diff options
| author | Cash Costello <cash.costello@gmail.com> | 2009-10-05 23:20:10 +0000 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2009-10-05 23:20:10 +0000 |
| commit | 39060653573bf4dd51e891aecdb571c78a866675 (patch) | |
| tree | f1fc85cba89454a2eeb588a1f85f7dc49f200c5a /start.php | |
| parent | 9b3cba566de0bc5740e48f3f50eb8b09ffad49dc (diff) | |
| download | elgg-39060653573bf4dd51e891aecdb571c78a866675.tar.gz elgg-39060653573bf4dd51e891aecdb571c78a866675.tar.bz2 | |
not using action token validation for image download
Diffstat (limited to 'start.php')
| -rw-r--r-- | start.php | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -73,6 +73,9 @@ // slideshow plugin hook
register_plugin_hook('tp_slideshow', 'album', 'tidypics_slideshow');
+
+ // no checking security token for download
+ register_plugin_hook('action', 'tidypics/download', 'tidypics_download_override');
}
/**
@@ -417,6 +420,21 @@ }
+ /**
+ * Called before validating the security token on a download link
+ * We don't need security as this is not a true action (it doesn't change any data)
+ *
+ * @return false (shouldn't return though since the action exits
+ */
+ function tidypics_download_override($hook, $action)
+ {
+ global $CONFIG;
+
+ include $CONFIG->actions[$action]['file'];
+
+ return false;
+ }
+
// Make sure tidypics_init is called on initialisation
register_elgg_event_handler('init','system','tidypics_init');
|