forked from PodcastGenerator/PodcastGenerator
/
download.php
executable file
·64 lines (49 loc) · 2.2 KB
/
download.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
############################################################
# PODCAST GENERATOR
#
# Created by Alberto Betella
# http://podcastgen.sourceforge.net
#
# This is Free Software released under the GNU/GPL License.
############################################################
########### Security code, avoids cross-site scripting (Register Globals ON)
if (isset($_REQUEST['GLOBALS']) OR isset($_REQUEST['absoluteurl']) OR isset($_REQUEST['amilogged']) OR isset($_REQUEST['theme_path'])) { exit; }
########### End
//// FORCE DOWNLOAD OF SUPPORTED FILES (e.g. files don't play in the browser, even when a plugin is installed)
//NB. does not work with some mobile browsers
include("config.php");
include($absoluteurl."core/functions.php");
$filename = $_GET['filename'];
//Clean variable, avoid downloading of file outside podcast generator root directory.
$filename = str_replace("/", "", $filename); // Replace / in the filename
$filename = str_replace("\\", "", $filename); // Replace \ in the filename
$filename_path = $absoluteurl.$upload_dir.$filename; // absolute path of the filename to download
if (file_exists($filename_path) ) {
$file_media = divideFilenameFromExtension($filename);
$fileData = checkFileType($file_media[1],$absoluteurl);
$podcast_filetype=$fileData[0];
$filemimetype=$fileData[1];
$isFileSupported = $fileData[2];
// SECURITY OPTION: if extension is supported (file to download must have a known episode extension)
if ($isFileSupported == TRUE AND $file_media[1]==$podcast_filetype AND !publishInFuture($filename_path)) {
//// Headers
### required by internet explorer
if(ini_get('zlib.output_compression'))
ini_set('zlib.output_compression', 'Off');
###
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: $filemimetype");
header("Content-Disposition: attachment; filename=".basename($filename_path).";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename_path));
readfile("$filename_path");
exit();
}
}
////else do nothing - no feedback
//else { }
?>