Index: includes/file.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/file.inc,v retrieving revision 1.79 diff -u -F^f -r1.79 file.inc --- includes/file.inc 5 Jul 2006 11:45:51 -0000 1.79 +++ includes/file.inc 19 Jul 2006 16:01:16 -0000 @@ -14,6 +14,7 @@ define('FILE_DOWNLOADS_PUBLIC', 1); define('FILE_DOWNLOADS_PRIVATE', 2); +define('FILE_DOWNLOADS_CUSTOM', 3); define('FILE_CREATE_DIRECTORY', 1); define('FILE_MODIFY_PERMISSIONS', 2); define('FILE_EXISTS_RENAME', 0); @@ -35,6 +36,7 @@ function file_create_url($path) { case FILE_DOWNLOADS_PUBLIC: return $GLOBALS['base_url'] .'/'. file_directory_path() .'/'. str_replace('\\', '/', $path); case FILE_DOWNLOADS_PRIVATE: + case FILE_DOWNLOADS_CUSTOM: return url('system/files/'. $path, NULL, NULL, TRUE); } } @@ -551,12 +553,17 @@ function file_transfer($source, $headers // To prevent HTTP header injection, we delete new lines that are // not followed by a space or a tab. // See http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 - $header = preg_replace('/\r?\n(?!\t| )/', '', $header); - header($header); + header(preg_replace('/\r?\n(?!\t| )/', '', $header)); } - $source = file_create_path($source); + $handler = variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) == FILE_DOWNLOADS_CUSTOM ? + variable_get('file_transfer_handler', 'file_transfer_php') : 'file_transfer_php'; + call_user_func($handler, file_create_path($source)); + exit(); +} + +function file_transfer_php($source) { // Transfer file in 1024 byte chunks to save memory usage. if ($fd = fopen($source, 'rb')) { while (!feof($fd)) { @@ -567,7 +574,11 @@ function file_transfer($source, $headers else { drupal_not_found(); } - exit(); +} + +function file_transfer_xsendfile($source) { + // Let the web server do the heavy lifting. + header('X-Sendfile: ' . $source); } /** Index: modules/system/system.module =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.module,v retrieving revision 1.332 diff -u -F^f -r1.332 system.module --- modules/system/system.module 10 Jul 2006 21:12:09 -0000 1.332 +++ modules/system/system.module 19 Jul 2006 16:01:20 -0000 @@ -442,7 +442,7 @@ function system_file_system_settings() { '#type' => 'radios', '#title' => t('Download method'), '#default_value' => variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC), - '#options' => array(FILE_DOWNLOADS_PUBLIC => t('Public - files are available using http directly.'), FILE_DOWNLOADS_PRIVATE => t('Private - files are transferred by Drupal.')), + '#options' => array(FILE_DOWNLOADS_PUBLIC => t('Public - files are available directly using HTTP.'), FILE_DOWNLOADS_PRIVATE => t('Private - after applying access controls, files are transferred by Drupal.'), FILE_DOWNLOADS_CUSTOM => t('Custom - after applying access controls, files are transferred by a user-defined handler.')), '#description' => t('If you want any sort of access control on the downloading of files, this needs to be set to private. You can change this at any time, however all download URLs will change and there may be unexpected problems so it is not recommended.') ); Index: modules/upload/upload.module =================================================================== RCS file: /cvs/drupal/drupal/modules/upload/upload.module,v retrieving revision 1.113 diff -u -F^f -r1.113 upload.module --- modules/upload/upload.module 19 Jul 2006 07:15:35 -0000 1.113 +++ modules/upload/upload.module 19 Jul 2006 16:01:20 -0000 @@ -89,7 +89,7 @@ function upload_menu($may_cache) { if (isset($_SESSION['file_previews'])) { foreach ($_SESSION['file_previews'] as $fid => $file) { $filename = file_create_filename($file->filename, file_create_path()); - if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) == FILE_DOWNLOADS_PRIVATE) { + if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) != FILE_DOWNLOADS_PUBLIC) { // strip file_directory_path() from filename. @see file_create_url if (strpos($filename, file_directory_path()) !== FALSE) { $filename = trim(substr($filename, strlen(file_directory_path())), '\\/');