X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=scripts%2Fimage.ml;h=cad2ceb713c9a04f56d20b1c516364f1e17f9446;hb=fffce48503e09a21f9c5846a0fc378e6180e50f3;hp=b6a1f4d58fbb96d3fc27cd1e14627ddebbcbae1f;hpb=714e5e5b4b585da1eca55274e3903ee9a1dbf0d6;p=cocanwiki.git diff --git a/scripts/image.ml b/scripts/image.ml index b6a1f4d..cad2ceb 100644 --- a/scripts/image.ml +++ b/scripts/image.ml @@ -1,7 +1,22 @@ -(* COCANWIKI scripts. +(* COCANWIKI - a wiki written in Objective CAML. * Written by Richard W.M. Jones . * Copyright (C) 2004 Merjis Ltd. - * $Id: image.ml,v 1.2 2004/09/07 13:40:10 rich Exp $ + * $Id: image.ml,v 1.13 2004/11/01 16:24:32 rich Exp $ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file COPYING. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. *) open Apache @@ -9,12 +24,11 @@ open Registry open Cgi open Printf -open Merjisforwiki +open ExtString open Cocanwiki -open Cocanwiki -let run r (q : cgi) (dbh : Dbi.connection) (hostid, _, _) _ = +let run r (q : cgi) (dbh : Dbi.connection) hostid {hostname = hostname} _ = let image = q#param "image" in let is_thumbnail = q#param_true "thumbnail" in let version = @@ -22,8 +36,8 @@ let run r (q : cgi) (dbh : Dbi.connection) (hostid, _, _) _ = (* Get the image and its MIME type. *) let what = - if not is_thumbnail then "image, mime_type" - else "thumbnail, tn_mime_type" in + if not is_thumbnail then "image, mime_type, name is null as deleted" + else "thumbnail, tn_mime_type, name is null as deleted" in let where, args = match version with None -> "hostid = ? and name = ?", [`Int hostid; `String image] @@ -35,18 +49,38 @@ let run r (q : cgi) (dbh : Dbi.connection) (hostid, _, _) _ = ("select " ^ what ^ " from images where " ^ where) in sth#execute args; - let data, mime_type = - match sth#fetch1 () with - [ `Binary data; `String mime_type ] -> - data, mime_type - | _ -> assert false in + let data, mime_type, deleted = + try + (match sth#fetch1 () with + [ `Binary data; `String mime_type; `Bool deleted ] -> + data, mime_type, deleted + | _ -> assert false) + with + Not_found -> raise (HttpError cHTTP_NOT_FOUND) in + + (* If deleted, refuse to serve this image except if shown on the site. *) + if deleted then ( + let referer = + try Table.get (Request.headers_in r) "Referer" with Not_found -> "" in + let ok = + try String.find referer hostname; true + with String.Invalid_string -> false in + + if not ok then ( + prerr_endline "image.ml: bandwidth theft avoided"; + raise (HttpError cHTTP_NOT_FOUND) + ) + ); + + (* Set a medium-length expiry time on this resource. *) + Table.set (Request.headers_out r) "Expires" (Expires.medium ()); - if version <> None then - (* Set a medium-length expiry time on this resource. *) - Table.set (Request.headers_out r) "Expires" (Cgi_expires.expires_medium()); + (* Content-length header. *) + Table.set (Request.headers_out r) "Content-Length" + (string_of_int (String.length data)); q#header ~content_type:mime_type (); - print_string r data + ignore (print_string r data) let () = - register_script run + register_script ~restrict:[CanView] run