diff options
| author | Klap-in <klapinklapin@gmail.com> | 2013-05-21 21:40:37 +0200 |
|---|---|---|
| committer | Klap-in <klapinklapin@gmail.com> | 2013-05-21 21:40:37 +0200 |
| commit | d572baf83c5a6d61a7f97aa4d115eba76c5f106c (patch) | |
| tree | b818295227c28300119817091aace83beec1fd0e /inc | |
| parent | ba9015b07d229ba195e7a9a3f23c3b038374c88c (diff) | |
| download | rpg-d572baf83c5a6d61a7f97aa4d115eba76c5f106c.tar.gz rpg-d572baf83c5a6d61a7f97aa4d115eba76c5f106c.tar.bz2 | |
Add check for token when resizing and caching external images
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/fetch.functions.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/inc/fetch.functions.php b/inc/fetch.functions.php index 5801e96fa..59a76a798 100644 --- a/inc/fetch.functions.php +++ b/inc/fetch.functions.php @@ -108,6 +108,10 @@ function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) { //download failed - redirect to original URL return array(302, $media); } + // check token for resized and cached images + if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) { + return array(412, 'Precondition Failed'); + } } else { $media = cleanID($media); if(empty($media)) { |