From 39060653573bf4dd51e891aecdb571c78a866675 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Mon, 5 Oct 2009 23:20:10 +0000 Subject: not using action token validation for image download --- views/default/object/image.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'views/default/object') diff --git a/views/default/object/image.php b/views/default/object/image.php index 01beb25f6..dd52f872e 100644 --- a/views/default/object/image.php +++ b/views/default/object/image.php @@ -149,10 +149,8 @@ // this code controls whether the photo is a hyperlink or not and what it links to $image_link = false; if (get_plugin_setting('download_link', 'tidypics') != "disabled") { - // admin allows downloads so default to download link - $ts = time(); - $token = generate_action_token($ts); - $image_link = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&view=inline&__elgg_token={$token}&__elgg_ts={$ts}"; + // admin allows downloads so default to inline download link + $image_link = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&view=inline"; } // does any plugin want to override the link $image_link = trigger_plugin_hook('tp_image_link', 'image', $image, $image_link); -- cgit v1.2.3