Merge branch 'event' into 1.0.x

[quix0rs-gnu-social.git] / lib / themeuploader.php

diff --git a/lib/themeuploader.php b/lib/themeuploader.php
index b5ef92e7b83a516b15cd4062ec7572e937e5c4cb..b7b14d7b9eb6d1a7e9fc6fd0cce43ca14e21c734 100644 (file)
--- a/lib/themeuploader.php
+++ b/lib/themeuploader.php
@@ -163,9 +163,10 @@ class ThemeUploader
             $estSize = $blockSize * max(1, intval(ceil($size / $blockSize)));
             $totalSize += $estSize;
             if ($totalSize > $sizeLimit) {
-                $msg = sprintf(_("Uploaded theme is too large; " .
-                                 "must be less than %d bytes uncompressed."),
-                                 $sizeLimit);
+                $msg = sprintf(_m('Uploaded theme is too large; must be less than %d byte uncompressed.',
+                                  'Uploaded theme is too large; must be less than %d bytes uncompressed.',
+                                  $sizeLimit),
+                               $sizeLimit);
                 throw new ClientException($msg);
             }
 
@@ -192,6 +193,15 @@ class ThemeUploader
         if (in_array(strtolower($ext), $skip)) {
             return true;
         }
+        if ($filename == '' || substr($filename, 0, 1) == '.') {
+            // Skip Unix-style hidden files
+            return true;
+        }
+        if ($filename == '__MACOSX') {
+            // Skip awful metadata files Mac OS X slips in for you.
+            // Thanks Apple!
+            return true;
+        }
         return false;
     }
 
@@ -205,11 +215,13 @@ class ThemeUploader
     protected function validateFileOrFolder($name)
     {
         if (!preg_match('/^[a-z0-9_\.-]+$/i', $name)) {
+            common_log(LOG_ERR, "Bad theme filename: $name");
             $msg = _("Theme contains invalid file or folder name. " .
                      "Stick with ASCII letters, digits, underscore, and minus sign.");
             throw new ClientException($msg);
         }
         if (preg_match('/\.(php|cgi|asp|aspx|js|vb)\w/i', $name)) {
+            common_log(LOG_ERR, "Unsafe theme filename: $name");
             $msg = _("Theme contains unsafe file extension names; may be unsafe.");
             throw new ClientException($msg);
         }