diff options
| -rw-r--r-- | inc/fetch.functions.php | 4 | ||||
| -rw-r--r-- | lib/exe/fetch.php | 1 |
2 files changed, 5 insertions, 0 deletions
diff --git a/inc/fetch.functions.php b/inc/fetch.functions.php index 5801e96fa..59a76a798 100644 --- a/inc/fetch.functions.php +++ b/inc/fetch.functions.php @@ -108,6 +108,10 @@ function checkFileStatus(&$media, &$file, $rev = '', $width=0, $height=0) { //download failed - redirect to original URL return array(302, $media); } + // check token for resized and cached images + if (($width || $height) && media_get_token($media, $width, $height) !== $INPUT->str('tok')) { + return array(412, 'Precondition Failed'); + } } else { $media = cleanID($media); if(empty($media)) { diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 7a2250373..5967494bf 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -60,6 +60,7 @@ if (defined('SIMPLE_TEST')) { if($evt->advise_before()) { // redirects if($data['status'] > 300 && $data['status'] <= 304) { + if (defined('SIMPLE_TEST')) return; //TestResponse doesn't recognize redirects send_redirect($data['statusmessage']); } // send any non 200 status |