aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/common.inc.php5
-rw-r--r--include/config_default.inc.php4
-rw-r--r--include/derivative.inc.php8
-rw-r--r--include/functions_html.inc.php21
4 files changed, 34 insertions, 4 deletions
diff --git a/include/common.inc.php b/include/common.inc.php
index 61157fa5a..46d11e4e4 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -266,5 +266,10 @@ add_event_handler('render_comment_content', 'render_comment_content');
add_event_handler('render_comment_author', 'strip_tags');
add_event_handler('render_tag_url', 'str2url');
add_event_handler('blockmanager_register_blocks', 'register_default_menubar_blocks', EVENT_HANDLER_PRIORITY_NEUTRAL-1);
+if ( !empty($conf['original_url_protection']) )
+{
+ add_event_handler('get_element_url', 'get_element_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 );
+ add_event_handler('get_src_image_url', 'get_src_image_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 );
+}
trigger_action('init');
?>
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index aa63f2407..4372e61fe 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -777,4 +777,8 @@ $conf['derivative_default_size'] = 'medium';
//Maximum Ajax requests at once, for thumbnails on-the-fly generation
$conf['max_requests']=3;
+
+// one of '', 'images', 'all'
+//TODO: Put this in admin and also manage .htaccess in #sites and upload folders
+$conf['original_url_protection'] = '';
?> \ No newline at end of file
diff --git a/include/derivative.inc.php b/include/derivative.inc.php
index b8b68ce4e..1625d5860 100644
--- a/include/derivative.inc.php
+++ b/include/derivative.inc.php
@@ -19,7 +19,7 @@
// | USA. |
// +-----------------------------------------------------------------------+
-/*A source image is used to get a derivative image. A source image is either the original file for a jpg or a
+/*A source image is used to get a derivative image. A source image is either the original file for a jpg or a
'representative' image of a non image file or a standard icon for the non-image file.*/
final class SrcImage
{
@@ -78,7 +78,7 @@ final class SrcImage
$width = $infos['height'];
$height = $infos['width'];
}
-
+
$this->size = array($width, $height);
}
elseif (!array_key_exists('width', $infos))
@@ -106,7 +106,7 @@ final class SrcImage
function get_url()
{
$url = get_root_url().$this->rel_path;
- if ($this->flags & self::IS_ORIGINAL)
+ if ( !($this->flags & self::IS_MIMETYPE) )
{
$url = trigger_event('get_src_image_url', $url, $this);
}
@@ -170,7 +170,7 @@ final class DerivativeImage
return self::url(IMG_THUMB, $infos);
}
- /**
+ /**
@return derivative image url
@param type string of standard derivative param type (e.g. IMG_???) or a DerivativeParams object
@param infos assoc array of data from images table or a SrcImage object
diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php
index 11f56d9f4..b29f214ef 100644
--- a/include/functions_html.inc.php
+++ b/include/functions_html.inc.php
@@ -593,4 +593,25 @@ function get_thumbnail_title($info, $title, $comment)
return $title;
}
+/** optional event handler to protect src image urls */
+function get_src_image_url_protection_handler($url, $src_image)
+{
+ return get_action_url($src_image->id, $src_image->is_original() ? 'e' : 'r', false);
+}
+
+/** optional event handler to protect element urls */
+function get_element_url_protection_handler($url, $infos)
+{
+ global $conf;
+ if ('images'==$conf['original_url_protection'])
+ {// protect only images and not other file types (for example large movies that we don't want to send through our file proxy)
+ $ext = get_extension($infos['path']);
+ if (!in_array($ext, $conf['picture_ext']))
+ {
+ return $url;
+ }
+ }
+ return get_action_url($infos['id'], 'e', false);
+}
+
?> \ No newline at end of file