Provide MD5 value of downloads to HTTP client

Content-MD5 is a HTTP header to provide end-to-end integrity checks (see RFC2616, 14.15). This doesn't protect against malicious modifications, but against transmissions errors and storage errors on the server. The change also removes one redirect when downloading files.
2011-07-24 22:12:36 +02:00 · 2011-07-24 22:12:36 +02:00 · 945429abf0
commit 945429abf0
parent a016bcb51b
2 changed files with 12 additions and 3 deletions
--- a/src/IDF/Upload.php
+++ b/src/IDF/Upload.php
@ -150,7 +150,7 @@ class IDF_Upload extends Pluf_Model
        if ($this->id == '') {
            $this->creation_dtime = gmdate('Y-m-d H:i:s');
            $this->modif_dtime = gmdate('Y-m-d H:i:s');
-            $this->md5 = md5_file (Pluf::f('upload_path') . '/' . $this->get_project()->shortname . '/files/' . $this->file);
+            $this->md5 = md5_file ($this->getFullPath());
        }
    }

@ -167,6 +167,11 @@ class IDF_Upload extends Pluf_Model
        return Pluf::f('url_upload').'/'.$project->shortname.'/files/'.$this->file;
    }

+    function getFullPath()
+    {
+        return(Pluf::f('upload_path').'/'.$this->get_project()->shortname.'/files/'.$this->file);
+    }
+
    /**
     * We drop the information from the timeline.
     */
@ -256,4 +261,4 @@ class IDF_Upload extends Pluf_Model
        }
        Pluf_Translation::loadSetLocale($current_locale);
    }
-}
+}
--- a/src/IDF/Views/Download.php
+++ b/src/IDF/Views/Download.php
@ -202,7 +202,11 @@ class IDF_Views_Download
        $prj->inOr404($upload);
        $upload->downloads += 1;
        $upload->update();
-        return new Pluf_HTTP_Response_Redirect($upload->getAbsoluteUrl($prj));
+        $path = $upload->getFullPath();
+        $mime = IDF_FileUtil::getMimeType($path);
+        $render = new Pluf_HTTP_Response_File($path, $mime[0]);
+        $render->headers["Content-MD5"] = $upload->md5;
+        return $render;
    }

    /**