function identify_protected_attachments($attachment_id = 0, $guid = '', $cols = '', $args = array())
{
if ($guid && empty($args['guid'])) {
$args = array_merge($args, array('guid' => $guid));
}
return ScoperAnalyst::identify_protected_posts($attachment_id, true, $cols, $args);
}
function &build_blog_file_rules()
{
$new_rules = '';
require_once dirname(__FILE__) . '/analyst_rs.php';
if (!($attachment_results = ScoperAnalyst::identify_protected_attachments())) {
return $new_rules;
}
global $wpdb;
require_once dirname(__FILE__) . '/uploads_rs.php';
$home_root = parse_url(get_option('home'));
$home_root = trailingslashit($home_root['path']);
$uploads = scoper_get_upload_info();
$baseurl = trailingslashit($uploads['baseurl']);
$arr_url = parse_url($baseurl);
$rewrite_base = $arr_url['path'];
$file_keys = array();
$has_postmeta = array();
if ($key_results = scoper_get_results("SELECT pm.meta_value, p.guid, p.ID FROM {$wpdb->postmeta} AS pm INNER JOIN {$wpdb->posts} AS p ON p.ID = pm.post_id WHERE pm.meta_key = '_rs_file_key'")) {
foreach ($key_results as $row) {
$file_keys[$row->guid] = $row->meta_value;
$has_postmeta[$row->ID] = $row->meta_value;
}
}
$new_rules = "<IfModule mod_rewrite.c>\n";
$new_rules .= "RewriteEngine On\n";
$new_rules .= "RewriteBase {$rewrite_base}\n\n";
$main_rewrite_rule = "RewriteRule ^(.*) {$home_root}index.php?attachment=\$1&rs_rewrite=1 [NC,L]\n";
$htaccess_urls = array();
foreach ($attachment_results as $row) {
if (false !== strpos($row->guid, $baseurl)) {
// no need to include any attachments which are not in the uploads folder
if (!empty($file_keys[$row->guid])) {
$key = $file_keys[$row->guid];
} else {
$key = urlencode(str_replace('.', '', uniqid(strval(rand()), true)));
$file_keys[$row->guid] = $key;
}
if (!isset($has_postmeta[$row->ID]) || $key != $has_postmeta[$row->ID]) {
update_post_meta($row->ID, "_rs_file_key", $key);
}
if (isset($htaccess_urls[$row->guid])) {
// if a file is attached to multiple protected posts, use a single rewrite rule for it
continue;
}
$htaccess_urls[$row->guid] = true;
$rel_path = str_replace($baseurl, '', $row->guid);
// escape spaces
$file_path = str_replace(' ', '\\s', $rel_path);
// escape horiz tabs (yes, at least one user has them in filenames)
$file_path = str_replace(chr(9), '\\t', $file_path);
// strip out all other nonprintable characters. Affected files will not be filtered, but we avoid 500 error. Possible TODO: advisory in file attachment utility
$file_path = preg_replace('/[\\x00-\\x1f\\x7f]/', '', $file_path);
// escape all other regular expression operator characters
$file_path = preg_replace('/[\\^\\$\\.\\+\\[\\]\\(\\)\\{\\}]/', '\\\\$0', $file_path);
$new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$file_path}" . "\$ [NC]\n";
$new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
$new_rules .= $main_rewrite_rule;
if ($pos_ext = strrpos($file_path, '\\.')) {
$thumb_path = substr($file_path, 0, $pos_ext);
$ext = substr($file_path, $pos_ext + 2);
$new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$thumb_path}" . '-[0-9]{2,4}x[0-9]{2,4}\\.' . $ext . "\$ [NC]\n";
$new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
$new_rules .= $main_rewrite_rule;
// if resized image file(s) exist, include rules for them
$guid_pos_ext = strrpos($rel_path, '.');
$pattern = $uploads['path'] . '/' . substr($rel_path, 0, $guid_pos_ext) . '-??????????????' . substr($rel_path, $guid_pos_ext);
if (glob($pattern)) {
$new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$thumb_path}" . '-[0-9,a-f]{14}\\.' . $ext . "\$ [NC]\n";
$new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
$new_rules .= $main_rewrite_rule;
}
}
}
}
// end foreach protected attachment
if (IS_MU_RS) {
global $blog_id;
$file_filtered_sites = (array) get_site_option('scoper_file_filtered_sites');
if (!in_array($blog_id, $file_filtered_sites)) {
// this site needs a file redirect rule in root .htaccess
scoper_flush_site_rules();
}
if (defined('SCOPER_MU_FILE_PROCESSING')) {
// unless SCOPER_MU_FILE_PROCESSING is defined (indicating blogs.php has been modified for compatibility), blogs.php processing will be bypassed for all files
$content_path = trailingslashit(str_replace($strip_path, '', str_replace('\\', '/', WP_CONTENT_DIR)));
$new_rules .= "\n# Default WordPress cache handling\n";
$new_rules .= "RewriteRule ^(.*) {$content_path}blogs.php?file=\$1 [L]\n";
}
}
$new_rules .= "</IfModule>\n";
return $new_rules;
}
function build_blog_file_redirects()
{
global $wpdb, $blog_id, $base;
if (!ScoperRewrite::site_config_supports_rewrite()) {
return '';
}
$new_rules = '';
$orig_blog_id = $blog_id;
$strip_path = str_replace('\\', '/', trailingslashit(ABSPATH));
require_once dirname(__FILE__) . '/analyst_rs.php';
$new_rules .= "\n#Run file requests through blog-specific .htaccess to support filtering. Files that pass through filtering will be redirected by default WP rules.\n";
$file_filtered_sites = array();
$results = scoper_get_results("SELECT blog_id, path FROM {$wpdb->blogs} ORDER BY blog_id");
foreach ($results as $row) {
switch_to_blog($row->blog_id);
if ($results = ScoperAnalyst::identify_protected_attachments()) {
$file_filtered_sites[] = $row->blog_id;
// WP-mu content rules are only inserted if defined uploads path matches this default structure
$dir = ABSPATH . UPLOADBLOGSDIR . "/{$row->blog_id}/files/";
$url = trailingslashit($siteurl) . UPLOADBLOGSDIR . "/{$row->blog_id}/files/";
$uploads = apply_filters('upload_dir', array('path' => $dir, 'url' => $url, 'subdir' => '', 'basedir' => $dir, 'baseurl' => $url, 'error' => false));
$content_base = str_replace($strip_path, '', str_replace('\\', '/', $uploads['basedir']));
$path = trailingslashit($row->path);
if ($base && '/' != $base) {
if (0 === strpos($path, $base)) {
$path = substr($path, strlen($base));
}
}
// If a filter has changed basedir, don't filter file attachments for this blog
if (strpos($content_base, "/blogs.dir/{$row->blog_id}/files/")) {
$new_rules .= "RewriteRule ^{$path}files/(.*) {$content_base}\$1 [L]\n";
}
//RewriteRule ^blog1/files/(.*) wp-content/blogs.dir/2/files/$1 [L]
}
}
update_site_option('scoper_file_filtered_sites', $file_filtered_sites);
switch_to_blog($orig_blog_id);
return $new_rules;
}
