| 1 |
<?php
|
| 2 |
// $Id: throttle.php,v 1.2.2.2 2006/03/29 19:31:10 elmuerte Exp $
|
| 3 |
|
| 4 |
define("__DRUPAL_BASE_DIR", dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR);
|
| 5 |
|
| 6 |
/**
|
| 7 |
* Create & test the filepath.
|
| 8 |
* @param string the input path
|
| 9 |
* @return string the fixed full path to the file, or false
|
| 10 |
*/
|
| 11 |
function __fr_file_create_path($fn) {
|
| 12 |
global $config;
|
| 13 |
$basedir = __DRUPAL_BASE_DIR.$config["filereq_fspath"].DIRECTORY_SEPARATOR;
|
| 14 |
$fn = realpath($basedir.$fn);
|
| 15 |
if (strncmp($basedir, $fn, strlen($basedir)) != 0) return false; // security exploit
|
| 16 |
return $fn;
|
| 17 |
}
|
| 18 |
|
| 19 |
if (file_exists("./throttle.config.php")) {
|
| 20 |
require_once("downloadhandler.php");
|
| 21 |
require("throttle.config.php");
|
| 22 |
|
| 23 |
$config["filename"] = __fr_file_create_path($_GET['file']);
|
| 24 |
if (!__fr_can_download_file($config)) define("__FILEREQ_LEECH", $_GET['file']);
|
| 25 |
if ($config["filename"] && is_readable($config["filename"]) && !defined("__FILEREQ_LEECH")) {
|
| 26 |
// make sure no caching headers are set
|
| 27 |
header("Cache-Control:");
|
| 28 |
header("Pragma:");
|
| 29 |
header("Expires:");
|
| 30 |
header("X-Throttled: true");
|
| 31 |
__fr_process_download($config["filename"], preg_match("#(\?|&)download(&|$)#", $_SERVER["REQUEST_URI"]), $config["watermark"]);
|
| 32 |
if ($__fr_reporting_leech) {
|
| 33 |
chdir(__DRUPAL_BASE_DIR);
|
| 34 |
@require('includes/bootstrap.inc');
|
| 35 |
}
|
| 36 |
exit();
|
| 37 |
}
|
| 38 |
}
|
| 39 |
|
| 40 |
// unable to send the file, go back into the Drupal system
|
| 41 |
|
| 42 |
unset($config);
|
| 43 |
unset($filepath);
|
| 44 |
$_SERVER['SCRIPT_NAME'] = dirname(dirname(dirname($_SERVER['SCRIPT_NAME'])))."/index.php";
|
| 45 |
chdir(__DRUPAL_BASE_DIR);
|
| 46 |
$_GET["q"] = "system/files";
|
| 47 |
require("index.php");
|
| 48 |
|
| 49 |
?>
|
Parent Directory
| 
Revision Log
| 
Revision Graph