diff --git a/modules/image/image.admin.inc b/modules/image/image.admin.inc
index cebe8940d3..dbeeaabf2a 100644
--- a/modules/image/image.admin.inc
+++ b/modules/image/image.admin.inc
@@ -821,11 +821,12 @@ function theme_image_style_preview($variables) {
$output .= ''; // End preview-image-wrapper.
// Build the preview of the image style.
- $preview_url = file_create_url($preview_file) . '?cache_bypass=' . REQUEST_TIME;
+ $token = IMAGE_DERIVATIVE_TOKEN . '=' . image_style_path_token($style['name'], file_default_scheme() . '://' . $sample_image);
+ $preview_url = file_create_url($preview_file) . '?cache_bypass=' . REQUEST_TIME . '&' . $token;
$output .= '
';
- $output .= check_plain($style['label']) . ' (' . l(t('view actual size'), file_create_url($preview_file) . '?' . time()) . ')';
+ $output .= check_plain($style['label']) . ' (' . l(t('view actual size'), file_create_url($preview_file) . '?' . time() . '&' . $token) . ')';
$output .= '
'; // End preview-image.
diff --git a/modules/image/image.module b/modules/image/image.module
index dab88361a2..3700ac43cb 100644
--- a/modules/image/image.module
+++ b/modules/image/image.module
@@ -290,9 +290,12 @@ function image_file_download($uri) {
// Remove the scheme from the path.
array_shift($args);
+ // The remaining path for checks later on.
+ $remaining_path = implode('/', $args);
// Then the remaining parts are the path to the image.
- $original_uri = file_uri_scheme($uri) . '://' . implode('/', $args);
-
+ $original_uri = file_uri_scheme($uri) . '://' . $remaining_path;
+ // Grab the path to the sample image.
+ $sample_image = variable_get('image_style_preview_image', drupal_get_path('module', 'image') . '/sample.png');
// Check that the file exists and is an image.
if ($info = image_get_info($uri)) {
// Check the permissions of the original to grant access to this image.
@@ -308,6 +311,19 @@ function image_file_download($uri) {
// browser caching of private images.
);
}
+ // It's unlikely that a module would deny access to the sample image, but
+ // check the headers just in case. If no modules deny access, then grant
+ // access to the sample image by default.
+ elseif (empty($headers) && $remaining_path == $sample_image) {
+ return array(
+ // Send headers describing the image's size, and MIME-type...
+ 'Content-Type' => $info['mime_type'],
+ 'Content-Length' => $info['file_size'],
+ // By not explicitly setting them here, this uses normal Drupal
+ // Expires, Cache-Control and ETag headers to prevent proxy or
+ // browser caching of private images.
+ );
+ }
}
return -1;
}