diff options
-rw-r--r-- | include/common.inc.php | 5 | ||||
-rw-r--r-- | include/config_default.inc.php | 4 | ||||
-rw-r--r-- | include/derivative.inc.php | 8 | ||||
-rw-r--r-- | include/functions_html.inc.php | 21 |
4 files changed, 34 insertions, 4 deletions
diff --git a/include/common.inc.php b/include/common.inc.php index 61157fa5a..46d11e4e4 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -266,5 +266,10 @@ add_event_handler('render_comment_content', 'render_comment_content'); add_event_handler('render_comment_author', 'strip_tags'); add_event_handler('render_tag_url', 'str2url'); add_event_handler('blockmanager_register_blocks', 'register_default_menubar_blocks', EVENT_HANDLER_PRIORITY_NEUTRAL-1); +if ( !empty($conf['original_url_protection']) ) +{ + add_event_handler('get_element_url', 'get_element_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 ); + add_event_handler('get_src_image_url', 'get_src_image_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 ); +} trigger_action('init'); ?> diff --git a/include/config_default.inc.php b/include/config_default.inc.php index aa63f2407..4372e61fe 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -777,4 +777,8 @@ $conf['derivative_default_size'] = 'medium'; //Maximum Ajax requests at once, for thumbnails on-the-fly generation $conf['max_requests']=3; + +// one of '', 'images', 'all' +//TODO: Put this in admin and also manage .htaccess in #sites and upload folders +$conf['original_url_protection'] = ''; ?>
\ No newline at end of file diff --git a/include/derivative.inc.php b/include/derivative.inc.php index b8b68ce4e..1625d5860 100644 --- a/include/derivative.inc.php +++ b/include/derivative.inc.php @@ -19,7 +19,7 @@ // | USA. | // +-----------------------------------------------------------------------+ -/*A source image is used to get a derivative image. A source image is either the original file for a jpg or a +/*A source image is used to get a derivative image. A source image is either the original file for a jpg or a 'representative' image of a non image file or a standard icon for the non-image file.*/ final class SrcImage { @@ -78,7 +78,7 @@ final class SrcImage $width = $infos['height']; $height = $infos['width']; } - + $this->size = array($width, $height); } elseif (!array_key_exists('width', $infos)) @@ -106,7 +106,7 @@ final class SrcImage function get_url() { $url = get_root_url().$this->rel_path; - if ($this->flags & self::IS_ORIGINAL) + if ( !($this->flags & self::IS_MIMETYPE) ) { $url = trigger_event('get_src_image_url', $url, $this); } @@ -170,7 +170,7 @@ final class DerivativeImage return self::url(IMG_THUMB, $infos); } - /** + /** @return derivative image url @param type string of standard derivative param type (e.g. IMG_???) or a DerivativeParams object @param infos assoc array of data from images table or a SrcImage object diff --git a/include/functions_html.inc.php b/include/functions_html.inc.php index 11f56d9f4..b29f214ef 100644 --- a/include/functions_html.inc.php +++ b/include/functions_html.inc.php @@ -593,4 +593,25 @@ function get_thumbnail_title($info, $title, $comment) return $title; } +/** optional event handler to protect src image urls */ +function get_src_image_url_protection_handler($url, $src_image) +{ + return get_action_url($src_image->id, $src_image->is_original() ? 'e' : 'r', false); +} + +/** optional event handler to protect element urls */ +function get_element_url_protection_handler($url, $infos) +{ + global $conf; + if ('images'==$conf['original_url_protection']) + {// protect only images and not other file types (for example large movies that we don't want to send through our file proxy) + $ext = get_extension($infos['path']); + if (!in_array($ext, $conf['picture_ext'])) + { + return $url; + } + } + return get_action_url($infos['id'], 'e', false); +} + ?>
\ No newline at end of file |