/** * event listener for shutdown event; retrieves and outputs a file * * @return void * @author Andy Bennett */ public function shutdown() { Kohana::close_buffers(false); $f = isset($_REQUEST['file']) ? $_REQUEST['file'] : implode('/', Router::$arguments); $ext = substr($f, strrpos($f, '.') + 1); $file = substr($f, 0, strrpos($f, '.')); if ($location = Kohana::find_file('web', $file, FALSE, $ext)) { // Copy file to the cache... $filepath = dirname($file); $fc = file_get_contents($location); if (Kohana::config('config.debugging') != true) { @mkdir(DOCROOT . '/cache/' . $filepath, 0777, true); file_put_contents(DOCROOT . '/cache/' . $file . '.' . $ext, $fc); } $m = Kohana::config('mimes.' . $ext); if (!empty($m) and array($m)) { header("Content-type: " . current($m)); } $fs = filesize($location); header("Content-Length: " . $fs); readfile($location); } else { Kohana::log('error', 'Webcache file not found:- ' . $f); } }
/** * Send the contents of a file or a data string with the proper MIME type and exit. * * @uses exit() * @uses Kohana::close_buffers() * * @param string a file path or file name * @param string optional data to send * @return void */ public static function send($filename, $data = NULL) { if ($data === NULL) { $filepath = realpath($filename); $filename = basename($filepath); $filesize = filesize($filepath); } else { $filename = basename($filename); $filesize = strlen($data); } // Retrieve MIME type by extension $mime = Kohana::config('mimes.' . strtolower(substr(strrchr($filename, '.'), 1))); $mime = empty($mime) ? 'application/octet-stream' : $mime[0]; // Close output buffers Kohana::close_buffers(FALSE); // Clear any output Event::add('system.display', create_function('', 'Kohana::$output = "";')); // Send headers header("Content-Type: {$mime}"); header('Content-Length: ' . sprintf('%d', $filesize)); header('Content-Transfer-Encoding: binary'); // Send data if ($data === NULL) { $handle = fopen($filepath, 'rb'); fpassthru($handle); fclose($handle); } else { echo $data; } exit; }
public function download($id) { $item = ORM::factory("item", $id); // Make sure we have access to the item if (!access::can("view", $item)) { throw new Kohana_404_Exception(); } // Make sure we have view_full access to the original if (!access::can("view_full", $item)) { throw new Kohana_404_Exception(); } // Don't try to load a directory if ($item->is_album()) { throw new Kohana_404_Exception(); } $file = $item->file_path(); if (!file_exists($file)) { throw new Kohana_404_Exception(); } header("Content-Length: " . filesize($file)); header("Pragma: public"); header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=\"{$item->name}\""); Kohana::close_buffers(false); readfile($file); }
public function print_proxy($site_key, $file_id) { // This function retrieves the full-sized image for fotomoto. // As this function by-passes normal Gallery security, a private // site-key is used to try and prevent people other then fotomoto // from finding the URL. // If the site key doesn't match, display a 404 error. if ($site_key != module::get_var("fotomotorw", "fotomoto_private_key")) { throw new Kohana_404_Exception(); } // Load the photo from the provided id. If the id# is invalid, display a 404 error. $item = ORM::factory("item", $file_id); if (!$item->loaded()) { throw new Kohana_404_Exception(); } // If the image file doesn't exist for some reason, display a 404 error. if (!file_exists($item->file_path())) { throw new Kohana_404_Exception(); } // Display the image. header("Content-Type: {$item->mime_type}"); Kohana::close_buffers(false); $fd = fopen($item->file_path(), "rb"); fpassthru($fd); fclose($fd); }
