From 9f6dba723842cc16dd3f3787d232028c6c0c2e19 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 16 Jan 2010 11:12:19 -0800 Subject: Check for illegal extensions in valid_name() Fix a bug where we were not calling valid_data_file correctly. --- modules/gallery/models/item.php | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 977b9771..a9607699 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -759,7 +759,7 @@ class Item_Model extends ORM_MPTT { } // Movies and photos must have data files - if ($this->is_photo() || $this->is_movie() && !$this->loaded()) { + if (($this->is_photo() || $this->is_movie()) && !$this->loaded()) { $this->rules["name"]["callbacks"][] = array($this, "valid_data_file"); } @@ -792,14 +792,29 @@ class Item_Model extends ORM_MPTT { public function valid_name(Validation $v, $field) { if (strpos($this->name, "/") !== false) { $v->add_error("name", "no_slashes"); - } else if (rtrim($this->name, ".") !== $this->name) { + return; + } + + if (rtrim($this->name, ".") !== $this->name) { $v->add_error("name", "no_trailing_period"); - } else if (db::build() - ->from("items") - ->where("parent_id", "=", $this->parent_id) - ->where("id", "<>", $this->id) - ->where("name", "=", $this->name) - ->count_records()) { + return; + } + + if ($this->is_movie() || $this->is_photo()) { + $new_ext = pathinfo($this->name, PATHINFO_EXTENSION); + $old_ext = pathinfo($this->original()->name, PATHINFO_EXTENSION); + if (strcasecmp($new_ext, $old_ext)) { + $v->add_error("name", "illegal_extension"); + return; + } + } + + if (db::build() + ->from("items") + ->where("parent_id", "=", $this->parent_id) + ->where("id", "<>", $this->id) + ->where("name", "=", $this->name) + ->count_records()) { $v->add_error("name", "conflict"); } } -- cgit v1.2.3