getfile.php 4.34 KB
Newer Older
1 2
<?php
/**
3 4
 * StatusNet - the distributed open-source microblogging tool
 * Copyright (C) 2009, StatusNet, Inc.
5
 *
6
 * Return a requested file
7 8 9
 *
 * PHP version 5
 *
10
 * This program is free software: you can redistribute it and/or modify
11 12 13 14 15 16 17 18 19 20 21 22
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
23
 * @category  PrivateAttachments
24 25
 * @package   StatusNet
 * @author    Jeffery To <jeffery.to@gmail.com>
26 27
 * @copyright 2009 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
28 29 30
 * @link      http://status.net/
 */

31
if (!defined('GNUSOCIAL')) { exit(1); }
32 33

/**
34
 * An action for returning a requested file
35
 *
36 37 38 39 40 41 42 43 44
 * The StatusNet system will do an implicit user check if the site is
 * private before allowing this to continue
 *
 * @category  PrivateAttachments
 * @package   StatusNet
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @copyright 2009 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
 * @link      http://status.net/
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
 */
class GetfileAction extends Action
{
    /**
     * Path of file to return
     */
    var $path = null;

    /**
     * Get file name
     *
     * @param array $args $_REQUEST array
     *
     * @return success flag
     */
60
    protected function prepare(array $args=array())
61 62 63 64 65 66
    {
        parent::prepare($args);

        $filename = $this->trimmed('filename');
        $path = null;

67
        if ($filename && File::validFilename($filename)) {
68
            $path = File::path($filename);
69 70 71
        }

        if (empty($path) or !file_exists($path)) {
72
            // TRANS: Client error displayed when requesting a non-existent file.
73 74 75
            $this->clientError(_('No such file.'), 404);
        }
        if (!is_readable($path)) {
76
            // TRANS: Client error displayed when requesting a file without having read access to it.
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
            $this->clientError(_('Cannot read file.'), 403);
        }

        $this->path = $path;
        return true;
    }

    /**
     * Is this page read-only?
     *
     * @return boolean true
     */
    function isReadOnly($args)
    {
        return true;
    }

    /**
     * Last-modified date for file
     *
     * @return int last-modified date as unix timestamp
     */
    function lastModified()
    {
101 102 103 104
        if (common_config('site', 'use_x_sendfile')) {
            return null;
        }

105 106 107 108 109 110 111 112 113 114 115 116 117
        return filemtime($this->path);
    }

    /**
     * etag for file
     *
     * This returns the same data (inode, size, mtime) as Apache would,
     * but in decimal instead of hex.
     *
     * @return string etag http header
     */
    function etag()
    {
118 119 120 121
        if (common_config('site', 'use_x_sendfile')) {
            return null;
        }

122
        $cache = Cache::instance();
123
        if($cache) {
124
            $key = Cache::key('attachments:etag:' . $this->path);
125 126 127 128 129 130 131 132
            $etag = $cache->get($key);
            if($etag === false) {
                $etag = crc32(file_get_contents($this->path));
                $cache->set($key,$etag);
            }
            return $etag;
        }

133 134 135 136 137 138 139 140 141
        $stat = stat($this->path);
        return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"';
    }

    /**
     * Handle input, produce output
     *
     * @return void
     */
142
    protected function handle()
143 144 145 146
    {
        // undo headers set by PHP sessions
        $sec = session_cache_expire() * 60;
        header('Expires: ' . date(DATE_RFC1123, time() + $sec));
147
        header('Cache-Control: max-age=' . $sec);
148

149
        parent::handle();
150 151

        $path = $this->path;
152

153 154 155
        $finfo = new finfo(FILEINFO_MIME_TYPE);

        header('Content-Type: ' . $finfo->file($path));
156 157 158 159 160 161 162

        if (common_config('site', 'use_x_sendfile')) {
            header('X-Sendfile: ' . $path);
        } else {
            header('Content-Length: ' . filesize($path));
            readfile($path);
        }
163 164
    }
}