projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #6680 from colemanw/cleanup
[civicrm-core.git] / CRM / Contact / Page / ImageFile.php
diff --git a/CRM/Contact/Page/ImageFile.php b/CRM/Contact/Page/ImageFile.php
index 9c82b100a46ff6643826c5fabe9d1e53ae34a372..c978901dcf15b881ff2312e724806ee2c555dc49 100644 (file)
--- a/CRM/Contact/Page/ImageFile.php
+++ b/CRM/Contact/Page/ImageFile.php
@@ -1,9 +1,9 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.6                                                |
+ | CiviCRM version 4.7                                                |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2014                                |
+ | Copyright CiviCRM LLC (c) 2004-2015                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -28,11 +28,21 @@
 /**
  *
  * @package CRM
- * @copyright CiviCRM LLC (c) 2004-2014
- * $Id$
- *
+ * @copyright CiviCRM LLC (c) 2004-2015
  */
 class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
+  /**
+   * @var int Time to live (seconds).
+   *
+   * 12 hours: 12 * 60 * 60 = 43200
+   */
+  private $ttl = 43200;
+
+  /**
+   * Run page.
+   *
+   * @throws \Exception
+   */
   public function run() {
     if (!preg_match('/^[^\/]+\.(jpg|jpeg|png|gif)$/i', $_GET['photo'])) {
       CRM_Core_Error::fatal('Malformed photo name');
@@ -44,17 +54,16 @@ class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
       1 => array("%" . $_GET['photo'], 'String'),
     );
     $dao = CRM_Core_DAO::executeQuery($sql, $params);
+    $cid = NULL;
     while ($dao->fetch()) {
       $cid = $dao->id;
     }
     if ($cid) {
       $config = CRM_Core_Config::singleton();
-      $buffer = file_get_contents($config->customFileUploadDir . $_GET['photo']);
-      $mimeType = 'image/' . pathinfo($_GET['photo'], PATHINFO_EXTENSION);
-      CRM_Utils_System::download($_GET['photo'], $mimeType, $buffer,
-        NULL,
-        TRUE,
-        'inline'
+      $this->download(
+        $config->customFileUploadDir . $_GET['photo'],
+        'image/' . pathinfo($_GET['photo'], PATHINFO_EXTENSION),
+        $this->ttl
       );
       CRM_Utils_System::civiExit();
     }
@@ -63,4 +72,30 @@ class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
     }
   }
 
+  /**
+   * Download image.
+   *
+   * @param string $file
+   *   Local file path.
+   * @param string $mimeType
+   * @param int $ttl
+   *   Time to live (seconds).
+   */
+  protected function download($file, $mimeType, $ttl) {
+    if (!file_exists($file)) {
+      header("HTTP/1.0 404 Not Found");
+      return;
+    }
+    elseif (!is_readable($file)) {
+      header('HTTP/1.0 403 Forbidden');
+      return;
+    }
+    CRM_Utils_System::setHttpHeader('Expires', gmdate('D, d M Y H:i:s \G\M\T', CRM_Utils_Time::getTimeRaw() + $ttl));
+    CRM_Utils_System::setHttpHeader("Content-Type", $mimeType);
+    CRM_Utils_System::setHttpHeader("Content-Disposition", "inline; filename=\"" . basename($file) . "\"");
+    CRM_Utils_System::setHttpHeader("Cache-Control", "max-age=$ttl, public");
+    CRM_Utils_System::setHttpHeader('Pragma', 'public');
+    readfile($file);
+  }
+
 }