aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--action.php160
-rw-r--r--include/functions_picture.inc.php222
-rw-r--r--picture.php71
3 files changed, 349 insertions, 104 deletions
diff --git a/action.php b/action.php
index 7e853ed44..6b21b0fa1 100644
--- a/action.php
+++ b/action.php
@@ -31,69 +31,127 @@ include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
// Check Access and exit when user status is not ok
check_status(ACCESS_GUEST);
-function force_download ($filename)
+function guess_mime_type($ext)
{
-//TODO : messages in "lang"
- if (!url_is_remote($filename))
+ switch ( strtolower($ext) )
{
- $filename = realpath($filename);
- if (!file_exists($filename))
- {
- die("NO FILE HERE");
- }
- $file_size = @filesize($filename);
- }
- else
- {
- $file_size = 0;
+ case "jpe": case "jpeg":
+ case "jpg": $ctype="image/jpeg"; break;
+ case "png": $ctype="image/png"; break;
+ case "gif": $ctype="image/gif"; break;
+ case "tiff":
+ case "tif": $ctype="image/tiff"; break;
+ case "txt": $ctype="text/plain"; break;
+ case "html":
+ case "htm": $ctype="text/html"; break;
+ case "xml": $ctype="text/xml"; break;
+ case "pdf": $ctype="application/pdf"; break;
+ case "zip": $ctype="application/zip"; break;
+ case "ogg": $ctype="application/ogg"; break;
+ default: $ctype="application/octet-stream";
}
+ return $ctype;
+}
- $file_extension = strtolower(substr(strrchr($filename,"."),1));
-
- switch ($file_extension) {
- case "jpe": case "jpeg":
- case "jpg": $ctype="image/jpg"; break;
- case "png": $ctype="image/png"; break;
- case "gif": $ctype="image/gif"; break;
- case "pdf": $ctype="application/pdf"; break;
- case "zip": $ctype="application/zip"; break;
- case "php":
- // never allow download of php scripts to protect our conf files
- die('Hacking attempt!'); break;
- default: $ctype="application/octet-stream";
- }
+function do_error( $code, $str )
+{
+ header("HTTP/1.1 $code ");
+ header("Status: $code ");
+ echo $str ;
+ exit();
+}
+
+
+if ( !isset($_GET['id']) or !is_numeric($_GET['id'])
+ or !isset($_GET['part'])
+ or !in_array($_GET['part'], array('t','e','i','h') ) )
+{
+ do_error(400, 'Invalid request - id/part');
+}
+
+$id = $_GET['id'];
+$query = '
+SELECT * FROM '. IMAGES_TABLE.'
+ WHERE id='.$id.'
+;';
+
+$result = pwg_query($query);
+$element_info = mysql_fetch_assoc($result);
+if ( empty($element_info) )
+{
+ do_error(404, 'Requested id not found');
+}
+
+// TODO - check permissions
+
+include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
+$file='';
+switch ($_GET['part'])
+{
+ case 't':
+ $file = get_thumbnail_path($element_info);
+ break;
+ case 'e':
+ $file = get_element_path($element_info);
+ break;
+ case 'i':
+ $file = get_image_path($element_info);
+ break;
+ case 'h':
+ $file = get_high_path($element_info);
+ break;
+}
+
+if ( empty($file) )
+{
+ do_error(404, 'Requested file not found');
+}
+
+$http_headers = array();
- header("Pragma: public");
- header("Expires: 0");
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
- header("Cache-Control: private",false);
- header("Content-Type: $ctype");
- header("Content-Disposition: attachment; filename=\""
- .basename($filename)."\";");
- header("Content-Transfer-Encoding: binary");
- if (isset($file_size) and ($file_size != 0))
+$ctype = null;
+if (!url_is_remote($file))
+{
+ if ( !@is_readable($file) )
{
- header("Content-Length: ".@filesize($filename));
+ do_error(404, "Requested file not found - $file");
}
-
- // Looking at the safe_mode configuration for execution time
- if (ini_get('safe_mode') == 0)
+ $http_headers[] = 'Content-Length: '.@filesize($file);
+ if ( function_exists('mime_content_type') )
{
- @set_time_limit(0);
+ $ctype = mime_content_type($file);
}
+}
+if (!isset($ctype))
+{ // give it a guess
+ $ctype = guess_mime_type( get_extension($file) );
+}
- @readfile("$filename") or die("File not found.");
+$http_headers[] = 'Content-Type: '.$ctype;
+
+if (!isset($_GET['view']))
+{
+ $http_headers[] = 'Content-Disposition: attachment; filename="'
+ .basename($file).'";';
+ $http_headers[] = 'Content-Transfer-Encoding: binary';
}
+$http_headers[] = 'Pragma: public';
+$http_headers[] = 'Expires: 0';
+$http_headers[] = 'Cache-Control: must-revalidate, post-check=0, pre-check=0';
-//--------------------------------------------------------- download big picture
-if ( isset( $_GET['dwn'] ) )
+
+foreach ($http_headers as $header)
{
-//TODO : verify the path begins with something in galleries_url and that user has access rights to the picture
-// in order to avoid hacking atempts by forged url
- if (preg_match('/\.\./',$_GET['dwn'])) {
- die('Hacking attempt!');
- }
- force_download($_GET['dwn']);
+ header( $header );
}
+header("Cache-Control: private",false); //???
