From 5e7db1e21093dbb999f1d1cee487a791af3650eb Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Mon, 6 May 2013 01:06:16 +0100
Subject: [PATCH] ensure security token is included in media url when resize
 parameter is passed in string form, e.g. 'w=80'

---
 inc/common.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/inc/common.php b/inc/common.php
index 110350951..4d939ac77 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -447,6 +447,14 @@ function ml($id = '', $more = '', $direct = true, $sep = '&amp;', $abs = false)
         if(isset($more['id']) && $direct) unset($more['id']);
         $more = buildURLparams($more, $sep);
     } else {
+        $matches = array();
+        if (preg_match_all('/\b(w|h)=(\d*)\b/',$more,$matches,PREG_SET_ORDER)){
+            $resize = array('w'=>0, 'h'=>0);
+            foreach ($matches as $match){
+                $resize[$match[1]] = $match[2];
+            }
+            $more .= $sep.'tok='.media_get_token($id,$resize['w'],$resize['h']);
+        }
         $more = str_replace('cache=cache', '', $more); //skip default
         $more = str_replace(',,', ',', $more);
         $more = str_replace(',', $sep, $more);
-- 
GitLab