From 80673b73ec03d15e4b33ccc375f56581eb38cf44 Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Tue, 26 Jun 2012 19:47:40 +0100
Subject: [PATCH] re-arrange oekaki bits for better permissions

---
 ext/oekaki/main.php | 66 ++++++++++++++++++++++-----------------------
 1 file changed, 33 insertions(+), 33 deletions(-)

diff --git a/ext/oekaki/main.php b/ext/oekaki/main.php
index 02633f99..6d21e65b 100644
--- a/ext/oekaki/main.php
+++ b/ext/oekaki/main.php
@@ -10,10 +10,39 @@ class Oekaki extends Extension {
 		global $user, $page;
 
 		if($event->page_matches("oekaki")) {
-			if($event->get_arg(0) == "create" and $user->can("create_image")){
-				$this->theme->display_page();
-			}else{
-				$this->theme->display_permission_denied();
+			if($user->can("create_image")) {
+				if($event->get_arg(0) == "create") {
+					$this->theme->display_page();
+				}
+				if($event->get_arg(0) == "claim") {
+					// FIXME: move .chi to data/oekaki/$ha/$hash mirroring images and thumbs
+					// FIXME: .chi viewer?
+					// FIXME: clean out old unclaimed images?
+					$pattern = data_path('oekaki_unclaimed/' . $_SERVER['REMOTE_ADDR'] . ".*.png");
+					foreach(glob($pattern) as $tmpname) {
+						assert(file_exists($tmpname));
+
+						$pathinfo = pathinfo($tmpname);
+						if(!array_key_exists('extension', $pathinfo)) {
+							throw new UploadException("File has no extension");
+						}
+						log_info("oekaki", "Processing file [{$pathinfo['filename']}]");
+						$metadata['filename'] = 'oekaki.png';
+						$metadata['extension'] = $pathinfo['extension'];
+						$metadata['tags'] = 'oekaki tagme';
+						$metadata['source'] = null;
+						$event = new DataUploadEvent($user, $tmpname, $metadata);
+						send_event($event);
+						if($event->image_id == -1) {
+							throw new UploadException("File type not recognised");
+						}
+						else {
+							unlink($tmpname);
+							$page->set_mode("redirect");
+							$page->set_redirect(make_link("post/view/".$event->image_id));
+						}
+					}
+				}
 			}
 			if($event->get_arg(0) == "upload") {
 				// FIXME: this allows anyone to upload anything to /data ...
@@ -45,35 +74,6 @@ class Oekaki extends Extension {
 					echo "CHIBIERROR No Data\n";
 				}
 			}
-			if($event->get_arg(0) == "claim") {
-				// FIXME: move .chi to data/oekaki/$ha/$hash mirroring images and thumbs
-				// FIXME: .chi viewer?
-				// FIXME: clean out old unclaimed images?
-				$pattern = data_path('oekaki_unclaimed/' . $_SERVER['REMOTE_ADDR'] . ".*.png");
-				foreach(glob($pattern) as $tmpname) {
-					assert(file_exists($tmpname));
-
-					$pathinfo = pathinfo($tmpname);
-					if(!array_key_exists('extension', $pathinfo)) {
-						throw new UploadException("File has no extension");
-					}
-					log_info("oekaki", "Processing file [{$pathinfo['filename']}]");
-					$metadata['filename'] = 'oekaki.png';
-					$metadata['extension'] = $pathinfo['extension'];
-					$metadata['tags'] = 'oekaki tagme';
-					$metadata['source'] = null;
-					$event = new DataUploadEvent($user, $tmpname, $metadata);
-					send_event($event);
-					if($event->image_id == -1) {
-						throw new UploadException("File type not recognised");
-					}
-					else {
-						unlink($tmpname);
-						$page->set_mode("redirect");
-						$page->set_redirect(make_link("post/view/".$event->image_id));
-					}
-				}
-			}
 		}
 	}