WP File Manager
Current Path:
/
home
/
translil
/
www
/
amitram
/
multimedia
/
Name
Action
..
.gitignore
Edit
10_ans_depot_sequedin
10_ans_wattrelos
20_ans_ligne_touristique
50ans
LICENSE.txt
Edit
README.md
Edit
_data
about.php
Edit
action.php
Edit
admin
admin.php
Edit
collection_bus_etrangers
collection_bus_lrt
collection_metros
collection_tws_etrangers
collection_tws_lrt
collection_utilitaires
comments.php
Edit
config.php
Edit
deule_en_fete_2015
deule_en_fete_2017
doc
evenement_2012
expo_tourcoing_2016
feed.php
Edit
fete_musique_2015
galerie_15
galleries
histoire_amitram
i.php
Edit
identification.php
Edit
include
indox.php
Edit
install
install.php
Edit
language
local
lomme_halluin_2018
nbm.php
Edit
nettoyage_voies
notification.php
Edit
password.php
Edit
patrimoine_2014
patrimoine_2015
picture.php
Edit
plugins
popuphelp.php
Edit
presse
profile.php
Edit
psc.html
Edit
psc.pdf
Edit
qsearch.php
Edit
random.php
Edit
rapatriement_2012
rapatriement_4924
register.php
Edit
search.php
Edit
search_rules.php
Edit
sequedin_26_04_2015
tags.php
Edit
template-extension
tools
tracteurs_en_weppes_2013
travaux_114
travaux_182
travaux_399
travaux_4826
travaux_567
travaux_638
travaux_924
travaux_a200
travaux_divers
travaux_val
travaux_voie
travaux_wagons
upgrade.php
Edit
upgrade_feed.php
Edit
upload
videos
visite_amtuir_29_09_2018
ws.php
Edit
Editing: action.php
<?php // +-----------------------------------------------------------------------+ // | Piwigo - a PHP based photo gallery | // +-----------------------------------------------------------------------+ // | Copyright(C) 2008-2016 Piwigo Team http://piwigo.org | // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | // +-----------------------------------------------------------------------+ // | This program is free software; you can redistribute it and/or modify | // | it under the terms of the GNU General Public License as published by | // | the Free Software Foundation | // | | // | This program is distributed in the hope that it will be useful, but | // | WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | // | General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ define('PHPWG_ROOT_PATH','./'); session_cache_limiter('public'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); // Check Access and exit when user status is not ok check_status(ACCESS_GUEST); function guess_mime_type($ext) { switch ( strtolower($ext) ) { case "jpe": case "jpeg": case "jpg": $ctype="image/jpeg"; break; case "png": $ctype="image/png"; break; case "gif": $ctype="image/gif"; break; case "tiff": case "tif": $ctype="image/tiff"; break; case "txt": $ctype="text/plain"; break; case "html": case "htm": $ctype="text/html"; break; case "xml": $ctype="text/xml"; break; case "pdf": $ctype="application/pdf"; break; case "zip": $ctype="application/zip"; break; case "ogg": $ctype="application/ogg"; break; default: $ctype="application/octet-stream"; } return $ctype; } function do_error( $code, $str ) { set_status_header( $code ); echo $str ; exit(); } if ($conf['enable_formats'] and isset($_GET['format'])) { check_input_parameter('format', $_GET, false, PATTERN_ID); $query = ' SELECT * FROM '.IMAGE_FORMAT_TABLE.' WHERE format_id = '.$_GET['format'].' ;'; $formats = query2array($query); if (count($formats) == 0) { do_error(400, 'Invalid request - format'); } $format = $formats[0]; $_GET['id'] = $format['image_id']; $_GET['part'] = 'f'; // "f" for "format" } if (!isset($_GET['id']) or !is_numeric($_GET['id']) or !isset($_GET['part']) or !in_array($_GET['part'], array('e','r','f') ) ) { do_error(400, 'Invalid request - id/part'); } $query = ' SELECT * FROM '. IMAGES_TABLE.' WHERE id='.$_GET['id'].' ;'; $element_info = pwg_db_fetch_assoc(pwg_query($query)); if ( empty($element_info) ) { do_error(404, 'Requested id not found'); } // special download action for admins $is_admin_download = false; if (is_admin() and isset($_GET['pwg_token']) and get_pwg_token() == $_GET['pwg_token']) { $is_admin_download = true; $user['enabled_high'] = true; } $src_image = new SrcImage($element_info); // $filter['visible_categories'] and $filter['visible_images'] // are not used because it's not necessary (filter <> restriction) $query=' SELECT id FROM '.CATEGORIES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id WHERE image_id = '.$_GET['id'].' '.get_sql_condition_FandF( array( 'forbidden_categories' => 'category_id', 'forbidden_images' => 'image_id', ), ' AND' ).' LIMIT 1 ;'; if (!$is_admin_download and pwg_db_num_rows(pwg_query($query))<1 ) { do_error(401, 'Access denied'); } include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); $file=''; switch ($_GET['part']) { case 'e': if ( $src_image->is_original() and !$user['enabled_high'] ) {// we have a photo and the user has no access to HD $deriv = new DerivativeImage(IMG_XXLARGE, $src_image); if ( !$deriv->same_as_source() ) { do_error(401, 'Access denied e'); } } $file = get_element_path($element_info); break; case 'r': $file = original_to_representative( get_element_path($element_info), $element_info['representative_ext'] ); break; case 'f' : $file = original_to_format(get_element_path($element_info), $format['ext']); $element_info['file'] = get_filename_wo_extension($element_info['file']).'.'.$format['ext']; break; } if ( empty($file) ) { do_error(404, 'Requested file not found'); } if ($_GET['part'] == 'e') { pwg_log($_GET['id'], 'high'); } else if ($_GET['part'] == 'e') { pwg_log($_GET['id'], 'other'); } else if ($_GET['part'] == 'f') { pwg_log($_GET['id'], 'high', $format['format_id']); } $http_headers = array(); $ctype = null; if (!url_is_remote($file)) { if ( !@is_readable($file) ) { do_error(404, "Requested file not found - $file"); } $http_headers[] = 'Content-Length: '.@filesize($file); if ( function_exists('mime_content_type') ) { $ctype = mime_content_type($file); } $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT'; $http_headers[] = 'Last-Modified: '.$gmt_mtime; // following lines would indicate how the client should handle the cache /* $max_age=300; $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT'; // HTTP/1.1 only $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/ if ('f' != $_GET['part'] and isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { set_status_header(304); foreach ($http_headers as $header) { header( $header ); } exit(); } } if (!isset($ctype)) { // give it a guess $ctype = guess_mime_type( get_extension($file) ); } $http_headers[] = 'Content-Type: '.$ctype; if (isset($_GET['download'])) { $http_headers[] = 'Content-Disposition: attachment; filename="'.htmlspecialchars_decode($element_info['file']).'";'; $http_headers[] = 'Content-Transfer-Encoding: binary'; } else { $http_headers[] = 'Content-Disposition: inline; filename="' .basename($file).'";'; } foreach ($http_headers as $header) { header( $header ); } // Looking at the safe_mode configuration for execution time if (ini_get('safe_mode') == 0) { @set_time_limit(0); } @readfile($file); ?>