<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/view_jpeg_photo.php,v 1.9.4.2 2005/12/08 11:58:14 wurley Exp $

/**
 * @package phpLDAPadmin
 */
/**
 */

require './common.php';

$file = $_GET['file'];

/* Security check (we don't want anyone tryting to get at /etc/passwd or something)
   Slashes and dots are not permitted in these names.*/
if (! preg_match('/^pla/',$file) || preg_match('/[\.\/\\\\]/',$file))
	pla_error(sprintf('%s %s',_('Unsafe file name: '),htmlspecialchars($file)));

/* Little security measure here (prevents users from accessing
   files, like /etc/passwd for example).*/
$file = basename(addcslashes($file,'/\\'));
$file = sprintf('%s/%s',$config->GetValue('jpeg','tmpdir'),$file);
if (! file_exists($file))
	pla_error(sprintf('%s %s',_('No such file: '),htmlspecialchars($_GET['file'])));

$f = fopen($file,'r');
$jpeg = fread($f,filesize($file));
fclose($f);

Header('Content-type: image/jpeg');
Header('Content-disposition: inline; filename=jpeg_photo.jpg');
echo $jpeg;
?>