diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-09-28 10:30:23 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-09-28 10:30:23 +0000 |
| commit | 29c2072f5e5b03828c3bfa2af0b1c1cc3fe30923 (patch) | |
| tree | 5eed5ade60708d5c849c9f68b382e5eaf8405ad3 | |
| parent | bafa5945fee3311ab6d4a0c442376345a019a7be (diff) | |
| download | wordpress-mu-29c2072f5e5b03828c3bfa2af0b1c1cc3fe30923.tar.gz wordpress-mu-29c2072f5e5b03828c3bfa2af0b1c1cc3fe30923.tar.xz wordpress-mu-29c2072f5e5b03828c3bfa2af0b1c1cc3fe30923.zip | |
Use UPLOADS constant and update blogs.php (fixes #168)
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@777 7be80a69-a1ef-0310-a953-fb0f7c49ff36
| -rw-r--r-- | wp-admin/admin-db.php | 2 | ||||
| -rw-r--r-- | wp-content/blogs.php | 107 | ||||
| -rw-r--r-- | wp-content/mu-plugins/misc.php | 2 | ||||
| -rw-r--r-- | wp-includes/wpmu-functions.php | 2 | ||||
| -rw-r--r-- | wp-settings.php | 7 |
5 files changed, 73 insertions, 47 deletions
diff --git a/wp-admin/admin-db.php b/wp-admin/admin-db.php index c037b14..cc4c5c1 100644 --- a/wp-admin/admin-db.php +++ b/wp-admin/admin-db.php @@ -544,7 +544,7 @@ function wpmu_delete_blog($blog_id, $drop = false) { $wpdb->query( "DROP TABLE IF EXISTS $val" ); $wpdb->query( "DELETE FROM $wpdb->blogs WHERE blog_id = '$blog_id'" ); - $dir = ABSPATH . "wp-content/blogs.dir/{$blog_id}/files"; + $dir = constant( "ABSPATH" ) . constant( "UPLOADS" ); $dir = rtrim($dir, DIRECTORY_SEPARATOR); $top_dir = $dir; $stack = array($dir); diff --git a/wp-content/blogs.php b/wp-content/blogs.php index 63f3f0c..404d0fb 100644 --- a/wp-content/blogs.php +++ b/wp-content/blogs.php @@ -1,6 +1,15 @@ <?php
-define( "BLOGDEFINITION", true );
-require_once( "../wp-config.php" );
+define( 'BLOGDEFINITION', true ); // this prevents most of WP from being loaded
+require_once( dirname( dirname( __FILE__) ) . '/wp-config.php' ); // absolute includes are faster
+
+if (
+ $current_blog->archived == '1' ||
+ $current_blog->spam == '1' ||
+ $current_blog->deleted == '1'
+) {
+ header("HTTP/1.1 404 Not Found");
+ graceful_fail('404 — File not found.');
+}
if ( !function_exists('wp_check_filetype') ) :
function wp_check_filetype($filename, $mimes = null) {
@@ -59,49 +68,61 @@ function wp_check_filetype($filename, $mimes = null) { }
endif;
-// Referrer protection
-if( $_SERVER["HTTP_REFERER"] ) {
- if( strpos( $_SERVER["HTTP_REFERER"], $current_blog->domain ) == false ) {
- // do something against hot linking sites!
- }
-}
+
$file = $_GET[ 'file' ];
-$file = ABSPATH . "wp-content/blogs.dir/" . $blog_id . '/files/' . $file;
-
-if( is_file( $file ) ) {
- $etag = md5( $file . filemtime( $file ) );
- $lastModified = date( "D, j M Y H:i:s ", filemtime( $file ) ) . "GMT";
- #$headers = apache_request_headers();
- // get mime type
- $mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] );
- if( $mime[ 'type' ] != false ) {
- $mimetype = $mime[ 'type' ];
- } else {
- $ext = substr( $_SERVER[ 'REQUEST_URI' ], strrpos( $_SERVER[ 'REQUEST_URI' ], '.' ) + 1 );
- $mimetype = "image/$ext";
- }
+$file = constant( "ABSPATH" ) . constant( "UPLOADS" ) . $file;
- // from http://blog.rd2inc.com/archives/2005/03/24/making-dynamic-php-pages-cacheable/
- if( $_SERVER[ 'HTTP_IF_NONE_MATCH' ] == '"' . $etag . '"' || $lastModified == $_SERVER['HTTP_IF_MODIFIED_SINCE']) {
- // They already have an up to date copy so tell them
- header('HTTP/1.1 304 Not Modified');
- header('Cache-Control: private');
- header('Content-Type: $mimetype');
- header('ETag: "'.$etag.'"');
- } else {
- header("Content-type: $mimetype" );
- header( "Last-Modified: " . $lastModified );
- header( 'Accept-Ranges: bytes' );
- header( "Content-Length: " . filesize( $file ) );
- header( 'ETag: "' . $etag . '"' );
- readfile( $file );
- }
-} else {
- // 404
