restriction) $query=' SELECT id FROM '.CATEGORIES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id WHERE image_id = '.$_GET['id'].' '.get_sql_condition_FandF( array( 'forbidden_categories' => 'category_id', 'forbidden_images' => 'image_id', ), ' AND' ).' LIMIT 1 ;'; if ( pwg_db_num_rows(pwg_query($query))<1 ) { do_error(401, 'Access denied'); } include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); $file=''; switch ($_GET['part']) { case 'e': //---- specific download_by_size, start if (isset($_GET['size'])) { if (!in_array($_GET['size'], array_keys(ImageStdParams::get_defined_type_map()))) { die('Hacking attempt: unknown size'); } $deriv = new DerivativeImage($_GET['size'], new SrcImage($element_info)); if (!file_exists($deriv->get_path())) { include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); set_make_full_url(); fetchRemote($deriv->get_url().'&ajaxload=true', $dest); unset_make_full_url(); } $file = $deriv->get_path(); $size = $deriv->get_size(); // change the name of the file for download, suffix with _widthxheight before the extension $element_info['file'] = dlsize_getFilename( $element_info, array( 'width'=>$size[0], 'height'=>$size[1] ) ); } else { //---- specific download_by_size, end if ( !$user['enabled_high'] ) { $deriv = new DerivativeImage(IMG_XXLARGE, new SrcImage($element_info)); if ( !$deriv->same_as_source() ) { do_error(401, 'Access denied e'); } } $file = get_element_path($element_info); //---- specific download_by_size, start } //---- specific download_by_size, end break; case 'r': $file = original_to_representative( get_element_path($element_info), $element_info['representative_ext'] ); break; } if ( empty($file) ) { do_error(404, 'Requested file not found'); } if ($_GET['part'] == 'e') { pwg_log($_GET['id'], 'high'); } else if ($_GET['part'] == 'e') { pwg_log($_GET['id'], 'other'); } $http_headers = array(); $ctype = null; if (!url_is_remote($file)) { if ( !@is_readable($file) ) { do_error(404, "Requested file not found - $file"); } $http_headers[] = 'Content-Length: '.@filesize($file); if ( function_exists('mime_content_type') ) { $ctype = mime_content_type($file); } $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT'; $http_headers[] = 'Last-Modified: '.$gmt_mtime; // following lines would indicate how the client should handle the cache /* $max_age=300; $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT'; // HTTP/1.1 only $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/ if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { set_status_header(304); foreach ($http_headers as $header) { header( $header ); } exit(); } } if (!isset($ctype)) { // give it a guess $ctype = guess_mime_type( get_extension($file) ); } $http_headers[] = 'Content-Type: '.$ctype; if (isset($_GET['download'])) { $http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";'; $http_headers[] = 'Content-Transfer-Encoding: binary'; } else { $http_headers[] = 'Content-Disposition: inline; filename="' .basename($file).'";'; } foreach ($http_headers as $header) { header( $header ); } // Looking at the safe_mode configuration for execution time if (ini_get('safe_mode') == 0) { @set_time_limit(0); } @readfile($file); ?>