<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Multisite upload handler.

[2] Fix | Delete

*

[3] Fix | Delete

* @since 3.0.0

[4] Fix | Delete

*

[5] Fix | Delete

* @package WordPress

[6] Fix | Delete

* @subpackage Multisite

[7] Fix | Delete

*/

[8] Fix | Delete

[9] Fix | Delete

define( 'MS_FILES_REQUEST', true );

[10] Fix | Delete

define( 'SHORTINIT', true );

[11] Fix | Delete

[12] Fix | Delete

/** Load WordPress Bootstrap */

[13] Fix | Delete

require_once dirname( __DIR__ ) . '/wp-load.php';

[14] Fix | Delete

[15] Fix | Delete

if ( ! is_multisite() ) {

[16] Fix | Delete

die( 'Multisite support not enabled' );

[17] Fix | Delete

}

[18] Fix | Delete

[19] Fix | Delete

ms_file_constants();

[20] Fix | Delete

[21] Fix | Delete

if ( '1' === $current_blog->archived || '1' === $current_blog->spam || '1' === $current_blog->deleted ) {

[22] Fix | Delete

status_header( 404 );

[23] Fix | Delete

die( '404 &#8212; File not found.' );

[24] Fix | Delete

}

[25] Fix | Delete

[26] Fix | Delete

$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET['file'] );

[27] Fix | Delete

if ( ! is_file( $file ) ) {

[28] Fix | Delete

status_header( 404 );

[29] Fix | Delete

die( '404 &#8212; File not found.' );

[30] Fix | Delete

}

[31] Fix | Delete

[32] Fix | Delete

$mime = wp_check_filetype( $file );

[33] Fix | Delete

if ( false === $mime['type'] && function_exists( 'mime_content_type' ) ) {

[34] Fix | Delete

$mime['type'] = mime_content_type( $file );

[35] Fix | Delete

}

[36] Fix | Delete

[37] Fix | Delete

if ( $mime['type'] ) {

[38] Fix | Delete

$mimetype = $mime['type'];

[39] Fix | Delete

} else {

[40] Fix | Delete

$mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );

[41] Fix | Delete

}

[42] Fix | Delete

[43] Fix | Delete

header( 'Content-Type: ' . $mimetype ); // Always send this.

[44] Fix | Delete

if ( ! str_contains( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) {

[45] Fix | Delete

header( 'Content-Length: ' . filesize( $file ) );

[46] Fix | Delete

}

[47] Fix | Delete

[48] Fix | Delete

// Optional support for X-Sendfile and X-Accel-Redirect.

[49] Fix | Delete

if ( WPMU_ACCEL_REDIRECT ) {

[50] Fix | Delete

header( 'X-Accel-Redirect: ' . str_replace( WP_CONTENT_DIR, '', $file ) );

[51] Fix | Delete

exit;

[52] Fix | Delete

} elseif ( WPMU_SENDFILE ) {

[53] Fix | Delete

header( 'X-Sendfile: ' . $file );

[54] Fix | Delete

exit;

[55] Fix | Delete

}

[56] Fix | Delete

[57] Fix | Delete

$wp_last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );

[58] Fix | Delete

$wp_etag = '"' . md5( $wp_last_modified ) . '"';

[59] Fix | Delete

[60] Fix | Delete

header( "Last-Modified: $wp_last_modified GMT" );

[61] Fix | Delete

header( 'ETag: ' . $wp_etag );

[62] Fix | Delete

header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );

[63] Fix | Delete

[64] Fix | Delete

// Support for conditional GET - use stripslashes() to avoid formatting.php dependency.

[65] Fix | Delete

if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) {

[66] Fix | Delete

$client_etag = stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] );

[67] Fix | Delete

} else {

[68] Fix | Delete

$client_etag = '';

[69] Fix | Delete

}

[70] Fix | Delete

[71] Fix | Delete

if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {

[72] Fix | Delete

$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );

[73] Fix | Delete

} else {

[74] Fix | Delete

$client_last_modified = '';

[75] Fix | Delete

}

[76] Fix | Delete

[77] Fix | Delete

// If string is empty, return 0. If not, attempt to parse into a timestamp.

[78] Fix | Delete

$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;

[79] Fix | Delete

[80] Fix | Delete

// Make a timestamp for our most recent modification.

[81] Fix | Delete

$wp_modified_timestamp = strtotime( $wp_last_modified );

[82] Fix | Delete

[83] Fix | Delete

if ( ( $client_last_modified && $client_etag )

[84] Fix | Delete

? ( ( $client_modified_timestamp >= $wp_modified_timestamp ) && ( $client_etag === $wp_etag ) )

[85] Fix | Delete

: ( ( $client_modified_timestamp >= $wp_modified_timestamp ) || ( $client_etag === $wp_etag ) )

[86] Fix | Delete

) {

[87] Fix | Delete

status_header( 304 );

[88] Fix | Delete

exit;

[89] Fix | Delete

}

[90] Fix | Delete

[91] Fix | Delete

// If we made it this far, just serve the file.

[92] Fix | Delete

readfile( $file );

[93] Fix | Delete

flush();

[94] Fix | Delete

[95] Fix | Delete