diff options
Diffstat (limited to '')
-rw-r--r-- | action.php | 48 | ||||
-rw-r--r-- | include/config_default.inc.php | 4 | ||||
-rw-r--r-- | include/functions_plugins.inc.php | 16 |
3 files changed, 51 insertions, 17 deletions
diff --git a/action.php b/action.php index 6b21b0fa1..20559dba1 100644 --- a/action.php +++ b/action.php @@ -82,7 +82,18 @@ if ( empty($element_info) ) do_error(404, 'Requested id not found'); } -// TODO - check permissions +$query=' +SELECT id FROM '.CATEGORIES_TABLE.' + INNER JOIN '.IMAGE_CATEGORY_TABLE.' + ON category_id=id + WHERE image_id='.$id.' + AND category_id NOT IN ('.$user['forbidden_categories'].') + LIMIT 1 +;'; +if ( mysql_num_rows(pwg_query($query))<1 ) +{ + do_error(401, 'Access denied'); +} include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); $file=''; @@ -98,6 +109,10 @@ switch ($_GET['part']) $file = get_image_path($element_info); break; case 'h': + if ( $user['enabled_high']!='true' ) + { + do_error(401, 'Access denied h'); + } $file = get_high_path($element_info); break; } @@ -121,7 +136,28 @@ if (!url_is_remote($file)) { $ctype = mime_content_type($file); } + + $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT'; + $http_headers[] = 'Last-Modified: '.$gmt_mtime; + + // following lines would indicate how the client should handle the cache + /* $max_age=300; + $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT'; + // HTTP/1.1 only + $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/ + + if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) + { + header("HTTP/1.1 304 Not modified "); + header("Status: 304 Not modified"); + foreach ($http_headers as $header) + { + header( $header ); + } + exit(); + } } + if (!isset($ctype)) { // give it a guess $ctype = guess_mime_type( get_extension($file) ); @@ -135,16 +171,16 @@ if (!isset($_GET['view'])) .basename($file).'";'; $http_headers[] = 'Content-Transfer-Encoding: binary'; } -$http_headers[] = 'Pragma: public'; -$http_headers[] = 'Expires: 0'; -$http_headers[] = 'Cache-Control: must-revalidate, post-check=0, pre-check=0'; - +else +{ + $http_headers[] = 'Content-Disposition: inline; filename="' + .basename($file).'";'; +} foreach ($http_headers as $header) { header( $header ); } -header("Cache-Control: private",false); //??? // Looking at the safe_mode configuration for execution time if (ini_get('safe_mode') == 0) diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 56c656451..d43323a4b 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -532,6 +532,6 @@ $conf['email_admin_on_new_user']=false; // stored on user informations //$conf['default_admin_layout']='yoga/dark'; - -$conf['disable_plugins']=false; +// should we load the active plugins ? true=Yes, false=No +$conf['enable_plugins']=true; ?> diff --git a/include/functions_plugins.inc.php b/include/functions_plugins.inc.php index 92adb22e9..3eda2e3f8 100644 --- a/include/functions_plugins.inc.php +++ b/include/functions_plugins.inc.php @@ -243,16 +243,14 @@ function load_plugin($plugin) function load_plugins() { global $conf; - if ($conf['disable_plugins']) + if ($conf['enable_plugins']) { - return; - } - - $plugins = get_db_plugins('active'); - foreach( $plugins as $plugin) - {// include main from a function to avoid using same function context - load_plugin($plugin); + $plugins = get_db_plugins('active'); + foreach( $plugins as $plugin) + {// include main from a function to avoid using same function context + load_plugin($plugin); + } + trigger_action('plugins_loaded'); } - trigger_action('plugins_loaded'); } ?>
\ No newline at end of file |