X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FContact%2FPage%2FImageFile.php;h=86f3608c57ec07b0a76e766efa9a5fff7d93ebdf;hb=709e574bfc8b047d9e9f9a6ad84595bc3f560b54;hp=a4874c48412ab63b237aff3c6d5357b9168d948b;hpb=39de6fd54b9843705d13cb9f70fbcc6296103670;p=civicrm-core.git

diff --git a/CRM/Contact/Page/ImageFile.php b/CRM/Contact/Page/ImageFile.php
index a4874c4841..86f3608c57 100644
--- a/CRM/Contact/Page/ImageFile.php
+++ b/CRM/Contact/Page/ImageFile.php
@@ -23,7 +23,7 @@
  | GNU Affero General Public License or the licensing of CiviCRM,     |
  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  +--------------------------------------------------------------------+
-*/
+ */
 
 /**
  *
@@ -33,7 +33,14 @@
  *
  */
 class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
-  function run() {
+  /**
+   * @var int Time to live (seconds).
+   *
+   * 12 hours: 12 * 60 * 60 = 43200
+   */
+  private $ttl = 43200;
+
+  public function run() {
     if (!preg_match('/^[^\/]+\.(jpg|jpeg|png|gif)$/i', $_GET['photo'])) {
       CRM_Core_Error::fatal('Malformed photo name');
     }
@@ -41,7 +48,7 @@ class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
     // FIXME Optimize performance of image_url query
     $sql = "SELECT id FROM civicrm_contact WHERE image_url like %1;";
     $params = array(
-      1 => array("%" . $_GET['photo'], 'String')
+      1 => array("%" . $_GET['photo'], 'String'),
     );
     $dao = CRM_Core_DAO::executeQuery($sql, $params);
     while ($dao->fetch()) {
@@ -49,12 +56,10 @@ class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
     }
     if ($cid) {
       $config = CRM_Core_Config::singleton();
-      $buffer = file_get_contents($config->customFileUploadDir . $_GET['photo']);
-      $mimeType = 'image/' . pathinfo($_GET['photo'], PATHINFO_EXTENSION);
-      CRM_Utils_System::download($_GET['photo'], $mimeType, $buffer,
-        NULL,
-        TRUE,
-        'inline'
+      $this->download(
+        $config->customFileUploadDir . $_GET['photo'],
+        'image/' . pathinfo($_GET['photo'], PATHINFO_EXTENSION),
+        $this->ttl
       );
       CRM_Utils_System::civiExit();
     }
@@ -62,6 +67,28 @@ class CRM_Contact_Page_ImageFile extends CRM_Core_Page {
       CRM_Core_Error::fatal('Photo does not exist');
     }
   }
-}
 
+  /**
+   * @param string $file
+   *   Local file path.
+   * @param string $mimeType
+   * @param int $ttl
+   *   Time to live (seconds).
+   */
+  protected function download($file, $mimeType, $ttl) {
+    if (!file_exists($file)) {
+      header("HTTP/1.0 404 Not Found");
+      return;
+    } elseif (!is_readable($file)) {
+      header('HTTP/1.0 403 Forbidden');
+      return;
+    }
+    header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', CRM_Utils_Time::getTimeRaw() + $ttl));
+    header("Content-Type: $mimeType");
+    header("Content-Disposition: inline; filename=\"" . basename($file) . "\"");
+    header("Cache-Control: max-age=$ttl, public");
+    header('Pragma: public');
+    readfile($file);
+  }
 
+}