From 79740a2c77ad5c9b048e094cc164fd0129aba16a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 14 Dec 2010 21:18:40 -0800
Subject: Move photo/movie file extension validation into the model.  Fixes
 #1524.

---
 modules/gallery/models/item.php           |  9 ++++++++-
 modules/gallery/tests/Item_Model_Test.php | 23 +++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 9016a04a..a4d24b8f 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -848,10 +848,17 @@ class Item_Model_Core extends ORM_MPTT {
         }
       } else {
         // New items must have an extension
-        if (!pathinfo($this->name, PATHINFO_EXTENSION)) {
+        $ext = pathinfo($this->name, PATHINFO_EXTENSION);
+        if (!$ext) {
           $v->add_error("name", "illegal_data_file_extension");
           return;
         }
+
+        if ($this->is_movie() && !preg_match("/^(flv|mp4|m4v)$/i", $ext)) {
+          $v->add_error("name", "illegal_data_file_extension");
+        } else if ($this->is_photo() && !preg_match("/^(gif|jpg|jpeg|png)$/i", $ext)) {
+          $v->add_error("name", "illegal_data_file_extension");
+        }
       }
     }
 
diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php
index 264a2128..1e6d54d0 100644
--- a/modules/gallery/tests/Item_Model_Test.php
+++ b/modules/gallery/tests/Item_Model_Test.php
@@ -431,4 +431,27 @@ class Item_Model_Test extends Gallery_Unit_Test_Case {
       preg_match("|http://./var/thumbs/name_\d+/\.album\.jpg\?m=\d+|", $album->thumb_url()),
       $album->thumb_url() . " is malformed");
   }
+
+  public function legal_extension_test() {
+    foreach (array("test.gif", "test.GIF", "test.Gif", "test.jpeg", "test.JPG") as $name) {
+      $photo = test::random_photo_unsaved(item::root());
+      $photo->name = $name;
+      $photo->save();
+    }
+  }
+
+  public function illegal_extension_test() {
+    foreach (array("test.php", "test.PHP", "test.php5", "test.php4", "test.pl") as $name) {
+      try {
+        $photo = test::random_photo_unsaved(item::root());
+        $photo->name = $name;
+        $photo->save();
+      } catch (ORM_Validation_Exception $e) {
+        $this->assert_equal(array("name" => "illegal_data_file_extension"),
+                            $e->validation->errors());
+        continue;
+      }
+      $this->assert_true(false, "Shouldn't get here");
+    }
+  }
 }
-- 
cgit v1.2.3