From 39060653573bf4dd51e891aecdb571c78a866675 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Mon, 5 Oct 2009 23:20:10 +0000 Subject: not using action token validation for image download --- views/default/object/image.php | 6 ++---- views/default/tidypics/image_menu.php | 5 +---- views/default/tidypics/tagging.php | 1 + 3 files changed, 4 insertions(+), 8 deletions(-) (limited to 'views') diff --git a/views/default/object/image.php b/views/default/object/image.php index 01beb25f6..dd52f872e 100644 --- a/views/default/object/image.php +++ b/views/default/object/image.php @@ -149,10 +149,8 @@ // this code controls whether the photo is a hyperlink or not and what it links to $image_link = false; if (get_plugin_setting('download_link', 'tidypics') != "disabled") { - // admin allows downloads so default to download link - $ts = time(); - $token = generate_action_token($ts); - $image_link = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&view=inline&__elgg_token={$token}&__elgg_ts={$ts}"; + // admin allows downloads so default to inline download link + $image_link = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&view=inline"; } // does any plugin want to override the link $image_link = trigger_plugin_hook('tp_image_link', 'image', $image, $image_link); diff --git a/views/default/tidypics/image_menu.php b/views/default/tidypics/image_menu.php index cb004395e..299f4b026 100644 --- a/views/default/tidypics/image_menu.php +++ b/views/default/tidypics/image_menu.php @@ -43,10 +43,7 @@ } if (get_plugin_setting('download_link', 'tidypics') != "disabled") { - $ts = time(); - $token = generate_action_token($ts); - - $download_url = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&__elgg_token={$token}&__elgg_ts={$ts}"; + $download_url = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid; ?>
    • +

    -- cgit v1.2.3