summary refs log tree commit diff stats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Crater/Gallery.rakumod13
-rw-r--r--lib/Crater/Routes/Gallery.rakumod4
2 files changed, 13 insertions, 4 deletions
diff --git a/lib/Crater/Gallery.rakumod b/lib/Crater/Gallery.rakumod
index 448593f..373231a 100644
--- a/lib/Crater/Gallery.rakumod
+++ b/lib/Crater/Gallery.rakumod
@@ -10,9 +10,17 @@ class Crater::Gallery {
     #| Accessor for $!title.
     method title() { $!title }
 
-    method list() {
+    method list(:@sub-dir) {
+        # This will be considered an attempt to attack. There is no
+        # reason to check '.' I belive.
+        if @sub-dir.grep('.'|'..').elems {
+            die "[!!!] @sub-dir contains '..'/'.'";
+        }
+
         my @gallery;
-        my @paths = $!directory.dir;
+        my @paths = @sub-dir
+                     ?? $!directory.add(@sub-dir.join("/")).dir
+                     !! $!directory.dir;
 
         with $!title {
             push @gallery, %( :type<heading>, :text($_) );
@@ -20,6 +28,7 @@ class Crater::Gallery {
 
         # Add directories on top.
         for @paths.grep(*.d) {
+            next if .ends-with(".crater");
             push @gallery, %( :type<directory>,
                               :text($_.relative($!directory)) );
         }
diff --git a/lib/Crater/Routes/Gallery.rakumod b/lib/Crater/Routes/Gallery.rakumod
index aa3e4b6..655e62e 100644
--- a/lib/Crater/Routes/Gallery.rakumod
+++ b/lib/Crater/Routes/Gallery.rakumod
@@ -17,9 +17,9 @@ sub gallery-routes(
         }
 
         # Gallery view.
-        get -> LoggedIn $session {
+        get -> LoggedIn $session, *@path {
             template 'gallery.crotmp', {
-                gallery => $gallery.list(),
+                gallery => $gallery.list(sub-dir => @path),
                 title => "Gallery"
             };
         }