadfile($zipfile); unlink($zipfile); die; // don't output the HTML version of this page into that nice file! }