$field = "filedata";
} else {
$field = ltrim($_REQUEST["field"], "_");
}
if (empty($_REQUEST["folder"]) and !empty($_REQUEST["folder2"])) {
$_REQUEST["folder"] = $_REQUEST["folder2"];
}
if (empty($_REQUEST["view"]) and !empty($_REQUEST["view2"])) {
$_REQUEST["view"] = $_REQUEST["view2"];
}
if (empty($_REQUEST["folder"])) {
header("Content-Length: 0");
exit;
}
$folder = folder_from_path($_REQUEST["folder"]);
$row_filename = ajax::file_download($folder, @$_REQUEST["view"], @$_REQUEST["item"], $field, @$_REQUEST["subitem"], false);
$filename = modify::basename($row_filename);
$ext = substr(modify::getfileext($filename), 0, 3);
if (in_array($ext, $bad_extensions)) {
sys_error(trans("{t}Access to this file has been denied.{/t} ({t}this file extension is not allowed{/t})"), "403 Forbidden");
}
if ($dispo == "inline" and !in_array($ext, $inline_extensions)) {
$dispo = "attachment";
}
$modified = filemtime($row_filename);
$etag = '"' . md5($row_filename . $modified) . '"';
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT");
header("ETag: {$etag}");
if (!empty($_SERVER["HTTP_IF_NONE_MATCH"]) and $etag == stripslashes($_SERVER["HTTP_IF_NONE_MATCH"]) and !DEBUG) {
header("HTTP/1.0 304 Not Modified");
exit;
static function getfile_url($url)
{
$filename = self::_url_getfilename($url);
list($target, $filename) = sys_build_filename($filename);
dirs_checkdir($target);
$target .= $_SESSION["username"] . "__" . $filename;
if (sys_is_internal_url($url)) {
$vars = array();
parse_str(parse_url($url, PHP_URL_QUERY), $vars);
if (!empty($vars["folder2"]) and !empty($vars["item"]) and !empty($vars["field"])) {
$source = ajax::file_download($vars["folder2"], @$vars["view2"], $vars["item"], $vars["field"], @$vars["subitem"], false);
if (file_exists($source) and copy($source, $target)) {
return $target;
}
}
}
if ($f_in = @fopen($url, "rb") and $f_out = fopen($target, "wb")) {
while (!feof($f_in)) {
fwrite($f_out, fread($f_in, 8192));
}
fclose($f_out);
fclose($f_in);
return $target;
}
return "";
}
