$field = "filedata"; } else { $field = ltrim($_REQUEST["field"], "_"); } if (empty($_REQUEST["folder"]) and !empty($_REQUEST["folder2"])) { $_REQUEST["folder"] = $_REQUEST["folder2"]; } if (empty($_REQUEST["view"]) and !empty($_REQUEST["view2"])) { $_REQUEST["view"] = $_REQUEST["view2"]; } if (empty($_REQUEST["folder"])) { header("Content-Length: 0"); exit; } $folder = folder_from_path($_REQUEST["folder"]); $row_filename = ajax::file_download($folder, @$_REQUEST["view"], @$_REQUEST["item"], $field, @$_REQUEST["subitem"], false); $filename = modify::basename($row_filename); $ext = substr(modify::getfileext($filename), 0, 3); if (in_array($ext, $bad_extensions)) { sys_error(trans("{t}Access to this file has been denied.{/t} ({t}this file extension is not allowed{/t})"), "403 Forbidden"); } if ($dispo == "inline" and !in_array($ext, $inline_extensions)) { $dispo = "attachment"; } $modified = filemtime($row_filename); $etag = '"' . md5($row_filename . $modified) . '"'; header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); header("ETag: {$etag}"); if (!empty($_SERVER["HTTP_IF_NONE_MATCH"]) and $etag == stripslashes($_SERVER["HTTP_IF_NONE_MATCH"]) and !DEBUG) { header("HTTP/1.0 304 Not Modified"); exit;
static function getfile_url($url) { $filename = self::_url_getfilename($url); list($target, $filename) = sys_build_filename($filename); dirs_checkdir($target); $target .= $_SESSION["username"] . "__" . $filename; if (sys_is_internal_url($url)) { $vars = array(); parse_str(parse_url($url, PHP_URL_QUERY), $vars); if (!empty($vars["folder2"]) and !empty($vars["item"]) and !empty($vars["field"])) { $source = ajax::file_download($vars["folder2"], @$vars["view2"], $vars["item"], $vars["field"], @$vars["subitem"], false); if (file_exists($source) and copy($source, $target)) { return $target; } } } if ($f_in = @fopen($url, "rb") and $f_out = fopen($target, "wb")) { while (!feof($f_in)) { fwrite($f_out, fread($f_in, 8192)); } fclose($f_out); fclose($f_in); return $target; } return ""; }