alias now requires password to work. alias filename is without extension #47.

CImage.php

@@ -2137,7 +2137,8 @@ class CImage
     /**
      * Create a hard link, as an alias, to the cached file.
      *
-     * @param string $alias where to store the link.
+     * @param string $alias where to store the link,
+     *                      filename without extension.
      *
      * @return $this
      */
@@ -2148,6 +2149,8 @@ class CImage
             return $this;
         }
 
+        $alias = $alias . "." . $this->extension;
+
         if (is_readable($alias)) {
             unlink($alias);
         }

README.md

@@ -280,6 +280,8 @@ Revision history
 
 v0.6.x (latest)
 
+* Alias-name is without extension #47.
+* Option `alias` now requires `password` to work #47.
 * Support for option `password, pwd` to protect usage of `alias` and remote download.
 * Added support for option `alias` that creates a link to a cached version  of the image #47.
 * Create cache directory for remote download if it does not exists.

webroot/img.php

@@ -630,25 +630,26 @@ $postProcessing = getConfig('postprocessing', array(
 
 /**
  * alias - Save resulting image to another alias name.
- * Password apply if defined.
+ * Password always apply, must be defined.
  */
-$alias     = get('alias', null);
-$aliasPath = getConfig('alias_path', null);
-$aliasTarget = null;
+$alias          = get('alias', null);
+$aliasPath      = getConfig('alias_path', null);
+$validAliasname = getConfig('valid_aliasname', '#^[a-z0-9A-Z-_]+$#');
+$aliasTarget    = null;
 
-if ($alias && $aliasPath) {
+if ($alias && $aliasPath && $passwordMatch) {
 
     $aliasTarget = $aliasPath . $alias;
     $useCache    = false;
 
-    ($passwordMatch !== false)
-        or errorPage("Alias used and password check failed.");
     is_writable($aliasPath)
         or errorPage("Directory for alias is not writable.");
-    preg_match($validFilename, $alias)
-        or errorPage('Filename for alias contains invalid characters.');
+
+    preg_match($validAliasname, $alias)
+        or errorPage('Filename for alias contains invalid characters. Do not add extension.');
+
 } else if ($alias) {
-    errorPage('Alias is not enabled in the config file.');
+    errorPage('Alias is not enabled in the config file or password not matching.');
 }
 
 verbose("alias = $alias");

webroot/img_config.php

@@ -57,6 +57,18 @@ return array(
 
 
     /**
+     * A regexp for validating characters in the image or alias filename.
+     *
+     * Default value:
+     *  valid_filename:  '#^[a-z0-9A-Z-/_\.:]+$#'
+     *  valid_aliasname: '#^[a-z0-9A-Z-_]+$#'
+     */
+     //'valid_filename'  => '#^[a-z0-9A-Z-/_\.:]+$#',
+     //'valid_aliasname' => '#^[a-z0-9A-Z-_]+$#',
+
+
+
+     /**
      * Check that the imagefile is a file below 'image_path' using realpath().
      * Security constraint to avoid reaching images outside image_path.
      * This means that symbolic links to images outside the image_path will fail.
@@ -64,21 +76,11 @@ return array(
      * Default value:
      *  image_path_constraint: true
      */
-    //'image_path_constraint' => false,
+     //'image_path_constraint' => false,
 
 
 
-    /**
-     * A regexp for validating characters in the image filename.
-     *
-     * Default value:
-     *  valid_filename: '#^[a-z0-9A-Z-/_\.:]+$#'
-     */
-    //'valid_filename' => '#^[a-z0-9A-Z-/_\.:]+$#',
-
-
-
-    /**
+     /**
      * Set default timezone.
      *
      * Default values.