it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Parpaing is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Parpaing. If not, see <http://www.gnu.org/licenses/>.
*/
session_start();
require_once "config/config.php";
require_once "engine/utils/SessionUtils.php";
if (!SessionUtils::isConnected($_SESSION)) {
exit;
}
$path = "/";
if (isset($_REQUEST["path"])) {
$path = $_REQUEST["path"];
if (strpos($path, "..") !== false) {
exit;
}
}
$fullpath = $config["parpaing"]["root_directory"] . $path;
$filename = substr($fullpath, strrpos($fullpath, "/") + 1);
if (file_exists($fullpath) && is_file($fullpath)) {
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-Disposition: attachment; filename=\"{$filename}\"");
