parent::getAuth(); // load company!
//return true;
$au = $this->getAuthUser();
- //if (!$au) {
- // die("Access denied");
- // }
+
+ if (!$au) {
+ die("Access denied");
+ }
+
$this->authUser = $au;
return true;
function get($s) // determin what to serve!!!!
{
+ // for testing only.
+ //if (!empty($_GET['_post'])) {
+ // return $this->post();
+ //}
+
$this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as'];
$bits= explode('/', $s);
if (empty($_REQUEST['anytype'])) {
$img->whereAdd("mimetype like 'image/%'");
}
-
+ $img->orderBy('title ASC'); /// spurious ordering... (curretnly used by shipping project)
if (isset($onbits[2])) {
$img->imgtype = $onbits[2];
}
urlencode("image has been removed or deleted."));
}
+
+ if(!$this->hasPermission($img)){
+ header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' .
+ urlencode("access to this image/file has been denied."));
+ }
+
$this->serve($img);
exit;
}
+ function hasPermission($img)
+ {
+ return true;
+ }
function post()
{
}
}
- if (!file_exists($fn)) {
-
+ if (!file_exists($fn)) {
$this->validateSize();
}
}
function validateSize()
{
-
- if ($this->authUser && $this->authUser->company_id && $this->authUser->company()->comptype=='OWNER') {
+ if (($this->authUser && !empty($this->authUser->company_id) && $this->authUser->company()->comptype=='OWNER') || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) {
return true;
}
- // DEFAULT allowed - override with $cfg['sizes'];
+
+ $ff = HTML_FlexyFramework::get();
$sizes = array(
'100',
'200x0',
'200x200',
'400x0',
- '300x100', // logo on login.
- '500',
+ '300x100',
+ '500'
);
- // this should be configurable...
- $ff = HTML_FlexyFramework::get();
$cfg = isset($ff->Pman_Images) ? $ff->Pman_Images :
(isset($ff->Pman_Core_Images) ? $ff->Pman_Core_Images : array());
-
-
if (!empty($cfg['sizes'])) {
$sizes = array_merge($sizes , $cfg['sizes']);
}
+ $project = $ff->project;
+
+ require_once $ff->project . '.php';
+
+ $project = new $ff->project();
+
+ if(isset($project::$Pman_Core_Images_Size)){
+ $sizes = $project::$Pman_Core_Images_Size;
+ }
if (!in_array($this->size, $sizes)) {
die("invalid scale - ".$this->size);
$baseURL = $ff->Pman_Images['public_baseURL'];
preg_match_all('/<img\s+[^>]+>/i',$html, $result);
- //print_r($result);
+
$matches = array_unique($result[0]);
+
foreach($matches as $img) {
$imatch = array();
preg_match_all('/(width|height|src)="([^"]*)"/i',$img, $imatch);
foreach($imatch[1] as $i=>$key) {
$attr[$key] = $imatch[2][$i];
}
- if (!isset($attr['src']) || 0 !== strpos($attr['src'], $baseURL)) {
+ // does it contain baseURL??? --- well what about relative paths...
+ //print_R($attr);
+
+ if (empty($attr['src'])) {
+ continue;
+ }
+
+ if (0 !== strpos($attr['src'], $baseURL)) {
+ // it starts with our 'new' baseURL?
+ $html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'src' );
+ continue;
+ }
+ if (false !== strpos($attr['src'], '//')) {
+ // contains an absolute path.. that is probably not us...
continue;
}
+ // what about mailto or data... - just ignore?? for images...
+
$html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'src' );
+
+
+
}
+
$result = array();
preg_match_all('/<a\s+[^>]+>/i',$html, $result);
if(!preg_match('#/(Images|Images/Thumb/[a-z0-9]+|Images/Download)/([0-9]+)/(.*)$#', $attr_url, $umatch)) {
return $html;
}
+
$id = $umatch[2];
+ $hash = '';
+ if (!empty($umatch[3]) && strpos($umatch[3],'#')) {
+ $hash = '#'. array_pop(explode('#',$umatch[3]));
+ }
+
+
$img = DB_DataObject::factory('Images');
if (!$img->get($id)) {
return $html;
$new_tag = str_replace(
$attr_name. '="'. $attr_url . '"',
- $attr_name .'="'. htmlspecialchars($img->URL($thumbsize, $provider, $baseURL)) . '"',
+ $attr_name .'="'. htmlspecialchars($img->URL($thumbsize, $provider, $baseURL)) . $hash .'"',
$tag
);