1<?php
2/**
3 * Multisite upload handler.
4 *
5 * @since 3.0.0
6 *
7 * @package WordPress
8 * @subpackage Multisite
9 */
10
11define( 'MS_FILES_REQUEST', true );
12define( 'SHORTINIT', true );
13
14/** Load WordPress Bootstrap */
15require_once dirname( __DIR__ ) . '/wp-load.php';
16
17if ( ! is_multisite() ) {
18 die( 'Multisite support not enabled' );
19}
20
21ms_file_constants();
22
23if ( '1' === $current_blog->archived || '1' === $current_blog->spam || '1' === $current_blog->deleted ) {
24 status_header( 404 );
25 die( '404 — File not found.' );
26}
27
28if ( ! defined( 'BLOGUPLOADDIR' ) ) {
29 status_header( 500 );
30 die( '500 — Directory not configured.' );
31}
32
33$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET['file'] );
34if ( ! is_file( $file ) ) {
35 status_header( 404 );
36 die( '404 — File not found.' );
37}
38
39$mime = wp_check_filetype( $file );
40if ( false === $mime['type'] && function_exists( 'mime_content_type' ) ) {
41 $mime['type'] = mime_content_type( $file );
42}
43
44if ( $mime['type'] ) {
45 $mimetype = $mime['type'];
46} else {
47 $mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );
48}
49
50header( 'Content-Type: ' . $mimetype ); // Always send this.
51if ( ! str_contains( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) {
52 header( 'Content-Length: ' . filesize( $file ) );
53}
54
55// Optional support for X-Sendfile and X-Accel-Redirect.
56if ( WPMU_ACCEL_REDIRECT ) {
57 header( 'X-Accel-Redirect: ' . str_replace( WP_CONTENT_DIR, '', $file ) );
58 exit;
59} elseif ( WPMU_SENDFILE ) {
60 header( 'X-Sendfile: ' . $file );
61 exit;
62}
63
64$wp_last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
65$wp_etag = '"' . md5( $wp_last_modified ) . '"';
66
67header( "Last-Modified: $wp_last_modified GMT" );
68header( 'ETag: ' . $wp_etag );
69header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
70
71// Support for conditional GET - use stripslashes() to avoid formatting.php dependency.
72if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) {
73 $client_etag = stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] );
74} else {
75 $client_etag = '';
76}
77
78if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
79 $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
80} else {
81 $client_last_modified = '';
82}
83
84// If string is empty, return 0. If not, attempt to parse into a timestamp.
85$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
86
87// Make a timestamp for our most recent modification.
88$wp_modified_timestamp = strtotime( $wp_last_modified );
89
90if ( ( $client_last_modified && $client_etag )
91 ? ( ( $client_modified_timestamp >= $wp_modified_timestamp ) && ( $client_etag === $wp_etag ) )
92 : ( ( $client_modified_timestamp >= $wp_modified_timestamp ) || ( $client_etag === $wp_etag ) )
93) {
94 status_header( 304 );
95 exit;
96}
97
98// If we made it this far, just serve the file.
99readfile( $file );
100flush();
101