From 8afc37cb191e889fd20c1ddafb6b43be4401cdad Mon Sep 17 00:00:00 2001 From: Alda Marteau-Hardi Date: Sat, 8 Nov 2014 21:12:59 +0100 Subject: [PATCH] Fix #10 : Proper escaping for files and folder name --- index.php | 91 +++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 79 insertions(+), 12 deletions(-) diff --git a/index.php b/index.php index 24c667c..b7e3d22 100644 --- a/index.php +++ b/index.php @@ -178,26 +178,71 @@ $dirs = array(); // Set thumbnail to folder.jpg if found: if (file_exists($currentdir. '/' . $file . '/folder.jpg')) { + $linkParams = http_build_query( + array('dir' => ltrim("$requestedDir/$file", '/')), + '', + '&' + ); + $linkUrl = "?$linkParams"; + + $imgParams = http_build_query( + array( + 'filename' => "$currentdir/$file/folder.jpg", + 'size' => $thumb_size + ), + '', + '&' + ); + $imgUrl = GALLERY_ROOT . "createthumb.php?$imgParams"; + $dirs[] = array( "name" => $file, "date" => filemtime($currentdir . "/" . $file . "/folder.jpg"), - "html" => "
  • " . padstring($file, $label_max_length) . "$label_loading
    • "); - } else - { + "html" => "
  • " . padstring($file, $label_max_length) . "\"$label_loading\"
    • " + ); + } else { // Set thumbnail to first image found (if any): unset ($firstimage); $firstimage = getfirstImage("$currentdir/" . $file); + if ($firstimage != "") { - $dirs[] = array( - "name" => $file, - "date" => filemtime($currentdir . "/" . $file), - "html" => "
  • " . padstring($file, $label_max_length) . "$label_loading
    • "); - } else { - // If no folder.jpg or image is found, then display default icon: + $linkParams = http_build_query( + array('dir' => ltrim("$requestedDir/$file", '/')), + '', + '&' + ); + $linkUrl = "?$linkParams"; + + $imgParams = http_build_query( + array( + 'filename' => "$thumbdir/$file/$firstimage", + 'size' => $thumb_size + ), + '', + '&' + ); + $imgUrl = GALLERY_ROOT . "createthumb.php?$imgParams"; + $dirs[] = array( "name" => $file, "date" => filemtime($currentdir . "/" . $file), - "html" => "
  • " . padstring($file, $label_max_length) . "$label_loading
    • "); + "html" => "
  • " . padstring($file, $label_max_length) . "$label_loading
    • " + ); + } else { + // If no folder.jpg or image is found, then display default icon: + $linkParams = http_build_query( + array('dir' => ltrim("$requestedDir/$file", '/')), + '', + '&' + ); + $linkUrl = "?$linkParams"; + $imgUrl = GALLERY_ROOT . 'images/folder_' . strtolower($folder_color) . '.png'; + + $dirs[] = array( + "name" => $file, + "date" => filemtime($currentdir . "/" . $file), + "html" => "
  • " . padstring($file, $label_max_length) . "$label_loading
    • " + ); } } } @@ -258,17 +303,39 @@ if (file_exists($currentdir ."/captions.txt")) if (is_file($currentdir.'/'.$file.'.html')) { $img_captions[$file] = $file.'::'.htmlspecialchars(file_get_contents($currentdir.'/'.$file.'.html'),ENT_QUOTES); } if ($lazyload) { + $linkUrl = urlencode("$currentdir/$file"); + $imgParams = http_build_query( + array( + 'filename' => "$thumbdir/$file", + 'size' => $thumb_size + ), + '', + '&' + ); + $imgUrl = GALLERY_ROOT . "createthumb.php?$imgParams"; + $files[] = array ( "name" => $file, "date" => filemtime($currentdir . "/" . $file), "size" => filesize($currentdir . "/" . $file), - "html" => "
  • $label_loading" . $filename_caption . "
    • "); + "html" => "
  • $label_loading" . $filename_caption . "
    • "); } else { + $linkUrl = urlencode("$currentdir/$file"); + $imgParams = http_build_query( + array( + 'filename' => "$thumbdir/$file", + 'size' => $thumb_size + ), + '', + '&' + ); + $imgUrl = GALLERY_ROOT . "createthumb.php?$imgParams"; + $files[] = array ( "name" => $file, "date" => filemtime($currentdir . "/" . $file), "size" => filesize($currentdir . "/" . $file), - "html" => "
  • $label_loading" . $filename_caption . "
    • "); } + "html" => "
  • $label_loading" . $filename_caption . "
    • "); } } // Other filetypes $extension = "";