diff --git a/app/recordings/recordings.php b/app/recordings/recordings.php index 7e22dd3a4e..ea317ebab5 100644 --- a/app/recordings/recordings.php +++ b/app/recordings/recordings.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2016 + Portions created by the Initial Developer are Copyright (C) 2008-2019 the Initial Developer. All Rights Reserved. Contributor(s): @@ -146,8 +146,8 @@ message::add($text['message-uploaded'].": ".htmlentities($recording_filename)); //set the file name to be inserted as the recording description - $recording_description = base64_encode($_FILES['ulfile']['name']); - header("Location: recordings.php?rd=".$recording_description); + $recording_description = $_FILES['ulfile']['name']; + header("Location: recordings.php?rd=".urlencode($recording_description)); exit; } @@ -207,7 +207,7 @@ //file not found in db, add it $recording_uuid = uuid(); $recording_name = ucwords(str_replace('_', ' ', pathinfo($recording_filename, PATHINFO_FILENAME))); - $recording_description = base64_decode($_GET['rd']); + $recording_description = $_GET['rd']; //build array $array['recordings'][0]['domain_uuid'] = $domain_uuid; $array['recordings'][0]['recording_uuid'] = $recording_uuid; @@ -278,7 +278,7 @@ //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; - $param = "&order_by=".$order_by."&order=".$order; + $param = "&order_by=".urlencode($order_by)."&order=".urlencode($order); $page = $_GET['page']; if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; } list($paging_controls, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page); @@ -363,11 +363,11 @@ case "mp3" : $recording_type = "audio/mpeg"; break; case "ogg" : $recording_type = "audio/ogg"; break; } - echo ""; + echo ""; echo "".$v_link_label_play.""; } if (permission_exists('recording_download')) { - echo "".$v_link_label_download.""; + echo "".$v_link_label_download.""; } echo " \n"; } @@ -410,97 +410,95 @@ //include the footer require_once "resources/footer.php"; +//define the download function + function range_download($file) { + $fp = @fopen($file, 'rb'); -function range_download($file) { - $fp = @fopen($file, 'rb'); - - $size = filesize($file); // File size - $length = $size; // Content length - $start = 0; // Start byte - $end = $size - 1; // End byte - // Now that we've gotten so far without errors we send the accept range header - /* At the moment we only support single ranges. - * Multiple ranges requires some more work to ensure it works correctly - * and comply with the spesifications: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2 - * - * Multirange support annouces itself with: - * header('Accept-Ranges: bytes'); - * - * Multirange content must be sent with multipart/byteranges mediatype, - * (mediatype = mimetype) - * as well as a boundry header to indicate the various chunks of data. - */ - header("Accept-Ranges: 0-$length"); - // header('Accept-Ranges: bytes'); - // multipart/byteranges - // http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2 - if (isset($_SERVER['HTTP_RANGE'])) { - - $c_start = $start; - $c_end = $end; - // Extract the range string - list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2); - // Make sure the client hasn't sent us a multibyte range - if (strpos($range, ',') !== false) { - // (?) Shoud this be issued here, or should the first - // range be used? Or should the header be ignored and - // we output the whole content? - header('HTTP/1.1 416 Requested Range Not Satisfiable'); - header("Content-Range: bytes $start-$end/$size"); - // (?) Echo some info to the client? - exit; - } - // If the range starts with an '-' we start from the beginning - // If not, we forward the file pointer - // And make sure to get the end byte if spesified - if ($range0 == '-') { - // The n-number of the last bytes is requested - $c_start = $size - substr($range, 1); - } - else { - $range = explode('-', $range); - $c_start = $range[0]; - $c_end = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size; - } - /* Check the range and make sure it's treated according to the specs. - * http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html + $size = filesize($file); // File size + $length = $size; // Content length + $start = 0; // Start byte + $end = $size - 1; // End byte + // Now that we've gotten so far without errors we send the accept range header + /* At the moment we only support single ranges. + * Multiple ranges requires some more work to ensure it works correctly + * and comply with the spesifications: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2 + * + * Multirange support annouces itself with: + * header('Accept-Ranges: bytes'); + * + * Multirange content must be sent with multipart/byteranges mediatype, + * (mediatype = mimetype) + * as well as a boundry header to indicate the various chunks of data. */ - // End bytes can not be larger than $end. - $c_end = ($c_end > $end) ? $end : $c_end; - // Validate the requested range and return an error if it's not correct. - if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size) { + header("Accept-Ranges: 0-$length"); + // header('Accept-Ranges: bytes'); + // multipart/byteranges + // http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2 + if (isset($_SERVER['HTTP_RANGE'])) { - header('HTTP/1.1 416 Requested Range Not Satisfiable'); - header("Content-Range: bytes $start-$end/$size"); - // (?) Echo some info to the client? - exit; + $c_start = $start; + $c_end = $end; + // Extract the range string + list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2); + // Make sure the client hasn't sent us a multibyte range + if (strpos($range, ',') !== false) { + // (?) Shoud this be issued here, or should the first + // range be used? Or should the header be ignored and + // we output the whole content? + header('HTTP/1.1 416 Requested Range Not Satisfiable'); + header("Content-Range: bytes $start-$end/$size"); + // (?) Echo some info to the client? + exit; + } + // If the range starts with an '-' we start from the beginning + // If not, we forward the file pointer + // And make sure to get the end byte if spesified + if ($range0 == '-') { + // The n-number of the last bytes is requested + $c_start = $size - substr($range, 1); + } + else { + $range = explode('-', $range); + $c_start = $range[0]; + $c_end = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size; + } + /* Check the range and make sure it's treated according to the specs. + * http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html + */ + // End bytes can not be larger than $end. + $c_end = ($c_end > $end) ? $end : $c_end; + // Validate the requested range and return an error if it's not correct. + if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size) { + + header('HTTP/1.1 416 Requested Range Not Satisfiable'); + header("Content-Range: bytes $start-$end/$size"); + // (?) Echo some info to the client? + exit; + } + $start = $c_start; + $end = $c_end; + $length = $end - $start + 1; // Calculate new content length + fseek($fp, $start); + header('HTTP/1.1 206 Partial Content'); } - $start = $c_start; - $end = $c_end; - $length = $end - $start + 1; // Calculate new content length - fseek($fp, $start); - header('HTTP/1.1 206 Partial Content'); - } - // Notify the client the byte range we'll be outputting - header("Content-Range: bytes $start-$end/$size"); - header("Content-Length: $length"); + // Notify the client the byte range we'll be outputting + header("Content-Range: bytes $start-$end/$size"); + header("Content-Length: $length"); - // Start buffered download - $buffer = 1024 * 8; - while(!feof($fp) && ($p = ftell($fp)) <= $end) { - - if ($p + $buffer > $end) { - - // In case we're only outputtin a chunk, make sure we don't - // read past the length - $buffer = $end - $p + 1; + // Start buffered download + $buffer = 1024 * 8; + while(!feof($fp) && ($p = ftell($fp)) <= $end) { + if ($p + $buffer > $end) { + // In case we're only outputtin a chunk, make sure we don't + // read past the length + $buffer = $end - $p + 1; + } + set_time_limit(0); // Reset time limit for big files + echo fread($fp, $buffer); + flush(); // Free up memory. Otherwise large files will trigger PHP's memory limit. } - set_time_limit(0); // Reset time limit for big files - echo fread($fp, $buffer); - flush(); // Free up memory. Otherwise large files will trigger PHP's memory limit. + + fclose($fp); } - fclose($fp); -} - -?> \ No newline at end of file +?>