diff options
-rw-r--r-- | action.php | 73 | ||||
-rw-r--r-- | picture.php | 10 | ||||
-rw-r--r-- | template/yoga/picture.tpl | 4 |
3 files changed, 83 insertions, 4 deletions
diff --git a/action.php b/action.php new file mode 100644 index 000000000..7dc351d58 --- /dev/null +++ b/action.php @@ -0,0 +1,73 @@ +<?php +// +-----------------------------------------------------------------------+ +// | PhpWebGallery - a PHP based picture gallery | +// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | +// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net | +// +-----------------------------------------------------------------------+ +// | branch : BSF (Best So Far) +// | file : $RCSfile$ +// | last update : $Date$ +// | last modifier : $Author$ +// | revision : $Revision$ +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +function force_download ($filename) +{ +//TODO : messages in "lang" + $filename = realpath($filename); + + $file_extension = strtolower(substr(strrchr($filename,"."),1)); + + switch ($file_extension) { + case "jpe": case "jpeg": + case "jpg": $ctype="image/jpg"; break; + case "png": $ctype="image/png"; break; + case "gif": $ctype="image/gif"; break; + case "pdf": $ctype="application/pdf"; break; + case "zip": $ctype="application/zip"; break; + case "php": + // never allow download of php scripts to protect our conf files + die('Hacking attempt!'); break; + default: $ctype="application/octet-stream"; + } + + if (!file_exists($filename)) { + die("NO FILE HERE"); + } + + header("Pragma: public"); + header("Expires: 0"); + header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); + header("Cache-Control: private",false); + header("Content-Type: $ctype"); + header("Content-Disposition: attachment; filename=\"" + .basename($filename)."\";"); + header("Content-Transfer-Encoding: binary"); + header("Content-Length: ".@filesize($filename)); + set_time_limit(0); + @readfile("$filename") or die("File not found."); +} + +//--------------------------------------------------------- download big picture +if ( isset( $_GET['dwn'] ) ) +{ +//TODO : verify the path begins with './gallerie' and doesn't contains any '..' +// in order to avoid hacking atempts + force_download($_GET['dwn']); +} + +?> diff --git a/picture.php b/picture.php index 4cdafcf69..81e781ff0 100644 --- a/picture.php +++ b/picture.php @@ -560,9 +560,15 @@ if (isset($picture['current']['high'])) $template->assign_block_vars('high', array( 'U_HIGH' => $picture['current']['high'], 'UUID'=>$uuid, - 'WIDTH_IMG'=>($full_width + 16), - 'HEIGHT_IMG'=>($full_height + 16) + 'WIDTH_IMG'=>($full_width + 40), + 'HEIGHT_IMG'=>($full_height + 40) )); + $template->assign_block_vars( + 'download', + array('U_DOWNLOAD' => PHPWG_ROOT_PATH.'action.php?dwn=' + .$picture['current']['high'] + ) + ); } // button to set the current picture as representative if ('admin' == $user['status'] and is_numeric($page['cat'])) diff --git a/template/yoga/picture.tpl b/template/yoga/picture.tpl index 6932eb1f6..d28632ca0 100644 --- a/template/yoga/picture.tpl +++ b/template/yoga/picture.tpl @@ -20,7 +20,7 @@ <a href="{representative.URL}" title="{lang:set as category representative}"><img src="{themeconf:icon_dir}/representative.png" class="button" alt="{lang:representative}" /></a> <!-- END representative --> <!-- BEGIN favorite --> - <a href="{favorite.U_FAVORITE}" title="{favorite.FAVORITE_HINT}"><img src="{favorite.FAVORITE_IMG}" alt="{favorite.FAVORITE_ALT}"></a> + <a href="{favorite.U_FAVORITE}" title="{favorite.FAVORITE_HINT}"><img src="{favorite.FAVORITE_IMG}" class="button" alt="{favorite.FAVORITE_ALT}"></a> <!-- END favorite --> <!-- BEGIN download --> <a href="{download.U_DOWNLOAD}" title="{L_DOWNLOAD}"><img src="{themeconf:icon_dir}/save.png" class="button" alt="{L_DOWNLOAD}"></a> @@ -47,7 +47,7 @@ <div id="theImage"> <!-- BEGIN high --> -<a href="javascript:phpWGOpenWindow('{high.U_HIGH}','{high.UUID}','scrollbars=yes,toolbar=yes,status=yes,resizable=yes,width={high.WIDTH_IMG},height={high.HEIGHT_IMG}')"> +<a href="javascript:phpWGOpenWindow('{high.U_HIGH}','{high.UUID}','scrollbars=yes,toolbar=no,status=no,resizable=yes,width={high.WIDTH_IMG},height={high.HEIGHT_IMG}')"> <!-- END high --> <img src="{SRC_IMG}" style="width:{WIDTH_IMG}px;height:{HEIGHT_IMG}px;" alt="{ALT_IMG}"> <!-- BEGIN high --> |