Home » API reference » file.module

file_file_download

Versions
7
file_file_download($uri, $field_type = 'file')

Implements hook_file_download().

This function takes an extra parameter $field_type so that it may be re-used by other File-like modules, such as Image.

▸ 1 function calls file_file_download()

▾ 1 function calls file_file_download()

image_file_download in modules/image/image.module
Implements hook_file_download().

Code

modules/file/file.module, line 120

<?php
function file_file_download($uri, $field_type = 'file') {
  global $user;

  // Get the file record based on the URI. If not in the database just return.
  $files = file_load_multiple(array(), array('uri' => $uri));
  if (count($files)) {
    $file = reset($files);
  }
  else {
    return;
  }

  // Find out which (if any) file fields contain this file.
  $references = file_get_file_references($file, NULL, FIELD_LOAD_REVISION, $field_type);

  // TODO: Check field-level access if available here.

  $denied = $file->status ? NULL : FALSE;
  // Check access to content containing the file fields. If access is allowed
  // to any of this content, allow the download.
  foreach ($references as $field_name => $field_references) {
    foreach ($field_references as $obj_type => $type_references) {
      foreach ($type_references as $reference) {
        // If access is allowed to any object, immediately stop and grant
        // access. If access is denied, continue through in case another object
        // grants access.
        // TODO: Switch this to a universal access check mechanism if available.
        if ($obj_type == 'node' && ($node = node_load($reference->nid))) {
          if (node_access('view', $node)) {
            $denied = FALSE;
            break 3;
          }
          else {
            $denied = TRUE;
          }
        }
        if ($obj_type == 'user') {
          if (user_access('access user profiles') || $user->uid == $reference->uid) {
            $denied = FALSE;
            break 3;
          }
          else {
            $denied = TRUE;
          }
        }
      }
    }
  }

  // No access was denied or granted.
  if (!isset($denied)) {
    return;
  }
  // Access specifically denied and not granted elsewhere.
  elseif ($denied == TRUE) {
    return -1;
  }

  // Access is granted.
  $name = mime_header_encode($file->filename);
  $type = mime_header_encode($file->filemime);
  // Serve images, text, and flash content for display rather than download.
  $inline_types = variable_get('file_inline_types', array('^text/', '^image/', 'flash$'));
  $disposition = 'attachment';
  foreach ($inline_types as $inline_type) {
    // Exclamation marks are used as delimiters to avoid escaping slashes.
    if (preg_match('!' . $inline_type . '!', $file->filemime)) {
      $disposition = 'inline';
    }
  }

  return array(
    'Content-Type' => $type . '; name="' . $name . '"',
    'Content-Length' => $file->filesize,
    'Content-Disposition' => $disposition . '; filename="' . $name . '"',
    'Cache-Control' => 'private',
  );
}
?>
Login or register to post comments
 
 

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.