function get_image()
{
$mime = get_mimetype($this->path);
viscacha_header('Content-Type: ' . $mime['mime']);
readfile($this->path);
exit;
}
function kfmFile()
{
global $kfm;
if (func_num_args() == 1) {
$this->id = (int) func_get_arg(0);
parent::kfmObject();
$filedata = db_fetch_row("SELECT id,name,directory FROM " . KFM_DB_PREFIX . "files WHERE id=" . $this->id);
$this->name = $filedata['name'];
$this->parent = $filedata['directory'];
$dir = kfmDirectory::getInstance($this->parent);
$this->directory = $dir->path;
$this->path = $dir->path . '/' . $filedata['name'];
if (!$this->exists()) {
// $this->error(kfm_lang('File cannot be found')); // removed because it is causing false errors
$this->delete();
return false;
}
$this->writable = $this->isWritable();
$this->ctime = filemtime($this->path) + $GLOBALS['kfm_server_hours_offset'] * 3600;
$this->modified = strftime($kfm->setting('date_format') . ' ' . $kfm->setting('time_format'), filemtime($this->path));
$mimetype = get_mimetype($this->path);
$pos = strpos($mimetype, ';');
$this->mimetype = $pos === false ? $mimetype : substr($mimetype, 0, $pos);
$this->type = trim(substr(strstr($this->mimetype, '/'), 1));
}
}
function get_file($file, $rev = "")
{
global $TPL;
$f = realpath(wiki_module::get_wiki_path() . $file);
if (path_under_path(dirname($f), wiki_module::get_wiki_path())) {
$mt = get_mimetype($f);
if (strtolower($mt) != "text/plain") {
$s = "<h6>Download File</h6>";
$s .= "<a href='" . $TPL["url_alloc_fileDownload"] . "file=" . urlencode($file) . "'>" . $file . "</a>";
$TPL["str_html"] = $s;
include_template("templates/fileGetM.tpl");
exit;
}
// Get the regular revision ...
$disk_file = file_get_contents($f) or $disk_file = "";
$vcs = vcs::get();
//$vcs->debug = true;
// Get a particular revision
if ($vcs) {
$vcs_file = $vcs->cat($f, $rev);
}
if ($vcs && wiki_module::nuke_trailing_spaces_from_all_lines($disk_file) != wiki_module::nuke_trailing_spaces_from_all_lines($vcs_file)) {
if (!$vcs_file) {
$TPL["msg"] = "<div class='message warn noprint' style='margin-top:0px; margin-bottom:10px; padding:10px;'>\n Warning: This file may not be under version control.\n </div>";
} else {
$TPL["msg"] = "<div class='message warn noprint' style='margin-top:0px; margin-bottom:10px; padding:10px;'>\n Warning: This file may not be the latest version.\n </div>";
}
}
if ($rev && $vcs_file) {
$TPL["str"] = $vcs_file;
} else {
$TPL["str"] = $disk_file;
}
$wikiMarkup = config::get_config_item("wikiMarkup");
$TPL["str_html"] = $wikiMarkup($TPL["str"]);
$TPL["rev"] = urlencode($rev);
include_template("templates/fileGetM.tpl");
}
}
/** the designated file is sent to the visitor
*
* This transmits the file {$CFG->datadir}$file from
* the data directory to the visitor's browser, suggesting
* the name $name. The file is transmitted in chunks
* (see {@link readfile_chunked()}).
*
* Several different variations are possible.
*
* - by specifying a Time To Live of 0 seconds, this routine
* tries hard to defeat any caching by proxies
*
* - if the download flag is TRUE, this routine tries to
* prevent the visitor's browser to render the file in-line
* suggesting downloading instead
*
* Quirks
*
* - There appears to be a problem with Internet Explorer and https://
* and caching which requires a specific workaround. We simply check
* for 'https:' or 'http'.
*
* - Adobe Acrobat Reader has a bad track record of infecting
* user's computers with malware when PDF's are rendered in-line.
* Therefore we force download for that kind of files.
*
* - It is not easy to determine the exact mime type of files
* without resorting to a complex shadow-filesystem or a metadata
* table in the database. Therefore we 'guess' the mime type, either
* based on the information provided by the fileinfo PHP-module, or
* simply based on the extension of $file (which is not very reliable,
* but we have to do _something_). See {@link get_mimetype()} for details.
