projects
/
Pman.Core
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Pman.js
[Pman.Core]
/
Images.php
diff --git
a/Images.php
b/Images.php
index
252cd24
..
bfda282
100644
(file)
--- a/
Images.php
+++ b/
Images.php
@@
-42,7
+42,9
@@
class Pman_Core_Images extends Pman
{
// tables that do not need authentication checks before serving.
{
// tables that do not need authentication checks before serving.
- var $public_image_tables = array();
+ var $public_image_tables = array(
+ 'crm_mailing_list_message' // we know these are ok...
+ );
var $sizes = array(
'100',
var $sizes = array(
'100',
@@
-75,6
+77,7
@@
class Pman_Core_Images extends Pman
var $as_mimetype = false;
var $method = 'inline';
var $page = false;
var $as_mimetype = false;
var $method = 'inline';
var $page = false;
+ var $is_local = false;
function get($s, $opts=array()) // determin what to serve!!!!
{
function get($s, $opts=array()) // determin what to serve!!!!
{
@@
-83,6
+86,8
@@
class Pman_Core_Images extends Pman
// return $this->post();
//}
// return $this->post();
//}
+ $this->is_local = (!empty($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost') ? true : false;
+
$this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as'];
$this->page = empty($_REQUEST['page']) ? false : (int) $_REQUEST['page'];
$this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as'];
$this->page = empty($_REQUEST['page']) ? false : (int) $_REQUEST['page'];
@@
-176,16
+181,18
@@
class Pman_Core_Images extends Pman
}
}
-
-
$img = DB_DataObjecT::factory('Images');
if (!$id || !$img->get($id)) {
$img = DB_DataObjecT::factory('Images');
if (!$id || !$img->get($id)) {
- $this->imgErr("image has been removed or deleted.",$s);
+ $this->imgErr("image has been removed or deleted.",$s);
+ }
+
+ if($this->is_local) {
+ return $this->serve($img);
}
if (!$this->authUser && !in_array($img->ontable,$this->public_image_tables)) {
}
if (!$this->authUser && !in_array($img->ontable,$this->public_image_tables)) {
-
+
if ($img->ontable != 'core_company') {
$this->imgErr("not-authenticated {$img->ontable}",$s);
}
if ($img->ontable != 'core_company') {
$this->imgErr("not-authenticated {$img->ontable}",$s);
}
@@
-196,15
+203,13
@@
class Pman_Core_Images extends Pman
if ($comp->comptype != 'OWNER') {
$this->imgErr("not-owner-company",$s);
}
if ($comp->comptype != 'OWNER') {
$this->imgErr("not-owner-company",$s);
}
+
return $this->serve($img);
return $this->serve($img);
-
}
}
-
if(!$this->hasPermission($img)){
$this->imgErr("access to this image/file has been denied.",$s);
if(!$this->hasPermission($img)){
$this->imgErr("access to this image/file has been denied.",$s);
-
}
$this->serve($img);
}
$this->serve($img);
@@
-224,6
+229,9
@@
class Pman_Core_Images extends Pman
function post($v)
{
function post($v)
{
+ if (!empty($_REQUEST['_get'])) {
+ return $this->get($v);
+ }
if (!$this->authUser) {
$this->jerr("image conversion only allowed by registered users");
if (!$this->authUser) {
$this->jerr("image conversion only allowed by registered users");
@@
-331,6
+339,10
@@
class Pman_Core_Images extends Pman
}
function validateSize()
{
}
function validateSize()
{
+ if($this->is_local) {
+ return true;
+ }
+
if (($this->authUser && !empty($this->authUser->company_id) && $this->authUser->company()->comptype=='OWNER')
|| $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) {
return true;
if (($this->authUser && !empty($this->authUser->company_id) && $this->authUser->company()->comptype=='OWNER')
|| $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) {
return true;
@@
-465,7
+477,8
@@
class Pman_Core_Images extends Pman
$id = $umatch[2];
$hash = '';
if (!empty($umatch[3]) && strpos($umatch[3],'#')) {
$id = $umatch[2];
$hash = '';
if (!empty($umatch[3]) && strpos($umatch[3],'#')) {
- $hash = '#'. array_pop(explode('#',$umatch[3]));
+ $hh = explode('#',$umatch[3]);
+ $hash = '#'. array_pop($hh);
}
}
@@
-525,7
+538,6
@@
class Pman_Core_Images extends Pman
function downloadEvent($bits)
{
function downloadEvent($bits)
{
- $popts = PEAR::getStaticProperty('Pman','options');
$ev = DB_DAtaObject::Factory('events');
if (!$ev->get($bits[1])) {
die("could not find event id");
$ev = DB_DAtaObject::Factory('events');
if (!$ev->get($bits[1])) {
die("could not find event id");
@@
-538,18
+550,23
@@
class Pman_Core_Images extends Pman
$user = getenv('USERNAME'); // windows.
}
$ff = HTML_FlexyFramework::get();
$user = getenv('USERNAME'); // windows.
}
$ff = HTML_FlexyFramework::get();
- $file = $ff->Pman['event_log_dir']. '/'. $user. date('/Y/m/d/',strtotime($ev->event_when)). $ev->id . ".json";
+
+ $file = $ev->logDir() . date('/Y/m/d/',strtotime($ev->event_when)). $ev->id . ".json";
+
+ if(!$file || !file_exists($file)){
+ die("file was not saved");
+ }
+
$filesJ = json_decode(file_get_contents($file));
$filesJ = json_decode(file_get_contents($file));
- //print_r($filesJ);
-
foreach($filesJ->FILES as $k=>$f){
if ($f->tmp_name != $bits[2]) {
continue;
}
foreach($filesJ->FILES as $k=>$f){
if ($f->tmp_name != $bits[2]) {
continue;
}
- $src = $ff->Pman['event_log_dir']. '/'. $user. date('/Y/m/d/', strtotime($ev->event_when)). $f->tmp_name ;
- if (!file_exists($src)) {
+ $src = $file = $ev->logDir() . date('/Y/m/d/', strtotime($ev->event_when)). $f->tmp_name ;
+
+ if (!$src || !file_exists($src)) {
die("file was not saved");
}
header ('Content-Type: ' . $f->type);
die("file was not saved");
}
header ('Content-Type: ' . $f->type);