Файл: users/diary/inc/download.php
Строк: 46
<?
$gfile=esc(stripcslashes(htmlspecialchars($_GET['name'])));
$gfile=ereg_replace('(#|?)', NULL, $gfile);
$ras=eregi_replace('^.*.', NULL, $gfile);
$name=eregi_replace('.[^.]*$', NULL, $gfile); // имя файла без расширения
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `diary_files` WHERE `id` = '".intval($_GET['file'])."' AND ".($ras=='jad'?'(':null)."`ras` = '$ras'".($ras=='jad'?" OR `ras` = 'jar')":null)." AND `name` = '$name'"),0)==0){echo "Файл не найден";exit;}
$file_id=mysql_fetch_array(mysql_query("SELECT * FROM `diary_files` WHERE `id` = '".intval($_GET['file'])."'"));
$ras=strtolower($file_id['ras']);
$file=H."users/diary/files/$file_id[id].dat";
$size=filesize(H."users/diary/files/$file_id[id].dat");
if ($ras=='jar' && strtolower(preg_replace('#^.*.#', NULL, $gfile))=='jad')
{
require_once ("../../core/cuctema/zip.php");
$zip=new PclZip(H.'users/diary/files/'.$file_id['id'].'.dat');
$content = $zip->extract(PCLZIP_OPT_BY_NAME, "META-INF/MANIFEST.MF" ,PCLZIP_OPT_EXTRACT_AS_STRING);
if(@$content[0]['content']==NULL)$content = $zip->extract(PCLZIP_OPT_BY_NAME, "META-INF/manifest.mf" ,PCLZIP_OPT_EXTRACT_AS_STRING);
$jad=preg_replace("#(MIDlet-Jar-URL:( )*[^(n|r)]*)#i", NULL, $content[0]['content']);
$jad=preg_replace("#(MIDlet-Jar-Size:( )*[^(n|r)]*)(n|r)#i", NULL, $jad);
$jad=trim($jad);
$jad.="rnMIDlet-Jar-Size: ".filesize(H.'users/diary/files/'.$file_id['id'].'.dat')."";
$jad.="rnMIDlet-Jar-URL: /users/diary/download/$file_id[id]/$file_id[name].$file_id[ras]";
$jad=br($jad,"rn");
header('Content-Type: text/vnd.sun.j2me.app-descriptor');
header('Content-Disposition: attachment; filename="'.$file_id['name'].'.jad";');
echo $jad;
exit;
}
//@mysql_query("UPDATE `diary_files` SET `k_loads` = '".($file_id['k_loads']+1)."' WHERE `id` = '$file_id[id]' LIMIT 1");
require_once ("../../core/cuctema/downloadfile.php");
DownloadFile(H.'users/diary/files/'.$file_id['id'].'.dat', $name.'.'.$file['ras'], ras_to_mime($ras));
exit;
?>