aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/features.php2
-rw-r--r--include/security.php2
-rw-r--r--mod/cloud.php24
-rw-r--r--mod/settings.php2
-rw-r--r--version.inc2
5 files changed, 27 insertions, 5 deletions
diff --git a/include/features.php b/include/features.php
index efdf6dc3a..973fe9fe7 100644
--- a/include/features.php
+++ b/include/features.php
@@ -7,6 +7,8 @@
function feature_enabled($uid,$feature) {
$x = get_pconfig($uid,'feature',$feature);
+ if($x === false)
+ $x = get_config('feature',$feature);
$arr = array('uid' => $uid, 'feature' => $feature, 'enabled' => $x);
call_hooks('feature_enabled',$arr);
return($arr['enabled']);
diff --git a/include/security.php b/include/security.php
index 4a15e52af..5e86cf790 100644
--- a/include/security.php
+++ b/include/security.php
@@ -61,7 +61,7 @@ function change_channel($change_channel) {
intval(PAGE_REMOVED)
);
- if($r) {
+ if($r) {
$hash = $r[0]['channel_hash'];
$_SESSION['uid'] = intval($r[0]['channel_id']);
get_app()->set_channel($r[0]);
diff --git a/mod/cloud.php b/mod/cloud.php
index de42249fe..f6ea059ce 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -74,7 +74,6 @@ function cloud_init(&$a) {
$_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']);
-
$rootDirectory = new RedDirectory('/',$auth);
$server = new DAV\Server($rootDirectory);
$lockBackend = new DAV\Locks\Backend\File('store/[data]/locks');
@@ -82,8 +81,29 @@ function cloud_init(&$a) {
$server->addPlugin($lockPlugin);
+ // The next section of code allows us to bypass prompting for http-auth if a FILE is being accessed anonymously and permissions
+ // allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login.
+ // If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot,
+ // prompt for HTTP-auth. This will be the default case for mounting a DAV directory.
+
+ // FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from
+ // the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be
+ // able to do this with a special $_GET request var and a cookie.
+
+ $isapublic_file = false;
+
+ if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
+ try {
+ $x = RedFileData('/' . $a->cmd,$auth);
+ if($x instanceof RedFile)
+ $isapublic_file = true;
+ }
+ catch ( Exception $e ) {
+ $isapublic_file = false;
+ }
+ }
- if(! $auth->observer) {
+ if((! $auth->observer) && (! $isapublic_file)) {
try {
$auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++'));
}
diff --git a/mod/settings.php b/mod/settings.php
index 5aa018cc2..ee6ef45de 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -635,7 +635,7 @@ function settings_content(&$a) {
$arr[$fname] = array();
$arr[$fname][0] = $fdata[0];
foreach(array_slice($fdata,1) as $f) {
- $arr[$fname][1][] = array('feature_' .$f[0],$f[1],((intval(get_pconfig(local_user(),'feature',$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On')));
+ $arr[$fname][1][] = array('feature_' .$f[0],$f[1],((intval(feature_enabled(local_user(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On')));
}
}
diff --git a/version.inc b/version.inc
index f55fb683d..d85ee0ed2 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2014-01-25.568
+2014-01-26.569