source: trunk/action.php @ 6329

Revision 6322, 5.5 KB checked in by plg, 9 years ago (diff)

merge r6321 from branch 2.1 to trunk

bug 1682: r6312 was producing a MySQL error (depending on the MySQL server
version) because a count() implies a group by.

This code change was checked against MySQL 5.0.75, MySQL 5.0.51 (where the
error occured) and SQLite 3.6.22.

Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24define('PHPWG_ROOT_PATH','./');
25include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
26
27// Check Access and exit when user status is not ok
28check_status(ACCESS_GUEST);
29
30function guess_mime_type($ext)
31{
32  switch ( strtolower($ext) )
33  {
34    case "jpe": case "jpeg":
35    case "jpg": $ctype="image/jpeg"; break;
36    case "png": $ctype="image/png"; break;
37    case "gif": $ctype="image/gif"; break;
38    case "tiff":
39    case "tif": $ctype="image/tiff"; break;
40    case "txt": $ctype="text/plain"; break;
41    case "html":
42    case "htm": $ctype="text/html"; break;
43    case "xml": $ctype="text/xml"; break;
44    case "pdf": $ctype="application/pdf"; break;
45    case "zip": $ctype="application/zip"; break;
46    case "ogg": $ctype="application/ogg"; break;
47    default: $ctype="application/octet-stream";
48  }
49  return $ctype;
50}
51
52function do_error( $code, $str )
53{
54  set_status_header( $code );
55  echo $str ;
56  exit();
57}
58
59
60if (!isset($_GET['id'])
61    or !is_numeric($_GET['id'])
62    or !isset($_GET['part'])
63    or !in_array($_GET['part'], array('t','e','i','h') ) )
64{
65  do_error(400, 'Invalid request - id/part');
66}
67
68$query = '
69SELECT * FROM '. IMAGES_TABLE.'
70  WHERE id='.$_GET['id'].'
71;';
72
73$result = pwg_query($query);
74$element_info = pwg_db_fetch_assoc($result);
75if ( empty($element_info) )
76{
77  do_error(404, 'Requested id not found');
78}
79
80// $filter['visible_categories'] and $filter['visible_images']
81// are not used because it's not necessary (filter <> restriction)
82$query='
83SELECT id
84  FROM '.CATEGORIES_TABLE.'
85    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
86  WHERE image_id = '.$_GET['id'].'
87'.get_sql_condition_FandF(
88  array(
89      'forbidden_categories' => 'category_id',
90      'forbidden_images' => 'image_id',
91    ),
92  '    AND'
93  ).'
94  LIMIT 1
95;';
96if ( pwg_db_num_rows(pwg_query($query))<1 )
97{
98  do_error(401, 'Access denied');
99}
100
101include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
102$file='';
103switch ($_GET['part'])
104{
105  case 't':
106    $file = get_thumbnail_path($element_info);
107    break;
108  case 'e':
109    $file = get_element_path($element_info);
110    break;
111  case 'i':
112    $file = get_image_path($element_info);
113    break;
114  case 'h':
115    if ( $user['enabled_high']!='true' )
116    {
117      do_error(401, 'Access denied h');
118    }
119    $file = get_high_path($element_info);
120    break;
121}
122
123if ( empty($file) )
124{
125  do_error(404, 'Requested file not found');
126}
127
128if ($_GET['part'] == 'h') {
129  pwg_log($_GET['id'], 'high');
130}
131else if ($_GET['part'] == 'e')
132{
133  pwg_log($_GET['id'], 'other');
134}
135
136$http_headers = array();
137
138$ctype = null;
139if (!url_is_remote($file))
140{
141  if ( !@is_readable($file) )
142  {
143    do_error(404, "Requested file not found - $file");
144  }
145  $http_headers[] = 'Content-Length: '.@filesize($file);
146  if ( function_exists('mime_content_type') )
147  {
148    $ctype = mime_content_type($file);
149  }
150
151  $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
152  $http_headers[] = 'Last-Modified: '.$gmt_mtime;
153
154  // following lines would indicate how the client should handle the cache
155  /* $max_age=300;
156  $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
157  // HTTP/1.1 only
158  $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/
159
160  if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
161  {
162    set_status_header(304);
163    foreach ($http_headers as $header)
164    {
165      header( $header );
166    }
167    exit();
168  }
169}
170
171if (!isset($ctype))
172{ // give it a guess
173  $ctype = guess_mime_type( get_extension($file) );
174}
175
176$http_headers[] = 'Content-Type: '.$ctype;
177
178if (!isset($_GET['view']))
179{
180  $http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';
181  $http_headers[] = 'Content-Transfer-Encoding: binary';
182}
183else
184{
185  $http_headers[] = 'Content-Disposition: inline; filename="'
186            .basename($file).'";';
187}
188
189foreach ($http_headers as $header)
190{
191  header( $header );
192}
193
194// Looking at the safe_mode configuration for execution time
195if (ini_get('safe_mode') == 0)
196{
197  @set_time_limit(0);
198}
199
200@readfile($file);
201
202?>
Note: See TracBrowser for help on using the repository browser.