NCCOOS Trac Projects: Top | Web | Platforms | Processing | Viz | Sprints | Sandbox | (Wind)

root/Chameleon/trunk/Chameleon/download.phtml

Revision 13 (checked in by jcleary, 17 years ago)

Latest Chameleon code checkout from previous repository

Line 
1 <?php
2 /**
3  * CWC application
4  *
5  * @project     CWC
6  * @revision    $Id: download.phtml,v 1.20 2004/12/01 15:44:12 pspencer Exp $
7  * @purpose     This page forces a download.
8  * @author      William A. Bronsema, C.E.T. (bronsema@dmsolutions.ca)
9  * @copyright
10  * <b>Copyright (c) 2001, DM Solutions Group Inc.</b>
11  * Permission is hereby granted, free of charge, to any person obtaining a
12  * copy of this software and associated documentation files (the "Software"),
13  * to deal in the Software without restriction, including without limitation
14  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
15  * and/or sell copies of the Software, and to permit persons to whom the
16  * Software is furnished to do so, subject to the following conditions:
17  *
18  * The above copyright notice and this permission notice shall be included
19  * in all copies or substantial portions of the Software.
20  *
21  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
24  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
26  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
27  * DEALINGS IN THE SOFTWARE.
28  */
29
30 /*****************************************************************************
31  * $Log: download.phtml,v $
32  * Revision 1.20  2004/12/01 15:44:12  pspencer
33  * bug 797: cleaned up code
34  *
35  * Revision 1.19  2004/11/12 14:48:01  yassefa
36  * Remove a test on file name that was blocking valid cases.
37  *
38  * Revision 1.18  2004/11/02 00:40:02  pspencer
39  * bug MT 761: removed extra echo that caused download to fail.
40  *
41  * Revision 1.17  2004/10/28 19:29:56  pspencer
42  * bug DM 3242: actually apply URL to download :( and clean up extraneous functions ...
43  *
44  * Revision 1.16  2004/10/28 19:00:18  pspencer
45  * bug DM 3242: clean URL before downloading to prevent errors from interferring with download
46  *
47  * Revision 1.15  2004/10/25 17:21:06  pspencer
48  * bug MT 758: fixed invalid variable reference that caused notices to appear before HTML headers, causing download to fail.
49  *
50  * Revision 1.14  2004/08/05 17:45:14  pspencer
51  * bug DM-2951: fix problems with downloading contexts and downloads in general when configuration files have absolute URLs in them.
52  *
53  * Revision 1.13  2003/10/27 20:46:19  sfournier
54  * Overwrite main branch with 1.1 stuff
55  *
56  * Revision 1.9  2003/01/24 19:40:53  daniel
57  * Use readfile() instead of passthru() to return the file
58  *
59  * Revision 1.8  2003/01/07 18:34:39  bronsema
60  * Added legend
61  *
62  * Revision 1.7  2003/01/03 18:51:01  bronsema
63  * Moved the download file capabiltiy to the production page.
64  *
65  * Revision 1.6  2002/11/28 20:42:28  daniel
66  * Fixed a typo and added missinf fclose() call
67  *
68  * Revision 1.5  2002/11/28 19:10:03  sacha
69  * add comment to download.phtml
70  *
71  * Revision 1.4  2002/11/28 15:15:29  sacha
72  * fixed download security FLAWN
73  *
74  * Revision 1.3  2002/11/28 04:16:05  pspencer
75  * started changing for security stuff
76  *
77  * Revision 1.2  2002/11/26 16:39:44  sacha
78  * use download.phtml in DownloadContext
79  *
80  * Revision 1.1  2002/11/25 19:55:59  sacha
81  * added download preview.
82  *
83  * Revision 1.2  2002/07/05 02:22:46  bronsema
84  * Removed dependancy on register_globals setting to be on.
85  *
86  * Revision 1.1  2002/06/26 03:23:29  bronsema
87  * Initial addition
88  *
89  *****************************************************************************/
