-
Notifications
You must be signed in to change notification settings - Fork 0
/
get.php
58 lines (54 loc) · 2.04 KB
/
get.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php
// get.php: actually concat chunks and send a file to the user
require('constants.php');
if (isset($_GET['f']) && !empty($_GET['f'])) {
$target = preg_replace('[^A-Za-z0-9.\-_]', '', $_GET['f']);
/* XXX: it's pretty valid to have index.php.* files, this is only here
* to confuse script kiddies */
if ($target == 'index.php')
header('HTTP/1.0 403 Forbidden');
elseif (empty($target)) {
header('HTTP/1.0 404 Not Found');
header('Content-Type: text/plain; charset=utf-8');
echo "ERROR: File name invalid";
}
else {
$filesize = 0;
$destcount = count(glob($target . $patternsufix));
if ($destcount > 0 && $destcount < pow(10, constant('DIGITS'))) {
// XXX: preliminary solution until ranges are implemented
header('Accept-Ranges: none');
// remember, use only for files < 4 GiB
for ($i = 1; $i <= $destcount; $i++) {
$destination = $target . sprintf('.%0' . strval(constant('DIGITS')) . 'u', $i);
if (file_exists($destination) && filesize($destination)) $filesize += filesize($destination);
}
header('Content-Length: ' . strval($filesize));
if (strrpos($target, '.') === null)
// don't really know what to do with extensionless files
header('Content-Type: application/force-download');
else {
$ext = strtolower(substr($target, strrpos($target, '.')));
if (isset($contenttypes[$ext])) header('Content-Type: ' . $contenttypes[$ext]);
// explicit fallback also for executable files (.exe, .class etc.)
else header('Content-Type: application/octet-stream');
}
header('Content-Disposition: attachment; filename="' . $target . '"');
for ($i = 1; $i <= $destcount; $i++) {
$destination = $target . sprintf('.%0' . strval(constant('DIGITS')) . 'u', $i);
if (file_exists($destination)) @readfile($destination);
}
}
else {
header('HTTP/1.0 404 Not Found');
header('Content-Type: text/plain; charset=utf-8');
echo "ERROR: File not found\n";
}
}
}
else {
header('HTTP/1.0 404 Not Found');
header('Content-Type: text/plain; charset=utf-8');
echo "ERROR: No file specified";
}
?>