summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2013-04-18 21:42:41 +0200
committerFlorian Pritz <bluewind@xinu.at>2013-04-18 21:42:41 +0200
commit2565aed0f14ec1f1814798489aad4478f96a300d (patch)
treee53bcca75e800ce125d286bbdcd366ac9a3ea81c /application
parentb4d77c4403600680c8b8c0f7aa824a0f3d2bad24 (diff)
new_id(): improve id blacklist
We shouldn't use dir or filenames from the top directory as IDs because they won't work if you use mod_rewrite. Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application')
-rw-r--r--application/models/mfile.php10
1 files changed, 9 insertions, 1 deletions
diff --git a/application/models/mfile.php b/application/models/mfile.php
index 203e2e101..c2b423dbe 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -18,9 +18,17 @@ class Mfile extends CI_Model {
// Returns an unused ID
function new_id()
{
+ static $id_blacklist = NULL;
+
$id = random_alphanum(3,6);
- if ($this->id_exists($id) || $id == 'file' || $id == 'user') {
+ if ($id_blacklist == NULL) {
+ $id_blacklist = scandir(FCPATH);
+ $id_blacklist[] = "file";
+ $id_blacklist[] = "user";
+ }
+
+ if ($this->id_exists($id) || in_array($id, $id_blacklist)) {
return $this->new_id();
} else {
return $id;