file browser

joomla/com_fileprotect/site/fileprotect.php

<?php
/** 
* @package     Joomla.Administrator 
* @subpackage  com_wk1 
* 
* @copyright 
*/
    // No direct access to this file
defined('_JEXEC') or die('Restricted access'); 

$f1 = trim(JFactory::getApplication()->input->get('getFile', null, 'STRING'));
$p1 = trim(JFactory::getApplication()->getMenu()->getActive()->getParams()->get('pathPrefix'));
$pr = JPATH_SITE . DIRECTORY_SEPARATOR . $p1;
$f2 = $pr . DIRECTORY_SEPARATOR . $f1;
$fi = realpath($f2);
/*
wkTrace(__FILE__, array(    'fi' => $fi
                        ,    'f1' => $f1
                        ,    'pre' => $pr
                        ,     'p1' => $p1
                        ,    'JPATH_SITE' => JPATH_SITE
                        , 'uri getPath' => JURI::getInstance()->getVar('pathPrefix')
                        , 'menu->params' => JFactory::getApplication()->getMenu()->getActive()->getParams()
                        //  , 'menu->query[pathPrefix]' => JFactory::getApplication()->getMenu()->getActive()->query['pathPrefix']
                        , 'menu->query' => JFactory::getApplication()->getMenu()->getActive()->query
                        , 'menu' => JFactory::getApplication()->getMenu()->getActive())
                        );
*/
if ( empty($f1) ) {
        echo "<h1>no file specified in uri " . JURI::getInstance() . "</h1>";
} elseif ( empty($p1) ) {
        echo "<h1>no pathPrefix specified in menuItem id " . JFactory::getApplication()->getMenu()->getActive()->id . "</h1>";
} elseif ( empty($fi) ) {
        echo "<h1>file $f2 does not exist or illegal</h1>";
} elseif ( strlen($pr) >= strlen($fi) or $pr !== substr($fi, 0, strlen($pr)) ) {
        echo "<h1>not allowed file $fi</h1>is not in pathPrefix $pr, is realpath($f2)";
} elseif ( ! is_readable($fi) ) {
        echo "<h1>is not readable: $fi</h1>";
} elseif ( ! is_file($fi) ) {
        echo "<h1>is not a regular file: $fi</h1>";
} elseif ( empty($ty = mimeType($fi)) ) {
        echo "<h1> no mime-content-type found for $fi</h1>";
} else {
        header('Content-Type: ' . $ty);
        readFile($fi);
        jExit();
}

function mimeType($ff) {
    if (false) {
            //  echo '<h1> mime-content-type ' . mime_content_type($ff) . " for $ff</h1>";
            // jExit(); 
            return mime_content_type($ff);  // does not work for abc/my.xls !
    } else {
        static $mimeTypes = array(
            'pdf' => 'application/pdf',
            'txt' => 'text/plain',
            'html' => 'text/html',
            'exe' => 'application/octet-stream',
            'zip' => 'application/zip',
            'doc' => 'application/msword',
            'xls' => 'application/vnd.ms-excel',
            'ppt' => 'application/vnd.ms-powerpoint',
            'gif' => 'image/gif',
            'png' => 'image/png',
            'jpeg' => 'image/jpg',
            'jpg' => 'image/jpg',
            'php' => 'text/plain'
            );
        return isset($mimeTypes[$ty = strtolower(pathinfo($ff, PATHINFO_EXTENSION))]) ? $mimeTypes[$ty] : null;
    }
}
?>