File: load_plugin_file.php

package info (click to toggle)
dotclear 2.6.4%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 8,420 kB
  • sloc: php: 54,270; sql: 1,290; sh: 213; xml: 173; makefile: 158
file content (94 lines) | stat: -rw-r--r-- 2,389 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
<?php
# -- BEGIN LICENSE BLOCK ---------------------------------------
#
# This file is part of Dotclear 2.
#
# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
# Licensed under the GPL version 2.0 license.
# See LICENSE file or
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
#
# -- END LICENSE BLOCK -----------------------------------------

#  ClearBricks and DotClear classes auto-loader
if (@is_dir('/usr/lib/clearbricks')) {
	define('CLEARBRICKS_PATH','/usr/lib/clearbricks');
} elseif (is_dir(dirname(__FILE__).'/libs/clearbricks')) {
	define('CLEARBRICKS_PATH',dirname(__FILE__).'/libs/clearbricks');
} elseif (isset($_SERVER['CLEARBRICKS_PATH']) && is_dir($_SERVER['CLEARBRICKS_PATH'])) {
	define('CLEARBRICKS_PATH',$_SERVER['CLEARBRICKS_PATH']);
}

if (!defined('CLEARBRICKS_PATH') || !is_dir(CLEARBRICKS_PATH)) {
	exit('No clearbricks path defined');
}

require CLEARBRICKS_PATH.'/_common.php';

if (isset($_SERVER['DC_RC_PATH'])) {
	define('DC_RC_PATH',$_SERVER['DC_RC_PATH']);
} elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) {
	define('DC_RC_PATH',$_SERVER['REDIRECT_DC_RC_PATH']);
} else {
	define('DC_RC_PATH',dirname(__FILE__).'/config.php');
}

if (!is_file(DC_RC_PATH)) {
	trigger_error('Unable to open config file',E_USER_ERROR);
	exit;
}

require DC_RC_PATH;

if (empty($_GET['pf'])) {
	header('Content-Type: text/plain');
	http::head(404,'Not Found');
	exit;
}

// Only $_GET['pf'] is allowed in URL
if (count($_GET) > 1)
{
    header('Content-Type: text/plain');
    http::head(403,'Forbidden');
    exit;
}

$allow_types = array('png','jpg','jpeg','gif','css','js','swf');

$pf = path::clean($_GET['pf']);

$paths = array_reverse(explode(PATH_SEPARATOR,DC_PLUGINS_ROOT));

# Adding admin/res folder here to load some stuff
$paths[] = dirname(__FILE__).'/swf';

foreach ($paths as $m)
{
	$PF = path::real($m.'/'.$pf);

	if ($PF !== false) {
		break;
	}
}
unset($paths);

if ($PF === false || !is_file($PF) || !is_readable($PF)) {
	header('Content-Type: text/plain');
	http::head(404,'Not Found');
	exit;
}

if (!in_array(files::getExtension($PF),$allow_types)) {
	header('Content-Type: text/plain');
	http::head(404,'Not Found');
	exit;
}

http::$cache_max_age = 7200;
http::cache(array_merge(array($PF),get_included_files()));

header('Content-Type: '.files::getMimeType($PF));
header('Content-Length: '.filesize($PF));
readfile($PF);
exit;