1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
<?php
$config = include 'config/config.php';
//TODO switch to array
extract($config, EXTR_OVERWRITE);
include 'include/utils.php';
if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager")
{
response('forbiden', 403)->send();
exit;
}
include 'include/mime_type_lib.php';
if (
strpos($_POST['path'], '/') === 0
|| strpos($_POST['path'], '../') !== false
|| strpos($_POST['path'], './') === 0
)
{
response('wrong path', 400)->send();
exit;
}
if (strpos($_POST['name'], '/') !== false)
{
response('wrong path', 400)->send();
exit;
}
$path = $current_path . $_POST['path'];
$name = $_POST['name'];
$info = pathinfo($name);
if ( ! in_array(fix_strtolower($info['extension']), $ext))
{
response('wrong extension', 400)->send();
exit;
}
if ( ! file_exists($path . $name))
{
response('File not found', 404)->send();
exit;
}
$img_size = (string) (filesize($path . $name)); // Get the image size as string
$mime_type = get_file_mime_type($path . $name); // Get the correct MIME type depending on the file.
response(file_get_contents($path . $name), 200, array(
'Pragma' => 'private',
'Cache-control' => 'private, must-revalidate',
'Content-Type' => $mime_type,
'Content-Length' => $img_size,
'Content-Disposition' => 'attachment; filename="' . ($name) . '"'
))->send();
exit;
|