XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
browse.php
Go to the documentation of this file.
1 <?php
20 defined('DS') or define('DS', DIRECTORY_SEPARATOR);
21 defined('NWLINE')or define('NWLINE', "\n");
22 
23 $xoopsOption['nocommon'] = true;
24 require_once dirname(__FILE__) . DS . 'mainfile.php';
25 
26 error_reporting(0);
27 
28 include_once XOOPS_ROOT_PATH . DS . 'include' . DS .'defines.php';
29 include_once XOOPS_ROOT_PATH . DS . 'include' . DS . 'version.php';
30 require_once XOOPS_ROOT_PATH . DS . 'class' . DS . 'xoopsload.php';
31 
32 XoopsLoad::load('xoopskernel');
33 $xoops = new xos_kernel_Xoops2();
34 $xoops->pathTranslation();
35 
36 // Fetch path from query string if path is not set, i.e. through a direct request
37 if (!isset($path) && !empty($_SERVER['QUERY_STRING'])) {
38  $path = $_SERVER['QUERY_STRING'];
39  $path = (substr($path, 0, 1) == '/') ? substr($path, 1) : $path;
40  $path_type = substr($path, 0, strpos($path, '/'));
41  if (!isset($xoops->paths[$path_type])) {
42  $path = "XOOPS/" . $path;
43  $path_type = "XOOPS";
44  }
45 }
46 
47 //We are not allowing output of xoops_data
48 if ($path_type == 'var') {
49  header("HTTP/1.0 404 Not Found");
50  exit();
51 }
52 
53 $file = realpath($xoops->path($path));
54 $dir = realpath($xoops->paths[$path_type][0]);
55 
56 //We are not allowing directory travessal either
57 if (!strstr($file, $dir)) {
58  header("HTTP/1.0 404 Not Found");
59  exit();
60 }
61 
62 //We can't output empty files and php files do not output
63 if (empty($file) || strpos($file, '.php' ) !== false) {
64  header("HTTP/1.0 404 Not Found");
65  exit();
66 }
67 
68 $file = $xoops->path($path);
69 // Is there really a file to output?
70 if (!file_exists($file)) {
71  header("HTTP/1.0 404 Not Found");
72  exit();
73 }
74 
75 $ext = substr($file, strrpos($file, '.') + 1);
76 $types = include $xoops->path('include/mimetypes.inc.php');
77 //$content_type = isset($types[$ext]) ? $types[$ext] : 'text/plain';
78 //Do not output garbage
79 if (!isset($types[$ext])) {
80  header("HTTP/1.0 404 Not Found");
81  exit();
82 }
83 
84 //Output now
85 // seconds, minutes, hours, days
86 $expires = 60*60*24*15;
87 header("Pragma: public");
88 header("Cache-Control: maxage=" . $expires);
89 header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $expires) . ' GMT');
90 header('Content-type: ' . $types[$ext]);
91 $handle = fopen($file, "rb");
92 while (!feof($handle)) {
93  $buffer = fread($handle, 4096);
94  echo $buffer;
95 }
96 fclose($handle);
97 ?>