Brian J. Miller wrote:
Additionally you can use an actionmap combined with the [deliver] tag to
provide any file accessible on the local filesystem with whatever
privilege system you would like.
The [deliver] tag provides base functionality for sending the proper
Content-Type header and the raw file as is.
Example
In page:
[page area="download/myfile.zip"]My file (zipped)</a>
In catalog.cfg:
ActionMap download <<EOR
sub {
my @path = grep /\S/, split m:/+:, $_[0];
my $spec = join('/', 'pages', @path[1..$#path]);
Log("Calling 'deliver' with $spec");
my $result = $Tag->deliver({ file => $spec });
Log(sprintf('Returned %s', defined($result) ? $result : '(undef)'));
return 1;
}
EOR
Then within the 'download' actionmap you can add any privilege checking
you wish before providing the file itself. We use this method on at
least one client site for handling soft goods.
HTH,
Brian J. Miller
End Point Corp.
Would the actionmap above allow directory traversal -- i.e. should it perhaps include something like s/\.\.//g? -John Young _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.