phpldapadmin/htdocs/view_jpeg_photo.php
2009-06-30 20:26:08 +10:00

34 lines
1016 B
PHP

<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/view_jpeg_photo.php,v 1.9.4.2 2005/12/08 11:58:14 wurley Exp $
/**
* @package phpLDAPadmin
*/
/**
*/
require './common.php';
$file = $_GET['file'];
/* Security check (we don't want anyone tryting to get at /etc/passwd or something)
Slashes and dots are not permitted in these names.*/
if (! preg_match('/^pla/',$file) || preg_match('/[\.\/\\\\]/',$file))
pla_error(sprintf('%s %s',_('Unsafe file name: '),htmlspecialchars($file)));
/* Little security measure here (prevents users from accessing
files, like /etc/passwd for example).*/
$file = basename(addcslashes($file,'/\\'));
$file = sprintf('%s/%s',$config->GetValue('jpeg','tmpdir'),$file);
if (! file_exists($file))
pla_error(sprintf('%s %s',_('No such file: '),htmlspecialchars($_GET['file'])));
$f = fopen($file,'r');
$jpeg = fread($f,filesize($file));
fclose($f);
Header('Content-type: image/jpeg');
Header('Content-disposition: inline; filename=jpeg_photo.jpg');
echo $jpeg;
?>