| [0] | 1 | <?php | 
|---|
|  | 2 | # -- BEGIN LICENSE BLOCK --------------------------------------- | 
|---|
|  | 3 | # | 
|---|
|  | 4 | # This file is part of Dotclear 2. | 
|---|
|  | 5 | # | 
|---|
| [1179] | 6 | # Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear | 
|---|
| [0] | 7 | # Licensed under the GPL version 2.0 license. | 
|---|
|  | 8 | # See LICENSE file or | 
|---|
|  | 9 | # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html | 
|---|
|  | 10 | # | 
|---|
|  | 11 | # -- END LICENSE BLOCK ----------------------------------------- | 
|---|
|  | 12 |  | 
|---|
|  | 13 | #  ClearBricks and DotClear classes auto-loader | 
|---|
|  | 14 | if (@is_dir('/usr/lib/clearbricks')) { | 
|---|
|  | 15 | define('CLEARBRICKS_PATH','/usr/lib/clearbricks'); | 
|---|
|  | 16 | } elseif (is_dir(dirname(__FILE__).'/libs/clearbricks')) { | 
|---|
|  | 17 | define('CLEARBRICKS_PATH',dirname(__FILE__).'/libs/clearbricks'); | 
|---|
|  | 18 | } elseif (isset($_SERVER['CLEARBRICKS_PATH']) && is_dir($_SERVER['CLEARBRICKS_PATH'])) { | 
|---|
|  | 19 | define('CLEARBRICKS_PATH',$_SERVER['CLEARBRICKS_PATH']); | 
|---|
|  | 20 | } | 
|---|
|  | 21 |  | 
|---|
|  | 22 | if (!defined('CLEARBRICKS_PATH') || !is_dir(CLEARBRICKS_PATH)) { | 
|---|
|  | 23 | exit('No clearbricks path defined'); | 
|---|
|  | 24 | } | 
|---|
|  | 25 |  | 
|---|
|  | 26 | require CLEARBRICKS_PATH.'/_common.php'; | 
|---|
|  | 27 |  | 
|---|
|  | 28 | if (isset($_SERVER['DC_RC_PATH'])) { | 
|---|
|  | 29 | define('DC_RC_PATH',$_SERVER['DC_RC_PATH']); | 
|---|
|  | 30 | } elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) { | 
|---|
|  | 31 | define('DC_RC_PATH',$_SERVER['REDIRECT_DC_RC_PATH']); | 
|---|
|  | 32 | } else { | 
|---|
|  | 33 | define('DC_RC_PATH',dirname(__FILE__).'/config.php'); | 
|---|
|  | 34 | } | 
|---|
|  | 35 |  | 
|---|
|  | 36 | if (!is_file(DC_RC_PATH)) { | 
|---|
|  | 37 | trigger_error('Unable to open config file',E_USER_ERROR); | 
|---|
|  | 38 | exit; | 
|---|
|  | 39 | } | 
|---|
|  | 40 |  | 
|---|
|  | 41 | require DC_RC_PATH; | 
|---|
|  | 42 |  | 
|---|
|  | 43 | if (empty($_GET['pf'])) { | 
|---|
|  | 44 | header('Content-Type: text/plain'); | 
|---|
|  | 45 | http::head(404,'Not Found'); | 
|---|
|  | 46 | exit; | 
|---|
|  | 47 | } | 
|---|
|  | 48 |  | 
|---|
| [3020] | 49 | // $_GET['v'] : version in url to bypass cache in case of dotclear upgrade or in dev mode | 
|---|
| [3022] | 50 | // but don't care of value | 
|---|
|  | 51 | if (isset($_GET['v'])) | 
|---|
|  | 52 | { | 
|---|
|  | 53 | unset($_GET['v']); | 
|---|
|  | 54 | } | 
|---|
|  | 55 |  | 
|---|
|  | 56 | // Only $_GET['pf'] is allowed in URL | 
|---|
|  | 57 | if (count($_GET) > 1) | 
|---|
| [1116] | 58 | { | 
|---|
|  | 59 | header('Content-Type: text/plain'); | 
|---|
|  | 60 | http::head(403,'Forbidden'); | 
|---|
|  | 61 | exit; | 
|---|
| [1115] | 62 | } | 
|---|
|  | 63 |  | 
|---|
| [3014] | 64 | $allow_types = array('png','jpg','jpeg','gif','css','js','swf','svg'); | 
|---|
| [0] | 65 |  | 
|---|
|  | 66 | $pf = path::clean($_GET['pf']); | 
|---|
|  | 67 |  | 
|---|
|  | 68 | $paths = array_reverse(explode(PATH_SEPARATOR,DC_PLUGINS_ROOT)); | 
|---|
|  | 69 |  | 
|---|
| [2804] | 70 | # Adding some folders here to load some stuff | 
|---|
| [0] | 71 | $paths[] = dirname(__FILE__).'/swf'; | 
|---|
| [2800] | 72 | $paths[] = dirname(__FILE__).'/js'; | 
|---|
| [2804] | 73 | $paths[] = dirname(__FILE__).'/css'; | 
|---|
| [2800] | 74 |  | 
|---|
| [0] | 75 | foreach ($paths as $m) | 
|---|
|  | 76 | { | 
|---|
|  | 77 | $PF = path::real($m.'/'.$pf); | 
|---|
| [2566] | 78 |  | 
|---|
| [0] | 79 | if ($PF !== false) { | 
|---|
|  | 80 | break; | 
|---|
|  | 81 | } | 
|---|
|  | 82 | } | 
|---|
|  | 83 | unset($paths); | 
|---|
|  | 84 |  | 
|---|
|  | 85 | if ($PF === false || !is_file($PF) || !is_readable($PF)) { | 
|---|
|  | 86 | header('Content-Type: text/plain'); | 
|---|
|  | 87 | http::head(404,'Not Found'); | 
|---|
|  | 88 | exit; | 
|---|
|  | 89 | } | 
|---|
|  | 90 |  | 
|---|
|  | 91 | if (!in_array(files::getExtension($PF),$allow_types)) { | 
|---|
|  | 92 | header('Content-Type: text/plain'); | 
|---|
|  | 93 | http::head(404,'Not Found'); | 
|---|
|  | 94 | exit; | 
|---|
|  | 95 | } | 
|---|
|  | 96 |  | 
|---|
| [2948] | 97 | http::$cache_max_age = 7 * 24 * 60 * 60;     // One week cache for plugin's files served by ?pf=… is better than old 2 hours | 
|---|
| [0] | 98 | http::cache(array_merge(array($PF),get_included_files())); | 
|---|
|  | 99 |  | 
|---|
|  | 100 | header('Content-Type: '.files::getMimeType($PF)); | 
|---|
| [3143] | 101 | // Content-length is not mandatory and must be the exact size of content transfered AFTER possible compression (gzip, deflate, …) | 
|---|
|  | 102 | //header('Content-Length: '.filesize($PF)); | 
|---|
| [0] | 103 | readfile($PF); | 
|---|
|  | 104 | exit; | 
|---|