*
* @param string $file name of the file to send relative to $CFG->datadir
* @param string $name filename to suggest to the visitor/visitor's browser
* @param string $mimetype the mime type of the file; if not specified we use an educated guess
* @param int $ttl time to live (aka maximum age) in seconds, 0 implies file is not cacheable
* @param bool $download if TRUE we try to force a download
* @uses get_mimetype()
*/
function send_file_from_datadir($file, $name, $mimetype = '', $ttl = 86400, $download = FALSE)
{
global $CFG;
$path = $CFG->datadir . $file;
$mtime = filemtime($path);
$fsize = filesize($path);
if (empty($mimetype)) {
$mimetype = get_mimetype($path);
}
// Try to prevent inline rendering of PDF because of bugs in Adobe Reader
$ext = strtolower(pathinfo($path, PATHINFO_EXTENSION));
if ($mimetype == 'application/pdf' || $ext == 'pdf') {
$download = TRUE;
$ttl = 0;
}
$headers = array();
$headers['Last-Modified'] = rfc1123date($mtime);
$headers['Content-Disposition'] = sprintf('%s; filename=%s', $download ? 'attachment' : 'inline', urlencode($name));
$headers['Content-Type'] = $mimetype;
$headers['Content-Length'] = $fsize;
$headers['Accept-Ranges'] = 'none';
if ($ttl > 0) {
$headers['Cache-Control'] = sprintf('max-age=%d', $ttl);
$headers['Expires'] = rfc1123date(time() + $ttl);
$headers['Pragma'] = '';
} else {
if (strtolower(substr($CFG->www, 0, 6)) == 'https:') {
$ttl = 10;
$headers['Cache-Control'] = sprintf('max-age=%d', $ttl);
$headers['Expires'] = rfc1123date(time() - 86400);
// 24h in the past
$headers['Pragma'] = '';
} else {
$headers['Cache-Control'] = 'private, must-revalidate, max-age=0';
$headers['Expires'] = rfc1123date(time() - 86400);
// 24h in the past
$headers['Pragma'] = 'no-cache';
}
}
foreach ($headers as $k => $v) {
@header(trim($k . ': ' . $v));
}
$bytes = readfile_chunked($path);
return $bytes;
}
function add_attachment($file)
{
if (file_exists($file) && is_readable($file) && filesize($file)) {
$mime_boundary = $this->get_mime_boundary();
$this->add_header("MIME-Version", "1.0");
$this->add_header("Content-Type", "multipart/mixed; boundary=\"" . $mime_boundary . "\"");
$this->add_header("Content-Disposition", "inline");
// Read the file to be attached ('rb' = read binary)
$fh = fopen($file, 'rb');
$data = fread($fh, filesize($file));
fclose($fh);
$mimetype = get_mimetype($file);
// Base64 encode the file data
$data = chunk_split(base64_encode($data));
$name = basename($file);
$this->body = $this->get_top_mime_header() . $this->body;
$this->body .= "\n\n--" . $mime_boundary;
$this->body .= "\nContent-Type: " . $mimetype . "; name=\"" . $name . "\"";
$this->body .= "\nContent-Disposition: attachment; filename=\"" . $name . "\"";
$this->body .= "\nContent-Transfer-Encoding: base64";
$this->body .= "\n\n" . $data;
}
}
*
* You should have received a copy of the GNU Affero General Public License
* along with allocPSA. If not, see <http://www.gnu.org/licenses/>.
