// Check for minimum parameters.
if (!isset($_GET['a']) || !isset($_GET['i'])) {
if (TEST_RELEASE) {
debugLogVar('i.php too few arguments _GET', $_GET);
debugLogVar('i.php too few arguments _SERVER', $_SERVER);
}
imageError('404 Not Found', gettext("Too few arguments! Image not found."), 'err-imagenotfound.png');
}
// Fix special characters in the album and image names if mod_rewrite is on:
// URL looks like: "/album1/subalbum/picture.jpg"
list($ralbum, $rimage) = rewrite_get_album_image('a', 'i');
$ralbum = internalToFilesystem($ralbum);
$rimage = internalToFilesystem($rimage);
$album = sanitize_path($ralbum);
$image = sanitize_path($rimage);
$theme = themeSetup(filesystemToInternal($album));
// loads the theme based image options.
if (getOption('secure_image_processor')) {
require_once dirname(__FILE__) . '/functions.php';
$albumobj = newAlbum(filesystemToInternal($album));
if (!$albumobj->checkAccess()) {
imageError('403 Forbidden', gettext("Forbidden(1)"));
}
}
$args = getImageArgs($_GET);
$adminrequest = $args[12];
if ($forbidden = getOption('image_processor_flooding_protection') && (!isset($_GET['check']) || $_GET['check'] != sha1(HASH_SEED . serialize($args)))) {
// maybe it was from the tinyZenpage javascript which does not know better!
zp_session_start();
$forbidden = !isset($_SESSION['adminRequest']) || $_SESSION['adminRequest'] != @$_COOKIE['zp_user_auth'];
}
// Inicializa el objeto palosanto navigation
$oPn = new paloSantoNavigation($arrMenuFiltered, $smarty, $selectedMenu);
$selectedMenu = $oPn->getSelectedModule();
// Obtener contenido del módulo, si usuario está autorizado a él
$bModuleAuthorized = $pACL->isUserAuthorizedById($idUser, $selectedMenu);
$sModuleContent = $bModuleAuthorized ? $oPn->showContent() : array('data' => '');
// rawmode es un modo de operacion que pasa directamente a la pantalla la salida
// del modulo. Esto es util en ciertos casos.
$rawmode = getParameter("rawmode");
if (isset($rawmode) && $rawmode == 'yes') {
echo $sModuleContent['data'];
} else {
$oPn->renderMenuTemplates();
if (file_exists($arrConf['basePath'] . '/web/themes/' . $arrConf['mainTheme'] . '/themesetup.php')) {
require_once $arrConf['basePath'] . '/web/themes/' . $arrConf['mainTheme'] . '/themesetup.php';
themeSetup($smarty, $selectedMenu, $pdbACL, $pACL, $idUser);
}
// Autorizacion
if ($bModuleAuthorized) {
// Guardar historial de la navegación
// TODO: también para rawmode=yes ?
putMenuAsHistory($pdbACL, $idUser, $selectedMenu);
if (isset($sModuleContent['JS_CSS_HEAD'])) {
//es necesario cargar los css y js que el modulo pone
//$smarty->assign("HEADER_MODULES",$sModuleContent['JS_CSS_HEAD']);
$smarty->assign("CONTENT", $sModuleContent['JS_CSS_HEAD'] . $sModuleContent['data']);
} else {
$smarty->assign("CONTENT", $sModuleContent['data']);
}
$smarty->assign('MENU', count($arrMenuFiltered) > 0 ? $smarty->fetch("_common/_menu.tpl") : _tr('No modules'));
}
exit;
}
// Check for minimum parameters.
if (!isset($_GET['a']) || !isset($_GET['i'])) {
header("HTTP/1.0 404 Not Found");
header("Status: 404 Not Found");
imageError(gettext("Too few arguments! Image not found."), 'err-imagenotfound.png');
}
list($ralbum, $rimage) = rewrite_get_album_image('a', 'i');
$ralbum = internalToFilesystem($ralbum);
$rimage = internalToFilesystem($rimage);
$album = str_replace('..', '', sanitize_path($ralbum));
$image = str_replace(array('/', "\\"), '', sanitize_path($rimage));
$album8 = filesystemToInternal($album);
$image8 = filesystemToInternal($image);
$theme = themeSetup($album);
// loads the theme based image options.
/* Prevent hotlinking to the full image from other servers. */
$server = $_SERVER['SERVER_NAME'];
if (isset($_SERVER['HTTP_REFERER'])) {
$test = strpos($_SERVER['HTTP_REFERER'], $server);
} else {
$test = true;
}
if ($test == FALSE && getOption('hotlink_protection')) {
/* It seems they are directly requesting the full image. */
$i = 'index.php?album=' . $album8 . '&image=' . $image8;
header("Location: {$i}");
exit;
}
$_zp_gallery = new Gallery();
