2011-04-18 17:40:17 +04:00
|
|
|
<?php
|
|
|
|
/**
|
2016-07-21 17:49:16 +03:00
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
|
|
*
|
2015-03-26 13:44:34 +03:00
|
|
|
* @author Andreas Fischer <bantu@owncloud.com>
|
2016-05-26 20:56:05 +03:00
|
|
|
* @author Björn Schießle <bjoern@schiessle.org>
|
2020-03-31 11:49:10 +03:00
|
|
|
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
|
2016-05-26 20:56:05 +03:00
|
|
|
* @author Frank Karlitschek <frank@karlitschek.de>
|
2015-03-26 13:44:34 +03:00
|
|
|
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
|
2016-05-26 20:56:05 +03:00
|
|
|
* @author Lukas Reschke <lukas@statuscode.ch>
|
2015-03-26 13:44:34 +03:00
|
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
2016-05-26 20:56:05 +03:00
|
|
|
* @author Piotr Filiciak <piotr@filiciak.pl>
|
2016-07-21 19:13:36 +03:00
|
|
|
* @author Robin Appelman <robin@icewind.nl>
|
2015-03-26 13:44:34 +03:00
|
|
|
*
|
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
2019-12-03 21:57:53 +03:00
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
2015-03-26 13:44:34 +03:00
|
|
|
*
|
|
|
|
*/
|
2015-02-26 13:37:37 +03:00
|
|
|
|
2011-04-18 17:40:17 +04:00
|
|
|
// Check if we are a user
|
2021-02-16 13:56:07 +03:00
|
|
|
OC_Util::checkLoggedIn();
|
2014-07-16 21:40:22 +04:00
|
|
|
\OC::$server->getSession()->close();
|
2011-04-18 17:40:17 +04:00
|
|
|
|
2015-02-13 15:33:20 +03:00
|
|
|
$files = isset($_GET['files']) ? (string)$_GET['files'] : '';
|
|
|
|
$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
|
2011-04-18 17:40:17 +04:00
|
|
|
|
2013-03-07 17:15:02 +04:00
|
|
|
$files_list = json_decode($files);
|
2013-03-07 17:18:27 +04:00
|
|
|
// in case we get only a single file
|
2013-08-07 19:01:14 +04:00
|
|
|
if (!is_array($files_list)) {
|
2020-03-26 11:30:18 +03:00
|
|
|
$files_list = [$files];
|
2013-03-07 17:15:02 +04:00
|
|
|
}
|
|
|
|
|
2021-02-10 00:35:18 +03:00
|
|
|
/**
|
|
|
|
* @psalm-taint-escape cookie
|
|
|
|
*/
|
|
|
|
function cleanCookieInput(string $value): string {
|
|
|
|
if (strlen($value) > 32) {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
if (preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) !== 1) {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
return $value;
|
|
|
|
}
|
|
|
|
|
2015-06-29 16:20:47 +03:00
|
|
|
/**
|
|
|
|
* this sets a cookie to be able to recognize the start of the download
|
|
|
|
* the content must not be longer than 32 characters and must only contain
|
|
|
|
* alphanumeric characters
|
|
|
|
*/
|
2021-02-10 00:35:18 +03:00
|
|
|
if (isset($_GET['downloadStartSecret'])) {
|
|
|
|
$value = cleanCookieInput($_GET['downloadStartSecret']);
|
|
|
|
if ($value !== '') {
|
|
|
|
setcookie('ocDownloadStarted', $value, time() + 20, '/');
|
|
|
|
}
|
2015-06-29 16:20:47 +03:00
|
|
|
}
|
|
|
|
|
2020-03-26 11:30:18 +03:00
|
|
|
$server_params = [ 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' ];
|
2016-05-20 19:16:44 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Http range requests support
|
|
|
|
*/
|
|
|
|
if (isset($_SERVER['HTTP_RANGE'])) {
|
|
|
|
$server_params['range'] = \OC::$server->getRequest()->getHeader('Range');
|
|
|
|
}
|
|
|
|
|
|
|
|
OC_Files::get($dir, $files_list, $server_params);
|