function of_sanitize_upload($input)
{
$output = '';
$filetype = nxt_check_filetype($input);
if ($filetype["ext"]) {
$output = $input;
}
return $output;
}
/**
* Attempt to determine the real file type of a file.
* If unable to, the file name extension will be used to determine type.
*
* If it's determined that the extension does not match the file's real type,
* then the "proper_filename" value will be set with a proper filename and extension.
*
* Currently this function only supports validating images known to getimagesize().
*
* @since 3.0.0
*
* @param string $file Full path to the image.
* @param string $filename The filename of the image (may differ from $file due to $file being in a tmp directory)
* @param array $mimes Optional. Key is the file extension with value as the mime type.
* @return array Values for the extension, MIME, and either a corrected filename or false if original $filename is valid
*/
function nxt_check_filetype_and_ext($file, $filename, $mimes = null)
{
$proper_filename = false;
// Do basic extension validation and MIME mapping
$nxt_filetype = nxt_check_filetype($filename, $mimes);
extract($nxt_filetype);
// We can't do any further validation without a file to work with
if (!file_exists($file)) {
return compact('ext', 'type', 'proper_filename');
}
// We're able to validate images using GD
if ($type && 0 === strpos($type, 'image/') && function_exists('getimagesize')) {
// Attempt to figure out what type of image it actually is
$imgstats = @getimagesize($file);
// If getimagesize() knows what kind of image it really is and if the real MIME doesn't match the claimed MIME
if (!empty($imgstats['mime']) && $imgstats['mime'] != $type) {
// This is a simplified array of MIMEs that getimagesize() can detect and their extensions
// You shouldn't need to use this filter, but it's here just in case
$mime_to_ext = apply_filters('getimagesize_mimes_to_exts', array('image/jpeg' => 'jpg', 'image/png' => 'png', 'image/gif' => 'gif', 'image/bmp' => 'bmp', 'image/tiff' => 'tif'));
// Replace whatever is after the last period in the filename with the correct extension
if (!empty($mime_to_ext[$imgstats['mime']])) {
$filename_parts = explode('.', $filename);
array_pop($filename_parts);
$filename_parts[] = $mime_to_ext[$imgstats['mime']];
$new_filename = implode('.', $filename_parts);
if ($new_filename != $filename) {
$proper_filename = $new_filename;
}
// Mark that it changed
// Redefine the extension / MIME
$nxt_filetype = nxt_check_filetype($new_filename, $mimes);
extract($nxt_filetype);
}
}
}
// Let plugins try and validate other types of files
// Should return an array in the style of array( 'ext' => $ext, 'type' => $type, 'proper_filename' => $proper_filename )
return apply_filters('nxt_check_filetype_and_ext', compact('ext', 'type', 'proper_filename'), $file, $filename, $mimes);
}
function show_noaccess_image($nxt_query)
{
$locale = apply_filters('membership_locale', get_locale());
if (file_exists(membership_dir("membershipincludes/images/noaccess/noaccess-{$locale}.png"))) {
$file = membership_dir("membershipincludes/images/noaccess/noaccess-{$locale}.png");
$trueurl = membership_url("membershipincludes/images/noaccess/noaccess-{$locale}.png");
} elseif (file_exists(membership_dir("membershipincludes/images/noaccess/noaccess.png"))) {
$file = membership_dir("membershipincludes/images/noaccess/noaccess.png");
$trueurl = membership_url("membershipincludes/images/noaccess/noaccess.png");
}
if (!empty($file)) {
if (!is_file($file)) {
status_header(404);
die('404 — File not found.');
}
$mime = nxt_check_filetype($file);
if (false === $mime['type'] && function_exists('mime_content_type')) {
$mime['type'] = mime_content_type($file);
}
if ($mime['type']) {
$mimetype = $mime['type'];
} else {
$mimetype = 'image/' . substr($trueurl, strrpos($trueurl, '.') + 1);
}
header('Content-type: ' . $mimetype);
// always send this
if (false === strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS')) {
header('Content-Length: ' . filesize($file));
}
$last_modified = gmdate('D, d M Y H:i:s', filemtime($file));
$etag = '"' . md5($last_modified) . '"';
header("Last-Modified: {$last_modified} GMT");
header('ETag: ' . $etag);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 100000000) . ' GMT');
// Support for Conditional GET
$client_etag = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) : false;
if (!isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
}
$client_last_modified = trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);
// If string is empty, return 0. If not, attempt to parse into a timestamp
$client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0;
// Make a timestamp for our most recent modification...
