function get_image() { $mime = get_mimetype($this->path); viscacha_header('Content-Type: ' . $mime['mime']); readfile($this->path); exit; }
function kfmFile() { global $kfm; if (func_num_args() == 1) { $this->id = (int) func_get_arg(0); parent::kfmObject(); $filedata = db_fetch_row("SELECT id,name,directory FROM " . KFM_DB_PREFIX . "files WHERE id=" . $this->id); $this->name = $filedata['name']; $this->parent = $filedata['directory']; $dir = kfmDirectory::getInstance($this->parent); $this->directory = $dir->path; $this->path = $dir->path . '/' . $filedata['name']; if (!$this->exists()) { // $this->error(kfm_lang('File cannot be found')); // removed because it is causing false errors $this->delete(); return false; } $this->writable = $this->isWritable(); $this->ctime = filemtime($this->path) + $GLOBALS['kfm_server_hours_offset'] * 3600; $this->modified = strftime($kfm->setting('date_format') . ' ' . $kfm->setting('time_format'), filemtime($this->path)); $mimetype = get_mimetype($this->path); $pos = strpos($mimetype, ';'); $this->mimetype = $pos === false ? $mimetype : substr($mimetype, 0, $pos); $this->type = trim(substr(strstr($this->mimetype, '/'), 1)); } }
function get_file($file, $rev = "") { global $TPL; $f = realpath(wiki_module::get_wiki_path() . $file); if (path_under_path(dirname($f), wiki_module::get_wiki_path())) { $mt = get_mimetype($f); if (strtolower($mt) != "text/plain") { $s = "<h6>Download File</h6>"; $s .= "<a href='" . $TPL["url_alloc_fileDownload"] . "file=" . urlencode($file) . "'>" . $file . "</a>"; $TPL["str_html"] = $s; include_template("templates/fileGetM.tpl"); exit; } // Get the regular revision ... $disk_file = file_get_contents($f) or $disk_file = ""; $vcs = vcs::get(); //$vcs->debug = true; // Get a particular revision if ($vcs) { $vcs_file = $vcs->cat($f, $rev); } if ($vcs && wiki_module::nuke_trailing_spaces_from_all_lines($disk_file) != wiki_module::nuke_trailing_spaces_from_all_lines($vcs_file)) { if (!$vcs_file) { $TPL["msg"] = "<div class='message warn noprint' style='margin-top:0px; margin-bottom:10px; padding:10px;'>\n Warning: This file may not be under version control.\n </div>"; } else { $TPL["msg"] = "<div class='message warn noprint' style='margin-top:0px; margin-bottom:10px; padding:10px;'>\n Warning: This file may not be the latest version.\n </div>"; } } if ($rev && $vcs_file) { $TPL["str"] = $vcs_file; } else { $TPL["str"] = $disk_file; } $wikiMarkup = config::get_config_item("wikiMarkup"); $TPL["str_html"] = $wikiMarkup($TPL["str"]); $TPL["rev"] = urlencode($rev); include_template("templates/fileGetM.tpl"); } }
/** the designated file is sent to the visitor * * This transmits the file {$CFG->datadir}$file from * the data directory to the visitor's browser, suggesting * the name $name. The file is transmitted in chunks * (see {@link readfile_chunked()}). * * Several different variations are possible. * * - by specifying a Time To Live of 0 seconds, this routine * tries hard to defeat any caching by proxies * * - if the download flag is TRUE, this routine tries to * prevent the visitor's browser to render the file in-line * suggesting downloading instead * * Quirks * * - There appears to be a problem with Internet Explorer and https:// * and caching which requires a specific workaround. We simply check * for 'https:' or 'http'. * * - Adobe Acrobat Reader has a bad track record of infecting * user's computers with malware when PDF's are rendered in-line. * Therefore we force download for that kind of files. * * - It is not easy to determine the exact mime type of files * without resorting to a complex shadow-filesystem