aboutsummaryrefslogtreecommitdiff
path: root/start.php
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2009-10-05 23:20:10 +0000
committerCash Costello <cash.costello@gmail.com>2009-10-05 23:20:10 +0000
commit39060653573bf4dd51e891aecdb571c78a866675 (patch)
treef1fc85cba89454a2eeb588a1f85f7dc49f200c5a /start.php
parent9b3cba566de0bc5740e48f3f50eb8b09ffad49dc (diff)
downloadelgg-39060653573bf4dd51e891aecdb571c78a866675.tar.gz
elgg-39060653573bf4dd51e891aecdb571c78a866675.tar.bz2
not using action token validation for image download
Diffstat (limited to 'start.php')
-rw-r--r--start.php18
1 files changed, 18 insertions, 0 deletions
diff --git a/start.php b/start.php
index a15215118..c777331c6 100644
--- a/start.php
+++ b/start.php
@@ -73,6 +73,9 @@
// slideshow plugin hook
register_plugin_hook('tp_slideshow', 'album', 'tidypics_slideshow');
+
+ // no checking security token for download
+ register_plugin_hook('action', 'tidypics/download', 'tidypics_download_override');
}
/**
@@ -417,6 +420,21 @@
}
+ /**
+ * Called before validating the security token on a download link
+ * We don't need security as this is not a true action (it doesn't change any data)
+ *
+ * @return false (shouldn't return though since the action exits
+ */
+ function tidypics_download_override($hook, $action)
+ {
+ global $CONFIG;
+
+ include $CONFIG->actions[$action]['file'];
+
+ return false;
+ }
+
// Make sure tidypics_init is called on initialisation
register_elgg_event_handler('init','system','tidypics_init');