Fix #10 : Proper escaping for files and folder name
This commit is contained in:
parent
a6d127a8c7
commit
8afc37cb19
1 changed files with 79 additions and 12 deletions
91
index.php
91
index.php
|
@ -178,26 +178,71 @@ $dirs = array();
|
||||||
// Set thumbnail to folder.jpg if found:
|
// Set thumbnail to folder.jpg if found:
|
||||||
if (file_exists($currentdir. '/' . $file . '/folder.jpg'))
|
if (file_exists($currentdir. '/' . $file . '/folder.jpg'))
|
||||||
{
|
{
|
||||||
|
$linkParams = http_build_query(
|
||||||
|
array('dir' => ltrim("$requestedDir/$file", '/')),
|
||||||
|
'',
|
||||||
|
'&'
|
||||||
|
);
|
||||||
|
$linkUrl = "?$linkParams";
|
||||||
|
|
||||||
|
$imgParams = http_build_query(
|
||||||
|
array(
|
||||||
|
'filename' => "$currentdir/$file/folder.jpg",
|
||||||
|
'size' => $thumb_size
|
||||||
|
),
|
||||||
|
'',
|
||||||
|
'&'
|
||||||
|
);
|
||||||
|
$imgUrl = GALLERY_ROOT . "createthumb.php?$imgParams";
|
||||||
|
|
||||||
$dirs[] = array(
|
$dirs[] = array(
|
||||||
"name" => $file,
|
"name" => $file,
|
||||||
"date" => filemtime($currentdir . "/" . $file . "/folder.jpg"),
|
"date" => filemtime($currentdir . "/" . $file . "/folder.jpg"),
|
||||||
"html" => "<li><a href='?dir=" .ltrim($requestedDir . "/" . $file, "/") . "'><em>" . padstring($file, $label_max_length) . "</em><span></span><img src='" . GALLERY_ROOT . "createthumb.php?filename=$currentdir/" . $file . "/folder.jpg&size=$thumb_size' alt='$label_loading' /></a></li>");
|
"html" => "<li><a href=\"{$linkUrl}\"><em>" . padstring($file, $label_max_length) . "</em><span></span><img src=\"{$imgUrl}\" alt=\"$label_loading\" /></a></li>"
|
||||||
} else
|
);
|
||||||
{
|
} else {
|
||||||
// Set thumbnail to first image found (if any):
|
// Set thumbnail to first image found (if any):
|
||||||
unset ($firstimage);
|
unset ($firstimage);
|
||||||
$firstimage = getfirstImage("$currentdir/" . $file);
|
$firstimage = getfirstImage("$currentdir/" . $file);
|
||||||
|
|
||||||
if ($firstimage != "") {
|
if ($firstimage != "") {
|
||||||
$dirs[] = array(
|
$linkParams = http_build_query(
|
||||||
"name" => $file,
|
array('dir' => ltrim("$requestedDir/$file", '/')),
|
||||||
"date" => filemtime($currentdir . "/" . $file),
|
'',
|
||||||
"html" => "<li><a href='?dir=" . ltrim($requestedDir . "/" . $file, "/") . "'><em>" . padstring($file, $label_max_length) . "</em><span></span><img src='" . GALLERY_ROOT . "createthumb.php?filename=$thumbdir/" . $file . "/" . $firstimage . "&size=$thumb_size' alt='$label_loading' /></a></li>");
|
'&'
|
||||||
} else {
|
);
|
||||||
// If no folder.jpg or image is found, then display default icon:
|
$linkUrl = "?$linkParams";
|
||||||
|
|
||||||
|
$imgParams = http_build_query(
|
||||||
|
array(
|
||||||
|
'filename' => "$thumbdir/$file/$firstimage",
|
||||||
|
'size' => $thumb_size
|
||||||
|
),
|
||||||
|
'',
|
||||||
|
'&'
|
||||||
|
);
|
||||||
|
$imgUrl = GALLERY_ROOT . "createthumb.php?$imgParams";
|
||||||
|
|
||||||
$dirs[] = array(
|
$dirs[] = array(
|
||||||
"name" => $file,
|
"name" => $file,
|
||||||
"date" => filemtime($currentdir . "/" . $file),
|
"date" => filemtime($currentdir . "/" . $file),
|
||||||
"html" => "<li><a href='?dir=" . ltrim($requestedDir . "/" . $file, "/") . "'><em>" . padstring($file, $label_max_length) . "</em><span></span><img src='" . GALLERY_ROOT . "images/folder_" . strtolower($folder_color) . ".png' width='$thumb_size' height='$thumb_size' alt='$label_loading' /></a></li>");
|
"html" => "<li><a href=\"{$linkUrl}\"><em>" . padstring($file, $label_max_length) . "</em><span></span><img src=\"{$imgUrl}\" alt='$label_loading' /></a></li>"
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
// If no folder.jpg or image is found, then display default icon:
