Changeset 1612
- Timestamp:
- Nov 17, 2006, 5:26:10 AM (17 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/action.php
r1560 r1612 32 32 check_status(ACCESS_GUEST); 33 33 34 function force_download ($filename)34 function guess_mime_type($ext) 35 35 { 36 //TODO : messages in "lang" 37 if (!url_is_remote($filename)) 36 switch ( strtolower($ext) ) 38 37 { 39 $filename = realpath($filename); 40 if (!file_exists($filename)) 41 { 42 die("NO FILE HERE"); 43 } 44 $file_size = @filesize($filename); 38 case "jpe": case "jpeg": 39 case "jpg": $ctype="image/jpeg"; break; 40 case "png": $ctype="image/png"; break; 41 case "gif": $ctype="image/gif"; break; 42 case "tiff": 43 case "tif": $ctype="image/tiff"; break; 44 case "txt": $ctype="text/plain"; break; 45 case "html": 46 case "htm": $ctype="text/html"; break; 47 case "xml": $ctype="text/xml"; break; 48 case "pdf": $ctype="application/pdf"; break; 49 case "zip": $ctype="application/zip"; break; 50 case "ogg": $ctype="application/ogg"; break; 51 default: $ctype="application/octet-stream"; 45 52 } 46 else 47 { 48 $file_size = 0; 49 } 50 51 $file_extension = strtolower(substr(strrchr($filename,"."),1)); 52 53 switch ($file_extension) { 54 case "jpe": case "jpeg": 55 case "jpg": $ctype="image/jpg"; break; 56 case "png": $ctype="image/png"; break; 57 case "gif": $ctype="image/gif"; break; 58 case "pdf": $ctype="application/pdf"; break; 59 case "zip": $ctype="application/zip"; break; 60 case "php": 61 // never allow download of php scripts to protect our conf files 62 die('Hacking attempt!'); break; 63 default: $ctype="application/octet-stream"; 64 } 65 66 header("Pragma: public"); 67 header("Expires: 0"); 68 header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 69 header("Cache-Control: private",false); 70 header("Content-Type: $ctype"); 71 header("Content-Disposition: attachment; filename=\"" 72 .basename($filename)."\";"); 73 header("Content-Transfer-Encoding: binary"); 74 if (isset($file_size) and ($file_size != 0)) 75 { 76 header("Content-Length: ".@filesize($filename)); 77 } 78 79 // Looking at the safe_mode configuration for execution time 80 if (ini_get('safe_mode') == 0) 81 { 82 @set_time_limit(0); 83 } 84 85 @readfile("$filename") or die("File not found."); 53 return $ctype; 86 54 } 87 55 88 //--------------------------------------------------------- download big picture 89 if ( isset( $_GET['dwn'] ) ) 56 function do_error( $code, $str ) 90 57 { 91 //TODO : verify the path begins with something in galleries_url and that user has access rights to the picture 92 // in order to avoid hacking atempts by forged url 93 if (preg_match('/\.\./',$_GET['dwn'])) { 94 die('Hacking attempt!'); 95 } 96 force_download($_GET['dwn']); 58 header("HTTP/1.1 $code "); 59 header("Status: $code "); 60 echo $str ; 61 exit(); 97 62 } 98 63 64 65 if ( !isset($_GET['id']) or !is_numeric($_GET['id']) 66 or !isset($_GET['part']) 67 or !in_array($_GET['part'], array('t','e','i','h') ) ) 68 { 69 do_error(400, 'Invalid request - id/part'); 70 } 71 72 $id = $_GET['id']; 73 $query = ' 74 SELECT * FROM '. IMAGES_TABLE.' 75 WHERE id='.$id.' 76 ;'; 77 78 $result = pwg_query($query); 79 $element_info = mysql_fetch_assoc($result); 80 if ( empty($element_info) ) 81 { 82 do_error(404, 'Requested id not found'); 83 } 84 85 // TODO - check permissions 86 87 include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); 88 $file=''; 89 switch ($_GET['part']) 90 { 91 case 't': 92 $file = get_thumbnail_path($element_info); 93 break; 94 case 'e': 95 $file = get_element_path($element_info); 96 break; 97 case 'i': 98 $file = get_image_path($element_info); 99 break; 100 case 'h': 101 $file = get_high_path($element_info); 102 break; 103 } 104 105 if ( empty($file) ) 106 { 107 do_error(404, 'Requested file not found'); 108 } 109 110 $http_headers = array(); 111 112 $ctype = null; 113 if (!url_is_remote($file)) 114 { 115 if ( !@is_readable($file) ) 116 { 117 do_error(404, "Requested file not found - $file"); 118 } 119 $http_headers[] = 'Content-Length: '.@filesize($file); 120 if ( function_exists('mime_content_type') ) 121 { 122 $ctype = mime_content_type($file); 123 } 124 } 125 if (!isset($ctype)) 126 { // give it a guess 127 $ctype = guess_mime_type( get_extension($file) ); 128 } 129 130 $http_headers[] = 'Content-Type: '.$ctype; 131 132 if (!isset($_GET['view'])) 133 { 134 $http_headers[] = 'Content-Disposition: attachment; filename="' 135 .basename($file).'";'; 136 $http_headers[] = 'Content-Transfer-Encoding: binary'; 137 } 138 $http_headers[] = 'Pragma: public'; 139 $http_headers[] = 'Expires: 0'; 140 $http_headers[] = 'Cache-Control: must-revalidate, post-check=0, pre-check=0'; 141 142 143 foreach ($http_headers as $header) 144 { 145 header( $header ); 146 } 147 header("Cache-Control: private",false); //??? 148 149 // Looking at the safe_mode configuration for execution time 150 if (ini_get('safe_mode') == 0) 151 { 152 @set_time_limit(0); 153 } 154 155 @readfile($file); 156 99 157 ?> -
