X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/ee9702f9ff640f0108e52490d256c789acb09433..b28c58864e20c556b65ec60f02c0df6401f73351:/foto/index.php

diff --git a/foto/index.php b/foto/index.php
index 7df1d5c..49e5483 100644
--- a/foto/index.php
+++ b/foto/index.php
@@ -6,7 +6,7 @@ $nav[0] = "Foto's"; # override of root 'foto'
 $title = array_pop($nav);
 $Page->title = ($nav ? implode(' ', $nav) . ': ' : '') . $title;
 
-if (!$User) {
+if ($Page->api) {
 	$img = "$rootdir/index.jpg";
 	if (file_exists($img)) {
 		# cover image of current album
@@ -72,22 +72,22 @@ if ($imgs = glob("$rootdir/*", GLOB_ONLYDIR)) {
 	natsort($imgs);
 	print '<ul class="gallery cat">'."\n";
 	foreach ($imgs as $path) {
-		$parts = pathinfo($path);
-		$album = $parts['filename'];
+		$album = htmlspecialchars(pathinfo($path, PATHINFO_FILENAME));
 		$cover = "$path/index.jpg";
 		if (!file_exists($cover)) $cover = 'foto/index.jpg';
 		if (is_link($cover)) {
 			$cover = preg_replace('{^(?:\.\./)*(?=data/)}', 'thumb/100/', readlink($cover));
 		}
 
-		$html = '<img src="/'.$cover.'" />';
+		$html = sprintf('<img src="/%s" />', htmlspecialchars($cover));
 		$html .= "<figcaption>$album</figcaption>";
 		if (!$User->login and file_exists("$path/.private")) {
 			$html = '<s title="bewoners">'.$html.'</s>';
 		}
 		$html = "<figure>$html</figure>";
 
-		printf('<li id="%s"><a href="%s">%s</a>'."\n", $album, "/$path", $html);
+		printf('<li id="%s">', $album);
+		printf('<a href="/%s">%s</a>'."\n", htmlspecialchars($path), $html);
 	}
 	print "</ul>\n\n";
 }