diff options
author | plegall <plg@piwigo.org> | 2008-12-02 23:28:32 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2008-12-02 23:28:32 +0000 |
commit | 0ffd66ca946401bfae6db763bacf016bd14fde36 (patch) | |
tree | ae18ecc53f38d2917806692d823e2025b502d26c /include | |
parent | 3ab9008e1c42d8b59f3ec197ddcffdfc748223c8 (diff) |
merge r2916 from branch 2.0 to trunk
bug 904 fixed: an index.htm is created in directories created by
pwg.images.add web API method, only directories that contains pictures.
git-svn-id: http://piwigo.org/svn/trunk@2917 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/functions.inc.php | 14 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 6 |
2 files changed, 20 insertions, 0 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index 093f207e9..513054ab9 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1540,4 +1540,18 @@ function convert_charset($str, $source_charset, $dest_charset) } return $str; //??? } + +/** + * makes sure a index.htm protects the directory from browser file listing + * + * @param string dir directory + */ +function secure_directory($dir) +{ + $file = $dir.'/index.htm'; + if (!file_exists($file)) + { + @file_put_contents($file, 'Not allowed!'); + } +} ?>
\ No newline at end of file diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index ba7987c8e..f70810ccd 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -951,6 +951,8 @@ SELECT } } + secure_directory($upload_dir); + // compute file path $date_string = preg_replace('/[^\d]/', '', $dbnow); $random_string = substr($params['file_sum'], 0, 8); @@ -994,6 +996,8 @@ SELECT } } + secure_directory($thumbnail_dir); + // thumbnail path, the filename may use a prefix and the extension is // always "jpg" (no matter what the real file format is) $thumbnail_path = sprintf( @@ -1044,6 +1048,8 @@ SELECT } } + secure_directory($high_dir); + // high resolution path, same name as web size file $high_path = sprintf( '%s/%s.%s', |