diff options
Diffstat (limited to 'mod/profile/icondirect.php')
| -rw-r--r-- | mod/profile/icondirect.php | 82 |
1 files changed, 35 insertions, 47 deletions
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index 8a46786ab..5f1599e0d 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -1,58 +1,47 @@ <?php - /** * Elgg profile icon cache/bypass * + * * @package ElggProfile - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd <info@elgg.com> - * @copyright Curverider Ltd 2008-2010 - * @link http://elgg.com/ */ - // Get DB settings require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php'); global $CONFIG; +// won't be able to serve anything if no joindate or guid +if (!isset($_GET['joindate']) || !isset($_GET['guid'])) { + header("HTTP/1.1 404 Not Found"); + exit; +} -$username = $_GET['username']; -$joindate = (int)$_GET['joindate']; +$join_date = (int)$_GET['joindate']; +$last_cache = (int)$_GET['lastcache']; // icontime $guid = (int)$_GET['guid']; -$size = strtolower($_GET['size']); -if (!in_array($size,array('large','medium','small','tiny','master','topbar'))) { - $size = "medium"; -} - -// security check on username string -if ( (strpos($username, '/')!==false) || - (strpos($username, '\\')!==false) || - (strpos($username, '"')!==false) || - (strpos($username, '\'')!==false) || - (strpos($username, '*')!==false) || - (strpos($username, '&')!==false) || - (strpos($username, ' ')!==false) ) { - // these characters are not allowed in usernames +// If is the same ETag, content didn't changed. +$etag = $last_cache . $guid; +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { + header("HTTP/1.1 304 Not Modified"); exit; } +$size = strtolower($_GET['size']); +if (!in_array($size, array('large', 'medium', 'small', 'tiny', 'master', 'topbar'))) { + $size = "medium"; +} - -$mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true); +$mysql_dblink = @mysql_connect($CONFIG->dbhost, $CONFIG->dbuser, $CONFIG->dbpass, true); if ($mysql_dblink) { - if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) { - - // get dataroot and simplecache_enabled in one select for efficiency - if ($result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name in ('dataroot','simplecache_enabled')",$mysql_dblink)) { - $simplecache_enabled = true; + if (@mysql_select_db($CONFIG->dbname, $mysql_dblink)) { + $result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name='dataroot'", $mysql_dblink); + if ($result) { $row = mysql_fetch_object($result); while ($row) { if ($row->name == 'dataroot') { - $dataroot = $row->value; - } else if ($row->name == 'simplecache_enabled') { - $simplecache_enabled = $row->value; + $data_root = $row->value; } $row = mysql_fetch_object($result); } @@ -60,23 +49,21 @@ if ($mysql_dblink) { @mysql_close($mysql_dblink); - // if the simplecache is enabled, we get icon directly - if ($simplecache_enabled) { + if (isset($data_root)) { - // first try to read icon directly - $user_path = date('Y/m/d/', $joindate) . $guid; - $filename = $dataroot . $user_path . "/profile/" . $username . $size . ".jpg"; - $contents = @file_get_contents($filename); - if (!empty($contents)) { + // this depends on ElggDiskFilestore::makeFileMatrix() + $user_path = date('Y/m/d/', $join_date) . $guid; + + $filename = "$data_root$user_path/profile/{$guid}{$size}.jpg"; + $filesize = @filesize($filename); + if ($filesize) { header("Content-type: image/jpeg"); - header('Expires: ' . date('r',time() + 864000)); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true); header("Pragma: public"); header("Cache-Control: public"); - header("Content-Length: " . strlen($contents)); - $splitString = str_split($contents, 1024); - foreach($splitString as $chunk) { - echo $chunk; - } + header("Content-Length: $filesize"); + header("ETag: \"$etag\""); + readfile($filename); exit; } } @@ -84,6 +71,7 @@ if ($mysql_dblink) { } -// simplecache is not turned on or something went wrong so load engine and try that way +// something went wrong so load engine and try to forward to default icon require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); -require_once(dirname(__FILE__).'/icon.php'); +elgg_log("Profile icon direct failed.", "WARNING"); +forward("_graphics/icons/user/default{$size}.gif"); |