Easy access to originals of watermarked images
abravorus
Joined: 2007-03-16
Posts: 10 |
![]() |
Is it a known issue that in gallery2 any watermarked image could be easily opened (downloaded) by ordinary user? I can describe how to do it but I guess that gallery2 developers and experienced users know about that. From my point of view, this is a bug, because people use watermarking module to avoid any access to the original, non-watermarked images. Or may be I missed something in gallery configuration? Would be very interesting to hear about possible solutions. ---------- Watermark module = 1.1.7 |
|
nivekiam
![]()
Joined: 2002-12-10
Posts: 16504 |
![]() |
You're not describing your setup very well. Just how are these people accessing the full-sized original that's not watermarked? I think you have something mis-configured or don't understand exactly how Gallery works. g2data should NOT be web accessible Are you watermarking the full-size image? |
|
abravorus
Joined: 2007-03-16
Posts: 10 |
![]() |
nivekiam wrote:
You're not describing your setup very well. Just how are these people accessing the full-sized original that's not watermarked? I think you have something mis-configured or don't understand exactly how Gallery works. Probably I described my question not very well, sorry. I upload to the gallery and watermark already resized images. And this is not g2data web access issue, as I understand. It's easier for me just to show the steps. Assume that by default all uploaded images are watermarked. You go to any image page like your.gallery.domain/gallery2/main.php?g2_itemId=xxxxx . Remember xxxxx. Than get image URL usually by right click and open this URL, it will be something like your.gallery.domain/gallery2/main.php?g2_view=core.DownloadItem&g2_itemId=yyyyy&g2_serialNumber=z . You will see you watermarked image, that's ok. Now replace yyyyy with xxxxx and reload page. What's wrong? |
|
nivekiam
![]()
Joined: 2002-12-10
Posts: 16504 |
![]() |
Not a bug, the watermark module does not touch the original, full-size image. Users shouldn't have access to the full-size image. If they didn't have access to the full-size image, they would get a security violation message if they tried that. If you want them to have access to the full-size image, yet still have it watermarked then you need to do this. Create another resized image that's the same size as the full-size image (yes this will take up more space on your server) Remove "view original" permission for your users Now they have access to the "full-size" image and it's always going to be watermarked because in Gallery's eyes it's a derivative and not the original, so the watermark module will modify that file and there is no way for them to access the un-watermarked, full-size original file. ____________________________________________ |
|
abravorus
Joined: 2007-03-16
Posts: 10 |
![]() |
Yes, I know that gallery2 shows to users derivatives, not originals. Probably I understood your idea not completely, but for the moment it doesn't work for me. I tried for one particular album. The full-sized images there have 800 pixels by longer side. I understand that probably I'm doing something wrong. Many thanks for your advices. |
|
nivekiam
![]()
Joined: 2002-12-10
Posts: 16504 |
![]() |
nivekiam
![]()
Joined: 2002-12-10
Posts: 16504 |
![]() |
On the link to the album you sent me remove the View Original Version(s) permission [img]http://gallery.menalto.com/files/remove_View_original_version_01.gif[/img] . [img]http://gallery.menalto.com/files/remove_View_original_version_02.gif[/img] ____________________________________________ |
|
abravorus
Joined: 2007-03-16
Posts: 10 |
![]() |
Done. On the screenshot the translation is in red. [img]http://gallery.menalto.com/files/g2_no_orig.gif[/img] And now, as you can see, for unregistered users the images in this album are shown only in thumbnail size, 200 px in my case. |
|
nivekiam
![]()
Joined: 2002-12-10
Posts: 16504 |
![]() |
Ah, I get it now. I bet everything is working. The problem is the Carbon theme. It appears to only display the first resized version. So you can't have multiple resized versions with the Carbon theme, at least as far as I can tell. If this isn't the behavior you want, you're probably going to have to hack around in the watermark module for it to modify the orginal images. Remember, if you do that, you won't be able to ever remove the watermark. Or watermark your images prior to uploading... or use a different theme, or modify Carbon to look at resized versions. |
|
abravorus
Joined: 2007-03-16
Posts: 10 |
![]() |
Ok, thanks, I understood. The Carbon theme has a problem with showing multiple resized versions. I will return to "view all sizes" permissions for that album. I understand that all images could be watermarked before uploading to gallery. This is an option for me. But the question remains for me with showing non-watermarked images via main.php?g2_view=core.DownloadItem&g2_itemId= with g2_itemId from image page. I still think that in g2_view=core.DownloadItem mode there is no permission check at all and it doesn't depend from theme used. |
|
nivekiam
![]()
Joined: 2002-12-10
Posts: 16504 |
![]() |
But there is a permission check. Gallery believes that the "View original version(s)" is that non-watermarked original. Which it is since the watermark plugin doesn't touch the original image. It creates another derivative that is passed as the full size image when the full size image is requested. However, if you request the original derivative directly, that's what you're going to get if you have permission to it. I believe you're only options are (in order of difficulty) 1) Make the only resized image a 800x800 image, no other resized images should exist except for the thumbnail. Then modify the Carbon theme so the "full-size in new window" link actually just opens that current image in a new window. Then you can disallow people access to the full size image using Gallery's permissions. That change should be pretty easy and really only take a few minutes, though I'd have to look at the code for the Carbon theme. 2) Modify the watermark module to destroy the original image, replacing it with a watermarked version 3) Modify the watermark module in how it ties into Gallery for those image requests. Don't know if this is possible. 4) Modify the core code of Gallery to do what you want. You could also request a feature change, but it's likely to never happen since development on G2 has stopped and the devs are working on G3. |
|
abravorus
Joined: 2007-03-16
Posts: 10 |
![]() |
Thanks. I agree with options you suggested. I will try this weekend to look to the Carbon theme code, first option looks for me as most correct. If you will find the peace of code to change, please let me know. |
|
nivekiam
![]()
Joined: 2002-12-10
Posts: 16504 |
![]() |
Taking a quick look. It appears you'll need to edit /themes/carbon/templates/navigator.tpl http://codex.gallery2.org/Gallery2:Editing_Templates |
|
abravorus
Joined: 2007-03-16
Posts: 10 |
![]() |
I will look there, many thanks. Will post the results if any. |
|
photomanNZ
Joined: 2005-07-27
Posts: 32 |
![]() |
I understand what he is asking.....is it possible that the g2data folder is not secure outside of his G2 directory? If it is inside of the G2 directory, then the original images would be accessible. Jim Helsel |
|
alecmyers
Joined: 2006-08-01
Posts: 4342 |
![]() |
IMO there is an issue that the developers missed (or didn't consider significant) - I posted a patch for it here. |
|
abravorus
Joined: 2007-03-16
Posts: 10 |
![]() |
This is exactly the problem I was writing about. Many thanks to alecmyers for the patch posted. It works perfectly. The only thing is the path to DownloadItem.inc . At least for my G2 installation it's "modules/core" and not "modules/core/classes" as written in the patch description. |
|
floridave
![]()
Joined: 2003-12-22
Posts: 27300 |
![]() |
If I recall it had something to do with print services. The original still had to be available and the workaround as you describe as well as the codex page for the watermark module, suggests you make a re-size of 100%. Dave _____________________________________________ |
|
alecmyers
Joined: 2006-08-01
Posts: 4342 |
![]() |
Yes - my patch will break things if you're using a print service with the 'cart' module (well, it won't actually break, you'll just get prints with the watermark on them). It could be adapted to work though. |
|