Public/pics
2
2
Fork 2
Code Issues 5 Pull Requests Releases Wiki Activity

Asset: let slugs consist only of an explicit set of allowed characters

Browse Source
This commit is contained in:
Aaron van Geffen
2023-11-20 22:45:48 +01:00
parent 2ec565242e
commit baa928531b
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
models/Asset.php
View File

@@ -36,6 +36,16 @@ class Asset
$this->date_captured = new DateTime($data['date_captured']);
}
public static function cleanSlug($slug)
{
// Only alphanumerical chars, underscores and forward slashes are allowed
if (!preg_match_all('~([A-z0-9\/_]+)~', $slug, $allowedTokens, PREG_PATTERN_ORDER))
throw new UnexpectedValueException('Slug does not make sense.');
// Join valid substrings together with hyphens
return implode('-', $allowedTokens[1]);
}
public static function fromId($id_asset, $return_format = 'object')
{
$row = Registry::get('db')->queryAssoc('
@@ -214,7 +224,7 @@ class Asset
$title = $data['title'] ?? $basename;
// Same with the slug.
$slug = $data['slug'] ?? sprintf('%s/%s', $preferred_subdir, $basename);
$slug = $data['slug'] ?? self::cleanSlug(sprintf('%s/%s', $preferred_subdir, $basename));
// Detected an image?
if (substr($mimetype, 0, 5) == 'image')