|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc. |
|
4
|
|
|
* |
|
5
|
|
|
* @author Andreas Fischer <[email protected]> |
|
6
|
|
|
* @author Björn Schießle <[email protected]> |
|
7
|
|
|
* @author Christoph Wurst <[email protected]> |
|
8
|
|
|
* @author Frank Karlitschek <[email protected]> |
|
9
|
|
|
* @author Jörn Friedrich Dreyer <[email protected]> |
|
10
|
|
|
* @author Lukas Reschke <[email protected]> |
|
11
|
|
|
* @author Morris Jobke <[email protected]> |
|
12
|
|
|
* @author Piotr Filiciak <[email protected]> |
|
13
|
|
|
* @author Robin Appelman <[email protected]> |
|
14
|
|
|
* |
|
15
|
|
|
* @license AGPL-3.0 |
|
16
|
|
|
* |
|
17
|
|
|
* This code is free software: you can redistribute it and/or modify |
|
18
|
|
|
* it under the terms of the GNU Affero General Public License, version 3, |
|
19
|
|
|
* as published by the Free Software Foundation. |
|
20
|
|
|
* |
|
21
|
|
|
* This program is distributed in the hope that it will be useful, |
|
22
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
23
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
24
|
|
|
* GNU Affero General Public License for more details. |
|
25
|
|
|
* |
|
26
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3, |
|
27
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/> |
|
28
|
|
|
* |
|
29
|
|
|
*/ |
|
30
|
|
|
|
|
31
|
|
|
// Check if we are a user |
|
32
|
|
|
OCP\User::checkLoggedIn(); |
|
33
|
|
|
\OC::$server->getSession()->close(); |
|
34
|
|
|
|
|
35
|
|
|
$files = isset($_GET['files']) ? (string)$_GET['files'] : ''; |
|
36
|
|
|
$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : ''; |
|
37
|
|
|
|
|
38
|
|
|
$files_list = json_decode($files); |
|
39
|
|
|
// in case we get only a single file |
|
40
|
|
|
if (!is_array($files_list)) { |
|
41
|
|
|
$files_list = [$files]; |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
|
|
/** |
|
45
|
|
|
* @psalm-taint-escape cookie |
|
46
|
|
|
*/ |
|
47
|
|
|
function cleanCookieInput(string $value): string { |
|
48
|
|
|
if (strlen($value) > 32) { |
|
49
|
|
|
return ''; |
|
50
|
|
|
} |
|
51
|
|
|
if (preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) !== 1) { |
|
52
|
|
|
return ''; |
|
53
|
|
|
} |
|
54
|
|
|
return $value; |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
/** |
|
58
|
|
|
* this sets a cookie to be able to recognize the start of the download |
|
59
|
|
|
* the content must not be longer than 32 characters and must only contain |
|
60
|
|
|
* alphanumeric characters |
|
61
|
|
|
*/ |
|
62
|
|
|
if (isset($_GET['downloadStartSecret'])) { |
|
63
|
|
|
$value = cleanCookieInput($_GET['downloadStartSecret']); |
|
64
|
|
|
if ($value !== '') { |
|
65
|
|
|
setcookie('ocDownloadStarted', $value, time() + 20, '/'); |
|
66
|
|
|
} |
|
67
|
|
|
} |
|
68
|
|
|
|
|
69
|
|
|
$server_params = [ 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' ]; |
|
70
|
|
|
|
|
71
|
|
|
/** |
|
72
|
|
|
* Http range requests support |
|
73
|
|
|
*/ |
|
74
|
|
|
if (isset($_SERVER['HTTP_RANGE'])) { |
|
75
|
|
|
$server_params['range'] = \OC::$server->getRequest()->getHeader('Range'); |
|
76
|
|
|
} |
|
77
|
|
|
|
|
78
|
|
|
OC_Files::get($dir, $files_list, $server_params); |
|
79
|
|
|
|
nextcloud /
server
