I have a site that allows users to browse images and purchase prints of those images. The site runs on Wordpress and the ecommerce side has been written as a plugin.
I want to store the images outside of the web root directory, and so have created a script in the plugin called show-image.php which looks like this:
<?php
if ( ! defined( 'ABSPATH' ) ) exit;
function show_images($content) {
// Clean the buffer, we're not sending anything but the image
ob_end_clean();
global $wpdb;
//get the ids passed in the url
$w = get_query_var("gwpw",false);
$i = get_query_var("gwpi",false);
// if either passed var is not an integer, set them to false
if (!filter_var($w, FILTER_VALIDATE_INT, array('min_range' => 1)) || !filter_var($i, FILTER_VALIDATE_INT, array('min_range' => 1)))
{
$w = false;
$i = false;
}
$w_table_name = $wpdb->prefix . 'table1';
$i_table_name = $wpdb->prefix . 'table2';
$wrow = $wpdb->get_row($wpdb->prepare("SELECT * FROM $w_table_name WHERE wid = %d",$w));
$irow = $wpdb->get_row($wpdb->prepare("SELECT * FROM $i_table_name WHERE itemid = %d AND wid = %d",$i,$w));
$i_path = realpath($_SERVER['DOCUMENT_ROOT'] . '/../') . '/' . $wpdb->prefix . 'images/' . $w . '/' . $irow->filename;
if (!$w || !$i || $w == null || $i == null || !file_exists($i_path) || !is_file($i_path))
{
header("HTTP/1.0 404 Not Found");
exit;
}
// get the image details, send them in the header, then send the file and exit
$info = getimagesize($i_path);
$fs = filesize($i_path);
header ("Content-Type: {$info['mime']}
");
header ("Content-Disposition: inline; filename=\"$irow->filename\"
");
header ("Content-Length: $fs
");
readfile($i_path);
exit;
}
?>
And in functions.php for the plugin I have:
add_filter( 'the_content', 'gwp_ec_content_filter' );
add_filter('query_vars', 'gwp_ec_filter_queryvars' );
function gwp_ec_content_filter ($content)
{
if (get_query_var('gwpw',false) && get_query_var('gwpi',false))
{
$content = '';
$content = show_images($content);
}
return $content;
}
function gwp_ec_filter_queryvars( $qvars )
{
$qvars[] = 'gwpw';
$qvars[] = 'gwpi';
return $qvars;
}
This all works perfectly in a browser, I can browse to www.mysite.co.uk/?gwpw=1&gwpi=1 and I'm served the image I should be. I've checked it is not the browser cacheing the image, I am truly being served the image.
However, when I include this as a src attribute for an image tag in an HTML email, Apple Mail on iOS and OSX won't display the image. I can view the source of the email, copy and paste the url for the image out of the message source and into a browser and it works fine.
I'm thinking it must be something wrong with how I'm serving the image in show-image.php, as if I point the src at an image inside the web root directory e.g. www.mysite.co.uk/wp-content/plugins/myplugin/image.jpg, then the email clients display the image fine.
If anyone has any ideas they would be gratefully received!