hello I found a bug in the download if I copy a download link for a premium account I little run directly from another pc another ip without even his return to me why his page normally it will have refused Download
Download bug
- Thread starter dfdssfsfd3806
- Start date
The file edit is NOT guaranteed to work, however it did stop the immediate downloading of files without a token on my dev site.
Open /includes/class.file.php
Find:
REPLACE WITH:
Open /includes/class.file.php
Find:
Code:
// remove session
if (isset($_SESSION['showDownload']))
{
$clearSession = true;
// fixes android snag which requests files twice
if (deviceIsAndroid())
{
if (!isset($_SESSION['showDownloadFirstRun']))
{
$_SESSION['showDownloadFirstRun'] = true;
$clearSession = false;
}
else
{
$_SESSION['showDownloadFirstRun'] = null;
unset($_SESSION['showDownloadFirstRun']);
}
}
if ($clearSession == true)
{
// reset session variable for next time
$_SESSION['showDownload'] = null;
unset($_SESSION['showDownload']);
session_write_close();
}
}
Code:
// remove session
if (isset($_SESSION['showDownload']))
{
$clearSession = true;
// fixes android snag which requests files twice
if (deviceIsAndroid())
{
if (!isset($_SESSION['showDownloadFirstRun']))
{
$_SESSION['showDownloadFirstRun'] = true;
$clearSession = false;
}
else
{
$_SESSION['showDownloadFirstRun'] = null;
unset($_SESSION['showDownloadFirstRun']);
}
}
if ($clearSession == true)
{
// reset session variable for next time
$_SESSION['showDownload'] = null;
unset($_SESSION['showDownload']);
session_write_close();
}
}
if(!$downloadToken || empty($downloadToken))
{
output404();
}thank you can already corrected but I can copy the link to a page and download the same link type instead of sharing the link to the person see the pub
normally if not the same ip should return to the download page for the free use voi the pub otherwise unprofitable
Morning all,
This has been patched to the latest release code and will be documented for the v4.0 release. To manually patch, open:
includes/class.file.php
Find: (around line 51)
Replace with:
(note the extra equals)
As usual, drop me an email if you need any help
Thanks,
Adam.
This has been patched to the latest release code and will be documented for the v4.0 release. To manually patch, open:
includes/class.file.php
Find: (around line 51)
Code:
if ($downloadToken != null)
Code:
if ($downloadToken !== null)As usual, drop me an email if you need any help
Thanks,
Adam.
ok look i can download
[removed]
Can I download directly to this thread without even going through the pub page on my website
Version 4 will fix this?
when it comes out because I think this major flaw since I found many site providing direct links
[removed]
Can I download directly to this thread without even going through the pub page on my website
Version 4 will fix this?
when it comes out because I think this major flaw since I found many site providing direct links
That's correct. It's a download token which is valid for 24 hours. So you can reuse it. If you search in includes/class.file.php for:
You'll see the commented out line to restrict by IP. Feel free to use. We've had some issues as people often change their IPs while downloading a large file. Your other option it to reduce how long the tokens last.
There's no plans to change this for v4.
Code:
$tokenData =There's no plans to change this for v4.
but the link good and yesterday when I put the post
[removed]
in the database if I click on the link it generates a token in the token download page and download tracker
[removed]
in the database if I click on the link it generates a token in the token download page and download tracker
if I put her
is good but the free user download unlimited speed
if iput her
limit its non-premium members, but it will keep the link active all the time so the problem I
Code:
<?php echo $file->generateDirectDownloadUrlForMedia(); ?>if iput her
Code:
'.$file->getFullShortUrl(true).'?df=1&dt='.$embedToken.'