Attempt to obscure resize url's by adding in an md5 checksum.
This commit is contained in:
parent
e9bd604a63
commit
d90eb9b884
|
@ -19,7 +19,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
class FotomotorW_Controller extends Controller {
|
class FotomotorW_Controller extends Controller {
|
||||||
public function resize($item_id) {
|
public function resize($str_checksum, $item_id) {
|
||||||
// Displayed the "resized" version of an image by it's ID number.
|
// Displayed the "resized" version of an image by it's ID number.
|
||||||
// This both gives fotomoto access to resizes regardless of permissions
|
// This both gives fotomoto access to resizes regardless of permissions
|
||||||
// and forces fotomoto to track images by unique id instead of file name
|
// and forces fotomoto to track images by unique id instead of file name
|
||||||
|
@ -31,6 +31,11 @@ class FotomotorW_Controller extends Controller {
|
||||||
throw new Kohana_404_Exception();
|
throw new Kohana_404_Exception();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Make sure checksum matches, if not, throw a 404 error.
|
||||||
|
if ($str_checksum != md5($item->created)) {
|
||||||
|
throw new Kohana_404_Exception();
|
||||||
|
}
|
||||||
|
|
||||||
// If the resize file doesn't exist for some reason, display a 404 error.
|
// If the resize file doesn't exist for some reason, display a 404 error.
|
||||||
if (!file_exists($item->resize_path())) {
|
if (!file_exists($item->resize_path())) {
|
||||||
throw new Kohana_404_Exception();
|
throw new Kohana_404_Exception();
|
||||||
|
|
|
@ -10,6 +10,6 @@
|
||||||
</center>
|
</center>
|
||||||
<script>
|
<script>
|
||||||
function showFotomotoDialog(window_type) {
|
function showFotomotoDialog(window_type) {
|
||||||
FOTOMOTO.API.showWindow(window_type, "<?= url::abs_site("fotomotorw/resize/{$item->id}"); ?>");
|
FOTOMOTO.API.showWindow(window_type, "<?= url::abs_site("fotomotorw/resize/" . md5($item->created) . "/{$item->id}"); ?>");
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
Reference in New Issue
Block a user