public static function sendFileToBrowser($strFile)
{
// Make sure there are no attempts to hack the file system
if (preg_match('@^\\.+@i', $strFile) || preg_match('@\\.+/@i', $strFile) || preg_match('@(://)+@i', $strFile)) {
throw new PageNotFoundException('Invalid file name');
}
// Limit downloads to the files directory
if (!preg_match('@^' . preg_quote(\Config::get('uploadPath'), '@') . '@i', $strFile)) {
throw new PageNotFoundException('Invalid path');
}
// Check whether the file exists
if (!file_exists(TL_ROOT . '/' . $strFile)) {
throw new PageNotFoundException('File not found');
}
$objFile = new \File($strFile);
$arrAllowedTypes = \StringUtil::trimsplit(',', strtolower(\Config::get('allowedDownload')));
// Check whether the file type is allowed to be downloaded
if (!in_array($objFile->extension, $arrAllowedTypes)) {
throw new AccessDeniedException(sprintf('File type "%s" is not allowed', $objFile->extension));
}
// HOOK: post download callback
if (isset($GLOBALS['TL_HOOKS']['postDownload']) && is_array($GLOBALS['TL_HOOKS']['postDownload'])) {
foreach ($GLOBALS['TL_HOOKS']['postDownload'] as $callback) {
static::importStatic($callback[0])->{$callback[1]}($strFile);
}
}
// Send the file (will stop the script execution)
$objFile->sendToBrowser();
}