gravity forms – protect files

event 11 Juil 2018 account_circle Nicolas
label_outline Plugins WordPress

[pastacode lang= »apacheconf » manual= »%23%20BEGIN%20protect%0A%3CIfModule%20mod_rewrite.c%3E%0ARewriteEngine%20On%0ARewriteBase%20%2F%0A%23Gravity%20Forms%20Upload%20Protection%0ARewriteCond%20%25%7BREQUEST_FILENAME%7D%20-s%0ARewriteRule%20%5Ewp-content%2Fuploads%2Fgravity_forms%2F(.*)%24%20dl-file.php%3Ffile%3D%241%20%5BQSA%2CL%5D%0A%3C%2FIfModule%3E%0A%23%20END%20protect » message= » » highlight= » » provider= »manual »/]

[pastacode lang= »php » manual= »%3C%3Fphp%0Arequire_once(‘wp-load.php’)%3B%0A%2F%2Fif(!is_user_logged_in()%20%7C%7C%20!auth_redirect()%20%7C%7C%20!is_admin())%7B%0A%2F%2F%20%20status_header(%20404%20)%3B%0A%2F%2F%20%20die(%20’404%20%26%238212%3B%20File%20not%20found.’%20)%3B%0A%2F%2F%20%7D%0Aif(!is_user_logged_in()%20%26%26%20!is_admin())%20%7B%0A%09status_header(%20404%20)%3B%0A%09nocache_headers()%3B%0A%09include(%20get_query_template(%20%E2%80%98404%E2%80%99%20)%20)%3B%0A%09die()%3B%0A%7D%0A%0A%24upload_dir%20%3D%20wp_upload_dir()%3B%0A%2F%2FSet%20your%20path%20below%20I%20am%20using%20%2Fgravity_forms%2F%0A%24basedir%20%3D%20%24upload_dir%5B%20’basedir’%20%5D%20.%20’%2Fgravity_forms%2F’%3B%0A%20%0A%24file%20%3D%20rtrim(%20%24basedir%2C%20’%2F’%20)%20.%20’%2F’%20.%20str_replace(%20′..’%2C%20 »%2C%20isset(%20%24_GET%5B%20’file’%20%5D%20)%20%3F%20%24_GET%5B%20’file’%20%5D%20%3A%20 »%20)%3B%0Aif%20(%20!%20%24basedir%20%7C%7C%20!%20is_file(%20%24file%20)%20)%20%7B%0A%20status_header(%20404%20)%3B%0A%20die(%20’404%20%26%238212%3B%20File%20not%20found.’%20)%3B%0A%7D%0A%20%0A%24mime%20%3D%20wp_check_filetype(%20%24file%20)%3B%0Aif(%20false%20%3D%3D%3D%20%24mime%5B%20’type’%20%5D%20%26%26%20function_exists(%20’mime_content_type’%20)%20)%0A%20%24mime%5B%20’type’%20%5D%20%3D%20mime_content_type(%20%24file%20)%3B%0A%20%0Aif(%20%24mime%5B%20’type’%20%5D%20)%0A%20%24mimetype%20%3D%20%24mime%5B%20’type’%20%5D%3B%0Aelse%0A%20%24mimetype%20%3D%20’image%2F’%20.%20substr(%20%24file%2C%20strrpos(%20%24file%2C%20′.’%20)%20%2B%201%20)%3B%0A%20%0Aheader(%20’Content-Type%3A%20’%20.%20%24mimetype%20)%3B%20%2F%2F%20always%20send%20this%0Aif%20(%20false%20%3D%3D%3D%20strpos(%20%24_SERVER%5B’SERVER_SOFTWARE’%5D%2C%20’Microsoft-IIS’%20)%20)%0A%20header(%20’Content-Length%3A%20’%20.%20filesize(%20%24file%20)%20)%3B%0A%20%0A%24last_modified%20%3D%20gmdate(%20’D%2C%20d%20M%20Y%20H%3Ai%3As’%2C%20filemtime(%20%24file%20)%20)%3B%0A%24etag%20%3D%20’%22’%20.%20md5(%20%24last_modified%20)%20.%20’%22’%3B%0Aheader(%20%22Last-Modified%3A%20%24last_modified%20GMT%22%20)%3B%0Aheader(%20’ETag%3A%20’%20.%20%24etag%20)%3B%0Aheader(%20’Expires%3A%20’%20.%20gmdate(%20’D%2C%20d%20M%20Y%20H%3Ai%3As’%2C%20time()%20%2B%20100000000%20)%20.%20’%20GMT’%20)%3B%0A%20%0A%2F%2F%20Support%20for%20Conditional%20GET%0A%24client_etag%20%3D%20isset(%20%24_SERVER%5B’HTTP_IF_NONE_MATCH’%5D%20)%20%3F%20stripslashes(%20%24_SERVER%5B’HTTP_IF_NONE_MATCH’%5D%20)%20%3A%20false%3B%0A%20%0Aif(%20!%20isset(%20%24_SERVER%5B’HTTP_IF_MODIFIED_SINCE’%5D%20)%20)%0A%20%24_SERVER%5B’HTTP_IF_MODIFIED_SINCE’%5D%20%3D%20false%3B%0A%20%0A%24client_last_modified%20%3D%20trim(%20%24_SERVER%5B’HTTP_IF_MODIFIED_SINCE’%5D%20)%3B%0A%2F%2F%20If%20string%20is%20empty%2C%20return%200.%20If%20not%2C%20attempt%20to%20parse%20into%20a%20timestamp%0A%24client_modified_timestamp%20%3D%20%24client_last_modified%20%3F%20strtotime(%20%24client_last_modified%20)%20%3A%200%3B%0A%20%0A%2F%2F%20Make%20a%20timestamp%20for%20our%20most%20recent%20modification…%0A%24modified_timestamp%20%3D%20strtotime(%24last_modified)%3B%0A%20%0Aif%20(%20(%20%24client_last_modified%20%26%26%20%24client_etag%20)%0A%20%3F%20(%20(%20%24client_modified_timestamp%20%3E%3D%20%24modified_timestamp)%20%26%26%20(%20%24client_etag%20%3D%3D%20%24etag%20)%20)%0A%20%3A%20(%20(%20%24client_modified_timestamp%20%3E%3D%20%24modified_timestamp)%20%7C%7C%20(%20%24client_etag%20%3D%3D%20%24etag%20)%20)%0A%20)%20%7B%0A%20status_header(%20304%20)%3B%0A%20exit%3B%0A%7D%0A%20%0A%2F%2F%20If%20we%20made%20it%20this%20far%2C%20just%20serve%20the%20file%0Areadfile(%20%24file%20)%3B%0A » message= » » highlight= » » provider= »manual »/]