Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
afeed9ed
Commit
afeed9ed
authored
Jan 29, 2013
by
Angie Byron
Browse files
Issue
#1890754
by Heine, pwolanin, tim.plunkett, Berdir: Fixed Private Images visible by url.
parent
79941b52
Changes
2
Hide whitespace changes
Inline
Side-by-side
core/modules/image/image.module
View file @
afeed9ed
...
...
@@ -301,7 +301,8 @@ function image_file_download($uri) {
if
(
$info
=
image_get_info
(
$uri
))
{
// Check the permissions of the original to grant access to this image.
$headers
=
module_invoke_all
(
'file_download'
,
$original_uri
);
if
(
!
in_array
(
-
1
,
$headers
))
{
// Confirm there's at least one module granting access and none denying access.
if
(
!
empty
(
$headers
)
&&
!
in_array
(
-
1
,
$headers
))
{
return
array
(
// Send headers describing the image's size, and MIME-type...
'Content-Type'
=>
$info
[
'mime_type'
],
...
...
core/modules/image/lib/Drupal/image/Tests/ImageStylesPathAndUrlTest.php
View file @
afeed9ed
...
...
@@ -136,6 +136,12 @@ function _testImageStyleUrlAndPath($scheme, $clean_url = TRUE) {
$this
->
drupalGet
(
$generate_url
);
$this
->
assertResponse
(
200
,
'Image was generated at the URL.'
);
// Make sure that access is denied for existing style files if we do not
// have access.
state
()
->
delete
(
'image.test_file_download'
);
$this
->
drupalGet
(
$generate_url
);
$this
->
assertResponse
(
403
,
'Confirmed that access is denied for the private image style.'
);
// Repeat this with a different file that we do not have access to and
// make sure that access is denied.
$file_noaccess
=
array_shift
(
$files
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment