diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-12-14 21:18:40 -0800 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-12-14 21:19:25 -0800 |
| commit | 79740a2c77ad5c9b048e094cc164fd0129aba16a (patch) | |
| tree | fc24b2fb2dcdb4a350a180c5efb857816b89e5dc /modules/gallery | |
| parent | d6866544142506b1ad26d72bc46f8746f7365d7b (diff) | |
Move photo/movie file extension validation into the model. Fixes #1524.
Diffstat (limited to 'modules/gallery')
| -rw-r--r-- | modules/gallery/models/item.php | 9 | ||||
| -rw-r--r-- | modules/gallery/tests/Item_Model_Test.php | 23 |
2 files changed, 31 insertions, 1 deletions
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 9016a04a..a4d24b8f 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -848,10 +848,17 @@ class Item_Model_Core extends ORM_MPTT { } } else { // New items must have an extension - if (!pathinfo($this->name, PATHINFO_EXTENSION)) { + $ext = pathinfo($this->name, PATHINFO_EXTENSION); + if (!$ext) { $v->add_error("name", "illegal_data_file_extension"); return; } + + if ($this->is_movie() && !preg_match("/^(flv|mp4|m4v)$/i", $ext)) { + $v->add_error("name", "illegal_data_file_extension"); + } else if ($this->is_photo() && !preg_match("/^(gif|jpg|jpeg|png)$/i", $ext)) { + $v->add_error("name", "illegal_data_file_extension"); + } } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 264a2128..1e6d54d0 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -431,4 +431,27 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { preg_match("|http://./var/thumbs/name_\d+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); } + + public function legal_extension_test() { + foreach (array("test.gif", "test.GIF", "test.Gif", "test.jpeg", "test.JPG") as $name) { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + } + } + + public function illegal_extension_test() { + foreach (array("test.php", "test.PHP", "test.php5", "test.php4", "test.pl") as $name) { + try { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_equal(array("name" => "illegal_data_file_extension"), + $e->validation->errors()); + continue; + } + $this->assert_true(false, "Shouldn't get here"); + } + } } |