aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2008-12-02 23:28:32 +0000
committerplegall <plg@piwigo.org>2008-12-02 23:28:32 +0000
commit0ffd66ca946401bfae6db763bacf016bd14fde36 (patch)
treeae18ecc53f38d2917806692d823e2025b502d26c /include
parent3ab9008e1c42d8b59f3ec197ddcffdfc748223c8 (diff)
merge r2916 from branch 2.0 to trunk
bug 904 fixed: an index.htm is created in directories created by pwg.images.add web API method, only directories that contains pictures. git-svn-id: http://piwigo.org/svn/trunk@2917 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/functions.inc.php14
-rw-r--r--include/ws_functions.inc.php6
2 files changed, 20 insertions, 0 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 093f207e9..513054ab9 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1540,4 +1540,18 @@ function convert_charset($str, $source_charset, $dest_charset)
}
return $str; //???
}
+
+/**
+ * makes sure a index.htm protects the directory from browser file listing
+ *
+ * @param string dir directory
+ */
+function secure_directory($dir)
+{
+ $file = $dir.'/index.htm';
+ if (!file_exists($file))
+ {
+ @file_put_contents($file, 'Not allowed!');
+ }
+}
?> \ No newline at end of file
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index ba7987c8e..f70810ccd 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -951,6 +951,8 @@ SELECT
}
}
+ secure_directory($upload_dir);
+
// compute file path
$date_string = preg_replace('/[^\d]/', '', $dbnow);
$random_string = substr($params['file_sum'], 0, 8);
@@ -994,6 +996,8 @@ SELECT
}
}
+ secure_directory($thumbnail_dir);
+
// thumbnail path, the filename may use a prefix and the extension is
// always "jpg" (no matter what the real file format is)
$thumbnail_path = sprintf(
@@ -1044,6 +1048,8 @@ SELECT
}
}
+ secure_directory($high_dir);
+
// high resolution path, same name as web size file
$high_path = sprintf(
'%s/%s.%s',