*/
// For use like get_attachment.php?entity=project&id=5&file=foo.bar
require_once "../alloc.php";
$file = $_GET["file"];
if (isset($_GET["id"]) && $file && !bad_filename($file)) {
$entity = new $_GET["entity"]();
$entity->set_id(sprintf("%d", $_GET["id"]));
$entity->select();
$file = ATTACHMENTS_DIR . $_GET["entity"] . "/" . $_GET["id"] . "/" . $file;
if ($entity->has_attachment_permission($current_user)) {
if (file_exists($file)) {
$fp = fopen($file, "rb");
$mimetype = get_mimetype($file);
// Forge html for the whatsnew files
if (basename(dirname(dirname($file))) == "whatsnew") {
$forged_suffix = ".html";
$mimetype = "text/html";
}
header('Content-Type: ' . $mimetype);
header("Content-Length: " . filesize($file));
header('Content-Disposition: inline; filename="' . basename($file) . $forged_suffix . '"');
fpassthru($fp);
exit;
} else {
echo "File not found.";
exit;
}
} else {
display_items('Archive For ' . get_list_name($_GET['id']), get_archive($_GET['id']), 'view-html', 'view-text', '');
break;
case 'information':
display_information($_GET['id']);
break;
default:
if (!check_logged_in()) {
display_login_form($action);
}
break;
}
//all other actions require user to be logged in
if (check_logged_in()) {
switch ($action) {
case 'account-settings':
display_account_form(get_email(), get_real_name(get_email()), get_mimetype(get_email()));
break;
case 'show-other-lists':
display_items('Unsubscribed Lists', get_unsubscribed_lists(get_email()), 'information', 'show-archive', 'subscribe');
break;
case 'subscribe':
subscribe(get_email(), $_GET['id']);
display_items('Subscribed Lists', get_subscribed_lists(get_email()), 'information', 'show-archive', 'unsubscribe');
break;
case 'unsubscribe':
unsubscribe(get_email(), $_GET['id']);
display_items('Subscribed Lists', get_subscribed_lists(get_email()), 'information', 'show-archive', 'unsubscribe');
break;
case '':
case 'show-my-lists':
display_items('Subscribed Lists', get_subscribed_lists(get_email()), 'information', 'show-archive', 'unsubscribe');
/**
* 文件上传
*
* 返回的数组索引
* mime_type 文件类型
* size 文件大小(单位KB)
* file_path 文件路径
* width 宽度
* height 高度
* 可选值(仅在上传文件是图片且系统开启缩略图时起作用)
* thum_file 缩略图的路径
* thum_width 缩略图宽度
* thum_height 缩略图高度
* thum_size 缩略图大小(单位KB)
*
* @param string $fileName 文件名
* @param string $errorNum 错误码:$_FILES['error']
* @param string $tmpFile 上传后的临时文件
* @param string $fileSize 文件大小 KB
* @param array $type 允许上传的文件类型
* @param boolean $isIcon 是否为上传头像
* @param boolean $is_thumbnail 是否生成缩略图
* @return array 文件数据 索引
*
*/
function upload($fileName, $errorNum, $tmpFile, $fileSize, $type, $isIcon = false, $is_thumbnail = true)
{
if ($errorNum == 1) {
return '100';
//文件大小超过系统限制
} elseif ($errorNum > 1) {
return '101';
//上传文件失败
}
$extension = getFileSuffix($fileName);
if (!in_array($extension, $type)) {
return '102';
//错误的文件类型
}
if ($fileSize > Option::getAttMaxSize()) {
return '103';
//文件大小超出emlog的限制
}
$file_info = array();
$file_info['file_name'] = $fileName;
$file_info['mime_type'] = get_mimetype($extension);
$file_info['size'] = $fileSize;
$file_info['width'] = 0;
$file_info['height'] = 0;
$uppath = Option::UPLOADFILE_PATH . gmdate('Ym') . '/';
$fname = substr(md5($fileName), 0, 4) . time() . '.' . $extension;
$attachpath = $uppath . $fname;
$file_info['file_path'] = $attachpath;
if (!is_dir(Option::UPLOADFILE_PATH)) {
@umask(0);
$ret = @mkdir(Option::UPLOADFILE_PATH, 0777);
if ($ret === false) {
return '104';
//创建文件上传目录失败
}
}
if (!is_dir($uppath)) {
@umask(0);
$ret = @mkdir($uppath, 0777);
if ($ret === false) {
return '105';
//上传失败。文件上传目录(content/uploadfile)不可写
}
}
doAction('attach_upload', $tmpFile);
// 生成缩略图
$thum = $uppath . 'thum-' . $fname;
if ($is_thumbnail) {
if ($isIcon && resizeImage($tmpFile, $thum, Option::ICON_MAX_W, Option::ICON_MAX_H)) {
$file_info['thum_file'] = $thum;
$file_info['thum_size'] = filesize($thum);
$size = getimagesize($thum);
if ($size) {
