From 4fae208c4c5cb94b84330c8ac4bb319e6da9423b Mon Sep 17 00:00:00 2001 From: Mikael Roos Date: Sat, 17 Jan 2015 19:15:18 +0100 Subject: [PATCH] alias now requires password to work. alias filename is without extension #47. --- CImage.php | 5 ++++- README.md | 2 ++ webroot/img.php | 21 +++++++++++---------- webroot/img_config.php | 26 ++++++++++++++------------ 4 files changed, 31 insertions(+), 23 deletions(-) diff --git a/CImage.php b/CImage.php index a492fcf..47da6f0 100644 --- a/CImage.php +++ b/CImage.php @@ -2137,7 +2137,8 @@ class CImage /** * Create a hard link, as an alias, to the cached file. * - * @param string $alias where to store the link. + * @param string $alias where to store the link, + * filename without extension. * * @return $this */ @@ -2148,6 +2149,8 @@ class CImage return $this; } + $alias = $alias . "." . $this->extension; + if (is_readable($alias)) { unlink($alias); } diff --git a/README.md b/README.md index 9a2149a..7beca2a 100644 --- a/README.md +++ b/README.md @@ -280,6 +280,8 @@ Revision history v0.6.x (latest) +* Alias-name is without extension #47. +* Option `alias` now requires `password` to work #47. * Support for option `password, pwd` to protect usage of `alias` and remote download. * Added support for option `alias` that creates a link to a cached version of the image #47. * Create cache directory for remote download if it does not exists. diff --git a/webroot/img.php b/webroot/img.php index fdee7d6..f165a01 100644 --- a/webroot/img.php +++ b/webroot/img.php @@ -630,25 +630,26 @@ $postProcessing = getConfig('postprocessing', array( /** * alias - Save resulting image to another alias name. - * Password apply if defined. + * Password always apply, must be defined. */ -$alias = get('alias', null); -$aliasPath = getConfig('alias_path', null); -$aliasTarget = null; +$alias = get('alias', null); +$aliasPath = getConfig('alias_path', null); +$validAliasname = getConfig('valid_aliasname', '#^[a-z0-9A-Z-_]+$#'); +$aliasTarget = null; -if ($alias && $aliasPath) { +if ($alias && $aliasPath && $passwordMatch) { $aliasTarget = $aliasPath . $alias; $useCache = false; - ($passwordMatch !== false) - or errorPage("Alias used and password check failed."); is_writable($aliasPath) or errorPage("Directory for alias is not writable."); - preg_match($validFilename, $alias) - or errorPage('Filename for alias contains invalid characters.'); + + preg_match($validAliasname, $alias) + or errorPage('Filename for alias contains invalid characters. Do not add extension.'); + } else if ($alias) { - errorPage('Alias is not enabled in the config file.'); + errorPage('Alias is not enabled in the config file or password not matching.'); } verbose("alias = $alias"); diff --git a/webroot/img_config.php b/webroot/img_config.php index ae2b3f4..5bd3c55 100644 --- a/webroot/img_config.php +++ b/webroot/img_config.php @@ -57,6 +57,18 @@ return array( /** + * A regexp for validating characters in the image or alias filename. + * + * Default value: + * valid_filename: '#^[a-z0-9A-Z-/_\.:]+$#' + * valid_aliasname: '#^[a-z0-9A-Z-_]+$#' + */ + //'valid_filename' => '#^[a-z0-9A-Z-/_\.:]+$#', + //'valid_aliasname' => '#^[a-z0-9A-Z-_]+$#', + + + + /** * Check that the imagefile is a file below 'image_path' using realpath(). * Security constraint to avoid reaching images outside image_path. * This means that symbolic links to images outside the image_path will fail. @@ -64,21 +76,11 @@ return array( * Default value: * image_path_constraint: true */ - //'image_path_constraint' => false, + //'image_path_constraint' => false, - /** - * A regexp for validating characters in the image filename. - * - * Default value: - * valid_filename: '#^[a-z0-9A-Z-/_\.:]+$#' - */ - //'valid_filename' => '#^[a-z0-9A-Z-/_\.:]+$#', - - - - /** + /** * Set default timezone. * * Default values.