diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-03-04 20:09:53 +0000 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-03-04 20:09:53 +0000 |
| commit | 705e6d62b7d75120822a559e9cc11f1159db5348 (patch) | |
| tree | 7eda99f51f6ea2eb2498f8cc633a4f7fcb90c9f3 /modules/server_add/controllers | |
| parent | 8575e2b0d13040d51d920e09d85b2d757581da27 (diff) | |
Last of changes required from Bharat's 2nd review pass
Diffstat (limited to 'modules/server_add/controllers')
| -rw-r--r-- | modules/server_add/controllers/admin_server_add.php | 4 | ||||
| -rw-r--r-- | modules/server_add/controllers/server_add.php | 16 |
2 files changed, 15 insertions, 5 deletions
diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index a340f61a..94dd8f74 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -40,13 +40,13 @@ class Admin_Server_Add_Controller extends Admin_Controller { module::set_var("server_add", "authorized_paths", serialize($paths)); $view = new View("server_add_dir_list.html"); $view->paths = array_keys($paths); - $form->add_path->inputs["path"]->value(""); + $form->add_path->inputs->path->value = ""; print json_encode( array("result" => "success", "paths" => $view->__toString(), "form" => $form->__toString())); } else { - $form->add_path->inputs["path"]->error("not_readable"); + $form->add_path->inputs->path->error("not_readable"); print json_encode(array("result" => "error", "form" => $form->__toString())); } } else { diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index e926ade7..592a14e3 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -41,9 +41,16 @@ class Server_Add_Controller extends Controller { } public function children() { + $paths = unserialize(module::get_var("server_add", "authorized_paths")); + + $path_valid = false; $path = $this->input->post("path"); + + if (empty($paths[$path[0]])) { + throw new Exception("@todo BAD_PATH"); + } $path = implode("/", $this->input->post("path")); - if (!is_readable($path)) { + if (!is_readable($path) || is_link($path)) { kohana::show_404(); } @@ -62,7 +69,7 @@ class Server_Add_Controller extends Controller { $parent = ORM::factory("item", $id); access::required("server_add", $parent); - if (!$parent->is_album() && !$parent->loaded ) { + if (!$parent->is_album()) { throw new Exception("@todo BAD_ALBUM"); } @@ -77,6 +84,9 @@ class Server_Add_Controller extends Controller { // The first path corresponds to the source directory so we can just skip it. for ($i = 1; $i < count($path); $i++) { $source_path .= "/$path[$i]"; + if (is_link($source_path) || !is_readable($source_path)) { + kohana::show_404(); + } $pathinfo = pathinfo($source_path); set_time_limit(30); if (is_dir($source_path)) { @@ -107,7 +117,7 @@ class Server_Add_Controller extends Controller { $file_list = array(); $files = new DirectoryIterator($path); foreach ($files as $file) { - if ($file->isDot()) { + if ($file->isDot() || $file->isLink()) { continue; } $filename = $file->getFilename(); |