* Validate that the source path is authorized.

* Add site warning message if local_import is installed an there is no
  authorized directories

2 files changed, 7 insertions, 1 deletions

diff --git a/modules/local_import/controllers/admin_local_import.php b/modules/local_import/controllers/admin_local_import.php
index 8f0bbe41..79bda906 100644
--- a/modules/local_import/controllers/admin_local_import.php
+++ b/modules/local_import/controllers/admin_local_import.php
@@ -66,7 +66,7 @@ class Admin_Local_Import_Controller extends Admin_Controller {
     $view = new View("local_import_dir_list.html");
     $view->paths = array_keys($paths);
 
-    print $view->render();
+    print $view;
   }
 
   public function autocomplete() {
diff --git a/modules/local_import/controllers/local_import.php b/modules/local_import/controllers/local_import.php
index d5a1662a..9dcb108b 100644
--- a/modules/local_import/controllers/local_import.php
+++ b/modules/local_import/controllers/local_import.php
@@ -63,6 +63,12 @@ class Local_Import_Controller extends Controller {
     }
 
     $path = $this->input->post("path");
+
+    $paths = unserialize(module::get_var("local_import", "authorized_paths"));
+    if (empty($paths[$path[0]])) {
+      throw new Exception("@todo BAD_PATH");
+    }
+
     batch::operation("add", $parent);
 
     $source_path = $path[0];