diff options
author | marijus <mario@localhost.localdomain> | 2014-01-27 10:57:46 +0100 |
---|---|---|
committer | marijus <mario@localhost.localdomain> | 2014-01-27 10:57:46 +0100 |
commit | b39475db86eca7b5e5615d377d8adc64e6a33056 (patch) | |
tree | 7713842c2cdbd2767d52cf0263375da62133c534 /mod/cloud.php | |
parent | 4ce6335364a5c86cac97bcc43af0dc6bfa38d114 (diff) | |
parent | d67fdd129921549b6a1e7cb5e5ebea7bdc38bf0e (diff) | |
download | volse-hubzilla-b39475db86eca7b5e5615d377d8adc64e6a33056.tar.gz volse-hubzilla-b39475db86eca7b5e5615d377d8adc64e6a33056.tar.bz2 volse-hubzilla-b39475db86eca7b5e5615d377d8adc64e6a33056.zip |
Merge branch 'master' of https://github.com/friendica/red
Diffstat (limited to 'mod/cloud.php')
-rw-r--r-- | mod/cloud.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/mod/cloud.php b/mod/cloud.php index f6ea059ce..18b61f941 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -67,12 +67,18 @@ function cloud_init(&$a) { $auth->observer = $ob_hash; } + if($_GET['davguest']) + $_SESSION['davguest'] = true; + + $_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']); $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); $_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']); $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); $rootDirectory = new RedDirectory('/',$auth); $server = new DAV\Server($rootDirectory); @@ -85,12 +91,10 @@ function cloud_init(&$a) { // allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login. // If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot, // prompt for HTTP-auth. This will be the default case for mounting a DAV directory. - - // FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from - // the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be - // able to do this with a special $_GET request var and a cookie. + // In order to avoid prompting for passwords for viewing a DIRECTORY, add the URL query parameter 'davguest=1' $isapublic_file = false; + $davguest = ((x($_SESSION,'davguest')) ? true : false); if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { try { @@ -103,7 +107,7 @@ function cloud_init(&$a) { } } - if((! $auth->observer) && (! $isapublic_file)) { + if((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { try { $auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++')); } |