← Back to branch summary

~ubuntu-branches/ubuntu/quantal/gallery2/quantal

~ubuntu-branches/ubuntu/quantal/gallery2/quantal

« back to all changes in this revision

Viewing changes to modules/core/classes/GalleryPlatform.class

Committer: Bazaar Package Importer
Author(s): Michael C. Schultheiss
Date: 2007-12-24 05:36:33 UTC
mfrom: (1.1.5 upstream)
Revision ID: james.westby@ubuntu.com-20071224053633-1ha6lnfqkfvpgdia

Tags: 2.2.4-1

http://bugs.debian.org/457644

* New upstream release (Urgency high due to security fixes.
  Closes: #457644)
* debian/control:
  + Update Standards-Version (No changes needed)
  + Add Homepage field, remove Homepage from Description
* debian/rules: No longer set DH_COMPAT (use debian/compat instead)

files added:
debian/compat

files modified:
MANIFEST

debian/changelog

debian/control

debian/rules

install/index.php

install/steps/DatabaseSetupStep.class

lib/smarty_plugins/modifier.markup.php

main.php

modules/comment/MANIFEST

modules/comment/classes/GalleryCommentHelper.class

modules/comment/module.inc

modules/core/CoreModuleExtras.inc

modules/core/ItemAdd.inc

modules/core/MANIFEST

modules/core/ShowItem.inc

modules/core/classes/GalleryPlatform.class

modules/core/classes/GalleryView.class

modules/core/module.inc

modules/digibug/DigibugPrintPhotos.inc

modules/digibug/MANIFEST

modules/digibug/module.inc

modules/dynamicalbum/MANIFEST

modules/fotokasten/MANIFEST

modules/fotokasten/PrintPhotos.inc

modules/fotokasten/module.inc

modules/itemadd/ItemAddFromServer.inc

modules/itemadd/ItemAddFromWeb.inc

modules/itemadd/MANIFEST

modules/itemadd/module.inc

modules/keyalbum/MANIFEST

modules/mime/MANIFEST

modules/mime/RestrictMimeOption.inc

modules/mime/module.inc

modules/photoaccess/MANIFEST

modules/photoaccess/PrintPhoto.inc

modules/photoaccess/classes/PhotoAccessHelper.class

modules/photoaccess/module.inc

modules/picasa/ConfirmPicasaImport.inc

modules/picasa/ItemAddFromPicasa.inc

modules/picasa/MANIFEST

modules/picasa/module.inc

modules/publishxp/DownloadRegistryFile.inc

modules/publishxp/ItemAddPublishXp.inc

modules/publishxp/MANIFEST

modules/publishxp/NewAlbum.inc

modules/publishxp/Options.inc

modules/publishxp/SelectAlbum.inc

modules/publishxp/UploadItems.inc

modules/publishxp/module.inc

modules/publishxp/po/de.po

modules/publishxp/po/strings.raw

modules/publishxp/templates/DownloadRegistryFile.tpl

modules/publishxp/templates/ItemAddPublishXp.tpl

modules/rating/MANIFEST

modules/remote/GalleryRemote.inc

modules/remote/MANIFEST

modules/remote/module.inc

modules/rewrite/DownloadItem.inc

modules/rewrite/MANIFEST

modules/rewrite/RewriteModuleExtras.inc

modules/rewrite/SetupRewrite.inc

modules/rewrite/module.inc

modules/rewrite/templates/DownloadItem.tpl

modules/shutterfly/MANIFEST

modules/shutterfly/PrintPhotos.inc

modules/shutterfly/module.inc

modules/slideshow/MANIFEST

modules/slideshow/Slideshow.inc

modules/slideshow/module.inc

modules/webcam/ItemAddWebCam.inc

modules/webcam/MANIFEST

modules/webcam/module.inc

modules/webdav/Callbacks.inc

modules/webdav/MANIFEST

modules/webdav/WebDavMount.inc

modules/webdav/classes/WebDavHelper.class

modules/webdav/lib/HTTP/WebDAV/Server.php

modules/webdav/module.inc

modules/webdav/templates/WebDavMount.tpl

Show diffs side-by-side

added added

removed removed

modules/core/classes/GalleryPlatform.class

24

24

* @package GalleryCore

25

25

* @subpackage Classes

26

26

* @author Bharat Mediratta <bharat@menalto.com>

27

* @version $Revision: 15872 $

27

* @version $Revision: 17265 $

28

28

* @abstract

29

29

*/

30

30

class GalleryPlatform {

31

31

32

32

/**

33

* List of file extensions that are disallowed for server and/or client security reasons.

34

* @var array

35

* @deprecated This list will be made configurable by merging it into the mime-map data.

36

*/

37

var $_blacklistedFileExtensions = array(

38

'php', 'php2', 'php3', 'php4', 'php5', 'php6', 'cgi', 'inc', 'phps', 'pwml', 'phtml',

39

'html', 'js', 'htm', 'shtml', 'vbs', 'dll', 'jsp' , 'cfm', 'reg', 'shtm', 'phtm', 'exe',

40

'bat', 'sh', 'cmd', 'install', 'pl', 'tcl', 'py', 'com', 'rb', 'asp', 'aspx', 'ascx');

41

42

/**

33

43

* Copy a file.

34

44

* @param string $source the source file

35

45

* @param string $dest the destination file

600

610

*/

601

611

$fileBase = str_replace('.', '_', $fileBase);

602

612

613

$blacklistKey = 'GalleryPlatform::blacklistedFileExtensions';

614

if (GalleryDataCache::containsKey($blacklistKey)) {

615

$blacklistedExtensions = GalleryDataCache::get($blacklistKey);

616

} else {

617

$blacklistedExtensions = array_flip($this->_blacklistedFileExtensions);

618

GalleryDataCache::put($blacklistKey, $blacklistedExtensions);

619

}

620

603

621

/*

604

622

* If we don't know exactly what type this file is, we have to assume that it's something

605

623

* malicious. In that case, it might be a server side script of some kind and we don't want

612

630

$gallery->debug('Error: convertExtensionToMime in ' .

613

631

'GalleryPlatform::legalizePathComponent');

614

632

}

615

if (($ret || $tmp == 'application/unknown') && !empty($extension)) {

633

if (!empty($extension) && ($ret || $tmp == 'application/unknown'

634

|| isset($blacklistedExtensions[GalleryUtilities::strToLower($extension)]))) {

616

635

$fileBase = $fileBase . '_' . $extension;

617

636

$extension = null;

618

637

}

Older »