Rev 311 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 311 | Rev 360 | ||
---|---|---|---|
Line 24... | Line 24... | ||
24 | 24 | ||
25 | originHeaders(); |
25 | originHeaders(); |
26 | 26 | ||
27 | if (!isset($_REQUEST['filename'])) { |
27 | if (!isset($_REQUEST['filename'])) { |
28 | http_response_code(400); |
28 | http_response_code(400); |
29 | throw new Exception("Argument 'filename' is missing"); |
29 | throw new Exception(_L('Argument "%1" is missing','filename')); |
30 | } |
30 | } |
31 | $filename = $_REQUEST['filename']; |
31 | $filename = $_REQUEST['filename']; |
32 | if (strpos($filename, '/') !== false) throw new OIDplusException("Illegal file name"); |
32 | if (strpos($filename, '/') !== false) throw new OIDplusException(_L('Illegal file name')); |
33 | if (strpos($filename, '\\') !== false) throw new OIDplusException("Illegal file name"); |
33 | if (strpos($filename, '\\') !== false) throw new OIDplusException(_L('Illegal file name')); |
34 | if (strpos($filename, '..') !== false) throw new OIDplusException("Illegal file name"); |
34 | if (strpos($filename, '..') !== false) throw new OIDplusException(_L('Illegal file name')); |
35 | if (strpos($filename, chr(0)) !== false) throw new OIDplusException("Illegal file name"); |
35 | if (strpos($filename, chr(0)) !== false) throw new OIDplusException(_L('Illegal file name')); |
36 | 36 | ||
37 | if (!isset($_REQUEST['id'])) { |
37 | if (!isset($_REQUEST['id'])) { |
38 | http_response_code(400); |
38 | http_response_code(400); |
39 | throw new Exception("Argument 'id' is missing"); |
39 | throw new Exception(_L('Argument "%1" is missing','id')); |
40 | } |
40 | } |
41 | $id = $_REQUEST['id']; |
41 | $id = $_REQUEST['id']; |
42 | 42 | ||
43 | $uploaddir = OIDplusPagePublicAttachments::getUploadDir($id); |
43 | $uploaddir = OIDplusPagePublicAttachments::getUploadDir($id); |
44 | $local_file = $uploaddir.'/'.$filename; |
44 | $local_file = $uploaddir.'/'.$filename; |
45 | 45 | ||
46 | if (!file_exists($local_file)) { |
46 | if (!file_exists($local_file)) { |
47 | http_response_code(404); |
47 | http_response_code(404); |
48 | throw new Exception("The file does not exist"); |
48 | throw new Exception(_L('The file does not exist')); |
49 | } |
49 | } |
50 | 50 | ||
51 | VtsBrowserDownload::output_file($local_file); |
51 | VtsBrowserDownload::output_file($local_file); |
52 | } catch (Exception $e) { |
52 | } catch (Exception $e) { |
53 | echo "<h1>Error</h1><p>".htmlentities($e->getMessage())."<p>"; |
53 | echo '<h1>'._L('Error').'</h1><p>'.htmlentities($e->getMessage()).'<p>'; |
54 | } |
54 | } |
55 | - |