File manager - Edit - /home/autoph/public_html/tasks/download.php
Back
<?php if(!isset($_REQUEST['file']) || !isset($_REQUEST['src'])){ exit; } include 'cfg/db.php'; $main_uri = $global_system_settings['url']; if( $global_user_status === 0){ header('Location: '.$main_uri); exit; } $realFileName = $_REQUEST['file']; $realFileName = $db->escape($realFileName); $src = $_REQUEST['src']; if(intval($src) === 1){ $fakeFileName= $db->select("SELECT original_name FROM `ticket_attachments` WHERE 1 AND attachment_name = '$realFileName' LIMIT 1"); $file = dirname(__FILE__)."/dist/attachments/".$realFileName; }else if(intval($src) === 2){ $fakeFileName= $db->select("SELECT original_name FROM `ticket_reply_attachments` WHERE 1 AND attachment_name = '$realFileName' LIMIT 1"); $file = dirname(__FILE__)."/dist/attachments/".$realFileName; }else if(intval($src) === 3){ $fakeFileName= $db->select("SELECT original_name FROM `knowledgebase_attachments` WHERE 1 AND attachment_name = '$realFileName' LIMIT 1"); $file = dirname(__FILE__)."/dist/knowledgebase/".$realFileName; }else if(intval($src) === 4){ $fakeFileName= $db->select("SELECT original_name FROM `video_attachments` WHERE 1 AND attachment_name = '$realFileName' LIMIT 1"); $file = dirname(__FILE__)."/dist/videos/resources/".$realFileName; }else{ exit; } $fp = fopen($file, 'rb'); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=$fakeFileName"); header("Content-Length: " . filesize($file)); fpassthru($fp); ?>
| ver. 1.4 |
.
| PHP 7.3.33 | Generation time: 0 |
proxy
|
phpinfo
|
Settings