aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--action.php73
-rw-r--r--picture.php10
-rw-r--r--template/yoga/picture.tpl4
3 files changed, 83 insertions, 4 deletions
diff --git a/action.php b/action.php
new file mode 100644
index 000000000..7dc351d58
--- /dev/null
+++ b/action.php
@@ -0,0 +1,73 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch : BSF (Best So Far)
+// | file : $RCSfile$
+// | last update : $Date$
+// | last modifier : $Author$
+// | revision : $Revision$
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU General Public License as published by |
+// | the Free Software Foundation |
+// | |
+// | This program is distributed in the hope that it will be useful, but |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
+// | General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA. |
+// +-----------------------------------------------------------------------+
+
+function force_download ($filename)
+{
+//TODO : messages in "lang"
+ $filename = realpath($filename);
+
+ $file_extension = strtolower(substr(strrchr($filename,"."),1));
+
+ switch ($file_extension) {
+ case "jpe": case "jpeg":
+ case "jpg": $ctype="image/jpg"; break;
+ case "png": $ctype="image/png"; break;
+ case "gif": $ctype="image/gif"; break;
+ case "pdf": $ctype="application/pdf"; break;
+ case "zip": $ctype="application/zip"; break;
+ case "php":
+ // never allow download of php scripts to protect our conf files
+ die('Hacking attempt!'); break;
+ default: $ctype="application/octet-stream";
+ }
+
+ if (!file_exists($filename)) {
+ die("NO FILE HERE");
+ }
+
+ header("Pragma: public");
+ header("Expires: 0");
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
+ header("Cache-Control: private",false);
+ header("Content-Type: $ctype");
+ header("Content-Disposition: attachment; filename=\""
+ .basename($filename)."\";");
+ header("Content-Transfer-Encoding: binary");
+ header("Content-Length: ".@filesize($filename));
+ set_time_limit(0);
+ @readfile("$filename") or die("File not found.");
+}
+
+//--------------------------------------------------------- download big picture
+if ( isset( $_GET['dwn'] ) )
+{
+//TODO : verify the path begins with './gallerie' and doesn't contains any '..'
+// in order to avoid hacking atempts
+ force_download($_GET['dwn']);
+}
+
+?>
diff --git a/picture.php b/picture.php
index 4cdafcf69..81e781ff0 100644
--- a/picture.php
+++ b/picture.php
@@ -560,9 +560,15 @@ if (isset($picture['current']['high']))
$template->assign_block_vars('high', array(
'U_HIGH' => $picture['current']['high'],
'UUID'=>$uuid,
- 'WIDTH_IMG'=>($full_width + 16),
- 'HEIGHT_IMG'=>($full_height + 16)
+ 'WIDTH_IMG'=>($full_width + 40),
+ 'HEIGHT_IMG'=>($full_height + 40)
));
+ $template->assign_block_vars(
+ 'download',
+ array('U_DOWNLOAD' => PHPWG_ROOT_PATH.'action.php?dwn='
+ .$picture['current']['high']
+ )
+ );
}
// button to set the current picture as representative
if ('admin' == $user['status'] and is_numeric($page['cat']))
diff --git a/template/yoga/picture.tpl b/template/yoga/picture.tpl
index 6932eb1f6..d28632ca0 100644
--- a/template/yoga/picture.tpl
+++ b/template/yoga/picture.tpl
@@ -20,7 +20,7 @@
<a href="{representative.URL}" title="{lang:set as category representative}"><img src="{themeconf:icon_dir}/representative.png" class="button" alt="{lang:representative}" /></a>
<!-- END representative -->
<!-- BEGIN favorite -->
- <a href="{favorite.U_FAVORITE}" title="{favorite.FAVORITE_HINT}"><img src="{favorite.FAVORITE_IMG}" alt="{favorite.FAVORITE_ALT}"></a>
+ <a href="{favorite.U_FAVORITE}" title="{favorite.FAVORITE_HINT}"><img src="{favorite.FAVORITE_IMG}" class="button" alt="{favorite.FAVORITE_ALT}"></a>
<!-- END favorite -->
<!-- BEGIN download -->
<a href="{download.U_DOWNLOAD}" title="{L_DOWNLOAD}"><img src="{themeconf:icon_dir}/save.png" class="button" alt="{L_DOWNLOAD}"></a>
@@ -47,7 +47,7 @@
<div id="theImage">
<!-- BEGIN high -->
-<a href="javascript:phpWGOpenWindow('{high.U_HIGH}','{high.UUID}','scrollbars=yes,toolbar=yes,status=yes,resizable=yes,width={high.WIDTH_IMG},height={high.HEIGHT_IMG}')">
+<a href="javascript:phpWGOpenWindow('{high.U_HIGH}','{high.UUID}','scrollbars=yes,toolbar=no,status=no,resizable=yes,width={high.WIDTH_IMG},height={high.HEIGHT_IMG}')">
<!-- END high -->
<img src="{SRC_IMG}" style="width:{WIDTH_IMG}px;height:{HEIGHT_IMG}px;" alt="{ALT_IMG}">
<!-- BEGIN high -->