From 328a982546a202140697700b6688da3e32dbb2de Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 3 Mar 2009 23:07:07 +0000
Subject: * Validate that the source path is authorized. * Add site warning
 message if local_import is installed an there is no   authorized directories

---
 modules/local_import/controllers/local_import.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'modules/local_import/controllers/local_import.php')

diff --git a/modules/local_import/controllers/local_import.php b/modules/local_import/controllers/local_import.php
index d5a1662a..9dcb108b 100644
--- a/modules/local_import/controllers/local_import.php
+++ b/modules/local_import/controllers/local_import.php
@@ -63,6 +63,12 @@ class Local_Import_Controller extends Controller {
     }
 
     $path = $this->input->post("path");
+
+    $paths = unserialize(module::get_var("local_import", "authorized_paths"));
+    if (empty($paths[$path[0]])) {
+      throw new Exception("@todo BAD_PATH");
+    }
+
     batch::operation("add", $parent);
 
     $source_path = $path[0];
-- 
cgit v1.2.3