Posted By

michaJlS on 12/12/10

Tagged

Versions (?)

town watch

/ Published in: PHP

<?php
define('MEDIAWIKI',1);
$preIP = dirname( __FILE__ );
require_once( "$preIP/includes/WebStart.php" );
 
 
$WhiteList = array(
	'doc', 'docx', 'odt', 'rtf', 'psw', 'ott', 'docm', 'wps',
	'ots', 'ods', 'xls', 'xlt', 'csv', 'pxl', 'xlm', 'xlsm', 'xlsx', 'xltx',
	'odp', 'otp', 'ppt', 'pps', 'pptx', 'ppsx',
	'pdf' , 'jpg' , 'jpeg' , 'jpg' , 'gif', 'bmp', 'png'
);
 
if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] )
	&& isset( $_COOKIE["{$wgCookiePrefix}UserName"])
	&& isset($_SESSION['wsUserID'])
	&& isset($_SESSION['wsToken'])
	&& isset($_SESSION['wsUserName'])
	&& $_COOKIE["{$wgCookiePrefix}UserID"] == $_SESSION['wsUserID']
	&&  $_COOKIE["{$wgCookiePrefix}UserName"] == $_SESSION['wsUserName']
 
	){
 
		$requestedFile = realpath(dirname(__FILE__) . $_SERVER['REQUEST_URI']); 
		$uploadDirectory = realpath($wgUploadDirectory);
		$fileInfo = pathinfo($requestedFile);
		$ext = mb_strtolower($fileInfo['extension']);
		if( file_exists($requestedFile) && ! is_dir($requestedFile) && is_file($requestedFile) ){			
			if(  $uploadDirectory == mb_substr($requestedFile,0,mb_strlen($uploadDirectory)) ){
				if( in_array($ext,$WhiteList) ){
					$mime = MimeMagic::singleton()->getTypesForExtension($ext);
					if( ! empty($mime) ){
						$mime = explode(' ',$mime);
						$mime = array_pop($mime);
					}
					if( empty($mime) ){
						header("Content-Disposition: attachment; filename=" . urlencode($fileInfo['basename']));   
						header("Content-Type: application/force-download");
						header("Content-Type: application/octet-stream");
						header("Content-Type: application/download");
					}
					else{
						header("Content-Type: ".urlencode($mime));
					}
 
					die(readfile($requestedFile));
				}
			}
		}
 
 
	}
 
die('Access denied. You must be logged in.');

Report this snippet Tweet

Comment:

You need to login to post a comment.

Posted By

Tagged

Versions (?)

town watch

Related snippets

Choose a language for easy browsing: