From d5441fdf85c24a7b712779dac43be911ba62a1d4 Mon Sep 17 00:00:00 2001
From: System Void <void@sysvoid.co>
Date: Tue, 24 Nov 2015 07:51:23 +0000
Subject: [PATCH] Added file existence check.

I added a check to see if the file exists.
---
 web/download/file/index.php | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/web/download/file/index.php b/web/download/file/index.php
index 5322185b1..b0a462f41 100644
--- a/web/download/file/index.php
+++ b/web/download/file/index.php
@@ -8,20 +8,16 @@ if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY'
 
 $user = $_SESSION['user'];
 if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
-    $user=$_SESSION['look'];
+    $user = $_SESSION['look'];
 }
 
-if (!empty($_REQUEST['path'])) {
-    $path = $_REQUEST['path'];
+$path = $_REQUEST['path'];
+if (!empty($path) && file_exists($path)) {
     header("Content-type: application/octet-stream");
     header("Content-Transfer-Encoding: binary");
     header("Content-disposition: attachment;filename=".basename($path));
-    passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
+    passthru(VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
     exit;
-}
-else {
+} else {
     die('File not found');
 }
-
-
-?>