}
if ($user_id && !$check_only) {
- @session_start();
+
+ if (session_status() != PHP_SESSION_NONE) {
+ session_destroy();
+ session_commit();
+ }
+
+ session_regenerate_id(true);
+ session_start();
$_SESSION["uid"] = $user_id;
$_SESSION["version"] = VERSION_STATIC;
}
function logout_user() {
- session_destroy();
+ @session_destroy();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
+ session_commit();
}
function validate_csrf($csrf_token) {
}
if (!$_SESSION["uid"]) {
- @session_destroy();
- setcookie(session_name(), '', time()-42000, '/');
+ logout_user();
render_login_form();
exit;
$doc->loadHTML($charset_hack . $res);
$xpath = new DOMXPath($doc);
- $entries = $xpath->query('(//img[@src]|//video/source[@src]|//audio/source[@src])');
+ $entries = $xpath->query('(//img[@src]|//video[@poster]|//video/source[@src]|//audio/source[@src])');
$need_saving = false;
foreach ($entries as $entry) {
- if ($entry->hasAttribute('src')) {
+ if ($entry->hasAttribute('src') || $entry->hasAttribute('poster')) {
// should be already absolutized because this is called after sanitize()
- $src = $entry->getAttribute('src');
+ $src = $entry->hasAttribute('poster') ? $entry->getAttribute('poster') : $entry->getAttribute('src');
$cached_filename = CACHE_DIR . '/images/' . sha1($src);
if (file_exists($cached_filename)) {
$src = get_self_url_prefix() . '/public.php?op=cached_url&hash=' . sha1($src) . $suffix;
- $entry->setAttribute('src', $src);
+ if ($entry->hasAttribute('poster'))
+ $entry->setAttribute('poster', $src);
+ else
+ $entry->setAttribute('src', $src);
+
$need_saving = true;
}
}
}
}
}
+ }
+
+ if ($entry->hasAttribute('src') &&
+ ($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || $_SESSION["bw_limit"]) {
+
+ $p = $doc->createElement('p');
- if (($owner && get_pref("STRIP_IMAGES", $owner)) ||
- $force_remove_images || $_SESSION["bw_limit"]) {
+ $a = $doc->createElement('a');
+ $a->setAttribute('href', $entry->getAttribute('src'));
- $p = $doc->createElement('p');
+ $a->appendChild(new DOMText($entry->getAttribute('src')));
+ $a->setAttribute('target', '_blank');
+ $a->setAttribute('rel', 'noopener noreferrer');
- $a = $doc->createElement('a');
- $a->setAttribute('href', $entry->getAttribute('src'));
+ $p->appendChild($a);
- $a->appendChild(new DOMText($entry->getAttribute('src')));
- $a->setAttribute('target', '_blank');
- $a->setAttribute('rel', 'noopener noreferrer');
+ if ($entry->nodeName == 'source') {
- $p->appendChild($a);
+ if ($entry->parentNode && $entry->parentNode->parentNode)
+ $entry->parentNode->parentNode->replaceChild($p, $entry->parentNode);
+
+ } else if ($entry->nodeName == 'img') {
+
+ if ($entry->parentNode)
+ $entry->parentNode->replaceChild($p, $entry);
- $entry->parentNode->replaceChild($p, $entry);
}
}
should be loaded systemwide in config.php */
function send_local_file($filename) {
if (file_exists($filename)) {
+
+ if (is_writable($filename)) touch($filename);
+
$tmppluginhost = new PluginHost();
$tmppluginhost->load(PLUGINS, PluginHost::KIND_SYSTEM);
$stamp = gmdate("D, d M Y H:i:s", filemtime($filename)) . " GMT";
header("Last-Modified: $stamp", true);
- if (defined('_NGINX_XACCEL_PREFIX') && _NGINX_XACCEL_PREFIX) {
- header("X-Accel-Redirect: " . _NGINX_XACCEL_PREFIX . "/" . $filename);
-
- return false;
- } else {
- return readfile($filename);
- }
+ return readfile($filename);
} else {
return false;
}