<?
/*
PTK - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("check_session_image.php");
include("lib_commands.php");
include("../config/conf.php");
include("lib_std.php");

$offset = sanitize($_GET['arg1'],INT);
$inode = sanitize($_GET['arg2'],PARANOID);
$name = $_GET['arg3'];
$name = charset_decode_utf_8($name);
$name = ereg_replace("\.[\.]+", "", $name);
$name = ereg_replace("^[\/]+", "", $name);

if(preg_match("/\*\*\*/", $name)){
       	$arr = explode("***", $name);
        $name = $arr[0];
}

if(isset($_GET['arg4'])){
	$path = get_image_path_from_partition(sanitize($_GET['arg4'],INT));
	$test = user_can_load_this_partition(sanitize($_GET['arg4'],INT));
}else{
     	$path = sanitize($_SESSION['image_path'],PARANOID);
	$test = user_can_load_this_image(sanitize($_SESSION['image_id'],INT));
}

if (test == true){
	$name = sanitize(basename($name),PARANOID);
	$name = utf8_decode($name);
	export_file($path, $offset, $inode, $name);

	header('Content-Type: application/octet-stream');
	header("Content-Description: PTK file export");
	header('Content-Length: ' . filesize("$INSTALLDIR/temp/$name"));
	header('Content-Disposition: attachment; filename="' . $name.'"');
	readfile("$INSTALLDIR/temp/$name");
	
	unlink("$INSTALLDIR/temp/$name");
}else{
	new AuditLog('Unauthorized access to export_file '.sanitize(RemoveXSS($_GET['name']),PARANOID).' '.sanitize(RemoveXSS($path),PARANOID));
        header("location: goto_home.php");
}?>