diff options
Diffstat (limited to 'inc/media.php')
| -rw-r--r-- | inc/media.php | 46 |
1 files changed, 28 insertions, 18 deletions
diff --git a/inc/media.php b/inc/media.php index e29a47631..a9f6be771 100644 --- a/inc/media.php +++ b/inc/media.php @@ -83,6 +83,18 @@ function media_metasave($id,$auth,$data){ } /** + * check if a media is external source + * + * @author Gerrit Uitslag <klapinklapin@gmail.com> + * @param string $id the media ID or URL + * @return bool + */ +function media_isexternal($id){ + if (preg_match('#^(https?|ftp)://#i', $id)) return true; + return false; +} + +/** * Check if a media item is public (eg, external URL or readable by @ALL) * * @author Andreas Gohr <andi@splitbrain.org> @@ -90,7 +102,7 @@ function media_metasave($id,$auth,$data){ * @return bool */ function media_ispublic($id){ - if(preg_match('/^https?:\/\//i',$id)) return true; + if(media_isexternal($id)) return true; $id = cleanID($id); if(auth_aclcheck(getNS($id).':*', '', array()) >= AUTH_READ) return true; return false; @@ -166,7 +178,7 @@ function media_inuse($id) { global $conf; $mediareferences = array(); if($conf['refcheck']){ - $mediareferences = ft_mediause($id,$conf['refshow']); + $mediareferences = ft_mediause($id,true); if(!count($mediareferences)) { return false; } else { @@ -574,7 +586,10 @@ function media_filelist($ns,$auth=null,$jump='',$fullscreenview=false,$sort=fals // FIXME: print permission warning here instead? echo '<div class="nothing">'.$lang['nothingfound'].'</div>'.NL; }else{ - if (!$fullscreenview) media_uploadform($ns, $auth); + if (!$fullscreenview) { + media_uploadform($ns, $auth); + media_searchform($ns); + } $dir = utf8_encodeFN(str_replace(':','/',$ns)); $data = array(); @@ -597,7 +612,6 @@ function media_filelist($ns,$auth=null,$jump='',$fullscreenview=false,$sort=fals if ($fullscreenview) echo '</ul>'.NL; } } - if (!$fullscreenview) media_searchform($ns); } /** @@ -1282,7 +1296,7 @@ function media_restore($image, $rev, $auth){ * @author Kate Arzamastseva <pshns@ukr.net> * @triggers MEDIA_SEARCH */ -function media_searchlist($query,$ns,$auth=null,$fullscreen=false,$sort=''){ +function media_searchlist($query,$ns,$auth=null,$fullscreen=false,$sort='natural'){ global $conf; global $lang; @@ -1302,15 +1316,10 @@ function media_searchlist($query,$ns,$auth=null,$fullscreen=false,$sort=''){ $conf['mediadir'], 'search_media', array('showmsg'=>false,'pattern'=>$pattern), - $dir); + $dir, + 1, + $sort); } - - $data = array(); - foreach ($evdata['data'] as $k => $v) { - $data[$k] = ($sort == 'date') ? $v['mtime'] : $v['id']; - } - array_multisort($data, SORT_DESC, SORT_NUMERIC, $evdata['data']); - $evt->advise_after(); unset($evt); } @@ -1879,20 +1888,21 @@ function media_crop_image($file, $ext, $w, $h=0){ * cropped images have been internally generated - and prevent external * DDOS attacks via fetch * + * @author Christopher Smith <chris@jalakai.co.uk> + * * @param string $id id of the image * @param int $w resize/crop width * @param int $h resize/crop height - * - * @author Christopher Smith <chris@jalakai.co.uk> + * @return string */ function media_get_token($id,$w,$h){ // token is only required for modified images - if ($w || $h) { - $token = auth_cookiesalt().$id; + if ($w || $h || media_isexternal($id)) { + $token = $id; if ($w) $token .= '.'.$w; if ($h) $token .= '.'.$h; - return substr(md5($token),0,6); + return substr(PassHash::hmac('md5', $token, auth_cookiesalt()),0,6); } return ''; |