/
navigate_download.php
103 lines (87 loc) · 2.12 KB
/
navigate_download.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
if(!empty($_REQUEST['sid']))
{
session_id($_REQUEST['sid']);
}
require_once('cfg/globals.php');
require_once('cfg/common.php');
require_once('lib/packages/files/file.class.php');
require_once('web/nvweb_objects.php');
/* global variables */
global $DB;
global $config;
global $website;
if(empty($_REQUEST['id']))
{
exit;
}
// create database connection
$DB = new database();
if(!$DB->connect())
{
exit;
}
if(empty($_SESSION['APP_USER#'.APP_UNIQUE]))
{
exit;
}
$website = new website();
if(!empty($_GET['wid']))
{
$website->load(intval($_GET['wid']));
}
else if($item->website > 0)
{
$website->load($item->website);
}
else
{
$website->load();
}
$item = new file();
$id = $_REQUEST['id'];
if(!empty($_REQUEST['id']))
{
if(is_numeric($id) && $_REQUEST['id'] == intval($_REQUEST['id']))
{
$item->load($id);
}
else
{
// sanitize "id" parameter to avoid XSS problems
// note: if the "id" parameter is not numeric, then it could be an external URL request
$url = $_REQUEST['id'];
$url = filter_var($url, FILTER_SANITIZE_URL);
// disallow use of < > chars in a URL
$url = str_replace(array('<', '>'), '', $url);
// prevent directory traversal
$url_dtr = core_remove_directory_traversal($url);
if($url != $url_dtr)
{
$url = "";
}
// make sure it is an external URL
if( strpos($url, 'http://')===0 ||
strpos($url, 'https://')===0
)
{
$item->load($url);
}
else
{
header("HTTP/1.1 404 Not Found");
core_terminate();
}
}
}
if(!$item->id)
{
echo 'Error: no item found with id '.$_REQUEST['id'].'.';
core_terminate();
}
$path = NAVIGATE_PRIVATE.'/'.$website->id.'/files/'.$item->id;
// pass control to usual website download (ignoring enabled check)
//$_REQUEST['type'] = $item->type;
$_REQUEST['force_resize'] = 'true';
nvweb_object(true, true, $item); // ignore all permissions
?>