diff options
author | plegall <plg@piwigo.org> | 2008-12-02 23:25:45 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2008-12-02 23:25:45 +0000 |
commit | fa47fc120b55a4dfef98e031f3406eeb2ecd3c47 (patch) | |
tree | 292ae7701bea5c447456cb5b9d6f196e80f8370d | |
parent | b66f527601e7e9e5aac4ac19c6109d808f1ef56e (diff) |
bug 904 fixed: an index.htm is created in directories created by
pwg.images.add web API method, only directories that contains pictures.
git-svn-id: http://piwigo.org/svn/branches/2.0@2916 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/functions.inc.php | 14 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 6 |
2 files changed, 20 insertions, 0 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index 093f207e9..513054ab9 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1540,4 +1540,18 @@ function convert_charset($str, $source_charset, $dest_charset) } return $str; //??? } + +/** + * makes sure a index.htm protects the directory from browser file listing + * + * @param string dir directory + */ +function secure_directory($dir) +{ + $file = $dir.'/index.htm'; + if (!file_exists($file)) + { + @file_put_contents($file, 'Not allowed!'); + } +} ?>
\ No newline at end of file diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 24170ec47..2e96370e1 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -951,6 +951,8 @@ SELECT } } + secure_directory($upload_dir); + // compute file path $date_string = preg_replace('/[^\d]/', '', $dbnow); $random_string = substr($params['file_sum'], 0, 8); @@ -994,6 +996,8 @@ SELECT } } + secure_directory($thumbnail_dir); + // thumbnail path, the filename may use a prefix and the extension is // always "jpg" (no matter what the real file format is) $thumbnail_path = sprintf( @@ -1044,6 +1048,8 @@ SELECT } } + secure_directory($high_dir); + // high resolution path, same name as web size file $high_path = sprintf( '%s/%s.%s', |