1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188:
<?php
class GF_Download {
public static function maybe_process() {
if ( isset( $_GET['gf-download'] ) ) {
$file = $_GET['gf-download'];
$form_id = rgget( 'form-id' );
$field_id = rgget( 'field-id' );
if ( empty( $file ) || empty( $form_id ) ) {
return;
}
$hash = rgget( 'hash' );
GFCommon::log_debug( __METHOD__ . "(): Starting file download process. file: {$file}, hash: {$hash}." );
if ( self::validate_download( $form_id, $field_id, $file, $hash ) ) {
GFCommon::log_debug( __METHOD__ . '(): Download validated. Proceeding.' );
self::deliver( $form_id, $file );
} else {
GFCommon::log_debug( __METHOD__ . '(): Download validation failed. Aborting with 401.' );
self::die_401();
}
}
}
private static function validate_download( $form_id, $field_id, $file, $hash ) {
if ( empty( $hash ) ) {
return false;
}
$require_login = apply_filters( 'gform_require_login_pre_download', false, $form_id, $field_id );
if ( $require_login && ! is_user_logged_in() ) {
return false;
}
$hash_check = GFCommon::generate_download_hash( $form_id, $field_id, $file );
$valid = hash_equals( $hash, $hash_check );
return $valid;
}
private static function deliver( $form_id, $file ) {
$path = GFFormsModel::get_upload_path( $form_id );
$file_path = trailingslashit( $path ) . $file;
GFCommon::log_debug( __METHOD__ . "(): Checking if file exists: {$file_path}." );
if ( file_exists( $file_path ) ) {
GFCommon::log_debug( __METHOD__ . '(): File exists. Starting delivery.' );
$content_type = self::get_content_type( $file_path );
$content_disposition = rgget( 'dl' ) ? 'attachment' : 'inline';
nocache_headers();
header( 'X-Robots-Tag: noindex', true );
header( 'Content-Type: ' . $content_type );
header( 'Content-Description: File Transfer' );
header( 'Content-Disposition: ' . $content_disposition . '; filename="' . basename( $file ) . '"' );
header( 'Content-Transfer-Encoding: binary' );
if ( ob_get_contents() ) {
ob_end_clean();
}
self::readfile_chunked( $file_path );
die();
} else {
GFCommon::log_debug( __METHOD__ . '(): File does not exist. Aborting with 404.' );
self::die_404();
}
}
private static function get_content_type( $file_path ) {
$info = wp_check_filetype( $file_path );
$type = rgar( $info, 'type' );
return $type;
}
private static function readfile_chunked( $file, $retbytes = true ) {
$chunksize = 1024 * 1024;
$buffer = '';
$cnt = 0;
$handle = @fopen( $file, 'r' );
if ( $size = @filesize( $file ) ) {
header( 'Content-Length: ' . $size );
}
if ( false === $handle ) {
return false;
}
while ( ! @feof( $handle ) ) {
$buffer = @fread( $handle, $chunksize );
echo $buffer;
if ( $retbytes ) {
$cnt += strlen( $buffer );
}
}
$status = @fclose( $handle );
if ( $retbytes && $status ) {
return $cnt;
}
return $status;
}
private static function die_404() {
global $wp_query;
status_header( 404 );
$wp_query->set_404();
$template_path = get_404_template();
if ( file_exists( $template_path ) ) {
require_once( $template_path );
}
die();
}
private static function die_401() {
status_header( 401 );
die();
}
}