Merge pull request 'Asset: let slugs consist only of an explicit set of allowed characters' (#41) from clean-slugs into master
Reviewed-on: #41
This commit was merged in pull request #41.
This commit is contained in:
@@ -36,6 +36,16 @@ class Asset
|
||||
$this->date_captured = new DateTime($data['date_captured']);
|
||||
}
|
||||
|
||||
public static function cleanSlug($slug)
|
||||
{
|
||||
// Only alphanumerical chars, underscores and forward slashes are allowed
|
||||
if (!preg_match_all('~([A-z0-9\/_]+)~', $slug, $allowedTokens, PREG_PATTERN_ORDER))
|
||||
throw new UnexpectedValueException('Slug does not make sense.');
|
||||
|
||||
// Join valid substrings together with hyphens
|
||||
return implode('-', $allowedTokens[1]);
|
||||
}
|
||||
|
||||
public static function fromId($id_asset, $return_format = 'object')
|
||||
{
|
||||
$row = Registry::get('db')->queryAssoc('
|
||||
@@ -214,7 +224,7 @@ class Asset
|
||||
$title = $data['title'] ?? $basename;
|
||||
|
||||
// Same with the slug.
|
||||
$slug = $data['slug'] ?? sprintf('%s/%s', $preferred_subdir, $basename);
|
||||
$slug = $data['slug'] ?? self::cleanSlug(sprintf('%s/%s', $preferred_subdir, $basename));
|
||||
|
||||
// Detected an image?
|
||||
if (substr($mimetype, 0, 5) == 'image')
|
||||
|
||||
Reference in New Issue
Block a user