| 1 | <?php |
|---|
| 2 | # -- BEGIN LICENSE BLOCK --------------------------------------- |
|---|
| 3 | # |
|---|
| 4 | # This file is part of Dotclear 2. |
|---|
| 5 | # |
|---|
| 6 | # Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear |
|---|
| 7 | # Licensed under the GPL version 2.0 license. |
|---|
| 8 | # See LICENSE file or |
|---|
| 9 | # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html |
|---|
| 10 | # |
|---|
| 11 | # -- END LICENSE BLOCK ----------------------------------------- |
|---|
| 12 | |
|---|
| 13 | # ClearBricks and DotClear classes auto-loader |
|---|
| 14 | if (@is_dir('/usr/lib/clearbricks')) { |
|---|
| 15 | define('CLEARBRICKS_PATH','/usr/lib/clearbricks'); |
|---|
| 16 | } elseif (is_dir(dirname(__FILE__).'/libs/clearbricks')) { |
|---|
| 17 | define('CLEARBRICKS_PATH',dirname(__FILE__).'/libs/clearbricks'); |
|---|
| 18 | } elseif (isset($_SERVER['CLEARBRICKS_PATH']) && is_dir($_SERVER['CLEARBRICKS_PATH'])) { |
|---|
| 19 | define('CLEARBRICKS_PATH',$_SERVER['CLEARBRICKS_PATH']); |
|---|
| 20 | } |
|---|
| 21 | |
|---|
| 22 | if (!defined('CLEARBRICKS_PATH') || !is_dir(CLEARBRICKS_PATH)) { |
|---|
| 23 | exit('No clearbricks path defined'); |
|---|
| 24 | } |
|---|
| 25 | |
|---|
| 26 | require CLEARBRICKS_PATH.'/_common.php'; |
|---|
| 27 | |
|---|
| 28 | if (isset($_SERVER['DC_RC_PATH'])) { |
|---|
| 29 | define('DC_RC_PATH',$_SERVER['DC_RC_PATH']); |
|---|
| 30 | } elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) { |
|---|
| 31 | define('DC_RC_PATH',$_SERVER['REDIRECT_DC_RC_PATH']); |
|---|
| 32 | } else { |
|---|
| 33 | define('DC_RC_PATH',dirname(__FILE__).'/config.php'); |
|---|
| 34 | } |
|---|
| 35 | |
|---|
| 36 | if (!is_file(DC_RC_PATH)) { |
|---|
| 37 | trigger_error('Unable to open config file',E_USER_ERROR); |
|---|
| 38 | exit; |
|---|
| 39 | } |
|---|
| 40 | |
|---|
| 41 | require DC_RC_PATH; |
|---|
| 42 | |
|---|
| 43 | if (empty($_GET['vf'])) { |
|---|
| 44 | header('Content-Type: text/plain'); |
|---|
| 45 | http::head(404,'Not Found'); |
|---|
| 46 | exit; |
|---|
| 47 | } |
|---|
| 48 | |
|---|
| 49 | // $_GET['v'] : version in url to bypass cache in case of dotclear upgrade or in dev mode |
|---|
| 50 | // but don't care of value |
|---|
| 51 | if (isset($_GET['v'])) |
|---|
| 52 | { |
|---|
| 53 | unset($_GET['v']); |
|---|
| 54 | } |
|---|
| 55 | |
|---|
| 56 | // Only $_GET['vf'] is allowed in URL |
|---|
| 57 | if (count($_GET) > 1) |
|---|
| 58 | { |
|---|
| 59 | header('Content-Type: text/plain'); |
|---|
| 60 | http::head(403,'Forbidden'); |
|---|
| 61 | exit; |
|---|
| 62 | } |
|---|
| 63 | |
|---|
| 64 | $allow_types = array('png','jpg','jpeg','gif','css','js','swf','svg','html','xml','json','txt'); |
|---|
| 65 | |
|---|
| 66 | $vf = path::clean($_GET['vf']); |
|---|
| 67 | $VF = path::real(DC_VAR.'/'.$vf); |
|---|
| 68 | |
|---|
| 69 | if ($VF === false || !is_file($VF) || !is_readable($VF)) { |
|---|
| 70 | header('Content-Type: text/plain'); |
|---|
| 71 | http::head(404,'Not Found'); |
|---|
| 72 | exit; |
|---|
| 73 | } |
|---|
| 74 | |
|---|
| 75 | if (!in_array(files::getExtension($VF),$allow_types)) { |
|---|
| 76 | header('Content-Type: text/plain'); |
|---|
| 77 | http::head(404,'Not Found'); |
|---|
| 78 | exit; |
|---|
| 79 | } |
|---|
| 80 | |
|---|
| 81 | http::$cache_max_age = 7 * 24 * 60 * 60; // One week cache for var files served by ?vf=… |
|---|
| 82 | http::cache(array_merge(array($VF),get_included_files())); |
|---|
| 83 | |
|---|
| 84 | header('Content-Type: '.files::getMimeType($VF)); |
|---|
| 85 | readfile($VF); |
|---|
| 86 | exit; |
|---|
