From 945429abf0fea2f7bb0ab0171389fb7aa593cd87 Mon Sep 17 00:00:00 2001
From: Patrick Georgi <patrick@georgi-clan.de>
Date: Sun, 24 Jul 2011 22:12:36 +0200
Subject: [PATCH] Provide MD5 value of downloads to HTTP client

Content-MD5 is a HTTP header to provide end-to-end integrity checks
(see RFC2616, 14.15). This doesn't protect against malicious
modifications, but against transmissions errors and storage errors
on the server.

The change also removes one redirect when downloading files.
---
 src/IDF/Upload.php         | 9 +++++++--
 src/IDF/Views/Download.php | 6 +++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/IDF/Upload.php b/src/IDF/Upload.php
index b4105a2..2a78785 100644
--- a/src/IDF/Upload.php
+++ b/src/IDF/Upload.php
@@ -150,7 +150,7 @@ class IDF_Upload extends Pluf_Model
         if ($this->id == '') {
             $this->creation_dtime = gmdate('Y-m-d H:i:s');
             $this->modif_dtime = gmdate('Y-m-d H:i:s');
-            $this->md5 = md5_file (Pluf::f('upload_path') . '/' . $this->get_project()->shortname . '/files/' . $this->file);
+            $this->md5 = md5_file ($this->getFullPath());
         }
     }
 
@@ -167,6 +167,11 @@ class IDF_Upload extends Pluf_Model
         return Pluf::f('url_upload').'/'.$project->shortname.'/files/'.$this->file;
     }
 
+    function getFullPath()
+    {
+        return(Pluf::f('upload_path').'/'.$this->get_project()->shortname.'/files/'.$this->file);
+    }
+
     /**
      * We drop the information from the timeline.
      */
@@ -256,4 +261,4 @@ class IDF_Upload extends Pluf_Model
         }
         Pluf_Translation::loadSetLocale($current_locale);
     }
-}
\ No newline at end of file
+}
diff --git a/src/IDF/Views/Download.php b/src/IDF/Views/Download.php
index 87c9bf5..97e0ad4 100644
--- a/src/IDF/Views/Download.php
+++ b/src/IDF/Views/Download.php
@@ -202,7 +202,11 @@ class IDF_Views_Download
         $prj->inOr404($upload);
         $upload->downloads += 1;
         $upload->update();
-        return new Pluf_HTTP_Response_Redirect($upload->getAbsoluteUrl($prj));
+        $path = $upload->getFullPath();
+        $mime = IDF_FileUtil::getMimeType($path);
+        $render = new Pluf_HTTP_Response_File($path, $mime[0]);
+        $render->headers["Content-MD5"] = $upload->md5;
+        return $render;
     }
 
     /**