|
130 | 130 |
|
131 | 131 | header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s \G\M\T', $v_date_added ) ); |
132 | 132 |
|
| 133 | + $t_upload_method = config_get( 'file_upload_method' ); |
133 | 134 | $t_filename = file_get_display_name( $v_filename ); |
134 | | - # For Internet Explorer 8 as per http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx |
135 | | - # Don't let IE second guess our content-type! |
136 | | - header( 'X-Content-Type-Options: nosniff' ); |
137 | 135 |
|
138 | | - http_content_disposition_header( $t_filename, $f_show_inline ); |
139 | | - |
140 | | - header( 'Content-Length: ' . $v_filesize ); |
| 136 | + # Content headers |
141 | 137 |
|
142 | 138 | # If finfo is available (always true for PHP >= 5.3.0) we can use it to determine the MIME type of files |
143 | 139 | $finfo = finfo_get_if_available(); |
144 | 140 |
|
145 | 141 | $t_content_type = $v_file_type; |
146 | 142 |
|
147 | 143 | $t_content_type_override = file_get_content_type_override ( $t_filename ); |
| 144 | + $t_file_info_type = false; |
148 | 145 |
|
149 | | - # dump file content to the connection. |
150 | | - switch ( config_get( 'file_upload_method' ) ) { |
| 146 | + switch( $t_upload_method ) { |
151 | 147 | case DISK: |
152 | 148 | $t_local_disk_file = file_normalize_attachment_path( $v_diskfile, $t_project_id ); |
153 | | - |
154 | | - if ( file_exists( $t_local_disk_file ) ) { |
155 | | - if ( $finfo ) { |
156 | | - $t_file_info_type = $finfo->file( $t_local_disk_file ); |
157 | | - |
158 | | - if ( $t_file_info_type !== false ) { |
159 | | - $t_content_type = $t_file_info_type; |
160 | | - } |
161 | | - } |
162 | | - |
163 | | - if ( $t_content_type_override ) { |
164 | | - $t_content_type = $t_content_type_override; |
165 | | - } |
166 | | - |
167 | | - header( 'Content-Type: ' . $t_content_type ); |
168 | | - readfile( $t_local_disk_file ); |
| 149 | + if( file_exists( $t_local_disk_file ) && $finfo ) { |
| 150 | + $t_file_info_type = $finfo->file( $t_local_disk_file ); |
169 | 151 | } |
170 | 152 | break; |
171 | 153 | case FTP: |
|
179 | 161 |
|
180 | 162 | if ( $finfo ) { |
181 | 163 | $t_file_info_type = $finfo->file( $t_local_disk_file ); |
182 | | - |
183 | | - if ( $t_file_info_type !== false ) { |
184 | | - $t_content_type = $t_file_info_type; |
185 | | - } |
186 | 164 | } |
187 | | - |
188 | | - if ( $t_content_type_override ) { |
189 | | - $t_content_type = $t_content_type_override; |
190 | | - } |
191 | | - |
192 | | - header( 'Content-Type: ' . $t_content_type ); |
193 | | - readfile( $t_local_disk_file ); |
194 | 165 | break; |
195 | | - default: |
| 166 | + case DATABASE: |
196 | 167 | if ( $finfo ) { |
197 | 168 | $t_file_info_type = $finfo->buffer( $v_content ); |
198 | | - |
199 | | - if ( $t_file_info_type !== false ) { |
200 | | - $t_content_type = $t_file_info_type; |
201 | | - } |
202 | 169 | } |
| 170 | + } |
203 | 171 |
|
204 | | - if ( $t_content_type_override ) { |
205 | | - $t_content_type = $t_content_type_override; |
206 | | - } |
| 172 | + if( $t_file_info_type !== false ) { |
| 173 | + $t_content_type = $t_file_info_type; |
| 174 | + } |
| 175 | + |
| 176 | + if( $t_content_type_override ) { |
| 177 | + $t_content_type = $t_content_type_override; |
| 178 | + } |
| 179 | + |
| 180 | + # Don't allow inline flash |
| 181 | + if( false !== strpos( $t_content_type, 'application/x-shockwave-flash' ) ) { |
| 182 | + http_content_disposition_header( $t_filename ); |
| 183 | + } else { |
| 184 | + http_content_disposition_header( $t_filename, $f_show_inline ); |
| 185 | + } |
| 186 | + |
| 187 | + header( 'Content-Type: ' . $t_content_type ); |
| 188 | + header( 'Content-Length: ' . $v_filesize ); |
207 | 189 |
|
208 | | - header( 'Content-Type: ' . $t_content_type ); |
| 190 | + # For Internet Explorer 8 as per http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx |
| 191 | + # Don't let IE second guess our content-type! |
| 192 | + header( 'X-Content-Type-Options: nosniff' ); |
| 193 | + |
| 194 | + # dump file content to the connection. |
| 195 | + switch( $t_upload_method ) { |
| 196 | + case DISK: |
| 197 | + case FTP: |
| 198 | + readfile( $t_local_disk_file ); |
| 199 | + break; |
| 200 | + case DATABASE: |
209 | 201 | echo $v_content; |
210 | 202 | } |
0 commit comments