function getProgressBar ($percentage = 0, $theme = '')
{
$done = ((int) ($percentage * 100));
- $ret = "<img width=100 height=10 border=0 title='${done}%' src='?module=image&img=progressbar&done=${done}";
+ $ret = "<img width=100 height=10 border=0 title='${done}%' src='?module=progressbar&done=${done}";
if ($theme != '')
$ret .= "&theme=${theme}";
$ret .= "'>";
assertPermission();
renderRackThumb (getBypassValue());
break;
- case 'progressbar': // no security context
- assertUIntArg ('done', TRUE);
- // 'progressbar's never change, make browser cache the result
- renderProgressBarImage ($_REQUEST['done']);
- break;
case 'preview': // file security context
$pageno = 'file';
$tabno = 'download';
# built images, and "download" can return a full-fledged "permission
# denied" or "exception" HTML page instead of the file requested.
require_once 'inc/init.php'; // for authentication check
- // 'progressbar's never change, attempt an IMS shortcut before loading init.php
- if (@$_REQUEST['img'] == 'progressbar')
- if (checkCachedResponse (0, CACHE_DURATION))
- exit;
require_once 'inc/solutions.php';
try
{
renderErrorImage();
}
break;
+ case 'progressbar' == $_REQUEST['module']:
+ # Unlike images (and like static content), progress bars are processed
+ # without a permission check, but only for authenticated users.
+ require_once 'inc/init.php';
+ require_once 'inc/solutions.php';
+ genericAssertion ('done', 'uint0');
+ // 'progressbar's never change, make browser cache the result
+ if (checkCachedResponse (0, CACHE_DURATION))
+ break;
+ renderProgressBarImage ($_REQUEST['done']);
+ break;
case 'ajax' == $_REQUEST['module']:
require_once 'inc/ajax-interface.php';
require_once 'inc/init.php';