Make download script work with new configuration.

Fix stats for files.
supertuxkart · Dec 18, 2014 · c478f64 · c478f64
1 parent 659f764
commit c478f64
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 39 deletions.
diff --git a/download.php b/download.php
@@ -19,34 +19,11 @@
  */
 require_once(__DIR__ . DIRECTORY_SEPARATOR . "config.php");
 
-$dir = isset($_GET['type']) ? $_GET['type'] : null;
 $file = isset($_GET['file']) ? $_GET['file'] : null;
 
-// Make sure directory is not unsafe
-if (!preg_match('/^[a-z]+$/i', $dir))
-{
-    // Directory is unsafe - throw a 404 error
-    header("HTTP/1.0 404 Not Found");
-    exit;
-}
-
-// Make sure file name is not unsafe
-if (!preg_match('/^[\w\-\ ]+\.[a-z0-9]+$/i', $file))
-{
-    // File is unsafe - throw a 404 error
-    header("HTTP/1.0 404 Not Found");
-    exit;
-}
-
-if ($dir !== 'assets')
-{
-    $assets_path = $dir . '/' . $file;
-}
-else
-{
-    $assets_path = $file;
-}
+$assets_path = filter_var($file, FILTER_SANITIZE_URL);
 
+// TODO probably the best solutions is not to redirect to the file, but instead output the file from here
 // Don't bother checking if the file exists - if it doesn't exist, you'll get
 // a 404 error anyways after redirecting. Yes, this may make the stats below
 // inaccurate, but the actual 404's that used to be thrown here were relatively
@@ -70,7 +47,7 @@
     }
     catch(DBException $e)
     {
-        header("HTTP/1.0 404 Not Found");
+        http_response_code(404);
         exit;
     }
 
@@ -90,7 +67,7 @@
     }
     catch(DBException $e)
     {
-        header("HTTP/1.0 404 Not Found");
+        http_response_code(404);
         exit('Failed to update statistics');
     }
 }
@@ -106,17 +83,10 @@
 }
 catch(DBException $e)
 {
-    header("HTTP/1.0 404 Not Found");
+    http_response_code(404);
     exit;
 }
 
-// Redirect to actual resource, FIXME
-//if ($dir === 'xml')
-//{
-//    header('Location: http://stkaddons.net/xml/' . $file);
-//}
-//else
-//{
-//    header('Location: http://downloads.tuxfamily.org/stkaddons/assets/' . $assetpath);
-//}
+// Redirect to actual resource,
+header('Location: ' . ROOT_LOCATION . 'downloads/' . $assets_path);
 exit;
diff --git a/downloads b/downloads
@@ -0,0 +1 @@
+dl/
diff --git a/install/htaccess.example b/install/htaccess.example
@@ -31,8 +31,7 @@ RewriteCond %{QUERY_STRING} ^type=(karts|tracks|arenas)&name=([a-z0-9\-_]+)$
 RewriteRule addons.php %1/%2? [L,NC,R=301]
 
 # Pass download links to the download script
-RewriteRule ^dl/([^/]+)/([^/]+) /download.php?type=$1&file=$2 [NC,L]
-RewriteRule ^dl/([^/]+) /download.php?type=assets&file=$1 [NC,L]
+RewriteRule ^dl/(.+) /download.php?file=$1 [NC,L]
 
 # cache images docs for 14 days
 <IfModule mod_headers.c>