← Back to branch summary

~ubuntu-branches/debian/jessie/phpldapadmin/jessie

« back to all changes in this revision

Viewing changes to htdocs/view_jpeg_photo.php

  • Committer: Bazaar Package Importer
  • Author(s): Fabio Tranchitella
  • Date: 2009-03-16 14:54:15 UTC
  • mfrom: (1.2.2 upstream)
  • Revision ID: james.westby@ubuntu.com-20090316145415-7dsvj319dd02h83j
Tags: 1.1.0.6-1
http://bugs.debian.org/518578
http://bugs.debian.org/518847
http://bugs.debian.org/519086
http://bugs.debian.org/505559
* New upstream release. (Closes: #518578)
* debian/rules: removed "-m 644" from the dh_install call. (Closes: #518847)
* debian/postrm: remove config.php at purge time. (Closes: #519086)
* debian/patches/hungarian.dpatch: fixed a hungarian translation.
  (Closes: #505559)

Show diffs side-by-side

added added

removed removed

Lines of Context:
htdocs/view_jpeg_photo.php
1
1
<?php
2
 
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/view_jpeg_photo.php,v 1.11.2.1 2007/12/26 09:26:32 wurley Exp $
 
2
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/view_jpeg_photo.php,v 1.11.2.3 2008/12/12 12:20:22 wurley Exp $
3
3
 
4
4
/**
5
5
 * @package phpLDAPadmin
9
9
 
10
10
require './common.php';
11
11
 
 
12
$file = array();
12
13
$file['name'] = get_request('file','GET');
13
14
 
14
15
/* Security check (we don't want anyone tryting to get at /etc/passwd or something)
15
16
 * Slashes and dots are not permitted in these names.
16
17
 */
17
18
if (! preg_match('/^pla/',$file['name']) || preg_match('/[\.\/\\\\]/',$file['name']))
18
 
        pla_error(sprintf('%s: %s',_('Unsafe file name'),htmlspecialchars($file['name'])));
 
19
        error(sprintf('%s: %s',_('Unsafe file name'),htmlspecialchars($file['name'])),'error','index.php');
19
20
 
20
21
/* Little security measure here (prevents users from accessing
21
22
   files, like /etc/passwd for example).*/
22
23
$file['name'] = basename(addcslashes($file['name'],'/\\'));
23
24
$file['name'] = sprintf('%s/%s',$_SESSION[APPCONFIG]->GetValue('jpeg','tmpdir'),$file['name']);
24
25
if (! file_exists($file['name']))
25
 
        pla_error(sprintf('%s%s %s',_('No such file'),_(':'),htmlspecialchars($file['name'])));
 
26
        error(sprintf('%s%s %s',_('No such file'),_(':'),htmlspecialchars($file['name'])),'error','index.php');
26
27
 
27
28
$file['handle'] = fopen($file['name'],'r');
28
29
$file['data'] = fread($file['handle'],filesize($file['name']));
29
30
fclose($file['handle']);
30
31
 
31
 
if (ob_get_level())
32
 
        ob_clean();
 
32
$obStatus = ob_get_status();
 
33
if (isset($obStatus['type']) && $obStatus['type'] && $obStatus['status'])
 
34
        ob_end_clean();
33
35
 
34
36
Header('Content-type: image/jpeg');
35
37
Header('Content-disposition: inline; filename=jpeg_photo.jpg');