X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=blobdiff_plain;f=Images.php;h=4d2fd145b07c6d5a7364a0ed0260c19a9847d879;hp=2e7c9819df3f99e6cb27b2d19f8ea506aa28ab05;hb=refs%2Fheads%2Fwip_alan_T5884_add_photo_to_report;hpb=a2fcf0a5aab24db643fc0c868d689c1ab3699e16 diff --git a/Images.php b/Images.php index 2e7c9819..4d2fd145 100644 --- a/Images.php +++ b/Images.php @@ -75,6 +75,7 @@ class Pman_Core_Images extends Pman var $as_mimetype = false; var $method = 'inline'; var $page = false; + var $is_local = false; function get($s, $opts=array()) // determin what to serve!!!! { @@ -83,6 +84,8 @@ class Pman_Core_Images extends Pman // return $this->post(); //} + $this->is_local = (!empty($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost') ? true : false; + $this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as']; $this->page = empty($_REQUEST['page']) ? false : (int) $_REQUEST['page']; @@ -176,16 +179,18 @@ class Pman_Core_Images extends Pman } - - $img = DB_DataObjecT::factory('Images'); if (!$id || !$img->get($id)) { $this->imgErr("image has been removed or deleted.",$s); } + if($this->is_local) { + return $this->serve($img); + } + if (!$this->authUser && !in_array($img->ontable,$this->public_image_tables)) { - + if ($img->ontable != 'core_company') { $this->imgErr("not-authenticated {$img->ontable}",$s); } @@ -196,15 +201,13 @@ class Pman_Core_Images extends Pman if ($comp->comptype != 'OWNER') { $this->imgErr("not-owner-company",$s); } + return $this->serve($img); - } - if(!$this->hasPermission($img)){ $this->imgErr("access to this image/file has been denied.",$s); - } $this->serve($img); @@ -331,6 +334,10 @@ class Pman_Core_Images extends Pman } function validateSize() { + if($this->is_local) { + return true; + } + if (($this->authUser && !empty($this->authUser->company_id) && $this->authUser->company()->comptype=='OWNER') || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) { return true;