1 files changed, 77 insertions, 103 deletions
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index cf67fae04..5f1599e0d 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -1,103 +1,77 @@
-<?php
-
-	/**
-	 * Elgg profile icon
-	 * 
-	 * @package ElggProfile
-	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
-	 * @author Curverider Ltd <info@elgg.com>
-	 * @copyright Curverider Ltd 2008-2009
-	 * @link http://elgg.com/
-	 */
-
-	// Get DB settings, connect
-		require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
-		
-		global $CONFIG;
-		
-		$contents = '';
-		
-		if ($mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass)) {
-
-			
-			$username = $_GET['username'];
-			//$username = preg_replace('/[^A-Za-z0-9\_\-]/i','',$username);
-			$blacklist = '/[' .
-			'\x{0080}-\x{009f}' . # iso-8859-1 control chars
-			'\x{00a0}' .          # non-breaking space
-			'\x{2000}-\x{200f}' . # various whitespace
-			'\x{2028}-\x{202f}' . # breaks and control chars
-			'\x{3000}' .          # ideographic space
-			'\x{e000}-\x{f8ff}' . # private use
-			']/u';
-			if (
-				preg_match($blacklist, $username) ||	
-
-				(strpos($username, '/')!==false) ||
-				(strpos($username, '\\')!==false) ||
-				(strpos($username, '"')!==false) ||
-				(strpos($username, '\'')!==false) ||
-				(strpos($username, '*')!==false) ||
-				(strpos($username, '&')!==false) ||
-				(strpos($username, ' ')!==false)
-			) exit;
-			
-			$userarray = str_split($username);
-				
-			$matrix = '';
-			$length = 5;
-			if (sizeof($userarray) < $length) $length = sizeof($userarray);
-			for ($n = 0; $n < $length; $n++) {
-				$matrix .= $userarray[$n] . "/";
-			}	
-			
-		// Get the size
-			$size = strtolower($_GET['size']);
-			if (!in_array($size,array('large','medium','small','tiny','master','topbar')))
-				$size = "medium";
-			
-		// Try and get the icon
-			if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) {
-				// get dataroot and simplecache_enabled in one select for efficiency
-				if ($result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name in ('dataroot','simplecache_enabled')",$mysql_dblink)) {
-					$simplecache_enabled = true;
-					$row = mysql_fetch_object($result);
-					while ($row) {
-						if ($row->name == 'dataroot') {
-							$dataroot = $row->value;
-						} else if ($row->name == 'simplecache_enabled') {
-							$simplecache_enabled = $row->value;
-						}
-						$row = mysql_fetch_object($result);
-					}
-				}
-			}
-		}
-		if ($simplecache_enabled) {
-			$filename = $dataroot . $matrix . "{$username}/profile/" . $username . $size . ".jpg";
-			$contents = @file_get_contents($filename);
-			if (empty($contents)) {			
-				global $viewinput;
-				$viewinput['view'] = 'icon/user/default/'.$size;
-				ob_start();
-				include(dirname(dirname(dirname(__FILE__))).'/simplecache/view.php');
-				$loc = ob_get_clean();
-				header('Location: ' . $loc);
-				exit;
-				//$contents = @file_get_contents(dirname(__FILE__) . "/graphics/default{$size}.jpg");
-			}	else {		
-				header("Content-type: image/jpeg");
-				header('Expires: ' . date('r',time() + 864000));
-				header("Pragma: public");
-				header("Cache-Control: public");
-				header("Content-Length: " . strlen($contents));
-				echo $contents;
-			}
-		} else {
-				mysql_close($mysql_dblink);
-				require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
-				set_input('username',$username);
-				set_input('size',$size);
-				require_once(dirname(__FILE__).'/icon.php');
-		}
-?>
-\ No newline at end of file
+<?php
+/**
+ * Elgg profile icon cache/bypass
+ * 
+ * 
+ * @package ElggProfile
+ */
+
+// Get DB settings
+require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
+
+global $CONFIG;
+
+// won't be able to serve anything if no joindate or guid
+if (!isset($_GET['joindate']) || !isset($_GET['guid'])) {
+	header("HTTP/1.1 404 Not Found");
+	exit;
+}
+
+$join_date = (int)$_GET['joindate'];
+$last_cache = (int)$_GET['lastcache']; // icontime
+$guid = (int)$_GET['guid'];
+
+// If is the same ETag, content didn't changed.
+$etag = $last_cache . $guid;
+if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") {
+	header("HTTP/1.1 304 Not Modified");
+	exit;
+}
+
+$size = strtolower($_GET['size']);
+if (!in_array($size, array('large', 'medium', 'small', 'tiny', 'master', 'topbar'))) {
+	$size = "medium";
+}
+
+$mysql_dblink = @mysql_connect($CONFIG->dbhost, $CONFIG->dbuser, $CONFIG->dbpass, true);
+if ($mysql_dblink) {
+	if (@mysql_select_db($CONFIG->dbname, $mysql_dblink)) {
+		$result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name='dataroot'", $mysql_dblink);
+		if ($result) {
+			$row = mysql_fetch_object($result);
+			while ($row) {
+				if ($row->name == 'dataroot') {
+					$data_root = $row->value;
+				}
+				$row = mysql_fetch_object($result);
+			}
+		}
+
+		@mysql_close($mysql_dblink);
+
+		if (isset($data_root)) {
+
+			// this depends on ElggDiskFilestore::makeFileMatrix()
+			$user_path = date('Y/m/d/', $join_date) . $guid;
+
+			$filename = "$data_root$user_path/profile/{$guid}{$size}.jpg";
+			$filesize = @filesize($filename);
+			if ($filesize) {
+				header("Content-type: image/jpeg");
+				header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true);
+				header("Pragma: public");
+				header("Cache-Control: public");
+				header("Content-Length: $filesize");
+				header("ETag: \"$etag\"");
+				readfile($filename);
+				exit;
+			}
+		}
+	}
+
+}
+
+// something went wrong so load engine and try to forward to default icon
+require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+elgg_log("Profile icon direct failed.", "WARNING");
+forward("_graphics/icons/user/default{$size}.gif");