[Sommaire] [Imprimer]

   1  <?php
   2  # Mantis - a php based bugtracking system
   3  
   4  # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
   5  # Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
   6  
   7  # Mantis is free software: you can redistribute it and/or modify
   8  # it under the terms of the GNU General Public License as published by
   9  # the Free Software Foundation, either version 2 of the License, or
  10  # (at your option) any later version.
  11  #
  12  # Mantis is distributed in the hope that it will be useful,
  13  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  # GNU General Public License for more details.
  16  #
  17  # You should have received a copy of the GNU General Public License
  18  # along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
  19  
  20      # --------------------------------------------------------
  21      # $Id: file_download.php,v 1.41.2.1 2007-10-13 22:33:14 giallu Exp $
  22      # --------------------------------------------------------
  23  ?>
  24  <?php
  25      # Add file and redirect to the referring page
  26  ?>
  27  <?php
  28      $g_bypass_headers = true; # suppress headers as we will send our own later
  29      require_once ( 'core.php' );
  30  
  31      $t_core_path = config_get( 'core_path' );
  32  
  33      require_once( $t_core_path.'file_api.php' );
  34  ?>
  35  <?php auth_ensure_user_authenticated() ?>
  36  <?php
  37      $f_file_id    = gpc_get_int( 'file_id' );
  38      $f_type        = gpc_get_string( 'type' );
  39  
  40      $c_file_id = (integer)$f_file_id;
  41  
  42      # we handle the case where the file is attached to a bug
  43      # or attached to a project as a project doc.
  44      $query = '';
  45      switch ( $f_type ) {
  46          case 'bug':
  47              $t_bug_file_table = config_get( 'mantis_bug_file_table' );
  48              $query = "SELECT *
  49                  FROM $t_bug_file_table
  50                  WHERE id='$c_file_id'";
  51              break;
  52          case 'doc':
  53              $t_project_file_table = config_get( 'mantis_project_file_table' );
  54              $query = "SELECT *
  55                  FROM $t_project_file_table
  56                  WHERE id='$c_file_id'";
  57              break;
  58          default:
  59              access_denied();
  60      }
  61      $result = db_query( $query );
  62      $row = db_fetch_array( $result );
  63      extract( $row, EXTR_PREFIX_ALL, 'v' );
  64  
  65      # Check access rights
  66      switch ( $f_type ) {
  67          case 'bug':
  68              if ( !file_can_download_bug_attachments( $v_bug_id ) ) {
  69                  access_denied();
  70              }
  71              break;
  72          case 'doc':
  73              # Check if project documentation feature is enabled.
  74              if ( OFF == config_get( 'enable_project_documentation' ) ) {
  75                  access_denied();
  76              }
  77  
  78              access_ensure_project_level( config_get( 'view_proj_doc_threshold' ), $v_project_id );
  79              break;
  80      }
  81  
  82      # flush output buffer to protect download
  83      if ( ob_get_length() ) {
  84          @ob_end_clean();
  85      }
  86  
  87      # Make sure that IE can download the attachments under https.
  88      header( 'Pragma: public' );
  89  
  90      header( 'Content-Type: ' . $v_file_type );
  91      header( 'Content-Length: ' . $v_filesize );
  92      $t_filename = file_get_display_name( $v_filename );
  93      $t_inline_files = explode(',', config_get('inline_file_exts', 'gif'));
  94      if ( in_array( file_get_extension($t_filename), $t_inline_files ) ) {
  95          $t_disposition = ''; //'inline;';
  96      } else {
  97          $t_disposition = ' attachment;';
  98      }
  99  
 100      header( 'Content-Disposition:' . $t_disposition . ' filename="' . urlencode( $t_filename ) . '"' );
 101      header( 'Content-Description: Download Data' );
 102      header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s \G\M\T', db_unixtimestamp( $v_date_added ) ) );
 103  
 104      # To fix an IE bug which causes problems when downloading
 105      # attached files via HTTPS, we disable the "Pragma: no-cache"
 106      # command when IE is used over HTTPS.
 107      global $g_allow_file_cache;
 108      if ( ( isset( $_SERVER["HTTPS"] ) && ( "on" == strtolower( $_SERVER["HTTPS"] ) ) ) && preg_match( "/MSIE/", $_SERVER["HTTP_USER_AGENT"] ) ) {
 109          # Suppress "Pragma: no-cache" header.
 110      } else {
 111          if ( ! isset( $g_allow_file_cache ) ) {
 112              header( 'Pragma: no-cache' );
 113          }
 114      }
 115      header( 'Expires: ' . gmdate( 'D, d M Y H:i:s \G\M\T', time() ) );
 116  
 117      # dump file content to the connection.
 118      switch ( config_get( 'file_upload_method' ) ) {
 119          case DISK:
 120              if ( file_exists( $v_diskfile ) ) {
 121                  readfile( $v_diskfile );
 122              }
 123              break;
 124          case FTP:
 125              if ( file_exists( $v_diskfile ) ) {
 126                  readfile( $v_diskfile );
 127              } else {
 128                  $ftp = file_ftp_connect();
 129                  file_ftp_get ( $ftp, $v_diskfile, $v_diskfile );
 130                  file_ftp_disconnect( $ftp );
 131                  readfile( $v_diskfile );
 132              }
 133              break;
 134          default:
 135              echo $v_content;
 136      }
 137      exit();
 138  ?>