From c0022dc3c35024ecfc101171bdccfc3b07227ebb Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 1 Oct 2010 21:17:08 -0700
Subject: Fix a bug in the way we set the mime type for protected image
 renders. Also whitelist the digibug controller so that it's accessible when
 the gallery is private, and don't expire old proxies right away since Digibug
 may request the full size multiple times for different preview operations.

Fixes ticket #1410.
---
 modules/digibug/controllers/digibug.php | 7 +------
 modules/gallery/helpers/gallery.php     | 8 ++++++++
 2 files changed, 9 insertions(+), 6 deletions(-)

(limited to 'modules')

diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php
index 3c2bb115..88d1ace0 100644
--- a/modules/digibug/controllers/digibug.php
+++ b/modules/digibug/controllers/digibug.php
@@ -95,16 +95,11 @@ class Digibug_Controller extends Controller {
 
     if (!TEST_MODE) {
       // Dump out the image
-      header("Content-Type: $proxy->item->mime_type");
+      header("Content-Type: {$proxy->item->mime_type}");
       Kohana::close_buffers(false);
       $fd = fopen($file, "rb");
       fpassthru($fd);
       fclose($fd);
-
-      // If the request was for the image and not the thumb, then delete the proxy.
-      if ($type == "full") {
-        $proxy->delete();
-      }
     }
 
     $this->_clean_expired();
diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php
index 3cf0eacd..d7d3d9ad 100644
--- a/modules/gallery/helpers/gallery.php
+++ b/modules/gallery/helpers/gallery.php
@@ -25,6 +25,10 @@ class gallery_Core {
    * down for maintenance" page.
    */
   static function maintenance_mode() {
+    // @todo: we need a mechanism here to identify controllers that are still legally accessible
+    // when the entire Gallery is in maintenance mode.  Perhaps a controller class function or
+    // method?
+    // https://sourceforge.net/apps/trac/gallery/ticket/1411
     if (Router::$controller != "login" &&
         Router::$controller != "combined" &&
         module::get_var("gallery", "maintenance_mode", 0) &&
@@ -41,8 +45,12 @@ class gallery_Core {
    * the login page.
    */
   static function private_gallery() {
+    // @todo: we need a mechanism here to identify controllers that are still legally accessible
+    // when the entire Gallery is private.  Perhaps a controller class function or method?
+    // https://sourceforge.net/apps/trac/gallery/ticket/1411
     if (Router::$controller != "login" &&
         Router::$controller != "combined" &&
+        Router::$controller != "digibug" &&
         identity::active_user()->guest &&
         !access::user_can(identity::guest(), "view", item::root()) &&
         php_sapi_name() != "cli") {
-- 
cgit v1.2.3