Fix input sanitize in scripting interface

[jirafeau_mojo42.git] / file.php

diff --git a/file.php b/file.php
index bb97570655d75505a1ad146709ff60e2274c968c..17ef381a5a01c5e3691877c48de9b9ea81b01de4 100644 (file)
--- a/file.php
+++ b/file.php
@@ -174,14 +174,24 @@ if ($cfg['download_page'] && !$password_challenged && !$button_download && !$but
         exit;
 }
 
+header ('HTTP/1.0 200 OK');
 header ('Content-Length: ' . $link['file_size']);
-header ('Content-Type: ' . $link['mime_type']);
 if (!jirafeau_is_viewable ($link['mime_type']) || !$cfg['preview'] || $button_download)
-{
     header ('Content-Disposition: attachment; filename="' .
         $link['file_name'] . '"');
+else
+    header ('Content-Type: ' . $link['mime_type']);
+
+/* Read file */
+$r = fopen (VAR_FILES . $p . $link['md5'], 'r');
+while (!feof ($r))
+{
+    print fread ($r, 1024);
+    ob_flush();
 }
-readfile (VAR_FILES . $p . $link['md5']);
+fclose ($r);
+
+//readfile (VAR_FILES . $p . $link['md5']);
 
 if ($link['onetime'] == 'O')
     jirafeau_delete_link ($link_name);