aboutsummaryrefslogtreecommitdiffstats
path: root/action.php
diff options
context:
space:
mode:
Diffstat (limited to 'action.php')
-rw-r--r--action.php73
1 files changed, 73 insertions, 0 deletions
diff --git a/action.php b/action.php
new file mode 100644
index 000000000..7dc351d58
--- /dev/null
+++ b/action.php
@@ -0,0 +1,73 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch : BSF (Best So Far)
+// | file : $RCSfile$
+// | last update : $Date$
+// | last modifier : $Author$
+// | revision : $Revision$
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU General Public License as published by |
+// | the Free Software Foundation |
+// | |
+// | This program is distributed in the hope that it will be useful, but |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
+// | General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA. |
+// +-----------------------------------------------------------------------+
+
+function force_download ($filename)
+{
+//TODO : messages in "lang"
+ $filename = realpath($filename);
+
+ $file_extension = strtolower(substr(strrchr($filename,"."),1));
+
+ switch ($file_extension) {
+ case "jpe": case "jpeg":
+ case "jpg": $ctype="image/jpg"; break;
+ case "png": $ctype="image/png"; break;
+ case "gif": $ctype="image/gif"; break;
+ case "pdf": $ctype="application/pdf"; break;
+ case "zip": $ctype="application/zip"; break;
+ case "php":
+ // never allow download of php scripts to protect our conf files
+ die('Hacking attempt!'); break;
+ default: $ctype="application/octet-stream";
+ }
+
+ if (!file_exists($filename)) {
+ die("NO FILE HERE");
+ }
+
+ header("Pragma: public");
+ header("Expires: 0");
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
+ header("Cache-Control: private",false);
+ header("Content-Type: $ctype");
+ header("Content-Disposition: attachment; filename=\""
+ .basename($filename)."\";");
+ header("Content-Transfer-Encoding: binary");
+ header("Content-Length: ".@filesize($filename));
+ set_time_limit(0);
+ @readfile("$filename") or die("File not found.");
+}
+
+//--------------------------------------------------------- download big picture
+if ( isset( $_GET['dwn'] ) )
+{
+//TODO : verify the path begins with './gallerie' and doesn't contains any '..'
+// in order to avoid hacking atempts
+ force_download($_GET['dwn']);
+}
+
+?>