Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
0ed76f0d
Commit
0ed76f0d
authored
Jun 20, 2013
by
Dries
Browse files
Issue
#1999384
by bojanz, naveenvalecha: Use Symfony Request for image module.
parent
a72d1f1b
Changes
2
Hide whitespace changes
Inline
Side-by-side
core/modules/image/image.admin.inc
View file @
0ed76f0d
...
...
@@ -314,9 +314,10 @@ function image_effect_form($form, &$form_state, $style, $effect) {
$form
[
'data'
][
'#tree'
]
=
TRUE
;
// Check the URL for a weight, then the image effect, otherwise use default.
$weight
=
Drupal
::
request
()
->
query
->
get
(
'weight'
);
$form
[
'weight'
]
=
array
(
'#type'
=>
'hidden'
,
'#value'
=>
isset
(
$
_GET
[
'
weight
'
]
)
?
intval
(
$
_GET
[
'
weight
'
]
)
:
(
isset
(
$effect
[
'weight'
])
?
$effect
[
'weight'
]
:
count
(
$style
->
effects
)),
'#value'
=>
isset
(
$weight
)
?
intval
(
$weight
)
:
(
isset
(
$effect
[
'weight'
])
?
$effect
[
'weight'
]
:
count
(
$style
->
effects
)),
);
$form
[
'actions'
]
=
array
(
'#type'
=>
'actions'
);
...
...
core/modules/image/image.module
View file @
0ed76f0d
...
...
@@ -537,7 +537,8 @@ function image_style_deliver($style, $scheme) {
// denial-of-service attacks.)
$valid
=
!
empty
(
$style
)
&&
file_stream_wrapper_valid_scheme
(
$scheme
);
if
(
!
config
(
'image.settings'
)
->
get
(
'allow_insecure_derivatives'
))
{
$valid
=
$valid
&&
isset
(
$_GET
[
IMAGE_DERIVATIVE_TOKEN
])
&&
$_GET
[
IMAGE_DERIVATIVE_TOKEN
]
===
image_style_path_token
(
$style
->
name
,
$scheme
.
'://'
.
$target
);
$image_derivative_token
=
Drupal
::
request
()
->
query
->
get
(
IMAGE_DERIVATIVE_TOKEN
);
$valid
=
$valid
&&
isset
(
$image_derivative_token
)
&&
$image_derivative_token
===
image_style_path_token
(
$style
->
name
,
$scheme
.
'://'
.
$target
);
}
if
(
!
$valid
)
{
throw
new
AccessDeniedHttpException
();
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment