From c57276b7795881c4e8005a063e2b15dec8ab37d6 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Tue, 25 Jan 2022 09:05:34 +0100 Subject: [PATCH] Performance, input sanitization, cleanup --- www/galleri/.gitignore | 5 ++--- www/galleri/fetchPics.sh | 2 +- www/galleri/index.php | 6 +++--- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/www/galleri/.gitignore b/www/galleri/.gitignore index 1f0c822..2e2b0ef 100644 --- a/www/galleri/.gitignore +++ b/www/galleri/.gitignore @@ -1,4 +1,3 @@ -bilder/slideshow/*.* -!/bilder/slideshow/.gitkeep -bilder/pvv-photos +bilder/slideshow/* +bilder/pvv-photos/ usernames.txt \ No newline at end of file diff --git a/www/galleri/fetchPics.sh b/www/galleri/fetchPics.sh index f8e7812..cd903bc 100755 --- a/www/galleri/fetchPics.sh +++ b/www/galleri/fetchPics.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash outfolder="bilder/pvv-photos" -folders=$(find /home/pvv -maxdepth 3 -name 'pvv-photos' 2>/dev/null) +folders=$(ssh pvv@microbel.pvv.ntnu.no -i /home/pvv/c/pvv/.ssh/photofetcher 'find /home/pvv -maxdepth 3 -name "pvv-photos" 2>/dev/null') unamefile="usernames.txt" > $unamefile # Empty the file diff --git a/www/galleri/index.php b/www/galleri/index.php index f596fef..6b74ee3 100644 --- a/www/galleri/index.php +++ b/www/galleri/index.php @@ -110,12 +110,12 @@ $imageTemplate = ' } $vars = [ - "%user" => $imguser, + "%user" => htmlspecialchars($imguser), "%time" => $modTime, "%timestamp" => filemtime($fullPath . $value), - "%name" => $displaypath, + "%name" => htmlspecialchars($displaypath), "%path" => "/galleri/" . $relativePath .$value, - "%realname" => $realname + "%realname" => $htmlspecialchars(realname) ]; echo strtr($imageTemplate, $vars); }