VCF5 Code

Federated Open Micro-formatting Project

Brought to you by: chronolabscoop, wishcraft
[r5]: / VCF5-Core / trunk / browse.php Maximize Restore History
106 lines (92 with data), 3.6 kB

<?php
/**
 * VCF5 Project - Open Federated Microformat Project
 *
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 * @copyright       Chronolabs Cooperative http://syd.au.snails.email
 * @license         ACADEMIC APL 2 (https://sourceforge.net/u/chronolabscoop/wiki/Academic%20Public%20License%2C%20version%202.0/)
 * @license         GNU GPL 3 (http://www.gnu.org/licenses/gpl.html)
 * @package         vcf5.core
 * @since           1.0.1
 * @author          Dr. Simon Antony Roberts <wishcraft@users.sourceforge.net>
 * @version         1.0.0
 * @description     This is the core for the VCF5 the Variant Caller File is appified in version 5 for federation
 * @link            http://blog.vcf.email
 * @link            https://github.com/VCF5
 * @link            https://sourceforge.net/projects/vcf5
 * @link            https://facebook.com/vcf5project
 * @link            https://twitter.com/vcf5project
 * 
 */

defined('DS') or define('DS', DIRECTORY_SEPARATOR);
defined('NWLINE') or define('NWLINE', "\n");

$vcf5Option['nocommon'] = true;
require_once __DIR__ . DS . 'mainfile.php';

error_reporting(0);

include_once VCF5_ROOT_PATH . DS . 'include' . DS . 'defines.php';
include_once VCF5_ROOT_PATH . DS . 'include' . DS . 'version.php';
require_once VCF5_ROOT_PATH . DS . 'class' . DS . 'vcf5load.php';

Vcf5Load::load('vcf5kernel');
$vcf5 = new xos_kernel_Vcf52();
$vcf5->pathTranslation();

// Fetch path from query string if path is not set, i.e. through a direct request
if (!isset($path) && !empty($_SERVER['QUERY_STRING'])) {
    $path      = $_SERVER['QUERY_STRING'];
    $path      = (substr($path, 0, 1) === '/') ? substr($path, 1) : $path;
    $path_type = substr($path, 0, strpos($path, '/'));
    if (!isset($vcf5->paths[$path_type])) {
        $path      = 'VCF5/' . $path;
        $path_type = 'VCF5';
    }
}

//We are not allowing output of vcf5_data
if ($path_type === 'var') {
    header('HTTP/1.0 404 Not Found');
    exit();
}

$file = realpath($vcf5->path($path));
$dir  = realpath($vcf5->paths[$path_type][0]);

//We are not allowing directory travessal either
if (false === strpos($file, $dir)) {
    header('HTTP/1.0 404 Not Found');
    exit();
}

//We can't output empty files and php files do not output
if (empty($file) || strpos($file, '.php') !== false) {
    header('HTTP/1.0 404 Not Found');
    exit();
}

$file = $vcf5->path($path);
// Is there really a file to output?
if (!file_exists($file)) {
    header('HTTP/1.0 404 Not Found');
    exit();
}

$ext   = substr($file, strrpos($file, '.') + 1);
$types = include $vcf5->path('include/mimetypes.inc.php');
//$content_type = isset($types[$ext]) ? $types[$ext] : 'text/plain';
//Do not output garbage
if (!isset($types[$ext])) {
    header('HTTP/1.0 404 Not Found');
    exit();
}

//Output now
// seconds, minutes, hours, days
$expires = 60 * 60 * 24 * 15;
header('Pragma: public');
header('Cache-Control: maxage=' . $expires);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $expires) . ' GMT');
header('Content-type: ' . $types[$ext]);
$handle = fopen($file, 'rb');
while (!feof($handle)) {
    $buffer = fread($handle, 4096);
    echo $buffer;
}
fclose($handle);
exit();