2015-07-06 16:58:50 +02:00
|
|
|
<?php
|
|
|
|
|
include('config/config.php');
|
2015-09-22 18:22:11 +02:00
|
|
|
if ($_SESSION['verify'] != 'RESPONSIVEfilemanager') {
|
|
|
|
|
die('forbiden');
|
|
|
|
|
}
|
2015-07-06 16:58:50 +02:00
|
|
|
include('include/utils.php');
|
|
|
|
|
|
2015-09-22 18:22:11 +02:00
|
|
|
if (preg_match('/\.{1,2}[\/|\\\]/', $_POST['path']) !== 0) {
|
|
|
|
|
die('wrong path');
|
|
|
|
|
}
|
2015-07-06 16:58:50 +02:00
|
|
|
|
2015-09-22 18:22:11 +02:00
|
|
|
if (strpos($_POST['name'], '/') !== false || strpos($_POST['name'], '\\') !== false) {
|
|
|
|
|
die('wrong path');
|
|
|
|
|
}
|
2015-07-06 16:58:50 +02:00
|
|
|
|
|
|
|
|
$path = $current_path.$_POST['path'];
|
|
|
|
|
$name = $_POST['name'];
|
|
|
|
|
|
|
|
|
|
$info = pathinfo($name);
|
2015-09-22 18:22:11 +02:00
|
|
|
if (!in_array(fix_strtolower($info['extension']), $ext)) {
|
|
|
|
|
die('wrong extension');
|
|
|
|
|
}
|
2015-07-06 16:58:50 +02:00
|
|
|
|
|
|
|
|
header('Pragma: private');
|
|
|
|
|
header('Cache-control: private, must-revalidate');
|
|
|
|
|
header('Content-Type: application/octet-stream');
|
|
|
|
|
header('Content-Length: '.(string)filesize($path.$name));
|
|
|
|
|
header('Content-Disposition: attachment; filename="'.($name).'"');
|
|
|
|
|
readfile($path.$name);
|
|
|
|
|
|
|
|
|
|
exit;
|
