Alternate fix for video generation under csrf. Now we just turn off output buffering (discarding contents before sending the avi

pull/2115/head
Isaac Connor 2018-06-06 11:55:51 -04:00
parent 2aac2e1e05
commit 3109536dda
2 changed files with 3 additions and 1 deletions

View File

@ -200,7 +200,7 @@ isset($view) || $view = NULL;
isset($request) || $request = NULL;
isset($action) || $action = NULL;
if ( ZM_ENABLE_CSRF_MAGIC && $action != 'login' && $view != 'view_video' && $view != 'video' && $request != 'control' && $view != 'frames' && $view != 'archive' ) {
if ( ZM_ENABLE_CSRF_MAGIC && $action != 'login' && $view != 'view_video' && $request != 'control' && $view != 'frames' && $view != 'archive' ) {
require_once( 'includes/csrf/csrf-magic.php' );
#Logger::Debug("Calling csrf_check with the following values: \$request = \"$request\", \$view = \"$view\", \$action = \"$action\"");
csrf_check();

View File

@ -82,6 +82,8 @@ if ( isset($_REQUEST['deleteIndex']) ) {
}
if ( isset($_REQUEST['downloadIndex']) ) {
// can't be output buffering, as this file might be large
ob_end_clean();
$downloadIndex = validInt($_REQUEST['downloadIndex']);
header('Pragma: public');
header('Expires: 0');