diff options
| author | Christopher Smith <chris@jalakai.co.uk> | 2013-05-06 01:06:16 +0100 |
|---|---|---|
| committer | Christopher Smith <chris@jalakai.co.uk> | 2013-05-06 01:06:16 +0100 |
| commit | 5e7db1e21093dbb999f1d1cee487a791af3650eb (patch) | |
| tree | 3ee5f880a048bd6b325a114c86730fd348ee56b0 | |
| parent | a3d0aa224c509ed311955813d6eb459d1dc141c8 (diff) | |
| download | rpg-5e7db1e21093dbb999f1d1cee487a791af3650eb.tar.gz rpg-5e7db1e21093dbb999f1d1cee487a791af3650eb.tar.bz2 | |
ensure security token is included in media url when resize parameter is passed in string form, e.g. 'w=80'
| -rw-r--r-- | inc/common.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/inc/common.php b/inc/common.php index 110350951..4d939ac77 100644 --- a/inc/common.php +++ b/inc/common.php @@ -447,6 +447,14 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) if(isset($more['id']) && $direct) unset($more['id']); $more = buildURLparams($more, $sep); } else { + $matches = array(); + if (preg_match_all('/\b(w|h)=(\d*)\b/',$more,$matches,PREG_SET_ORDER)){ + $resize = array('w'=>0, 'h'=>0); + foreach ($matches as $match){ + $resize[$match[1]] = $match[2]; + } + $more .= $sep.'tok='.media_get_token($id,$resize['w'],$resize['h']); + } $more = str_replace('cache=cache', '', $more); //skip default $more = str_replace(',,', ',', $more); $more = str_replace(',', $sep, $more); |