Changeset 2999
- Timestamp:
- 08/28/08 02:37:47 (3 months ago)
- Files:
-
- trunk/tmpl/cms/include/asset_upload.tmpl (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/tmpl/cms/include/asset_upload.tmpl
r2784 r2999 7 7 var middle = sel.form['middle_path']; 8 8 if (middle) middle.value = path; 9 } 10 11 function validate(f) { 12 if (!is_valid_path(f.extra_path.value)){ 13 alert('You must set a valid destination.'); 14 return false; 15 } 16 } 17 18 function is_valid_path(path_){ 19 var str = path_.replace(/[ "%<>\[\\\]\^`{\|}~]/g, ""); 20 str = encodeURI(str); 21 if (str.indexOf('%') != -1) { 22 return false; 23 } 24 if (str.match(/\.\./)) { 25 return false; 26 } 27 return true; 9 28 } 10 29 /* ]]> */ … … 37 56 </mt:if> 38 57 39 <form method="post" enctype="multipart/form-data" action="<mt:var name="script_url">" id="upload-form" >58 <form method="post" enctype="multipart/form-data" action="<mt:var name="script_url">" id="upload-form" onsubmit="return validate(this)"> 40 59 <input type="hidden" name="__mode" value="<mt:if name="upload_mode"><mt:var name="upload_mode" escape="html"><mt:else>upload_file</mt:if>" /> 41 60 <input type="hidden" name="blog_id" value="<mt:var name="blog_id">" />
