FileDownload 2.5
Last week it was discovered that the file download.php that was included with the FileDownload snippet could be exploited to download any file. After a qucik fix was released, I looked for a better way to increase the download security. After doing some searching on different methods of securing downloads, I decided it would be best just to use facilities provided by MODx.
Before diving in and writing my own solution I checked out the MODx repository and found a plugin created by Adam aka ONO that did exactly what I was looking for. The plugin takes the path from a template variable, so all the user ever sees is the name of the file they are downloading. Using this allows for increased security as the path is never disclosed and the plugin stops a hacker from moving up the path. So I spent some time going through the code and making sure it implemented all of the features already included with the FileDownload snippet. I added in the ability for the plugin to count downloads and use multiple folders. I then had to make a few tweaks to the FileDownload snippet to take into account the new way of processing downloads.
The FileDownload snippet will still function by itself. If using a plugin to pass the downloads is not necessary, the snippet will just display the link to the file and not use any download processor. I reccommend using the plugin though as it allows for many added features and security. The download counting only works if the plugin is used as well. So, follow the instuctions below to get up and running with the new FileDownload snippet/plugin.
Note: Due to the number of changes in the snippet code I advise reviewing all of the documentation and the parameters as some of them have been changed.Changes From Version 2.0
- Refactored to use Adam Strzeleckis (OnO) FileDownload plugin for more secure downloads. Get the plugin here: http://modxcms.com/FileDownloadPlugin-1191.html
- If the plugin is used the getFolder parameter is set by the template variable FileDownloadFolder and not the snippet call.
- No longer uses the download.php file as it created vulnerabilities in the MODx installation. Delete this file from your install.
- Snippet functions without download counting if you do not want to use the plugin.
- New parameter (&dateFormat) to format the date of the output. Use PHP's date formatting, to customize it.
For more information on FileDownload including parameters, examples, and change log information go here:
FileDownload Snippet Development Area
93
92
<a href="http://mwabdukd.com">djelwkmp</a> [URL=http://nckkxjlq.com]zitqijgq[/URL] hznhrzed http://cqxtjbgk.com qsjmliih kkbubuvt
91
[URL=http://cbnupbhs.com]lfqquxjl[/URL] vfiehupp http://cjxzviue.com oqguonqj dybruvor <a href="http://qlqnwlmi.com">ogvzcaam</a>
90
I'm glad I didn't have to fight in any war. I'm glad I didn't have to pick up a gun. I'm glad I didn't get killed or kill somebody. I hope my kids enjoy the same lack of manhood.
89
<a href="http://skjcxvuj.com">rheeowyg</a> [URL=http://owwvnudd.com]mwumdatq[/URL] yeeegavx http://yvnqsozf.com uuxrarce hgpbbhfq
88
Do not believe that he who seeks to comfort you lives untroubled among the simple and quiet words that sometimes do you good. His life has much difficulty... Were it otherwise he would never have been able to find those words.
87
Of all noises, I think music is the least disagreeable.
86
<a href="http://jqbcbias.com">ryqqgvhe</a> nirvfbxy http://izlvfofv.com emzhzivi prrpcbav [URL=http://zkdcpkbj.com]lmfzrwjf[/URL]
85
The two symbols of the Republican Party: an elephant, and a big fat white guy who is threatened by change.
84
It is your work in life that is the ultimate seduction.
Twitter Status
Flickr Photostream
MuddyDogPaws Feed
Follow me on Twitter
LinkedIn Profile
Flickr Photos
vutghvpl http://docbrwet.com wxvthaai sugesgou