+
+// Looking at the safe_mode configuration for execution time
+if (ini_get('safe_mode') == 0)
+{
+ @set_time_limit(0);
+}
+
+@readfile($file);
-?>
+?> \ No newline at end of file
diff --git a/include/functions_picture.inc.php b/include/functions_picture.inc.php
new file mode 100644
index 000000000..572ef8207
--- /dev/null
+++ b/include/functions_picture.inc.php
@@ -0,0 +1,222 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery |
+// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch : BSF (Best So Far)
+// | file : $RCSfile$
+// | last update : $Date$
+// | last modifier : $Author$
+// | revision : $Revision$
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU General Public License as published by |
+// | the Free Software Foundation |
+// | |
+// | This program is distributed in the hope that it will be useful, but |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
+// | General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA. |
+// +-----------------------------------------------------------------------+
+
+/**
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path' should be present
+ */
+function get_element_path($element_info)
+{
+ $path = get_element_location($element_info);
+ if ( !url_is_remote($path) )
+ {
+ $path = PHPWG_ROOT_PATH.$path;
+ }
+ return $path;
+}
+
+/*
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path' should be present
+ */
+function get_element_url($element_info)
+{
+ $url = get_element_location($element_info);
+ if ( !url_is_remote($url) )
+ {
+ $url = get_root_url().$url;
+ }
+ // plugins want another url ?
+ return trigger_event('get_element_url', $url, $element_info);
+}
+
+/**
+ * Returns the relative path of the element with regards to to the root
+ * of PWG (not the current page). This function is not intended to be
+ * called directly from code.
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path' should be present
+ */
+function get_element_location($element_info)
+{
+ // maybe a cached watermark ?
+ return trigger_event('get_element_location',
+ $element_info['path'], $element_info);
+}
+
+
+/**
+ * Returns the PATH to the image to be displayed in the picture page. If the
+ * element is not a picture, then the representative image or the default
+ * mime image. The path can be used in the php script, but not sent to the
+ * browser.
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path', 'representative_ext' should be present
+ */
+function get_image_path($element_info)
+{
+ global $conf;
+ $ext = get_extension($element_info['path']);
+ if (in_array($ext, $conf['picture_ext']))
+ {
+ if (isset($element_info['element_path']) )
+ {
+ return $element_info['element_path'];
+ }
+ return get_element_path($element_info);
+ }
+
+ $path = get_image_location($element_info);
+ if ( !url_is_remote($path) )
+ {
+ $path = PHPWG_ROOT_PATH.$path;
+ }
+ return $path;
+}
+
+/**
+ * Returns the URL of the image to be displayed in the picture page. If the
+ * element is not a picture, then the representative image or the default
+ * mime image. The URL can't be used in the php script, but can be sent to the
+ * browser.
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path', 'representative_ext' should be present
+ */
+function get_image_url($element_info)
+{
+ global $conf;
+ $ext = get_extension($element_info['path']);
+ if (in_array($ext, $conf['picture_ext']))
+ {
+ if (isset($element_info['element_url']) )
+ {
+ return $element_info['element_url'];
+ }
+ return get_element_url($element_info);
+ }
+
+ $url = get_image_location($element_info);
+ if ( !url_is_remote($url) )
+ {
+ $url = get_root_url().$url;
+ }
+ return $url;
+}
+
+/**
+ * Returns the relative path of the image (element/representative/mimetype)
+ * with regards to the root of PWG (not the current page). This function
+ * is not intended to be called directly from code.
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path', 'representative_ext' should be present
+ */
+function get_image_location($element_info)
+{
+ if (isset($element_info['representative_ext'])
+ and $element_info['representative_ext'] != '')
+ {
+ $pi = pathinfo($element_info['path']);
+ $file_wo_ext = get_filename_wo_extension($pi['basename']);
+ $path =
+ $pi['dirname'].'/pwg_representative/'
+ .$file_wo_ext.'.'.$element_info['representative_ext'];
+ }
+ else
+ {
+ $ext = get_extension($element_info['path']);
+ $path = get_themeconf('mime_icon_dir');
+ $path.= strtolower($ext).'.png';
+ }
+
+ // plugins want another location ?
+ return trigger_event( 'get_image_location', $path, $element_info);
+}
+
+
+/*
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path', 'has_high' should be present
+ */
+function get_high_path($element_info)
+{
+ $path = get_high_location($element_info);
+ if (!empty($path) and !url_is_remote($path) )
+ {
+ $path = PHPWG_ROOT_PATH.$path;
+ }
+ return $path;
+}
+
+/**
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path', 'has_high' should be present
+ */
+function get_high_url($element_info)
+{
+ $url = get_high_location($element_info);
+ if (!empty($url) and !url_is_remote($url) )
+ {
+ $url = get_root_url().$url;
+ }
+ // plugins want another url ?
