diff options
| author | Cash Costello <cash.costello@gmail.com> | 2009-10-05 23:20:10 +0000 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2009-10-05 23:20:10 +0000 |
| commit | 39060653573bf4dd51e891aecdb571c78a866675 (patch) | |
| tree | f1fc85cba89454a2eeb588a1f85f7dc49f200c5a /views | |
| parent | 9b3cba566de0bc5740e48f3f50eb8b09ffad49dc (diff) | |
| download | elgg-39060653573bf4dd51e891aecdb571c78a866675.tar.gz elgg-39060653573bf4dd51e891aecdb571c78a866675.tar.bz2 | |
not using action token validation for image download
Diffstat (limited to 'views')
| -rw-r--r-- | views/default/object/image.php | 6 | ||||
| -rw-r--r-- | views/default/tidypics/image_menu.php | 5 | ||||
| -rw-r--r-- | views/default/tidypics/tagging.php | 1 |
3 files changed, 4 insertions, 8 deletions
diff --git a/views/default/object/image.php b/views/default/object/image.php index 01beb25f6..dd52f872e 100644 --- a/views/default/object/image.php +++ b/views/default/object/image.php @@ -149,10 +149,8 @@ // this code controls whether the photo is a hyperlink or not and what it links to $image_link = false; if (get_plugin_setting('download_link', 'tidypics') != "disabled") { - // admin allows downloads so default to download link - $ts = time(); - $token = generate_action_token($ts); - $image_link = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&view=inline&__elgg_token={$token}&__elgg_ts={$ts}"; + // admin allows downloads so default to inline download link + $image_link = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&view=inline"; } // does any plugin want to override the link $image_link = trigger_plugin_hook('tp_image_link', 'image', $image, $image_link); diff --git a/views/default/tidypics/image_menu.php b/views/default/tidypics/image_menu.php index cb004395e..299f4b026 100644 --- a/views/default/tidypics/image_menu.php +++ b/views/default/tidypics/image_menu.php @@ -43,10 +43,7 @@ }
if (get_plugin_setting('download_link', 'tidypics') != "disabled") {
- $ts = time();
- $token = generate_action_token($ts);
-
- $download_url = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&__elgg_token={$token}&__elgg_ts={$ts}";
+ $download_url = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid;
?>
<li id="download_image"><a href="<?php echo $download_url; ?>"><?php echo elgg_echo("image:download"); ?></a></li>
<?php
diff --git a/views/default/tidypics/tagging.php b/views/default/tidypics/tagging.php index ebaf0dc94..9ebec7c1e 100644 --- a/views/default/tidypics/tagging.php +++ b/views/default/tidypics/tagging.php @@ -63,6 +63,7 @@ }
?>
+<div class="clearfloat"></div>
</div>
<div id="tidypics_delete_tag_menu" class="tidypics_popup">
<div class='tidypics_popup_header'><h3><?php echo elgg_echo('tidypics:deltag_title'); ?></h3></div>
|