Home Explore Help
Sign In
RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Files Issues 23 Wiki
Branch: backport/45026/stable26
Branches Tags
nextcloud-serve...
/
apps
/
files
/
ajax
/
download.php

download.php 2.3 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.
    4. 

  4.  *
    5. 

  5.  * @author Andreas Fischer <bantu@owncloud.com>
    6. 

  6.  * @author Björn Schießle <bjoern@schiessle.org>
    7. 

  7.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>
    8. 

  8.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>
    9. 

  9.  * @author Lukas Reschke <lukas@statuscode.ch>
    10. 

  10.  * @author Morris Jobke <hey@morrisjobke.de>
    11. 

  11.  * @author Piotr Filiciak <piotr@filiciak.pl>
    12. 

  12.  * @author Robin Appelman <robin@icewind.nl>
    13. 

  13.  * @author Roeland Jago Douma <roeland@famdouma.nl>
    14. 

  14.  *
    15. 

  15.  * @license AGPL-3.0
    16. 

  16.  *
    17. 

  17.  * This code is free software: you can redistribute it and/or modify
    18. 

  18.  * it under the terms of the GNU Affero General Public License, version 3,
    19. 

  19.  * as published by the Free Software Foundation.
    20. 

  20.  *
    21. 

  21.  * This program is distributed in the hope that it will be useful,
    22. 

  22.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    23. 

  23.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    24. 

  24.  * GNU Affero General Public License for more details.
    25. 

  25.  *
    26. 

  26.  * You should have received a copy of the GNU Affero General Public License, version 3,
    27. 

  27.  * along with this program. If not, see <http://www.gnu.org/licenses/>
    28. 

  28.  *
    29. 

  29.  */
    30. 

  30. // Check if we are a user
    31. 

  31. OC_Util::checkLoggedIn();
    32. 

  32. \OC::$server->getSession()->close();
    33. 

  33. 

  34. $files = isset($_GET['files']) ? (string)$_GET['files'] : '';
    35. 

  35. $dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
    36. 

  36. 

  37. $files_list = json_decode($files);
    38. 

  38. // in case we get only a single file
    39. 

  39. if (!is_array($files_list)) {
    40. 

  40. 	$files_list = [$files];
    41. 

  41. }
    42. 

  42. 

  43. /**
    44. 

  44.  * @psalm-taint-escape cookie
    45. 

  45.  */
    46. 

  46. function cleanCookieInput(string $value): string {
    47. 

  47. 	if (strlen($value) > 32) {
    48. 

  48. 		return '';
    49. 

  49. 	}
    50. 

  50. 	if (preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) !== 1) {
    51. 

  51. 		return '';
    52. 

  52. 	}
    53. 

  53. 	return $value;
    54. 

  54. }
    55. 

  55. 

  56. /**
    57. 

  57.  * this sets a cookie to be able to recognize the start of the download
    58. 

  58.  * the content must not be longer than 32 characters and must only contain
    59. 

  59.  * alphanumeric characters
    60. 

  60.  */
    61. 

  61. if (isset($_GET['downloadStartSecret'])) {
    62. 

  62. 	$value = cleanCookieInput($_GET['downloadStartSecret']);
    63. 

  63. 	if ($value !== '') {
    64. 

  64. 		setcookie('ocDownloadStarted', $value, time() + 20, '/');
    65. 

  65. 	}
    66. 

  66. }
    67. 

  67. 

  68. $server_params = [ 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' ];
    69. 

  69. 

  70. /**
    71. 

  71.  * Http range requests support
    72. 

  72.  */
    73. 

  73. if (isset($_SERVER['HTTP_RANGE'])) {
    74. 

  74. 	$server_params['range'] = \OC::$server->getRequest()->getHeader('Range');
    75. 

  75. }
    76. 

  76. 

  77. OC_Files::get($dir, $files_list, $server_params);
    78.