media_upload: check for empty file input

s9y · May 27, 2020 · 0409717 · 0409717
1 parent 9f0af1f
commit 0409717
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php
@@ -28,6 +28,18 @@
     serendipity_restoreVar($serendipity['COOKIE']['serendipity_toggle_dir'], $serendipity['GET']['toggle_dir']);
 }
 
+$messages = array();
+
+// submitted media_upload.tpl: check for empty file field and redirect back to media_upload
+if ( $serendipity['GET']['adminAction'] == 'add' ) {
+    $serendipity['POST']['imageurl'] = serendipity_specialchars($serendipity['POST']['imageurl']);
+
+    if (empty($serendipity['POST']['imageurl'])) {
+        $messages[] = '<span class="msg_error"><span class="icon-attention-circled" aria-hidden="true"></span>' . NO_FILE_SELECTED . "</span>\n";
+        $serendipity['GET']['adminAction'] = 'addSelect';
+    }
+}
+
 switch ($serendipity['GET']['adminAction']) {
 
     case 'doSync':
@@ -71,7 +83,6 @@
             break;
         }
 
-        $messages = array();
         $data['case_do_delete'] = true;
         $messages[] = serendipity_deleteImage($serendipity['GET']['fid']);
         $messages[] = sprintf('<span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> ' . RIP_ENTRY . "</span>\n", $serendipity['GET']['fid']);
@@ -85,7 +96,6 @@
             break;
         }
 
-        $messages = array();
         $parts = explode(',', $serendipity['GET']['id']);
         $data['case_do_multidelete'] = true;
         foreach($parts AS $id) {
@@ -133,7 +143,6 @@
         }
         // case bulk multimove (leave the fake oldDir being send as an empty dir)
         if (!empty($serendipity['POST']['newDir'])) {
-            $messages = array();
             $multiMoveImages = $serendipity['POST']['multiDelete']; // The 'multiDelete' key name should better be renamed to 'multiCheck', but this would need to change 2k11/admin/serendipity_editor.js, images.inc.tpl, media_items.tpl, media_pane.tpl and this file
             unset($serendipity['POST']['multiDelete']);
 
@@ -199,7 +208,7 @@
             return;
         }
         $data['case_add'] = true;
-        $messages = array();
+
         if ($serendipity['POST']['adminSubAction'] == 'properties') {
             serendipity_restoreVar($serendipity['COOKIE']['serendipity_only_path'], $serendipity['GET']['only_path']); // restore last set directory path, see true parameter
             $properties        = serendipity_parsePropertyForm();
@@ -217,10 +226,9 @@
 
         $new_media = array();
 
-        $serendipity['POST']['imageurl'] = serendipity_specialchars($serendipity['POST']['imageurl']);
 
         // First find out whether to fetch a hotlink file or accept an upload
-        if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
+        if ($serendipity['POST']['imageurl'] != 'http://') {
             if (!empty($serendipity['POST']['target_filename'][2])) {
                 // Faked hidden form 2 when submitting with JavaScript
                 $tfile   = $serendipity['POST']['target_filename'][2];
@@ -646,6 +654,7 @@
             'multiperm'         => serendipity_checkPermission('adminImagesDirectories')
         );
         // ToDo later: merge $data and $media
+        $serendipity['smarty']->assign('messages', $messages);
         $serendipity['smarty']->assign('media', $mediaFiles);
         $serendipity['smarty']->display(serendipity_getTemplateFile('admin/media_upload.tpl', 'serendipityPath'));
         return;

diff --git a/templates/2k11/admin/media_upload.tpl b/templates/2k11/admin/media_upload.tpl
@@ -1,5 +1,9 @@
 <h2>{$CONST.ADD_MEDIA}</h2>
 
+{foreach $messages as $message}
+    {$message}
+{/foreach}
+
 <form id="uploadform" action="?{$media.extraParems}" method="POST" enctype="multipart/form-data">
 {if $media.max_file_size}
     <input name="MAX_FILE_SIZE" type="hidden" value="{$max_file_size}">