X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/699231ae09f7057a4d0000cdf32e50a3df6a04ca..46588ee871246a923d972538dbc93b26f4fda932:/wp-includes/ms-files.php?ds=sidebyside diff --git a/wp-includes/ms-files.php b/wp-includes/ms-files.php index f5af8e03..de6d15db 100644 --- a/wp-includes/ms-files.php +++ b/wp-includes/ms-files.php @@ -23,22 +23,22 @@ if ( $current_blog->archived == '1' || $current_blog->spam == '1' || $current_bl die( '404 — File not found.' ); } -$file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] ); +$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET[ 'file' ] ); if ( !is_file( $file ) ) { status_header( 404 ); die( '404 — File not found.' ); } -$mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] ); +$mime = wp_check_filetype( $file ); if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) ) $mime[ 'type' ] = mime_content_type( $file ); if( $mime[ 'type' ] ) $mimetype = $mime[ 'type' ]; else - $mimetype = 'image/' . substr( $_SERVER[ 'REQUEST_URI' ], strrpos( $_SERVER[ 'REQUEST_URI' ], '.' ) + 1 ); + $mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 ); -header( 'Content-type: ' . $mimetype ); // always send this +header( 'Content-Type: ' . $mimetype ); // always send this if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) header( 'Content-Length: ' . filesize( $file ) ); @@ -57,7 +57,7 @@ header( "Last-Modified: $last_modified GMT" ); header( 'ETag: ' . $etag ); header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' ); -// Support for Conditional GET +// Support for Conditional GET - use stripslashes to avoid formatting.php dependency $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) @@ -80,4 +80,3 @@ if ( ( $client_last_modified && $client_etag ) // If we made it this far, just serve the file readfile( $file ); -?>