diff options
author | Sarven Capadisli <csarven@status.net> | 2010-02-04 16:56:34 +0000 |
---|---|---|
committer | Sarven Capadisli <csarven@status.net> | 2010-02-04 16:56:34 +0000 |
commit | 7ebd13fa69d2a5dac8bc59799281d3d6e017eeae (patch) | |
tree | 605267bbe7c902d7a71766cdeb523bfbb266a0f9 /classes/File.php | |
parent | 339eb1adadc7f3495ad31ef0a5cf20cdca47ce1f (diff) | |
parent | 9e940445f1ab1ec53f3bad14a1a94dc2064d0ee6 (diff) |
Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x
Diffstat (limited to 'classes/File.php')
-rw-r--r-- | classes/File.php | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/classes/File.php b/classes/File.php index 34e4632a8..307fdb686 100644 --- a/classes/File.php +++ b/classes/File.php @@ -176,8 +176,22 @@ class File extends Memcached_DataObject return "$nickname-$datestamp-$random.$ext"; } + /** + * Validation for as-saved base filenames + */ + static function validFilename($filename) + { + return preg_match('/^[A-Za-z0-9._-]+$/', $filename); + } + + /** + * @throws ClientException on invalid filename + */ static function path($filename) { + if (!self::validFilename($filename)) { + throw new ClientException("Invalid filename"); + } $dir = common_config('attachments', 'dir'); if ($dir[strlen($dir)-1] != '/') { @@ -189,6 +203,9 @@ class File extends Memcached_DataObject static function url($filename) { + if (!self::validFilename($filename)) { + throw new ClientException("Invalid filename"); + } if(common_config('site','private')) { return common_local_url('getfile', |