uap35-r/Projet
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Projet/Mission4/roles/glpi/files/fusioninventory/front/send.php
lucas.dubief 9ddd78ea91 mise à jour ansible glpi
2022-02-11 15:48:06 +01:00

96 lines
3.0 KiB
PHP
Raw Blame History

<?php
/**
* FusionInventory
*
* Copyright (C) 2010-2016 by the FusionInventory Development Team.
*
* http://www.fusioninventory.org/
* https://github.com/fusioninventory/fusioninventory-for-glpi
* http://forge.fusioninventory.org/
*
* ------------------------------------------------------------------------
*
* LICENSE
*
* This file is part of FusionInventory project.
*
* FusionInventory is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* FusionInventory is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with FusionInventory. If not, see <http://www.gnu.org/licenses/>.
*
* ------------------------------------------------------------------------
*
* This file is used to securitely send files to user browser.
*
* ------------------------------------------------------------------------
*
* @package FusionInventory
* @author Vincent Mazzoni
* @author David Durieux
* @copyright Copyright (c) 2010-2016 FusionInventory team
* @license AGPL License 3.0 or (at your option) any later version
* http://www.gnu.org/licenses/agpl-3.0-standalone.html
* @link http://www.fusioninventory.org/
* @link https://github.com/fusioninventory/fusioninventory-for-glpi
*
*/
if (!defined('GLPI_ROOT')) {
define('GLPI_ROOT', realpath('../../..'));
}
if (!defined("GLPI_PLUGIN_DOC_DIR")) {
define("GLPI_PLUGIN_DOC_DIR", GLPI_ROOT . "/files/_plugins");
}
Session::checkLoginUser();
$docDir = GLPI_PLUGIN_DOC_DIR.'/fusioninventory';
if (isset($_GET['file'])) {
$filename = $_GET['file'];
// Security test : document in $docDir
if (strstr($filename, "../") || strstr($filename, "..\\")) {
echo "Security attack !!!";
Event::log($filename, "sendFile", 1, "security",
$_SESSION["glpiname"]." tries to get a non standard file.");
return;
}
$file = $docDir.'/'.$filename;
if (!file_exists($file)) {
echo "Error file $filename does not exist";
return;
} else {
// Now send the file with header() magic
header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
header('Pragma: private'); /// IE BUG + SSL
//header('Pragma: no-cache');
header('Cache-control: private, must-revalidate'); /// IE BUG + SSL
header("Content-disposition: filename=\"$filename\"");
// header("Content-type: ".$mime);
$f=fopen($file, "r");
if (!$f) {
echo "Error opening file $filename";
} else {
// Pour que les \x00 ne devienne pas \0
$fsize=filesize($file);
if ($fsize) {
echo fread($f, filesize($file));
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink