Don't allow albums/photos/movies to end in "." because it risks

securit issues (and so Kohana won't route them, see http://dev.kohanaphp.com/issues/684). Partial fix for ticket #248.
author: Bharat Mediratta <bharat@menalto.com> 2009-05-16 22:20:16 +0000
committer: Bharat Mediratta <bharat@menalto.com> 2009-05-16 22:20:16 +0000
commit: 6ceb10424b4dc1bba6cfc1bd3a17c4428ae9c98c (patch)
tree: 914822911f88037254a5a035591d413ba0b96865 /core/helpers/photo.php
parent: c3917aa250b6b7ee4c5534224cf5f31380679c25 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/core/helpers/photo.php b/core/helpers/photo.php
index 0015bd99..8b0e1eab 100644
--- a/core/helpers/photo.php
+++ b/core/helpers/photo.php
@@ -47,6 +47,12 @@ class photo_Core {
       throw new Exception("@todo NAME_CANNOT_CONTAIN_SLASH");
     }
 
+    // We don't allow trailing periods as a security measure
+    // ref: http://dev.kohanaphp.com/issues/684
+    if (rtrim($name, ".") != $name) {
+      throw new Exception("@todo NAME_CANNOT_END_IN_PERIOD");
+    }
+
     $image_info = getimagesize($filename);
 
     // Force an extension onto the name
author	Bharat Mediratta <bharat@menalto.com>	2009-05-16 22:20:16 +0000
committer	Bharat Mediratta <bharat@menalto.com>	2009-05-16 22:20:16 +0000
commit	6ceb10424b4dc1bba6cfc1bd3a17c4428ae9c98c (patch)
tree	914822911f88037254a5a035591d413ba0b96865 /core/helpers/photo.php
parent	c3917aa250b6b7ee4c5534224cf5f31380679c25 (diff)