/** * Force a download of a file to the user's browser. This function is * binary-safe and will work with any MIME type that Kohana is aware of. * * @param string a file path or file name * @param mixed data to be sent if the filename does not exist * @param string suggested filename to display in the download * @return void */ public static function force($filename = NULL, $data = NULL, $nicename = NULL) { if (empty($filename)) { return FALSE; } if (is_file($filename)) { // Get the real path $filepath = str_replace('\\', '/', realpath($filename)); // Set filesize $filesize = filesize($filepath); // Get filename $filename = substr(strrchr('/' . $filepath, '/'), 1); // Get extension $extension = strtolower(substr(strrchr($filepath, '.'), 1)); } else { // Get filesize $filesize = strlen($data); // Make sure the filename does not have directory info $filename = substr(strrchr('/' . $filename, '/'), 1); // Get extension $extension = strtolower(substr(strrchr($filename, '.'), 1)); } // Get the mime type of the file $mime = Kohana::config('mimes.' . $extension); if (empty($mime)) { // Set a default mime if none was found $mime = array('application/octet-stream'); } // Generate the server headers header('Content-Type: ' . $mime[0]); header('Content-Disposition: attachment; filename="' . (empty($nicename) ? $filename : $nicename) . '"'); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . sprintf('%d', $filesize)); // More caching prevention header('Expires: 0'); if (Kohana::user_agent('browser') === 'Internet Explorer') { // Send IE headers header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { // Send normal headers header('Pragma: no-cache'); } // Clear the output buffer Kohana::close_buffers(FALSE); if (isset($filepath)) { // Open the file $handle = fopen($filepath, 'rb'); // Send the file data fpassthru($handle); // Close the file fclose($handle); } else { // Send the file data echo $data; } }
static function get($request) { $item = rest::resolve($request->url); $p = $request->params; if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) { throw new Rest_Exception("Bad Request", 400, array("errors" => array("size" => "invalid"))); } // Note: this code is roughly duplicated in file_proxy, so if you modify this, please look to // see if you should make the same change there as well. if ($p->size == "full") { if ($item->is_album()) { throw new Kohana_404_Exception(); } access::required("view_full", $item); $file = $item->file_path(); } else { if ($p->size == "resize") { access::required("view", $item); $file = $item->resize_path(); } else { access::required("view", $item); $file = $item->thumb_path(); } } if (!file_exists($file)) { throw new Kohana_404_Exception(); } header("Content-Length: " . filesize($file)); if (isset($p->m)) { header("Pragma:"); // Check that the content hasn't expired or it wasn't changed since cached expires::check(2592000, $item->updated); expires::set(2592000, $item->updated); // 30 days } // We don't need to save the session for this request Session::instance()->abort_save(); // Dump out the image. If the item is a movie or album, then its thumbnail will be a JPG. if (($item->is_movie() || $item->is_album()) && $p->size == "thumb") { header("Content-Type: image/jpeg"); } else { header("Content-Type: {$item->mime_type}"); } if (TEST_MODE) { return $file; } else { Kohana::close_buffers(false); if (isset($p->encoding) && $p->encoding == "base64") { print base64_encode(file_get_contents($file)); } else { readfile($file); } } // We must exit here to keep the regular REST framework reply code from adding more bytes on // at the end or tinkering with headers. exit; }
static function get($request) { $item = rest::resolve($request->url); access::required("view", $item); $p = $request->params; if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) { throw new Rest_Exception("Bad Request", 400, array("errors" => array("size" => "invalid"))); } switch ($p->size) { case "thumb": $file = $item->thumb_path(); break; case "resize": $file = $item->resize_path(); break; case "full": $file = $item->file_path(); break; } if (!file_exists($file)) { throw new Kohana_404_Exception(); } // Note: this code is roughly duplicated in data_rest, so if you modify this, please look to // see if you should make the same change there as well. // // We don't have a cache buster in the url, so don't set cache headers here. // We don't need to save the session for this request Session::instance()->abort_save(); if ($item->is_album() && !$item->album_cover_item_id) { // No thumbnail. Return nothing. // @todo: what should we do here? return; } // Dump out the image. If the item is a movie, then its thumbnail will be a JPG. if ($item->is_movie() && $p->size == "thumb") { header("Content-Type: image/jpeg"); } else { if ($item->is_album()) { header("Content-Type: " . $item->album_cover()->mime_type); } else { header("Content-Type: {$item->mime_type}"); } } Kohana::close_buffers(false); if (isset($p->encoding) && $p->encoding == "base64") { print base64_encode(file_get_contents($file)); } else { readfile($file); } // We must exit here to keep the regular REST framework reply code from adding more bytes on // at the end or tinkering with headers. exit; }
