From 705e6d62b7d75120822a559e9cc11f1159db5348 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 4 Mar 2009 20:09:53 +0000
Subject: Last of changes required from Bharat's 2nd review pass

---
 .../server_add/controllers/admin_server_add.php    |  4 ++--
 modules/server_add/controllers/server_add.php      | 16 ++++++++++++---
 modules/server_add/helpers/server_add_block.php    | 24 ----------------------
 .../server_add/helpers/server_add_installer.php    |  8 +++-----
 4 files changed, 18 insertions(+), 34 deletions(-)
 delete mode 100644 modules/server_add/helpers/server_add_block.php

(limited to 'modules')

diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php
index a340f61a..94dd8f74 100644
--- a/modules/server_add/controllers/admin_server_add.php
+++ b/modules/server_add/controllers/admin_server_add.php
@@ -40,13 +40,13 @@ class Admin_Server_Add_Controller extends Admin_Controller {
         module::set_var("server_add", "authorized_paths", serialize($paths));
         $view = new View("server_add_dir_list.html");
         $view->paths = array_keys($paths);
-        $form->add_path->inputs["path"]->value("");
+        $form->add_path->inputs->path->value = "";
         print json_encode(
           array("result" => "success",
                 "paths" => $view->__toString(),
                 "form" => $form->__toString()));
       } else {
-        $form->add_path->inputs["path"]->error("not_readable");
+        $form->add_path->inputs->path->error("not_readable");
         print json_encode(array("result" => "error", "form" => $form->__toString()));
       }
     } else {
diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php
index e926ade7..592a14e3 100644
--- a/modules/server_add/controllers/server_add.php
+++ b/modules/server_add/controllers/server_add.php
@@ -41,9 +41,16 @@ class Server_Add_Controller extends Controller {
   }
 
   public function children() {
+    $paths = unserialize(module::get_var("server_add", "authorized_paths"));
+
+    $path_valid = false;
     $path = $this->input->post("path");
+
+    if (empty($paths[$path[0]])) {
+      throw new Exception("@todo BAD_PATH");
+    }
     $path = implode("/", $this->input->post("path"));
-    if (!is_readable($path)) {
+    if (!is_readable($path) || is_link($path)) {
       kohana::show_404();
     }
 
@@ -62,7 +69,7 @@ class Server_Add_Controller extends Controller {
 
     $parent = ORM::factory("item", $id);
     access::required("server_add", $parent);
-    if (!$parent->is_album() && !$parent->loaded ) {
+    if (!$parent->is_album()) {
       throw new Exception("@todo BAD_ALBUM");
     }
 
@@ -77,6 +84,9 @@ class Server_Add_Controller extends Controller {
     // The first path corresponds to the source directory so we can just skip it.
     for ($i = 1; $i < count($path); $i++) {
       $source_path .= "/$path[$i]";
+      if (is_link($source_path) || !is_readable($source_path)) {
+        kohana::show_404();
+      }
       $pathinfo = pathinfo($source_path);
       set_time_limit(30);
       if (is_dir($source_path)) {
@@ -107,7 +117,7 @@ class Server_Add_Controller extends Controller {
     $file_list = array();
     $files = new DirectoryIterator($path);
     foreach ($files as $file) {
-      if ($file->isDot()) {
+      if ($file->isDot() || $file->isLink()) {
         continue;
       }
       $filename = $file->getFilename();
diff --git a/modules/server_add/helpers/server_add_block.php b/modules/server_add/helpers/server_add_block.php
deleted file mode 100644
index 34ed644c..00000000
--- a/modules/server_add/helpers/server_add_block.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2008 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class server_add_block_Core {
-  static function head($theme) {
-    return html::script("modules/server_add/js/server_add.js");
-  }
-}
diff --git a/modules/server_add/helpers/server_add_installer.php b/modules/server_add/helpers/server_add_installer.php
index 8b1c4688..d00556df 100644
--- a/modules/server_add/helpers/server_add_installer.php
+++ b/modules/server_add/helpers/server_add_installer.php
@@ -29,8 +29,8 @@ class server_add_installer {
       module::set_version("server_add", 1);
       module::set_var("server_add", "authorized_paths", serialize(array()));
       message::warning(
-        t("You have no upload directories, click <a href='%url'>here</a> to configure one",
-          array("url" => url::site("/admin/server_add"))));
+        t("You have no upload directories, click <a href='%url'>Configure them now</a> " .
+          "to configure one", array("url" => url::site("/admin/server_add"))));
     }
   }
 
@@ -38,9 +38,7 @@ class server_add_installer {
     access::delete_permission("server_add");
     $module = module::get("server_add");
 
-    $db = Database::instance();
-    $db->delete("vars", array("module_name" => $module->name));
-
+    // @todo remove this after the next alpha
     module::delete("local_import");
     module::delete("server_add");
   }
-- 
cgit v1.2.3