From 6ceb10424b4dc1bba6cfc1bd3a17c4428ae9c98c Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 16 May 2009 22:20:16 +0000
Subject: Don't allow albums/photos/movies to end in "." because it risks
 securit issues (and so Kohana won't route them, see
 http://dev.kohanaphp.com/issues/684).

Partial fix for ticket #248.
---
 core/helpers/photo.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'core/helpers/photo.php')

diff --git a/core/helpers/photo.php b/core/helpers/photo.php
index 0015bd99..8b0e1eab 100644
--- a/core/helpers/photo.php
+++ b/core/helpers/photo.php
@@ -47,6 +47,12 @@ class photo_Core {
       throw new Exception("@todo NAME_CANNOT_CONTAIN_SLASH");
     }
 
+    // We don't allow trailing periods as a security measure
+    // ref: http://dev.kohanaphp.com/issues/684
+    if (rtrim($name, ".") != $name) {
+      throw new Exception("@todo NAME_CANNOT_END_IN_PERIOD");
+    }
+
     $image_info = getimagesize($filename);
 
     // Force an extension onto the name
-- 
cgit v1.2.3