public function print_proxy($type, $id) { // If its a request for the full size then make sure we are coming from an // authorized address if ($type == "full") { $remote_addr = ip2long($this->input->server("REMOTE_ADDR")); if ($remote_addr === false) { Kohana::show_404(); } $config = Kohana::config("addthis"); $authorized = false; foreach ($config["ranges"] as $ip_range) { $low = ip2long($ip_range["low"]); $high = ip2long($ip_range["high"]); $authorized = $low !== false && $high !== false && $low <= $remote_addr && $remote_addr <= $high; if ($authorized) { break; } } if (!$authorized) { Kohana::show_404(); } } $proxy = ORM::factory("addthis_proxy", array("uuid" => $id)); if (!$proxy->loaded || !$proxy->item->loaded) { Kohana::show_404(); } $file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path(); if (!file_exists($file)) { kohana::show_404(); } // We don't need to save the session for this request Session::abort_save(); if (!TEST_MODE) { // Dump out the image header("Content-Type: {$proxy->item}->mime_type"); Kohana::close_buffers(false); $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); // If the request was for the image and not the thumb, then delete the proxy. if ($type == "full") { $proxy->delete(); } } $this->_clean_expired(); }
public function print_proxy($type, $uuid) { // If its a request for the full size then make sure we are coming from an // authorized address if ($type == "full") { $remote_addr = ip2long(Input::instance()->server("REMOTE_ADDR")); if ($remote_addr === false) { throw new Kohana_404_Exception(); } $config = Kohana::config("digibug"); $authorized = false; foreach ($config["ranges"] as $ip_range) { $low = ip2long($ip_range["low"]); $high = ip2long($ip_range["high"]); $authorized = $low !== false && $high !== false && $low <= $remote_addr && $remote_addr <= $high; if ($authorized) { break; } } if (!$authorized) { throw new Kohana_404_Exception(); } } $proxy = ORM::factory("digibug_proxy")->where("uuid", "=", $uuid)->find(); if (!$proxy->loaded() || !$proxy->item->loaded()) { throw new Kohana_404_Exception(); } $file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path(); if (!file_exists($file)) { throw new Kohana_404_Exception(); } // We don't need to save the session for this request Session::instance()->abort_save(); if (!TEST_MODE) { // Dump out the image header("Content-Type: {$proxy->item->mime_type}"); Kohana::close_buffers(false); $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); } $this->_clean_expired(); }
/** * Print out a cached entry. * @param string the combined entry type (either "javascript" or "css") * @param string the key (typically an md5 sum) */ private function _emit($type, $key) { $input = Input::instance(); // We don't need to save the session for this request Session::instance()->abort_save(); // Our data is immutable, so if they already have a copy then it needs no updating. if ($input->server("HTTP_IF_MODIFIED_SINCE")) { header('HTTP/1.0 304 Not Modified'); header("Expires: Tue, 19 Jan 2038 00:00:00 GMT"); header("Cache-Control: public,max-age=2678400"); header('Pragma: public'); Kohana::close_buffers(false); return ""; } if (empty($key)) { throw new Kohana_404_Exception(); } $cache = Cache::instance(); $use_gzip = function_exists("gzencode") && stripos($input->server("HTTP_ACCEPT_ENCODING"), "gzip") !== false && (int) ini_get("zlib.output_compression") === 0; if ($use_gzip && ($content = $cache->get("{$key}_gz"))) { header("Content-Encoding: gzip"); header("Vary: Accept-Encoding"); } else { // Fall back to non-gzipped if we have to $content = $cache->get($key); } if (empty($content)) { throw new Kohana_404_Exception(); } // $type is either 'javascript' or 'css' if ($type == "javascript") { header("Content-Type: application/javascript; charset=UTF-8"); } else { header("Content-Type: text/css; charset=UTF-8"); } header("Expires: Tue, 19 Jan 2038 00:00:00 GMT"); header("Cache-Control: public,max-age=2678400"); header("Pragma: public"); header("Last-Modified: " . gmdate("D, d M Y H:i:s T", time())); header("Content-Length: " . strlen($content)); Kohana::close_buffers(false); print $content; }
