From d5441fdf85c24a7b712779dac43be911ba62a1d4 Mon Sep 17 00:00:00 2001
From: System Void <void@sysvoid.co>
Date: Tue, 24 Nov 2015 07:51:23 +0000
Subject: [PATCH 1/3] Added file existence check.

I added a check to see if the file exists.
---
 web/download/file/index.php | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/web/download/file/index.php b/web/download/file/index.php
index 5322185b1..b0a462f41 100644
--- a/web/download/file/index.php
+++ b/web/download/file/index.php
@@ -8,20 +8,16 @@ if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY'
 
 $user = $_SESSION['user'];
 if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
-    $user=$_SESSION['look'];
+    $user = $_SESSION['look'];
 }
 
-if (!empty($_REQUEST['path'])) {
-    $path = $_REQUEST['path'];
+$path = $_REQUEST['path'];
+if (!empty($path) && file_exists($path)) {
     header("Content-type: application/octet-stream");
     header("Content-Transfer-Encoding: binary");
     header("Content-disposition: attachment;filename=".basename($path));
-    passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
+    passthru(VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
     exit;
-}
-else {
+} else {
     die('File not found');
 }
-
-
-?>

From af66851b8b460291db685f870377554a38f65c16 Mon Sep 17 00:00:00 2001
From: System Void <void@sysvoid.co>
Date: Sun, 26 Jun 2016 16:14:47 +0100
Subject: [PATCH 2/3] Moving this to v-open-fs-file

---
 web/download/file/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/download/file/index.php b/web/download/file/index.php
index b0a462f41..0cc5b5c10 100644
--- a/web/download/file/index.php
+++ b/web/download/file/index.php
@@ -12,7 +12,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
 }
 
 $path = $_REQUEST['path'];
-if (!empty($path) && file_exists($path)) {
+if (!empty($path)) {
     header("Content-type: application/octet-stream");
     header("Content-Transfer-Encoding: binary");
     header("Content-disposition: attachment;filename=".basename($path));

From 20675ac38076749a1bc320a66692852b0880595b Mon Sep 17 00:00:00 2001
From: System Void <void@sysvoid.co>
Date: Sun, 26 Jun 2016 16:18:43 +0100
Subject: [PATCH 3/3] Added file check

---
 bin/v-open-fs-file | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/bin/v-open-fs-file b/bin/v-open-fs-file
index b04ad4933..c51cd0b9f 100755
--- a/bin/v-open-fs-file
+++ b/bin/v-open-fs-file
@@ -33,6 +33,11 @@ if [ ! -z "$src_file" ]; then
         echo "Error: invalid source path $src_file"
         exit 2
     fi
+    
+    if [ ! -f "$src_file" ]; then
+        echo "Error: file not found $src_file"
+        exit 2
+    fi
 fi
 
 # Reading file