WebFile/FileViewer.ashx.cs at master · adrievx/WebFile · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
using HeyRed.Mime;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Web;

namespace WebFile {
    /// <summary>
    /// Summary description for FileViewer
    /// </summary>
    public class FileViewer : IHttpHandler {
        public void ProcessRequest(HttpContext context) {
            string root = ConfigSystem.DirectoryRoot;

            string relPath = HttpUtility.UrlDecode(context.Request.QueryString["path"]);

            if (string.IsNullOrEmpty(relPath)) {
                context.Response.Redirect("/");
                return;
            }

            string realPath = Path.Combine(root, relPath.TrimStart('/').Replace('/', '\\'));

            // prevent directory traversal attacks
            if (!realPath.StartsWith(root, StringComparison.OrdinalIgnoreCase) || !File.Exists(realPath)) {
                context.Response.Redirect("/");
                return;
            }

            string fileName = Path.GetFileName(relPath);
            string encodedFileName = Uri.EscapeDataString(fileName);
            string contentType = MimeTypesMap.GetMimeType(realPath);

            context.Response.ContentType = contentType;
            context.Response.AddHeader("Content-Disposition", $"attachment; filename=\"{fileName}\"; filename*=UTF-8''{encodedFileName}");

            context.Response.TransmitFile(realPath);
        }

        public bool IsReusable {
            get {
                return false;
            }
        }
    }
}