aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/conversation.php2
-rw-r--r--mod/cloud.php14
2 files changed, 10 insertions, 6 deletions
diff --git a/include/conversation.php b/include/conversation.php
index cec5993b6..34d661004 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1481,7 +1481,7 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){
if($p['view_storage']) {
$tabs[] = array(
'label' => t('Files'),
- 'url' => $a->get_baseurl() . '/cloud/' . $nickname,
+ 'url' => $a->get_baseurl() . '/cloud/' . $nickname . ((get_observer_hash()) ? '' : '?f=&davguest=1'),
'sel' => ((argv(0) == 'cloud') ? 'active' : ''),
'title' => t('Files and Storage'),
'id' => 'files-tab',
diff --git a/mod/cloud.php b/mod/cloud.php
index f6ea059ce..18b61f941 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -67,12 +67,18 @@ function cloud_init(&$a) {
$auth->observer = $ob_hash;
}
+ if($_GET['davguest'])
+ $_SESSION['davguest'] = true;
+
+
$_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']);
$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']);
+ $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']);
$_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']);
+ $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']);
$rootDirectory = new RedDirectory('/',$auth);
$server = new DAV\Server($rootDirectory);
@@ -85,12 +91,10 @@ function cloud_init(&$a) {
// allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login.
// If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot,
// prompt for HTTP-auth. This will be the default case for mounting a DAV directory.
-
- // FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from
- // the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be
- // able to do this with a special $_GET request var and a cookie.
+ // In order to avoid prompting for passwords for viewing a DIRECTORY, add the URL query parameter 'davguest=1'
$isapublic_file = false;
+ $davguest = ((x($_SESSION,'davguest')) ? true : false);
if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
try {
@@ -103,7 +107,7 @@ function cloud_init(&$a) {
}
}
- if((! $auth->observer) && (! $isapublic_file)) {
+ if((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
try {
$auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++'));
}