diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2010-01-07 10:55:43 -0800 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2010-01-07 10:55:43 -0800 |
| commit | 58620c5faa777019222f7dd9853b2848f46db2a6 (patch) | |
| tree | c7c59403e1fcb24011b49772512f85a63293e962 | |
| parent | 72793a547e4625b476776ba4941b836b7ac7f80a (diff) | |
Use rawurlencode to remove any encoding that the browser may have added. Fixes ticket #954.
| -rw-r--r-- | modules/gallery/controllers/file_proxy.php | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index f0a38fbe..8a4e759b 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -28,16 +28,17 @@ */ class File_Proxy_Controller extends Controller { public function __call($function, $args) { - // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg - $request_uri = Input::instance()->server("REQUEST_URI"); + // request_uri: gallery3/var/trunk/albums/foo/bar.jpg + $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); + $request_uri = preg_replace("/\?.*/", "", $request_uri); - // var_uri: http://example.com/gallery3/var/ + // var_uri: gallery3/var/ $var_uri = url::file("var/"); // Make sure that the request is for a file inside var - $offset = strpos($request_uri, $var_uri); - if ($offset === false) { + $offset = strpos(rawurldecode($request_uri), $var_uri); + if ($offset !== 0) { throw new Kohana_404_Exception(); } @@ -57,7 +58,9 @@ class File_Proxy_Controller extends Controller { $path = preg_replace("|/.album.jpg$|", "", $path); // We now have the relative path to the item. Search for it in the path cache - $item = ORM::factory("item")->where("relative_path_cache", "=", $path)->find(); + // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to + // insure that the paths are normalized. + $item = ORM::factory("item")->where("relative_path_cache", "=", rawurlencode($path))->find(); if (!$item->loaded()) { // We didn't turn it up. It's possible that the relative_path_cache is out of date here. // There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be @@ -81,14 +84,6 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } - if ($type == "albums") { - $file = $item->file_path(); - } else if ($type == "resizes") { - $file = $item->resize_path(); - } else { - $file = $item->thumb_path(); - } - // Make sure we have access to the item if (!access::can("view", $item)) { throw new Kohana_404_Exception(); @@ -104,11 +99,18 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } + if ($type == "albums") { + $file = $item->file_path(); + } else if ($type == "resizes") { + $file = $item->resize_path(); + } else { + $file = $item->thumb_path(); + } + if (!file_exists($file)) { throw new Kohana_404_Exception(); } - header('Last-Modified: '.gmdate('D, d M Y H:i:s T', $item->updated)); header("Pragma:"); // Check that the content hasn't expired or it wasn't changed since cached expires::check(2592000, $item->updated); |