XOOPS  2.6.0
browse.php
Go to the documentation of this file.
1 <?php
2 /*
3  You may not change or alter any portion of this comment or credits
4  of supporting developers from this source code or any supporting source code
5  which is considered copyrighted (c) material of the original comment or credit authors.
6 
7  This program is distributed in the hope that it will be useful,
8  but WITHOUT ANY WARRANTY; without even the implied warranty of
9  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 */
11 
22 $xoopsOption['nocommon'] = true;
23 require_once __DIR__ . '/mainfile.php';
24 
25 //error_reporting(0);
26 
27 //require_once XOOPS_ROOT_PATH . '/class/xoopsload.php';
28 
30 //$xoops->pathTranslation(); // alread run in Xoops __construct
31 
32 // Fetch path from query string if path is not set, i.e. through a direct request
33 if (!isset($path)) {
34  if (!empty($_SERVER['QUERY_STRING'])) {
35  $path = $_SERVER['QUERY_STRING'];
36  $path = (substr($path, 0, 1) == '/') ? substr($path, 1) : $path;
37  } else {
38  header("HTTP/1.0 404 Not Found");
39  exit();
40  }
41 }
42 
43 $path_type = substr($path, 0, strpos($path, '/'));
44 if (!isset($xoops->paths[$path_type])) {
45  $path = "XOOPS/" . $path;
46  $path_type = "XOOPS";
47 }
48 
49 //We are not allowing output of xoops_data
50 if ($path_type == 'var') {
51  header("HTTP/1.0 404 Not Found");
52  exit();
53 }
54 
55 $file = realpath($xoops->path($path));
56 $dir = realpath($xoops->paths[$path_type][0]);
57 
58 //We are not allowing directory traversal either
59 if ($file===false || $dir===false || !strstr($file, $dir)) {
60  header("HTTP/1.0 404 Not Found");
61  exit();
62 }
63 
64 //We can't output empty files and php files do not output
65 if (empty($file) || strpos($file, '.php') !== false) {
66  header("HTTP/1.0 404 Not Found");
67  exit();
68 }
69 
70 //$file = $xoops->path($path);
71 $mtime = filemtime($file);
72 
73 // Is there really a file to output?
74 if ($mtime === false) {
75  header("HTTP/1.0 404 Not Found");
76  exit();
77 }
78 
79 if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
80  if (strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $mtime) {
81  header('HTTP/1.0 304 Not Modified');
82  exit;
83  }
84 }
85 
86 $path_parts = pathinfo($file);
87 $ext = (isset($path_parts['extension'])) ? $path_parts['extension'] : '';
88 $mimetype = \Xoops\Core\MimeTypes::findType($ext);
89 //Do not output garbage
90 if (empty($mimetype)) {
91  header("HTTP/1.0 404 Not Found");
92  exit();
93 }
94 
95 // Output now
96 // seconds, minutes, hours, days
97 $expires = 60*60*24*15;
98 //header("Pragma: public");
99 header("Cache-Control: public, max-age=" . $expires);
100 header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $expires) . ' GMT');
101 header('Last-Modified: ' . gmdate('D, d M Y H:i:s T', $mtime));
102 header('Content-type: ' . $mimetype);
103 readfile($file);
$xoops
Definition: browse.php:29
$path
Definition: execute.php:31
if(!isset($path)) $path_type
Definition: browse.php:43
static getInstance()
Definition: Xoops.php:160
if(!isset($xoops->paths[$path_type])) if($path_type== 'var') $file
Definition: browse.php:55
$_SERVER['REQUEST_URI']
if(empty($mimetype)) $expires
Definition: browse.php:97
if($mtime===false) if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) $path_parts
Definition: browse.php:86
$xoopsOption['nocommon']
Definition: browse.php:22
exit
Definition: browse.php:104
$mimetype
Definition: browse.php:88
$ext
Definition: browse.php:87
$dir
Definition: browse.php:56
if($file===false||$dir===false||!strstr($file, $dir)) if(empty($file)||strpos($file, '.php')!==false) $mtime
Definition: browse.php:71