diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-23 22:36:23 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-23 22:36:23 +0000 |
| commit | d3423e0e37a6608edb82a7f6b6aa69d55aafec7d (patch) | |
| tree | 0821f326d8cccdca64d4e24ce1f7640eee91db5c | |
| parent | cbdb592407c339d8158fb96e0253c1b34e011dc5 (diff) | |
| download | ampache-d3423e0e37a6608edb82a7f6b6aa69d55aafec7d.tar.gz ampache-d3423e0e37a6608edb82a7f6b6aa69d55aafec7d.tar.bz2 ampache-d3423e0e37a6608edb82a7f6b6aa69d55aafec7d.zip | |
fixed an album art issue created with the new auth code
| -rw-r--r-- | albums.php | 9 | ||||
| -rw-r--r-- | image.php | 7 | ||||
| -rw-r--r-- | templates/show_get_albumart.inc.php | 7 |
3 files changed, 11 insertions, 12 deletions
@@ -60,7 +60,7 @@ switch ($_REQUEST['action']) { case 'find_art': // If not a user then kick em out - if (!$GLOBALS['user']->has_access('25')) { access_denied(); exit; } + if (!Access::check('interface','25')) { access_denied(); exit; } // get the Album information $album = new Album($_REQUEST['album_id']); @@ -170,13 +170,6 @@ switch ($_REQUEST['action']) { show_box_bottom(); break; // Browse by Album -} // end switch on action - - -/** - * switch on view - */ -switch ($_REQUEST['action']) { default: case 'show': $album = new Album($_REQUEST['album']); @@ -65,13 +65,18 @@ switch ($_REQUEST['type']) { break; // If we need to pull the data out of the session case 'session': + vauth::check_session(); $key = scrub_in($_REQUEST['image_index']); $image = get_image_from_source($_SESSION['form']['images'][$key]); - $mime = $_SESSION['form']['images'][$key]['mime']; $data = explode("/",$mime); $extension = $data['1']; + // Send the headers and output the image + header("Expires: Sun, 19 Nov 1978 05:00:00 GMT"); + header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); + header("Cache-Control: no-store, no-cache, must-revalidate"); + header("Pragma: no-cache"); header("Content-type: $mime"); header("Content-Disposition: filename=" . $key . "." . $extension); echo $image; diff --git a/templates/show_get_albumart.inc.php b/templates/show_get_albumart.inc.php index df863e50..bf831436 100644 --- a/templates/show_get_albumart.inc.php +++ b/templates/show_get_albumart.inc.php @@ -21,14 +21,15 @@ */ ?> <?php show_box_top(_('Customize Search')); ?> -<form enctype="multipart/form-data" name="coverart" method="post" action="<?php echo Config::get('web_path'); ?>/albums.php?action=find_art&album_id=<?php echo $album->id; ?>&artist_name=<?php echo $_REQUEST['artist_name'];?>&album_name=<?php echo $_REQUEST['album_name']; ?>&cover=<?php echo scrub_out($_REQUEST['cover']); ?>" style="Display:inline;"> +<?php print_r($_GET); ?> +<form enctype="multipart/form-data" name="coverart" method="post" action="<?php echo Config::get('web_path'); ?>/albums.php?action=find_art&album_id=<?php echo $album->id; ?>&artist_name=<?php echo urlencode($_REQUEST['artist_name']);?>&album_name=<?php echo urlencode($_REQUEST['album_name']); ?>&cover=<?php echo urlencode($_REQUEST['cover']); ?>" style="Display:inline;"> <table> <tr> <td> <?php echo _('Artist'); ?> </td> <td> - <input type="text" size="20" id="artist_name" name="artist_name" value="<?php echo scrub_out($artistname); ?>" /> + <input type="text" size="20" id="artist_name" name="artist_name" value="<?php echo scrub_out(unhtmlentities($artistname)); ?>" /> </td> </tr> <tr> @@ -36,7 +37,7 @@ <?php echo _('Album'); ?> </td> <td> - <input type="text" size="20" id="album_name" name="album_name" value="<?php echo scrub_out($albumname); ?>" /> + <input type="text" size="20" id="album_name" name="album_name" value="<?php echo scrub_out(unhtmlentities($albumname)); ?>" /> </td> </tr> <tr> |