Changeset 1612 for trunk/action.php


Ignore:
Timestamp:
Nov 17, 2006, 5:26:10 AM (17 years ago)
Author:
rvelices
Message:
  • plugins can have full control over the path/url of the element/image/

thumbnail/high (it is possible now to have secure images, on the fly
watermarking, mod download and media integrator plugins working together in
any combination and without touching PWG core)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/action.php

    r1560 r1612  
    3232check_status(ACCESS_GUEST);
    3333
    34 function force_download ($filename)
     34function guess_mime_type($ext)
    3535{
    36 //TODO : messages in "lang"
    37   if (!url_is_remote($filename))
     36  switch ( strtolower($ext) )
    3837  {
    39     $filename = realpath($filename);
    40     if (!file_exists($filename))
    41     {
    42       die("NO FILE HERE");
    43     }
    44     $file_size = @filesize($filename);
     38    case "jpe": case "jpeg":
     39    case "jpg": $ctype="image/jpeg"; break;
     40    case "png": $ctype="image/png"; break;
     41    case "gif": $ctype="image/gif"; break;
     42    case "tiff":
     43    case "tif": $ctype="image/tiff"; break;
     44    case "txt": $ctype="text/plain"; break;
     45    case "html":
     46    case "htm": $ctype="text/html"; break;
     47    case "xml": $ctype="text/xml"; break;
     48    case "pdf": $ctype="application/pdf"; break;
     49    case "zip": $ctype="application/zip"; break;
     50    case "ogg": $ctype="application/ogg"; break;
     51    default: $ctype="application/octet-stream";
    4552  }
    46   else
    47   {
    48     $file_size = 0;
    49   }
    50 
    51   $file_extension = strtolower(substr(strrchr($filename,"."),1));
    52 
    53   switch ($file_extension) {
    54       case "jpe": case "jpeg":
    55       case "jpg": $ctype="image/jpg"; break;
    56       case "png": $ctype="image/png"; break;
    57       case "gif": $ctype="image/gif"; break;
    58       case "pdf": $ctype="application/pdf"; break;
    59       case "zip": $ctype="application/zip"; break;
    60       case "php":
    61         // never allow download of php scripts to protect our conf files
    62         die('Hacking attempt!'); break;
    63       default: $ctype="application/octet-stream";
    64   }
    65 
    66   header("Pragma: public");
    67   header("Expires: 0");
    68   header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    69   header("Cache-Control: private",false);
    70   header("Content-Type: $ctype");
    71   header("Content-Disposition: attachment; filename=\""
    72          .basename($filename)."\";");
    73   header("Content-Transfer-Encoding: binary");
    74   if (isset($file_size) and ($file_size != 0))
    75   {
    76     header("Content-Length: ".@filesize($filename));
    77   }
    78 
    79   // Looking at the safe_mode configuration for execution time
    80   if (ini_get('safe_mode') == 0)
    81   {
    82     @set_time_limit(0);
    83   }
    84 
    85   @readfile("$filename") or die("File not found.");
     53  return $ctype;
    8654}
    8755
    88 //--------------------------------------------------------- download big picture
    89 if ( isset( $_GET['dwn'] ) )
     56function do_error( $code, $str )
    9057{
    91 //TODO : verify the path begins with something in galleries_url and that user has access rights to the picture
    92 // in order to avoid hacking atempts by forged url
    93   if (preg_match('/\.\./',$_GET['dwn'])) {
    94     die('Hacking attempt!');
    95   }
    96   force_download($_GET['dwn']);
     58  header("HTTP/1.1 $code ");
     59  header("Status: $code ");
     60  echo $str ;
     61  exit();
    9762}
    9863
     64
     65if ( !isset($_GET['id']) or !is_numeric($_GET['id'])
     66    or !isset($_GET['part'])
     67    or !in_array($_GET['part'], array('t','e','i','h') ) )
     68{
     69  do_error(400, 'Invalid request - id/part');
     70}
     71
     72$id = $_GET['id'];
     73$query = '
     74SELECT * FROM '. IMAGES_TABLE.'
     75  WHERE id='.$id.'
     76;';
     77
     78$result = pwg_query($query);
     79$element_info = mysql_fetch_assoc($result);
     80if ( empty($element_info) )
     81{
     82  do_error(404, 'Requested id not found');
     83}
     84
     85// TODO - check permissions
     86
     87include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
     88$file='';
     89switch ($_GET['part'])
     90{
     91  case 't':
     92    $file = get_thumbnail_path($element_info);
     93    break;
     94  case 'e':
     95    $file = get_element_path($element_info);
     96    break;
     97  case 'i':
     98    $file = get_image_path($element_info);
     99    break;
     100  case 'h':
     101    $file = get_high_path($element_info);
     102    break;
     103}
     104
     105if ( empty($file) )
     106{
     107  do_error(404, 'Requested file not found');
     108}
     109
     110$http_headers = array();
     111
     112$ctype = null;
     113if (!url_is_remote($file))
     114{
     115  if ( !@is_readable($file) )
     116  {
     117    do_error(404, "Requested file not found - $file");
     118  }
     119  $http_headers[] = 'Content-Length: '.@filesize($file);
     120  if ( function_exists('mime_content_type') )
     121  {
     122    $ctype = mime_content_type($file);
     123  }
     124}
     125if (!isset($ctype))
     126{ // give it a guess
     127  $ctype = guess_mime_type( get_extension($file) );
     128}
     129
     130$http_headers[] = 'Content-Type: '.$ctype;
     131
     132if (!isset($_GET['view']))
     133{
     134  $http_headers[] = 'Content-Disposition: attachment; filename="'
     135            .basename($file).'";';
     136  $http_headers[] = 'Content-Transfer-Encoding: binary';
     137}
     138$http_headers[] = 'Pragma: public';
     139$http_headers[] = 'Expires: 0';
     140$http_headers[] = 'Cache-Control: must-revalidate, post-check=0, pre-check=0';
     141
     142
     143foreach ($http_headers as $header)
     144{
     145  header( $header );
     146}
     147header("Cache-Control: private",false); //???
     148
     149// Looking at the safe_mode configuration for execution time
     150if (ini_get('safe_mode') == 0)
     151{
     152  @set_time_limit(0);
     153}
     154
     155@readfile($file);
     156
    99157?>
Note: See TracChangeset for help on using the changeset viewer.