diff options
Diffstat (limited to 'modules/server_add')
| -rw-r--r-- | modules/server_add/controllers/admin_server_add.php | 8 | ||||
| -rw-r--r-- | modules/server_add/controllers/server_add.php | 9 |
2 files changed, 8 insertions, 9 deletions
diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index 0c741513..954c9ef6 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -35,12 +35,12 @@ class Admin_Server_Add_Controller extends Admin_Controller { $form = $this->_get_admin_form(); $paths = unserialize(module::get_var("server_add", "authorized_paths", "a:0:{}")); if ($form->validate()) { - if (is_link($form->add_path->path->value)) { + $path = html_entity_decode($form->add_path->path->value); + if (is_link($path)) { $form->add_path->path->add_error("is_symlink", 1); - } else if (!is_readable($form->add_path->path->value)) { + } else if (!is_readable($path)) { $form->add_path->path->add_error("not_readable", 1); } else { - $path = $form->add_path->path->value; $paths[$path] = 1; module::set_var("server_add", "authorized_paths", serialize($paths)); message::success(t("Added path %path", array("path" => $path))); @@ -75,7 +75,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $path_prefix = Input::instance()->get("q"); foreach (glob("{$path_prefix}*") as $file) { if (is_dir($file) && !is_link($file)) { - $directories[] = $file; + $directories[] = html::clean($file); } } diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index a3333ae2..c6d36a11 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -61,7 +61,7 @@ class Server_Add_Controller extends Admin_Controller { } if (!is_dir($file)) { $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION)); - if (!in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4", "m4v"))) { + if (!in_array($ext, legal_file::get_extensions())) { continue; } } @@ -169,8 +169,7 @@ class Server_Add_Controller extends Admin_Controller { foreach ($child_paths as $child_path) { if (!is_dir($child_path)) { $ext = strtolower(pathinfo($child_path, PATHINFO_EXTENSION)); - if (!in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4", "m4v")) || - !filesize($child_path)) { + if (!in_array($ext, legal_file::get_extensions()) || !filesize($child_path)) { // Not importable, skip it. continue; } @@ -256,7 +255,7 @@ class Server_Add_Controller extends Admin_Controller { } else { try { $extension = strtolower(pathinfo($name, PATHINFO_EXTENSION)); - if (in_array($extension, array("gif", "png", "jpg", "jpeg"))) { + if (in_array($extension, legal_file::get_photo_extensions())) { $photo = ORM::factory("item"); $photo->type = "photo"; $photo->parent_id = $parent->id; @@ -266,7 +265,7 @@ class Server_Add_Controller extends Admin_Controller { $photo->owner_id = $owner_id; $photo->save(); $entry->item_id = $photo->id; - } else if (in_array($extension, array("flv", "mp4", "m4v"))) { + } else if (in_array($extension, legal_file::get_movie_extensions())) { $movie = ORM::factory("item"); $movie->type = "movie"; $movie->parent_id = $parent->id; |