X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=actions%2Fgetfile.php;h=4b57a05cd6bbe2c42af058e9e87f29ceb0a55095;hb=c2db2483a0e315f0050710bf6f224b2be3290039;hp=ecda34c0f6c8168d37f6fb3d3853031a5b4626eb;hpb=44ce8e2fcd1eba0d0f2723c246c1a021614e2763;p=quix0rs-gnu-social.git diff --git a/actions/getfile.php b/actions/getfile.php index ecda34c0f6..4b57a05cd6 100644 --- a/actions/getfile.php +++ b/actions/getfile.php @@ -1,13 +1,13 @@ . * - * @category Personal + * @category PrivateAttachments * @package StatusNet * @author Jeffery To - * @copyright 2008-2009 StatusNet, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 * @link http://status.net/ */ -if (!defined('STATUSNET') && !defined('LACONICA')) { +if (!defined('STATUSNET')) { exit(1); } require_once 'MIME/Type.php'; /** - * Action for getting a file attachment + * An action for returning a requested file * - * @category Personal - * @package StatusNet - * @author Jeffery To - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ + * The StatusNet system will do an implicit user check if the site is + * private before allowing this to continue + * + * @category PrivateAttachments + * @package StatusNet + * @author Jeffery To + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 + * @link http://status.net/ */ - class GetfileAction extends Action { /** * Path of file to return */ - var $path = null; /** @@ -59,7 +61,6 @@ class GetfileAction extends Action * * @return success flag */ - function prepare($args) { parent::prepare($args); @@ -67,15 +68,17 @@ class GetfileAction extends Action $filename = $this->trimmed('filename'); $path = null; - if ($filename) { - $path = common_config('attachments', 'dir') . $filename; + if ($filename && File::validFilename($filename)) { + $path = File::path($filename); } if (empty($path) or !file_exists($path)) { + // TRANS: Client error displayed when requesting a non-existent file. $this->clientError(_('No such file.'), 404); return false; } if (!is_readable($path)) { + // TRANS: Client error displayed when requesting a file without having read access to it. $this->clientError(_('Cannot read file.'), 403); return false; } @@ -89,7 +92,6 @@ class GetfileAction extends Action * * @return boolean true */ - function isReadOnly($args) { return true; @@ -100,9 +102,12 @@ class GetfileAction extends Action * * @return int last-modified date as unix timestamp */ - function lastModified() { + if (common_config('site', 'use_x_sendfile')) { + return null; + } + return filemtime($this->path); } @@ -116,6 +121,21 @@ class GetfileAction extends Action */ function etag() { + if (common_config('site', 'use_x_sendfile')) { + return null; + } + + $cache = Cache::instance(); + if($cache) { + $key = Cache::key('attachments:etag:' . $this->path); + $etag = $cache->get($key); + if($etag === false) { + $etag = crc32(file_get_contents($this->path)); + $cache->set($key,$etag); + } + return $etag; + } + $stat = stat($this->path); return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"'; } @@ -127,19 +147,24 @@ class GetfileAction extends Action * * @return void */ - function handle($args) { // undo headers set by PHP sessions $sec = session_cache_expire() * 60; header('Expires: ' . date(DATE_RFC1123, time() + $sec)); - header('Cache-Control: public, max-age=' . $sec); - header('Pragma: public'); + header('Cache-Control: max-age=' . $sec); parent::handle($args); $path = $this->path; + header('Content-Type: ' . MIME_Type::autoDetect($path)); - readfile($path); + + if (common_config('site', 'use_x_sendfile')) { + header('X-Sendfile: ' . $path); + } else { + header('Content-Length: ' . filesize($path)); + readfile($path); + } } }