pchamp
Forum Replies Created
-
Hello? Are you still there?
When I use that code, this is what I get:
array(0) { }
Looks like an empty array to me. Which matches the results I’ve been getting all along.
session.use_cookies is set to On. If there are others you think I should check the value of, you’ll have to tell me, because I’m not exactly an expert in this area.
1. According to the phpinfo I just ran, max_input_vars = 1000
2. The .htaccess file has no reference to max_input_vars. It had a couple of other things in it that looked questionable, so I removed them, but the download behavior didn’t change.
3. I put die($_REQUEST); right before the lines where the file name and file URL are set and when I tried to download, I got “Array” on the page. This should be the whole download URL, shouldn’t it?
There is no caching plugin installed on this site.
However, if you take that download URL, which does appear to be formed properly, and put it into your browser, you’ll see the that diagnostic ‘die’ you had me add comes back with no file name and no file URL. ???
Added that line and got:
fileurl= filename=
In other words, those variables don’t seem to be defined.
Here’s what the entire file looks like for me now:
<?php
/**
* Download file.
*/if (!session_id())
session_start();/* Check if there is the cookie that allow the download */
/*!isset($_COOKIE[“mapdownload”]) || $_COOKIE[“mapdownload”] !== “true” || */
/*if(!isset($_SESSION[‘maphost’]) || $_SESSION[‘maphost’] != $_SERVER[‘HTTP_HOST’])
die (‘<b>Something goes wrong, you don\’t have permission to use this page, sorry.</b>’) ;*//*session_unset($_SESSION[‘host’]);
session_write_close();*/unset($_COOKIE[‘mapdownload’]);
setcookie(‘mapdownload’, ‘false’, time() – 3600, ‘/’);$file_name = $_GET[“filename”];
$file_url = $_GET[“fileurl”];
$file_url = str_replace(” “, “%20”, $file_url);die(“fileurl= ” . $file_url . “filename= ” . $file_name);
$web_root = $_SERVER[“DOCUMENT_ROOT”];
$web_address = $_SERVER[‘HTTP_HOST’];$pos = strrpos($file_url, $web_address);
/* if($pos){
if (isset($_SERVER[‘HTTPS’]) &&
($_SERVER[‘HTTPS’] == ‘on’ || $_SERVER[‘HTTPS’] == 1) ||
isset($_SERVER[‘HTTP_X_FORWARDED_PROTO’]) &&
$_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’) {
$protocol = ‘https://’;
}
else {
$protocol = ‘http://’;
}$file_url = str_replace ($protocol. $web_address .’/’, ”, $file_url);
$file_url = $web_root .”/”. $file_url;
$file_url = str_replace(‘//’, ‘/’, $file_url);}*/
$filename = basename ($file_url) ;
$file_extension = strtolower(substr (strrchr ($filename, ‘.’), 1));function getFileSize($url) {
if (substr($url,0,4)==’http’) {
$x = array_change_key_case(get_headers($url, 1),CASE_LOWER);
if ( strcasecmp($x[0], ‘HTTP/1.1 200 OK’) != 0 ) { $x = $x[‘content-length’][1]; }
else { $x = $x[‘content-length’]; }
}
else { $x = @filesize($url); }
return $x;
}$fileSize = getFileSize($file_url);
function fileExists($path){
return (@fopen($path,”r”)==true);
}if(!fileExists($file_url))
die(“<br> The file <b>” .$file_url. “</b> doesn’t exist; check the URL”);//This will set the Content-Type to the appropriate setting for the file
switch ($file_extension)
{case ‘mp3’:
$content_type = ‘audio/mpeg’ ;
break ;
case ‘mp4a’:
$content_type = ‘audio/mp4’ ;
break ;
case ‘wav’:
$content_type = ‘audio/x-wav’ ;
break ;
case ‘ogg’:
$content_type = ‘audio/ogg’ ;
break ;
default:
die (‘<b>You can\’t access ‘. $file_extension .’ files!</b>’) ;
}header (‘Pragma: public’) ;
header (‘Expires: 0’) ;
header (‘Cache-Control: must-revalidate, post-check=0, pre-check=0’) ;
header (‘Cache-Control: private’) ;
header (‘Content-Type: ‘ . $content_type);
header(“Content-Description: File Transfer”);
header(“Content-Transfer-Encoding: Binary”);
header(“Content-disposition: attachment; filename=\””.$filename.”\””);
header(‘Content-Length: ‘.$fileSize);
header(‘Connection: close’);if($fp=@fopen($file_url,’rb’)){
sleep(1);
ignore_user_abort();
set_time_limit(0);
while(!feof($fp))
{
echo (@fread($fp, 1024*8));
ob_flush();
flush();
}
fclose ($fp);}else if(function_exists(‘curl_version’)){
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $file_url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$contents = curl_exec($ch);
// display file
echo $contents;
curl_close($ch);}else{
// ob_end_flush();
ob_clean();
flush();
@readfile ($file_url) ;
}clearstatcache();
exit;
I don’t understand why this isn’t working for me when it does for others. The file clearly exists and the code to play the file works fine. The file URL in the download URL is correct, as you say. So…? Help!
And yes, just like bcripps, I’ve been successfully using this plugin for years. Unlike him/her, commenting out those couple of lines hasn’t resolved the problem, vulnerability or not.
Peggy
I’ve been trying this in my Chrome browser. Just to make sure it’s not some strange browser issue, I also tried it in Firefox and got the same exact results.
Do you have anything else I can try, or should I just give up on this plugin?
Peggy
Matteo,
I think my CuteFTP editor is numbering the lines differently than whatever editor you’re using. For instance, in my editor, the if($pos){ code is on line 29. No worries. I can adjust.So, I commented out the SESSION/maphost test as well as the additional lines you suggest and I still get the same result: “The file doesn’t exist; check the URL”.
I don’t think it’s the full path name or where it’s trying to download from that’s the problem. I think it’s the $file_url variable. It should be putting that value in the error message I’m getting and it’s not. So it would also have a hard time downloading the file if it doesn’t have the name right, correct?
Peggy
As I said, I already tried commenting out those lines. That’s when I got “The file doesn’t exist; check the URL”. Notice that the file URL that’s supposed to be in that error message is empty.
As I said, I don’t think the file URL is being set properly in this code.
I’d really rather not have to swap out to use a different audio plugin across the dozens of pages where I’m using yours, but I need this functionality to work. Suggestions?
Peggy
Oh, and here’s a page where you can try it yourself:
Dan,
It works great now! Thanks a lot.Now I just have a whole bunch of site images to capture. Oh, well. I still think it’s easier than dealing with STW.
Peggy
Dan,
The screenshots I posted are using Chrome. Would any self-respecting web designer be using IE – except to check that client sites work properly? 🙂I’ve submitted a contact form at your site with login info for my site.
Thanks,
PeggyDan,
Thanks for your reply, but I really don’t see this button. Here are some screenshots to show you what I see. If you see the button you’re referring to, please tell me!http://www.successwithease.com/images/2012-01-06_Add-Site.png
http://www.successwithease.com/images/2012-01-06_Modify-Site.png
http://www.successwithease.com/images/2012-01-06_Summary-of-Sites.png
http://www.successwithease.com/images/2012-01-06_Portfolio-Settings-Part1.png
http://www.successwithease.com/images/2012-01-06_Portfolio-Settings-Part2.png
http://www.successwithease.com/images/2012-01-06_Installed-Plugin.png
http://www.successwithease.com/images/2012-01-06_Dashboard.pngPeggy
