Merge pull request #6432 from deepak-srivastava/dedupe-workflow-47

[civicrm-core.git] / CRM / Contact / Page / ImageFile.php

diff --git a/CRM/Contact/Page/ImageFile.php b/CRM/Contact/Page/ImageFile.php
index af768810da8185818cb51b462bf7f2ef6f1cab9e..69b094b63a7b8de0e5239774c3dd30dfa25d9196 100644 (file)
--- a/CRM/Contact/Page/ImageFile.php
+++ b/CRM/Contact/Page/ImageFile.php
@@ -1,9 +1,9 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.6                                                |
+ | CiviCRM version 4.7                                                |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2014                                |
+ | Copyright CiviCRM LLC (c) 2004-2015                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -23,16 +23,23 @@
  | GNU Affero General Public License or the licensing of CiviCRM,     |
  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  +--------------------------------------------------------------------+
-*/
+ */
 
 /**
  *
  * @package CRM
- * @copyright CiviCRM LLC (c) 2004-2014
+ * @copyright CiviCRM LLC (c) 2004-2015
  * $Id$
  *
  */
 class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
+  /**
+   * @var int Time to live (seconds).
+   *
+   * 12 hours: 12 * 60 * 60 = 43200
+   */
+  private $ttl = 43200;
+
   public function run() {
     if (!preg_match('/^[^\/]+\.(jpg|jpeg|png|gif)$/i', $_GET['photo'])) {
       CRM_Core_Error::fatal('Malformed photo name');
@@ -49,12 +56,10 @@ class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
     }
     if ($cid) {
       $config = CRM_Core_Config::singleton();
-      $buffer = file_get_contents($config->customFileUploadDir . $_GET['photo']);
-      $mimeType = 'image/' . pathinfo($_GET['photo'], PATHINFO_EXTENSION);
-      CRM_Utils_System::download($_GET['photo'], $mimeType, $buffer,
-        NULL,
-        TRUE,
-        'inline'
+      $this->download(
+        $config->customFileUploadDir . $_GET['photo'],
+        'image/' . pathinfo($_GET['photo'], PATHINFO_EXTENSION),
+        $this->ttl
       );
       CRM_Utils_System::civiExit();
     }
@@ -62,4 +67,28 @@ class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
       CRM_Core_Error::fatal('Photo does not exist');
     }
   }
+
+  /**
+   * @param string $file
+   *   Local file path.
+   * @param string $mimeType
+   * @param int $ttl
+   *   Time to live (seconds).
+   */
+  protected function download($file, $mimeType, $ttl) {
+    if (!file_exists($file)) {
+      header("HTTP/1.0 404 Not Found");
+      return;
+    } elseif (!is_readable($file)) {
+      header('HTTP/1.0 403 Forbidden');
+      return;
+    }
+    CRM_Utils_System::setHttpHeader('Expires', gmdate('D, d M Y H:i:s \G\M\T', CRM_Utils_Time::getTimeRaw() + $ttl));
+    CRM_Utils_System::setHttpHeader("Content-Type", $mimeType);
+    CRM_Utils_System::setHttpHeader("Content-Disposition", "inline; filename=\"" . basename($file) . "\"");
+    CRM_Utils_System::setHttpHeader("Cache-Control", "max-age=$ttl, public");
+    CRM_Utils_System::setHttpHeader('Pragma', 'public');
+    readfile($file);
+  }
+
 }