aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Photo.php33
-rw-r--r--Zotlabs/Module/Photos.php12
-rw-r--r--Zotlabs/Module/Search.php6
3 files changed, 32 insertions, 19 deletions
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index d76fca278..95e3404fb 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -10,7 +10,7 @@ require_once('include/photos.php');
class Photo extends \Zotlabs\Web\Controller {
function init() {
-
+
$prvcachecontrol = false;
$streaming = null;
$channel = null;
@@ -32,6 +32,7 @@ class Photo extends \Zotlabs\Web\Controller {
}
$observer_xchan = get_observer_hash();
+ $ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
if(isset($type)) {
@@ -79,13 +80,14 @@ class Photo extends \Zotlabs\Web\Controller {
intval(PHOTO_PROFILE)
);
if($r) {
- $modified = strtotime($r[0]['edited']);
+ $modified = strtotime($r[0]['edited'] . "Z");
$data = dbunescbin($r[0]['content']);
$mimetype = $r[0]['mimetype'];
}
if(intval($r[0]['os_storage']))
$data = file_get_contents($data);
}
+
if(! $data) {
$data = fetch_image_from_url($default,$mimetype);
}
@@ -126,9 +128,7 @@ class Photo extends \Zotlabs\Web\Controller {
$photo = substr($photo,0,-2);
// If viewing on a high-res screen, attempt to serve a higher resolution image:
if ($resolution == 2 && ($cookie_value > 1))
- {
$resolution = 1;
- }
}
$r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
@@ -165,10 +165,13 @@ class Photo extends \Zotlabs\Web\Controller {
if($exists && $allowed) {
$data = dbunescbin($e[0]['content']);
+ $filesize = $e[0]['filesize'];
$mimetype = $e[0]['mimetype'];
- $modified = strtotime($e[0]['edited']);
+ $modified = strtotime($e[0]['edited'] . 'Z');
if(intval($e[0]['os_storage']))
$streaming = $data;
+ if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '')
+ $prvcachecontrol = true;
}
else {
if(! $allowed) {
@@ -179,9 +182,20 @@ class Photo extends \Zotlabs\Web\Controller {
}
}
+ } else {
+ http_status_exit(404,'not found');
}
}
-
+
+ header_remove('Pragma');
+
+ if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") {
+ header_remove('Expires');
+ header_remove('Cache-Control');
+ header_remove('Set-Cookie');
+ http_status_exit(304,'not modified');
+ }
+
if(! isset($data)) {
if(isset($resolution)) {
switch($resolution) {
@@ -219,11 +233,6 @@ class Photo extends \Zotlabs\Web\Controller {
}
- if(function_exists('header_remove')) {
- header_remove('Pragma');
- header_remove('pragma');
- }
-
header("Content-type: " . $mimetype);
if($prvcachecontrol) {
@@ -253,7 +262,7 @@ class Photo extends \Zotlabs\Web\Controller {
}
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT");
- header("Content-Length: " . strlen($data));
+ header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data)));
// If it's a file resource, stream it.
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php
index 78bfb1f09..03fd8a53d 100644
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -263,7 +263,8 @@ class Photos extends \Zotlabs\Web\Controller {
$fsize = strlen($data);
}
- $x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0",
+ $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0",
+ dbesc(datetime_convert()),
dbescbin($data),
intval($fsize),
intval($height),
@@ -278,7 +279,8 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
- $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1",
+ $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1",
+ dbesc(datetime_convert()),
dbescbin($ph->imageString()),
intval($height),
intval($width),
@@ -293,7 +295,8 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
- $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2",
+ $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2",
+ dbesc(datetime_convert()),
dbescbin($ph->imageString()),
intval($height),
intval($width),
@@ -308,7 +311,8 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
- $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3",
+ $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3",
+ dbesc(datetime_convert()),
dbescbin($ph->imageString()),
intval($height),
intval($width),
diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php
index e520c671d..272bbdac1 100644
--- a/Zotlabs/Module/Search.php
+++ b/Zotlabs/Module/Search.php
@@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller {
function init() {
if(x($_REQUEST,'search'))
- \App::$data['search'] = $_REQUEST['search'];
+ \App::$data['search'] = escape_tags($_REQUEST['search']);
}
@@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller {
if(x(\App::$data,'search'))
$search = trim(\App::$data['search']);
else
- $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : '');
+ $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : '');
$tag = false;
if(x($_GET,'tag')) {
$tag = true;
- $search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : '');
+ $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : '');
}
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);