diff options
| author | Klap-in <klapinklapin@gmail.com> | 2013-05-21 21:40:37 +0200 |
|---|---|---|
| committer | Klap-in <klapinklapin@gmail.com> | 2013-05-21 21:40:37 +0200 |
| commit | d572baf83c5a6d61a7f97aa4d115eba76c5f106c (patch) | |
| tree | b818295227c28300119817091aace83beec1fd0e | |
| parent | ba9015b07d229ba195e7a9a3f23c3b038374c88c (diff) | |
| download | rpg-d572baf83c5a6d61a7f97aa4d115eba76c5f106c.tar.gz rpg-d572baf83c5a6d61a7f97aa4d115eba76c5f106c.tar.bz2 | |
Add check for token when resizing and caching external images
| -rw-r--r-- | inc/fetch.functions.php | 4 | ||||
| -rw-r--r-- | lib/exe/fetch.php | 1 |
2 files changed, 5 insertions, 0 deletions
diff --git a/inc/fetch.functions.php b/inc/fetch.functions.php index 5801e96fa..59a76a798 100644 --- a/inc/fetch.functions.php +++ b/inc/fetch.functions.php @@ -108,6 +108,10 @@ function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) { //download failed - redirect to original URL return array(302, $media); } + // check token for resized and cached images + if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) { + return array(412, 'Precondition Failed'); + } } else { $media = cleanID($media); if(empty($media)) { diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 7a2250373..5967494bf 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -60,6 +60,7 @@ if (defined('SIMPLE_TEST')) { if($evt->advise_before()) { // redirects if($data['status'] > 300 && $data['status'] <= 304) { + if (defined('SIMPLE_TEST')) return; //TestResponse doesn't recognize redirects send_redirect($data['statusmessage']); } // send any non 200 status |