34 lines
1013 B
PHP
34 lines
1013 B
PHP
<?php
|
|
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/view_jpeg_photo.php,v 1.10 2005/12/10 10:34:54 wurley Exp $
|
|
|
|
/**
|
|
* @package phpLDAPadmin
|
|
*/
|
|
/**
|
|
*/
|
|
|
|
require './common.php';
|
|
|
|
$file = $_GET['file'];
|
|
|
|
/* Security check (we don't want anyone tryting to get at /etc/passwd or something)
|
|
Slashes and dots are not permitted in these names.*/
|
|
if (! preg_match('/^pla/',$file) || preg_match('/[\.\/\\\\]/',$file))
|
|
pla_error(sprintf('%s %s',_('Unsafe file name: '),htmlspecialchars($file)));
|
|
|
|
/* Little security measure here (prevents users from accessing
|
|
files, like /etc/passwd for example).*/
|
|
$file = basename(addcslashes($file,'/\\'));
|
|
$file = sprintf('%s/%s',$config->GetValue('jpeg','tmpdir'),$file);
|
|
if (! file_exists($file))
|
|
pla_error(sprintf('%s %s',_('No such file: '),htmlspecialchars($_GET['file'])));
|
|
|
|
$f = fopen($file,'r');
|
|
$jpeg = fread($f,filesize($file));
|
|
fclose($f);
|
|
|
|
Header('Content-type: image/jpeg');
|
|
Header('Content-disposition: inline; filename=jpeg_photo.jpg');
|
|
echo $jpeg;
|
|
?>
|