$file_info['thum_width'] = $size[0];
$file_info['thum_height'] = $size[1];
}
resizeImage($tmpFile, $uppath . 'thum52-' . $fname, 52, 52);
} elseif (resizeImage($tmpFile, $thum, Option::get('att_imgmaxw'), Option::get('att_imgmaxh'))) {
$file_info['thum_file'] = $thum;
$file_info['thum_size'] = filesize($thum);
$size = getimagesize($thum);
if ($size) {
$file_info['thum_width'] = $size[0];
$file_info['thum_height'] = $size[1];
}
}
}
if (@is_uploaded_file($tmpFile)) {
if (@(!move_uploaded_file($tmpFile, $attachpath))) {
@unlink($tmpFile);
return '105';
//上传失败。文件上传目录(content/uploadfile)不可写
}
@chmod($attachpath, 0777);
}
// 如果附件是图片需要提取宽高
if (in_array($file_info['mime_type'], array('image/jpeg', 'image/png', 'image/gif', 'image/bmp'))) {
$size = getimagesize($file_info['file_path']);
if ($size) {
$file_info['width'] = $size[0];
$file_info['height'] = $size[1];
}
}
return $file_info;
}
function downloadFile($fileName, $path)
{
$file_path = @realpath($path) . '/' . $fileName;
traceDebug($file_path);
$file_mime = @get_mimetype($fileName);
if (!$file_mime) {
$file_mime = "application/octet-stream";
}
header("Content-Type: {$file_mime}");
header("Content-Length: " . @filesize($file_path));
$agent = $_SERVER["HTTP_USER_AGENT"];
if (is_int(strpos($agent, "MSIE"))) {
$fn = preg_replace('/[:\\x5c\\/*?"<>|]/', '_', $fileName);
header("Content-Disposition: attachment; filename=" . rawurlencode($fn));
} else {
if (is_int(strpos($agent, "Gecko"))) {
header("Content-Disposition: attachment; filename*=UTF-8''" . rawurlencode($fileName));
} else {
if (is_int(strpos($agent, "Opera"))) {
$fn = preg_replace('/[:\\x5c\\/{?]/', '_', $fileName);
header("Content-Disposition: attachment; filename*=UTF-8''" . rawurlencode($fn));
} else {
$fn = mb_convert_encoding($fileName, "US-ASCII", "UTF-8");
$fn = (string) str_replace("\\", "\\\\", $fn);
$fn = (string) str_replace("\"", "\\\"", $fn);
header("Content-Disposition: attachment; filename=\"{$fn}\"");
}
}
}
@readfile($file_path);
}
/** try to make sure that the extension of file $name makes sense or matches the actual filetype
*
* this checks or changes the $name of the file in line with the
* mimetype of the actual file (as established by get_mimetype()).
*
* The reason to do this is to make it harder to 'smuggle in' files
* with deceptive filenames/extensions. Quite often the extension is
* used to determine the type of the file, even by browsers that should
* know better. By uploading a malicious .PDF using an innocuous extension
* like .TXT, a browser may be tricked into rendering that .PDF inline.
* By changing the extension from .TXT to .PDF we can mitigate that risk,
* at least a little bit. (People somehow trust an extension even though
* they should know better and file(1) says so...)
*
* Strategy is as follows. If the mimetype based on the $name matches the
* actual mimetype, we can simply allow the name provided.
*
* If there is a difference, we try to find an extension that maps to the
* same mimetype as that of the actual file. IOW: we put more trust in the
* mimetype of the actual file than we do in the mimetype suggested by the
* extension.
*
* @param string $path full path to the actual file (from $_FILES[$i]['tmp_name'])
* @param string $name the requested name of the file to examine (from $_FILES[$i]['name'])
* @param string $type the suggested filetype of the file (from $_FILES[$i]['type'])
* @return string the sanitised name and extension based on the file type
*/
function sanitise_filetype($path, $name, $type)
{
// 0 -- initialise: isolate the $filename and $ext
if (strpos($name, '.') === FALSE) {
// not a single dot -> filename without extension
$filename = $name;
$extension = '';
} else {
$components = explode('.', $name);
$extension = array_pop($components);
$filename = implode('.', $components);
unset($components);
}
// 1 -- does actual file mimetype agree with the file extension?