+ return trigger_event('get_high_url', $url, $element_info);
+}
+
+/**
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path', 'has_high' should be present
+ */
+function get_high_location($element_info)
+{
+ $location = '';
+ if ($element_info['has_high'] == 'true')
+ {
+ $pi = pathinfo($element_info['path']);
+ $location=$pi['dirname'].'/pwg_high/'.$pi['basename'];
+ }
+ return trigger_event( 'get_high_location', $location, $element_info);
+}
+
+
+/**
+ * @param what_part string one of 't' (thumbnail), 'e' (element), 'i' (image),
+ * 'h' (high resolution image)
+ * @param element_info array containing element information from db;
+ * at least 'id', 'path' should be present
+ */
+function get_download_url($what_part, $element_info)
+{
+ $url = get_root_url().'action.php';
+ $url = add_url_params($url,
+ array(
+ 'id' => $element_info['id'],
+ 'part' => $what_part,
+ )
+ );
+ return trigger_event( 'get_download_url', $url, $element_info);
+}
+
+?> \ No newline at end of file
diff --git a/picture.php b/picture.php
index dd7ffa3ae..be5971a6a 100644
--- a/picture.php
+++ b/picture.php
@@ -28,6 +28,7 @@
define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
+include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
// Check Access and exit when user status is not ok
check_status(ACCESS_GUEST);
@@ -310,67 +311,34 @@ while ($row = mysql_fetch_assoc($result))
$picture[$i]['is_picture'] = true;
}
- $cat_directory = dirname($row['path']);
- $file_wo_ext = get_filename_wo_extension($row['file']);
-
// ------ build element_path and element_url
- $picture[$i]['element_url'] = $row['path'];
- if ( ! url_is_remote($row['path']) )
+ $picture[$i]['element_path'] = get_element_path($picture[$i]);
+ $picture[$i]['element_url'] = get_element_url($picture[$i]);
+
+ // ------ build image_path and image_url
+ if ($i=='current' or $i=='next')
{
- $picture[$i]['element_url'] = get_root_url().$row['path'];
+ $picture[$i]['image_path'] = get_image_path( $picture[$i] );
+ $picture[$i]['image_url'] = get_image_url( $picture[$i] );
}
- // ------ build image_path and image_url
- if ($picture[$i]['is_picture'])
+ if ($i=='current')
{
- $picture[$i]['image_path'] = $row['path'];
- // if we are working on the "current" element, we search if there is a
- // high quality picture
- if ($i == 'current')
+ if ( $picture[$i]['is_picture'] )
{
- if (($row['has_high'] == 'true') and ($user['enabled_high'] == 'true'))
+ if ( $user['enabled_high']=='true' )
{
- $url_high=$cat_directory.'/pwg_high/'.$row['file'];
- $picture[$i]['high_url'] = $picture[$i]['high_path'] = $url_high;
- if ( ! url_is_remote($picture[$i]['high_path']) )
+ $hi_url=get_high_url($picture[$i]);
+ if ( !empty($hi_url) )
{
- $picture[$i]['high_url'] = get_root_url().$picture[$i]['high_path'];
+ $picture[$i]['high_url'] = $hi_url;
+ $picture[$i]['download_url'] = get_download_url('h',$picture[$i]);
}
}
}
- }
- else
- {// not a picture
- if (isset($row['representative_ext']) and $row['representative_ext']!='')
- {
- $picture[$i]['image_path'] =
- $cat_directory.'/pwg_representative/'
- .$file_wo_ext.'.'.$row['representative_ext'];
- }
else
- {
- $picture[$i]['image_path'] =
- get_themeconf('mime_icon_dir')
- .strtolower(get_extension($row['file'])).'.png';
- }
- }
-
- $picture[$i]['image_url'] = $picture[$i]['image_path'];
- if ( ! url_is_remote($picture[$i]['image_path']) )
- {
- $picture[$i]['image_url'] = get_root_url().$picture[$i]['image_path'];
- }
-
- if (!$picture[$i]['is_picture'])
- {// if picture is not a file, we need the download link
- $picture[$i]['download_url'] = $picture[$i]['element_url'];
- }
- else
- {// if picture is a file with high, we put the download link
- if ( isset($picture[$i]['high_path']) )
- {
- $picture[$i]['download_url'] = get_root_url().'action.php?dwn='
- .$picture[$i]['high_path'];
+ { // not a pic - need download link
+ $picture[$i]['download_url'] = get_download_url('e',$picture[$i]);
}
}
@@ -382,6 +350,7 @@ while ($row = mysql_fetch_assoc($result))
}
else
{
+ $file_wo_ext = get_filename_wo_extension($row['file']);
$picture[$i]['name'] = str_replace('_', ' ', $file_wo_ext);
}
@@ -427,10 +396,6 @@ if (!empty($picture['current']['width']))
);
}
-// now give an opportunity to the filters to alter element_url,
-// image_url, high_url and download_url
-$picture = trigger_event('picture_navigation', $picture);
-
$url_admin =
get_root_url().'admin.php?page=picture_modify'
.'&amp;cat_id='.(isset($page['category']) ? $page['category'] : '')