mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-15 19:20:47 +01:00
53 lines
1.6 KiB
PHP
53 lines
1.6 KiB
PHP
<?php
|
|
/**
|
|
* EGroupware - Anonymous images for login page
|
|
*
|
|
* Images are store in EGroupware files-directory in subdirectory "anon-images"
|
|
*
|
|
* @link http://www.egroupware.org
|
|
* @author Ralf Becker <rb-at-egroupware.org>
|
|
* @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License
|
|
* @package api
|
|
* @subpackage login
|
|
*/
|
|
|
|
use EGroupware\Api;
|
|
|
|
$GLOBALS['egw_info'] = array('flags' => array(
|
|
'disable_Template_class' => True,
|
|
'noheader' => True,
|
|
// misuse session creation callback to send the image, in case we have no session
|
|
'autocreate_session_callback' => 'send_image',
|
|
'currentapp' => 'api',
|
|
));
|
|
|
|
require('../header.inc.php');
|
|
|
|
send_image();
|
|
|
|
function send_image()
|
|
{
|
|
$path = $GLOBALS['egw_info']['server']['files_dir'] . '/anon-images';
|
|
|
|
if (!file_exists($path) || empty($_GET['src']) ||
|
|
basename($_GET['src']) !== $_GET['src'] || // make sure no directory traversal
|
|
!preg_match('/^[a-z 0-9._-]+\.(jpe?g|png|gif|svg|ico)$/i', $_GET['src']) || // only allow images, not eg. Javascript!
|
|
!file_exists($path .= '/' . $_GET['src']) ||
|
|
!($fp = fopen($path, 'r')))
|
|
{
|
|
error_log(__FILE__ . ": _GET[src]='$_GET[src]', path=$path returning HTTP status 404 Not Found");
|
|
http_response_code(404);
|
|
}
|
|
else
|
|
{
|
|
Api\Session::cache_control(864000); // 10 days
|
|
$size = filesize($path);
|
|
header('ETag: "' . md5($_GET['src'] . $size . filemtime($path)) . '"');
|
|
header('Content-Type: ' . Api\MimeMagic::filename2mime($_GET['src']));
|
|
header('Content-Length: ' . $size);
|
|
fpassthru($fp);
|
|
fclose($fp);
|
|
}
|
|
exit;
|
|
}
|