* Validate that the source path is authorized.

* Add site warning message if local_import is installed an there is no
  authorized directories

3 files changed, 10 insertions, 1 deletions

diff --git a/modules/local_import/controllers/admin_local_import.php b/modules/local_import/controllers/admin_local_import.php
index 8f0bbe41..79bda906 100644
--- a/modules/local_import/controllers/admin_local_import.php
+++ b/modules/local_import/controllers/admin_local_import.php
@@ -66,7 +66,7 @@ class Admin_Local_Import_Controller extends Admin_Controller {
     $view = new View("local_import_dir_list.html");
     $view->paths = array_keys($paths);
 
-    print $view->render();
+    print $view;
   }
 
   public function autocomplete() {
diff --git a/modules/local_import/controllers/local_import.php b/modules/local_import/controllers/local_import.php
index d5a1662a..9dcb108b 100644
--- a/modules/local_import/controllers/local_import.php
+++ b/modules/local_import/controllers/local_import.php
@@ -63,6 +63,12 @@ class Local_Import_Controller extends Controller {
     }
 
     $path = $this->input->post("path");
+
+    $paths = unserialize(module::get_var("local_import", "authorized_paths"));
+    if (empty($paths[$path[0]])) {
+      throw new Exception("@todo BAD_PATH");
+    }
+
     batch::operation("add", $parent);
 
     $source_path = $path[0];
diff --git a/modules/local_import/helpers/local_import_installer.php b/modules/local_import/helpers/local_import_installer.php
index ea9b5d93..df183a11 100644
--- a/modules/local_import/helpers/local_import_installer.php
+++ b/modules/local_import/helpers/local_import_installer.php
@@ -28,6 +28,9 @@ class local_import_installer {
 
       module::set_version("local_import", 1);
       module::set_var("local_import", "authorized_paths", serialize(array()));
+      message::warning(
+        t("You have no upload directories, click <a href='%url'>here</a> to configure one",
+          array("url" => url::site("/admin/local_import"))));
     }
   }