feature 2831: simple way to protect urls of originals

git-svn-id: http://piwigo.org/svn/trunk@20516 68402e56-0260-453c-a942-63ccdbb3a9ee

4 files changed, 34 insertions, 4 deletions

diff --git a/include/common.inc.php b/include/common.inc.php
index 61157fa5a..46d11e4e4 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -266,5 +266,10 @@ add_event_handler('render_comment_content', 'render_comment_content');
 add_event_handler('render_comment_author', 'strip_tags');
 add_event_handler('render_tag_url', 'str2url');
 add_event_handler('blockmanager_register_blocks', 'register_default_menubar_blocks', EVENT_HANDLER_PRIORITY_NEUTRAL-1);
+if ( !empty($conf['original_url_protection']) )
+{
+  add_event_handler('get_element_url', 'get_element_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 );
+  add_event_handler('get_src_image_url', 'get_src_image_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 );
+}
 trigger_action('init');
 ?>
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index aa63f2407..4372e61fe 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -777,4 +777,8 @@ $conf['derivative_default_size'] = 'medium';
 
 //Maximum Ajax requests at once, for thumbnails on-the-fly generation
 $conf['max_requests']=3;
+
+// one of '', 'images', 'all'
+//TODO: Put this in admin and also manage .htaccess in #sites and upload folders
+$conf['original_url_protection'] = '';
 ?>
\ No newline at end of file
diff --git a/include/derivative.inc.php b/include/derivative.inc.php
index b8b68ce4e..1625d5860 100644
--- a/include/derivative.inc.php
+++ b/include/derivative.inc.php
@@ -19,7 +19,7 @@
 // | USA.                                                                  |
 // +-----------------------------------------------------------------------+
 
-/*A source image is used to get a derivative image. A source image is either the original file for a jpg or a 
+/*A source image is used to get a derivative image. A source image is either the original file for a jpg or a
 'representative' image of a non image file or a standard icon for the non-image file.*/
 final class SrcImage
 {
@@ -78,7 +78,7 @@ final class SrcImage
           $width = $infos['height'];
           $height = $infos['width'];
         }
-        
+
         $this->size = array($width, $height);
       }
       elseif (!array_key_exists('width', $infos))
@@ -106,7 +106,7 @@ final class SrcImage
   function get_url()
   {
     $url = get_root_url().$this->rel_path;
-    if ($this->flags & self::IS_ORIGINAL)
+    if ( !($this->flags & self::IS_MIMETYPE) )
     {
       $url = trigger_event('get_src_image_url', $url, $this);
     }
@@ -170,7 +170,7 @@ final class DerivativeImage
     return self::url(IMG_THUMB, $infos);
   }
 
-  /** 
+  /**
   @return derivative image url
   @param type string of standard derivative param type (e.g. IMG_???) or a DerivativeParams object
   @param infos assoc array of data from images table or a SrcImage object
diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php
index 11f56d9f4..b29f214ef 100644
--- a/include/functions_html.inc.php
+++ b/include/functions_html.inc.php
@@ -593,4 +593,25 @@ function get_thumbnail_title($info, $title, $comment)
   return $title;
 }
 
+/** optional event handler to protect src image urls */
+function get_src_image_url_protection_handler($url, $src_image)
+{
+  return get_action_url($src_image->id, $src_image->is_original() ? 'e' : 'r', false);
+}
+
+/** optional event handler to protect element urls */
+function get_element_url_protection_handler($url, $infos)
+{
+  global $conf;
+  if ('images'==$conf['original_url_protection'])
+  {// protect only images and not other file types (for example large movies that we don't want to send through our file proxy)
+    $ext = get_extension($infos['path']);
+    if (!in_array($ext, $conf['picture_ext']))
+    {
+      return $url;
+    }
+  }
+  return get_action_url($infos['id'], 'e', false);
+}
+
 ?>
\ No newline at end of file