$type_path = get_mediatype(get_mimetype($path, $name));
$ext = utf8_strtolower($extension);
$mimetypes = get_mimetypes_array();
$type_name = isset($mimetypes[$ext]) ? get_mediatype($mimetypes[$ext]) : 'application/octet-stream';
if (strcmp($type_path, $type_name) == 0) {
return $name;
}
// 2 -- No, we change the extension based on the actual mimetype of the file
// 2A - lookup the first extension matching type, or use '' (which implies application/octet-stream)
$new_extension = array_search($type_path, $mimetypes);
if ($new_extension === FALSE || is_null($new_extension)) {
$new_extension = '';
logger(sprintf('%s.%s(): mimetype \'%s\' not recognised; using \'%s\' instead', __CLASS__, __FUNCTION__, $type_path, $mimetypes[$new_extension]));
}
// 2B - avoid tricks with double extensions (eg. upload of "malware.exe.txt")
if ($new_extension == '') {
if ($type_name == 'application/octet-stream') {
// preserve original extension and case because the original
// extension will yield 'application/octet-stream' when served via file.php,
// i.e. there is no need to lose the extension if it yields the same mimetype anyway
$new_name = $name;
} elseif (strpos($filename, '.') === FALSE) {
// filename has no dot =>
// no part of existing filename can be mistaken for an extension =>
// don't add anything at all
$new_name = $filename;
} else {
// bare $filename already contains an extension =>
// add '.bin' to force 'application/octet-stream'
$new_name = $filename . '.bin';
}
} else {
$new_name = $filename . '.' . $new_extension;
}
logger(sprintf('%s.%s(): namechange %s -> %s (%s)', __CLASS__, __FUNCTION__, $name, $new_name, $type_path), WLOG_DEBUG);
return $new_name;
}
/**
* Prefilled error messages.
*
* @param int $status The $status var from FileUploader::uploadTo()
* @return string The proper error message.
*/
public function getErrorMessage($status)
{
switch ($status) {
case UPLOAD_ERR_OK:
// You should avoid this. Is not an error!
return _("Upload completato con successo.");
case UPLOAD_ERR_NO_FILE:
return _("Non è stato selezionato alcun file.");
case UPLOAD_ERR_INI_SIZE:
return _("Il file eccede i limiti di sistema.");
case UPLOAD_ERR_FORM_SIZE:
DEBUG && error(_("Non affidarti a UPLOAD_ERR_FORM_SIZE!"));
return _("Il file eccede i limiti imposti.");
case UPLOAD_EXTRA_ERR_OVERSIZE:
return sprintf(_("Il file pesa %s. Non può superare %s."), human_filesize($_FILES[$this->fileEntry]['size']), human_filesize($this->args['max-filesize']));
case UPLOAD_EXTRA_ERR_CANT_SAVE_FILE:
return _("Impossibile salvare il file.");
case UPLOAD_EXTRA_ERR_CANT_READ_MIMETYPE:
return _("Il MIME del file non è validabile.");
case UPLOAD_EXTRA_ERR_UNALLOWED_MIMETYPE:
$mime = get_mimetype($_FILES[$this->fileEntry]['tmp_name']);
return sprintf(_("Il file é di un <em>MIME type</em> non concesso: <em>%s</em>."), esc_html($mime));
case UPLOAD_EXTRA_ERR_UNALLOWED_FILE:
$mime = get_mimetype($_FILES[$this->fileEntry]['tmp_name']);
$allowed_filetypes = $this->mimeTypes->getFiletypes($this->args['category'], $mime);
return multi_text(count($allowed_filetypes), sprintf(_("Il file ha un'estensione non valida. Estensioni attese: <em>%s</em>."), esc_html(implode(', ', $allowed_filetypes))), sprintf(_("Il file ha un'estensione non valida. Estensione attesa: <em>%s</em>."), esc_html($allowed_filetypes[0])));
case UPLOAD_EXTRA_ERR_FILENAME_TOO_SHORT:
return _("Il file ha un nome troppo breve.");
case UPLOAD_EXTRA_ERR_FILENAME_TOO_LONG:
return _("Il file ha un nome troppo lungo.");
case UPLOAD_EXTRA_ERR_GENERIC_ERROR:
return _("Errore di caricamento.");
default:
DEBUG && error(sprintf(_("Stato di errore non previsto: '%d'"), $status));
return _("Errore durante l'upload.");
}
}
$ct['snd'] = 'audio/basic';
$ct['midi'] = 'audio/midi';
$ct['mid'] = 'audio/midi';
$ct['m3u'] = 'audio/x-mpegurl';
$ct['tiff'] = 'image/tiff';
$ct['tif'] = 'image/tiff';
$ct['rtf'] = 'text/rtf';
$ct['wml'] = 'text/vnd.wap.wml';
$ct['wmls'] = 'text/vnd.wap.wmlscript';
$ct['xsl'] = 'text/xml';
$ct['xml'] = 'text/xml';
$extension = substr($file, strrpos($filename, '.')+1);
if (!$type = $ct[strtolower($extension)]) {
$type = 'text/html';
}
return $type;
}
$mime = get_mimetype($filename);
header('Content-disposition: attachment; filename='.$filename);
header('Content-type: '.$mime);
readfile($fullname);
?>
/**
* @brief Send a file to the client (download file)
*
* @warning This function must be called before there was any HTML output!
