Attempt to obscure resize url's by adding in an md5 checksum.
This commit is contained in:
parent
e9bd604a63
commit
d90eb9b884
@ -19,7 +19,7 @@
|
||||
*/
|
||||
|
||||
class FotomotorW_Controller extends Controller {
|
||||
public function resize($item_id) {
|
||||
public function resize($str_checksum, $item_id) {
|
||||
// Displayed the "resized" version of an image by it's ID number.
|
||||
// This both gives fotomoto access to resizes regardless of permissions
|
||||
// and forces fotomoto to track images by unique id instead of file name
|
||||
@ -31,6 +31,11 @@ class FotomotorW_Controller extends Controller {
|
||||
throw new Kohana_404_Exception();
|
||||
}
|
||||
|
||||
// Make sure checksum matches, if not, throw a 404 error.
|
||||
if ($str_checksum != md5($item->created)) {
|
||||
throw new Kohana_404_Exception();
|
||||
}
|
||||
|
||||
// If the resize file doesn't exist for some reason, display a 404 error.
|
||||
if (!file_exists($item->resize_path())) {
|
||||
throw new Kohana_404_Exception();
|
||||
|
@ -10,6 +10,6 @@
|
||||
</center>
|
||||
<script>
|
||||
function showFotomotoDialog(window_type) {
|
||||
FOTOMOTO.API.showWindow(window_type, "<?= url::abs_site("fotomotorw/resize/{$item->id}"); ?>");
|
||||
FOTOMOTO.API.showWindow(window_type, "<?= url::abs_site("fotomotorw/resize/" . md5($item->created) . "/{$item->id}"); ?>");
|
||||
}
|
||||
</script>
|
||||
|
Reference in New Issue
Block a user