<?php
/*
+--------------------------------------------------------------------+
- | CiviCRM version 4.6 |
+ | CiviCRM version 4.7 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2014 |
+ | Copyright CiviCRM LLC (c) 2004-2015 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
-*/
+ */
/**
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2014
+ * @copyright CiviCRM LLC (c) 2004-2015
* $Id$
*
*/
class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
+ /**
+ * @var int Time to live (seconds).
+ *
+ * 12 hours: 12 * 60 * 60 = 43200
+ */
+ private $ttl = 43200;
+
public function run() {
if (!preg_match('/^[^\/]+\.(jpg|jpeg|png|gif)$/i', $_GET['photo'])) {
CRM_Core_Error::fatal('Malformed photo name');
}
if ($cid) {
$config = CRM_Core_Config::singleton();
- $buffer = file_get_contents($config->customFileUploadDir . $_GET['photo']);
- $mimeType = 'image/' . pathinfo($_GET['photo'], PATHINFO_EXTENSION);
- CRM_Utils_System::download($_GET['photo'], $mimeType, $buffer,
- NULL,
- TRUE,
- 'inline'
+ $this->download(
+ $config->customFileUploadDir . $_GET['photo'],
+ 'image/' . pathinfo($_GET['photo'], PATHINFO_EXTENSION),
+ $this->ttl
);
CRM_Utils_System::civiExit();
}
CRM_Core_Error::fatal('Photo does not exist');
}
}
+
+ /**
+ * @param string $file
+ * Local file path.
+ * @param string $mimeType
+ * @param int $ttl
+ * Time to live (seconds).
+ */
+ protected function download($file, $mimeType, $ttl) {
+ if (!file_exists($file)) {
+ header("HTTP/1.0 404 Not Found");
+ return;
+ } elseif (!is_readable($file)) {
+ header('HTTP/1.0 403 Forbidden');
+ return;
+ }
+ CRM_Utils_System::setHttpHeader('Expires', gmdate('D, d M Y H:i:s \G\M\T', CRM_Utils_Time::getTimeRaw() + $ttl));
+ CRM_Utils_System::setHttpHeader("Content-Type", $mimeType);
+ CRM_Utils_System::setHttpHeader("Content-Disposition", "inline; filename=\"" . basename($file) . "\"");
+ CRM_Utils_System::setHttpHeader("Cache-Control", "max-age=$ttl, public");
+ CRM_Utils_System::setHttpHeader('Pragma', 'public');
+ readfile($file);
+ }
+
}