diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-03-03 23:07:07 +0000 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-03-03 23:07:07 +0000 |
| commit | 328a982546a202140697700b6688da3e32dbb2de (patch) | |
| tree | ec67b92dd04850b1538425b1665eed322439a27f /modules/local_import/controllers/local_import.php | |
| parent | e291e881104df2efc2f37b4e24f3c1f2ec9bec3f (diff) | |
* Validate that the source path is authorized.
* Add site warning message if local_import is installed an there is no
authorized directories
Diffstat (limited to 'modules/local_import/controllers/local_import.php')
| -rw-r--r-- | modules/local_import/controllers/local_import.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/local_import/controllers/local_import.php b/modules/local_import/controllers/local_import.php index d5a1662a..9dcb108b 100644 --- a/modules/local_import/controllers/local_import.php +++ b/modules/local_import/controllers/local_import.php @@ -63,6 +63,12 @@ class Local_Import_Controller extends Controller { } $path = $this->input->post("path"); + + $paths = unserialize(module::get_var("local_import", "authorized_paths")); + if (empty($paths[$path[0]])) { + throw new Exception("@todo BAD_PATH"); + } + batch::operation("add", $parent); $source_path = $path[0]; |