[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Multisite upload handler.
   4   *
   5   * @since 3.0.0
   6   *
   7   * @package WordPress
   8   * @subpackage Multisite
   9   */
  10  
  11  define( 'MS_FILES_REQUEST', true );
  12  define( 'SHORTINIT', true );
  13  
  14  /** Load WordPress Bootstrap */
  15  require_once dirname( __DIR__ ) . '/wp-load.php';
  16  
  17  if ( ! is_multisite() ) {
  18      die( 'Multisite support not enabled' );
  19  }
  20  
  21  ms_file_constants();
  22  
  23  if ( '1' === $current_blog->archived || '1' === $current_blog->spam || '1' === $current_blog->deleted ) {
  24      status_header( 404 );
  25      die( '404 &#8212; File not found.' );
  26  }
  27  
  28  $file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET['file'] );
  29  if ( ! is_file( $file ) ) {
  30      status_header( 404 );
  31      die( '404 &#8212; File not found.' );
  32  }
  33  
  34  $mime = wp_check_filetype( $file );
  35  if ( false === $mime['type'] && function_exists( 'mime_content_type' ) ) {
  36      $mime['type'] = mime_content_type( $file );
  37  }
  38  
  39  if ( $mime['type'] ) {
  40      $mimetype = $mime['type'];
  41  } else {
  42      $mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );
  43  }
  44  
  45  header( 'Content-Type: ' . $mimetype ); // Always send this.
  46  if ( ! str_contains( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) {
  47      header( 'Content-Length: ' . filesize( $file ) );
  48  }
  49  
  50  // Optional support for X-Sendfile and X-Accel-Redirect.
  51  if ( WPMU_ACCEL_REDIRECT ) {
  52      header( 'X-Accel-Redirect: ' . str_replace( WP_CONTENT_DIR, '', $file ) );
  53      exit;
  54  } elseif ( WPMU_SENDFILE ) {
  55      header( 'X-Sendfile: ' . $file );
  56      exit;
  57  }
  58  
  59  $wp_last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
  60  $wp_etag          = '"' . md5( $wp_last_modified ) . '"';
  61  
  62  header( "Last-Modified: $wp_last_modified GMT" );
  63  header( 'ETag: ' . $wp_etag );
  64  header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
  65  
  66  // Support for conditional GET - use stripslashes() to avoid formatting.php dependency.
  67  if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) {
  68      $client_etag = stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] );
  69  } else {
  70      $client_etag = '';
  71  }
  72  
  73  if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
  74      $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
  75  } else {
  76      $client_last_modified = '';
  77  }
  78  
  79  // If string is empty, return 0. If not, attempt to parse into a timestamp.
  80  $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
  81  
  82  // Make a timestamp for our most recent modification.
  83  $wp_modified_timestamp = strtotime( $wp_last_modified );
  84  
  85  if ( ( $client_last_modified && $client_etag )
  86      ? ( ( $client_modified_timestamp >= $wp_modified_timestamp ) && ( $client_etag === $wp_etag ) )
  87      : ( ( $client_modified_timestamp >= $wp_modified_timestamp ) || ( $client_etag === $wp_etag ) )
  88  ) {
  89      status_header( 304 );
  90      exit;
  91  }
  92  
  93  // If we made it this far, just serve the file.
  94  readfile( $file );
  95  flush();