aboutsummaryrefslogtreecommitdiffstats
path: root/mod/cloud.php
diff options
context:
space:
mode:
authormarijus <mario@localhost.localdomain>2014-01-26 14:43:07 +0100
committermarijus <mario@localhost.localdomain>2014-01-26 14:43:07 +0100
commit44658f7b7f03979c3809b046d911ff24484a05c9 (patch)
tree35319a273306c37746d8a9808e34dd004717b2d9 /mod/cloud.php
parent7b52295f8bc279dc836fb32b76cc09da164fbf0b (diff)
parent0948c3c3ca5aa3621247c7a77a05ac5acd085459 (diff)
downloadvolse-hubzilla-44658f7b7f03979c3809b046d911ff24484a05c9.tar.gz
volse-hubzilla-44658f7b7f03979c3809b046d911ff24484a05c9.tar.bz2
volse-hubzilla-44658f7b7f03979c3809b046d911ff24484a05c9.zip
Merge branch 'master' of https://github.com/friendica/red
Diffstat (limited to 'mod/cloud.php')
-rw-r--r--mod/cloud.php24
1 files changed, 22 insertions, 2 deletions
diff --git a/mod/cloud.php b/mod/cloud.php
index de42249fe..f6ea059ce 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -74,7 +74,6 @@ function cloud_init(&$a) {
$_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']);
-
$rootDirectory = new RedDirectory('/',$auth);
$server = new DAV\Server($rootDirectory);
$lockBackend = new DAV\Locks\Backend\File('store/[data]/locks');
@@ -82,8 +81,29 @@ function cloud_init(&$a) {
$server->addPlugin($lockPlugin);
+ // The next section of code allows us to bypass prompting for http-auth if a FILE is being accessed anonymously and permissions
+ // allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login.
+ // If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot,
+ // prompt for HTTP-auth. This will be the default case for mounting a DAV directory.
+
+ // FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from
+ // the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be
+ // able to do this with a special $_GET request var and a cookie.
+
+ $isapublic_file = false;
+
+ if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
+ try {
+ $x = RedFileData('/' . $a->cmd,$auth);
+ if($x instanceof RedFile)
+ $isapublic_file = true;
+ }
+ catch ( Exception $e ) {
+ $isapublic_file = false;
+ }
+ }
- if(! $auth->observer) {
+ if((! $auth->observer) && (! $isapublic_file)) {
try {
$auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++'));
}