Merge pull request #218 from splitbrain/FS#2767

FS#2767, fix for missing security token

Merge pull request #218 from splitbrain/FS#2767
7f67286e · Andreas Gohr · b1720e5c · 5e7db1e2 · 7f67286e · 7f67286e
Commit 7f67286e authored 11 years ago by Andreas Gohr
--- a/_test/tests/inc/common_ml.test.php
+++ b/_test/tests/inc/common_ml.test.php
+<?php
+
+class common_wl_test extends DokuWikiTest {
+
+    private $script = 'lib/exe/fetch.php';
+
+    function test_ml_empty() {
+        global $conf;
+        $conf['useslash'] = 0;
+        $conf['userewrite'] = 0;
+        $conf['start'] = 'start';
+
+        $this->assertEquals(DOKU_BASE . $this->script . '?media=' , ml());
+    }
+
+    function test_ml_args_array() {
+        global $conf;
+        $conf['useslash'] = 0;
+        $conf['userewrite'] = 0;
+
+        $args = array('a' => 'b', 'c' => 'd', 'q' => '&ä');
+
+        $expect = DOKU_BASE . $this->script . '?a=b&amp;c=d&amp;q=%26%C3%A4&amp;media=some:';
+        $this->assertEquals($expect, ml('some:', $args));
+    }
+
+    function test_ml_args_string() {
+        global $conf;
+        $conf['useslash'] = 0;
+        $conf['userewrite'] = 0;
+
+        $args = 'a=b&c=d';
+
+        $expect = DOKU_BASE . $this->script . '?a=b&c=d&amp;media=some:';
+        $this->assertEquals($expect, ml('some:', $args));
+    }
+
+    function test_ml_args_comma_string() {
+        global $conf;
+        $conf['useslash'] = 0;
+        $conf['userewrite'] = 0;
+
+        $args = 'a=b,c=d';
+
+        $expect = DOKU_BASE . $this->script . '?a=b&amp;c=d&amp;media=some:';
+        $this->assertEquals($expect, ml('some:', $args));
+    }
+
+
+    function test_ml_imgresize_array() {
+        global $conf;
+        $conf['useslash'] = 0;
+        $conf['userewrite'] = 0;
+
+        $id = 'some:';
+        $w = 80;
+        $args = array('w' => $w);
+        $tok = media_get_token($id,$w,0);
+
+        $expect = DOKU_BASE . $this->script . '?w='.$w.'&amp;tok='.$tok.'&amp;media='.$id;
+        $this->assertEquals($expect, ml($id, $args));
+    }
+
+    function test_ml_imgresize_string() {
+        global $conf;
+        $conf['useslash'] = 0;
+        $conf['userewrite'] = 0;
+
+        $id = 'some:';
+        $w = 80;
+        $args = 'w='.$w;
+        $tok = media_get_token($id,$w,0);
+
+        $expect = DOKU_BASE . $this->script . '?w='.$w.'&amp;tok='.$tok.'&amp;media='.$id;
+        $this->assertEquals($expect, ml($id, $args));
+    }
+}
\ No newline at end of file
--- a/inc/common.php
+++ b/inc/common.php
@@ -447,6 +447,14 @@ function ml($id = '', $more = '', $direct = true, $sep = '&amp;', $abs = false)
        if(isset($more['id']) && $direct) unset($more['id']);
        $more = buildURLparams($more, $sep);
    } else {
+        $matches = array();
+        if (preg_match_all('/\b(w|h)=(\d*)\b/',$more,$matches,PREG_SET_ORDER)){
+            $resize = array('w'=>0, 'h'=>0);
+            foreach ($matches as $match){
+                $resize[$match[1]] = $match[2];
+            }
+            $more .= $sep.'tok='.media_get_token($id,$resize['w'],$resize['h']);
+        }
        $more = str_replace('cache=cache', '', $more); //skip default
        $more = str_replace(',,', ',', $more);
        $more = str_replace(',', $sep, $more);