0
@@ -3,6 +3,7 @@ class ApplicationController < ActionController::Base
0
   around_filter :set_timezone
0
   before_filter :auth_token_login, :check_bans, :update_online_at, :get_options, :get_stats, :get_reminders
0
   helper_method :current_user, :logged_in?, :is_online?, :admin?, :can_edit?, :require_login, :require_admin, :redirect_home
0
+  
0
   rescue_from ActiveRecord::RecordNotFound, :with => :record_not_found
0
   
0
   session :session_key => '_eldorado_session_id'
0
@@ -37,7 +38,7 @@ class ApplicationController < ActionController::Base
0
       redirect_to logout_path and return false
0
     end
0
   end
0
-  
0
+    
0
   def update_online_at
0
     return unless logged_in?
0
     session[:online_at] = current_user.online_at.utc if current_user.online_at.utc + 10.minutes < Time.now.utc

0
@@ -28,6 +28,8 @@ class Avatar < ActiveRecord::Base
0
   validates_uniqueness_of :filename
0
   validates_presence_of :user_id
0
   
0
+  before_create :reject_index_files
0
+  
0
   attr_protected :id, :parent_id, :user_id, :created_at, :updated_at 
0
   
0
   def full_filename(thumbnail = nil)
0
@@ -35,6 +37,10 @@ class Avatar < ActiveRecord::Base
0
     File.join(RAILS_ROOT, file_system_path, thumbnail_name_for(thumbnail))
0
   end
0
   
0
+  def reject_index_files
0
+    errors.add_to_base("Invalid file name") and return false if %w(index.html index.htm).include?(filename)
0
+  end
0
+    
0
   def to_s
0
     filename.to_s
0
   end

0
@@ -28,13 +28,19 @@ class Header < ActiveRecord::Base
0
   validates_uniqueness_of :filename
0
   validates_presence_of :user_id
0
   
0
+  before_create :reject_index_files
0
+  
0
   attr_protected :id, :parent_id, :user_id, :created_at, :updated_at
0
   
0
   def full_filename(thumbnail = nil)
0
     file_system_path = (thumbnail ? thumbnail_class : self).attachment_options[:path_prefix].to_s
0
     File.join(RAILS_ROOT, file_system_path, thumbnail_name_for(thumbnail))
0
   end
0
-
0
+  
0
+  def reject_index_files
0
+    errors.add_to_base("Invalid file name") and return false if %w(index.html index.htm).include?(filename)
0
+  end
0
+  
0
   def vote_up
0
     self.votes = self.votes + 1
0
     self.save!

0
@@ -26,6 +26,8 @@ class Theme < ActiveRecord::Base
0
   validates_uniqueness_of :filename
0
   validates_presence_of :user_id
0
   
0
+  before_create :reject_index_files
0
+  
0
   attr_protected :id, :parent_id, :user_id, :created_at, :updated_at 
0
   
0
   def full_filename(thumbnail = nil)
0
@@ -33,6 +35,10 @@ class Theme < ActiveRecord::Base
0
     File.join(RAILS_ROOT, file_system_path, thumbnail_name_for(thumbnail))
0
   end
0
   
0
+  def reject_index_files
0
+    errors.add_to_base("Invalid file name") and return false if %w(index.html index.htm).include?(filename)
0
+  end
0
+    
0
   def to_s
0
     filename.to_s
0
   end

0
@@ -39,7 +39,7 @@ class Upload < ActiveRecord::Base
0
   def reject_index_files
0
     errors.add_to_base("Invalid file name") and return false if %w(index.html index.htm).include?(filename)
0
   end
0
-  
0
+    
0
   def to_s
0
     filename.to_s
0
   end