function &build_blog_file_rules()
 {
     $new_rules = '';
     require_once dirname(__FILE__) . '/analyst_rs.php';
     if (!($attachment_results = ScoperAnalyst::identify_protected_attachments())) {
         return $new_rules;
     }
     global $wpdb;
     require_once dirname(__FILE__) . '/uploads_rs.php';
     $home_root = parse_url(get_option('home'));
     $home_root = trailingslashit($home_root['path']);
     $uploads = scoper_get_upload_info();
     $baseurl = trailingslashit($uploads['baseurl']);
     $arr_url = parse_url($baseurl);
     $rewrite_base = $arr_url['path'];
     $file_keys = array();
     $has_postmeta = array();
     if ($key_results = scoper_get_results("SELECT pm.meta_value, p.guid, p.ID FROM {$wpdb->postmeta} AS pm INNER JOIN {$wpdb->posts} AS p ON p.ID = pm.post_id WHERE pm.meta_key = '_rs_file_key'")) {
         foreach ($key_results as $row) {
             $file_keys[$row->guid] = $row->meta_value;
             $has_postmeta[$row->ID] = $row->meta_value;
         }
     }
     $new_rules = "<IfModule mod_rewrite.c>\n";
     $new_rules .= "RewriteEngine On\n";
     $new_rules .= "RewriteBase {$rewrite_base}\n\n";
     $main_rewrite_rule = "RewriteRule ^(.*) {$home_root}index.php?attachment=\$1&rs_rewrite=1 [NC,L]\n";
     $htaccess_urls = array();
     foreach ($attachment_results as $row) {
         if (false !== strpos($row->guid, $baseurl)) {
             // no need to include any attachments which are not in the uploads folder
             if (!empty($file_keys[$row->guid])) {
                 $key = $file_keys[$row->guid];
             } else {
                 $key = urlencode(str_replace('.', '', uniqid(strval(rand()), true)));
                 $file_keys[$row->guid] = $key;
             }
             if (!isset($has_postmeta[$row->ID]) || $key != $has_postmeta[$row->ID]) {
                 update_post_meta($row->ID, "_rs_file_key", $key);
             }
             if (isset($htaccess_urls[$row->guid])) {
                 // if a file is attached to multiple protected posts, use a single rewrite rule for it
                 continue;
             }
             $htaccess_urls[$row->guid] = true;
             $rel_path = str_replace($baseurl, '', $row->guid);
             // escape spaces
             $file_path = str_replace(' ', '\\s', $rel_path);
             // escape horiz tabs (yes, at least one user has them in filenames)
             $file_path = str_replace(chr(9), '\\t', $file_path);
             // strip out all other nonprintable characters.  Affected files will not be filtered, but we avoid 500 error.  Possible TODO: advisory in file attachment utility
             $file_path = preg_replace('/[\\x00-\\x1f\\x7f]/', '', $file_path);
             // escape all other regular expression operator characters
             $file_path = preg_replace('/[\\^\\$\\.\\+\\[\\]\\(\\)\\{\\}]/', '\\\\$0', $file_path);
             $new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$file_path}" . "\$ [NC]\n";
             $new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
             $new_rules .= $main_rewrite_rule;
             if ($pos_ext = strrpos($file_path, '\\.')) {
                 $thumb_path = substr($file_path, 0, $pos_ext);
                 $ext = substr($file_path, $pos_ext + 2);
                 $new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$thumb_path}" . '-[0-9]{2,4}x[0-9]{2,4}\\.' . $ext . "\$ [NC]\n";
                 $new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
                 $new_rules .= $main_rewrite_rule;
                 // if resized image file(s) exist, include rules for them
                 $guid_pos_ext = strrpos($rel_path, '.');
                 $pattern = $uploads['path'] . '/' . substr($rel_path, 0, $guid_pos_ext) . '-??????????????' . substr($rel_path, $guid_pos_ext);
                 if (glob($pattern)) {
                     $new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$thumb_path}" . '-[0-9,a-f]{14}\\.' . $ext . "\$ [NC]\n";
                     $new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
                     $new_rules .= $main_rewrite_rule;
                 }
             }
         }
     }
     // end foreach protected attachment
     if (IS_MU_RS) {
         global $blog_id;
         $file_filtered_sites = (array) get_site_option('scoper_file_filtered_sites');
         if (!in_array($blog_id, $file_filtered_sites)) {
             // this site needs a file redirect rule in root .htaccess
             scoper_flush_site_rules();
         }
         if (defined('SCOPER_MU_FILE_PROCESSING')) {
             // unless SCOPER_MU_FILE_PROCESSING is defined (indicating blogs.php has been modified for compatibility), blogs.php processing will be bypassed for all files
             $content_path = trailingslashit(str_replace($strip_path, '', str_replace('\\', '/', WP_CONTENT_DIR)));
             $new_rules .= "\n# Default WordPress cache handling\n";
             $new_rules .= "RewriteRule ^(.*) {$content_path}blogs.php?file=\$1 [L]\n";
         }
     }
     $new_rules .= "</IfModule>\n";
     return $new_rules;
 }
Exemplo n.º 2
0
 function build_blog_file_redirects()
 {
     global $wpdb, $blog_id, $base;
     if (!ScoperRewrite::site_config_supports_rewrite()) {
         return '';
     }
     $new_rules = '';
     $orig_blog_id = $blog_id;
     $strip_path = str_replace('\\', '/', trailingslashit(ABSPATH));
     require_once dirname(__FILE__) . '/analyst_rs.php';
     $new_rules .= "\n#Run file requests through blog-specific .htaccess to support filtering.  Files that pass through filtering will be redirected by default WP rules.\n";
     $file_filtered_sites = array();
     $results = scoper_get_results("SELECT blog_id, path FROM {$wpdb->blogs} ORDER BY blog_id");
     foreach ($results as $row) {
         switch_to_blog($row->blog_id);
         if ($results = ScoperAnalyst::identify_protected_attachments()) {
             $file_filtered_sites[] = $row->blog_id;
             // WP-mu content rules are only inserted if defined uploads path matches this default structure
             $dir = ABSPATH . UPLOADBLOGSDIR . "/{$row->blog_id}/files/";
             $url = trailingslashit($siteurl) . UPLOADBLOGSDIR . "/{$row->blog_id}/files/";
             $uploads = apply_filters('upload_dir', array('path' => $dir, 'url' => $url, 'subdir' => '', 'basedir' => $dir, 'baseurl' => $url, 'error' => false));
             $content_base = str_replace($strip_path, '', str_replace('\\', '/', $uploads['basedir']));
             $path = trailingslashit($row->path);
             if ($base && '/' != $base) {
                 if (0 === strpos($path, $base)) {
                     $path = substr($path, strlen($base));
                 }
             }
             // If a filter has changed basedir, don't filter file attachments for this blog
             if (strpos($content_base, "/blogs.dir/{$row->blog_id}/files/")) {
                 $new_rules .= "RewriteRule ^{$path}files/(.*) {$content_base}\$1 [L]\n";
             }
             //RewriteRule ^blog1/files/(.*) wp-content/blogs.dir/2/files/$1 [L]
         }
     }
     update_site_option('scoper_file_filtered_sites', $file_filtered_sites);
     switch_to_blog($orig_blog_id);
     return $new_rules;
 }