From b2658d7e01b7f246d20ab9bdd8134cc54d8dfef9 Mon Sep 17 00:00:00 2001 From: djdallmann Date: Sat, 17 May 2014 05:41:18 +0000 Subject: [PATCH 1/4] Added support for filenames with spaces by using escapeshellarg() to evaluate and treat string as literal. --- php/modules/Import.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/php/modules/Import.php b/php/modules/Import.php index 4d28226..2ecca57 100644 --- a/php/modules/Import.php +++ b/php/modules/Import.php @@ -87,8 +87,11 @@ class Import extends Module { $out = ''; $ret = ''; + $file = escapeshellarg($file); + $cmd = $osmv . " $file " . LYCHEE_DATA . $tmpdirname; + + @exec($cmd, $out, $ret); - @exec($osmv . ' ' . $file . ' ' . LYCHEE_DATA . $tmpdirname, $out, $ret); if (isset($ret)&&($ret>0)) Log::error($database, __METHOD__, __LINE__, "Failed to move directory or file ($ret):" . $file); } From 7e6fd3ccc7ac1d897ae5bc4538d23a3643db9edd Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Sat, 17 May 2014 16:51:56 +0200 Subject: [PATCH 2/4] Improved plugin loading --- php/modules/Plugins.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/php/modules/Plugins.php b/php/modules/Plugins.php index cc86f7e..2603c04 100644 --- a/php/modules/Plugins.php +++ b/php/modules/Plugins.php @@ -26,8 +26,18 @@ class Plugins implements \SplSubject { # Load plugins foreach ($this->files as $file) { + if ($file==='') continue; - include(LYCHEE_PLUGINS . $file); + + $file = LYCHEE_PLUGINS . $file; + + if (file_exists($file)===false) { + Log::warning($database, __METHOD__, __LINE__, 'Could not include plugin. File does not exist (' . $file . ').'); + continue; + } + + include($file); + } return true; From 830e2362d314aa107c415cbb1bf385556c9d9f67 Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Sat, 17 May 2014 22:48:06 +0200 Subject: [PATCH 3/4] Catch error when calling Import::move --- php/modules/Import.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/php/modules/Import.php b/php/modules/Import.php index 4d28226..5e91e36 100644 --- a/php/modules/Import.php +++ b/php/modules/Import.php @@ -116,7 +116,13 @@ class Import extends Module { if (!isset($path)) $path = LYCHEE_UPLOADS_IMPORT; - if ($useTemp===true) $path = Import::move($database, $path); + if ($useTemp===true) { + $path = Import::move($database, $path); + if ($path===false) { + Log::error($database, __METHOD__, __LINE__, 'Failed to move import to temporary directory'); + return false; + } + } $error = false; $contains['photos'] = false; From 02740d840a70025836497d9e1599eda69766a36f Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Sat, 17 May 2014 22:59:28 +0200 Subject: [PATCH 4/4] Prevent unsupported files from being moved (#151) --- php/modules/Import.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/php/modules/Import.php b/php/modules/Import.php index 5825f98..3dfa3c1 100644 --- a/php/modules/Import.php +++ b/php/modules/Import.php @@ -82,8 +82,8 @@ class Import extends Module { foreach ($files as $file) { - # Prevent index.html from being moved - if (basename($file)==='index.html') continue; + # Prevent unsupported files from being moved + if (is_dir($file)===false&&@exif_imagetype($file)===false) continue; $out = ''; $ret = '';