]> git.p6c8.net - jirafeau.git/blob - file.php
Fix potential error: do not scan for .tmp files
[jirafeau.git] / file.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
5 * Copyright (C) 2012 Jerome Jutteau <j.jutteau@gmail.com>
6 *
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
16 *
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
21
22 require (JIRAFEAU_ROOT . 'lib/lang.php');
23 require (JIRAFEAU_ROOT . 'lib/config.php');
24 require (JIRAFEAU_ROOT . 'lib/settings.php');
25 require (JIRAFEAU_ROOT . 'lib/functions.php');
26
27 if (isset ($_GET['h']) && !empty ($_GET['h']))
28 {
29 $link_name = $_GET['h'];
30
31 $delete_code = '';
32 if (isset ($_GET['d']) && !empty ($_GET['d']))
33 $delete_code = $_GET['d'];
34
35 if (!preg_match ('/[0-9a-f]{32}$/', $link_name))
36 {
37 require (JIRAFEAU_ROOT.'lib/template/header.php');
38 echo '<div class="error"><p>' . _('Sorry, the requested file is not found') . '</p></div>';
39 require (JIRAFEAU_ROOT.'lib/template/footer.php');
40 exit;
41 }
42
43 $link = jirafeau_get_link ($link_name);
44 if (count ($link) == 0)
45 {
46 require (JIRAFEAU_ROOT.'lib/template/header.php');
47 echo '<div class="error"><p>' . _('Sorry, the requested file is not found') .
48 '</p></div>';
49 require (JIRAFEAU_ROOT.'lib/template/footer.php');
50 exit;
51 }
52
53 if (!file_exists (VAR_FILES . $link['md5']))
54 {
55 jirafeau_delete ($link_name);
56 require (JIRAFEAU_ROOT.'lib/template/header.php');
57 echo '<div class="error"><p>'._('File not available.').
58 '</p></div>';
59 require (JIRAFEAU_ROOT.'lib/template/footer.php');
60 exit;
61 }
62
63 if (!empty ($delete_code) && $delete_code == $link['link_code'])
64 {
65 jirafeau_delete ($link_name);
66 require (JIRAFEAU_ROOT.'lib/template/header.php');
67 echo '<div class="message"><p>'._('File has been deleted.').
68 '</p></div>';
69 require (JIRAFEAU_ROOT.'lib/template/footer.php');
70 exit;
71 }
72
73 if ($link['time'] != JIRAFEAU_INFINITY && time ()> $link['time'])
74 {
75 jirafeau_delete ($link_name);
76 require (JIRAFEAU_ROOT.'lib/template/header.php');
77 echo '<div class="error"><p>'.
78 _('The time limit of this file has expired.') . ' ' .
79 _('File has been deleted.') .
80 '</p></div>';
81 require (JIRAFEAU_ROOT.'lib/template/footer.php');
82 exit;
83 }
84
85 if (!empty ($link['key']))
86 {
87 if (!isset ($_POST['key']))
88 {
89 require (JIRAFEAU_ROOT.'lib/template/header.php');
90 ?><div id = "upload">
91 <form action =
92 "<?php echo $_SERVER['REQUEST_URI']; ?>" method =
93 "post"> <input type = "hidden" name = "jirafeau" value =
94 "<?php echo JIRAFEAU_VERSION; ?>" /><fieldset>
95 <legend><?php echo _('Password protection');
96 ?></legend> <table> <tr>
97 <td><?php echo _('Give the password of this file') . ' : ';
98 ?><input type = "password" name =
99 "key" /></td> </tr> <tr> <td><input type =
100 "submit" value =
101 "<?php echo _('Download'); ?>"
102 /></td> </tr> </table> </fieldset> </form> </div>
103 <?php require (JIRAFEAU_ROOT.'lib/template/footer.php');
104 exit;
105 }
106 else
107 {
108 if ($link['key'] != md5 ($_POST['key']))
109 {
110 header ("Access denied");
111
112 require (JIRAFEAU_ROOT.'lib/template/header.php');
113 echo '<div class="error"><p>' . _('Access denied') .
114 '</p></div>';
115 require (JIRAFEAU_ROOT.'lib/template/footer.php');
116 exit;
117 }
118 }
119 }
120
121 header ('Content-Length: ' . $link['file_size']);
122 header ('Content-Type: ' . $link['mime_type']);
123 if (!jirafeau_is_viewable ($link['mime_type']))
124 {
125 header ('Content-Disposition: attachment; filename="' .
126 $link['file_name'] . '"');
127 }
128 readfile (VAR_FILES . $link['md5']);
129
130 if ($link['onetime'] == 'O')
131 jirafeau_delete ($link_name);
132 exit;
133 }
134 else
135 {
136 header ('Location: '.$cfg['web_root']);
137 exit;
138 }
139
140 ?>

patrick-canterino.de