|
||||||
|
$linkParams = http_build_query(
|
||||||
|
array('dir' => ltrim("$requestedDir/$file", '/')),
|
||||||
|
'',
|
||||||
|
'&'
|
||||||
|
);
|
||||||
|
$linkUrl = "?$linkParams";
|
||||||
|
$imgUrl = GALLERY_ROOT . 'images/folder_' . strtolower($folder_color) . '.png';
|
||||||
|
|
||||||
|
$dirs[] = array(
|
||||||
|
"name" => $file,
|
||||||
|
"date" => filemtime($currentdir . "/" . $file),
|
||||||
|
"html" => "<li><a href=\"{$linkUrl}\"><em>" . padstring($file, $label_max_length) . "</em><span></span><img src=\"{$imgUrl}\" width='$thumb_size' height='$thumb_size' alt='$label_loading' /></a></li>"
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -258,17 +303,39 @@ if (file_exists($currentdir ."/captions.txt"))
|
||||||
|
|
||||||
if (is_file($currentdir.'/'.$file.'.html')) { $img_captions[$file] = $file.'::'.htmlspecialchars(file_get_contents($currentdir.'/'.$file.'.html'),ENT_QUOTES); }
|
if (is_file($currentdir.'/'.$file.'.html')) { $img_captions[$file] = $file.'::'.htmlspecialchars(file_get_contents($currentdir.'/'.$file.'.html'),ENT_QUOTES); }
|
||||||
if ($lazyload) {
|
if ($lazyload) {
|
||||||
|
$linkUrl = urlencode("$currentdir/$file");
|
||||||
|
$imgParams = http_build_query(
|
||||||
|
array(
|
||||||
|
'filename' => "$thumbdir/$file",
|
||||||
|
'size' => $thumb_size
|
||||||
|
),
|
||||||
|
'',
|
||||||
|
'&'
|
||||||
|
);
|
||||||
|
$imgUrl = GALLERY_ROOT . "createthumb.php?$imgParams";
|
||||||
|
|
||||||
$files[] = array (
|
$files[] = array (
|
||||||
"name" => $file,
|
"name" => $file,
|
||||||
"date" => filemtime($currentdir . "/" . $file),
|
"date" => filemtime($currentdir . "/" . $file),
|
||||||
"size" => filesize($currentdir . "/" . $file),
|
"size" => filesize($currentdir . "/" . $file),
|
||||||
"html" => "<li><a href='" . $currentdir . "/" . $file . "' rel='lightbox[billeder]' title=\"".htmlentities($img_captions[$file])."\"><img class=\"b-lazy\" src=data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== data-src='" . GALLERY_ROOT . "createthumb.php?filename=" . $thumbdir . "/" . $file . "&size=$thumb_size' alt='$label_loading' /></a>" . $filename_caption . "</li>");
|
"html" => "<li><a href={$linkUrl} rel='lightbox[billeder]' title=\"".htmlentities($img_captions[$file])."\"><img class=\"b-lazy\" src=data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== data-src=\"$imgUrl\" alt='$label_loading' /></a>" . $filename_caption . "</li>");
|
||||||
} else {
|
} else {
|
||||||
|
$linkUrl = urlencode("$currentdir/$file");
|
||||||
|
$imgParams = http_build_query(
|
||||||
|
array(
|
||||||
|
'filename' => "$thumbdir/$file",
|
||||||
|
'size' => $thumb_size
|
||||||
|
),
|
||||||
|
'',
|
||||||
|
'&'
|
||||||
|
);
|
||||||
|
$imgUrl = GALLERY_ROOT . "createthumb.php?$imgParams";
|
||||||
|
|
||||||
$files[] = array (
|
$files[] = array (
|
||||||
"name" => $file,
|
"name" => $file,
|
||||||
"date" => filemtime($currentdir . "/" . $file),
|
"date" => filemtime($currentdir . "/" . $file),
|
||||||
"size" => filesize($currentdir . "/" . $file),
|
"size" => filesize($currentdir . "/" . $file),
|
||||||
"html" => "<li><a href='" . $currentdir . "/" . $file . "' rel='lightbox[billeder]' title=\"".htmlentities($img_captions[$file])."\"><img src='" . GALLERY_ROOT . "createthumb.php?filename=" . $thumbdir . "/" . $file . "&size=$thumb_size' alt='$label_loading' /></a>" . $filename_caption . "</li>"); }
|
"html" => "<li><a href=\"{$linkUrl}\" rel='lightbox[billeder]' title=\"".htmlentities($img_captions[$file])."\"><img src=\"{$imgUrl}\" alt='$label_loading' /></a>" . $filename_caption . "</li>"); }
|
||||||
}
|
}
|
||||||
// Other filetypes
|
// Other filetypes
|
||||||
$extension = "";
|
$extension = "";
|
||||||
|
|
Loading…
Reference in a new issue