public function print_proxy($type, $id) { $proxy = ORM::factory("digibug_proxy", array("uuid" => $id)); if (!$proxy->loaded || !$proxy->item->loaded) { Kohana::show_404(); } $file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path(); if (!file_exists($file)) { kohana::show_404(); } // We don't need to save the session for this request Session::abort_save(); // Dump out the image header("Content-Type: {$proxy->item}->mime_type"); Kohana::close_buffers(false); $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); // If the request was for the image and not the thumb, then delete the proxy. if ($type == "full") { $proxy->delete(); } $this->_clean_expired(); }
/** * See system/helpers/download.php */ private function prepareOutput() { // Close output buffers Kohana::close_buffers(FALSE); // Clear any output Event::add('system.display', create_function('', 'Kohana::$output = "";')); }
/** * undocumented function * * @param string $path * @return void * @author Andy Bennett */ protected function render($path, $download = false, $orig_name = null) { Kohana::close_buffers(false); if (is_null($orig_name)) { $orig_name = basename($path); } $file_type = uploads::check_filetype(file::mime($path), $path); header('Content-type: ' . $file_type); if (!file::is_image($file_type) or $download) { header('Content-Disposition: attachment; filename="' . $orig_name . '"'); } header("Content-Length: " . filesize($path)); readfile($path); exit; }
public function __call($function, $args) { // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg $request_uri = $this->input->server("REQUEST_URI"); // var_uri: http://example.com/gallery3/var/ $var_uri = url::file("var/"); // Make sure that the request is for a file inside var $offset = strpos($request_uri, $var_uri); if ($offset === false) { kohana::show_404(); } $file = substr($request_uri, strlen($var_uri)); // Make sure that we don't leave the var dir if (strpos($file, "..") !== false) { kohana::show_404(); } // We only handle var/resizes and var/albums $paths = explode("/", $file); $type = $paths[0]; if ($type != "resizes" && $type != "albums" && $type != "thumbs") { kohana::show_404(); } // If the last element is .album.jpg, pop that off since it's not a real item if ($paths[count($paths) - 1] == ".album.jpg") { array_pop($paths); } if ($paths[count($paths) - 1] == "") { array_pop($paths); } // Find all items that match the level and name, then iterate over those to find a match. // In most cases we'll get it in one. Note that for the level calculation, we just count the // size of $paths. $paths includes the type ("thumbs", etc) but it doesn't include the root, // so it's a wash. $count = count($paths); $compare_file = VARPATH . $file; $item = null; foreach (ORM::factory("item")->where("name", $paths[$count - 1])->where("level", $count)->find_all() as $match) { if ($type == "albums") { $match_file = $match->file_path(); } else { if ($type == "resizes") { $match_file = $match->resize_path(); } else { $match_file = $match->thumb_path(); } } if ($match_file == $compare_file) { $item = $match; break; } } if (!$item) { kohana::show_404(); } // Make sure we have access to the item if (!access::can("view", $item)) { kohana::show_404(); } // Make sure we have view_full access to the original if ($type == "albums" && !access::can("view_full", $item)) { kohana::show_404(); } // Don't try to load a directory if ($type == "albums" && $item->is_album()) { kohana::show_404(); } if (!file_exists($match_file)) { kohana::show_404(); } // Dump out the image header("Content-Type: {$item->mime_type}"); Kohana::close_buffers(false); $fd = fopen($match_file, "rb"); fpassthru($fd); fclose($fd); }
