GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Fixes for Mac metadata files mucking up theme zip files

Browse Source
This commit is contained in:
Brion Vibber 2010-09-02 14:24:46 -07:00
parent c24458a9f0
commit cbcb9b0080
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/themeuploader.php
View File

@ -192,6 +192,15 @@ class ThemeUploader
if (in_array(strtolower($ext), $skip)) { if (in_array(strtolower($ext), $skip)) {
return true; return true;
} }
if ($filename == '' || substr($filename, 0, 1) == '.') {
// Skip Unix-style hidden files
return true;
}
if ($filename == '__MACOSX') {
// Skip awful metadata files Mac OS X slips in for you.
// Thanks Apple!
return true;
}
return false; return false;
} }
@ -205,11 +214,13 @@ class ThemeUploader
protected function validateFileOrFolder($name) protected function validateFileOrFolder($name)
{ {
if (!preg_match('/^[a-z0-9_\.-]+$/i', $name)) { if (!preg_match('/^[a-z0-9_\.-]+$/i', $name)) {
common_log(LOG_ERR, "Bad theme filename: $name");
$msg = _("Theme contains invalid file or folder name. " . $msg = _("Theme contains invalid file or folder name. " .
"Stick with ASCII letters, digits, underscore, and minus sign."); "Stick with ASCII letters, digits, underscore, and minus sign.");
throw new ClientException($msg); throw new ClientException($msg);
} }
if (preg_match('/\.(php|cgi|asp|aspx|js|vb)\w/i', $name)) { if (preg_match('/\.(php|cgi|asp|aspx|js|vb)\w/i', $name)) {
common_log(LOG_ERR, "Unsafe theme filename: $name");
$msg = _("Theme contains unsafe file extension names; may be unsafe."); $msg = _("Theme contains unsafe file extension names; may be unsafe.");
throw new ClientException($msg); throw new ClientException($msg);
} }