Updated download.php, compatibility to gentoo php

2016-11-30 12:25:38 +01:00
parent 0fa9c7f683
commit 456565c89c
2 changed files with 142 additions and 208 deletions
--- a/php/download.php
+++ b/php/download.php
@@ -23,49 +23,52 @@
 */
 class DownloadHandler
 {
-	/**
-	 * Download the given vcf file.
-	 */
-	public static function doDownload()
-	{
-		if (isset($_GET["token"])) {
-			$token = $_GET["token"];
-		} else {
-			return false;
-		}
+    /**
+     * Download the given vcf file.
+     * @return boolean
+     */
+    public static function doDownload()
+    {
+        if (isset($_GET["token"])) {
+            $token = $_GET["token"];
+        } else {
+            return false;
+        }

-		if (isset($_GET["filename"])) {
-			$filename = $_GET["filename"];
-		} else {
-			return false;
-		}
+        if (isset($_GET["filename"])) {
+            $filename = $_GET["filename"];
+        } else {
+            return false;
+        }

-		// validate token
-		if (!ctype_alnum($token)) { // token is a md5 hash
-			return false;
-		}
+        // validate token
+        if (!preg_match('/^[a-zA-Z0-9]+$/', $token)) { // token is a md5 hash
+            return false;
+        }

-		$file = PLUGIN_CONTACTIMPORTER_TMP_UPLOAD . "vcf_" . $token . ".vcf";
+        $file = PLUGIN_CONTACTIMPORTER_TMP_UPLOAD . "vcf_" . $token . ".vcf";

-		if (!file_exists($file)) { // invalid token
-			return false;
-		}
+        if (!file_exists($file)) { // invalid token
+            return false;
+        }

-		// set headers here
-		header('Content-Disposition: attachment; filename="' . $filename . '"');
+        // set headers here
+        header('Content-Disposition: attachment; filename="' . $filename . '"');

-		// no caching
-		header('Expires: 0'); // set expiration time
-		header('Content-Description: File Transfer');
-		header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
-		header('Content-Length: ' . filesize($file));
-		header('Content-Type: application/octet-stream');
-		header('Pragma: public');
-		flush();
+        // no caching
+        header('Expires: 0'); // set expiration time
+        header('Content-Description: File Transfer');
+        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+        header('Content-Length: ' . filesize($file));
+        header('Content-Type: application/octet-stream');
+        header('Pragma: public');
+        flush();

-		// print the downloaded file
-		readfile($file);
-		ignore_user_abort(true);
-		unlink($file);
-	}
+        // print the downloaded file
+        readfile($file);
+        ignore_user_abort(true);
+        unlink($file);
+
+        return true;
+    }
 }