1 |
<?php |
---|
2 |
/** |
---|
3 |
* CWC application |
---|
4 |
* |
---|
5 |
* @project CWC |
---|
6 |
* @revision $Id: download.phtml,v 1.20 2004/12/01 15:44:12 pspencer Exp $ |
---|
7 |
* @purpose This page forces a download. |
---|
8 |
* @author William A. Bronsema, C.E.T. (bronsema@dmsolutions.ca) |
---|
9 |
* @copyright |
---|
10 |
* <b>Copyright (c) 2001, DM Solutions Group Inc.</b> |
---|
11 |
* Permission is hereby granted, free of charge, to any person obtaining a |
---|
12 |
* copy of this software and associated documentation files (the "Software"), |
---|
13 |
* to deal in the Software without restriction, including without limitation |
---|
14 |
* the rights to use, copy, modify, merge, publish, distribute, sublicense, |
---|
15 |
* and/or sell copies of the Software, and to permit persons to whom the |
---|
16 |
* Software is furnished to do so, subject to the following conditions: |
---|
17 |
* |
---|
18 |
* The above copyright notice and this permission notice shall be included |
---|
19 |
* in all copies or substantial portions of the Software. |
---|
20 |
* |
---|
21 |
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
---|
22 |
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
---|
23 |
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
---|
24 |
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
---|
25 |
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
---|
26 |
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER |
---|
27 |
* DEALINGS IN THE SOFTWARE. |
---|
28 |
*/ |
---|
29 |
|
---|
30 |
/***************************************************************************** |
---|
31 |
* $Log: download.phtml,v $ |
---|
32 |
* Revision 1.20 2004/12/01 15:44:12 pspencer |
---|
33 |
* bug 797: cleaned up code |
---|
34 |
* |
---|
35 |
* Revision 1.19 2004/11/12 14:48:01 yassefa |
---|
36 |
* Remove a test on file name that was blocking valid cases. |
---|
37 |
* |
---|
38 |
* Revision 1.18 2004/11/02 00:40:02 pspencer |
---|
39 |
* bug MT 761: removed extra echo that caused download to fail. |
---|
40 |
* |
---|
41 |
* Revision 1.17 2004/10/28 19:29:56 pspencer |
---|
42 |
* bug DM 3242: actually apply URL to download :( and clean up extraneous functions ... |
---|
43 |
* |
---|
44 |
* Revision 1.16 2004/10/28 19:00:18 pspencer |
---|
45 |
* bug DM 3242: clean URL before downloading to prevent errors from interferring with download |
---|
46 |
* |
---|
47 |
* Revision 1.15 2004/10/25 17:21:06 pspencer |
---|
48 |
* bug MT 758: fixed invalid variable reference that caused notices to appear before HTML headers, causing download to fail. |
---|
49 |
* |
---|
50 |
* Revision 1.14 2004/08/05 17:45:14 pspencer |
---|
51 |
* bug DM-2951: fix problems with downloading contexts and downloads in general when configuration files have absolute URLs in them. |
---|
52 |
* |
---|
53 |
* Revision 1.13 2003/10/27 20:46:19 sfournier |
---|
54 |
* Overwrite main branch with 1.1 stuff |
---|
55 |
* |
---|
56 |
* Revision 1.9 2003/01/24 19:40:53 daniel |
---|
57 |
* Use readfile() instead of passthru() to return the file |
---|
58 |
* |
---|
59 |
* Revision 1.8 2003/01/07 18:34:39 bronsema |
---|
60 |
* Added legend |
---|
61 |
* |
---|
62 |
* Revision 1.7 2003/01/03 18:51:01 bronsema |
---|
63 |
* Moved the download file capabiltiy to the production page. |
---|
64 |
* |
---|
65 |
* Revision 1.6 2002/11/28 20:42:28 daniel |
---|
66 |
* Fixed a typo and added missinf fclose() call |
---|
67 |
* |
---|
68 |
* Revision 1.5 2002/11/28 19:10:03 sacha |
---|
69 |
* add comment to download.phtml |
---|
70 |
* |
---|
71 |
* Revision 1.4 2002/11/28 15:15:29 sacha |
---|
72 |
* fixed download security FLAWN |
---|
73 |
* |
---|
74 |
* Revision 1.3 2002/11/28 04:16:05 pspencer |
---|
75 |
* started changing for security stuff |
---|
76 |
* |
---|
77 |
* Revision 1.2 2002/11/26 16:39:44 sacha |
---|
78 |
* use download.phtml in DownloadContext |
---|
79 |
* |
---|
80 |
* Revision 1.1 2002/11/25 19:55:59 sacha |
---|
81 |
* added download preview. |
---|
82 |
* |
---|
83 |
* Revision 1.2 2002/07/05 02:22:46 bronsema |
---|
84 |
* Removed dependancy on register_globals setting to be on. |
---|
85 |
* |
---|
86 |
* Revision 1.1 2002/06/26 03:23:29 bronsema |
---|
87 |
* Initial addition |
---|
88 |
* |
---|
89 |
*****************************************************************************/ |
---|
90 |
/***************************************************************************** |
---|
91 |
* |
---|
92 |
* NOTE: passing a filename in the URL is no longer supported for security |
---|
93 |
* reasons. You must pass sid=<sessionid> and set the following in the |
---|
94 |
* session: |
---|
95 |
* |
---|
96 |
* $_SESSION['DOWNLOADFILE'] = 'path-to-file' |
---|
97 |
* |
---|
98 |
* $_SESSION['DOWNLOADFILE_SAVEAS'] = 'filename' as a hint to the client |
---|
99 |
* to name the file a certain way (doesn't always work) |
---|
100 |
*/ |
---|
101 |
|
---|
102 |
|
---|
103 |
$szFileName = ''; |
---|
104 |
$szSaveAs = ''; |
---|
105 |
$szURL = ''; |
---|
106 |
|
---|
107 |
if (isset($_REQUEST['sid'])) |
---|
108 |
{ |
---|
109 |
include_once( 'session.inc.php' ); |
---|
110 |
|
---|
111 |
if (isset($_SESSION['DOWNLOADFILE'])) |
---|
112 |
$szFileName = $_SESSION['DOWNLOADFILE']; |
---|
113 |
if (isset($_SESSION['DOWNLOADFILE_SAVEAS'])) |
---|
114 |
$szSaveAs = $_SESSION['DOWNLOADFILE_SAVEAS']; |
---|
115 |
if (isset($_SESSION['DOWNLOAD_URL'])) |
---|
116 |
$szURL = $_SESSION['DOWNLOAD_URL']; |
---|
117 |
|
---|
118 |
unset($_SESSION['DOWNLOADFILE']); |
---|
119 |
unset($_SESSION['DOWNLOADFILE_SAVEAS']); |
---|
120 |
unset($_SESSION['DOWNLOAD_URL']); |
---|
121 |
} |
---|
122 |
//make sure file_name is set. |
---|
123 |
if ($szFileName == '') |
---|
124 |
{ |
---|
125 |
echo "invalid download request"; |
---|
126 |
exit; |
---|
127 |
} |
---|
128 |
if ( stristr($szFileName, "http") !== false ) |
---|
129 |
{ |
---|
130 |
//this is a valid case if the user has set tmp_web_path to |
---|
131 |
//somethink like : http://127.0.0.1/ms_tmp/. No error |
---|
132 |
//should be thrown. (File name is set using |
---|
133 |
// $szDownloadURL = $_SESSION["gszTmpWebPath"].$szTmpDLName; |
---|
134 |
//in preview.php |
---|
135 |
//echo "file name $szFileName is not valid"; |
---|
136 |
//exit; |
---|
137 |
} |
---|
138 |
else |
---|
139 |
{ |
---|
140 |
$szFileName = "http://".$_SERVER['HTTP_HOST']."/".$szFileName; |
---|
141 |
//echo $szFileName; |
---|
142 |
} |
---|
143 |
|
---|
144 |
$aURL = parse_url($szFileName); |
---|
145 |
/* |
---|
146 |
scheme - e.g. http |
---|
147 |
host |
---|
148 |
port |
---|
149 |
user |
---|
150 |
pass |
---|
151 |
path |
---|
152 |
query - after the question mark ? |
---|
153 |
fragment - after the hashmark # |
---|
154 |
*/ |
---|
155 |
$szURL = $aURL['scheme']."://"; |
---|
156 |
if (isset($aURL['user']) && $aURL['user'] != '') |
---|
157 |
{ |
---|
158 |
$szURL .= $aURL['user']; |
---|
159 |
if (isset($aURL['pass']) && $aURL['pass'] != '') |
---|
160 |
{ |
---|
161 |
$szURL .= ":".$aURL['pass']; |
---|
162 |
} |
---|
163 |
$szURL .= "@"; |
---|
164 |
} |
---|
165 |
$szURL .= $aURL['host']; |
---|
166 |
if (isset($aURL['port']) && $aURL['port'] != '' && $aURL['port'] != '80') |
---|
167 |
{ |
---|
168 |
$szURL .= ":".$aURL['port']; |
---|
169 |
} |
---|
170 |
|
---|
171 |
$aURL['path'] = iterate_str_replace( "\\\\", "\\", $aURL['path'] ); |
---|
172 |
$aURL['path'] = iterate_str_replace( "\\", "/", $aURL['path'] ); |
---|
173 |
$aURL['path'] = iterate_str_replace( "//", "/", $aURL['path'] ); |
---|
174 |
$szURL .= $aURL['path']; |
---|
175 |
|
---|
176 |
if (isset($aURL['query']) && $aURL['query'] != '') |
---|
177 |
{ |
---|
178 |
$szURL .= "?".$aURL['query']; |
---|
179 |
} |
---|
180 |
if (isset($aURL['fragment']) && $aURL['fragment'] != '') |
---|
181 |
{ |
---|
182 |
$szURL .= "#".$aURL['fragment']; |
---|
183 |
} |
---|
184 |
|
---|
185 |
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past |
---|
186 |
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); |
---|
187 |
// always modified |
---|
188 |
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 |
---|
189 |
header("Cache-Control: post-check=0, pre-check=0", false); |
---|
190 |
header("Pragma: no-cache"); // HTTP/1.0 |
---|
191 |
header( "Content-type: application/octet-stream" ); |
---|
192 |
header( "Content-Disposition: attachment; filename=$szSaveAs" ); |
---|
193 |
readfile( $szURL ); |
---|
194 |
|
---|
195 |
function iterate_str_replace( $szPattern, $szReplacement, $szString ) |
---|
196 |
{ |
---|
197 |
$szResult = $szString; |
---|
198 |
do |
---|
199 |
{ |
---|
200 |
$szString = $szResult; |
---|
201 |
$szResult = str_replace ($szPattern, $szReplacement, $szString); |
---|
202 |
} |
---|
203 |
while ($szResult != $szString); |
---|
204 |
|
---|
205 |
return $szResult; |
---|
206 |
|
---|
207 |
} |
---|
208 |
?> |
---|