or a metadata * table in the database. Therefore we 'guess' the mime type, either * based on the information provided by the fileinfo PHP-module, or * simply based on the extension of $file (which is not very reliable, * but we have to do _something_). See {@link get_mimetype()} for details. * * @param string $file name of the file to send relative to $CFG->datadir * @param string $name filename to suggest to the visitor/visitor's browser * @param string $mimetype the mime type of the file; if not specified we use an educated guess * @param int $ttl time to live (aka maximum age) in seconds, 0 implies file is not cacheable * @param bool $download if TRUE we try to force a download * @uses get_mimetype() */ function send_file_from_datadir($file, $name, $mimetype = '', $ttl = 86400, $download = FALSE) { global $CFG; $path = $CFG->datadir . $file; $mtime = filemtime($path); $fsize = filesize($path); if (empty($mimetype)) { $mimetype = get_mimetype($path); } // Try to prevent inline rendering of PDF because of bugs in Adobe Reader $ext = strtolower(pathinfo($path, PATHINFO_EXTENSION)); if ($mimetype == 'application/pdf' || $ext == 'pdf') { $download = TRUE; $ttl = 0; } $headers = array(); $headers['Last-Modified'] = rfc1123date($mtime); $headers['Content-Disposition'] = sprintf('%s; filename=%s', $download ? 'attachment' : 'inline', urlencode($name)); $headers['Content-Type'] = $mimetype; $headers['Content-Length'] = $fsize; $headers['Accept-Ranges'] = 'none'; if ($ttl > 0) { $headers['Cache-Control'] = sprintf('max-age=%d', $ttl); $headers['Expires'] = rfc1123date(time() + $ttl); $headers['Pragma'] = ''; } else { if (strtolower(substr($CFG->www, 0, 6)) == 'https:') { $ttl = 10; $headers['Cache-Control'] = sprintf('max-age=%d', $ttl); $headers['Expires'] = rfc1123date(time() - 86400); // 24h in the past $headers['Pragma'] = ''; } else { $headers['Cache-Control'] = 'private, must-revalidate, max-age=0'; $headers['Expires'] = rfc1123date(time() - 86400); // 24h in the past $headers['Pragma'] = 'no-cache'; } } foreach ($headers as $k => $v) { @header(trim($k . ': ' . $v)); } $bytes = readfile_chunked($path); return $bytes; }
function add_attachment($file) { if (file_exists($file) && is_readable($file) && filesize($file)) { $mime_boundary = $this->get_mime_boundary(); $this->add_header("MIME-Version", "1.0"); $this->add_header("Content-Type", "multipart/mixed; boundary=\"" . $mime_boundary . "\""); $this->add_header("Content-Disposition", "inline"); // Read the file to be attached ('rb' = read binary) $fh = fopen($file, 'rb'); $data = fread($fh, filesize($file)); fclose($fh); $mimetype = get_mimetype($file); // Base64 encode the file data $data = chunk_split(base64_encode($data)); $name = basename($file); $this->body = $this->get_top_mime_header() . $this->body; $this->body .= "\n\n--" . $mime_boundary; $this->body .= "\nContent-Type: " . $mimetype . "; name=\"" . $name . "\""; $this->body .= "\nContent-Disposition: attachment; filename=\"" . $name . "\""; $this->body .= "\nContent-Transfer-Encoding: base64"; $this->body .= "\n\n" . $data; } }
* * You should have received a copy of the GNU Affero General Public License * along with allocPSA. If not, see <http://www.gnu.org/licenses/>. */ // For use like get_attachment.php?entity=project&id=5&file=foo.bar require_once "../alloc.php"; $file = $_GET["file"]; if (isset($_GET["id"]) && $file && !bad_filename($file)) { $entity = new $_GET["entity"](); $entity->set_id(sprintf("%d", $_GET["id"])); $entity->select(); $file = ATTACHMENTS_DIR . $_GET["entity"] . "/" . $_GET["id"] . "/" . $file; if ($entity->has_attachment_permission($current_user)) { if (file_exists($file)) { $fp = fopen($file, "rb"); $mimetype = get_mimetype($file); // Forge html for the whatsnew files if (basename(dirname(dirname($file))) == "whatsnew") { $forged_suffix = ".html"; $mimetype = "text/html"; } header('Content-Type: ' . $mimetype); header("Content-Length: " . filesize($file)); header('Content-Disposition: inline; filename="' . basename($file) . $forged_suffix . '"'); fpassthru($fp); exit; } else { echo "File not found."; exit; } } else {
