$title = array_pop($nav);
$Page->title = ($nav ? implode(' ', $nav) . ': ' : '') . $title;
-if (!$User) {
+if ($Page->api) {
$img = "$rootdir/index.jpg";
if (file_exists($img)) {
# cover image of current album
natsort($imgs);
print '<ul class="gallery cat">'."\n";
foreach ($imgs as $path) {
- $parts = pathinfo($path);
- $album = $parts['filename'];
+ $album = htmlspecialchars(pathinfo($path, PATHINFO_FILENAME));
$cover = "$path/index.jpg";
if (!file_exists($cover)) $cover = 'foto/index.jpg';
if (is_link($cover)) {
$cover = preg_replace('{^(?:\.\./)*(?=data/)}', 'thumb/100/', readlink($cover));
}
- $html = '<img src="/'.$cover.'" />';
+ $html = sprintf('<img src="/%s" />', htmlspecialchars($cover));
$html .= "<figcaption>$album</figcaption>";
if (!$User->login and file_exists("$path/.private")) {
$html = '<s title="bewoners">'.$html.'</s>';
}
$html = "<figure>$html</figure>";
- printf('<li id="%s"><a href="%s">%s</a>'."\n", $album, "/$path", $html);
+ printf('<li id="%s">', $album);
+ printf('<a href="/%s">%s</a>'."\n", htmlspecialchars($path), $html);
}
print "</ul>\n\n";
}