X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fgetfile.php;h=4b57a05cd6bbe2c42af058e9e87f29ceb0a55095;hb=bc2f64d7ab6c0218104e1a655209fe062d5bdd43;hp=cd327e41007e43b25fd26db97c25d26145e040f5;hpb=866dfa6822df54765a9b92336722d86cfad6b123;p=quix0rs-gnu-social.git

diff --git a/actions/getfile.php b/actions/getfile.php
index cd327e4100..4b57a05cd6 100644
--- a/actions/getfile.php
+++ b/actions/getfile.php
@@ -47,13 +47,11 @@ require_once 'MIME/Type.php';
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  * @link      http://status.net/
  */
-
 class GetfileAction extends Action
 {
     /**
      * Path of file to return
      */
-
     var $path = null;
 
     /**
@@ -63,7 +61,6 @@ class GetfileAction extends Action
      *
      * @return success flag
      */
-
     function prepare($args)
     {
         parent::prepare($args);
@@ -71,15 +68,17 @@ class GetfileAction extends Action
         $filename = $this->trimmed('filename');
         $path = null;
 
-        if ($filename) {
+        if ($filename && File::validFilename($filename)) {
             $path = File::path($filename);
         }
 
         if (empty($path) or !file_exists($path)) {
+            // TRANS: Client error displayed when requesting a non-existent file.
             $this->clientError(_('No such file.'), 404);
             return false;
         }
         if (!is_readable($path)) {
+            // TRANS: Client error displayed when requesting a file without having read access to it.
             $this->clientError(_('Cannot read file.'), 403);
             return false;
         }
@@ -93,7 +92,6 @@ class GetfileAction extends Action
      *
      * @return boolean true
      */
-
     function isReadOnly($args)
     {
         return true;
@@ -104,7 +102,6 @@ class GetfileAction extends Action
      *
      * @return int last-modified date as unix timestamp
      */
-
     function lastModified()
     {
         if (common_config('site', 'use_x_sendfile')) {
@@ -122,16 +119,15 @@ class GetfileAction extends Action
      *
      * @return string etag http header
      */
-
     function etag()
     {
         if (common_config('site', 'use_x_sendfile')) {
             return null;
         }
 
-        $cache = common_memcache();
+        $cache = Cache::instance();
         if($cache) {
-            $key = common_cache_key('attachments:etag:' . $this->path);
+            $key = Cache::key('attachments:etag:' . $this->path);
             $etag = $cache->get($key);
             if($etag === false) {
                 $etag = crc32(file_get_contents($this->path));
@@ -151,7 +147,6 @@ class GetfileAction extends Action
      *
      * @return void
      */
-
     function handle($args)
     {
         // undo headers set by PHP sessions