summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Barth2010-09-20 16:36:10 +0000
committerAlex Barth2010-09-20 16:36:10 +0000
commit94aae911f3d277b3302d5a76eb017101b7c7ecd9 (patch)
tree7c43979127d29e3381aab5e7fb5d5152e467c72c
parent7b9ed6b8b540eed97bc9dd5eaa23e9f9e383b182 (diff)
Fix file extension validation.
-rw-r--r--plugins/FeedsFileFetcher.inc16
1 files changed, 11 insertions, 5 deletions
diff --git a/plugins/FeedsFileFetcher.inc b/plugins/FeedsFileFetcher.inc
index a582671..a263b9e 100644
--- a/plugins/FeedsFileFetcher.inc
+++ b/plugins/FeedsFileFetcher.inc
@@ -90,9 +90,8 @@ class FeedsFileFetcher extends FeedsFetcher {
// If there is a file uploaded, save it, otherwise validate input on
// file.
- if ($file = file_save_upload('feeds', array(), $feed_dir)) {
- file_set_status($file, FILE_STATUS_PERMANENT);
- $values['source'] = $file->filepath;
+ if ($file = file_save_upload('feeds', array('file_validate_extensions' => array(0 => $this->config['allowed_extensions'])), $feed_dir)) {
+ $values['source'] = $file->uri;
}
elseif (empty($values['source'])) {
form_set_error('feeds][source', t('Upload a file first.'));
@@ -100,8 +99,8 @@ class FeedsFileFetcher extends FeedsFetcher {
// If a file has not been uploaded and $values['source'] is not empty, make
// sure that this file is within Drupal's files directory as otherwise
// potentially any file that the web server has access could be exposed.
- elseif (!file_check_location($values['source'], file_directory_path())) {
- form_set_error('feeds][source', t('File needs to point to a file in your Drupal file system path.'));
+ elseif (strpos($values['source'], 'public://') !== 0) {
+ form_set_error('feeds][source', t('File needs to reside within the site\'s file directory, its path needs to start with public://.'));
}
}
@@ -110,6 +109,7 @@ class FeedsFileFetcher extends FeedsFetcher {
*/
public function configDefaults() {
return array(
+ 'allowed_extensions' => 'txt csv xml',
'direct' => FALSE,
);
}
@@ -119,6 +119,12 @@ class FeedsFileFetcher extends FeedsFetcher {
*/
public function configForm(&$form_state) {
$form = array();
+ $form['allowed_extensions'] = array(
+ '#type' =>'textfield',
+ '#title' => t('Allowed file extensions'),
+ '#description' => t('Allowed file extensions for upload.'),
+ '#default_value' => $this->config['allowed_extensions'],
+ );
$form['direct'] = array(
'#type' =>'checkbox',
'#title' => t('Supply path to file directly'),