/[drupal]/contributions/modules/filerequest/throttle.php
ViewVC logotype

Diff of /contributions/modules/filerequest/throttle.php

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.2, Fri Jan 6 16:38:38 2006 UTC revision 1.3, Mon Jul 3 14:03:54 2006 UTC
# Line 1  Line 1 
1  <?php  <?php
2  // $Id: throttle.php,v 1.1 2006/01/03 20:44:50 elmuerte Exp $  // $Id: throttle.php,v 1.2.2.2 2006/03/29 19:31:10 elmuerte Exp $
3    
4  define("__DRUPAL_BASE_DIR", dirname(dirname(dirname(__FILE__))));  define("__DRUPAL_BASE_DIR", dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR);
5    
6  /**  /**
7   * Create & test the filepath.   * Create & test the filepath.
8   * @param   string  the input path   * @param   string  the input path
9   * @return  string  the fixed full path to the file, or false   * @return  string  the fixed full path to the file, or false
10   */   */
11  function __file_create_path($fn)  function __fr_file_create_path($fn) {
12  {    global $config;
13      global $config;    $basedir = __DRUPAL_BASE_DIR.$config["filereq_fspath"].DIRECTORY_SEPARATOR;
14      $basedir = __DRUPAL_BASE_DIR.DIRECTORY_SEPARATOR.$config["filereq_fspatch"].DIRECTORY_SEPARATOR;    $fn = realpath($basedir.$fn);
15      $fn = realpath($basedir.$fn);    if (strncmp($basedir, $fn, strlen($basedir)) != 0) return false; // security exploit
16      if (strncmp($basedir, $fn, strlen($basedir)) != 0) return false; // security exploit    return $fn;
     return $fn;  
17  }  }
18    
19  if (@include("./throttle.config.php"))  if (file_exists("./throttle.config.php")) {
20  {    require_once("downloadhandler.php");
21      require_once("downloadhandler.php");    require("throttle.config.php");
22      if (empty($_GET['file']))  
23      {    $config["filename"] = __fr_file_create_path($_GET['file']);
24          //$_GET['file'] = preg_replace("##", "", $_SERVER["REQUEST_URI"]);    if (!__fr_can_download_file($config)) define("__FILEREQ_LEECH", $_GET['file']);
25      }    if ($config["filename"] && is_readable($config["filename"]) && !defined("__FILEREQ_LEECH")) {
26      $filepath = __file_create_path($_GET['file']);      // make sure no caching headers are set
27      if (!__anti_leech($config)) define("__FILEREQ_LEECH", $_GET['file']);      header("Cache-Control:");
28      if ($filepath && file_exists($filepath) && !defined("__FILEREQ_LEECH")) {      header("Pragma:");
29          // make sure no caching headers are set      header("Expires:");
30          header("Cache-Control:");      header("X-Throttled: true");
31          header("Pragma:");      __fr_process_download($config["filename"], preg_match("#(\?|&)download(&|$)#", $_SERVER["REQUEST_URI"]), $config["watermark"]);
32          header("Expires:");      if ($__fr_reporting_leech) {
33          header("X-Throttled: true");        chdir(__DRUPAL_BASE_DIR);
34          process_download($filepath, preg_match("#(\?|&)download(&|$)#", $_SERVER["REQUEST_URI"]));        @require('includes/bootstrap.inc');
         exit();  
35      }      }
36        exit();
37      }
38  }  }
39    
40  // unable to send the file, go back into the Drupal system  // unable to send the file, go back into the Drupal system
Legend:
Removed from v.1.2  
changed lines
  Added in v.1.3
  ViewVC Help
Powered by ViewVC 1.1.2