diff options
-rw-r--r-- | include/conversation.php | 2 | ||||
-rw-r--r-- | mod/cloud.php | 14 | ||||
-rw-r--r-- | mod/filestorage.php | 3 | ||||
-rw-r--r-- | view/tpl/attach_edit.tpl | 3 |
4 files changed, 12 insertions, 10 deletions
diff --git a/include/conversation.php b/include/conversation.php index cec5993b6..34d661004 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1481,7 +1481,7 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){ if($p['view_storage']) { $tabs[] = array( 'label' => t('Files'), - 'url' => $a->get_baseurl() . '/cloud/' . $nickname, + 'url' => $a->get_baseurl() . '/cloud/' . $nickname . ((get_observer_hash()) ? '' : '?f=&davguest=1'), 'sel' => ((argv(0) == 'cloud') ? 'active' : ''), 'title' => t('Files and Storage'), 'id' => 'files-tab', diff --git a/mod/cloud.php b/mod/cloud.php index f6ea059ce..18b61f941 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -67,12 +67,18 @@ function cloud_init(&$a) { $auth->observer = $ob_hash; } + if($_GET['davguest']) + $_SESSION['davguest'] = true; + + $_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']); $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); $_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']); $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); $rootDirectory = new RedDirectory('/',$auth); $server = new DAV\Server($rootDirectory); @@ -85,12 +91,10 @@ function cloud_init(&$a) { // allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login. // If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot, // prompt for HTTP-auth. This will be the default case for mounting a DAV directory. - - // FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from - // the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be - // able to do this with a special $_GET request var and a cookie. + // In order to avoid prompting for passwords for viewing a DIRECTORY, add the URL query parameter 'davguest=1' $isapublic_file = false; + $davguest = ((x($_SESSION,'davguest')) ? true : false); if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { try { @@ -103,7 +107,7 @@ function cloud_init(&$a) { } } - if((! $auth->observer) && (! $isapublic_file)) { + if((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { try { $auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++')); } diff --git a/mod/filestorage.php b/mod/filestorage.php index 18760dd45..3e53a1e93 100644 --- a/mod/filestorage.php +++ b/mod/filestorage.php @@ -69,7 +69,6 @@ function filestorage_content(&$a) { return; } - // TODO This will also need to check for files on disk and delete them from there as well as the DB. if(argc() > 3 && argv(3) === 'delete') { if(! $perms['write_storage']) { @@ -110,7 +109,7 @@ function filestorage_content(&$a) { $channel = $a->get_channel(); - $cloudpath = get_cloudpath($f); + $cloudpath = get_cloudpath($f) . (($f['flags'] & ATTACH_FLAG_DIR) ? '?f=&davguest=1' : ''); $aclselect_e = populate_acl($f); $is_a_dir = (($f['flags'] & ATTACH_FLAG_DIR) ? true : false); diff --git a/view/tpl/attach_edit.tpl b/view/tpl/attach_edit.tpl index f9c6e96ce..77f32b5bc 100644 --- a/view/tpl/attach_edit.tpl +++ b/view/tpl/attach_edit.tpl @@ -23,12 +23,11 @@ {{else}} <div class="cut-paste-desc">{{$cpdesc}}</div> <input type="text" id="cutpasteinput" name="cutpastelink" value="[attachment]{{$file.hash}},{{$file.revision}}[/attachment]" onclick="this.select();" /><br /> +{{/if}} <div class="cut-paste-desc">{{$cpldesc}}</div> <input type="text" id="linkpasteinput" name="cutpasteextlink" value="{{$cloudpath}}" onclick="this.select();"/><br /> -{{/if}} - <div id="attach-edit-perms" > {{$aclselect}} </div> |