0byt3m1n1
Path:
/
data
/
applications
/
aps
/
gallery
/
2.2-08
/
htdocs
/
modules
/
core
/
[
Home
]
File: DownloadItem.inc
<?php /* * Gallery - a web based photo album viewer and editor * Copyright (C) 2000-2007 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at * your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ /** * Provides downloading of binary items * @package GalleryCore * @subpackage UserInterface * @author Bharat Mediratta <bharat@menalto.com> * @version $Revision: 15513 $ */ class DownloadItemView extends GalleryView { /** * @see GalleryView::isImmediate */ function isImmediate() { return true; } /** * @see GalleryView::isAllowedInEmbedOnly */ function isAllowedInEmbedOnly() { return true; } /** * @see GalleryView::shouldSaveSession */ function shouldSaveSession() { return false; } /** * @see GalleryView::renderImmediate */ function renderImmediate($status, $error) { /* Figure out which item we're talking about */ $itemId = (int) GalleryUtilities::getRequestVariables('itemId'); if (empty($itemId)) { return GalleryCoreApi::error(ERROR_BAD_PARAMETER); } /* Load the item */ list ($ret, $item) = GalleryCoreApi::loadEntitiesById($itemId); if ($ret) { return $ret; } /* Figure out the filename */ list ($ret, $pseudoFileName) = GalleryUtilities::getPseudoFileName($item); if ($ret) { return $ret; } /* Don't allow malicious URLs */ $fileName = GalleryUtilities::getRequestVariables('fileName'); if (!empty($fileName) && $fileName != $pseudoFileName) { return GalleryCoreApi::error(GALLERY_ERROR, __FILE__, __LINE__, 'malicious url'); } /* Get the path to the file */ if (!method_exists($item, 'fetchPath')) { return GalleryCoreApi::error(ERROR_BAD_PARAMETER); } list ($ret, $path) = $item->fetchPath(); if ($ret) { return $ret; } /* Rebuild derivative cache, if necessary */ $itemForPermission = $itemId; $derivativeType = null; if (GalleryUtilities::isA($item, 'GalleryDerivative')) { list ($ret, $item) = GalleryCoreApi::rebuildDerivativeCacheIfNotCurrent($itemId); if ($ret) { return $ret; } $itemForPermission = $item->getParentId(); $derivativeType = $item->getDerivativeType(); } $ret = $this->_sendFile(array('derivativePath' => $path, 'derivativeType' => $derivativeType, 'mimeType' => $item->getMimeType(), 'pseudoFileName' => $pseudoFileName, 'parentId' => $itemForPermission, 'id' => $itemId)); if ($ret) { return $ret; } $ret = GalleryCoreApi::createFastDownloadFile($item); /* Ignore failures since the file has already been sent */ return null; } function _sendFile($data) { global $gallery; $platform =& $gallery->getPlatform(); $session =& $gallery->getSession(); $phpVm = $gallery->getPhpVm(); if (function_exists('apache_setenv')) { @apache_setenv('no-gzip', '1'); } /* Make sure we have permission */ if (($ids = $session->get('core.isPrintService')) && in_array($data['id'], $ids)) { /* Print services only need core.view to get access to full size version of photos */ $permission = 'core.view'; } else { $permission = 'core.viewSource'; switch ($data['derivativeType']) { case DERIVATIVE_TYPE_IMAGE_THUMBNAIL: $permission = 'core.view'; break; case DERIVATIVE_TYPE_IMAGE_RESIZE: $permission = 'core.viewResizes'; break; /* DERIVATIVE_TYPE_IMAGE_PREFERRED uses core.viewSource */ } } $ret = GalleryCoreApi::assertHasItemPermission($data['parentId'], $permission); if ($ret) { return $ret; } $requestMethod = strtolower(GalleryUtilities::getServerVar('REQUEST_METHOD')); $phpVm->header('Content-type: ' . $data['mimeType']); $phpVm->header('Content-Disposition: inline; filename="' . $data['pseudoFileName'] . '"'); $stats = $platform->stat($data['derivativePath']); $phpVm->header('Last-Modified: ' . GalleryUtilities::getHttpDate($stats[9])); $phpVm->header('Expires: ' . GalleryUtilities::getHttpDate(time() + 31536000)); /* If the request method is HEAD, don't send back the body */ if ($requestMethod == 'head') { $phpVm->header('Content-length: 0'); } else { if ($stats[7] > 0) { $phpVm->header('Content-length: ' . $stats[7]); } /* * Don't use readfile() because it buffers the entire file in memory. Profiling shows * that this approach is as efficient as fpassthru() but we get to call * guaranteeTimeLimit which prevents it from failing on very large files */ if ($fd = $platform->fopen($data['derivativePath'], 'rb')) { while (true) { $bits = $platform->fread($fd, 65535); if (strlen($bits) == 0) { break; } print $bits; $gallery->guaranteeTimeLimit(30); } $platform->fclose($fd); } } return null; } } ?>