trunk/picture.php
r1596 r1612 29 29 include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); 30 30 include(PHPWG_ROOT_PATH.'include/section_init.inc.php'); 31 include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); 31 32 32 33 // Check Access and exit when user status is not ok … … 311 312 } 312 313 313 $cat_directory = dirname($row['path']);314 $file_wo_ext = get_filename_wo_extension($row['file']);315 316 314 // ------ build element_path and element_url 317 $picture[$i]['element_url'] = $row['path']; 318 if ( ! url_is_remote($row['path']) ) 319 { 320 $picture[$i]['element_url'] = get_root_url().$row['path']; 321 } 315 $picture[$i]['element_path'] = get_element_path($picture[$i]); 316 $picture[$i]['element_url'] = get_element_url($picture[$i]); 322 317 323 318 // ------ build image_path and image_url 324 if ($picture[$i]['is_picture']) 325 { 326 $picture[$i]['image_path'] = $row['path']; 327 // if we are working on the "current" element, we search if there is a 328 // high quality picture 329 if ($i == 'current') 319 if ($i=='current' or $i=='next') 320 { 321 $picture[$i]['image_path'] = get_image_path( $picture[$i] ); 322 $picture[$i]['image_url'] = get_image_url( $picture[$i] ); 323 } 324 325 if ($i=='current') 326 { 327 if ( $picture[$i]['is_picture'] ) 330 328 { 331 if ( ($row['has_high'] == 'true') and ($user['enabled_high'] == 'true'))329 if ( $user['enabled_high']=='true' ) 332 330 { 333 $url_high=$cat_directory.'/pwg_high/'.$row['file']; 334 $picture[$i]['high_url'] = $picture[$i]['high_path'] = $url_high; 335 if ( ! url_is_remote($picture[$i]['high_path']) ) 331 $hi_url=get_high_url($picture[$i]); 332 if ( !empty($hi_url) ) 336 333 { 337 $picture[$i]['high_url'] = get_root_url().$picture[$i]['high_path']; 334 $picture[$i]['high_url'] = $hi_url; 335 $picture[$i]['download_url'] = get_download_url('h',$picture[$i]); 338 336 } 339 337 } 340 338 } 339 else 340 { // not a pic - need download link 341 $picture[$i]['download_url'] = get_download_url('e',$picture[$i]); 342 } 343 } 344 345 $picture[$i]['thumbnail'] = get_thumbnail_url($row); 346 347 if ( !empty( $row['name'] ) ) 348 { 349 $picture[$i]['name'] = $row['name']; 341 350 } 342 351 else 343 {// not a picture 344 if (isset($row['representative_ext']) and $row['representative_ext']!='') 345 { 346 $picture[$i]['image_path'] = 347 $cat_directory.'/pwg_representative/' 348 .$file_wo_ext.'.'.$row['representative_ext']; 349 } 350 else 351 { 352 $picture[$i]['image_path'] = 353 get_themeconf('mime_icon_dir') 354 .strtolower(get_extension($row['file'])).'.png'; 355 } 356 } 357 358 $picture[$i]['image_url'] = $picture[$i]['image_path']; 359 if ( ! url_is_remote($picture[$i]['image_path']) ) 360 { 361 $picture[$i]['image_url'] = get_root_url().$picture[$i]['image_path']; 362 } 363 364 if (!$picture[$i]['is_picture']) 365 {// if picture is not a file, we need the download link 366 $picture[$i]['download_url'] = $picture[$i]['element_url']; 367 } 368 else 369 {// if picture is a file with high, we put the download link 370 if ( isset($picture[$i]['high_path']) ) 371 { 372 $picture[$i]['download_url'] = get_root_url().'action.php?dwn=' 373 .$picture[$i]['high_path']; 374 } 375 } 376 377 $picture[$i]['thumbnail'] = get_thumbnail_url($row); 378 379 if ( !empty( $row['name'] ) ) 380 { 381 $picture[$i]['name'] = $row['name']; 382 } 383 else 384 { 352 { 353 $file_wo_ext = get_filename_wo_extension($row['file']); 385 354 $picture[$i]['name'] = str_replace('_', ' ', $file_wo_ext); 386 355 } … … 427 396 ); 428 397 } 429 430 // now give an opportunity to the filters to alter element_url,431 // image_url, high_url and download_url432 $picture = trigger_event('picture_navigation', $picture);433 398 434 399 $url_admin =
Note: See TracChangeset
for help on using the changeset viewer.