From 39060653573bf4dd51e891aecdb571c78a866675 Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Mon, 5 Oct 2009 23:20:10 +0000
Subject: not using action token validation for image download

---
 start.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'start.php')

diff --git a/start.php b/start.php
index a15215118..c777331c6 100644
--- a/start.php
+++ b/start.php
@@ -73,6 +73,9 @@
 		
 		// slideshow plugin hook
 		register_plugin_hook('tp_slideshow', 'album', 'tidypics_slideshow');
+		
+		// no checking security token for download
+		register_plugin_hook('action', 'tidypics/download', 'tidypics_download_override');
 	}
 	
 	/**
@@ -417,6 +420,21 @@
 	}
 	
 	
+	/**
+	 * Called before validating the security token on a download link
+	 * We don't need security as this is not a true action (it doesn't change any data)
+	 * 
+	 * @return false (shouldn't return though since the action exits
+	 */
+	function tidypics_download_override($hook, $action)
+	{
+		global $CONFIG;
+		
+		include $CONFIG->actions[$action]['file'];
+		
+		return false;
+	}
+	
 
 	// Make sure tidypics_init is called on initialisation
 	register_elgg_event_handler('init','system','tidypics_init');
-- 
cgit v1.2.3