new_id(): improve id blacklist

We shouldn't use dir or filenames from the top directory as IDs because they won't work if you use mod_rewrite. Signed-off-by: Florian Pritz <bluewind@xinu.at>
author: Florian Pritz <bluewind@xinu.at> 2013-04-18 21:42:41 +0200
committer: Florian Pritz <bluewind@xinu.at> 2013-04-18 21:42:41 +0200
commit: 2565aed0f14ec1f1814798489aad4478f96a300d (patch)
tree: e53bcca75e800ce125d286bbdcd366ac9a3ea81c /application
parent: b4d77c4403600680c8b8c0f7aa824a0f3d2bad24 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/application/models/mfile.php b/application/models/mfile.php
index 203e2e101..c2b423dbe 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -18,9 +18,17 @@ class Mfile extends CI_Model {
 	// Returns an unused ID
 	function new_id()
 	{
+		static $id_blacklist = NULL;
+
 		$id = random_alphanum(3,6);
 
-		if ($this->id_exists($id) || $id == 'file' || $id == 'user') {
+		if ($id_blacklist == NULL) {
+			$id_blacklist = scandir(FCPATH);
+			$id_blacklist[] = "file";
+			$id_blacklist[] = "user";
+		}
+
+		if ($this->id_exists($id) || in_array($id, $id_blacklist)) {
 			return $this->new_id();
 		} else {
 			return $id;
author	Florian Pritz <bluewind@xinu.at>	2013-04-18 21:42:41 +0200
committer	Florian Pritz <bluewind@xinu.at>	2013-04-18 21:42:41 +0200
commit	2565aed0f14ec1f1814798489aad4478f96a300d (patch)
tree	e53bcca75e800ce125d286bbdcd366ac9a3ea81c /application
parent	b4d77c4403600680c8b8c0f7aa824a0f3d2bad24 (diff)