diff options
Diffstat (limited to 'modules/server_add')
| -rw-r--r-- | modules/server_add/controllers/admin_server_add.php | 4 | ||||
| -rw-r--r-- | modules/server_add/controllers/server_add.php | 16 | ||||
| -rw-r--r-- | modules/server_add/helpers/server_add_block.php | 24 | ||||
| -rw-r--r-- | modules/server_add/helpers/server_add_installer.php | 8 |
4 files changed, 18 insertions, 34 deletions
diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index a340f61a..94dd8f74 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -40,13 +40,13 @@ class Admin_Server_Add_Controller extends Admin_Controller { module::set_var("server_add", "authorized_paths", serialize($paths)); $view = new View("server_add_dir_list.html"); $view->paths = array_keys($paths); - $form->add_path->inputs["path"]->value(""); + $form->add_path->inputs->path->value = ""; print json_encode( array("result" => "success", "paths" => $view->__toString(), "form" => $form->__toString())); } else { - $form->add_path->inputs["path"]->error("not_readable"); + $form->add_path->inputs->path->error("not_readable"); print json_encode(array("result" => "error", "form" => $form->__toString())); } } else { diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index e926ade7..592a14e3 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -41,9 +41,16 @@ class Server_Add_Controller extends Controller { } public function children() { + $paths = unserialize(module::get_var("server_add", "authorized_paths")); + + $path_valid = false; $path = $this->input->post("path"); + + if (empty($paths[$path[0]])) { + throw new Exception("@todo BAD_PATH"); + } $path = implode("/", $this->input->post("path")); - if (!is_readable($path)) { + if (!is_readable($path) || is_link($path)) { kohana::show_404(); } @@ -62,7 +69,7 @@ class Server_Add_Controller extends Controller { $parent = ORM::factory("item", $id); access::required("server_add", $parent); - if (!$parent->is_album() && !$parent->loaded ) { + if (!$parent->is_album()) { throw new Exception("@todo BAD_ALBUM"); } @@ -77,6 +84,9 @@ class Server_Add_Controller extends Controller { // The first path corresponds to the source directory so we can just skip it. for ($i = 1; $i < count($path); $i++) { $source_path .= "/$path[$i]"; + if (is_link($source_path) || !is_readable($source_path)) { + kohana::show_404(); + } $pathinfo = pathinfo($source_path); set_time_limit(30); if (is_dir($source_path)) { @@ -107,7 +117,7 @@ class Server_Add_Controller extends Controller { $file_list = array(); $files = new DirectoryIterator($path); foreach ($files as $file) { - if ($file->isDot()) { + if ($file->isDot() || $file->isLink()) { continue; } $filename = $file->getFilename(); diff --git a/modules/server_add/helpers/server_add_block.php b/modules/server_add/helpers/server_add_block.php deleted file mode 100644 index 34ed644c..00000000 --- a/modules/server_add/helpers/server_add_block.php +++ /dev/null @@ -1,24 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2008 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class server_add_block_Core { - static function head($theme) { - return html::script("modules/server_add/js/server_add.js"); - } -} diff --git a/modules/server_add/helpers/server_add_installer.php b/modules/server_add/helpers/server_add_installer.php index 8b1c4688..d00556df 100644 --- a/modules/server_add/helpers/server_add_installer.php +++ b/modules/server_add/helpers/server_add_installer.php @@ -29,8 +29,8 @@ class server_add_installer { module::set_version("server_add", 1); module::set_var("server_add", "authorized_paths", serialize(array())); message::warning( - t("You have no upload directories, click <a href='%url'>here</a> to configure one", - array("url" => url::site("/admin/server_add")))); + t("You have no upload directories, click <a href='%url'>Configure them now</a> " . + "to configure one", array("url" => url::site("/admin/server_add")))); } } @@ -38,9 +38,7 @@ class server_add_installer { access::delete_permission("server_add"); $module = module::get("server_add"); - $db = Database::instance(); - $db->delete("vars", array("module_name" => $module->name)); - + // @todo remove this after the next alpha module::delete("local_import"); module::delete("server_add"); } |