+if ( !is_file( $file ) ) {
+ header("HTTP/1.1 404 Not Found");
+ graceful_fail('404 — File not found.');
+}
+
+// These should never, ever be served
+$never = array( 'js', 'exe', 'swf', 'class', 'tar', 'zip', 'rar' );
+if ( in_array( preg_replace( '|.*\.(.*)$|', '$1', $file ), $never ) ) {
header("HTTP/1.1 404 Not Found");
- print "<html><head><title>Error 404! File Not Found!</title></head>";
- print "<body>";
- print "<h1>File Not Found!</h1>";
- print "</body></html>";
+ graceful_fail('404 — File not found.');
+}
+
+$mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] );
+if( $mime[ 'type' ] != false ) {
+ $mimetype = $mime[ 'type' ];
+} else {
+ $ext = substr( $_SERVER[ 'REQUEST_URI' ], strrpos( $_SERVER[ 'REQUEST_URI' ], '.' ) + 1 );
+ $mimetype = "image/$ext";
}
+header( 'Content-type: ' . $mimetype ); // always send this
+
+$timestamp = filemtime( $file );
+
+$last_modified = gmdate('D, d M Y H:i:s', $timestamp);
+$etag = '"' . md5($last_modified) . '"';
+@header( "Last-Modified: $last_modified GMT" );
+@header( 'ETag: ' . $etag );
+
+$expire = gmdate('D, d M Y H:i:s', time() + 100000000);
+@header( "Expires: $expire GMT" );
+
+// Support for Conditional GET
+if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) $client_etag = stripslashes($_SERVER['HTTP_IF_NONE_MATCH']);
+else $client_etag = false;
+
+$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE']);
+// If string is empty, return 0. If not, attempt to parse into a timestamp
+$client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0;
+
+// Make a timestamp for our most recent modification...
+$modified_timestamp = strtotime($last_modified);
+
+if ( ($client_last_modified && $client_etag) ?
+ (($client_modified_timestamp >= $modified_timestamp) && ($client_etag == $etag)) :
+ (($client_modified_timestamp >= $modified_timestamp) || ($client_etag == $etag)) ) {
+ header('HTTP/1.1 304 Not Modified');
+ exit;
+}
+
+// If we made it this far, just serve the file
+
+readfile( $file );
+
?>
diff --git a/wp-content/mu-plugins/misc.php b/wp-content/mu-plugins/misc.php index c65f02e..947f459 100644 --- a/wp-content/mu-plugins/misc.php +++ b/wp-content/mu-plugins/misc.php @@ -72,7 +72,7 @@ function upload_is_user_over_quota( $ret ) { $spaceAllowed = get_site_option("blog_upload_space"); if(empty($spaceAllowed) || !is_numeric($spaceAllowed)) $spaceAllowed = 10; - $dirName = ABSPATH."wp-content/blogs.dir/" . $wpdb->blogid . "/files/"; + $dirName = constant( "ABSPATH" ) . constant( "UPLOADS" ); $size = get_dirsize($dirName) / 1024 / 1024; if( ($spaceAllowed-$size) < 0 ) { diff --git a/wp-includes/wpmu-functions.php b/wp-includes/wpmu-functions.php index 823e4ee..25df62d 100644 --- a/wp-includes/wpmu-functions.php +++ b/wp-includes/wpmu-functions.php @@ -35,7 +35,7 @@ function wpmu_checkAvailableSpace($action) { if( $spaceAllowed == false ) $spaceAllowed = 10; - $dirName = ABSPATH."wp-content/blogs.dir/".$blog_id."/files/"; + $dirName = constant( "ABSPATH" ) . constant( "UPLOADS" ); $dir = dir($dirName); $size = 0; diff --git a/wp-settings.php b/wp-settings.php index 1459781..50377a0 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -21,6 +21,11 @@ function wp_unregister_GLOBALS() { wp_unregister_GLOBALS(); +if( isset( $_SERVER[ 'HTTP_USER_AGENT' ] ) ) { + $HTTP_USER_AGENT = $_SERVER[ 'HTTP_USER_AGENT' ]; +} else { + $HTTP_USER_AGENT = ''; +} unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories ); if ( ! isset($blog_id) ) @@ -136,10 +141,10 @@ else wp_cache_init(); +define( "UPLOADS", "wp-content/blogs.dir/{$wpdb->blogid}/files" ); if( defined( "BLOGDEFINITION" ) && constant( "BLOGDEFINITION" ) == true ) return; -define( "UPLOADS", "wp-content/blogs.dir/{$wpdb->blogid}/files" ); require (ABSPATH . WPINC . '/functions.php'); require (ABSPATH . WPINC . '/plugin.php'); |