diff options
Diffstat (limited to 'lib/exe')
| -rw-r--r-- | lib/exe/fetch.php | 10 | ||||
| -rw-r--r-- | lib/exe/mediamanager.php | 16 |
2 files changed, 18 insertions, 8 deletions
diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 3ad4f1937..143d40f22 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -20,6 +20,10 @@ $CACHE = calc_cache($_REQUEST['cache']); $WIDTH = (int) $_REQUEST['w']; $HEIGHT = (int) $_REQUEST['h']; + $REV = (int) @$_REQUEST['rev']; + //sanitize revision + $REV = preg_replace('/[^0-9]/','',$REV); + list($EXT,$MIME,$DL) = mimetype($MEDIA,false); if($EXT === false){ $EXT = 'unknown'; @@ -28,7 +32,7 @@ } // check for permissions, preconditions and cache external files - list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE); + list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE, $REV); // prepare data for plugin events $data = array('media' => $MEDIA, @@ -147,7 +151,7 @@ function sendFile($file,$mime,$dl,$cache){ * @param $file reference to the file variable * @returns array(STATUS, STATUSMESSAGE) */ -function checkFileStatus(&$media, &$file) { +function checkFileStatus(&$media, &$file, $rev='') { global $MIME, $EXT, $CACHE; //media to local file @@ -172,7 +176,7 @@ function checkFileStatus(&$media, &$file) { if(auth_quickaclcheck(getNS($media).':X') < AUTH_READ){ return array( 403, 'Forbidden' ); } - $file = mediaFN($media); + $file = mediaFN($media, $rev); } //check file existance diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index 02fde5a8d..24dd5f911 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -35,7 +35,7 @@ $AUTH = auth_quickaclcheck("$NS:*"); // do not display the manager if user does not have read access - if($AUTH < AUTH_READ) { + if($AUTH < AUTH_READ && !$fullscreen) { header('HTTP/1.0 403 Forbidden'); die($lang['accessdenied']); } @@ -76,7 +76,11 @@ } // handle meta saving - if($IMG && $_REQUEST['do']['save']){ + if($IMG && @array_key_exists('save', $_REQUEST['do'])){ + $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']); + } + + if($IMG && @array_key_exists('save', $_REQUEST['mediado'])){ $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']); } @@ -102,9 +106,11 @@ msg(sprintf($lang['deletefail'],noNS($DEL)),-1); } } - // finished - start output - header('Content-Type: text/html; charset=utf-8'); - include(template('mediamanager.php')); + + if (!$fullscreen) { + header('Content-Type: text/html; charset=utf-8'); + include(template('mediamanager.php')); + } /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ |