mirror of
https://github.com/openvk/openvk
synced 2024-12-23 00:51:03 +03:00
Make BlobPresenter compatible with image minatures
This commit is contained in:
parent
57f3e1f0bb
commit
9bc68b34ef
2 changed files with 12 additions and 7 deletions
|
@ -17,20 +17,23 @@ final class BlobPresenter extends OpenVKPresenter
|
|||
function renderFile(/*string*/ $dir, string $name, string $format)
|
||||
{
|
||||
$dir = $this->getDirName($dir);
|
||||
$name = preg_replace("%[^a-zA-Z0-9_\-]++%", "", $name);
|
||||
$path = OPENVK_ROOT . "/storage/$dir/$name.$format";
|
||||
if(!file_exists($path)) {
|
||||
$base = realpath(OPENVK_ROOT . "/storage/$dir");
|
||||
$path = realpath(OPENVK_ROOT . "/storage/$dir/$name.$format");
|
||||
if(!$path) # Will also check if file exists since realpath fails on ENOENT
|
||||
$this->notFound();
|
||||
} else {
|
||||
else if(strpos($path, $path) !== 0) # Prevent directory traversal and storage container escape
|
||||
$this->notFound();
|
||||
|
||||
if(isset($_SERVER["HTTP_IF_NONE_MATCH"]))
|
||||
exit(header("HTTP/1.1 304 Not Modified"));
|
||||
|
||||
header("Content-Type: " . mime_content_type($path));
|
||||
header("Content-Size: " . filesize($path));
|
||||
header("Cache-Control: public, max-age=1210000");
|
||||
header("X-Accel-Expires: 1210000");
|
||||
header("ETag: W/\"" . hash_file("snefru", $path) . "\"");
|
||||
|
||||
readfile($path);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -121,8 +121,10 @@ routes:
|
|||
handler: "Wall->delete"
|
||||
- url: "/wall{num}_{num}/pin"
|
||||
handler: "Wall->pin"
|
||||
- url: "/blob_{text}/{text}.{text}"
|
||||
- url: "/blob_{text}/{?path}.{text}"
|
||||
handler: "Blob->file"
|
||||
placeholders:
|
||||
path: "[A-z0-9\\-_\\/]{3,}"
|
||||
- url: "/themepack/{text}/{?version}/{?resClass}/{?any}"
|
||||
handler: "Themepacks->resource"
|
||||
placeholders:
|
||||
|
|
Loading…
Reference in a new issue