Differential D15654 Diff 37726 src/applications/files/controller/PhabricatorFileDataController.php

Changeset View

Standalone View

src/applications/files/controller/PhabricatorFileDataController.php

Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines	if ($range) {
$response->setHTTPResponseCode(206);		$response->setHTTPResponseCode(206);
$response->setRange($begin, ($end - 1));		$response->setRange($begin, ($end - 1));
}		}
}		}

$is_viewable = $file->isViewableInBrowser();		$is_viewable = $file->isViewableInBrowser();
$force_download = $request->getExists('download');		$force_download = $request->getExists('download');

		$request_type = $request->getHTTPHeader('X-Phabricator-Request-Type');
		$is_lfs = ($request_type == 'git-lfs');

if ($is_viewable && !$force_download) {		if ($is_viewable && !$force_download) {
$response->setMimeType($file->getViewableMimeType());		$response->setMimeType($file->getViewableMimeType());
} else {		} else {
if (!$request->isHTTPPost() && !$is_alternate_domain) {		if (!$request->isHTTPPost() && !$is_alternate_domain && !$is_lfs) {
// NOTE: Require POST to download files from the primary domain. We'd		// NOTE: Require POST to download files from the primary domain. We'd
// rather go full-bore and do a real CSRF check, but can't currently		// rather go full-bore and do a real CSRF check, but can't currently
// authenticate users on the file domain. This should blunt any		// authenticate users on the file domain. This should blunt any
// attacks based on iframes, script tags, applet tags, etc., at least.		// attacks based on iframes, script tags, applet tags, etc., at least.
// Send the user to the "info" page if they're using some other method.		// Send the user to the "info" page if they're using some other method.

// This is marked as "external" because it is fully qualified.		// This is marked as "external" because it is fully qualified.
return id(new AphrontRedirectResponse())		return id(new AphrontRedirectResponse())
▲ Show 20 Lines • Show All 80 Lines • Show Last 20 Lines