90 /*****************************************************************************
91  *
92  * NOTE: passing a filename in the URL is no longer supported for security
93  * reasons.  You must pass sid=<sessionid> and set the following in the
94  * session:
95  *
96  * $_SESSION['DOWNLOADFILE'] = 'path-to-file'
97  *
98  * $_SESSION['DOWNLOADFILE_SAVEAS'] = 'filename' as a hint to the client
99  * to name the file a certain way (doesn't always work)
100  */
101  
102
103 $szFileName = '';
104 $szSaveAs = '';
105 $szURL = '';
106
107 if (isset($_REQUEST['sid']))
108 {
109     include_once( 'session.inc.php' );
110    
111     if (isset($_SESSION['DOWNLOADFILE']))
112         $szFileName = $_SESSION['DOWNLOADFILE'];
113     if (isset($_SESSION['DOWNLOADFILE_SAVEAS']))
114         $szSaveAs = $_SESSION['DOWNLOADFILE_SAVEAS'];
115     if (isset($_SESSION['DOWNLOAD_URL']))
116         $szURL = $_SESSION['DOWNLOAD_URL'];
117        
118      unset($_SESSION['DOWNLOADFILE']);
119      unset($_SESSION['DOWNLOADFILE_SAVEAS']);
120      unset($_SESSION['DOWNLOAD_URL']);
121 }
122 //make sure file_name is set.
123 if ($szFileName == '')
124 {
125     echo "invalid download request";
126     exit;
127 }
128 if ( stristr($szFileName, "http") !== false )
129 {
130   //this is a valid case if the user has set tmp_web_path to
131   //somethink like : http://127.0.0.1/ms_tmp/. No error
132   //should be thrown. (File name is set using
133   // $szDownloadURL = $_SESSION["gszTmpWebPath"].$szTmpDLName;
134   //in preview.php
135   //echo "file name $szFileName is not valid";
136   //exit;
137 }
138 else
139 {
140     $szFileName = "http://".$_SERVER['HTTP_HOST']."/".$szFileName;
141     //echo $szFileName;
142 }
143
144 $aURL = parse_url($szFileName);
145 /*
146 scheme - e.g. http
147 host
148 port
149 user
150 pass
151 path
152 query - after the question mark ?
153 fragment - after the hashmark #
154 */
155 $szURL = $aURL['scheme']."://";
156 if (isset($aURL['user']) && $aURL['user'] != '')
157 {
158     $szURL .= $aURL['user'];
159     if (isset($aURL['pass']) && $aURL['pass'] != '')
160     {
161         $szURL .= ":".$aURL['pass'];
162     }
163     $szURL .= "@";
164 }
165 $szURL .= $aURL['host'];
166 if (isset($aURL['port']) && $aURL['port'] != '' && $aURL['port'] != '80')
167 {
168     $szURL .= ":".$aURL['port'];
169 }
170
171 $aURL['path'] = iterate_str_replace( "\\\\", "\\", $aURL['path'] );
172 $aURL['path'] = iterate_str_replace( "\\", "/", $aURL['path'] );
173 $aURL['path'] = iterate_str_replace( "//", "/", $aURL['path'] );
174 $szURL .= $aURL['path'];
175
176 if (isset($aURL['query']) && $aURL['query'] != '')
177 {
178     $szURL .= "?".$aURL['query'];
179 }
180 if (isset($aURL['fragment']) && $aURL['fragment'] != '')
181 {
182     $szURL .= "#".$aURL['fragment'];
183 }
184
185 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
186 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
187                                              // always modified
188 header("Cache-Control: no-store, no-cache, must-revalidate");  // HTTP/1.1
189 header("Cache-Control: post-check=0, pre-check=0", false);
190 header("Pragma: no-cache");                          // HTTP/1.0
191 header( "Content-type: application/octet-stream" );
192 header( "Content-Disposition: attachment; filename=$szSaveAs" );
193 readfile( $szURL );
194
195 function iterate_str_replace( $szPattern, $szReplacement, $szString )
196 {
197     $szResult = $szString;
198     do
199     {
200         $szString = $szResult;
201         $szResult = str_replace ($szPattern, $szReplacement, $szString);
202     }
203     while ($szResult != $szString);
204
205     return $szResult;
206    
207 }
208 ?>
Note: See TracBrowser for help on using the browser.