Branch: Tag:

2009-07-07

2009-07-07 11:57:39 by 0

The quest for reduced authentication of admin interface images continues.
This change avoids the authentication_throw() call inside the admin if
itself. It's known that this allows images from other sites to be exposed
through this port but it's no different from knowing URLs stored in the
protocol cache and therefore considered acceptable.

Rev: server/base_server/roxen.pike:1.1038

6:   // Per Hedbor, Henrik Grubbström, Pontus Hagland, David Hedbor and others.   // ABS and suicide systems contributed freely by Francesco Chemolli    - constant cvs_version="$Id: roxen.pike,v 1.1037 2009/06/29 13:30:03 mast Exp $"; + constant cvs_version="$Id: roxen.pike,v 1.1038 2009/07/07 11:57:39 jonasw Exp $";      //! @appears roxen   //!
4031:   #else    a->format = "png";   #endif -  if( id->misc->authenticated_user && +  if( get_admin_configuration() != id->conf && +  id->misc->authenticated_user &&    !id->misc->authenticated_user->is_transient )    // This entry is not actually used, it's only there to    // generate a unique key.