authorizeForUser($this->getUser(), 'album.view', $album); if (UserConfig::get('hotlink_protection')) { $referrer = $request->headers->get('Referer'); if (!is_null($referrer)) { $hostname = parse_url($referrer, PHP_URL_HOST); if (strtolower($hostname) != strtolower($request->getHttpHost())) { App::abort(403); return null; } } else { App::abort(403); return null; } } $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename); $thumbnail = $request->get('t'); if (is_null($thumbnail)) { Gate::forUser($this->getUser())->authorize('photo.download_original', $photo); } return response()->file($album->getAlbumSource()->getPathToPhoto($photo, $thumbnail)); } public function show(Request $request, $albumUrlAlias, $photoFilename) { $album = DbHelper::loadAlbumByUrlAlias($albumUrlAlias); if (is_null($album)) { App::abort(404); return null; } $this->authorizeForUser($this->getUser(), 'album.view', $album); $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename); $isOriginalAllowed = Gate::forUser($this->getUser())->allows('photo.download_original', $photo); $returnAlbumUrl = $album->url(); $referer = $request->headers->get('Referer'); if (strlen($referer) > 0 && MiscHelper::isSafeUrl($referer)) { $returnAlbumUrl = $referer; } return Theme::render('gallery.photo', [ 'album' => $album, 'is_original_allowed' => $isOriginalAllowed, 'photo' => $photo, 'return_album_url' => $returnAlbumUrl ]); } /** * @param $id * @return Photo */ public static function loadPhotoByAlbumAndFilename(Album $album, $filename) { $photo = Photo::where([ ['album_id', $album->id], ['storage_file_name', $filename] ])->first(); if (is_null($photo)) { App::abort(404); return null; } return $photo; } }