diff options
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Attach.php | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 0bf7689be..cf78ac690 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -14,6 +14,7 @@ class Attach extends Controller { $attach_ids = ((x($_REQUEST, 'attach_ids')) ? $_REQUEST['attach_ids'] : []); $attach_path = ((x($_REQUEST, 'attach_path')) ? $_REQUEST['attach_path'] : ''); + $download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : ''); $channel_id = ((x($_REQUEST, 'channel_id')) ? intval($_REQUEST['channel_id']) : 0); $channel = channelx_by_n($channel_id); @@ -52,6 +53,9 @@ class Attach extends Controller { ]; Verify::create('zip_token', 0, $token, json_encode($meta)); + Verify::create('download_token', 0, $download_token, $token); + + json_return_and_die([ 'success' => true, @@ -69,12 +73,32 @@ class Attach extends Controller { return; } - if(argv(1) === 'download') { + $token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : ''); + $download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : ''); - $token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : ''); + if(argv(1) === 'check') { + $meta = Verify::get_meta('download_token', 0, $download_token); + + if(! $meta) + killme(); + + json_return_and_die([ + 'success' => true, + 'token' => $meta + ]); + } + + if(argv(1) === 'download') { $meta = Verify::get_meta('zip_token', 0, $token); + + if(! $meta) + killme(); + $meta = json_decode($meta, true); + // make sure we remove the download_token in case we have not checked yet + Verify::get_meta('download_token', 0, $download_token); + header('Content-Type: application/zip'); header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"'); header('Content-Length: ' . filesize($meta['zip_path'])); @@ -82,7 +106,7 @@ class Attach extends Controller { $istream = fopen($meta['zip_path'], 'rb'); $ostream = fopen('php://output', 'wb'); if($istream && $ostream) { - pipe_streams($istream,$ostream); + pipe_streams($istream, $ostream); fclose($istream); fclose($ostream); } @@ -123,7 +147,7 @@ class Attach extends Controller { $istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb'); $ostream = fopen('php://output','wb'); if($istream && $ostream) { - pipe_streams($istream,$ostream); + pipe_streams($istream, $ostream); fclose($istream); fclose($ostream); } |