diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-05-05 22:12:44 -0700 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-05-05 22:12:44 -0700 |
| commit | 7f67286ec2971362255bdb59dd7d473dc5fd2ea0 (patch) | |
| tree | 3ee5f880a048bd6b325a114c86730fd348ee56b0 | |
| parent | b1720e5c647585ac14f86e6080b54c932cac9bee (diff) | |
| parent | 5e7db1e21093dbb999f1d1cee487a791af3650eb (diff) | |
| download | rpg-7f67286ec2971362255bdb59dd7d473dc5fd2ea0.tar.gz rpg-7f67286ec2971362255bdb59dd7d473dc5fd2ea0.tar.bz2 | |
Merge pull request #218 from splitbrain/FS#2767
FS#2767, fix for missing security token
| -rw-r--r-- | _test/tests/inc/common_ml.test.php | 77 | ||||
| -rw-r--r-- | inc/common.php | 8 |
2 files changed, 85 insertions, 0 deletions
diff --git a/_test/tests/inc/common_ml.test.php b/_test/tests/inc/common_ml.test.php new file mode 100644 index 000000000..ac4158540 --- /dev/null +++ b/_test/tests/inc/common_ml.test.php @@ -0,0 +1,77 @@ +<?php + +class common_wl_test extends DokuWikiTest { + + private $script = 'lib/exe/fetch.php'; + + function test_ml_empty() { + global $conf; + $conf['useslash'] = 0; + $conf['userewrite'] = 0; + $conf['start'] = 'start'; + + $this->assertEquals(DOKU_BASE . $this->script . '?media=' , ml()); + } + + function test_ml_args_array() { + global $conf; + $conf['useslash'] = 0; + $conf['userewrite'] = 0; + + $args = array('a' => 'b', 'c' => 'd', 'q' => '&ä'); + + $expect = DOKU_BASE . $this->script . '?a=b&c=d&q=%26%C3%A4&media=some:'; + $this->assertEquals($expect, ml('some:', $args)); + } + + function test_ml_args_string() { + global $conf; + $conf['useslash'] = 0; + $conf['userewrite'] = 0; + + $args = 'a=b&c=d'; + + $expect = DOKU_BASE . $this->script . '?a=b&c=d&media=some:'; + $this->assertEquals($expect, ml('some:', $args)); + } + + function test_ml_args_comma_string() { + global $conf; + $conf['useslash'] = 0; + $conf['userewrite'] = 0; + + $args = 'a=b,c=d'; + + $expect = DOKU_BASE . $this->script . '?a=b&c=d&media=some:'; + $this->assertEquals($expect, ml('some:', $args)); + } + + + function test_ml_imgresize_array() { + global $conf; + $conf['useslash'] = 0; + $conf['userewrite'] = 0; + + $id = 'some:'; + $w = 80; + $args = array('w' => $w); + $tok = media_get_token($id,$w,0); + + $expect = DOKU_BASE . $this->script . '?w='.$w.'&tok='.$tok.'&media='.$id; + $this->assertEquals($expect, ml($id, $args)); + } + + function test_ml_imgresize_string() { + global $conf; + $conf['useslash'] = 0; + $conf['userewrite'] = 0; + + $id = 'some:'; + $w = 80; + $args = 'w='.$w; + $tok = media_get_token($id,$w,0); + + $expect = DOKU_BASE . $this->script . '?w='.$w.'&tok='.$tok.'&media='.$id; + $this->assertEquals($expect, ml($id, $args)); + } +}
\ No newline at end of file diff --git a/inc/common.php b/inc/common.php index 110350951..4d939ac77 100644 --- a/inc/common.php +++ b/inc/common.php @@ -447,6 +447,14 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) if(isset($more['id']) && $direct) unset($more['id']); $more = buildURLparams($more, $sep); } else { + $matches = array(); + if (preg_match_all('/\b(w|h)=(\d*)\b/',$more,$matches,PREG_SET_ORDER)){ + $resize = array('w'=>0, 'h'=>0); + foreach ($matches as $match){ + $resize[$match[1]] = $match[2]; + } + $more .= $sep.'tok='.media_get_token($id,$resize['w'],$resize['h']); + } $more = str_replace('cache=cache', '', $more); //skip default $more = str_replace(',,', ',', $more); $more = str_replace(',', $sep, $more); |