2009-06-30 08:05:37 +00:00
|
|
|
<?php
|
2009-06-30 11:46:44 +00:00
|
|
|
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/view_jpeg_photo.php,v 1.11.2.1 2007/12/26 09:26:32 wurley Exp $
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 09:29:51 +00:00
|
|
|
/**
|
|
|
|
* @package phpLDAPadmin
|
|
|
|
*/
|
|
|
|
/**
|
|
|
|
*/
|
2009-06-30 09:22:30 +00:00
|
|
|
|
|
|
|
require './common.php';
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 10:46:00 +00:00
|
|
|
$file['name'] = get_request('file','GET');
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 10:26:08 +00:00
|
|
|
/* Security check (we don't want anyone tryting to get at /etc/passwd or something)
|
2009-06-30 10:46:00 +00:00
|
|
|
* Slashes and dots are not permitted in these names.
|
|
|
|
*/
|
|
|
|
if (! preg_match('/^pla/',$file['name']) || preg_match('/[\.\/\\\\]/',$file['name']))
|
|
|
|
pla_error(sprintf('%s: %s',_('Unsafe file name'),htmlspecialchars($file['name'])));
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 10:26:08 +00:00
|
|
|
/* Little security measure here (prevents users from accessing
|
|
|
|
files, like /etc/passwd for example).*/
|
2009-06-30 10:46:00 +00:00
|
|
|
$file['name'] = basename(addcslashes($file['name'],'/\\'));
|
2009-06-30 11:46:44 +00:00
|
|
|
$file['name'] = sprintf('%s/%s',$_SESSION[APPCONFIG]->GetValue('jpeg','tmpdir'),$file['name']);
|
2009-06-30 10:46:00 +00:00
|
|
|
if (! file_exists($file['name']))
|
|
|
|
pla_error(sprintf('%s%s %s',_('No such file'),_(':'),htmlspecialchars($file['name'])));
|
|
|
|
|
|
|
|
$file['handle'] = fopen($file['name'],'r');
|
|
|
|
$file['data'] = fread($file['handle'],filesize($file['name']));
|
|
|
|
fclose($file['handle']);
|
2009-06-30 09:29:51 +00:00
|
|
|
|
2009-06-30 10:46:00 +00:00
|
|
|
if (ob_get_level())
|
|
|
|
ob_clean();
|
2009-06-30 08:05:37 +00:00
|
|
|
|
2009-06-30 10:26:08 +00:00
|
|
|
Header('Content-type: image/jpeg');
|
|
|
|
Header('Content-disposition: inline; filename=jpeg_photo.jpg');
|
2009-06-30 10:46:00 +00:00
|
|
|
echo $file['data'];
|
2009-06-30 08:05:37 +00:00
|
|
|
?>
|