2009-06-30 08:05:37 +00:00
|
|
|
<?php
|
2009-06-30 09:29:51 +00:00
|
|
|
// $Header: /cvsroot/phpldapadmin/phpldapadmin/view_jpeg_photo.php,v 1.9 2005/07/16 03:13:54 wurley Exp $
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 09:29:51 +00:00
|
|
|
/**
|
|
|
|
* @package phpLDAPadmin
|
|
|
|
*/
|
|
|
|
/**
|
|
|
|
*/
|
2009-06-30 09:22:30 +00:00
|
|
|
|
|
|
|
require './common.php';
|
2009-06-30 08:05:37 +00:00
|
|
|
|
|
|
|
$file = $_GET['file'];
|
|
|
|
|
|
|
|
// Security check (we don't want anyone tryting to get at /etc/passwd or something)
|
2009-06-30 08:10:17 +00:00
|
|
|
preg_match( "/^pla/", $file ) or
|
2009-06-30 08:09:20 +00:00
|
|
|
pla_error( $lang['unsafe_file_name'] . htmlspecialchars( $file ) );
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 09:29:51 +00:00
|
|
|
// Slashes and dots are not permitted in these names:
|
|
|
|
if( preg_match( "/[\.\/\\\\]/", $file ) )
|
|
|
|
pla_error( $lang['unsafe_file_name'] . htmlspecialchars( $file ) );
|
2009-06-30 08:05:37 +00:00
|
|
|
|
|
|
|
// little security measure here (prevents users from accessing
|
|
|
|
// files, like /etc/passwd for example)
|
|
|
|
$file = basename( $file );
|
|
|
|
$file = addcslashes( $file, '/\\' );
|
2009-06-30 09:29:51 +00:00
|
|
|
$file = sprintf('%s/%s',$config->GetValue('jpeg','tmpdir'),$file);
|
|
|
|
file_exists( $file ) or
|
|
|
|
pla_error( $lang['no_such_file'] . htmlspecialchars( $_GET['file'] ) );
|
|
|
|
|
|
|
|
$f = fopen( $file, 'r' );
|
|
|
|
$jpeg = fread( $f, filesize( $file ) );
|
2009-06-30 08:05:37 +00:00
|
|
|
fclose( $f );
|
|
|
|
|
|
|
|
Header( "Content-type: image/jpeg" );
|
|
|
|
Header( "Content-disposition: inline; filename=jpeg_photo.jpg" );
|
|
|
|
echo $jpeg;
|
|
|
|
?>
|