| 103 |
- |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/***************************************************************************
|
|
|
4 |
* Copyright (C) 2009-2011 by Geo Varghese(www.seopanel.in) *
|
|
|
5 |
* sendtogeo@gmail.com *
|
|
|
6 |
* *
|
|
|
7 |
* This program is free software; you can redistribute it and/or modify *
|
|
|
8 |
* it under the terms of the GNU General Public License as published by *
|
|
|
9 |
* the Free Software Foundation; either version 2 of the License, or *
|
|
|
10 |
* (at your option) any later version. *
|
|
|
11 |
* *
|
|
|
12 |
* This program is distributed in the hope that it will be useful, *
|
|
|
13 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
|
14 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
|
15 |
* GNU General Public License for more details. *
|
|
|
16 |
* *
|
|
|
17 |
* You should have received a copy of the GNU General Public License *
|
|
|
18 |
* along with this program; if not, write to the *
|
|
|
19 |
* Free Software Foundation, Inc., *
|
|
|
20 |
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
|
|
|
21 |
***************************************************************************/
|
|
|
22 |
|
|
|
23 |
# class defines all download controller functions
|
|
|
24 |
class DownloadController extends Controller{
|
|
|
25 |
|
|
|
26 |
function downloadFile($fileInfo){
|
|
|
27 |
|
|
|
28 |
if ($fileName = $this->isValidFile($fileInfo['file'])) {
|
|
|
29 |
|
|
|
30 |
$fileType = $fileInfo['filetype'];
|
|
|
31 |
$fileSec = $fileInfo['filesec'];
|
|
|
32 |
switch($fileSec){
|
|
|
33 |
|
|
|
34 |
case "sitemap":
|
|
|
35 |
$file = SP_TMPPATH."/".$fileName;
|
|
|
36 |
break;
|
|
|
37 |
}
|
|
|
38 |
|
|
|
39 |
header("Content-type: application/$fileType;\n");
|
|
|
40 |
header("Content-Transfer-Encoding: binary");
|
|
|
41 |
$len = filesize($file);
|
|
|
42 |
header("Content-Length: $len;\n");
|
|
|
43 |
header("Content-Disposition: attachment; filename=\"$fileName\";\n\n");
|
|
|
44 |
|
|
|
45 |
ob_clean();
|
|
|
46 |
flush();
|
|
|
47 |
readfile($file);
|
|
|
48 |
} else {
|
|
|
49 |
echo "<font style='color:red;'>You are not allowed to access this file!</font>";
|
|
|
50 |
exit;
|
|
|
51 |
}
|
|
|
52 |
}
|
|
|
53 |
|
|
|
54 |
# function to check whether valid file
|
|
|
55 |
function isValidFile($fileName) {
|
|
|
56 |
$fileName = urldecode($fileName);
|
|
|
57 |
$fileName = str_replace(array('../', './', '..'), '', $fileName);
|
|
|
58 |
|
|
|
59 |
// check its any system file
|
|
|
60 |
if ($fileName[0] == '/') {
|
|
|
61 |
return false;
|
|
|
62 |
}
|
|
|
63 |
|
|
|
64 |
// allow only these file format
|
|
|
65 |
if (preg_match('/\.xml$|\.html$|\.txt$/i', $fileName)) {
|
|
|
66 |
return $fileName;
|
|
|
67 |
}
|
|
|
68 |
|
|
|
69 |
return false;
|
|
|
70 |
}
|
|
|
71 |
}
|
|
|
72 |
?>
|