1
那裏有一個標題的滿口。PDF在htaccess重定向到php認證腳本後無法正確顯示
在此之後真棒職位:https://wordpress.stackexchange.com/questions/37144/how-to-protect-uploads-if-user-is-not-logged-in我創建一個htaccess規則某個目錄重定向:
RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^wp-content/uploads/indres(.*)$ dl-file-indres.php?file=$1 [QSA,L]
的PHP驗證腳本(改變一點點從原來的職位,以反映WP的默認內的目錄上傳路徑):
<?php
require_once('wp-load.php');
current_user_can('edit_posts') || auth_redirect();
list($basedir) = array_values(array_intersect_key(wp_upload_dir(), array('basedir' => 1)))+array(NULL);
$file = rtrim($basedir,'/').'/indres/'.str_replace('..', '', isset($_GET[ 'file' ])?$_GET[ 'file' ]:'');
if (!$basedir || !is_file($file)) {
status_header(404);
die('404 — File not found.');
}
$mime = wp_check_filetype($file);
if(false === $mime[ 'type' ] && function_exists('mime_content_type'))
$mime[ 'type' ] = mime_content_type($file);
if($mime[ 'type' ])
$mimetype = $mime[ 'type' ];
else
$mimetype = 'image/' . substr($file, strrpos($file, '.') + 1);
header('Content-Type: ' . $mimetype); // always send this
if (false === strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS'))
header('Content-Length: ' . filesize($file));
$last_modified = gmdate('D, d M Y H:i:s', filemtime($file));
$etag = '"' . md5($last_modified) . '"';
header("Last-Modified: $last_modified GMT");
header('ETag: ' . $etag);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 100000000) . ' GMT');
// Support for Conditional GET
$client_etag = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) : false;
if(! isset($_SERVER['HTTP_IF_MODIFIED_SINCE']))
$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
$client_last_modified = trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);
// If string is empty, return 0. If not, attempt to parse into a timestamp
$client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0;
// Make a timestamp for our most recent modification...
$modified_timestamp = strtotime($last_modified);
if (($client_last_modified && $client_etag)
? (($client_modified_timestamp >= $modified_timestamp) && ($client_etag == $etag))
: (($client_modified_timestamp >= $modified_timestamp) || ($client_etag == $etag))
) {
status_header(304);
exit;
}
// If we made it this far, just serve the file
readfile($file);
所以這個工程完全按照預期,除了一個大問題:所有的PDF文件被損壞,不管我用什麼瀏覽器,即使我逼我們使用AddType application/octet-stream .pdf
下載文件。它會下載約90%,並顯示一條消息,顯示不正確。如果我將.htaccess
規則註釋掉,pdf顯示得很好。
在我看來,問題在於php腳本本身,但是我對在腳本中導致它的內容感到迷茫。有人有主意嗎?非常感謝,