X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=scripts%2Fimage.ml;h=cad2ceb713c9a04f56d20b1c516364f1e17f9446;hb=fffce48503e09a21f9c5846a0fc378e6180e50f3;hp=87ed9de1f3bf0658c889bcef5669f1d9227e5b62;hpb=18b15913dddbf94105c7d4e90b7b0746d2e30e2b;p=cocanwiki.git

diff --git a/scripts/image.ml b/scripts/image.ml
index 87ed9de..cad2ceb 100644
--- a/scripts/image.ml
+++ b/scripts/image.ml
@@ -1,7 +1,7 @@
 (* COCANWIKI - a wiki written in Objective CAML.
  * Written by Richard W.M. Jones <rich@merjis.com>.
  * Copyright (C) 2004 Merjis Ltd.
- * $Id: image.ml,v 1.8 2004/10/15 16:03:01 rich Exp $
+ * $Id: image.ml,v 1.13 2004/11/01 16:24:32 rich Exp $
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,7 +28,7 @@ open ExtString
 
 open Cocanwiki
 
-let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
+let run r (q : cgi) (dbh : Dbi.connection) hostid {hostname = hostname} _ =
   let image = q#param "image" in
   let is_thumbnail = q#param_true "thumbnail" in
   let version =
@@ -50,35 +50,37 @@ let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
   sth#execute args;
 
   let data, mime_type, deleted =
-    match sth#fetch1 () with
-	[ `Binary data; `String mime_type; `Bool deleted ] ->
-	  data, mime_type, deleted
-      | _ -> assert false in
+    try
+      (match sth#fetch1 () with
+	   [ `Binary data; `String mime_type; `Bool deleted ] ->
+	     data, mime_type, deleted
+	 | _ -> assert false)
+    with
+	Not_found -> raise (HttpError cHTTP_NOT_FOUND) in
 
-  (* If deleted, refuse to serve this image except if called from the
-   * deleted images page.
-   *)
+  (* If deleted, refuse to serve this image except if shown on the site. *)
   if deleted then (
     let referer =
       try Table.get (Request.headers_in r) "Referer" with Not_found -> "" in
     let ok =
-      try String.find referer "/_images?deleted"; true
+      try String.find referer hostname; true
       with String.Invalid_string -> false in
 
-    if not ok then
-      failwith "image.ml: bandwidth theft avoided"
+    if not ok then (
+      prerr_endline "image.ml: bandwidth theft avoided";
+      raise (HttpError cHTTP_NOT_FOUND)
+    )
   );
 
-  if version <> None then
-    (* Set a medium-length expiry time on this resource. *)
-    Table.set (Request.headers_out r) "Expires" (Expires.medium ());
+  (* Set a medium-length expiry time on this resource. *)
+  Table.set (Request.headers_out r) "Expires" (Expires.medium ());
 
   (* Content-length header. *)
   Table.set (Request.headers_out r) "Content-Length"
     (string_of_int (String.length data));
 
   q#header ~content_type:mime_type ();
-  print_string r data
+  ignore (print_string r data)
 
 let () =
   register_script ~restrict:[CanView] run