1 files changed, 28 insertions, 0 deletions

diff --git a/cdn/image/index.php b/cdn/image/index.php
new file mode 100644
index 0000000..0a38aee
--- /dev/null
+++ b/cdn/image/index.php
@@ -0,0 +1,28 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
+
+if (!isset($_GET['i'])) {
+    die();
+}
+
+if (strpos($_GET['i'], ".") !== false || strpos($_GET['i'], "/") !== false) {
+    die();
+}
+
+if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/films/poster/" . $_GET['i'] . ".png")) {
+    $file = $_SERVER['DOCUMENT_ROOT'] . "/data/films/poster/" . $_GET['i'] . ".png";
+} else {
+    $file = $_SERVER['DOCUMENT_ROOT'] . "/data/films/poster/\$default\$.png";
+}
+
+header('Content-Description: File Transfer');
+header('Content-Type: ' . mime_content_type($file));
+header('Content-Transfer-Encoding: binary');
+header('Expires: 0');
+header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+header('Pragma: public');
+ob_clean();
+flush();
+readfile($file);
+exit;
\ No newline at end of file