3 * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
5 * This file is part of PhpWiki.
7 * PhpWiki is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * PhpWiki is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 * Standard Alcatel-Lucent disclaimer for contributing to open source
25 * "The Configuration File ("Contribution") has not been tested and/or
26 * validated for release as or in products, combinations with products or
27 * other commercial use. Any use of the Contribution is entirely made at
28 * the user's own responsibility and the user can not rely on any features,
29 * functionalities or performances Alcatel-Lucent has attributed to the
32 * THE CONTRIBUTION BY ALCATEL-LUCENT IS PROVIDED AS IS, WITHOUT WARRANTY
33 * OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
34 * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, COMPLIANCE,
35 * NON-INTERFERENCE AND/OR INTERWORKING WITH THE SOFTWARE TO WHICH THE
36 * CONTRIBUTION HAS BEEN MADE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL
37 * ALCATEL-LUCENT BE LIABLE FOR ANY DAMAGES OR OTHER LIABLITY, WHETHER IN
38 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
39 * CONTRIBUTION OR THE USE OR OTHER DEALINGS IN THE CONTRIBUTION, WHETHER
40 * TOGETHER WITH THE SOFTWARE TO WHICH THE CONTRIBUTION RELATES OR ON A STAND
46 require_once('../../env.inc.php');
47 require_once $gfcommon.'include/pre.php';
49 $sysdebug_enable = false;
51 if (!$group_id || !$project) {
53 } else if (!($project->usesPlugin("wiki"))) {
54 exit_disabled('home');
57 // If project is private, check membership.
58 if (!$project->isPublic()) {
59 session_require_perm('project_read', $project->getID());
62 $arr = explode('/', urldecode(getStringFromServer('REQUEST_URI')));
68 $path = join('/', $arr);
70 $basepath = realpath('/opt/groups/'.$project->getUnixName().'/www/uploads/');
71 $filepath = realpath($basepath.'/'.$path);
72 $filename = basename($filepath);
74 if (strncmp($basepath, $filepath, strlen($basepath)) !== 0) {
75 error_log("DEBUG: basepath=$basepath, filepath=$filepath");
76 exit_error('Invalid path: No access');
79 if ($filepath && is_file($filepath)) {
80 if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
81 # workaround for IE filename bug with multiple periods/ multiple dots in filename
82 # that adds square brackets to filename - eg. setup.abc.exe becomes setup[1].abc.exe
83 $filename = preg_replace('/\./', '%2e', $filename, substr_count($filename, '.') - 1);
85 $filename = str_replace('"', '', $filename);
86 header('Content-disposition: filename="'.$filename.'"');
88 if (function_exists('finfo_open')) {
89 $finfo = finfo_open(FILEINFO_MIME_TYPE);
90 $mimetype = finfo_file($finfo, $filepath);
92 $mimetype = 'application/octet-stream';
94 header("Content-type: $mimetype");
96 $length = filesize($filepath);
97 header("Content-length: $length");
99 readfile_chunked($filepath);
102 header("HTTP/1.0 404 Not Found");
103 require_once $gfwww.'404.php';
108 // c-file-style: "bsd"