From 8d0e1b4c4d456d9d2d94c29412629374d0b26d35 Mon Sep 17 00:00:00 2001
From: shadlaws <shad@shadlaws.com>
Date: Wed, 13 Mar 2013 10:07:58 +0100
Subject: #2059 - Add album name sanitizing similar to photo/movie filename
 sanitizing. - added legal_file::sanitize_dirname(), analogous to
 sanitize_filename. - revised item model to use new function when adding or
 updating an album. - added some legal_file unit tests. - revised some item
 model unit tests.

---
 modules/gallery/models/item.php | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

(limited to 'modules/gallery/models')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index b708c503..1d4f35da 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -365,14 +365,20 @@ class Item_Model_Core extends ORM_MPTT {
           $this->weight = item::get_max_weight();
         }
 
-        // Process the data file info.
-        if (isset($this->data_file)) {
-          $this->_process_data_file_info();
-        } else if (!$this->is_album()) {
-          // Unless it's an album, new items must have a data file.
-          $this->data_file_error = true;
+        if ($this->is_album()) {
+          // Sanitize the album name.
+          $this->name = legal_file::sanitize_dirname($this->name);
+        } else {
+          // Process the data file info.  This also sanitizes the item name.
+          if (isset($this->data_file)) {
+            $this->_process_data_file_info();
+          } else {
+            // New photos and movies must have a data file.
+            $this->data_file_error = true;
+          }
         }
 
+
         // Make an url friendly slug from the name, if necessary
         if (empty($this->slug)) {
           $this->slug = item::convert_filename_to_slug(pathinfo($this->name, PATHINFO_FILENAME));
@@ -437,6 +443,11 @@ class Item_Model_Core extends ORM_MPTT {
             pathinfo($original->name, PATHINFO_EXTENSION), $this->type);
         }
 
+        // If an album's name changed, sanitize it.
+        if ($this->is_album() && array_key_exists("name", $this->changed)) {
+          $this->name = legal_file::sanitize_dirname($this->name);
+        }
+
         // If an album's cover has changed (or been removed), delete any existing album cover,
         // reset the thumb metadata, and mark the thumb as dirty.
         if (array_key_exists("album_cover_item_id", $this->changed) && $this->is_album()) {
-- 
cgit v1.2.3