diff options
author | Florian Pritz <bluewind@xinu.at> | 2023-01-29 13:58:21 +0100 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2023-01-29 13:58:21 +0100 |
commit | c88be04f0ec35304be812d7f5379c4362008b730 (patch) | |
tree | 0d161faf7b5d03396fcab28e1ecb8e8764f32cb2 /system/helpers/download_helper.php | |
parent | 457e351cbc1335de951f4ac79bb91a9f3ea9ab38 (diff) | |
parent | a6faab2ebf082eefff9c2422fce016e49da548bf (diff) |
Merge remote-tracking branch 'upstream/develop' into dev
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'system/helpers/download_helper.php')
-rw-r--r-- | system/helpers/download_helper.php | 54 |
1 files changed, 38 insertions, 16 deletions
diff --git a/system/helpers/download_helper.php b/system/helpers/download_helper.php index 9b361c4bd..2c72c563a 100644 --- a/system/helpers/download_helper.php +++ b/system/helpers/download_helper.php @@ -57,7 +57,7 @@ if ( ! function_exists('force_download')) * * Generates headers that force a download to happen * - * @param string filename + * @param mixed filename (or an array of local file path => destination filename) * @param mixed the data to be downloaded * @param bool whether to try and send the actual file MIME type * @return void @@ -70,14 +70,34 @@ if ( ! function_exists('force_download')) } elseif ($data === NULL) { - if ( ! @is_file($filename) OR ($filesize = @filesize($filename)) === FALSE) + // Is $filename an array as ['local source path' => 'destination filename']? + if (is_array($filename)) { - return; + if (count($filename) !== 1) + { + return; + } + + reset($filename); + $filepath = key($filename); + $filename = current($filename); + + if (is_int($filepath)) + { + return; + } + } + else + { + $filepath = $filename; + $filename = explode('/', str_replace(DIRECTORY_SEPARATOR, '/', $filename)); + $filename = end($filename); } - $filepath = $filename; - $filename = explode('/', str_replace(DIRECTORY_SEPARATOR, '/', $filename)); - $filename = end($filename); + if ( ! @is_file($filepath) OR ($filesize = @filesize($filepath)) === FALSE) + { + return; + } } else { @@ -122,20 +142,23 @@ if ( ! function_exists('force_download')) $filename = implode('.', $x); } - if ($data === NULL && ($fp = @fopen($filepath, 'rb')) === FALSE) - { - return; - } - // Clean output buffer if (ob_get_level() !== 0 && @ob_end_clean() === FALSE) { @ob_clean(); } + // RFC 6266 allows for multibyte filenames, but only in UTF-8, + // so we have to make it conditional ... + $charset = strtoupper(config_item('charset')); + $utf8_filename = ($charset !== 'UTF-8') + ? get_instance()->utf8->convert_to_utf8($filename, $charset) + : $filename; + isset($utf8_filename[0]) && $utf8_filename = " filename*=UTF-8''".rawurlencode($utf8_filename); + // Generate the server headers header('Content-Type: '.$mime); - header('Content-Disposition: attachment; filename="'.$filename.'"'); + header('Content-Disposition: attachment; filename="'.$filename.'";'.$utf8_filename); header('Expires: 0'); header('Content-Transfer-Encoding: binary'); header('Content-Length: '.$filesize); @@ -147,13 +170,12 @@ if ( ! function_exists('force_download')) exit($data); } - // Flush 1MB chunks of data - while ( ! feof($fp) && ($data = fread($fp, 1048576)) !== FALSE) + // Flush the file + if (@readfile($filepath) === FALSE) { - echo $data; + return; } - fclose($fp); exit; } } |