/**
* Make sure the file is a css or js file and that it exists
* @static
*/
public static function CheckFile(&$file)
{
global $dataDir;
$comment_start = '<!--';
$comment_end = '-->';
$file = self::TrimQuery($file);
if (empty($file)) {
return false;
}
//translate addon paths
$pos = strpos($file, '/data/_addoncode/');
if ($pos !== false) {
$file_parts = substr($file, $pos + 17);
$file_parts = explode('/', $file_parts);
$addon_key = array_shift($file_parts);
$addon_config = \gp\tool\Plugins::GetAddonConfig($addon_key);
if ($addon_config) {
$file = $addon_config['code_folder_rel'] . '/' . implode('/', $file_parts);
}
}
//remove null charachters
$file = \gp\tool\Files::NoNull($file);
//require .js or .css
$ext = \gp\tool::Ext($file);
if ($ext !== 'js' && $ext !== 'css' && $ext !== 'less' && $ext !== 'scss') {
echo "\n{$comment_start} File Not CSS, LESS or JS {$file} {$comment_end}\n";
return false;
}
//paths that have been urlencoded
if (strpos($file, '%') !== false) {
$decoded_file = rawurldecode($file);
if ($full_path = self::CheckFileSub($decoded_file)) {
$file = $decoded_file;
return $full_path;
}
}
//paths that have not been encoded
if ($full_path = self::CheckFileSub($file)) {
return $full_path;
}
echo "\n{$comment_start} File Not Found {$dataDir}{$file} {$comment_end}\n";
return false;
}
/**
* Check the path of the img, return full path of image if the requested image is found
*
*/
function __construct()
{
global $dataDir;
if (!isset($_GET['w']) || !isset($_GET['h']) || !isset($_GET['img'])) {
self::Send404();
//dies
}
$img = $_GET['img'];
$height = $_GET['h'];
$width = $_GET['w'];
$index = $_GET['i'];
if (!is_numeric($height) || !is_numeric($width)) {
self::Send404();
//dies
}
$img = \gp\tool\Files::NoNull($img);
//check file path
if (strpos($img, './') !== false || strpos($img, '%2f') !== false || strpos($img, '%2F') !== false) {
return false;
}
//make sure the index is set
gp_resized::SetIndex();
if (!isset(self::$index[$index])) {
self::Send404();
//dies
}
//if the image has been renamed, redirect to the new name
$index_img = self::$index[$index];
if ($index_img != $img) {
$path = \gp\tool::GetDir('/include/image.php', false) . '?i=' . $index . '&w=' . $width . '&h=' . $height . '&img=' . rawurlencode($index_img);
\gp\tool::Redirect($path);
}
$info = self::ImageInfo($img, $width, $height);
$folder = $dataDir . '/data/_resized/' . $info['index'];
$full_path = $folder . '/' . $info['name'];
//if it exists return true
if (file_exists($full_path)) {
header('Cache-Control: public, max-age=5184000');
//60 days
//attempt to send 304
$stats = lstat($full_path);
if ($stats) {
\gp\tool::Send304(\gp\tool::GenEtag($stats['mtime'], $stats['size']));
}
header('Content-Transfer-Encoding: binary');
header('Content-Type: ' . $info['ctype']);
readfile($full_path);
die;
}
//redirect to next largest image if available
$usage = self::GetUsage($info['index']);
foreach ($usage as $size => $data) {
if (!$data['uses']) {
continue;
}
list($use_width, $use_height) = explode('x', $size);
if ($use_width >= $width && $use_height > $height || $use_width > $width && $use_height >= $height) {
$path = \gp\tool::GetDir('/include/image.php', false) . '?i=' . $index . '&w=' . $use_width . '&h=' . $use_height . '&img=' . rawurlencode($img);
\gp\tool::Redirect($path);
//dies
}
}
//redirect to full size image
$original = \gp\tool::GetDir('/data/_uploaded' . $img, false);
\gp\tool::Redirect($original);
//dies
}
/**
* Check the file extension agains $allowed_types
*
*/
public static function AllowedExtension(&$file, $fix = true)
{
global $upload_extensions_allow, $upload_extensions_deny;
static $allowed_types = false;
$file = \gp\tool\Files::NoNull($file);
if (!gp_restrict_uploads) {
return true;
}
$parts = explode('.', $file);
if (count($parts) < 2) {
return true;
}
//build list of allowed extensions once
if (!$allowed_types) {
if (is_string($upload_extensions_deny) && strtolower($upload_extensions_deny) === 'all') {
$allowed_types = array();
} else {
$allowed_types = array('bmp', 'gif', 'jpeg', 'jpg', 'png', 'tif', 'tiff', 'wav', 'wma', 'svg', 'aiff', 'asf', 'avi', 'fla', 'flv', 'm4v', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ogg', 'oga', 'ogv', 'opus', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'webm', 'wmv', '7z', 'bz', 'gz', 'gzip', 'rar', 'sdc', 'sitd', 'tar', 'tgz', 'zip', 'css', 'csv', 'doc', 'docx', 'htm', 'html', 'js', 'json', 'less', 'md', 'ods', 'odt', 'pdf', 'ppt', 'pptx', 'rtf', 'txt', 'sxc', 'sxw', 'vsd', 'xls', 'xlsx', 'xml');
}
if (is_array($upload_extensions_allow)) {
$upload_extensions_allow = array_map('trim', $upload_extensions_allow);
$upload_extensions_allow = array_map('strtolower', $upload_extensions_allow);
$allowed_types = array_merge($allowed_types, $upload_extensions_allow);
}
if (is_array($upload_extensions_deny)) {
$upload_extensions_allow = array_map('trim', $upload_extensions_allow);
$upload_extensions_allow = array_map('strtolower', $upload_extensions_allow);
$allowed_types = array_diff($allowed_types, $upload_extensions_deny);
}
}
$allowed_types = \gp\tool\Plugins::Filter('AllowedTypes', array($allowed_types));
//make sure the extension is allowed
$file_type = array_pop($parts);
if (!in_array(strtolower($file_type), $allowed_types)) {
return false;
}
if ($fix) {
return implode('_', $parts) . '.' . $file_type;
} else {
return implode('.', $parts) . '.' . $file_type;
}
}
