diff options
author | Mario Vavti <mario@mariovavti.com> | 2016-10-12 12:13:44 +0200 |
---|---|---|
committer | Mario Vavti <mario@mariovavti.com> | 2016-10-12 12:13:44 +0200 |
commit | cf547be1d6900d12719a9372cbc1a5d433d31863 (patch) | |
tree | 03a525cf40905adafc21b0c4146e467bad288437 /Zotlabs/Module/Getfile.php | |
parent | 29617737ca2c03c800ebbe4701dc21cf9f25ce22 (diff) | |
parent | 16da1a4e810889448eecbd13d68183a820bcebe2 (diff) | |
download | volse-hubzilla-cf547be1d6900d12719a9372cbc1a5d433d31863.tar.gz volse-hubzilla-cf547be1d6900d12719a9372cbc1a5d433d31863.tar.bz2 volse-hubzilla-cf547be1d6900d12719a9372cbc1a5d433d31863.zip |
Merge branch '1.14RC'
Diffstat (limited to 'Zotlabs/Module/Getfile.php')
-rw-r--r-- | Zotlabs/Module/Getfile.php | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 09d761887..3d859d94b 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -27,10 +27,12 @@ require_once('include/attach.php'); class Getfile extends \Zotlabs\Web\Controller { function post() { + + logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO); - $hash = $_POST['hash']; - $time = $_POST['time']; - $sig = $_POST['signature']; + $hash = $_POST['hash']; + $time = $_POST['time']; + $sig = $_POST['signature']; $resource = $_POST['resource']; $revision = intval($_POST['revision']); @@ -38,9 +40,11 @@ class Getfile extends \Zotlabs\Web\Controller { killme(); $channel = channelx_by_hash($hash); - - if((! $channel) || (! $time) || (! $sig)) + + if((! $channel) || (! $time) || (! $sig)) { + logger('error: missing info'); killme(); + } $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop')); if($slop < 1) @@ -58,16 +62,15 @@ class Getfile extends \Zotlabs\Web\Controller { logger('verify failed.'); killme(); } - - - $r = attach_by_hash($resource,$revision); + + $r = attach_by_hash($resource,$channel['channel_hash'],$revision); if(! $r['success']) { + logger('attach_by_hash failed: ' . $r['message']); notice( $r['message'] . EOL); return; } - - + $unsafe_types = array('text/html','text/css','application/javascript'); if(in_array($r['data']['filetype'],$unsafe_types)) { @@ -76,10 +79,10 @@ class Getfile extends \Zotlabs\Web\Controller { else { header('Content-type: ' . $r['data']['filetype']); } - + header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"'); if(intval($r['data']['os_storage'])) { - $fname = dbunescbin($r['data']['data']); + $fname = dbunescbin($r['data']['content']); if(strpos($fname,'store') !== false) $istream = fopen($fname,'rb'); else @@ -91,11 +94,9 @@ class Getfile extends \Zotlabs\Web\Controller { fclose($ostream); } } - else - echo dbunescbin($r['data']['data']); + else { + echo dbunescbin($r['data']['content']); + } killme(); - - - } } |