Subversion Repositories oidplus

Rev

Rev 311 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 311 Rev 360
Line 24... Line 24...
24 
 
 24 
 
25 
        originHeaders();
 25 
        originHeaders();
26 
 
 26 
 
27 
        if (!isset($_REQUEST['filename'])) {
 27 
        if (!isset($_REQUEST['filename'])) {
28 
                http_response_code(400);
 28 
                http_response_code(400);
29 
                throw new Exception("Argument 'filename' is missing");
 29 
                throw new Exception(_L('Argument "%1" is missing','filename'));
30 
        }
 30 
        }
31 
        $filename = $_REQUEST['filename'];
 31 
        $filename = $_REQUEST['filename'];
32 
        if (strpos($filename, '/') !== false) throw new OIDplusException("Illegal file name");
 32 
        if (strpos($filename, '/') !== false) throw new OIDplusException(_L('Illegal file name'));
33 
        if (strpos($filename, '\\') !== false) throw new OIDplusException("Illegal file name");
 33 
        if (strpos($filename, '\\') !== false) throw new OIDplusException(_L('Illegal file name'));
34 
        if (strpos($filename, '..') !== false) throw new OIDplusException("Illegal file name");
 34 
        if (strpos($filename, '..') !== false) throw new OIDplusException(_L('Illegal file name'));
35 
        if (strpos($filename, chr(0)) !== false) throw new OIDplusException("Illegal file name");
 35 
        if (strpos($filename, chr(0)) !== false) throw new OIDplusException(_L('Illegal file name'));
36 
 
 36 
 
37 
        if (!isset($_REQUEST['id'])) {
 37 
        if (!isset($_REQUEST['id'])) {
38 
                http_response_code(400);
 38 
                http_response_code(400);
39 
                throw new Exception("Argument 'id' is missing");
 39 
                throw new Exception(_L('Argument "%1" is missing','id'));
40 
        }
 40 
        }
41 
        $id = $_REQUEST['id'];
 41 
        $id = $_REQUEST['id'];
42 
 
 42 
 
43 
        $uploaddir = OIDplusPagePublicAttachments::getUploadDir($id);
 43 
        $uploaddir = OIDplusPagePublicAttachments::getUploadDir($id);
44 
        $local_file = $uploaddir.'/'.$filename;
 44 
        $local_file = $uploaddir.'/'.$filename;
45 
 
 45 
 
46 
        if (!file_exists($local_file)) {
 46 
        if (!file_exists($local_file)) {
47 
                http_response_code(404);
 47 
                http_response_code(404);
48 
                throw new Exception("The file does not exist");
 48 
                throw new Exception(_L('The file does not exist'));
49 
        }
 49 
        }
50 
 
 50 
 
51 
        VtsBrowserDownload::output_file($local_file);
 51 
        VtsBrowserDownload::output_file($local_file);
52 
} catch (Exception $e) {
 52 
} catch (Exception $e) {
53 
        echo "<h1>Error</h1><p>".htmlentities($e->getMessage())."<p>";
 53 
        echo '<h1>'._L('Error').'</h1><p>'.htmlentities($e->getMessage()).'<p>';
54 
}
 54 
}
55 
 
 -