phpldapadmin/htdocs/view_jpeg_photo.php

<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/view_jpeg_photo.php,v 1.11.2.1 2007/12/26 09:26:32 wurley Exp $

/**
 * @package phpLDAPadmin
 */
/**
 */

require './common.php';

$file['name'] = get_request('file','GET');

/* Security check (we don't want anyone tryting to get at /etc/passwd or something)
 * Slashes and dots are not permitted in these names.
 */
if (! preg_match('/^pla/',$file['name']) || preg_match('/[\.\/\\\\]/',$file['name']))
	pla_error(sprintf('%s: %s',_('Unsafe file name'),htmlspecialchars($file['name'])));

/* Little security measure here (prevents users from accessing
   files, like /etc/passwd for example).*/
$file['name'] = basename(addcslashes($file['name'],'/\\'));
$file['name'] = sprintf('%s/%s',$_SESSION[APPCONFIG]->GetValue('jpeg','tmpdir'),$file['name']);
if (! file_exists($file['name']))
	pla_error(sprintf('%s%s %s',_('No such file'),_(':'),htmlspecialchars($file['name'])));

$file['handle'] = fopen($file['name'],'r');
$file['data'] = fread($file['handle'],filesize($file['name']));
fclose($file['handle']);

if (ob_get_level())
	ob_clean();

Header('Content-type: image/jpeg');
Header('Content-disposition: inline; filename=jpeg_photo.jpg');
echo $file['data'];
?>
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00			`<?php`
RELEASE 1.1.0.2 2009-06-30 11:46:44 +00:00			`// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/view_jpeg_photo.php,v 1.11.2.1 2007/12/26 09:26:32 wurley Exp $`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00
RELEASE 0.9.7 2009-06-30 09:29:51 +00:00			`/**`
			`* @package phpLDAPadmin`
			`*/`
			`/**`
			`*/`
RELEASE 0.9.5 2009-06-30 09:22:30 +00:00
			`require './common.php';`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00
RELEASE 1.1.0 2009-06-30 10:46:00 +00:00			`$file['name'] = get_request('file','GET');`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00
RELEASE 0.9.8 2009-06-30 10:26:08 +00:00			`/* Security check (we don't want anyone tryting to get at /etc/passwd or something)`
RELEASE 1.1.0 2009-06-30 10:46:00 +00:00			`* Slashes and dots are not permitted in these names.`
			`*/`
			`if (! preg_match('/^pla/',$file['name']) \|\| preg_match('/[\.\/\\\\]/',$file['name']))`
			`pla_error(sprintf('%s: %s',_('Unsafe file name'),htmlspecialchars($file['name'])));`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00
RELEASE 0.9.8 2009-06-30 10:26:08 +00:00			`/* Little security measure here (prevents users from accessing`
			`files, like /etc/passwd for example).*/`
RELEASE 1.1.0 2009-06-30 10:46:00 +00:00			`$file['name'] = basename(addcslashes($file['name'],'/\\'));`
RELEASE 1.1.0.2 2009-06-30 11:46:44 +00:00			`$file['name'] = sprintf('%s/%s',$_SESSION[APPCONFIG]->GetValue('jpeg','tmpdir'),$file['name']);`
RELEASE 1.1.0 2009-06-30 10:46:00 +00:00			`if (! file_exists($file['name']))`
			`pla_error(sprintf('%s%s %s',_('No such file'),_(':'),htmlspecialchars($file['name'])));`

			`$file['handle'] = fopen($file['name'],'r');`
			`$file['data'] = fread($file['handle'],filesize($file['name']));`
			`fclose($file['handle']);`
RELEASE 0.9.7 2009-06-30 09:29:51 +00:00
RELEASE 1.1.0 2009-06-30 10:46:00 +00:00			`if (ob_get_level())`
			`ob_clean();`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00
RELEASE 0.9.8 2009-06-30 10:26:08 +00:00			`Header('Content-type: image/jpeg');`
			`Header('Content-disposition: inline; filename=jpeg_photo.jpg');`
RELEASE 1.1.0 2009-06-30 10:46:00 +00:00			`echo $file['data'];`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00			`?>`