/** * Triggers the shutdown of Kohana by closing the output buffer, runs the system.display event. * * @return void */ public static function shutdown() { static $run; // Only run this function once if ($run === TRUE) { return; } $run = TRUE; // Run system.shutdown event Event::run('system.shutdown'); // Close output buffers Kohana::close_buffers(TRUE); // Run the output event Event::run('system.display', Kohana::$output); // Render the final output Kohana::render(Kohana::$output); }
public function __call($function, $args) { // request_uri: gallery3/var/albums/foo/bar.jpg?m=1234 $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); // get rid of query parameters // request_uri: gallery3/var/albums/foo/bar.jpg $request_uri = preg_replace("/\\?.*/", "", $request_uri); // var_uri: gallery3/var/ $var_uri = url::file("var/"); // Make sure that the request is for a file inside var $offset = strpos(rawurldecode($request_uri), $var_uri); if ($offset !== 0) { throw new Kohana_404_Exception(); } // file_uri: albums/foo/bar.jpg $file_uri = substr($request_uri, strlen($var_uri)); // type: albums // path: foo/bar.jpg list($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { throw new Kohana_404_Exception(); } // If the last element is .album.jpg, pop that off since it's not a real item $path = preg_replace("|/.album.jpg\$|", "", $path); $item = item::find_by_path($path); if (!$item->loaded()) { // We didn't turn it up. If we're looking for a .jpg then it's it's possible that we're // requesting the thumbnail for a movie. In that case, the .flv, .mp4 or .m4v file would // have been converted to a .jpg. So try some alternate types: if (preg_match('/.jpg$/', $path)) { // rWatcher Mod: look for videos with file extensions supported by the videos module in addition to flv mp4 and m4v // Original Line: foreach (array("flv", "mp4", "m4v") as $ext) { foreach (array_merge(array("flv", "mp4", "m4v"), unserialize(module::get_var("videos", "allowed_extensions"))) as $ext) { $movie_path = preg_replace('/.jpg$/', ".{$ext}", $path); $item = item::find_by_path($movie_path); if ($item->loaded()) { break; } } } // rWatcher Mod: // If we're looking for a .flv then it's it's possible that we're requesting a flash resize // for a movie. if (strtolower(substr($path, strlen($path) - 4)) == ".flv") { $movie_path = str_ireplace(".flv", "", $path); $item = ORM::factory("item")->where("relative_path_cache", "=", $movie_path)->find(); } // END rWatcher Mod } if (!$item->loaded()) { throw new Kohana_404_Exception(); } // Make sure we have access to the item if (!access::can("view", $item)) { throw new Kohana_404_Exception(); } // Make sure we have view_full access to the original if ($type == "albums" && !access::can("view_full", $item)) { throw new Kohana_404_Exception(); } // Don't try to load a directory if ($type == "albums" && $item->is_album()) { throw new Kohana_404_Exception(); } if ($type == "albums") { $file = $item->file_path(); } else { if ($type == "resizes") { $file = $item->resize_path(); // rWatcher MOD // If the resize is for a movie, assume it needs a .flv extension. if ($item->is_movie()) { $file = $file . ".flv"; } // End rWatcher MOD } else { $file = $item->thumb_path(); } } if (!file_exists($file)) { throw new Kohana_404_Exception(); } header("Content-Length: " . filesize($file)); header("Pragma:"); // Check that the content hasn't expired or it wasn't changed since cached expires::check(2592000, $item->updated); // We don't need to save the session for this request Session::instance()->abort_save(); expires::set(2592000, $item->updated); // 30 days // Dump out the image. If the item is a movie, then its thumbnail will be a JPG. if ($item->is_movie() && $type != "albums") { header("Content-Type: image/jpeg"); } else { header("Content-Type: {$item->mime_type}"); } Kohana::close_buffers(false); readfile($file); }
