From 2565aed0f14ec1f1814798489aad4478f96a300d Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Thu, 18 Apr 2013 21:42:41 +0200 Subject: new_id(): improve id blacklist We shouldn't use dir or filenames from the top directory as IDs because they won't work if you use mod_rewrite. Signed-off-by: Florian Pritz --- application/models/mfile.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'application/models') diff --git a/application/models/mfile.php b/application/models/mfile.php index 203e2e101..c2b423dbe 100644 --- a/application/models/mfile.php +++ b/application/models/mfile.php @@ -18,9 +18,17 @@ class Mfile extends CI_Model { // Returns an unused ID function new_id() { + static $id_blacklist = NULL; + $id = random_alphanum(3,6); - if ($this->id_exists($id) || $id == 'file' || $id == 'user') { + if ($id_blacklist == NULL) { + $id_blacklist = scandir(FCPATH); + $id_blacklist[] = "file"; + $id_blacklist[] = "user"; + } + + if ($this->id_exists($id) || in_array($id, $id_blacklist)) { return $this->new_id(); } else { return $id; -- cgit v1.2.3-24-g4f1b