X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fgetfile.php;h=f0c98f74167702ef6bcdc4daeffb2f5e1d67f055;hb=ad3b62cf2f857d53113692f5a12adce616f17829;hp=cd327e41007e43b25fd26db97c25d26145e040f5;hpb=bd6571c2e17939b21e01afd3772acb5cebbbadfe;p=quix0rs-gnu-social.git

diff --git a/actions/getfile.php b/actions/getfile.php
index cd327e4100..f0c98f7416 100644
--- a/actions/getfile.php
+++ b/actions/getfile.php
@@ -28,11 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
-    exit(1);
-}
-
-require_once 'MIME/Type.php';
+if (!defined('GNUSOCIAL')) { exit(1); }
 
 /**
  * An action for returning a requested file
@@ -47,13 +43,11 @@ require_once 'MIME/Type.php';
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  * @link      http://status.net/
  */
-
 class GetfileAction extends Action
 {
     /**
      * Path of file to return
      */
-
     var $path = null;
 
     /**
@@ -63,25 +57,24 @@ class GetfileAction extends Action
      *
      * @return success flag
      */
-
-    function prepare($args)
+    protected function prepare(array $args=array())
     {
         parent::prepare($args);
 
         $filename = $this->trimmed('filename');
         $path = null;
 
-        if ($filename) {
+        if ($filename && File::validFilename($filename)) {
             $path = File::path($filename);
         }
 
         if (empty($path) or !file_exists($path)) {
+            // TRANS: Client error displayed when requesting a non-existent file.
             $this->clientError(_('No such file.'), 404);
-            return false;
         }
         if (!is_readable($path)) {
+            // TRANS: Client error displayed when requesting a file without having read access to it.
             $this->clientError(_('Cannot read file.'), 403);
-            return false;
         }
 
         $this->path = $path;
@@ -93,7 +86,6 @@ class GetfileAction extends Action
      *
      * @return boolean true
      */
-
     function isReadOnly($args)
     {
         return true;
@@ -104,7 +96,6 @@ class GetfileAction extends Action
      *
      * @return int last-modified date as unix timestamp
      */
-
     function lastModified()
     {
         if (common_config('site', 'use_x_sendfile')) {
@@ -122,16 +113,15 @@ class GetfileAction extends Action
      *
      * @return string etag http header
      */
-
     function etag()
     {
         if (common_config('site', 'use_x_sendfile')) {
             return null;
         }
 
-        $cache = common_memcache();
+        $cache = Cache::instance();
         if($cache) {
-            $key = common_cache_key('attachments:etag:' . $this->path);
+            $key = Cache::key('attachments:etag:' . $this->path);
             $etag = $cache->get($key);
             if($etag === false) {
                 $etag = crc32(file_get_contents($this->path));
@@ -147,23 +137,22 @@ class GetfileAction extends Action
     /**
      * Handle input, produce output
      *
-     * @param array $args $_REQUEST contents
-     *
      * @return void
      */
-
-    function handle($args)
+    protected function handle()
     {
         // undo headers set by PHP sessions
         $sec = session_cache_expire() * 60;
         header('Expires: ' . date(DATE_RFC1123, time() + $sec));
         header('Cache-Control: max-age=' . $sec);
 
-        parent::handle($args);
+        parent::handle();
 
         $path = $this->path;
 
-        header('Content-Type: ' . MIME_Type::autoDetect($path));
+        $finfo = new finfo(FILEINFO_MIME_TYPE);
+
+        header('Content-Type: ' . $finfo->file($path));
 
         if (common_config('site', 'use_x_sendfile')) {
             header('X-Sendfile: ' . $path);