diff options
| -rw-r--r-- | inc/media.php | 2 | ||||
| -rw-r--r-- | inc/search.php | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/inc/media.php b/inc/media.php index 0ea10b0df..1d7726170 100644 --- a/inc/media.php +++ b/inc/media.php @@ -400,7 +400,7 @@ function media_filelist($ns,$auth=null,$jump=''){ $dir = utf8_encodeFN(str_replace(':','/',$ns)); $data = array(); - search($data,$conf['mediadir'],'search_media',array(),$dir); + search($data,$conf['mediadir'],'search_media',array('showmsg'=>true),$dir); if(!count($data)){ echo '<div class="nothing">'.$lang['nothingfound'].'</div>'.NL; diff --git a/inc/search.php b/inc/search.php index 584e684ff..b4d5f1274 100644 --- a/inc/search.php +++ b/inc/search.php @@ -205,6 +205,11 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){ $info = array(); $info['id'] = pathID($file,true); + if($info['id'] != cleanID($info['id'])){ + if($opts['showmsg']) + msg(hsc($info['id']).' is not a valid file name for DokuWiki - skipped',-1); + return false; // skip non-valid files + } //check ACL for namespace (we have no ACL for mediafiles) if(auth_quickaclcheck(getNS($info['id']).':*') < AUTH_READ){ |