display_items('Archive For ' . get_list_name($_GET['id']), get_archive($_GET['id']), 'view-html', 'view-text', ''); break; case 'information': display_information($_GET['id']); break; default: if (!check_logged_in()) { display_login_form($action); } break; } //all other actions require user to be logged in if (check_logged_in()) { switch ($action) { case 'account-settings': display_account_form(get_email(), get_real_name(get_email()), get_mimetype(get_email())); break; case 'show-other-lists': display_items('Unsubscribed Lists', get_unsubscribed_lists(get_email()), 'information', 'show-archive', 'subscribe'); break; case 'subscribe': subscribe(get_email(), $_GET['id']); display_items('Subscribed Lists', get_subscribed_lists(get_email()), 'information', 'show-archive', 'unsubscribe'); break; case 'unsubscribe': unsubscribe(get_email(), $_GET['id']); display_items('Subscribed Lists', get_subscribed_lists(get_email()), 'information', 'show-archive', 'unsubscribe'); break; case '': case 'show-my-lists': display_items('Subscribed Lists', get_subscribed_lists(get_email()), 'information', 'show-archive', 'unsubscribe');
/** * 文件上传 * * 返回的数组索引 * mime_type 文件类型 * size 文件大小(单位KB) * file_path 文件路径 * width 宽度 * height 高度 * 可选值(仅在上传文件是图片且系统开启缩略图时起作用) * thum_file 缩略图的路径 * thum_width 缩略图宽度 * thum_height 缩略图高度 * thum_size 缩略图大小(单位KB) * * @param string $fileName 文件名 * @param string $errorNum 错误码:$_FILES['error'] * @param string $tmpFile 上传后的临时文件 * @param string $fileSize 文件大小 KB * @param array $type 允许上传的文件类型 * @param boolean $isIcon 是否为上传头像 * @param boolean $is_thumbnail 是否生成缩略图 * @return array 文件数据 索引 * */ function upload($fileName, $errorNum, $tmpFile, $fileSize, $type, $isIcon = false, $is_thumbnail = true) { if ($errorNum == 1) { return '100'; //文件大小超过系统限制 } elseif ($errorNum > 1) { return '101'; //上传文件失败 } $extension = getFileSuffix($fileName); if (!in_array($extension, $type)) { return '102'; //错误的文件类型 } if ($fileSize > Option::getAttMaxSize()) { return '103'; //文件大小超出emlog的限制 } $file_info = array(); $file_info['file_name'] = $fileName; $file_info['mime_type'] = get_mimetype($extension); $file_info['size'] = $fileSize; $file_info['width'] = 0; $file_info['height'] = 0; $uppath = Option::UPLOADFILE_PATH . gmdate('Ym') . '/'; $fname = substr(md5($fileName), 0, 4) . time() . '.' . $extension; $attachpath = $uppath . $fname; $file_info['file_path'] = $attachpath; if (!is_dir(Option::UPLOADFILE_PATH)) { @umask(0); $ret = @mkdir(Option::UPLOADFILE_PATH, 0777); if ($ret === false) { return '104'; //创建文件上传目录失败 } } if (!is_dir($uppath)) { @umask(0); $ret = @mkdir($uppath, 0777); if ($ret === false) { return '105'; //上传失败。文件上传目录(content/uploadfile)不可写 } } doAction('attach_upload', $tmpFile); // 生成缩略图 $thum = $uppath . 'thum-' . $fname; if ($is_thumbnail) { if ($isIcon && resizeImage($tmpFile, $thum, Option::ICON_MAX_W, Option::ICON_MAX_H)) { $file_info['thum_file'] = $thum; $file_info['thum_size'] = filesize($thum); $size = getimagesize($thum); if ($size) { $file_info['thum_width'] = $size[0]; $file_info['thum_height'] = $size[1]; } resizeImage($tmpFile, $uppath . 'thum52-' . $fname, 52, 52); } elseif (resizeImage($tmpFile, $thum, Option::get('att_imgmaxw'), Option::get('att_imgmaxh'))) { $file_info['thum_file'] = $thum; $file_info['thum_size'] = filesize($thum); $size = getimagesize($thum); if ($size) { $file_info['thum_width'] = $size[0]; $file_info['thum_height'] = $size[1]; } } } if (@is_uploaded_file($tmpFile)) { if (@(!move_uploaded_file($tmpFile, $attachpath))) { @unlink($tmpFile); return '105'; //上传失败。文件上传目录(content/uploadfile)不可写 } @chmod($attachpath, 0777); } // 如果附件是图片需要提取宽高 if (in_array($file_info['mime_type'], array('image/jpeg', 'image/png', 'image/gif', 'image/bmp'))) { $size = getimagesize($file_info['file_path']); if ($size) { $file_info['width'] = $size[0]; $file_info['height'] = $size[1]; } } return $file_info; }
function downloadFile($fileName, $path) { $file_path = @realpath($path) . '/' . $fileName; traceDebug($file_path); $file_mime = @get_mimetype($fileName); if (!$file_mime) { $file_mime = "application/octet-stream"; } header("Content-Type: {$file_mime}"); header("Content-Length: " . @filesize($file_path)); $agent = $_SERVER["HTTP_USER_AGENT"]; if (is_int(strpos($agent, "MSIE"))) { $fn = preg_replace('/[:\\x5c\\/*?"<>|]/', '_', $fileName); header("Content-Disposition: attachment; filename=" . rawurlencode($fn)); } else { if (is_int(strpos($agent, "Gecko"))) { header("Content-Disposition: attachment; filename*=UTF-8''" . rawurlencode($fileName)); } else { if (is_int(strpos($agent, "Opera"))) { $fn = preg_replace('/[:\\x5c\\/{?]/', '_', $fileName); header("Content-Disposition: attachment; filename*=UTF-8''" . rawurlencode($fn)); } else { $fn = mb_convert_encoding($fileName, "US-ASCII", "UTF-8"); $fn = (string) str_replace("\\", "\\\\", $fn); $fn = (string) str_replace("\"", "\\\"", $fn); header("Content-Disposition: attachment; filename=\"{$fn}\""); } } } @readfile($file_path); }
/** try to make sure that the extension of file $name makes sense or matches the actual filetype * * this checks or changes the $name of the file in line with the * mimetype of the actual file (as established by get_mimetype()). * * The reason to do this is to make it harder to 'smuggle in' files * with deceptive filenames/extensions. Quite often the extension is * used to determine the type of the file, even by browsers that should * know better. By uploading a malicious .PDF using an innocuous extension * like .TXT, a browser may be tricked into rendering that .PDF inline. * By changing the extension from .TXT to .PDF we can mitigate that risk, * at least a little bit. (People somehow trust an extension even though * they should know better and file(1) says so...) * * Strategy is as follows. If the mimetype based on the $name matches the * actual mimetype, we can simply allow the name provided. * * If there is a difference, we try to find an extension that maps to the * same mimetype as that of the actual file. IOW: we put more trust in the * mimetype of the actual file than we do in the mimetype suggested by the * extension. * * @param string $path full path to the actual file (from $_FILES[$i]['tmp_name']) * @param string $name the requested name of the file to examine (from $_FILES[$i]['name']) * @param string $type the suggested filetype of the file (from $_FILES[$i]['type']) * @return string the sanitised name and extension based on the file type */ function sanitise_filetype($path, $name, $type) { // 0 -- initialise: isolate the $filename and $ext if (strpos($name, '.') === FALSE) { // not a single dot -> filename without extension $filename = $name; $extension = ''; } else { $components = explode('.', $name); $extension = array_pop($components); $filename = implode('.', $components); unset($components); } // 1 -- does actual file mimetype agree with the file extension? $type_path = get_mediatype(get_mimetype($path, $name)); $ext = utf8_strtolower($extension); $mimetypes = get_mimetypes_array(); $type_name = isset($mimetypes[$ext]) ? get_mediatype($mimetypes[$ext]) : 'application/octet-stream'; if (strcmp($type_path, $type_name) == 0) { return $name; } // 2 -- No, we change the extension based on the actual mimetype of the file // 2A - lookup the first extension matching type, or use '' (which implies application/octet-stream) $new_extension = array_search($type_path, $mimetypes); if ($new_extension === FALSE || is_null($new_extension)) { $new_extension = ''; logger(sprintf('%s.%s(): mimetype \'%s\' not recognised; using \'%s\' instead', __CLASS__, __FUNCTION__, $type_path, $mimetypes[$new_extension])); } // 2B - avoid tricks with double extensions (eg. upload of "malware.exe.txt") if ($new_extension == '') { if ($type_name == 'application/octet-stream') { // preserve original extension and case because the original // extension will yield 'application/octet-stream' when served via file.php, // i.e. there is no need to lose the extension if it yields the same mimetype anyway $new_name = $name; } elseif (strpos($filename, '.') === FALSE) { // filename has no dot => // no part of existing filename can be mistaken for an extension => // don't add anything at all $new_name = $filename; } else { // bare $filename already contains an extension => // add '.bin' to force 'application/octet-stream' $new_name = $filename . '.bin'; } } else { $new_name = $filename . '.' . $new_extension; } logger(sprintf('%s.%s(): namechange %s -> %s (%s)', __CLASS__, __FUNCTION__, $name, $new_name, $type_path), WLOG_DEBUG); return $new_name; }
/** * Prefilled error messages. * * @param int $status The $status var from FileUploader::uploadTo() * @return string The proper error message. */ public function getErrorMessage($status) { switch ($status) { case UPLOAD_ERR_OK: // You should avoid this. Is not an error! return _("Upload completato con successo."); case UPLOAD_ERR_NO_FILE: return _("Non è stato selezionato alcun file."); case UPLOAD_ERR_INI_SIZE: return _("Il file eccede i limiti di sistema."); case UPLOAD_ERR_FORM_SIZE: DEBUG && error(_("Non affidarti a UPLOAD_ERR_FORM_SIZE!")); return _("Il file eccede i limiti imposti."); case UPLOAD_EXTRA_ERR_OVERSIZE: return sprintf(_("Il file pesa %s. Non può superare %s."), human_filesize($_FILES[$this->fileEntry]['size']), human_filesize($this->args['max-filesize'])); case UPLOAD_EXTRA_ERR_CANT_SAVE_FILE: return _("Impossibile salvare il file."); case UPLOAD_EXTRA_ERR_CANT_READ_MIMETYPE: return _("Il MIME del file non è validabile."); case UPLOAD_EXTRA_ERR_UNALLOWED_MIMETYPE: $mime = get_mimetype($_FILES[$this->fileEntry]['tmp_name']); return sprintf(_("Il file é di un <em>MIME type</em> non concesso: <em>%s</em>."), esc_html($mime)); case UPLOAD_EXTRA_ERR_UNALLOWED_FILE: $mime = get_mimetype($_FILES[$this->fileEntry]['tmp_name']); $allowed_filetypes = $this->mimeTypes->getFiletypes($this->args['category'], $mime); return multi_text(count($allowed_filetypes), sprintf(_("Il file ha un'estensione non valida. Estensioni attese: <em>%s</em>."), esc_html(implode(', ', $allowed_filetypes))), sprintf(_("Il file ha un'estensione non valida. Estensione attesa: <em>%s</em>."), esc_html($allowed_filetypes[0]))); case UPLOAD_EXTRA_ERR_FILENAME_TOO_SHORT: return _("Il file ha un nome troppo breve."); case UPLOAD_EXTRA_ERR_FILENAME_TOO_LONG: return _("Il file ha un nome troppo lungo."); case UPLOAD_EXTRA_ERR_GENERIC_ERROR: return _("Errore di caricamento."); default: DEBUG && error(sprintf(_("Stato di errore non previsto: '%d'"), $status)); return _("Errore durante l'upload."); } }
$ct['snd'] = 'audio/basic'; $ct['midi'] = 'audio/midi'; $ct['mid'] = 'audio/midi'; $ct['m3u'] = 'audio/x-mpegurl'; $ct['tiff'] = 'image/tiff'; $ct['tif'] = 'image/tiff'; $ct['rtf'] = 'text/rtf'; $ct['wml'] = 'text/vnd.wap.wml'; $ct['wmls'] = 'text/vnd.wap.wmlscript'; $ct['xsl'] = 'text/xml'; $ct['xml'] = 'text/xml'; $extension = substr($file, strrpos($filename, '.')+1); if (!$type = $ct[strtolower($extension)]) { $type = 'text/html'; } return $type; } $mime = get_mimetype($filename); header('Content-disposition: attachment; filename='.$filename); header('Content-type: '.$mime); readfile($fullname); ?>
/** * @brief Send a file to the client (download file) * * @warning This function must be called before there was any HTML output! * * @param string $filename The full path to the filename * @param string $mimetype @li The mime type of the file * @li if NULL, we will try to read the mimetype from the file */ function send_file($filename, $mimetype = NULL) { $mtime = ($mtime = filemtime($filename)) ? $mtime : gmtime(); if (strstr($_SERVER["HTTP_USER_AGENT"], "MSIE") != false) { header("Content-Disposition: attachment; filename=" . urlencode(basename($filename)) . "; modification-date=" . date('r', $mtime) . ";"); } else { header("Content-Disposition: attachment; filename=\"" . basename($filename) . "\"; modification-date=\"" . date('r', $mtime) . "\";"); } if ($mimetype == NULL) { $mimetype = get_mimetype($filename); } // lib.functions.php header("Content-Type: " . $mimetype); header("Content-Length:" . filesize($filename)); if (in_array('mod_xsendfile', apache_get_modules())) { header('X-Sendfile: ' . $filename); } else { readfile($filename); } exit; }
function CSS_colourCode($code) { if ($code[0] == '#') { $code = substr($code, 1, strlen($code) - 1); } if (strlen($code) == 3) { $chars = str_split($code); foreach ($chars as $k => $v) { $chars[$k] = $v . $v; } var_dump($chars); $code = join('', $chars); } return $code; } $mimetype = get_mimetype(preg_replace('/.*\\./', '', $file)); if ($mimetype == 'text/css') { $parsed = USERBASE . '/f/.files/css_' . str_replace('/', '|', $file); if (!file_exists($parsed) || filectime($parsed) < filectime($file)) { $f = file_get_contents($file); // { cool stuff preg_match_all('/\\.([a-z\\-]*)\\(([^\\)]*)\\);/', $f, $matches); for ($i = 0; $i < count($matches[0]); ++$i) { switch ($matches[1][$i]) { case 'linear-gradient': // { $colours = explode(', ', $matches[2][$i]); foreach ($colours as $k => $v) { $colours[$k] = CSS_colourCode($v); } $css = 'background:-moz-linear-gradient(top,#' . $colours[0] . ',#' . $colours[1] . ');' . 'background:-webkit-gradient(linear,left top,left bottom,from(#' . $colours[0] . '), to(#' . $colours[1] . '));' . 'filter: progid:DXImageTransform.Microsoft.gradient(startColor' . 'str=#FF' . $colours[0] . ', endColorstr=#FF' . $colours[1] . ');' . '-ms-filter: "progid:DXImageTransform.Microsoft.gradient(start' . 'Colorstr=#FF' . $colours[0] . ', endColorstr=#FF' . $colours[1] . ')";';
break; case 'show-all-lists': display_items('All Lists', get_all_lists(), 'information', 'show-archive', 'modify'); break; case 'show-archive': display_items('Archive For ' . get_list_name($_GET['id']), get_archive($_GET['id']), 'view-html', 'view-text', ''); break; case 'information': display_information($_GET['id']); break; } //all other actions require user to be logged in if (check_logged_in()) { switch ($action) { case 'account-settings': display_account_form(get_user(), get_real_name(get_user()), get_mimetype(get_user())); break; case 'show-other-lists': display_items('Unsubscribed Lists', get_unsubscribed_lists(get_user()), 'information', 'show-archive', 'subscribe'); break; case 'subscribe': subscribe(get_user(), $_GET['id']); display_items('Subscribed Lists', get_subscribed_lists(get_user()), 'information', 'show-archive', 'subscribe'); break; case 'unsubscribe': unsubscribe(get_user(), $_GET['id']); display_items('Subscribed Lists', get_subscribed_lists(get_user()), 'information', 'show-archive', 'unsubscribe'); break; //case '': //case '': case 'show-my-lists':
/** * Know if a file belongs to a certain category * * @param string $filepath The file path * @param string $category The category * @return mixed FALSE if not */ function is_file_in_category($filepath, $category) { expect('mimeTypes'); $mime = get_mimetype($filepath); return $GLOBALS['mimeTypes']->isMimetypeInCategory($mime, $category); }
$name = $file->name; $extension = $file->getExtension(); } } // { headers if (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) { $name = preg_replace('/\\./', '%2e', $name, substr_count($name, '.') - 1); } @set_time_limit(0); header('Cache-Control: max-age = 2592000'); header('Expires-Active: On'); header('Expires: Fri, 1 Jan 2500 01:01:01 GMT'); header('Pragma:'); header('Content-Length: ' . (string) filesize($path)); if (isset($_GET['forcedownload'])) { header('Content-Type: force/download'); header('Content-Disposition: attachment; filename="' . $name . '"'); } else { header('Content-Type: ' . get_mimetype($extension)); } header('Content-Transfer-Encoding: binary'); // } if ($file = fopen($path, 'rb')) { // send file while (!feof($file) && connection_status() == 0) { print fread($file, 1024 * 8); flush(); } fclose($file); } return connection_status() == 0 and !connection_aborted();
function plugin_qform_action() { global $vars, $script; $id = $vars['id']; $path = $_SESSION['qform']['_FILES'][$id]['path']; $name = $_SESSION['qform']['_FILES'][$id]['name']; if ($path != '' && file_exists($path)) { $got = @getimagesize($path); if (!isset($got[2])) { $got[2] = FALSE; } switch ($got[2]) { case 1: $type = 'image/gif'; break; case 2: $type = 'image/jpeg'; break; case 3: $type = 'image/png'; break; case 4: $type = 'application/x-shockwave-flash'; break; default: $type = get_mimetype($name); } $file = htmlspecialchars($name); $size = filesize($path); pkwk_common_headers(); header('Content-Disposition: inline; filename="' . $file . '"'); header('Content-Length: ' . $size); header('Content-Type: ' . $type); @readfile($path); } else { echo 'No data'; } exit; }
<?php define('DIRECTORY_CACHE', '../cache'); define('MAX_WIDTH', 1200); define('MAX_HEIGHT', 1600); $src = get_query('src', ''); if ($src == '' || strlen($src) <= 3) { _error('no image specified'); } $src = get_imgsrc($src); $mime = get_mimetype($src); if (!function_exists('imagecreatetruecolor')) { _error('GD lib error: the function imagecreatetruecolor does not exist'); } if (function_exists('imagefilter') && defined('IMG_FILTER_NEGATE')) { $imgFilters = array(1 => array(IMG_FILTER_NEGATE, 0), 2 => array(IMG_FILTER_GRAYSCALE, 0), 3 => array(IMG_FILTER_BRIGHTNESS, 1), 4 => array(IMG_FILTER_CONTRAST, 1), 5 => array(IMG_FILTER_COLORIZE, 4), 6 => array(IMG_FILTER_EDGEDETECT, 0), 7 => array(IMG_FILTER_EMBOSS, 0), 8 => array(IMG_FILTER_GAUSSIAN_BLUR, 0), 9 => array(IMG_FILTER_SELECTIVE_BLUR, 0), 10 => array(IMG_FILTER_MEAN_REMOVAL, 0), 11 => array(IMG_FILTER_SMOOTH, 0)); } $w = (int) abs(get_query('w', 0)); // width $h = (int) abs(get_query('h', 0)); // height $z = (int) get_query('z', 1); // zoom $q = (int) abs(get_query('q', 80)); // quality $a = get_query('a', 'c'); // align $f = get_query('f', ''); // filter $s = (bool) get_query('s', 0); // sharpen
$my->p = $slog->Permissions($row['board']); $file = NULL; if ($db->num_rows($result) != 1) { echo $tpl->parse("header"); error($lang->phrase('no_upload_found')); } if ($my->p['forum'] == 0 || $my->p['downloadfiles'] == 0) { echo $tpl->parse("header"); errorLogin(); } $uppath = 'uploads/topics/' . $row['file']; if (!file_exists($uppath)) { error(array($lang->phrase('no_upload_found'))); } $db->query('UPDATE ' . $db->pre . 'uploads SET hits = hits+1 WHERE id = ' . $_GET['id'], __LINE__, __FILE__); $mime = get_mimetype($uppath); if ($config['tpcdownloadspeed'] > 0 && $mime['browser'] == 'attachment') { $rundeslimit = round($config['tpcdownloadspeed'] * 1024); viscacha_header('Cache-control: private'); viscacha_header('Content-Type: ' . $mime['mime']); viscacha_header('Content-Length: ' . filesize($uppath)); viscacha_header('Content-Disposition: ' . $mime['browser'] . '; filename="' . $row['file'] . '"'); flush(); $fd = fopen($uppath, "r"); while (!feof($fd)) { echo fread($fd, $rundeslimit); flush(); sleep(1); } fclose($fd); } else {
function resize($file_name, $file_type, $curr_width, $curr_height, $max_width, $max_height, $return_contents = FALSE) { $mime_type = get_mimetype($file_name); $mime_type = $file_type != $mime_type ? $file_type : $mime_type; // do we have the right functions installed? if (!function_exists('imagecreate') || !function_exists('imagecopyresampled')) { return FALSE; } // use a bit of cross-multiplication to get the new image sizes if ($curr_height >= $curr_width) { $new_height = intval($max_height); $new_width = ceil($curr_width / $curr_height * $max_width); } else { $new_width = intval($max_width); $new_height = ceil($curr_height / $curr_width * $max_height); } // this will end up being the quality for the jpg images $third_param = FALSE; // get our old image switch (strtolower($file_type)) { case 'gif': $image = @imagecreatefromgif($file_name); break; case 'jpg': case 'jpeg': $file_type = 'jpeg'; $image = @imagecreatefromjpeg($file_name); $third_param = 90; // quality break; case 'png': $image = @imagecreatefrompng($file_name); break; case 'wbmp': case 'bmp': $file_type = 'wbmp'; $image = @imagecreatefromwbmp($file_name); break; } // do we have the image? if (!$image) { return FALSE; } // see what color type we can use to create the new image // either palette or true color $create_fn = function_exists('imagecreatetruecolor') ? 'imagecreatetruecolor' : 'imagecreate'; // create the new image $new_id = $create_fn($new_width, $new_height); $new_image = imagecopyresampled($new_id, $image, 0, 0, 0, 0, $new_width, $new_height, $curr_width, $curr_height); // start output buffering ob_start(); // output the image $create_image = 'image' . $file_type; $create_image($new_id, FALSE, $third_param); // get the contents of the image $contents = ob_get_contents(); $file_size = ob_get_length(); // end output buffering ob_end_clean(); // clear up memory imagedestroy($image); imagedestroy($new_id); // should we return that data already? if ($return_contents) { return array('x' => $new_width, 'y' => $new_height, 'mimetype' => $mime_type, 'size' => $file_size, 'contents' => $contents); } // save the image __chmod($file_name, 0777); if (!is_writeable($file_name)) { return FALSE; } $fp = @fopen($file_name, 'w'); if (!$fp) { return FALSE; } if (fwrite($fp, $contents) === FALSE) { return FALSE; } fclose($fp); // we're done! return TRUE; }