summaryrefslogtreecommitdiff
path: root/www/functions/func_download.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions/func_download.php')
-rw-r--r--www/functions/func_download.php26
1 files changed, 19 insertions, 7 deletions
diff --git a/www/functions/func_download.php b/www/functions/func_download.php
index 5770da4..e3e36aa 100644
--- a/www/functions/func_download.php
+++ b/www/functions/func_download.php
@@ -1,8 +1,7 @@
<?php
/*
- Expected state: tested, but broken.
- Works if you are loged in, fatal error if not.
+ Expected state: tested, should work.
*/
function check_if_file($db, $name, $folder_path){
@@ -63,11 +62,21 @@ function start_file_download($user, $path){
}
function check_file_hash($db, $file_id, $download_hash){
- $check_hash_db = $db->query("SELECT share FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
+ if(preg_match("/[^0-9]/", $file_id)){
+ return DOWNLOAD_FALSE_ID;
+ }
+
+ $check_hash_db = $db->query("SELECT folder, share FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
$check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM);
- if(($check_hash_ar[0] != "PUBLIC") || ($check_hash_ar[0] != $download_hash)){
- return false;
+ if($check_hash_ar[0] != "FILE"){
+ return DOWNLOAD_NOT_FILE;
+ }
+
+ if($check_hash_ar[1] != "PUBLIC"){
+ if($check_hash_ar[0] != $download_hash){
+ return DOWNLOAD_PRIVATE_FILE;
+ }
}
if(!download_file($db, $file_id)){
@@ -80,12 +89,13 @@ function check_file_hash($db, $file_id, $download_hash){
function download_file($db, $file_id){
- $file_db = $db->query("SELECT name, mime, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";");
+ $file_db = $db->query("SELECT name, mime, size, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";");
$file_ar = $file_db->fetchArray(SQLITE3_NUM);
$file_name = $file_ar[0];
$file_mime = $file_ar[1];
- $file_hash = $file_ar[2];
+ $file_size = $file_ar[2];
+ $file_hash = $file_ar[3];
$uploaddir = "../files/";
$gzip_file = $uploaddir . $file_hash . ".gz";
@@ -94,6 +104,8 @@ function download_file($db, $file_id){
header("Content-Type: ".$file_mime);
header("Content-Disposition: attachment; filename=\"".$file_name."\"");
+ header("Content-Length: ".$file_size);
+ set_time_limit(0);
$uncompressed_file = readgzfile($gzip_file);
if($uncompressed_file){