nextcloud/apps/files/ajax/download.php

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Andreas Fischer <bantu@owncloud.com>
 * @author Björn Schießle <bjoern@schiessle.org>
 * @author Frank Karlitschek <frank@karlitschek.de>
 * @author Joas Schilling <coding@schilljs.com>
 * @author Jörn Friedrich Dreyer <jfd@butonic.de>
 * @author Lukas Reschke <lukas@statuscode.ch>
 * @author Morris Jobke <hey@morrisjobke.de>
 * @author Piotr Filiciak <piotr@filiciak.pl>
 * @author Robin Appelman <robin@icewind.nl>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

// Check if we are a user
OCP\User::checkLoggedIn();
\OC::$server->getSession()->close();

$files = isset($_GET['files']) ? (string)$_GET['files'] : '';
$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';

$files_list = json_decode($files);
// in case we get only a single file
if (!is_array($files_list)) {
	$files_list = array($files);
}

/**
 * this sets a cookie to be able to recognize the start of the download
 * the content must not be longer than 32 characters and must only contain
 * alphanumeric characters
 */
if(isset($_GET['downloadStartSecret'])
	&& !isset($_GET['downloadStartSecret'][32])
	&& preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) === 1) {
	setcookie('ocDownloadStarted', $_GET['downloadStartSecret'], time() + 20, '/');
}

$server_params = array( 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' );

/**
 * Http range requests support
 */
if (isset($_SERVER['HTTP_RANGE'])) {
	$server_params['range'] = \OC::$server->getRequest()->getHeader('Range');
}

OC_Files::get($dir, $files_list, $server_params);
Make the download button work 2011-04-18 17:40:17 +04:00			`<?php`
			`/**`
Fix apps/ 2016-07-21 17:49:16 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Andreas Fischer <bantu@owncloud.com>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Björn Schießle <bjoern@schiessle.org>`
			`* @author Frank Karlitschek <frank@karlitschek.de>`
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2017-11-06 17:56:42 +03:00			`* @author Joas Schilling <coding@schilljs.com>`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Jörn Friedrich Dreyer <jfd@butonic.de>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Lukas Reschke <lukas@statuscode.ch>`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Morris Jobke <hey@morrisjobke.de>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Piotr Filiciak <piotr@filiciak.pl>`
Update with robin 2016-07-21 19:13:36 +03:00			`* @author Robin Appelman <robin@icewind.nl>`
Update license headers 2015-03-26 13:44:34 +03:00			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
			`*`
			`*/`
Revert "Updating license headers" This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36. 2015-02-26 13:37:37 +03:00
Make the download button work 2011-04-18 17:40:17 +04:00			`// Check if we are a user`
ported checkLoggedIn and checkAdmin 2012-05-02 00:59:38 +04:00			`OCP\User::checkLoggedIn();`
kill OC::$session maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession restore order os OC::$session and OC::$CLI remove unneded initialization of dummy session write back session when $useCustomSession is true log warning when deprecated app is used 2014-07-16 21:40:22 +04:00			`\OC::$server->getSession()->close();`
Make the download button work 2011-04-18 17:40:17 +04:00
Manually type-case all AJAX files This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core 2015-02-13 15:33:20 +03:00			`$files = isset($_GET['files']) ? (string)$_GET['files'] : '';`
			`$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';`
Make the download button work 2011-04-18 17:40:17 +04:00
json encode list of files 2013-03-07 17:15:02 +04:00			`$files_list = json_decode($files);`
remove debug output 2013-03-07 17:18:27 +04:00			`// in case we get only a single file`
Check expected type after JSON decode instead of checking what is not expected. This will also allow "true" and "false" as filenames instead of only "null". 2013-08-07 19:01:14 +04:00			`if (!is_array($files_list)) {`
json encode list of files 2013-03-07 17:15:02 +04:00			`$files_list = array($files);`
			`}`

Add proper download started feedback * this code adds a cookie when a special get parameter is set * the content of this get parameter is used as value for the cookie * the cookie expires after 20 seconds * the JS code checks every 500 milliseconds for the cookie -> if the cookie is set the request returned and the download is started 2015-06-29 16:20:47 +03:00			`/**`
			`* this sets a cookie to be able to recognize the start of the download`
			`* the content must not be longer than 32 characters and must only contain`
			`* alphanumeric characters`
			`*/`
			`if(isset($_GET['downloadStartSecret'])`
			`&& !isset($_GET['downloadStartSecret'][32])`
			`&& preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) === 1) {`
			`setcookie('ocDownloadStarted', $_GET['downloadStartSecret'], time() + 20, '/');`
			`}`

Fix comparisons in the files app Signed-off-by: Joas Schilling <coding@schilljs.com> 2017-05-10 15:07:58 +03:00			`$server_params = array( 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' );`
Http Range requests support in downloads Http range requests support is required for video preview 2016-05-20 19:16:44 +03:00
			`/**`
			`* Http range requests support`
			`*/`
			`if (isset($_SERVER['HTTP_RANGE'])) {`
			`$server_params['range'] = \OC::$server->getRequest()->getHeader('Range');`
			`}`

			`OC_Files::get($dir, $files_list, $server_params);`