0
我使用Github的Gist来限制登录用户访问WP-Content/Uploads文件夹中的图像。现在该脚本适用于需要登录的部分,但是在登录返回的图像时无效。 当我检查返回的图像,即时通讯看到一个文件大小确定,良好的内容标题。但它仍然是一个腐败的文件。Wordpress上传仅限于登录用户
https://gist.github.com/hakre/1552239
使用最新的WP版本。
任何人都知道我应该看看这个脚本的位置?
<?php
/*
* dl-file.php
*
* Protect uploaded files with login.
*
* @link http://wordpress.stackexchange.com/questions/37144/protect- wordpress-uploads-if-user-is-not-logged-in
*
* @author hakre <http://hakre.wordpress.com/>
* @license GPL-3.0+
* @registry SPDX
*/
ob_start();
require_once('wp-load.php');
require_once ABSPATH . WPINC . '/formatting.php';
require_once ABSPATH . WPINC . '/capabilities.php';
require_once ABSPATH . WPINC . '/user.php';
require_once ABSPATH . WPINC . '/meta.php';
require_once ABSPATH . WPINC . '/post.php';
require_once ABSPATH . WPINC . '/pluggable.php';
wp_cookie_constants();
ob_end_clean();
ob_end_flush();
is_user_logged_in() || auth_redirect();
list($basedir) = array_values(array_intersect_key(wp_upload_dir(), array('basedir' => 1)))+array(NULL);
$file = rtrim($basedir,'/').'/'.str_replace('..', '', isset($_GET[ 'file' ])? ''.$_GET[ 'file' ]:'');
if (!$basedir || !is_file($file)) {
status_header(404);
wp_redirect(home_url());
exit();
}
$mime = wp_check_filetype($file);
if(false === $mime[ 'type' ] && function_exists('mime_content_type'))
$mime[ 'type' ] = mime_content_type($file);
if($mime[ 'type' ])
$mimetype = $mime[ 'type' ];
else
$mimetype = 'image/' . substr($file, strrpos($file, '.') + 1);
header('Content-Type: ' . $mimetype); // always send this
if (false === strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS'))
header('Content-Length: ' . filesize($file));
$last_modified = gmdate('D, d M Y H:i:s', filemtime($file));
$etag = '"' . md5($last_modified) . '"';
header("Last-Modified: $last_modified GMT");
header('ETag: ' . $etag);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 100000000) . ' GMT');
// Support for Conditional GET
$client_etag = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH']) : false;
if(! isset($_SERVER['HTTP_IF_MODIFIED_SINCE']))
$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
$client_last_modified = trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);
// If string is empty, return 0. If not, attempt to parse into a timestamp
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified) : 0;
// Make a timestamp for our most recent modification...
$modified_timestamp = strtotime($last_modified);
if (($client_last_modified && $client_etag)
? (($client_modified_timestamp >= $modified_timestamp) && ($client_etag == $etag))
: (($client_modified_timestamp >= $modified_timestamp) || ($client_etag == $etag))
) {
status_header(304);
exit;
}
// If we made it this far, just serve the file
readfile($file);
检查实际的“图像数据”通过你的脚本返回 - 它可能包含不止于此 - PHP错误信息,其他意外输出,... – CBroe
感谢良好的反馈。修复。 – user983511