*
* @param string $filename The full path to the filename
* @param string $mimetype @li The mime type of the file
* @li if NULL, we will try to read the mimetype from the file
*/
function send_file($filename, $mimetype = NULL)
{
$mtime = ($mtime = filemtime($filename)) ? $mtime : gmtime();
if (strstr($_SERVER["HTTP_USER_AGENT"], "MSIE") != false) {
header("Content-Disposition: attachment; filename=" . urlencode(basename($filename)) . "; modification-date=" . date('r', $mtime) . ";");
} else {
header("Content-Disposition: attachment; filename=\"" . basename($filename) . "\"; modification-date=\"" . date('r', $mtime) . "\";");
}
if ($mimetype == NULL) {
$mimetype = get_mimetype($filename);
}
// lib.functions.php
header("Content-Type: " . $mimetype);
header("Content-Length:" . filesize($filename));
if (in_array('mod_xsendfile', apache_get_modules())) {
header('X-Sendfile: ' . $filename);
} else {
readfile($filename);
}
exit;
}
function CSS_colourCode($code)
{
if ($code[0] == '#') {
$code = substr($code, 1, strlen($code) - 1);
}
if (strlen($code) == 3) {
$chars = str_split($code);
foreach ($chars as $k => $v) {
$chars[$k] = $v . $v;
}
var_dump($chars);
$code = join('', $chars);
}
return $code;
}
$mimetype = get_mimetype(preg_replace('/.*\\./', '', $file));
if ($mimetype == 'text/css') {
$parsed = USERBASE . '/f/.files/css_' . str_replace('/', '|', $file);
if (!file_exists($parsed) || filectime($parsed) < filectime($file)) {
$f = file_get_contents($file);
// { cool stuff
preg_match_all('/\\.([a-z\\-]*)\\(([^\\)]*)\\);/', $f, $matches);
for ($i = 0; $i < count($matches[0]); ++$i) {
switch ($matches[1][$i]) {
case 'linear-gradient':
// {
$colours = explode(', ', $matches[2][$i]);
foreach ($colours as $k => $v) {
$colours[$k] = CSS_colourCode($v);
}
$css = 'background:-moz-linear-gradient(top,#' . $colours[0] . ',#' . $colours[1] . ');' . 'background:-webkit-gradient(linear,left top,left bottom,from(#' . $colours[0] . '), to(#' . $colours[1] . '));' . 'filter: progid:DXImageTransform.Microsoft.gradient(startColor' . 'str=#FF' . $colours[0] . ', endColorstr=#FF' . $colours[1] . ');' . '-ms-filter: "progid:DXImageTransform.Microsoft.gradient(start' . 'Colorstr=#FF' . $colours[0] . ', endColorstr=#FF' . $colours[1] . ')";';
break;
case 'show-all-lists':
display_items('All Lists', get_all_lists(), 'information', 'show-archive', 'modify');
break;
case 'show-archive':
display_items('Archive For ' . get_list_name($_GET['id']), get_archive($_GET['id']), 'view-html', 'view-text', '');
break;
case 'information':
display_information($_GET['id']);
break;
}
//all other actions require user to be logged in
if (check_logged_in()) {
switch ($action) {
case 'account-settings':
display_account_form(get_user(), get_real_name(get_user()), get_mimetype(get_user()));
break;
case 'show-other-lists':
display_items('Unsubscribed Lists', get_unsubscribed_lists(get_user()), 'information', 'show-archive', 'subscribe');
break;
case 'subscribe':
subscribe(get_user(), $_GET['id']);
display_items('Subscribed Lists', get_subscribed_lists(get_user()), 'information', 'show-archive', 'subscribe');
break;
case 'unsubscribe':
unsubscribe(get_user(), $_GET['id']);
display_items('Subscribed Lists', get_subscribed_lists(get_user()), 'information', 'show-archive', 'unsubscribe');
break;
//case '':