public function __call($function, $args) { // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg $request_uri = $this->input->server("REQUEST_URI"); $request_uri = preg_replace("/\\?.*/", "", $request_uri); // Unescape %7E ("~") and %20 (" ") $request_uri = str_replace(array("%7E", "%20"), array("~", " "), $request_uri); // var_uri: http://example.com/gallery3/var/ $var_uri = url::file("var/"); // Make sure that the request is for a file inside var $offset = strpos($request_uri, $var_uri); if ($offset === false) { kohana::show_404(); } $file_uri = substr($request_uri, strlen($var_uri)); // Make sure that we don't leave the var dir if (strpos($file_uri, "..") !== false) { kohana::show_404(); } list($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { kohana::show_404(); } // If the last element is .album.jpg, pop that off since it's not a real item $path = preg_replace("|/.album.jpg\$|", "", $path); // We now have the relative path to the item. Search for it in the path cache $item = ORM::factory("item")->where("relative_path_cache", $path)->find(); if (!$item->loaded) { // We didn't turn it up. This may mean that the path cache is out of date, so look it up // the hard way. // // Find all items that match the level and name, then iterate over those to find a match. // In most cases we'll get it in one. Note that for the level calculation, we just count the // size of $paths. $paths = explode("/", $path); $count = count($paths); foreach (ORM::factory("item")->where("name", $paths[$count - 1])->where("level", $count + 1)->find_all() as $match) { if ($match->relative_path() == $path) { $item = $match; break; } } } if (!$item->loaded) { kohana::show_404(); } if ($type == "albums") { $file = $item->file_path(); } else { if ($type == "resizes") { $file = $item->resize_path(); } else { $file = $item->thumb_path(); } } // Make sure we have access to the item if (!access::can("view", $item)) { kohana::show_404(); } // Make sure we have view_full access to the original if ($type == "albums" && !access::can("view_full", $item)) { kohana::show_404(); } // Don't try to load a directory if ($type == "albums" && $item->is_album()) { kohana::show_404(); } if (!file_exists($file)) { kohana::show_404(); } // Dump out the image header("Content-Type: {$item->mime_type}"); Kohana::close_buffers(false); $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); }
/** * undocumented function * * @param string $path * @return void * @author Andy Bennett */ protected function render($path, $download = false, $orig_name = null) { Kohana::close_buffers(false); if (is_null($orig_name)) { $orig_name = basename($path); } $file_type = mimes::check($path); header('Content-type: ' . $file_type); if (!file::is_image($file_type) and strpos($file_type, 'flash') === false or $download) { header('Content-Disposition: attachment; filename="' . $orig_name . '"'); } header("Content-Length: " . filesize($path)); readfile($path); if ($this->delete_fullpath) { unlink($this->delete_fullpath); } exit; }
public function __call($function, $args) { // request_uri: gallery3/var/trunk/albums/foo/bar.jpg $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); $request_uri = preg_replace("/\\?.*/", "", $request_uri); // var_uri: gallery3/var/ $var_uri = url::file("var/"); // Make sure that the request is for a file inside var $offset = strpos(rawurldecode($request_uri), $var_uri); if ($offset !== 0) { throw new Kohana_404_Exception(); } $file_uri = substr($request_uri, strlen($var_uri)); // Make sure that we don't leave the var dir if (strpos($file_uri, "..") !== false) { throw new Kohana_404_Exception(); } list($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { throw new Kohana_404_Exception(); } // If the last element is .album.jpg, pop that off since it's not a real item $path = preg_replace("|/.album.jpg\$|", "", $path); $encoded_path = array(); foreach (explode("/", $path) as $path_part) { $encoded_path[] = rawurlencode($path_part); } // We now have the relative path to the item. Search for it in the path cache // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to // insure that the paths are normalized. $item = ORM::factory("item")->where("relative_path_cache", "=", implode("/", $encoded_path))->find(); if (!$item->loaded()) { // We didn't turn it up. It's possible that the relative_path_cache is out of date here. // There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be // necessary, it's easily resurrected. // If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail // for a movie. In that case, the .flv or .mp4 file would have been converted to a .jpg. // So try some alternate types: if (preg_match('/.jpg$/', $path)) { foreach (array("flv", "mp4") as $ext) { $movie_path = preg_replace('/.jpg$/', ".