X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/d954c87a1e3f0e671855614661da9e5825279134..073c5ed6408e2f00dc1863b463fe205467628905:/wp-includes/ms-files.php diff --git a/wp-includes/ms-files.php b/wp-includes/ms-files.php index 5ec6d1dd..87fa70f4 100644 --- a/wp-includes/ms-files.php +++ b/wp-includes/ms-files.php @@ -11,7 +11,7 @@ define( 'SHORTINIT', true ); require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); -if( !is_multisite() ) +if ( !is_multisite() ) die( 'Multisite support not enabled' ); ms_file_constants(); @@ -23,22 +23,22 @@ if ( $current_blog->archived == '1' || $current_blog->spam == '1' || $current_bl die( '404 — File not found.' ); } -$file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] ); +$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET[ 'file' ] ); if ( !is_file( $file ) ) { status_header( 404 ); die( '404 — File not found.' ); } $mime = wp_check_filetype( $file ); -if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) ) +if ( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) ) $mime[ 'type' ] = mime_content_type( $file ); -if( $mime[ 'type' ] ) +if ( $mime[ 'type' ] ) $mimetype = $mime[ 'type' ]; else $mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 ); -header( 'Content-type: ' . $mimetype ); // always send this +header( 'Content-Type: ' . $mimetype ); // always send this if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) header( 'Content-Length: ' . filesize( $file ) ); @@ -57,10 +57,10 @@ header( "Last-Modified: $last_modified GMT" ); header( 'ETag: ' . $etag ); header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' ); -// Support for Conditional GET +// Support for Conditional GET - use stripslashes to avoid formatting.php dependency $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; -if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) +if ( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false; $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ); @@ -80,4 +80,3 @@ if ( ( $client_last_modified && $client_etag ) // If we made it this far, just serve the file readfile( $file ); -?>