From 79740a2c77ad5c9b048e094cc164fd0129aba16a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 14 Dec 2010 21:18:40 -0800
Subject: Move photo/movie file extension validation into the model.  Fixes
 #1524.

---
 modules/gallery/models/item.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/models')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 9016a04a..a4d24b8f 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -848,10 +848,17 @@ class Item_Model_Core extends ORM_MPTT {
         }
       } else {
         // New items must have an extension
-        if (!pathinfo($this->name, PATHINFO_EXTENSION)) {
+        $ext = pathinfo($this->name, PATHINFO_EXTENSION);
+        if (!$ext) {
           $v->add_error("name", "illegal_data_file_extension");
           return;
         }
+
+        if ($this->is_movie() && !preg_match("/^(flv|mp4|m4v)$/i", $ext)) {
+          $v->add_error("name", "illegal_data_file_extension");
+        } else if ($this->is_photo() && !preg_match("/^(gif|jpg|jpeg|png)$/i", $ext)) {
+          $v->add_error("name", "illegal_data_file_extension");
+        }
       }
     }
 
-- 
cgit v1.2.3