diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-10-01 21:17:08 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-10-01 21:45:45 -0700 |
| commit | c0022dc3c35024ecfc101171bdccfc3b07227ebb (patch) | |
| tree | 0907c000b35d7c2088d8e9669879f3eab4bdf96f | |
| parent | 86981c5afb980f744103af8b2e9a229e745d98fb (diff) | |
Fix a bug in the way we set the mime type for protected image renders.
Also whitelist the digibug controller so that it's accessible when the
gallery is private, and don't expire old proxies right away since
Digibug may request the full size multiple times for different preview
operations.
Fixes ticket #1410.
| -rw-r--r-- | modules/digibug/controllers/digibug.php | 7 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery.php | 8 |
2 files changed, 9 insertions, 6 deletions
diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 3c2bb115..88d1ace0 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -95,16 +95,11 @@ class Digibug_Controller extends Controller { if (!TEST_MODE) { // Dump out the image - header("Content-Type: $proxy->item->mime_type"); + header("Content-Type: {$proxy->item->mime_type}"); Kohana::close_buffers(false); $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); - - // If the request was for the image and not the thumb, then delete the proxy. - if ($type == "full") { - $proxy->delete(); - } } $this->_clean_expired(); diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 3cf0eacd..d7d3d9ad 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -25,6 +25,10 @@ class gallery_Core { * down for maintenance" page. */ static function maintenance_mode() { + // @todo: we need a mechanism here to identify controllers that are still legally accessible + // when the entire Gallery is in maintenance mode. Perhaps a controller class function or + // method? + // https://sourceforge.net/apps/trac/gallery/ticket/1411 if (Router::$controller != "login" && Router::$controller != "combined" && module::get_var("gallery", "maintenance_mode", 0) && @@ -41,8 +45,12 @@ class gallery_Core { * the login page. */ static function private_gallery() { + // @todo: we need a mechanism here to identify controllers that are still legally accessible + // when the entire Gallery is private. Perhaps a controller class function or method? + // https://sourceforge.net/apps/trac/gallery/ticket/1411 if (Router::$controller != "login" && Router::$controller != "combined" && + Router::$controller != "digibug" && identity::active_user()->guest && !access::user_can(identity::guest(), "view", item::root()) && php_sapi_name() != "cli") { |