<?php
/*
+--------------------------------------------------------------------+
- | CiviCRM version 4.6 |
+ | CiviCRM version 4.7 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2015 |
+--------------------------------------------------------------------+
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2015
- * $Id$
- *
*/
class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
/**
*/
private $ttl = 43200;
+ /**
+ * Run page.
+ *
+ * @throws \Exception
+ */
public function run() {
if (!preg_match('/^[^\/]+\.(jpg|jpeg|png|gif)$/i', $_GET['photo'])) {
CRM_Core_Error::fatal('Malformed photo name');
1 => array("%" . $_GET['photo'], 'String'),
);
$dao = CRM_Core_DAO::executeQuery($sql, $params);
+ $cid = NULL;
while ($dao->fetch()) {
$cid = $dao->id;
}
}
/**
+ * Download image.
+ *
* @param string $file
* Local file path.
* @param string $mimeType
if (!file_exists($file)) {
header("HTTP/1.0 404 Not Found");
return;
- } elseif (!is_readable($file)) {
+ }
+ elseif (!is_readable($file)) {
header('HTTP/1.0 403 Forbidden');
return;
}
- header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', CRM_Utils_Time::getTimeRaw() + $ttl));
- header("Content-Type: $mimeType");
- header("Content-Disposition: inline; filename=\"" . basename($file) . "\"");
- header("Cache-Control: max-age=$ttl, public");
- header('Pragma: public');
+ CRM_Utils_System::setHttpHeader('Expires', gmdate('D, d M Y H:i:s \G\M\T', CRM_Utils_Time::getTimeRaw() + $ttl));
+ CRM_Utils_System::setHttpHeader("Content-Type", $mimeType);
+ CRM_Utils_System::setHttpHeader("Content-Disposition", "inline; filename=\"" . basename($file) . "\"");
+ CRM_Utils_System::setHttpHeader("Cache-Control", "max-age=$ttl, public");
+ CRM_Utils_System::setHttpHeader('Pragma', 'public');
readfile($file);
}