diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Crater/Gallery.rakumod | 13 | ||||
-rw-r--r-- | lib/Crater/Routes/Gallery.rakumod | 4 |
2 files changed, 13 insertions, 4 deletions
diff --git a/lib/Crater/Gallery.rakumod b/lib/Crater/Gallery.rakumod index 448593f..373231a 100644 --- a/lib/Crater/Gallery.rakumod +++ b/lib/Crater/Gallery.rakumod @@ -10,9 +10,17 @@ class Crater::Gallery { #| Accessor for $!title. method title() { $!title } - method list() { + method list(:@sub-dir) { + # This will be considered an attempt to attack. There is no + # reason to check '.' I belive. + if @sub-dir.grep('.'|'..').elems { + die "[!!!] @sub-dir contains '..'/'.'"; + } + my @gallery; - my @paths = $!directory.dir; + my @paths = @sub-dir + ?? $!directory.add(@sub-dir.join("/")).dir + !! $!directory.dir; with $!title { push @gallery, %( :type<heading>, :text($_) ); @@ -20,6 +28,7 @@ class Crater::Gallery { # Add directories on top. for @paths.grep(*.d) { + next if .ends-with(".crater"); push @gallery, %( :type<directory>, :text($_.relative($!directory)) ); } diff --git a/lib/Crater/Routes/Gallery.rakumod b/lib/Crater/Routes/Gallery.rakumod index aa3e4b6..655e62e 100644 --- a/lib/Crater/Routes/Gallery.rakumod +++ b/lib/Crater/Routes/Gallery.rakumod @@ -17,9 +17,9 @@ sub gallery-routes( } # Gallery view. - get -> LoggedIn $session { + get -> LoggedIn $session, *@path { template 'gallery.crotmp', { - gallery => $gallery.list(), + gallery => $gallery.list(sub-dir => @path), title => "Gallery" }; } |