diff options
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r-- | Zotlabs/Module/Photo.php | 33 | ||||
-rw-r--r-- | Zotlabs/Module/Photos.php | 12 | ||||
-rw-r--r-- | Zotlabs/Module/Search.php | 6 |
3 files changed, 32 insertions, 19 deletions
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index d76fca278..95e3404fb 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -10,7 +10,7 @@ require_once('include/photos.php'); class Photo extends \Zotlabs\Web\Controller { function init() { - + $prvcachecontrol = false; $streaming = null; $channel = null; @@ -32,6 +32,7 @@ class Photo extends \Zotlabs\Web\Controller { } $observer_xchan = get_observer_hash(); + $ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE']; if(isset($type)) { @@ -79,13 +80,14 @@ class Photo extends \Zotlabs\Web\Controller { intval(PHOTO_PROFILE) ); if($r) { - $modified = strtotime($r[0]['edited']); + $modified = strtotime($r[0]['edited'] . "Z"); $data = dbunescbin($r[0]['content']); $mimetype = $r[0]['mimetype']; } if(intval($r[0]['os_storage'])) $data = file_get_contents($data); } + if(! $data) { $data = fetch_image_from_url($default,$mimetype); } @@ -126,9 +128,7 @@ class Photo extends \Zotlabs\Web\Controller { $photo = substr($photo,0,-2); // If viewing on a high-res screen, attempt to serve a higher resolution image: if ($resolution == 2 && ($cookie_value > 1)) - { $resolution = 1; - } } $r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", @@ -165,10 +165,13 @@ class Photo extends \Zotlabs\Web\Controller { if($exists && $allowed) { $data = dbunescbin($e[0]['content']); + $filesize = $e[0]['filesize']; $mimetype = $e[0]['mimetype']; - $modified = strtotime($e[0]['edited']); + $modified = strtotime($e[0]['edited'] . 'Z'); if(intval($e[0]['os_storage'])) $streaming = $data; + if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '') + $prvcachecontrol = true; } else { if(! $allowed) { @@ -179,9 +182,20 @@ class Photo extends \Zotlabs\Web\Controller { } } + } else { + http_status_exit(404,'not found'); } } - + + header_remove('Pragma'); + + if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") { + header_remove('Expires'); + header_remove('Cache-Control'); + header_remove('Set-Cookie'); + http_status_exit(304,'not modified'); + } + if(! isset($data)) { if(isset($resolution)) { switch($resolution) { @@ -219,11 +233,6 @@ class Photo extends \Zotlabs\Web\Controller { } - if(function_exists('header_remove')) { - header_remove('Pragma'); - header_remove('pragma'); - } - header("Content-type: " . $mimetype); if($prvcachecontrol) { @@ -253,7 +262,7 @@ class Photo extends \Zotlabs\Web\Controller { } header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); - header("Content-Length: " . strlen($data)); + header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); // If it's a file resource, stream it. diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 78bfb1f09..03fd8a53d 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -263,7 +263,8 @@ class Photos extends \Zotlabs\Web\Controller { $fsize = strlen($data); } - $x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0", + $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0", + dbesc(datetime_convert()), dbescbin($data), intval($fsize), intval($height), @@ -278,7 +279,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), @@ -293,7 +295,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), @@ -308,7 +311,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index e520c671d..272bbdac1 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller { function init() { if(x($_REQUEST,'search')) - \App::$data['search'] = $_REQUEST['search']; + \App::$data['search'] = escape_tags($_REQUEST['search']); } @@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller { if(x(\App::$data,'search')) $search = trim(\App::$data['search']); else - $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); + $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : ''); $tag = false; if(x($_GET,'tag')) { $tag = true; - $search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : ''); + $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : ''); } $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); |