feature 2831: simple way to protect urls of originals

git-svn-id: http://piwigo.org/svn/trunk@20516 68402e56-0260-453c-a942-63ccdbb3a9ee
2025-04-29 04:39:56 +03:00 · 2013-02-02 07:09:52 +00:00 · 2013-02-02 07:09:52 +00:00 · 5b22fcea0e
commit 5b22fcea0e
parent 21c97f3858
4 changed files with 34 additions and 4 deletions
--- a/include/common.inc.php
+++ b/include/common.inc.php
@ -266,5 +266,10 @@ add_event_handler('render_comment_content', 'render_comment_content');
 add_event_handler('render_comment_author', 'strip_tags');
 add_event_handler('render_tag_url', 'str2url');
 add_event_handler('blockmanager_register_blocks', 'register_default_menubar_blocks', EVENT_HANDLER_PRIORITY_NEUTRAL-1);
+if ( !empty($conf['original_url_protection']) )
+{
+  add_event_handler('get_element_url', 'get_element_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 );
+  add_event_handler('get_src_image_url', 'get_src_image_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 );
+}
 trigger_action('init');
 ?>
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@ -777,4 +777,8 @@ $conf['derivative_default_size'] = 'medium';

 //Maximum Ajax requests at once, for thumbnails on-the-fly generation
 $conf['max_requests']=3;
+
+// one of '', 'images', 'all'
+//TODO: Put this in admin and also manage .htaccess in #sites and upload folders
+$conf['original_url_protection'] = '';
 ?>
--- a/include/derivative.inc.php
+++ b/include/derivative.inc.php
@ -106,7 +106,7 @@ final class SrcImage
  function get_url()
  {
    $url = get_root_url().$this->rel_path;
-    if ($this->flags & self::IS_ORIGINAL)
+    if ( !($this->flags & self::IS_MIMETYPE) )
    {
      $url = trigger_event('get_src_image_url', $url, $this);
    }
--- a/include/functions_html.inc.php
+++ b/include/functions_html.inc.php
@ -593,4 +593,25 @@ function get_thumbnail_title($info, $title, $comment)
  return $title;
 }

+/** optional event handler to protect src image urls */
+function get_src_image_url_protection_handler($url, $src_image)
+{
+  return get_action_url($src_image->id, $src_image->is_original() ? 'e' : 'r', false);
+}
+
+/** optional event handler to protect element urls */
+function get_element_url_protection_handler($url, $infos)
+{
+  global $conf;
+  if ('images'==$conf['original_url_protection'])
+  {// protect only images and not other file types (for example large movies that we don't want to send through our file proxy)
+    $ext = get_extension($infos['path']);
+    if (!in_array($ext, $conf['picture_ext']))
+    {
+      return $url;
+    }
+  }
+  return get_action_url($infos['id'], 'e', false);
+}
+
 ?>