blob: fc434f79e2c2c8d73d6cd382ae55e92300d75d72 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
<?php
/**
* SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
// Check if we are a user
OC_Util::checkLoggedIn();
\OC::$server->getSession()->close();
$files = isset($_GET['files']) ? (string)$_GET['files'] : '';
$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
$files_list = json_decode($files);
// in case we get only a single file
if (!is_array($files_list)) {
$files_list = [$files];
}
/**
* @psalm-taint-escape cookie
*/
function cleanCookieInput(string $value): string {
if (strlen($value) > 32) {
return '';
}
if (preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) !== 1) {
return '';
}
return $value;
}
/**
* this sets a cookie to be able to recognize the start of the download
* the content must not be longer than 32 characters and must only contain
* alphanumeric characters
*/
if (isset($_GET['downloadStartSecret'])) {
$value = cleanCookieInput($_GET['downloadStartSecret']);
if ($value !== '') {
setcookie('ocDownloadStarted', $value, time() + 20, '/');
}
}
$server_params = [ 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' ];
/**
* Http range requests support
*/
if (isset($_SERVER['HTTP_RANGE'])) {
$server_params['range'] = \OC::$server->getRequest()->getHeader('Range');
}
OC_Files::get($dir, $files_list, $server_params);
|
