diff options
| author | shadlaws <shad@shadlaws.com> | 2013-02-12 00:37:33 +0100 |
|---|---|---|
| committer | shadlaws <shad@shadlaws.com> | 2013-02-12 00:37:33 +0100 |
| commit | d04a6fc87d96b70ab0f70414f2ff40d1f1e7f482 (patch) | |
| tree | be8544a882e6221fb0b376d2c4dd8201273e4053 /modules/watermark/controllers/admin_watermarks.php | |
| parent | e109f0b5113c1f8b33130866af44450ca4107ed4 (diff) | |
#2001 - Make filename sanitizing more consistent.
- legal_file - added sanitize_filname() to sanitize photo/movie filenames.
- admin_watermarks - revised add() to use new function.
- item model - added _process_data_file_info() to validate the data file, get its metadata, and sanitize the item name.
- item model - revised save() for new items to use _process_data_file_info *before* the slug is checked.
- item model - revised save() for updated items to use _process_data_file_info.
- item model - revised save() for updated items to sanitize name if changed.
- uploader - removed call to smash_extensions (item model does this when it calls sanitize_filename).
- Legal_File_Helper_Test - added unit tests for sanitize_filename.
- Item_Model_Test - revised existing unit tests based on changes.
- Item_Model_Test - added new unit tests for names with legal but incorrect extensions.
- Averted take over by HAL with fix #2001...
Diffstat (limited to 'modules/watermark/controllers/admin_watermarks.php')
| -rw-r--r-- | modules/watermark/controllers/admin_watermarks.php | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 59bb7fa9..b058d6a5 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -97,18 +97,15 @@ class Admin_Watermarks_Controller extends Admin_Controller { // validation logic will correctly reject it. So, we skip validation when we're running tests. if (TEST_MODE || $form->validate()) { $file = $_POST["file"]; - $pathinfo = pathinfo($file); // Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness - $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); - $name = legal_file::smash_extensions($name); + $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', basename($file)); try { list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); - // Force correct, legal extension type on file, which will be of our canonical type - // (i.e. all lowercase, jpg instead of jpeg, etc.). This renaming prevents the issues + // Sanitize filename, which ensures a valid extension. This renaming prevents the issues // addressed in ticket #1855, where an image that looked valid (header said jpg) with a // php extension was previously accepted without changing its extension. - $name = legal_file::change_extension($name, $extension); + $name = legal_file::sanitize_filename($name, $extension, "photo"); } catch (Exception $e) { message::error(t("Invalid or unidentifiable image file")); @unlink($file); |