MDB Fixes:

* Properly attach to missing nodes
* Inherit parent ACL for new directories
* Fix not allowing access to directories that should be available to all

diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php
index 3e8fa9b119aac26ca78eef277117e2109c056f05..65db1ca4a30bda4277a5bdba47bbbe9fcdcd7674 100644 (file)
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@@ -471,15 +471,30 @@ switch ($serendipity['GET']['adminAction']) {
         }
 
         $new_dir = serendipity_uploadSecure($serendipity['POST']['parent'] . '/' . $serendipity['POST']['name'], true);
-        $new_dir = str_replace('..', '', $new_dir);
+        $new_dir = str_replace(array('..', '//'), array('', '/'), $new_dir);
 
         /* TODO: check if directory already exist */
         if (@mkdir($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir)) {
             printf(DIRECTORY_CREATED, $serendipity['POST']['name']);
             @umask(0000);
             @chmod($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir, 0777);
-            serendipity_ACLGrant(0, 'directory', 'read', array(0), $new_dir . '/');
-            serendipity_ACLGrant(0, 'directory', 'write', array(0), $new_dir . '/');
+            
+            // Apply parent ACL to new child.
+            $array_parent_read  = serendipity_ACLGet(0, 'directory', 'read',  $serendipity['POST']['parent']);
+            $array_parent_write = serendipity_ACLGet(0, 'directory', 'write', $serendipity['POST']['parent']);
+            if (!is_array($array_parent_read) || count($array_parent_read) < 1) {
+                $parent_read = array(0);
+            } else {
+                $parent_read = array_keys($array_parent_read);
+            }
+            if (!is_array($array_parent_write) || count($array_parent_write) < 1) {
+                $parent_write = array(0);
+            } else {
+                $parent_write = array_keys($array_parent_write);
+            }
+
+            serendipity_ACLGrant(0, 'directory', 'read', $parent_read, $new_dir . '/');
+            serendipity_ACLGrant(0, 'directory', 'write', $parent_write, $new_dir . '/');
         } else {
             printf(DIRECTORY_WRITE_ERROR, $new_dir);
         }

diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php
index 0d7b1def589d573c01bb0c57e97be201df0af838..ffdafcd6fb8573077592a22265d8c5d4a22e7927 100644 (file)
--- a/include/functions_images.inc.php
+++ b/include/functions_images.inc.php
@@ -1976,7 +1976,7 @@ function serendipity_directoryACL(&$paths, $type = 'read') {
 
             $granted = false;
             foreach($acl_allowed[$info['relpath']] AS $groupid => $set) {
-                if (isset($acl_allowed_groups[$groupid])) {
+                if ($groupid === 0 || isset($acl_allowed_groups[$groupid])) {
                     // We are allowed to access this element
                     $granted = true;
                     break;

diff --git a/templates/default/admin/media_choose.tpl b/templates/default/admin/media_choose.tpl
index f7411dd917e3ad1699844dda9fe1d10e55d6d2d8..94d4dfe34b2a14aa60635e3442b9586a5d7d0659 100644 (file)
--- a/templates/default/admin/media_choose.tpl
+++ b/templates/default/admin/media_choose.tpl
@@ -324,7 +324,11 @@
         {if $item.depth == 1}
         tmpNode = new YAHOO.widget.TextNode(mydir, coreNode, false);
         {else}
-        tmpNode = new YAHOO.widget.TextNode(mydir, last_node[{$item.depth} - 1], false);
+        if (last_node[{$item.depth}-1]) {ldelim}
+            tmpNode = new YAHOO.widget.TextNode(mydir, last_node[{$item.depth} - 1], false);
+        {rdelim} else {ldelim}
+            tmpNode = new YAHOO.widget.TextNode(mydir, coreNode, false);
+        {rdelim}
         {/if}
         last_node[{$item.depth}] = tmpNode;
         {/foreach}