kalipso/racalmas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aadf3fd06ec00ad197f39b44152b39bab25153cb
racalmas/website/agenda/planung/showImage.cgi

147 lines
3.3 KiB
Perl
Raw Blame History

#! /usr/bin/perl -w
use warnings "all";
use strict;
use Data::Dumper;
use params;
use config;
use log;
use template;
use auth;
use uac;
#use roles;
#use project;
#use studios;
#use events;
#use series;
use images;
#use series_schedule;
#use series_events;
#use series_dates;
#use markup;
#use URI::Escape;
#use Encode;
use localization;
binmode STDOUT, ":utf8";
my $r = shift;
( my $cgi, my $params, my $error ) = params::get($r);
my $config = config::get('../config/config.cgi');
my $debug = $config->{system}->{debug};
my ( $user, $expires ) = auth::get_user( $cgi, $config );
return if ( ( !defined $user ) || ( $user eq '' ) );
my $user_presets = uac::get_user_presets(
$config,
{
project_id => $params->{project_id},
studio_id => $params->{studio_id},
user => $user
}
);
$params->{default_studio_id} = $user_presets->{studio_id};
$params->{studio_id} = $params->{default_studio_id}
if ( ( !( defined $params->{action} ) ) || ( $params->{action} eq '' ) || ( $params->{action} eq 'login' ) );
$params->{project_id} = $user_presets->{project_id}
if ( ( !( defined $params->{action} ) ) || ( $params->{action} eq '' ) || ( $params->{action} eq 'login' ) );
my $request = {
url => $ENV{QUERY_STRING} || '',
params => {
original => $params,
checked => check_params($params),
},
};
$request = uac::prepare_request( $request, $user_presets );
log::init($request);
$params = $request->{params}->{checked};
#process header
return unless uac::check( $config, $params, $user_presets ) == 1;
showImage( $config, $request );
#TODO: filter by published, draft
sub showImage {
my $config = shift;
my $request = shift;
my $params = $request->{params}->{checked};
my $permissions = $request->{permissions};
unless ( $permissions->{read_event} == 1 ) {
uac::permissions_denied('read_image');
return;
}
unless (defined $params->{filename}){
uac::permissions_denied('missing filename');
return;
}
my $filename = images::getInternalPath($config, $params);
unless (-e $filename){
uac::permissions_denied("read $filename");
return;
}
my $image=images::readFile($filename);
if (defined $image->{error}){
uac::permissions_denied("read $filename, $image->{error}");
return;
}
binmode STDOUT;
print "Content-type:image/jpeg; charset=UTF-8;\n\n";
print $image->{content};
return;
}
sub check_params {
my $params = shift;
my $checked = {};
my $debug = $params->{debug} || '';
if ( $debug =~ /([a-z\_\,]+)/ ) {
$debug = $1;
}
$checked->{debug} = $debug;
#numeric values
for my $param ( 'filename') {
if ( ( defined $params->{$param} ) && ( $params->{$param} =~ /^[A-Za-z\_\-\.\d\/]+$/ ) ) {
$checked->{$param} = $params->{$param};
$checked->{$param} =~s/^.*\///g;
}
}
$checked->{type}='thumbs';
for my $param ( 'type') {
if ( ( defined $params->{$param} ) && ( $params->{$param} =~ /^(thumbs|images|icons)$/ ) ) {
$checked->{$param} = $params->{$param};
}
}
#numeric values
for my $param ( 'project_id', 'studio_id', 'series_id', 'event_id') {
if ( ( defined $params->{$param} ) && ( $params->{$param} =~ /^[\-\d]+$/ ) ) {
$checked->{$param} = $params->{$param};
}
}
if ( defined $checked->{studio_id} ) {
$checked->{default_studio_id} = $checked->{studio_id};
} else {
$checked->{studio_id} = -1;
}
return $checked;
}
Reference in New Issue View Git Blame Copy Permalink