diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/ms-files.php --- a/wp/wp-includes/ms-files.php Mon Oct 14 18:06:33 2019 +0200 +++ b/wp/wp-includes/ms-files.php Mon Oct 14 18:28:13 2019 +0200 @@ -11,8 +11,9 @@ define( 'SHORTINIT', true ); require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); -if ( !is_multisite() ) +if ( ! is_multisite() ) { die( 'Multisite support not enabled' ); +} ms_file_constants(); @@ -23,24 +24,27 @@ die( '404 — File not found.' ); } -$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET[ 'file' ] ); -if ( !is_file( $file ) ) { +$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET['file'] ); +if ( ! is_file( $file ) ) { status_header( 404 ); die( '404 — File not found.' ); } $mime = wp_check_filetype( $file ); -if ( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) ) - $mime[ 'type' ] = mime_content_type( $file ); +if ( false === $mime['type'] && function_exists( 'mime_content_type' ) ) { + $mime['type'] = mime_content_type( $file ); +} -if ( $mime[ 'type' ] ) - $mimetype = $mime[ 'type' ]; -else +if ( $mime['type'] ) { + $mimetype = $mime['type']; +} else { $mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 ); +} header( 'Content-Type: ' . $mimetype ); // always send this -if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) +if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) { header( 'Content-Length: ' . filesize( $file ) ); +} // Optional support for X-Sendfile and X-Accel-Redirect if ( WPMU_ACCEL_REDIRECT ) { @@ -52,7 +56,7 @@ } $last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) ); -$etag = '"' . md5( $last_modified ) . '"'; +$etag = '"' . md5( $last_modified ) . '"'; header( "Last-Modified: $last_modified GMT" ); header( 'ETag: ' . $etag ); header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' ); @@ -60,19 +64,20 @@ // Support for Conditional GET - use stripslashes to avoid formatting.php dependency $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; -if ( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) +if ( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false; +} $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ); // If string is empty, return 0. If not, attempt to parse into a timestamp $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0; // Make a timestamp for our most recent modification... -$modified_timestamp = strtotime($last_modified); +$modified_timestamp = strtotime( $last_modified ); if ( ( $client_last_modified && $client_etag ) - ? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) ) - : ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) ) + ? ( ( $client_modified_timestamp >= $modified_timestamp ) && ( $client_etag == $etag ) ) + : ( ( $client_modified_timestamp >= $modified_timestamp ) || ( $client_etag == $etag ) ) ) { status_header( 304 ); exit;