| 1 | <?php |
|---|
| 2 | /** |
|---|
| 3 | * @package Dotclear |
|---|
| 4 | * @subpackage Core |
|---|
| 5 | * |
|---|
| 6 | * @copyright Olivier Meunier & Association Dotclear |
|---|
| 7 | * @copyright GPL-2.0-only |
|---|
| 8 | */ |
|---|
| 9 | |
|---|
| 10 | if (@is_dir('/usr/lib/clearbricks')) { |
|---|
| 11 | define('CLEARBRICKS_PATH', '/usr/lib/clearbricks'); |
|---|
| 12 | } elseif (is_dir(dirname(__FILE__) . '/libs/clearbricks')) { |
|---|
| 13 | define('CLEARBRICKS_PATH', dirname(__FILE__) . '/libs/clearbricks'); |
|---|
| 14 | } elseif (isset($_SERVER['CLEARBRICKS_PATH']) && is_dir($_SERVER['CLEARBRICKS_PATH'])) { |
|---|
| 15 | define('CLEARBRICKS_PATH', $_SERVER['CLEARBRICKS_PATH']); |
|---|
| 16 | } |
|---|
| 17 | |
|---|
| 18 | if (!defined('CLEARBRICKS_PATH') || !is_dir(CLEARBRICKS_PATH)) { |
|---|
| 19 | exit('No clearbricks path defined'); |
|---|
| 20 | } |
|---|
| 21 | |
|---|
| 22 | require CLEARBRICKS_PATH . '/_common.php'; |
|---|
| 23 | |
|---|
| 24 | if (isset($_SERVER['DC_RC_PATH'])) { |
|---|
| 25 | define('DC_RC_PATH', $_SERVER['DC_RC_PATH']); |
|---|
| 26 | } elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) { |
|---|
| 27 | define('DC_RC_PATH', $_SERVER['REDIRECT_DC_RC_PATH']); |
|---|
| 28 | } else { |
|---|
| 29 | define('DC_RC_PATH', dirname(__FILE__) . '/config.php'); |
|---|
| 30 | } |
|---|
| 31 | |
|---|
| 32 | if (!is_file(DC_RC_PATH)) { |
|---|
| 33 | trigger_error('Unable to open config file', E_USER_ERROR); |
|---|
| 34 | exit; |
|---|
| 35 | } |
|---|
| 36 | |
|---|
| 37 | require DC_RC_PATH; |
|---|
| 38 | |
|---|
| 39 | if (empty($_GET['vf'])) { |
|---|
| 40 | header('Content-Type: text/plain'); |
|---|
| 41 | http::head(404, 'Not Found'); |
|---|
| 42 | exit; |
|---|
| 43 | } |
|---|
| 44 | |
|---|
| 45 | // $_GET['v'] : version in url to bypass cache in case of dotclear upgrade or in dev mode |
|---|
| 46 | // but don't care of value |
|---|
| 47 | if (isset($_GET['v'])) { |
|---|
| 48 | unset($_GET['v']); |
|---|
| 49 | } |
|---|
| 50 | |
|---|
| 51 | // Only $_GET['vf'] is allowed in URL |
|---|
| 52 | if (count($_GET) > 1) { |
|---|
| 53 | header('Content-Type: text/plain'); |
|---|
| 54 | http::head(403, 'Forbidden'); |
|---|
| 55 | exit; |
|---|
| 56 | } |
|---|
| 57 | |
|---|
| 58 | $allow_types = ['png', 'jpg', 'jpeg', 'gif', 'css', 'js', 'swf', 'svg', 'html', 'xml', 'json', 'txt']; |
|---|
| 59 | |
|---|
| 60 | $vf = path::clean($_GET['vf']); |
|---|
| 61 | $VF = path::real(DC_VAR . '/' . $vf); |
|---|
| 62 | |
|---|
| 63 | if ($VF === false || !is_file($VF) || !is_readable($VF)) { |
|---|
| 64 | header('Content-Type: text/plain'); |
|---|
| 65 | http::head(404, 'Not Found'); |
|---|
| 66 | exit; |
|---|
| 67 | } |
|---|
| 68 | |
|---|
| 69 | if (!in_array(files::getExtension($VF), $allow_types)) { |
|---|
| 70 | header('Content-Type: text/plain'); |
|---|
| 71 | http::head(404, 'Not Found'); |
|---|
| 72 | exit; |
|---|
| 73 | } |
|---|
| 74 | |
|---|
| 75 | http::$cache_max_age = 7 * 24 * 60 * 60; // One week cache for var files served by ?vf=… |
|---|
| 76 | http::cache(array_merge([$VF], get_included_files())); |
|---|
| 77 | |
|---|
| 78 | header('Content-Type: ' . files::getMimeType($VF)); |
|---|
| 79 | readfile($VF); |
|---|
| 80 | exit; |
|---|