$modified_timestamp = strtotime($last_modified);
if ($client_last_modified && $client_etag ? $client_modified_timestamp >= $modified_timestamp && $client_etag == $etag : $client_modified_timestamp >= $modified_timestamp || $client_etag == $etag) {
status_header(304);
exit;
}
// If we made it this far, just serve the file
readfile($file);
}
}
require_once dirname(dirname(__FILE__)) . '/nxt-load.php';
if (!is_multisite()) {
die('Multisite support not enabled');
}
ms_file_constants();
error_reporting(0);
if ($current_blog->archived == '1' || $current_blog->spam == '1' || $current_blog->deleted == '1') {
status_header(404);
die('404 — File not found.');
}
$file = rtrim(BLOGUPLOADDIR, '/') . '/' . str_replace('..', '', $_GET['file']);
if (!is_file($file)) {
status_header(404);
die('404 — File not found.');
}
$mime = nxt_check_filetype($file);
if (false === $mime['type'] && function_exists('mime_content_type')) {
$mime['type'] = mime_content_type($file);
}
if ($mime['type']) {
$mimetype = $mime['type'];
} else {
$mimetype = 'image/' . substr($file, strrpos($file, '.') + 1);
}
header('Content-Type: ' . $mimetype);
// always send this
if (false === strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS')) {
header('Content-Length: ' . filesize($file));
}
// Optional support for X-Sendfile and X-Accel-Redirect
if (nxtMU_ACCEL_REDIRECT) {
/**
* If fetching attachments is enabled then attempt to create a new attachment
*
* @param array $post Attachment post details from WXR
* @param string $url URL to fetch attachment from
* @return int|nxt_Error Post ID on success, nxt_Error otherwise
*/
function process_attachment($post, $url)
{
if (!$this->fetch_attachments) {
return new nxt_Error('attachment_processing_error', __('Fetching attachments is not enabled', 'nxtclass-importer'));
}
// if the URL is absolute, but does not contain address, then upload it assuming base_site_url
if (preg_match('|^/[\\w\\W]+$|', $url)) {
$url = rtrim($this->base_url, '/') . $url;
}
$upload = $this->fetch_remote_file($url, $post);
if (is_nxt_error($upload)) {
return $upload;
}
if ($info = nxt_check_filetype($upload['file'])) {
$post['post_mime_type'] = $info['type'];
} else {
return new nxt_Error('attachment_processing_error', __('Invalid file type', 'nxtclass-importer'));
}
$post['guid'] = $upload['url'];
// as per nxt-admin/includes/upload.php
$post_id = nxt_insert_attachment($post, $upload['file']);
nxt_update_attachment_metadata($post_id, nxt_generate_attachment_metadata($post_id, $upload['file']));
// remap resized image URLs, works by stripping the extension and remapping the URL stub.
if (preg_match('!^image/!', $info['type'])) {
$parts = pathinfo($url);
$name = basename($parts['basename'], ".{$parts['extension']}");
// PATHINFO_FILENAME in PHP 5.2
$parts_new = pathinfo($upload['url']);
$name_new = basename($parts_new['basename'], ".{$parts_new['extension']}");
$this->url_remap[$parts['dirname'] . '/' . $name] = $parts_new['dirname'] . '/' . $name_new;
}
return $post_id;
}
