Created
July 28, 2010 21:56
-
-
Save anonymous/496477 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if(!defined("__IN_SYMPHONY__")) die("<h2>Error</h2><p>You cannot directly access this file</p>"); | |
Class eventForce_Download Extends Event{ | |
function __construct($args = array()){ | |
parent::__construct($args); | |
} | |
function about(){ | |
return array( | |
"name" => "Forced Download", | |
"description" => "Place this on any page and add ?download=XXX to the URL. XXX is a file path to a media file, relative to the workspace folder.", | |
"author" => array("name" => "Carsten de Vries", | |
"website" => "http://www.vrieswerk.nl", | |
"email" => "carsten@vrieswerk.nl"), | |
"version" => "1.0", | |
"release-date" => "2008-04-07", | |
"trigger-condition" => "?download=XXX", | |
"recognised-fields" => NULL); | |
} | |
function load(){ | |
if(isset($_GET['download'])) return $this->trigger($_GET['download']); | |
return; | |
} | |
function trigger($path){ | |
$file = WORKSPACE . '/' . trim($path, '/'); | |
if(!is_file($file)) die("<h1>Symphony Fatal Error</h1><p>The requested file '<strong>$file</strong>' could not be read.<hr /><em>".$_SERVER['SERVER_SIGNATURE']."</em>"); | |
// Gather file information | |
$file_size = filesize($file); | |
$file_name = basename($file); | |
$file_extension = strtolower(substr(strrchr($file,"."),1)); | |
// Which Content-Type do we have? This will set the Content-Type to the appropriate setting for various types of media files. | |
// Add a new case for any additional media files you want to (dis)allow to be downloaded | |
switch($file_extension){ | |
case "doc": $content_type = "application/msword"; break; | |
case "xls": $content_type = "application/vnd.ms-excel"; break; | |
case "ppt": $content_type = "application/vnd.ms-powerpoint"; break; | |
case "pdf": $content_type = "application/pdf"; break; | |
case "swf": $content_type = "application/x-shockwave-flash"; break; | |
case "wbmp": $content_type = "application/wbmp"; break; | |
case "bmp": $content_type = "application/bmp"; break; | |
case "gif": $content_type = "image/gif"; break; | |
case "png": $content_type = "image/png"; break; | |
case "jpg": | |
case "jpeg": | |
case "jpe": $content_type = "image/jpeg"; break; | |
case "mp3": $content_type = "audio/mpeg"; break; | |
case "wav": $content_type = "audio/x-wav"; break; | |
case "mp4": $content_type = "video/mp4"; break; | |
case "mpeg": | |
case "mpg": | |
case "mpe": $content_type = "video/mpeg"; break; | |
case "qt": | |
case "mov": $content_type = "video/quicktime"; break; | |
case "avi": $content_type = "video/x-msvideo"; break; | |
//Disallowed file extensions below: | |
case "php": | |
case "asp": | |
case "js": | |
case "xsl": | |
case "xml": | |
case "htm": | |
case "html": | |
case "htaccess": | |
case "htpasswd": | |
case "txt": die("<h1>Symphony Fatal Error</h1><p>Downloading the requested filetype '<strong>$file_extension</strong>' is not allowed.<hr /><em>".$_SERVER['SERVER_SIGNATURE']."</em>"); break; | |
// Default content-type to try and force download | |
default: $content_type = "application/octet-stream"; break; | |
} | |
// Start sending headers | |
header("Pragma: public"); // required | |
header("Expires: 0"); | |
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); | |
header("Cache-Control: private", false); // required for certain browsers | |
header("Content-Type: $content_type"); | |
// Extra (escaped) quotes added to allow for filenames that include a space. (IMPROVE?) | |
header("Content-Disposition: attachment; filename=\"".$file_name."\";" ); | |
header("Content-Transfer-Encoding: binary"); | |
header("Content-Length: ".$file_size."); | |
print file_get_contents($file); | |
die(); | |
} | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment