/**
* event listener for shutdown event; retrieves and outputs a file
*
* @return void
* @author Andy Bennett
*/
public function shutdown()
{
Kohana::close_buffers(false);
$f = isset($_REQUEST['file']) ? $_REQUEST['file'] : implode('/', Router::$arguments);
$ext = substr($f, strrpos($f, '.') + 1);
$file = substr($f, 0, strrpos($f, '.'));
if ($location = Kohana::find_file('web', $file, FALSE, $ext)) {
// Copy file to the cache...
$filepath = dirname($file);
$fc = file_get_contents($location);
if (Kohana::config('config.debugging') != true) {
@mkdir(DOCROOT . '/cache/' . $filepath, 0777, true);
file_put_contents(DOCROOT . '/cache/' . $file . '.' . $ext, $fc);
}
$m = Kohana::config('mimes.' . $ext);
if (!empty($m) and array($m)) {
header("Content-type: " . current($m));
}
$fs = filesize($location);
header("Content-Length: " . $fs);
readfile($location);
} else {
Kohana::log('error', 'Webcache file not found:- ' . $f);
}
}
/**
* Send the contents of a file or a data string with the proper MIME type and exit.
*
* @uses exit()
* @uses Kohana::close_buffers()
*
* @param string a file path or file name
* @param string optional data to send
* @return void
*/
public static function send($filename, $data = NULL)
{
if ($data === NULL) {
$filepath = realpath($filename);
$filename = basename($filepath);
$filesize = filesize($filepath);
} else {
$filename = basename($filename);
$filesize = strlen($data);
}
// Retrieve MIME type by extension
$mime = Kohana::config('mimes.' . strtolower(substr(strrchr($filename, '.'), 1)));
$mime = empty($mime) ? 'application/octet-stream' : $mime[0];
// Close output buffers
Kohana::close_buffers(FALSE);
// Clear any output
Event::add('system.display', create_function('', 'Kohana::$output = "";'));
// Send headers
header("Content-Type: {$mime}");
header('Content-Length: ' . sprintf('%d', $filesize));
header('Content-Transfer-Encoding: binary');
// Send data
if ($data === NULL) {
$handle = fopen($filepath, 'rb');
fpassthru($handle);
fclose($handle);
} else {
echo $data;
}
exit;
}
public function download($id)
{
$item = ORM::factory("item", $id);
// Make sure we have access to the item
if (!access::can("view", $item)) {
throw new Kohana_404_Exception();
}
// Make sure we have view_full access to the original
if (!access::can("view_full", $item)) {
throw new Kohana_404_Exception();
}
// Don't try to load a directory
if ($item->is_album()) {
throw new Kohana_404_Exception();
}
$file = $item->file_path();
if (!file_exists($file)) {
throw new Kohana_404_Exception();
}
header("Content-Length: " . filesize($file));
header("Pragma: public");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=\"{$item->name}\"");
Kohana::close_buffers(false);
readfile($file);
}
public function print_proxy($site_key, $file_id)
{
// This function retrieves the full-sized image for fotomoto.
// As this function by-passes normal Gallery security, a private
// site-key is used to try and prevent people other then fotomoto
// from finding the URL.
// If the site key doesn't match, display a 404 error.
if ($site_key != module::get_var("fotomotorw", "fotomoto_private_key")) {
throw new Kohana_404_Exception();
}
// Load the photo from the provided id. If the id# is invalid, display a 404 error.
$item = ORM::factory("item", $file_id);
if (!$item->loaded()) {
throw new Kohana_404_Exception();
}
// If the image file doesn't exist for some reason, display a 404 error.
if (!file_exists($item->file_path())) {
throw new Kohana_404_Exception();
}
// Display the image.
header("Content-Type: {$item->mime_type}");
Kohana::close_buffers(false);
$fd = fopen($item->file_path(), "rb");
fpassthru($fd);
fclose($fd);
}
/**
* Force a download of a file to the user's browser. This function is
* binary-safe and will work with any MIME type that Kohana is aware of.
*
* @param string a file path or file name
* @param mixed data to be sent if the filename does not exist
* @param string suggested filename to display in the download
* @return void
*/
public static function force($filename = NULL, $data = NULL, $nicename = NULL)
{
if (empty($filename)) {
return FALSE;
}
if (is_file($filename)) {
// Get the real path
$filepath = str_replace('\\', '/', realpath($filename));
// Set filesize
$filesize = filesize($filepath);
// Get filename
$filename = substr(strrchr('/' . $filepath, '/'), 1);
// Get extension
$extension = strtolower(substr(strrchr($filepath, '.'), 1));
} else {
// Get filesize
$filesize = strlen($data);
// Make sure the filename does not have directory info
$filename = substr(strrchr('/' . $filename, '/'), 1);
// Get extension
$extension = strtolower(substr(strrchr($filename, '.'), 1));
}
// Get the mime type of the file
$mime = Kohana::config('mimes.' . $extension);
if (empty($mime)) {
// Set a default mime if none was found
$mime = array('application/octet-stream');
}
// Generate the server headers
header('Content-Type: ' . $mime[0]);
header('Content-Disposition: attachment; filename="' . (empty($nicename) ? $filename : $nicename) . '"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . sprintf('%d', $filesize));
// More caching prevention
header('Expires: 0');
if (Kohana::user_agent('browser') === 'Internet Explorer') {
// Send IE headers
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
} else {
// Send normal headers
header('Pragma: no-cache');
}
// Clear the output buffer
Kohana::close_buffers(FALSE);
if (isset($filepath)) {
// Open the file
$handle = fopen($filepath, 'rb');
// Send the file data
fpassthru($handle);
// Close the file
fclose($handle);
} else {
// Send the file data
echo $data;
}
}
static function get($request)
{
$item = rest::resolve($request->url);
$p = $request->params;
if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) {
throw new Rest_Exception("Bad Request", 400, array("errors" => array("size" => "invalid")));
}
// Note: this code is roughly duplicated in file_proxy, so if you modify this, please look to
// see if you should make the same change there as well.
if ($p->size == "full") {
if ($item->is_album()) {
throw new Kohana_404_Exception();
}
access::required("view_full", $item);
$file = $item->file_path();
} else {
if ($p->size == "resize") {
access::required("view", $item);
$file = $item->resize_path();
} else {
access::required("view", $item);
$file = $item->thumb_path();
}
}
if (!file_exists($file)) {
throw new Kohana_404_Exception();
}
header("Content-Length: " . filesize($file));
if (isset($p->m)) {
header("Pragma:");
// Check that the content hasn't expired or it wasn't changed since cached
expires::check(2592000, $item->updated);
expires::set(2592000, $item->updated);
// 30 days
}
// We don't need to save the session for this request
Session::instance()->abort_save();
// Dump out the image. If the item is a movie or album, then its thumbnail will be a JPG.
if (($item->is_movie() || $item->is_album()) && $p->size == "thumb") {
header("Content-Type: image/jpeg");
} else {
header("Content-Type: {$item->mime_type}");
}
if (TEST_MODE) {
return $file;
} else {
Kohana::close_buffers(false);
if (isset($p->encoding) && $p->encoding == "base64") {
print base64_encode(file_get_contents($file));
} else {
readfile($file);
}
}
// We must exit here to keep the regular REST framework reply code from adding more bytes on
// at the end or tinkering with headers.
exit;
}
static function get($request)
{
$item = rest::resolve($request->url);
access::required("view", $item);
$p = $request->params;
if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) {
throw new Rest_Exception("Bad Request", 400, array("errors" => array("size" => "invalid")));
}
switch ($p->size) {
case "thumb":
$file = $item->thumb_path();
break;
case "resize":
$file = $item->resize_path();
break;
case "full":
$file = $item->file_path();
break;
}
if (!file_exists($file)) {
throw new Kohana_404_Exception();
}
// Note: this code is roughly duplicated in data_rest, so if you modify this, please look to
// see if you should make the same change there as well.
//
// We don't have a cache buster in the url, so don't set cache headers here.
// We don't need to save the session for this request
Session::instance()->abort_save();
if ($item->is_album() && !$item->album_cover_item_id) {
// No thumbnail. Return nothing.
// @todo: what should we do here?
return;
}
// Dump out the image. If the item is a movie, then its thumbnail will be a JPG.
if ($item->is_movie() && $p->size == "thumb") {
header("Content-Type: image/jpeg");
} else {
if ($item->is_album()) {
header("Content-Type: " . $item->album_cover()->mime_type);
} else {
header("Content-Type: {$item->mime_type}");
}
}
Kohana::close_buffers(false);
if (isset($p->encoding) && $p->encoding == "base64") {
print base64_encode(file_get_contents($file));
} else {
readfile($file);
}
// We must exit here to keep the regular REST framework reply code from adding more bytes on
// at the end or tinkering with headers.
exit;
}
public function print_proxy($type, $id)
{
// If its a request for the full size then make sure we are coming from an
// authorized address
if ($type == "full") {
$remote_addr = ip2long($this->input->server("REMOTE_ADDR"));
if ($remote_addr === false) {
Kohana::show_404();
}
$config = Kohana::config("addthis");
$authorized = false;
foreach ($config["ranges"] as $ip_range) {
$low = ip2long($ip_range["low"]);
$high = ip2long($ip_range["high"]);
$authorized = $low !== false && $high !== false && $low <= $remote_addr && $remote_addr <= $high;
if ($authorized) {
break;
}
}
if (!$authorized) {
Kohana::show_404();
}
}
$proxy = ORM::factory("addthis_proxy", array("uuid" => $id));
if (!$proxy->loaded || !$proxy->item->loaded) {
Kohana::show_404();
}
$file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path();
if (!file_exists($file)) {
kohana::show_404();
}
// We don't need to save the session for this request
Session::abort_save();
if (!TEST_MODE) {
// Dump out the image
header("Content-Type: {$proxy->item}->mime_type");
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
// If the request was for the image and not the thumb, then delete the proxy.
if ($type == "full") {
$proxy->delete();
}
}
$this->_clean_expired();
}
public function print_proxy($type, $uuid)
{
// If its a request for the full size then make sure we are coming from an
// authorized address
if ($type == "full") {
$remote_addr = ip2long(Input::instance()->server("REMOTE_ADDR"));
if ($remote_addr === false) {
throw new Kohana_404_Exception();
}
$config = Kohana::config("digibug");
$authorized = false;
foreach ($config["ranges"] as $ip_range) {
$low = ip2long($ip_range["low"]);
$high = ip2long($ip_range["high"]);
$authorized = $low !== false && $high !== false && $low <= $remote_addr && $remote_addr <= $high;
if ($authorized) {
break;
}
}
if (!$authorized) {
throw new Kohana_404_Exception();
}
}
$proxy = ORM::factory("digibug_proxy")->where("uuid", "=", $uuid)->find();
if (!$proxy->loaded() || !$proxy->item->loaded()) {
throw new Kohana_404_Exception();
}
$file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path();
if (!file_exists($file)) {
throw new Kohana_404_Exception();
}
// We don't need to save the session for this request
Session::instance()->abort_save();
if (!TEST_MODE) {
// Dump out the image
header("Content-Type: {$proxy->item->mime_type}");
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
}
$this->_clean_expired();
}
/**
* Print out a cached entry.
* @param string the combined entry type (either "javascript" or "css")
* @param string the key (typically an md5 sum)
*/
private function _emit($type, $key)
{
$input = Input::instance();
// We don't need to save the session for this request
Session::instance()->abort_save();
// Our data is immutable, so if they already have a copy then it needs no updating.
if ($input->server("HTTP_IF_MODIFIED_SINCE")) {
header('HTTP/1.0 304 Not Modified');
header("Expires: Tue, 19 Jan 2038 00:00:00 GMT");
header("Cache-Control: public,max-age=2678400");
header('Pragma: public');
Kohana::close_buffers(false);
return "";
}
if (empty($key)) {
throw new Kohana_404_Exception();
}
$cache = Cache::instance();
$use_gzip = function_exists("gzencode") && stripos($input->server("HTTP_ACCEPT_ENCODING"), "gzip") !== false && (int) ini_get("zlib.output_compression") === 0;
if ($use_gzip && ($content = $cache->get("{$key}_gz"))) {
header("Content-Encoding: gzip");
header("Vary: Accept-Encoding");
} else {
// Fall back to non-gzipped if we have to
$content = $cache->get($key);
}
if (empty($content)) {
throw new Kohana_404_Exception();
}
// $type is either 'javascript' or 'css'
if ($type == "javascript") {
header("Content-Type: application/javascript; charset=UTF-8");
} else {
header("Content-Type: text/css; charset=UTF-8");
}
header("Expires: Tue, 19 Jan 2038 00:00:00 GMT");
header("Cache-Control: public,max-age=2678400");
header("Pragma: public");
header("Last-Modified: " . gmdate("D, d M Y H:i:s T", time()));
header("Content-Length: " . strlen($content));
Kohana::close_buffers(false);
print $content;
}
public function print_proxy($type, $id)
{
$proxy = ORM::factory("digibug_proxy", array("uuid" => $id));
if (!$proxy->loaded || !$proxy->item->loaded) {
Kohana::show_404();
}
$file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path();
if (!file_exists($file)) {
kohana::show_404();
}
// We don't need to save the session for this request
Session::abort_save();
// Dump out the image
header("Content-Type: {$proxy->item}->mime_type");
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
// If the request was for the image and not the thumb, then delete the proxy.
if ($type == "full") {
$proxy->delete();
}
$this->_clean_expired();
}
/**
* See system/helpers/download.php
*/
private function prepareOutput()
{
// Close output buffers
Kohana::close_buffers(FALSE);
// Clear any output
Event::add('system.display', create_function('', 'Kohana::$output = "";'));
}
/**
* undocumented function
*
* @param string $path
* @return void
* @author Andy Bennett
*/
protected function render($path, $download = false, $orig_name = null)
{
Kohana::close_buffers(false);
if (is_null($orig_name)) {
$orig_name = basename($path);
}
$file_type = uploads::check_filetype(file::mime($path), $path);
header('Content-type: ' . $file_type);
if (!file::is_image($file_type) or $download) {
header('Content-Disposition: attachment; filename="' . $orig_name . '"');
}
header("Content-Length: " . filesize($path));
readfile($path);
exit;
}
public function __call($function, $args)
{
// request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
$request_uri = $this->input->server("REQUEST_URI");
// var_uri: http://example.com/gallery3/var/
$var_uri = url::file("var/");
// Make sure that the request is for a file inside var
$offset = strpos($request_uri, $var_uri);
if ($offset === false) {
kohana::show_404();
}
$file = substr($request_uri, strlen($var_uri));
// Make sure that we don't leave the var dir
if (strpos($file, "..") !== false) {
kohana::show_404();
}
// We only handle var/resizes and var/albums
$paths = explode("/", $file);
$type = $paths[0];
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
kohana::show_404();
}
// If the last element is .album.jpg, pop that off since it's not a real item
if ($paths[count($paths) - 1] == ".album.jpg") {
array_pop($paths);
}
if ($paths[count($paths) - 1] == "") {
array_pop($paths);
}
// Find all items that match the level and name, then iterate over those to find a match.
// In most cases we'll get it in one. Note that for the level calculation, we just count the
// size of $paths. $paths includes the type ("thumbs", etc) but it doesn't include the root,
// so it's a wash.
$count = count($paths);
$compare_file = VARPATH . $file;
$item = null;
foreach (ORM::factory("item")->where("name", $paths[$count - 1])->where("level", $count)->find_all() as $match) {
if ($type == "albums") {
$match_file = $match->file_path();
} else {
if ($type == "resizes") {
$match_file = $match->resize_path();
} else {
$match_file = $match->thumb_path();
}
}
if ($match_file == $compare_file) {
$item = $match;
break;
}
}
if (!$item) {
kohana::show_404();
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
kohana::show_404();
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
kohana::show_404();
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
kohana::show_404();
}
if (!file_exists($match_file)) {
kohana::show_404();
}
// Dump out the image
header("Content-Type: {$item->mime_type}");
Kohana::close_buffers(false);
$fd = fopen($match_file, "rb");
fpassthru($fd);
fclose($fd);
}
/**
* Triggers the shutdown of Kohana by closing the output buffer, runs the system.display event.
*
* @return void
*/
public static function shutdown()
{
static $run;
// Only run this function once
if ($run === TRUE) {
return;
}
$run = TRUE;
// Run system.shutdown event
Event::run('system.shutdown');
// Close output buffers
Kohana::close_buffers(TRUE);
// Run the output event
Event::run('system.display', Kohana::$output);
// Render the final output
Kohana::render(Kohana::$output);
}
public function __call($function, $args)
{
// request_uri: gallery3/var/albums/foo/bar.jpg?m=1234
$request_uri = rawurldecode(Input::instance()->server("REQUEST_URI"));
// get rid of query parameters
// request_uri: gallery3/var/albums/foo/bar.jpg
$request_uri = preg_replace("/\\?.*/", "", $request_uri);
// var_uri: gallery3/var/
$var_uri = url::file("var/");
// Make sure that the request is for a file inside var
$offset = strpos(rawurldecode($request_uri), $var_uri);
if ($offset !== 0) {
throw new Kohana_404_Exception();
}
// file_uri: albums/foo/bar.jpg
$file_uri = substr($request_uri, strlen($var_uri));
// type: albums
// path: foo/bar.jpg
list($type, $path) = explode("/", $file_uri, 2);
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
throw new Kohana_404_Exception();
}
// If the last element is .album.jpg, pop that off since it's not a real item
$path = preg_replace("|/.album.jpg\$|", "", $path);
$item = item::find_by_path($path);
if (!$item->loaded()) {
// We didn't turn it up. If we're looking for a .jpg then it's it's possible that we're
// requesting the thumbnail for a movie. In that case, the .flv, .mp4 or .m4v file would
// have been converted to a .jpg. So try some alternate types:
if (preg_match('/.jpg$/', $path)) {
// rWatcher Mod: look for videos with file extensions supported by the videos module in addition to flv mp4 and m4v
// Original Line: foreach (array("flv", "mp4", "m4v") as $ext) {
foreach (array_merge(array("flv", "mp4", "m4v"), unserialize(module::get_var("videos", "allowed_extensions"))) as $ext) {
$movie_path = preg_replace('/.jpg$/', ".{$ext}", $path);
$item = item::find_by_path($movie_path);
if ($item->loaded()) {
break;
}
}
}
// rWatcher Mod:
// If we're looking for a .flv then it's it's possible that we're requesting a flash resize
// for a movie.
if (strtolower(substr($path, strlen($path) - 4)) == ".flv") {
$movie_path = str_ireplace(".flv", "", $path);
$item = ORM::factory("item")->where("relative_path_cache", "=", $movie_path)->find();
}
// END rWatcher Mod
}
if (!$item->loaded()) {
throw new Kohana_404_Exception();
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
throw new Kohana_404_Exception();
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
throw new Kohana_404_Exception();
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
throw new Kohana_404_Exception();
}
if ($type == "albums") {
$file = $item->file_path();
} else {
if ($type == "resizes") {
$file = $item->resize_path();
// rWatcher MOD
// If the resize is for a movie, assume it needs a .flv extension.
if ($item->is_movie()) {
$file = $file . ".flv";
}
// End rWatcher MOD
} else {
$file = $item->thumb_path();
}
}
if (!file_exists($file)) {
throw new Kohana_404_Exception();
}
header("Content-Length: " . filesize($file));
header("Pragma:");
// Check that the content hasn't expired or it wasn't changed since cached
expires::check(2592000, $item->updated);
// We don't need to save the session for this request
Session::instance()->abort_save();
expires::set(2592000, $item->updated);
// 30 days
// Dump out the image. If the item is a movie, then its thumbnail will be a JPG.
if ($item->is_movie() && $type != "albums") {
header("Content-Type: image/jpeg");
} else {
header("Content-Type: {$item->mime_type}");
}
Kohana::close_buffers(false);
readfile($file);
}
public function __call($function, $args)
{
// request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
$request_uri = $this->input->server("REQUEST_URI");
$request_uri = preg_replace("/\\?.*/", "", $request_uri);
// Unescape %7E ("~") and %20 (" ")
$request_uri = str_replace(array("%7E", "%20"), array("~", " "), $request_uri);
// var_uri: http://example.com/gallery3/var/
$var_uri = url::file("var/");
// Make sure that the request is for a file inside var
$offset = strpos($request_uri, $var_uri);
if ($offset === false) {
kohana::show_404();
}
$file_uri = substr($request_uri, strlen($var_uri));
// Make sure that we don't leave the var dir
if (strpos($file_uri, "..") !== false) {
kohana::show_404();
}
list($type, $path) = explode("/", $file_uri, 2);
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
kohana::show_404();
}
// If the last element is .album.jpg, pop that off since it's not a real item
$path = preg_replace("|/.album.jpg\$|", "", $path);
// We now have the relative path to the item. Search for it in the path cache
$item = ORM::factory("item")->where("relative_path_cache", $path)->find();
if (!$item->loaded) {
// We didn't turn it up. This may mean that the path cache is out of date, so look it up
// the hard way.
//
// Find all items that match the level and name, then iterate over those to find a match.
// In most cases we'll get it in one. Note that for the level calculation, we just count the
// size of $paths.
$paths = explode("/", $path);
$count = count($paths);
foreach (ORM::factory("item")->where("name", $paths[$count - 1])->where("level", $count + 1)->find_all() as $match) {
if ($match->relative_path() == $path) {
$item = $match;
break;
}
}
}
if (!$item->loaded) {
kohana::show_404();
}
if ($type == "albums") {
$file = $item->file_path();
} else {
if ($type == "resizes") {
$file = $item->resize_path();
} else {
$file = $item->thumb_path();
}
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
kohana::show_404();
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
kohana::show_404();
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
kohana::show_404();
}
if (!file_exists($file)) {
kohana::show_404();
}
// Dump out the image
header("Content-Type: {$item->mime_type}");
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
}
/**
* undocumented function
*
* @param string $path
* @return void
* @author Andy Bennett
*/
protected function render($path, $download = false, $orig_name = null)
{
Kohana::close_buffers(false);
if (is_null($orig_name)) {
$orig_name = basename($path);
}
$file_type = mimes::check($path);
header('Content-type: ' . $file_type);
if (!file::is_image($file_type) and strpos($file_type, 'flash') === false or $download) {
header('Content-Disposition: attachment; filename="' . $orig_name . '"');
}
header("Content-Length: " . filesize($path));
readfile($path);
if ($this->delete_fullpath) {
unlink($this->delete_fullpath);
}
exit;
}
public function __call($function, $args)
{
// request_uri: gallery3/var/trunk/albums/foo/bar.jpg
$request_uri = rawurldecode(Input::instance()->server("REQUEST_URI"));
$request_uri = preg_replace("/\\?.*/", "", $request_uri);
// var_uri: gallery3/var/
$var_uri = url::file("var/");
// Make sure that the request is for a file inside var
$offset = strpos(rawurldecode($request_uri), $var_uri);
if ($offset !== 0) {
throw new Kohana_404_Exception();
}
$file_uri = substr($request_uri, strlen($var_uri));
// Make sure that we don't leave the var dir
if (strpos($file_uri, "..") !== false) {
throw new Kohana_404_Exception();
}
list($type, $path) = explode("/", $file_uri, 2);
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
throw new Kohana_404_Exception();
}
// If the last element is .album.jpg, pop that off since it's not a real item
$path = preg_replace("|/.album.jpg\$|", "", $path);
$encoded_path = array();
foreach (explode("/", $path) as $path_part) {
$encoded_path[] = rawurlencode($path_part);
}
// We now have the relative path to the item. Search for it in the path cache
// The patch cache is urlencoded so re-encode the path. (it was decoded earlier to
// insure that the paths are normalized.
$item = ORM::factory("item")->where("relative_path_cache", "=", implode("/", $encoded_path))->find();
if (!$item->loaded()) {
// We didn't turn it up. It's possible that the relative_path_cache is out of date here.
// There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be
// necessary, it's easily resurrected.
// If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail
// for a movie. In that case, the .flv or .mp4 file would have been converted to a .jpg.
// So try some alternate types:
if (preg_match('/.jpg$/', $path)) {
foreach (array("flv", "mp4") as $ext) {
$movie_path = preg_replace('/.jpg$/', ".{$ext}", $path);
$item = ORM::factory("item")->where("relative_path_cache", "=", $movie_path)->find();
if ($item->loaded()) {
break;
}
}
}
}
if (!$item->loaded()) {
throw new Kohana_404_Exception();
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
throw new Kohana_404_Exception();
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
throw new Kohana_404_Exception();
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
throw new Kohana_404_Exception();
}
if ($type == "albums") {
$file = $item->file_path();
} else {
if ($type == "resizes") {
$file = $item->resize_path();
} else {
$file = $item->thumb_path();
}
}
if (!file_exists($file)) {
throw new Kohana_404_Exception();
}
header("Pragma:");
// Check that the content hasn't expired or it wasn't changed since cached
expires::check(2592000, $item->updated);
// We don't need to save the session for this request
Session::abort_save();
expires::set(2592000, $item->updated);
// 30 days
// Dump out the image. If the item is a movie, then its thumbnail will be a JPG.
if ($item->is_movie() && $type != "albums") {
header("Content-type: image/jpeg");
} else {
header("Content-Type: {$item->mime_type}");
}
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
}
public function __call($function, $args)
{
// request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
$request_uri = $this->input->server("REQUEST_URI");
$request_uri = preg_replace("/\\?.*/", "", $request_uri);
// Unescape %7E (~), %20 ( ) and %27 (')
// @todo: figure out why we have to do this and unescape everything appropriate
$request_uri = str_replace(array("%7E", "%20", "%27"), array("~", " ", "'"), $request_uri);
// var_uri: http://example.com/gallery3/var/
$var_uri = url::file("var/");
// Make sure that the request is for a file inside var
$offset = strpos($request_uri, $var_uri);
if ($offset === false) {
kohana::show_404();
}
$file_uri = substr($request_uri, strlen($var_uri));
// Make sure that we don't leave the var dir
if (strpos($file_uri, "..") !== false) {
kohana::show_404();
}
list($type, $path) = explode("/", $file_uri, 2);
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
kohana::show_404();
}
// If the last element is .album.jpg, pop that off since it's not a real item
$path = preg_replace("|/.album.jpg\$|", "", $path);
// We now have the relative path to the item. Search for it in the path cache
$item = ORM::factory("item")->where("relative_path_cache", $path)->find();
if (!$item->loaded) {
// We didn't turn it up. It's possible that the relative_path_cache is out of date here.
// There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be
// necessary, it's easily resurrected.
// If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail
// for a movie. In that case, the .flv or .mp4 file would have been converted to a .jpg.
// So try some alternate types:
if (preg_match('/.jpg$/', $path)) {
foreach (array("flv", "mp4") as $ext) {
$movie_path = preg_replace('/.jpg$/', ".{$ext}", $path);
$item = ORM::factory("item")->where("relative_path_cache", $movie_path)->find();
if ($item->loaded) {
break;
}
}
}
}
if (!$item->loaded) {
kohana::show_404();
}
if ($type == "albums") {
$file = $item->file_path();
} else {
if ($type == "resizes") {
$file = $item->resize_path();
} else {
$file = $item->thumb_path();
}
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
kohana::show_404();
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
kohana::show_404();
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
kohana::show_404();
}
if (!file_exists($file)) {
kohana::show_404();
}
// We don't need to save the session for this request
Session::abort_save();
// Dump out the image. If the item is a movie, then its thumbnail will be a JPG.
if (in_array($item->mime_type, array("video/x-flv", "video/mp4"))) {
header("Content-type: image/jpeg");
} else {
header("Content-Type: {$item->mime_type}");
}
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
}
