// Check for minimum parameters. if (!isset($_GET['a']) || !isset($_GET['i'])) { if (TEST_RELEASE) { debugLogVar('i.php too few arguments _GET', $_GET); debugLogVar('i.php too few arguments _SERVER', $_SERVER); } imageError('404 Not Found', gettext("Too few arguments! Image not found."), 'err-imagenotfound.png'); } // Fix special characters in the album and image names if mod_rewrite is on: // URL looks like: "/album1/subalbum/picture.jpg" list($ralbum, $rimage) = rewrite_get_album_image('a', 'i'); $ralbum = internalToFilesystem($ralbum); $rimage = internalToFilesystem($rimage); $album = sanitize_path($ralbum); $image = sanitize_path($rimage); $theme = themeSetup(filesystemToInternal($album)); // loads the theme based image options. if (getOption('secure_image_processor')) { require_once dirname(__FILE__) . '/functions.php'; $albumobj = newAlbum(filesystemToInternal($album)); if (!$albumobj->checkAccess()) { imageError('403 Forbidden', gettext("Forbidden(1)")); } } $args = getImageArgs($_GET); $adminrequest = $args[12]; if ($forbidden = getOption('image_processor_flooding_protection') && (!isset($_GET['check']) || $_GET['check'] != sha1(HASH_SEED . serialize($args)))) { // maybe it was from the tinyZenpage javascript which does not know better! zp_session_start(); $forbidden = !isset($_SESSION['adminRequest']) || $_SESSION['adminRequest'] != @$_COOKIE['zp_user_auth']; }
// Inicializa el objeto palosanto navigation $oPn = new paloSantoNavigation($arrMenuFiltered, $smarty, $selectedMenu); $selectedMenu = $oPn->getSelectedModule(); // Obtener contenido del módulo, si usuario está autorizado a él $bModuleAuthorized = $pACL->isUserAuthorizedById($idUser, $selectedMenu); $sModuleContent = $bModuleAuthorized ? $oPn->showContent() : array('data' => ''); // rawmode es un modo de operacion que pasa directamente a la pantalla la salida // del modulo. Esto es util en ciertos casos. $rawmode = getParameter("rawmode"); if (isset($rawmode) && $rawmode == 'yes') { echo $sModuleContent['data']; } else { $oPn->renderMenuTemplates(); if (file_exists($arrConf['basePath'] . '/web/themes/' . $arrConf['mainTheme'] . '/themesetup.php')) { require_once $arrConf['basePath'] . '/web/themes/' . $arrConf['mainTheme'] . '/themesetup.php'; themeSetup($smarty, $selectedMenu, $pdbACL, $pACL, $idUser); } // Autorizacion if ($bModuleAuthorized) { // Guardar historial de la navegación // TODO: también para rawmode=yes ? putMenuAsHistory($pdbACL, $idUser, $selectedMenu); if (isset($sModuleContent['JS_CSS_HEAD'])) { //es necesario cargar los css y js que el modulo pone //$smarty->assign("HEADER_MODULES",$sModuleContent['JS_CSS_HEAD']); $smarty->assign("CONTENT", $sModuleContent['JS_CSS_HEAD'] . $sModuleContent['data']); } else { $smarty->assign("CONTENT", $sModuleContent['data']); } $smarty->assign('MENU', count($arrMenuFiltered) > 0 ? $smarty->fetch("_common/_menu.tpl") : _tr('No modules')); }
exit; } // Check for minimum parameters. if (!isset($_GET['a']) || !isset($_GET['i'])) { header("HTTP/1.0 404 Not Found"); header("Status: 404 Not Found"); imageError(gettext("Too few arguments! Image not found."), 'err-imagenotfound.png'); } list($ralbum, $rimage) = rewrite_get_album_image('a', 'i'); $ralbum = internalToFilesystem($ralbum); $rimage = internalToFilesystem($rimage); $album = str_replace('..', '', sanitize_path($ralbum)); $image = str_replace(array('/', "\\"), '', sanitize_path($rimage)); $album8 = filesystemToInternal($album); $image8 = filesystemToInternal($image); $theme = themeSetup($album); // loads the theme based image options. /* Prevent hotlinking to the full image from other servers. */ $server = $_SERVER['SERVER_NAME']; if (isset($_SERVER['HTTP_REFERER'])) { $test = strpos($_SERVER['HTTP_REFERER'], $server); } else { $test = true; } if ($test == FALSE && getOption('hotlink_protection')) { /* It seems they are directly requesting the full image. */ $i = 'index.php?album=' . $album8 . '&image=' . $image8; header("Location: {$i}"); exit; } $_zp_gallery = new Gallery();