10
10
require './common.php';
12
13
$file['name'] = get_request('file','GET');
14
15
/* Security check (we don't want anyone tryting to get at /etc/passwd or something)
15
16
* Slashes and dots are not permitted in these names.
17
18
if (! preg_match('/^pla/',$file['name']) || preg_match('/[\.\/\\\\]/',$file['name']))
18
pla_error(sprintf('%s: %s',_('Unsafe file name'),htmlspecialchars($file['name'])));
19
error(sprintf('%s: %s',_('Unsafe file name'),htmlspecialchars($file['name'])),'error','index.php');
20
21
/* Little security measure here (prevents users from accessing
21
22
files, like /etc/passwd for example).*/
22
23
$file['name'] = basename(addcslashes($file['name'],'/\\'));
23
24
$file['name'] = sprintf('%s/%s',$_SESSION[APPCONFIG]->GetValue('jpeg','tmpdir'),$file['name']);
24
25
if (! file_exists($file['name']))
25
pla_error(sprintf('%s%s %s',_('No such file'),_(':'),htmlspecialchars($file['name'])));
26
error(sprintf('%s%s %s',_('No such file'),_(':'),htmlspecialchars($file['name'])),'error','index.php');
27
28
$file['handle'] = fopen($file['name'],'r');
28
29
$file['data'] = fread($file['handle'],filesize($file['name']));
29
30
fclose($file['handle']);
32
$obStatus = ob_get_status();
33
if (isset($obStatus['type']) && $obStatus['type'] && $obStatus['status'])
34
36
Header('Content-type: image/jpeg');
35
37
Header('Content-disposition: inline; filename=jpeg_photo.jpg');