Merging in changes (again?) from Scribus.
<?php
/*
* Snapr
* Version 0.1 beta 1
* Copyright (C) 2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
##
## IMAGE FILE FETCHER
##
$plugins->attachHook('base_classes_initted', '
global $paths;
$paths->add_page(Array(
\'name\'=>\'Image fetcher pagelet\',
\'urlname\'=>\'GalleryFetcher\',
\'namespace\'=>\'Special\',
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
));
');
function page_Special_GalleryFetcher()
{
global $db, $session, $paths, $template, $plugins; // Common objects
$type = $paths->getParam(0);
if ( !in_array($type, array('thumb', 'preview', 'full')) )
{
die('Hack attempt');
}
$id = intval($paths->getParam(1));
if ( !$id )
{
die('Hack attempt');
}
// Permissions object
$perms = $session->fetch_page_acl($id, 'Gallery');
if ( !$perms->get_permissions('gal_full_res') && $type == 'full' )
{
$type = 'preview';
}
$q = $db->sql_query('SELECT img_title, img_filename, img_time_mod, is_folder FROM '.table_prefix.'gallery WHERE img_id=' . $id . ';');
if ( !$q )
$db->_die();
if ( $db->numrows() < 1 )
die('Image not found');
$row = $db->fetchrow();
switch ( $type )
{
case 'thumb':
$filename = ENANO_ROOT . '/cache/' . $row['img_filename'] . '-thumb.jpg';
$mimetype = 'image/jpeg';
$ext = "jpg";
break;
case 'preview':
$filename = ENANO_ROOT . '/cache/' . $row['img_filename'] . '-preview.jpg';
$mimetype = 'image/jpeg';
$ext = "jpg";
break;
case 'full':
$filename = ENANO_ROOT . '/files/' . $row['img_filename'];
$ext = get_file_extension($filename);
switch($ext)
{
case 'png': $mimetype = 'image/png'; break;
case 'gif': $mimetype = 'image/gif'; break;
case 'bmp': $mimetype = 'image/bmp'; break;
case 'jpg': case 'jpeg': $mimetype = 'image/jpeg'; break;
case 'tif': case 'tiff': $mimetype = 'image/tiff'; break;
default: $mimetype = 'application/octet-stream';
}
break;
default:
die('PHP...insane...');
break;
}
// Make sure we have permission to read this image
if ( !$perms->get_permissions('read') )
{
$filename = ENANO_ROOT . '/plugins/gallery/denied.png';
$mimetype = 'image/png';
}
if ( $row['is_folder'] == '1' )
{
$filename = ENANO_ROOT . '/plugins/gallery/folder.png';
$mimetype = 'image/png';
}
if ( !file_exists($filename) )
die('Can\'t retrieve image file ' . $filename);
$contents = file_get_contents($filename);
header('Content-type: ' . $mimetype);
header('Content-length: ' . strlen($contents));
header('Last-Modified: ' . date('r', $row['img_time_mod']));
if ( isset($_GET['download']) )
{
// determine an appropriate non-revealing filename
$filename = str_replace(' ', '_', $row['img_title']);
$filename = preg_replace('/([^\w\._-]+)/', '-', $filename);
$filename = trim($filename, '-');
$filename .= ".$ext";
header('Content-disposition: attachment; filename=' . $filename);
}
echo $contents;
gzip_output();
$db->close();
exit;
}
?>