3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
17 class CRM_Contact_Page_ImageFile
extends CRM_Core_Page
{
19 * Time to live (seconds).
23 * 12 hours: 12 * 60 * 60 = 43200
32 public function run() {
33 if (!preg_match('/^[^\/]+\.(jpg|jpeg|png|gif)$/i', $_GET['photo'])) {
34 throw new CRM_Core_Exception(ts('Malformed photo name'));
37 // FIXME Optimize performance of image_url query
38 $sql = "SELECT id FROM civicrm_contact WHERE image_url like %1;";
40 1 => ["%" . $_GET['photo'], 'String'],
42 $dao = CRM_Core_DAO
::executeQuery($sql, $params);
44 while ($dao->fetch()) {
48 $config = CRM_Core_Config
::singleton();
49 $fileExtension = strtolower(pathinfo($_GET['photo'], PATHINFO_EXTENSION
));
51 $config->customFileUploadDir
. $_GET['photo'],
52 'image/' . ($fileExtension == 'jpg' ?
'jpeg' : $fileExtension),
55 CRM_Utils_System
::civiExit();
58 throw new CRM_Core_Exception(ts('Photo does not exist'));
67 * @param string $mimeType
69 * Time to live (seconds).
71 protected function download($file, $mimeType, $ttl) {
72 if (!file_exists($file)) {
73 header("HTTP/1.0 404 Not Found");
76 elseif (!is_readable($file)) {
77 header('HTTP/1.0 403 Forbidden');
80 CRM_Utils_System
::setHttpHeader('Expires', gmdate('D, d M Y H:i:s \G\M\T', CRM_Utils_Time
::getTimeRaw() +
$ttl));
81 CRM_Utils_System
::setHttpHeader("Content-Type", $mimeType);
82 CRM_Utils_System
::setHttpHeader("Content-Disposition", "inline; filename=\"" . basename($file) . "\"");
83 CRM_Utils_System
::setHttpHeader("Cache-Control", "max-age=$ttl, public");
84 CRM_Utils_System
::setHttpHeader('Pragma', 'public');