2016-05-09 21:08:36 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
if (!defined('GNUSOCIAL')) { exit(1); }
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Download notice attachment
|
|
|
|
*
|
|
|
|
* @category Personal
|
|
|
|
* @package GNUsocial
|
|
|
|
* @author Mikael Nordfeldth <mmn@hethane.se>
|
|
|
|
* @license https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
|
|
|
* @link https:/gnu.io/social
|
|
|
|
*/
|
|
|
|
class Attachment_downloadAction extends AttachmentAction
|
|
|
|
{
|
|
|
|
public function showPage()
|
|
|
|
{
|
2019-06-29 20:10:20 +01:00
|
|
|
// Checks file exists or throws FileNotFoundException
|
|
|
|
$filepath = $this->attachment->getFileOrThumbnailPath();
|
2019-06-30 15:24:11 +01:00
|
|
|
$filesize = $this->attachment->getFileOrThumbnailSize();
|
2019-06-29 20:10:20 +01:00
|
|
|
$mimetype = $this->attachment->getFileOrThumbnailMimetype();
|
|
|
|
|
|
|
|
if (empty($filepath)) {
|
|
|
|
$thiis->clientError(_('No such attachment'), 404);
|
|
|
|
}
|
|
|
|
|
[MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments
The filename has a new format:
bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"
This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".
This new name is displayed in the UI, instead of the previous name.
2019-06-11 02:42:33 +01:00
|
|
|
$filename = MediaFile::getDisplayName($this->attachment);
|
|
|
|
|
|
|
|
// Disable errors, to not mess with the file contents (suppress errors in case access to this
|
|
|
|
// function is blocked, like in some shared hosts). Automatically reset at the end of the
|
|
|
|
// script execution, and we don't want to have any more errors until then, so don't reset it
|
|
|
|
@ini_set('display_errors', 0);
|
|
|
|
|
|
|
|
header("Content-Description: File Transfer");
|
2019-06-29 20:10:20 +01:00
|
|
|
header("Content-Type: {$mimetype}");
|
[MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments
The filename has a new format:
bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"
This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".
This new name is displayed in the UI, instead of the previous name.
2019-06-11 02:42:33 +01:00
|
|
|
header("Content-Disposition: attachment; filename=\"{$filename}\"");
|
|
|
|
header('Expires: 0');
|
|
|
|
header('Content-Transfer-Encoding: binary'); // FIXME? Can this be different?
|
|
|
|
|
2019-06-28 00:18:27 +01:00
|
|
|
AttachmentAction::sendFile($filepath, $filesize);
|
2016-05-09 21:08:36 +01:00
|
|
|
}
|
|
|
|
}
|