{$ext}", $path); $item = ORM::factory("item")->where("relative_path_cache", "=", $movie_path)->find(); if ($item->loaded()) { break; } } } } if (!$item->loaded()) { throw new Kohana_404_Exception(); } // Make sure we have access to the item if (!access::can("view", $item)) { throw new Kohana_404_Exception(); } // Make sure we have view_full access to the original if ($type == "albums" && !access::can("view_full", $item)) { throw new Kohana_404_Exception(); } // Don't try to load a directory if ($type == "albums" && $item->is_album()) { throw new Kohana_404_Exception(); } if ($type == "albums") { $file = $item->file_path(); } else { if ($type == "resizes") { $file = $item->resize_path(); } else { $file = $item->thumb_path(); } } if (!file_exists($file)) { throw new Kohana_404_Exception(); } header("Pragma:"); // Check that the content hasn't expired or it wasn't changed since cached expires::check(2592000, $item->updated); // We don't need to save the session for this request Session::abort_save(); expires::set(2592000, $item->updated); // 30 days // Dump out the image. If the item is a movie, then its thumbnail will be a JPG. if ($item->is_movie() && $type != "albums") { header("Content-type: image/jpeg"); } else { header("Content-Type: {$item->mime_type}"); } Kohana::close_buffers(false); $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); }
public function __call($function, $args) { // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg $request_uri = $this->input->server("REQUEST_URI"); $request_uri = preg_replace("/\\?.*/", "", $request_uri); // Unescape %7E (~), %20 ( ) and %27 (') // @todo: figure out why we have to do this and unescape everything appropriate $request_uri = str_replace(array("%7E", "%20", "%27"), array("~", " ", "'"), $request_uri); // var_uri: http://example.com/gallery3/var/ $var_uri = url::file("var/"); // Make sure that the request is for a file inside var $offset = strpos($request_uri, $var_uri); if ($offset === false) { kohana::show_404(); } $file_uri = substr($request_uri, strlen($var_uri)); // Make sure that we don't leave the var dir if (strpos($file_uri, "..") !== false) { kohana::show_404(); } list($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { kohana::show_404(); } // If the last element is .album.jpg, pop that off since it's not a real item $path = preg_replace("|/.album.jpg\$|", "", $path); // We now have the relative path to the item. Search for it in the path cache $item = ORM::factory("item")->where("relative_path_cache", $path)->find(); if (!$item->loaded) { // We didn't turn it up. It's possible that the relative_path_cache is out of date here. // There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be // necessary, it's easily resurrected. // If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail // for a movie. In that case, the .flv or .mp4 file would have been converted to a .jpg. // So try some alternate types: if (preg_match('/.jpg$/', $path)) { foreach (array("flv", "mp4") as $ext) { $movie_path = preg_replace('/.jpg$/', ".{$ext}", $path); $item = ORM::factory("item")->where("relative_path_cache", $movie_path)->find(); if ($item->loaded) { break; } } } } if (!$item->loaded) { kohana::show_404(); } if ($type == "albums") { $file = $item->file_path(); } else { if ($type == "resizes") { $file = $item->resize_path(); } else { $file = $item->thumb_path(); } } // Make sure we have access to the item if (!access::can("view", $item)) { kohana::show_404(); } // Make sure we have view_full access to the original if ($type == "albums" && !access::can("view_full", $item)) { kohana::show_404(); } // Don't try to load a directory if ($type == "albums" && $item->is_album()) { kohana::show_404(); } if (!file_exists($file)) { kohana::show_404(); } // We don't need to save the session for this request Session::abort_save(); // Dump out the image. If the item is a movie, then its thumbnail will be a JPG. if (in_array($item->mime_type, array("video/x-flv", "video/mp4"))) { header("Content-type: image/jpeg"); } else { header("Content-Type: {$item->mime_type}"); } Kohana::close_buffers(false); $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); }