//case '':
case 'show-my-lists':
/**
* Know if a file belongs to a certain category
*
* @param string $filepath The file path
* @param string $category The category
* @return mixed FALSE if not
*/
function is_file_in_category($filepath, $category)
{
expect('mimeTypes');
$mime = get_mimetype($filepath);
return $GLOBALS['mimeTypes']->isMimetypeInCategory($mime, $category);
}
$name = $file->name;
$extension = $file->getExtension();
}
}
// { headers
if (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) {
$name = preg_replace('/\\./', '%2e', $name, substr_count($name, '.') - 1);
}
@set_time_limit(0);
header('Cache-Control: max-age = 2592000');
header('Expires-Active: On');
header('Expires: Fri, 1 Jan 2500 01:01:01 GMT');
header('Pragma:');
header('Content-Length: ' . (string) filesize($path));
if (isset($_GET['forcedownload'])) {
header('Content-Type: force/download');
header('Content-Disposition: attachment; filename="' . $name . '"');
} else {
header('Content-Type: ' . get_mimetype($extension));
}
header('Content-Transfer-Encoding: binary');
// }
if ($file = fopen($path, 'rb')) {
// send file
while (!feof($file) && connection_status() == 0) {
print fread($file, 1024 * 8);
flush();
}
fclose($file);
}
return connection_status() == 0 and !connection_aborted();
function plugin_qform_action()
{
global $vars, $script;
$id = $vars['id'];
$path = $_SESSION['qform']['_FILES'][$id]['path'];
$name = $_SESSION['qform']['_FILES'][$id]['name'];
if ($path != '' && file_exists($path)) {
$got = @getimagesize($path);
if (!isset($got[2])) {
$got[2] = FALSE;
}
switch ($got[2]) {
case 1:
$type = 'image/gif';
break;
case 2:
$type = 'image/jpeg';
break;
case 3:
$type = 'image/png';
break;
case 4:
$type = 'application/x-shockwave-flash';
break;
default:
$type = get_mimetype($name);
}
$file = htmlspecialchars($name);
$size = filesize($path);
pkwk_common_headers();
header('Content-Disposition: inline; filename="' . $file . '"');
header('Content-Length: ' . $size);
header('Content-Type: ' . $type);
@readfile($path);
} else {
echo 'No data';
}
exit;
}
<?php
define('DIRECTORY_CACHE', '../cache');
define('MAX_WIDTH', 1200);
define('MAX_HEIGHT', 1600);
$src = get_query('src', '');
if ($src == '' || strlen($src) <= 3) {
_error('no image specified');
}
$src = get_imgsrc($src);
$mime = get_mimetype($src);
if (!function_exists('imagecreatetruecolor')) {
_error('GD lib error: the function imagecreatetruecolor does not exist');
}
if (function_exists('imagefilter') && defined('IMG_FILTER_NEGATE')) {
$imgFilters = array(1 => array(IMG_FILTER_NEGATE, 0), 2 => array(IMG_FILTER_GRAYSCALE, 0), 3 => array(IMG_FILTER_BRIGHTNESS, 1), 4 => array(IMG_FILTER_CONTRAST, 1), 5 => array(IMG_FILTER_COLORIZE, 4), 6 => array(IMG_FILTER_EDGEDETECT, 0), 7 => array(IMG_FILTER_EMBOSS, 0), 8 => array(IMG_FILTER_GAUSSIAN_BLUR, 0), 9 => array(IMG_FILTER_SELECTIVE_BLUR, 0), 10 => array(IMG_FILTER_MEAN_REMOVAL, 0), 11 => array(IMG_FILTER_SMOOTH, 0));
}
$w = (int) abs(get_query('w', 0));
// width
$h = (int) abs(get_query('h', 0));
// height
$z = (int) get_query('z', 1);
// zoom
$q = (int) abs(get_query('q', 80));
// quality
$a = get_query('a', 'c');
// align
$f = get_query('f', '');
// filter
$s = (bool) get_query('s', 0);
// sharpen
$my->p = $slog->Permissions($row['board']);
$file = NULL;
if ($db->num_rows($result) != 1) {
