X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fgetfile.php;h=abdf5b69fc3904928e06419fff0ce467a967cf00;hb=b15f5f0cafc08c9b63090c5b4f7494fca0634238;hp=ecda34c0f6c8168d37f6fb3d3853031a5b4626eb;hpb=61419038e5747886357964a7eb3f814761482891;p=quix0rs-gnu-social.git

diff --git a/actions/getfile.php b/actions/getfile.php
index ecda34c0f6..abdf5b69fc 100644
--- a/actions/getfile.php
+++ b/actions/getfile.php
@@ -1,13 +1,13 @@
 <?php
 /**
- * StatusNet, the distributed open-source microblogging tool
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2009, StatusNet, Inc.
  *
- * Returns a given file attachment, allowing private sites to only allow
- * access to file attachments after login.
+ * Return a requested file
  *
  * PHP version 5
  *
- * LICENCE: This program is free software: you can redistribute it and/or modify
+ * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
  * (at your option) any later version.
@@ -20,36 +20,34 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
- * @category  Personal
+ * @category  PrivateAttachments
  * @package   StatusNet
  * @author    Jeffery To <jeffery.to@gmail.com>
- * @copyright 2008-2009 StatusNet, Inc.
- * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @copyright 2009 StatusNet, Inc.
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
-    exit(1);
-}
-
-require_once 'MIME/Type.php';
+if (!defined('GNUSOCIAL')) { exit(1); }
 
 /**
- * Action for getting a file attachment
+ * An action for returning a requested file
+ *
+ * The StatusNet system will do an implicit user check if the site is
+ * private before allowing this to continue
  *
- * @category Personal
- * @package  StatusNet
- * @author   Jeffery To <jeffery.to@gmail.com>
- * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
- * @link     http://status.net/
+ * @category  PrivateAttachments
+ * @package   StatusNet
+ * @author    Jeffery To <jeffery.to@gmail.com>
+ * @copyright 2009 StatusNet, Inc.
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
+ * @link      http://status.net/
  */
-
 class GetfileAction extends Action
 {
     /**
      * Path of file to return
      */
-
     var $path = null;
 
     /**
@@ -59,25 +57,24 @@ class GetfileAction extends Action
      *
      * @return success flag
      */
-
-    function prepare($args)
+    protected function prepare(array $args=array())
     {
         parent::prepare($args);
 
         $filename = $this->trimmed('filename');
         $path = null;
 
-        if ($filename) {
-            $path = common_config('attachments', 'dir') . $filename;
+        if ($filename && File::validFilename($filename)) {
+            $path = File::path($filename);
         }
 
         if (empty($path) or !file_exists($path)) {
+            // TRANS: Client error displayed when requesting a non-existent file.
             $this->clientError(_('No such file.'), 404);
-            return false;
         }
         if (!is_readable($path)) {
+            // TRANS: Client error displayed when requesting a file without having read access to it.
             $this->clientError(_('Cannot read file.'), 403);
-            return false;
         }
 
         $this->path = $path;
@@ -89,8 +86,7 @@ class GetfileAction extends Action
      *
      * @return boolean true
      */
-
-    function isReadOnly($args)
+    function isReadOnly(array $args=array())
     {
         return true;
     }
@@ -100,9 +96,12 @@ class GetfileAction extends Action
      *
      * @return int last-modified date as unix timestamp
      */
-
     function lastModified()
     {
+        if (common_config('site', 'use_x_sendfile')) {
+            return null;
+        }
+
         return filemtime($this->path);
     }
 
@@ -116,6 +115,21 @@ class GetfileAction extends Action
      */
     function etag()
     {
+        if (common_config('site', 'use_x_sendfile')) {
+            return null;
+        }
+
+        $cache = Cache::instance();
+        if($cache) {
+            $key = Cache::key('attachments:etag:' . $this->path);
+            $etag = $cache->get($key);
+            if($etag === false) {
+                $etag = crc32(file_get_contents($this->path));
+                $cache->set($key,$etag);
+            }
+            return $etag;
+        }
+
         $stat = stat($this->path);
         return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"';
     }
@@ -123,23 +137,28 @@ class GetfileAction extends Action
     /**
      * Handle input, produce output
      *
-     * @param array $args $_REQUEST contents
-     *
      * @return void
      */
-
-    function handle($args)
+    protected function handle()
     {
         // undo headers set by PHP sessions
         $sec = session_cache_expire() * 60;
         header('Expires: ' . date(DATE_RFC1123, time() + $sec));
-        header('Cache-Control: public, max-age=' . $sec);
-        header('Pragma: public');
+        header('Cache-Control: max-age=' . $sec);
 
-        parent::handle($args);
+        parent::handle();
 
         $path = $this->path;
-        header('Content-Type: ' . MIME_Type::autoDetect($path));
-        readfile($path);
+
+        $finfo = new finfo(FILEINFO_MIME_TYPE);
+
+        header('Content-Type: ' . $finfo->file($path));
+
+        if (common_config('site', 'use_x_sendfile')) {
+            header('X-Sendfile: ' . $path);
+        } else {
+            header('Content-Length: ' . filesize($path));
+            readfile($path);
+        }
     }
 }