| 12 | | require_once( dirname( dirname( __FILE__) ) . '/wp-load.php' ); // absolute includes are faster |
| 13 | | require_once( WP_CONTENT_DIR . '/blogs.php' ); |
| 14 | | exit(); |
| | 12 | require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); |
| | 13 | ms_default_constants( 'ms-files' ); |
| | 14 | |
| | 15 | error_reporting(0); |
| | 16 | |
| | 17 | // Allow wp-content/blogs.php to be used. |
| | 18 | if ( file_exists( WP_CONTENT_DIR . '/blogs.php' ) ) { |
| | 19 | require_once( WP_CONTENT_DIR . '/blogs.php' ); |
| | 20 | exit; |
| | 21 | } |
| | 22 | |
| | 23 | if ( $current_blog->archived == '1' || $current_blog->spam == '1' || $current_blog->deleted == '1' ) { |
| | 24 | status_header( 404 ); |
| | 25 | die( '404 — File not found.' ); |
| | 26 | } |
| | 27 | |
| | 28 | if ( !function_exists('wp_check_filetype') ) : |
| | 29 | function wp_check_filetype($filename, $mimes = null) { |
| | 30 | // Accepted MIME types are set here as PCRE unless provided. |
| | 31 | $mimes = is_array($mimes) ? $mimes : array ( |
| | 32 | 'jpg|jpeg|jpe' => 'image/jpeg', |
| | 33 | 'gif' => 'image/gif', |
| | 34 | 'png' => 'image/png', |
| | 35 | 'bmp' => 'image/bmp', |
| | 36 | 'tif|tiff' => 'image/tiff', |
| | 37 | 'ico' => 'image/x-icon', |
| | 38 | 'asf|asx|wax|wmv|wmx' => 'video/asf', |
| | 39 | 'avi' => 'video/avi', |
| | 40 | 'mov|qt' => 'video/quicktime', |
| | 41 | 'mpeg|mpg|mpe' => 'video/mpeg', |
| | 42 | 'txt|c|cc|h' => 'text/plain', |
| | 43 | 'rtx' => 'text/richtext', |
| | 44 | 'css' => 'text/css', |
| | 45 | 'htm|html' => 'text/html', |
| | 46 | 'mp3|mp4' => 'audio/mpeg', |
| | 47 | 'ra|ram' => 'audio/x-realaudio', |
| | 48 | 'wav' => 'audio/wav', |
| | 49 | 'ogg' => 'audio/ogg', |
| | 50 | 'mid|midi' => 'audio/midi', |
| | 51 | 'wma' => 'audio/wma', |
| | 52 | 'rtf' => 'application/rtf', |
| | 53 | 'js' => 'application/javascript', |
| | 54 | 'pdf' => 'application/pdf', |
| | 55 | 'doc' => 'application/msword', |
| | 56 | 'pot|pps|ppt' => 'application/vnd.ms-powerpoint', |
| | 57 | 'wri' => 'application/vnd.ms-write', |
| | 58 | 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel', |
| | 59 | 'mdb' => 'application/vnd.ms-access', |
| | 60 | 'mpp' => 'application/vnd.ms-project', |
| | 61 | 'swf' => 'application/x-shockwave-flash', |
| | 62 | 'class' => 'application/java', |
| | 63 | 'tar' => 'application/x-tar', |
| | 64 | 'zip' => 'application/zip', |
| | 65 | 'gz|gzip' => 'application/x-gzip', |
| | 66 | 'exe' => 'application/x-msdownload' |
| | 67 | ); |
| | 68 | |
| | 69 | $type = false; |
| | 70 | $ext = false; |
| | 71 | |
| | 72 | foreach ( (array) $mimes as $ext_preg => $mime_match ) { |
| | 73 | $ext_preg = '!\.(' . $ext_preg . ')$!i'; |
| | 74 | if ( preg_match($ext_preg, $filename, $ext_matches) ) { |
| | 75 | $type = $mime_match; |
| | 76 | $ext = $ext_matches[1]; |
| | 77 | break; |
| | 78 | } |
| | 79 | } |
| | 80 | |
| | 81 | return compact('ext', 'type'); |
| | 82 | } |
| | 83 | endif; |
| | 84 | |
| | 85 | $file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] ); |
| | 86 | if ( !is_file( $file ) ) { |
| | 87 | status_header( 404 ); |
| | 88 | die( '404 — File not found.' ); |
| | 89 | } |
| | 90 | |
| | 91 | $mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] ); |
| | 92 | if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) ) |
| | 93 | $mime[ 'type' ] = mime_content_type( $file ); |
| | 94 | |
| | 95 | if( $mime[ 'type' ] ) |
| | 96 | $mimetype = $mime[ 'type' ]; |
| | 97 | else |
| | 98 | $mimetype = 'image/' . substr( $_SERVER[ 'REQUEST_URI' ], strrpos( $_SERVER[ 'REQUEST_URI' ], '.' ) + 1 ); |
| | 99 | |
| | 100 | header( 'Content-type: ' . $mimetype ); // always send this |
| | 101 | if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) |
| | 102 | header( 'Content-Length: ' . filesize( $file ) ); |
| | 103 | |
| | 104 | // Optional support for X-Sendfile and X-Accel-Redirect |
| | 105 | if ( WPMU_ACCEL_REDIRECT ) { |
| | 106 | header( 'X-Accel-Redirect: ' . str_replace( WP_CONTENT_DIR, '', $file ) ); |
| | 107 | exit; |
| | 108 | } elseif ( WPMU_SENDFILE ) { |
| | 109 | header( 'X-Sendfile: ' . $file ); |
| | 110 | exit; |
| | 111 | } |
| | 112 | |
| | 113 | $last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) ); |
| | 114 | $etag = '"' . md5( $last_modified ) . '"'; |
| | 115 | header( "Last-Modified: $last_modified GMT" ); |
| | 116 | header( 'ETag: ' . $etag ); |
| | 117 | header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' ); |
| | 118 | |
| | 119 | // Support for Conditional GET |
| | 120 | $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; |
| | 121 | |
| | 122 | if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) |
| | 123 | $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false; |
| | 124 | |
| | 125 | $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ); |
| | 126 | // If string is empty, return 0. If not, attempt to parse into a timestamp |
| | 127 | $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0; |
| | 128 | |
| | 129 | // Make a timestamp for our most recent modification... |
| | 130 | $modified_timestamp = strtotime($last_modified); |
| | 131 | |
| | 132 | if ( ( $client_last_modified && $client_etag ) |
| | 133 | ? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) ) |
| | 134 | : ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) ) |
| | 135 | ) { |
| | 136 | status_header( 304 ); |
| | 137 | exit; |
| | 138 | } |
| | 139 | |
| | 140 | // If we made it this far, just serve the file |
| | 141 | readfile( $file ); |
| | 142 | |
| | 143 | ?> |