| 1 | <?php |
|---|
| 2 | # -- BEGIN LICENSE BLOCK --------------------------------------- |
|---|
| 3 | # |
|---|
| 4 | # This file is part of Dotclear 2. |
|---|
| 5 | # |
|---|
| 6 | # Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear |
|---|
| 7 | # Licensed under the GPL version 2.0 license. |
|---|
| 8 | # See LICENSE file or |
|---|
| 9 | # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html |
|---|
| 10 | # |
|---|
| 11 | # -- END LICENSE BLOCK ----------------------------------------- |
|---|
| 12 | |
|---|
| 13 | # ClearBricks and DotClear classes auto-loader |
|---|
| 14 | if (@is_dir('/usr/lib/clearbricks')) { |
|---|
| 15 | define('CLEARBRICKS_PATH','/usr/lib/clearbricks'); |
|---|
| 16 | } elseif (is_dir(dirname(__FILE__).'/libs/clearbricks')) { |
|---|
| 17 | define('CLEARBRICKS_PATH',dirname(__FILE__).'/libs/clearbricks'); |
|---|
| 18 | } elseif (isset($_SERVER['CLEARBRICKS_PATH']) && is_dir($_SERVER['CLEARBRICKS_PATH'])) { |
|---|
| 19 | define('CLEARBRICKS_PATH',$_SERVER['CLEARBRICKS_PATH']); |
|---|
| 20 | } |
|---|
| 21 | |
|---|
| 22 | if (!defined('CLEARBRICKS_PATH') || !is_dir(CLEARBRICKS_PATH)) { |
|---|
| 23 | exit('No clearbricks path defined'); |
|---|
| 24 | } |
|---|
| 25 | |
|---|
| 26 | require CLEARBRICKS_PATH.'/_common.php'; |
|---|
| 27 | |
|---|
| 28 | if (isset($_SERVER['DC_RC_PATH'])) { |
|---|
| 29 | define('DC_RC_PATH',$_SERVER['DC_RC_PATH']); |
|---|
| 30 | } elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) { |
|---|
| 31 | define('DC_RC_PATH',$_SERVER['REDIRECT_DC_RC_PATH']); |
|---|
| 32 | } else { |
|---|
| 33 | define('DC_RC_PATH',dirname(__FILE__).'/config.php'); |
|---|
| 34 | } |
|---|
| 35 | |
|---|
| 36 | if (!is_file(DC_RC_PATH)) { |
|---|
| 37 | trigger_error('Unable to open config file',E_USER_ERROR); |
|---|
| 38 | exit; |
|---|
| 39 | } |
|---|
| 40 | |
|---|
| 41 | require DC_RC_PATH; |
|---|
| 42 | |
|---|
| 43 | if (empty($_GET['pf'])) { |
|---|
| 44 | header('Content-Type: text/plain'); |
|---|
| 45 | http::head(404,'Not Found'); |
|---|
| 46 | exit; |
|---|
| 47 | } |
|---|
| 48 | |
|---|
| 49 | // Only $_GET['pf'] is allowed in URL |
|---|
| 50 | if (count($_GET) > 1) |
|---|
| 51 | { |
|---|
| 52 | header('Content-Type: text/plain'); |
|---|
| 53 | http::head(403,'Forbidden'); |
|---|
| 54 | exit; |
|---|
| 55 | } |
|---|
| 56 | |
|---|
| 57 | $allow_types = array('png','jpg','jpeg','gif','css','js','swf'); |
|---|
| 58 | |
|---|
| 59 | $pf = path::clean($_GET['pf']); |
|---|
| 60 | |
|---|
| 61 | $paths = array_reverse(explode(PATH_SEPARATOR,DC_PLUGINS_ROOT)); |
|---|
| 62 | |
|---|
| 63 | # Adding admin/res folder here to load some stuff |
|---|
| 64 | $paths[] = dirname(__FILE__).'/swf'; |
|---|
| 65 | |
|---|
| 66 | foreach ($paths as $m) |
|---|
| 67 | { |
|---|
| 68 | $PF = path::real($m.'/'.$pf); |
|---|
| 69 | |
|---|
| 70 | if ($PF !== false) { |
|---|
| 71 | break; |
|---|
| 72 | } |
|---|
| 73 | } |
|---|
| 74 | unset($paths); |
|---|
| 75 | |
|---|
| 76 | if ($PF === false || !is_file($PF) || !is_readable($PF)) { |
|---|
| 77 | header('Content-Type: text/plain'); |
|---|
| 78 | http::head(404,'Not Found'); |
|---|
| 79 | exit; |
|---|
| 80 | } |
|---|
| 81 | |
|---|
| 82 | if (!in_array(files::getExtension($PF),$allow_types)) { |
|---|
| 83 | header('Content-Type: text/plain'); |
|---|
| 84 | http::head(404,'Not Found'); |
|---|
| 85 | exit; |
|---|
| 86 | } |
|---|
| 87 | |
|---|
| 88 | http::$cache_max_age = 7200; |
|---|
| 89 | http::cache(array_merge(array($PF),get_included_files())); |
|---|
| 90 | |
|---|
| 91 | header('Content-Type: '.files::getMimeType($PF)); |
|---|
| 92 | header('Content-Length: '.filesize($PF)); |
|---|
| 93 | readfile($PF); |
|---|
| 94 | exit; |
|---|
| 95 | ?> |
|---|
