From 33f1187220404bca6597de5368048316ece5139a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 16 May 2009 03:48:56 +0000 Subject: Don't allow the various ::create() methods to take "/" in the name. --- core/helpers/photo.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'core/helpers/photo.php') diff --git a/core/helpers/photo.php b/core/helpers/photo.php index ff4936b4..6467e797 100644 --- a/core/helpers/photo.php +++ b/core/helpers/photo.php @@ -43,6 +43,10 @@ class photo_Core { throw new Exception("@todo MISSING_IMAGE_FILE"); } + if (strpos($name, "/")) { + throw new Exception("@todo NAME_CANNOT_CONTAIN_SLASH"); + } + $image_info = getimagesize($filename); // Force an extension onto the name @@ -124,7 +128,8 @@ class photo_Core { $group = $form->group("edit_photo")->label(t("Edit Photo")); $group->input("title")->label(t("Title"))->value($photo->title); $group->textarea("description")->label(t("Description"))->value($photo->description); - $group->input("name")->label(t("Filename"))->value($photo->name); + $group->input("filename")->label(t("Filename"))->value($photo->name) + ->error_messages("conflict", t("There is already a file with this name")); $group->submit("")->value(t("Modify")); $form->add_rules_from(ORM::factory("item")); return $form; -- cgit v1.2.3