| 1 | <?php |
|---|
| 2 | # -- BEGIN LICENSE BLOCK --------------------------------------- |
|---|
| 3 | # |
|---|
| 4 | # This file is part of Dotclear 2. |
|---|
| 5 | # |
|---|
| 6 | # Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear |
|---|
| 7 | # Licensed under the GPL version 2.0 license. |
|---|
| 8 | # See LICENSE file or |
|---|
| 9 | # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html |
|---|
| 10 | # |
|---|
| 11 | # -- END LICENSE BLOCK ----------------------------------------- |
|---|
| 12 | |
|---|
| 13 | # ClearBricks and DotClear classes auto-loader |
|---|
| 14 | if (@is_dir('/usr/lib/clearbricks')) { |
|---|
| 15 | define('CLEARBRICKS_PATH','/usr/lib/clearbricks'); |
|---|
| 16 | } elseif (is_dir(dirname(__FILE__).'/libs/clearbricks')) { |
|---|
| 17 | define('CLEARBRICKS_PATH',dirname(__FILE__).'/libs/clearbricks'); |
|---|
| 18 | } elseif (isset($_SERVER['CLEARBRICKS_PATH']) && is_dir($_SERVER['CLEARBRICKS_PATH'])) { |
|---|
| 19 | define('CLEARBRICKS_PATH',$_SERVER['CLEARBRICKS_PATH']); |
|---|
| 20 | } |
|---|
| 21 | |
|---|
| 22 | if (!defined('CLEARBRICKS_PATH') || !is_dir(CLEARBRICKS_PATH)) { |
|---|
| 23 | exit('No clearbricks path defined'); |
|---|
| 24 | } |
|---|
| 25 | |
|---|
| 26 | require CLEARBRICKS_PATH.'/_common.php'; |
|---|
| 27 | |
|---|
| 28 | if (isset($_SERVER['DC_RC_PATH'])) { |
|---|
| 29 | define('DC_RC_PATH',$_SERVER['DC_RC_PATH']); |
|---|
| 30 | } elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) { |
|---|
| 31 | define('DC_RC_PATH',$_SERVER['REDIRECT_DC_RC_PATH']); |
|---|
| 32 | } else { |
|---|
| 33 | define('DC_RC_PATH',dirname(__FILE__).'/config.php'); |
|---|
| 34 | } |
|---|
| 35 | |
|---|
| 36 | if (!is_file(DC_RC_PATH)) { |
|---|
| 37 | trigger_error('Unable to open config file',E_USER_ERROR); |
|---|
| 38 | exit; |
|---|
| 39 | } |
|---|
| 40 | |
|---|
| 41 | require DC_RC_PATH; |
|---|
| 42 | |
|---|
| 43 | if (empty($_GET['pf'])) { |
|---|
| 44 | header('Content-Type: text/plain'); |
|---|
| 45 | http::head(404,'Not Found'); |
|---|
| 46 | exit; |
|---|
| 47 | } |
|---|
| 48 | |
|---|
| 49 | // $_GET['v'] : version in url to bypass cache in case of dotclear upgrade or in dev mode |
|---|
| 50 | // Only $_GET['pf'] and $_GET['v'] are allowed in URL |
|---|
| 51 | if (count($_GET) > 2) |
|---|
| 52 | { |
|---|
| 53 | header('Content-Type: text/plain'); |
|---|
| 54 | http::head(403,'Forbidden'); |
|---|
| 55 | exit; |
|---|
| 56 | } |
|---|
| 57 | |
|---|
| 58 | $allow_types = array('png','jpg','jpeg','gif','css','js','swf','svg'); |
|---|
| 59 | |
|---|
| 60 | $pf = path::clean($_GET['pf']); |
|---|
| 61 | |
|---|
| 62 | $paths = array_reverse(explode(PATH_SEPARATOR,DC_PLUGINS_ROOT)); |
|---|
| 63 | |
|---|
| 64 | # Adding some folders here to load some stuff |
|---|
| 65 | $paths[] = dirname(__FILE__).'/swf'; |
|---|
| 66 | $paths[] = dirname(__FILE__).'/js'; |
|---|
| 67 | $paths[] = dirname(__FILE__).'/css'; |
|---|
| 68 | |
|---|
| 69 | foreach ($paths as $m) |
|---|
| 70 | { |
|---|
| 71 | $PF = path::real($m.'/'.$pf); |
|---|
| 72 | |
|---|
| 73 | if ($PF !== false) { |
|---|
| 74 | break; |
|---|
| 75 | } |
|---|
| 76 | } |
|---|
| 77 | unset($paths); |
|---|
| 78 | |
|---|
| 79 | if ($PF === false || !is_file($PF) || !is_readable($PF)) { |
|---|
| 80 | header('Content-Type: text/plain'); |
|---|
| 81 | http::head(404,'Not Found'); |
|---|
| 82 | exit; |
|---|
| 83 | } |
|---|
| 84 | |
|---|
| 85 | if (!in_array(files::getExtension($PF),$allow_types)) { |
|---|
| 86 | header('Content-Type: text/plain'); |
|---|
| 87 | http::head(404,'Not Found'); |
|---|
| 88 | exit; |
|---|
| 89 | } |
|---|
| 90 | |
|---|
| 91 | http::$cache_max_age = 7 * 24 * 60 * 60; // One week cache for plugin's files served by ?pf=… is better than old 2 hours |
|---|
| 92 | http::cache(array_merge(array($PF),get_included_files())); |
|---|
| 93 | |
|---|
| 94 | header('Content-Type: '.files::getMimeType($PF)); |
|---|
| 95 | header('Content-Length: '.filesize($PF)); |
|---|
| 96 | readfile($PF); |
|---|
| 97 | exit; |
|---|
