die( '404 — File not found.' );
}
-$file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] );
+$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET[ 'file' ] );
if ( !is_file( $file ) ) {
status_header( 404 );
die( '404 — File not found.' );
else
$mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );
-header( 'Content-type: ' . $mimetype ); // always send this
+header( 'Content-Type: ' . $mimetype ); // always send this
if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )
header( 'Content-Length: ' . filesize( $file ) );
// If we made it this far, just serve the file
readfile( $file );
-?>