rewritten the method `download'

the method is not vulnerable to race conditions anymore.

BTW, the headers are set before the file is actually written.

Signed-off-by: Olivier Gayot <duskcoder@gmail.com>

1 files changed, 24 insertions, 8 deletions

diff --git a/PHP_DW.php b/PHP_DW.php
index d119082..afab7f1 100644
--- a/PHP_DW.php
+++ b/PHP_DW.php
@@ -46,18 +46,34 @@ class PHP_DW {
     }
 
     public function download($filename) {
+        /* according to stat(2) */
+        define('S_IFMT', 0170000);
+        define('S_IFREG', 0100000);
+
         $path = $this->__get_full_path($filename) or die('invalid file');
 
-        $ret = @readfile($path);
-        if ($ret) {
-            header('Content-Description: File Transfer');
-            header('Content-Disposition: attachment; filename=' . $filename);
-            header('Content-Length: '. filesize($path));
-            header('Cache-Control: must-revalidate');
+        $fh = @fopen($path, 'rb');
+
+        if ($fh) {
+            $fstats = fstat($fh);
+
+            /* check if the target is a regular file */
+            if (S_IFREG == ($fstats['mode'] & S_IFMT)) {
+                $this->__incr_count($filename);
 
-            $this->__incr_count($filename);
+                header('Content-Description: File Transfer');
+                header('Content-Disposition: attachment; filename=' . $filename);
+                header('Content-Length: '. $fstats['size']);
+                header('Cache-Control: private');
+
+                echo(fread($fh, $fstats['size']));
+            } else {
+                echo($path . ': is not a regular file');
+            }
+
+            fclose($fh);
         } else {
-            die('no such file or directory');
+            echo($path . ': no such file or directory');
         }
     }