echo $tpl->parse("header");
error($lang->phrase('no_upload_found'));
}
if ($my->p['forum'] == 0 || $my->p['downloadfiles'] == 0) {
echo $tpl->parse("header");
errorLogin();
}
$uppath = 'uploads/topics/' . $row['file'];
if (!file_exists($uppath)) {
error(array($lang->phrase('no_upload_found')));
}
$db->query('UPDATE ' . $db->pre . 'uploads SET hits = hits+1 WHERE id = ' . $_GET['id'], __LINE__, __FILE__);
$mime = get_mimetype($uppath);
if ($config['tpcdownloadspeed'] > 0 && $mime['browser'] == 'attachment') {
$rundeslimit = round($config['tpcdownloadspeed'] * 1024);
viscacha_header('Cache-control: private');
viscacha_header('Content-Type: ' . $mime['mime']);
viscacha_header('Content-Length: ' . filesize($uppath));
viscacha_header('Content-Disposition: ' . $mime['browser'] . '; filename="' . $row['file'] . '"');
flush();
$fd = fopen($uppath, "r");
while (!feof($fd)) {
echo fread($fd, $rundeslimit);
flush();
sleep(1);
}
fclose($fd);
} else {
function resize($file_name, $file_type, $curr_width, $curr_height, $max_width, $max_height, $return_contents = FALSE)
{
$mime_type = get_mimetype($file_name);
$mime_type = $file_type != $mime_type ? $file_type : $mime_type;
// do we have the right functions installed?
if (!function_exists('imagecreate') || !function_exists('imagecopyresampled')) {
return FALSE;
}
// use a bit of cross-multiplication to get the new image sizes
if ($curr_height >= $curr_width) {
$new_height = intval($max_height);
$new_width = ceil($curr_width / $curr_height * $max_width);
} else {
$new_width = intval($max_width);
$new_height = ceil($curr_height / $curr_width * $max_height);
}
// this will end up being the quality for the jpg images
$third_param = FALSE;
// get our old image
switch (strtolower($file_type)) {
case 'gif':
$image = @imagecreatefromgif($file_name);
break;
case 'jpg':
case 'jpeg':
$file_type = 'jpeg';
$image = @imagecreatefromjpeg($file_name);
$third_param = 90;
// quality
break;
case 'png':
$image = @imagecreatefrompng($file_name);
break;
case 'wbmp':
case 'bmp':
$file_type = 'wbmp';
$image = @imagecreatefromwbmp($file_name);
break;
}
// do we have the image?
if (!$image) {
return FALSE;
}
// see what color type we can use to create the new image
// either palette or true color
$create_fn = function_exists('imagecreatetruecolor') ? 'imagecreatetruecolor' : 'imagecreate';
// create the new image
$new_id = $create_fn($new_width, $new_height);
$new_image = imagecopyresampled($new_id, $image, 0, 0, 0, 0, $new_width, $new_height, $curr_width, $curr_height);
// start output buffering
ob_start();
// output the image
$create_image = 'image' . $file_type;
$create_image($new_id, FALSE, $third_param);
// get the contents of the image
$contents = ob_get_contents();
$file_size = ob_get_length();
// end output buffering
ob_end_clean();
// clear up memory
imagedestroy($image);
imagedestroy($new_id);
// should we return that data already?
if ($return_contents) {
return array('x' => $new_width, 'y' => $new_height, 'mimetype' => $mime_type, 'size' => $file_size, 'contents' => $contents);
}
// save the image
__chmod($file_name, 0777);
if (!is_writeable($file_name)) {
return FALSE;
}
$fp = @fopen($file_name, 'w');
if (!$fp) {
return FALSE;
}
if (fwrite($fp, $contents) === FALSE) {
return FALSE;
}
fclose($fp);
// we're done!
return TRUE;
}
