From 3abef20b2a0ecaeff1877eb3d10bb12338041c49 Mon Sep 17 00:00:00 2001 From: Olivier Gayot Date: Tue, 13 Jan 2015 22:06:19 +0100 Subject: rewritten the method `download' the method is not vulnerable to race conditions anymore. BTW, the headers are set before the file is actually written. Signed-off-by: Olivier Gayot --- PHP_DW.php | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/PHP_DW.php b/PHP_DW.php index d119082..afab7f1 100644 --- a/PHP_DW.php +++ b/PHP_DW.php @@ -46,18 +46,34 @@ class PHP_DW { } public function download($filename) { + /* according to stat(2) */ + define('S_IFMT', 0170000); + define('S_IFREG', 0100000); + $path = $this->__get_full_path($filename) or die('invalid file'); - $ret = @readfile($path); - if ($ret) { - header('Content-Description: File Transfer'); - header('Content-Disposition: attachment; filename=' . $filename); - header('Content-Length: '. filesize($path)); - header('Cache-Control: must-revalidate'); + $fh = @fopen($path, 'rb'); + + if ($fh) { + $fstats = fstat($fh); + + /* check if the target is a regular file */ + if (S_IFREG == ($fstats['mode'] & S_IFMT)) { + $this->__incr_count($filename); - $this->__incr_count($filename); + header('Content-Description: File Transfer'); + header('Content-Disposition: attachment; filename=' . $filename); + header('Content-Length: '. $fstats['size']); + header('Cache-Control: private'); + + echo(fread($fh, $fstats['size'])); + } else { + echo($path . ': is not a regular file'); + } + + fclose($fh); } else { - die('no such file or directory'); + echo($path . ': no such file or directory'); } } -- cgit v1.2.3