root/releases/elgg0.8rc2/_files/download.php

Revision 800, 2.5 kB (checked in by sven, 2 years ago)

wrap apache_setenv() calls inside function_exists()

  • Property svn:eol-style set to native
Line 
1 <?php
2
3 // Download script
4 // Usage: http://URL/{username}/files/{folder_id}/{file_id}/{filename}
5
6 // Run includes
7 require_once(dirname(dirname(__FILE__))."/includes.php");
8
9 // Initialise functions for user details, icon management and profile management
10 run("userdetails:init");
11 run("profile:init");
12 run("files:init");
13
14 // If an ID number for the file has been specified ...
15 $id = optional_param('id',0,PARAM_INT);
16 if (!empty($id)) {
17     // ... and the file exists in the database ...
18     if ($file = get_record('files','ident',$id)) {
19         // ... and the owner of the file in the URL line hasn't been spoofed ...
20         $files_name = optional_param('files_name');
21         $userid = user_info_username('ident', $files_name);
22         if ($userid == $file->owner || $userid == $file->files_owner) {
23             
24             // ... and the current user is allowed to access it ...
25             if ($file->access == 'PUBLIC' || $file->owner == $_SESSION['userid'] || run("users:access_level_check",$file->access) == true) {
26                 
27                 // Then output some appropriate headers and send the file data!
28                 if ($file->access == 'PUBLIC') {
29                     header("Pragma: public");
30                     header("Cache-Control: public");
31                 } else {
32                     // "Cache-Control: private" to allow a user's browser to cache the file, but not a shared proxy
33                     // Also to override PHP's default "DON'T EVER CACHE THIS EVER" header
34                     header("Cache-Control: private");
35                 }
36                 
37                 require_once($CFG->dirroot . 'lib/filelib.php');
38                 $mimetype = mimeinfo('type',$file->location);
39                 
40                 if ($mimetype == "application/octet-stream") {
41                     header('Content-Disposition: attachment');
42                 }
43                 
44                 // disable mod_deflate/mod_gzip for already-compressed files,
45                 // partly because it's pointless, but mainly because some browsers
46                 // are thick.
47                 if (preg_match('#^(application.*zip|image/(png|jpeg|gif))$#', $mimetype)) {
48                     if (function_exists('apache_setenv')) { // apparently @ isn't enough to make php ignore this failing
49                         @apache_setenv('no-gzip', '1');
50                     }
51                 }
52                 spitfile_with_mtime_check($CFG->dataroot . $file->location, $mimetype, $file->handler);
53             }
54         }
55     }
56 }
57
58 ?>
Note: See TracBrowser for help on using the browser.