Index: INSTALL
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/xsend/INSTALL,v
retrieving revision 1.1
diff -u -p -r1.1 INSTALL
--- INSTALL	22 Sep 2009 19:03:02 -0000	1.1
+++ INSTALL	13 Oct 2009 17:22:38 -0000
@@ -18,7 +18,6 @@ Install X-send file module
  - Change your site file system to private (http://sitename/admin/settings/file-system)
  - Follow standerd Drupal installation for module as below.
  - Extract the module and copy module to sites/all/modules
- - Go to patch folder and run patch file to patch your file.inc
  - Enable the module
  - Go to settings and set the path to Drupal installation directory.
  - Enable the X-send support.
@@ -30,6 +29,8 @@ in a subdirectory then you need to add c
  - go to .htaccess file and add following lines to the top of the file
  - XSendFile on
  - XSendFileAllowAbove on
+ - Add the following line after "RewriteEngine on"
+ - RewriteRule ^system/files/(.*) index.php?q=xsend/$1 [L,QSA]
  - Go to files directory
  - open the .htaccess file and add following lines to top of it
  - Deny from all
Index: xsend.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/xsend/xsend.module,v
retrieving revision 1.7
diff -u -p -r1.7 xsend.module
--- xsend.module	23 Sep 2009 02:27:33 -0000	1.7
+++ xsend.module	13 Oct 2009 17:22:39 -0000
@@ -23,9 +23,50 @@ function xsend_menu() {
     'page arguments' => array('xsend_admin_settings'),
     'access arguments' => array('administer site configuration'),
   );
+  $items['xsend'] = array(
+    'title' => 'File download',
+    'page callback' => 'xsend_file_transfer',
+    'access callback' => TRUE,
+    'type' => MENU_CALLBACK,
+  );
   return $items;
 }
 
+/**
+ * Transfer a private file with the X-Sendfile header.
+ * This is adapted from file_download().
+ * @see file_download()
+ */
+function xsend_file_transfer() {
+  if (variable_get('file_transfer_handler', "file_transfer_default") == 'file_transfer_default') {
+    $args = func_get_args();
+    call_user_func_array('file_download', $args);
+    exit();
+  }
+
+  // Merge remainder of arguments from GET['q'], into relative file path.
+  $args = func_get_args();
+  $filepath = implode('/', $args);
+
+  if (file_exists(file_create_path($filepath))) {
+    $headers = module_invoke_all('file_download', $filepath);
+    if (in_array(-1, $headers)) {
+      return drupal_access_denied();
+    }
+    if (count($headers)) {
+      drupal_set_header('X-Sendfile: '. realpath(file_create_path($filepath)));
+      foreach ($headers as $header) {
+        // To prevent HTTP header injection, we delete new lines that are
+        // not followed by a space or a tab.
+        // See http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
+        $header = preg_replace('/\r?\n(?!\t| )/', '', $header);
+        drupal_set_header($header);
+      }
+      exit();
+    }
+  }
+  return drupal_not_found();
+}
 
 /**
  * menu call back for admin settings
@@ -48,12 +89,6 @@ function xsend_admin_settings() {
         '#options' => array("file_transfer_default"=>t('Disabled'), "file_transfer_xsendfile"=>t('Enabled - files are transferred by Drupal.')),
         '#description' => 'Enable X-send files support.'
     );
-    $form['settings_general']['path_to_drupal_root'] = array(
-        '#type' => 'textfield',
-        '#title' => 'Absolute path to Drupal installation directory',
-        '#default_value' => variable_get('path_to_drupal_root', dirname(__FILE__)),
-        '#description' => t('Please set the correct path otherwise the file transfer will fail. eg:/usr/www/apache/htdocs/'),
-    );
     return system_settings_form($form);
   }
 }
\ No newline at end of file
Index: patch/file.inc.patch
===================================================================
RCS file: patch/file.inc.patch
diff -N patch/file.inc.patch
--- patch/file.inc.patch	23 Sep 2009 15:17:16 -0000	1.4
+++ /dev/null	1 Jan 1970 00:00:00 -0000
@@ -1,49 +0,0 @@
-# This patch file was generated by NetBeans IDE
-# This patch can be applied using context Tools: Apply Diff Patch action on respective folder.
-# It uses platform neutral UTF-8 encoding.
-# Above lines and this line are ignored by the patching process.
---- includes/file.inc
-+++ includes/file.inc
-@@ -811,8 +811,17 @@
-     drupal_set_header($header);
-   }
- 
--  $source = file_create_path($source);
-+  //$source = file_create_path($source);
-+  $handler = variable_get('file_transfer_handler', 'file_transfer_default');
-+  call_user_func($handler, file_create_path($source));
-+  exit();
-+}
- 
-+/**
-+ *
-+ * @param $source File to transfer.
-+ */
-+function file_transfer_default($source){
-   // Transfer file in 1024 byte chunks to save memory usage.
-   if ($fd = fopen($source, 'rb')) {
-     while (!feof($fd)) {
-@@ -823,10 +832,21 @@
-   else {
-     drupal_not_found();
-   }
--  exit();
- }
- 
-+
- /**
-+ *
-+ * @param $source File to transfer.
-+ */
-+function file_transfer_xsendfile($source) {
-+    // Let the web server do the heavy lifting.
-+    // TODO : add file path validation
-+    header('X-Sendfile: '.variable_get('path_to_drupal_root', '').$source);
-+ }
-+
-+
-+/**
-  * Call modules that implement hook_file_download() to find out if a file is
-  * accessible and what headers it should be transferred with. If a module
-  * returns -1 drupal_access_denied() will be returned. If one or more modules
-