diff options
| author | Nathan Kinkade <nath@nkinka.de> | 2012-06-18 16:17:55 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nath@nkinka.de> | 2012-06-18 16:17:55 +0000 |
| commit | 527bc809aaa6d48e7c1a7be50de31a4c3adcee90 (patch) | |
| tree | fb7432e06af9191f2300af97685f235325d36f57 | |
| parent | b52e834bd0bab530e98537d52b31d4b37f199739 (diff) | |
| parent | c48df3b8199802a75f30f38c6f7b3440f9fde4ca (diff) | |
Merge branch 'master' of git://github.com/gallery/gallery3
| -rw-r--r-- | .build_number | 2 | ||||
| -rw-r--r-- | application/config/config.php | 7 | ||||
| -rw-r--r-- | index.php | 5 | ||||
| -rw-r--r-- | installer/views/get_db_info.html.php | 2 | ||||
| -rw-r--r-- | lib/gallery.dialog.js | 13 | ||||
| -rw-r--r-- | lib/uploadify/jquery.uploadify.min.js | 51 | ||||
| -rw-r--r-- | modules/g2_import/controllers/admin_g2_import.php | 1 | ||||
| -rw-r--r-- | modules/gallery/controllers/file_proxy.php | 14 | ||||
| -rw-r--r-- | modules/gallery/helpers/module.php | 12 | ||||
| -rw-r--r-- | modules/gallery/libraries/MY_Database.php | 2 | ||||
| -rw-r--r-- | modules/gallery/libraries/MY_Kohana_Exception.php | 6 | ||||
| -rw-r--r-- | modules/gallery/tests/Database_Test.php | 8 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 187 | ||||
| -rw-r--r-- | modules/gallery/views/form_uploadify.html.php | 6 | ||||
| -rw-r--r-- | modules/image_block/controllers/image_block.php | 1 | ||||
| -rw-r--r-- | modules/info/helpers/info_block.php | 3 | ||||
| -rw-r--r-- | modules/search/views/search.html.php | 7 |
17 files changed, 185 insertions, 142 deletions
diff --git a/.build_number b/.build_number index 98c1fd99..df37d3b0 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=236 +build_number=246 diff --git a/application/config/config.php b/application/config/config.php index d89e7774..4bece9a1 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -37,10 +37,13 @@ * So dirname doesn't work. So we do a tricky workaround where we look up the SCRIPT_FILENAME (in * this case it'd be "index.php" and we delete from that part onwards. If you work at 1and1 and * you're reading this, please fix this bug! + * + * Rawurlencode each of the elements to avoid breaking the page layout. */ $config["site_domain"] = - substr($_SERVER["SCRIPT_NAME"], 0, - strpos($_SERVER["SCRIPT_NAME"], basename($_SERVER["SCRIPT_FILENAME"]))); + implode("/", array_map("rawurlencode", explode("/", + substr($_SERVER["SCRIPT_NAME"], 0, + strpos($_SERVER["SCRIPT_NAME"], basename($_SERVER["SCRIPT_FILENAME"])))))); /** * Force a default protocol to be used by the site. If no site_protocol is @@ -24,6 +24,11 @@ define("IN_PRODUCTION", true); version_compare(PHP_VERSION, "5.2.3", "<") and exit("Gallery requires PHP 5.2.3 or newer (you're using " . PHP_VERSION . ")"); +// Gallery is not supported on Windows. +if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { + exit("Gallery is not supported on Windows (PHP reports that you're using: " . PHP_OS . ")"); +} + // PHP 5.4 requires a timezone - if one isn't set date functions aren't going to work properly. // We'll log this once the logging system is initialized (in the gallery_event::gallery_ready). if (!ini_get("date.timezone")) { diff --git a/installer/views/get_db_info.html.php b/installer/views/get_db_info.html.php index 9fc1accd..c9f57e1d 100644 --- a/installer/views/get_db_info.html.php +++ b/installer/views/get_db_info.html.php @@ -23,7 +23,7 @@ <?php else: ?> <p> We've found a place to store your photos: - <code class="location"> <?= VARPATH ?> </code> + <code class="location"> <?= htmlspecialchars(VARPATH, ENT_QUOTES, 'UTF-8', true) ?> </code> </p> <?php endif ?> </fieldset> diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 087b00ab..3115532b 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -71,6 +71,12 @@ $("#g-dialog").dialog("option", "self", self); }, + error: function(xhr, textStatus, errorThrown) { + $("#g-dialog").html(xhr.responseText); + self._set_title(); + self._layout(); + }, + _layout: function() { var dialogWidth; var dialogHeight = $("#g-dialog").height(); @@ -178,7 +184,12 @@ window.location.reload(); } } - } + }, + error: function(xhr, textStatus, errorThrown) { + $("#g-dialog").html(xhr.responseText); + self._set_title(); + self._layout(); + } }); }, diff --git a/lib/uploadify/jquery.uploadify.min.js b/lib/uploadify/jquery.uploadify.min.js index 43053119..17127a71 100644 --- a/lib/uploadify/jquery.uploadify.min.js +++ b/lib/uploadify/jquery.uploadify.min.js @@ -1,26 +1,27 @@ -/* -Uploadify v2.1.0 -Release Date: August 24, 2009 -Copyright (c) 2009 Ronnie Garcia, Travis Nickels - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. -*/ - -if(jQuery){(function(a){a.extend(a.fn,{uploadify:function(b){a(this).each(function(){settings=a.extend({id:a(this).attr("id"),uploader:"uploadify.swf",script:"uploadify.php",expressInstall:null,folder:"",height:30,width:110,cancelImg:"cancel.png",wmode:"opaque",scriptAccess:"sameDomain",fileDataName:"Filedata",method:"POST",queueSizeLimit:999,simUploadLimit:1,queueID:false,displayData:"percentage",onInit:function(){},onSelect:function(){},onQueueFull:function(){},onCheck:function(){},onCancel:function(){},onError:function(){},onProgress:function(){},onComplete:function(){},onAllComplete:function(){}},b);var e=location.pathname;e=e.split("/");e.pop();e=e.join("/")+"/";var f={};f.uploadifyID=settings.id;f.pagepath=e;if(settings.buttonImg){f.buttonImg=escape(settings.buttonImg)}if(settings.buttonText){f.buttonText=escape(settings.buttonText)}if(settings.rollover){f.rollover=true}f.script=settings.script;f.folder=escape(settings.folder);if(settings.scriptData){var g="";for(var d in settings.scriptData){g+="&"+d+"="+settings.scriptData[d]}f.scriptData=escape(g.substr(1))}f.width=settings.width;f.height=settings.height;f.wmode=settings.wmode;f.method=settings.method;f.queueSizeLimit=settings.queueSizeLimit;f.simUploadLimit=settings.simUploadLimit;if(settings.hideButton){f.hideButton=true}if(settings.fileDesc){f.fileDesc=settings.fileDesc}if(settings.fileExt){f.fileExt=settings.fileExt}if(settings.multi){f.multi=true}if(settings.auto){f.auto=true}if(settings.sizeLimit){f.sizeLimit=settings.sizeLimit}if(settings.checkScript){f.checkScript=settings.checkScript}if(settings.fileDataName){f.fileDataName=settings.fileDataName}if(settings.queueID){f.queueID=settings.queueID}if(settings.onInit()!==false){a(this).css("display","none");a(this).after('<div id="'+a(this).attr("id")+'Uploader"></div>');swfobject.embedSWF(settings.uploader,settings.id+"Uploader",settings.width,settings.height,"9.0.24",settings.expressInstall,f,{quality:"high",wmode:settings.wmode,allowScriptAccess:settings.scriptAccess});if(settings.queueID==false){a("#"+a(this).attr("id")+"Uploader").after('<div id="'+a(this).attr("id")+'Queue" class="uploadifyQueue"></div>')}}if(typeof(settings.onOpen)=="function"){a(this).bind("uploadifyOpen",settings.onOpen)}a(this).bind("uploadifySelect",{action:settings.onSelect,queueID:settings.queueID},function(j,h,i){if(j.data.action(j,h,i)!==false){var k=Math.round(i.size/1024*100)*0.01;var l="KB";if(k>1000){k=Math.round(k*0.001*100)*0.01;l="MB"}var m=k.toString().split(".");if(m.length>1){k=m[0]+"."+m[1].substr(0,2)}else{k=m[0]}if(i.name.length>20){fileName=i.name.substr(0,20)+"..."}else{fileName=i.name}queue="#"+a(this).attr("id")+"Queue";if(j.data.queueID){queue="#"+j.data.queueID}a(queue).append('<div id="'+a(this).attr("id")+h+'" class="uploadifyQueueItem"><div class="cancel"><a href="javascript:jQuery(\'#'+a(this).attr("id")+"').uploadifyCancel('"+h+'\')"><img src="'+settings.cancelImg+'" border="0" /></a></div><span class="fileName">'+fileName+" ("+k+l+')</span><span class="percentage"></span><div class="uploadifyProgress"><div id="'+a(this).attr("id")+h+'ProgressBar" class="uploadifyProgressBar"><!--Progress Bar--></div></div></div>')}});if(typeof(settings.onSelectOnce)=="function"){a(this).bind("uploadifySelectOnce",settings.onSelectOnce)}a(this).bind("uploadifyQueueFull",{action:settings.onQueueFull},function(h,i){if(h.data.action(h,i)!==false){alert("The queue is full. The max size is "+i+".")}});a(this).bind("uploadifyCheckExist",{action:settings.onCheck},function(m,l,k,j,o){var i=new Object();i=k;i.folder=e+j;if(o){for(var h in k){var n=h}}a.post(l,i,function(r){for(var p in r){if(m.data.action(m,l,k,j,o)!==false){var q=confirm("Do you want to replace the file "+r[p]+"?");if(!q){document.getElementById(a(m.target).attr("id")+"Uploader").cancelFileUpload(p,true,true)}}}if(o){document.getElementById(a(m.target).attr("id")+"Uploader").startFileUpload(n,true)}else{document.getElementById(a(m.target).attr("id")+"Uploader").startFileUpload(null,true)}},"json")});a(this).bind("uploadifyCancel",{action:settings.onCancel},function(l,h,k,m,j){if(l.data.action(l,h,k,m,j)!==false){var i=(j==true)?0:250;a("#"+a(this).attr("id")+h).fadeOut(i,function(){a(this).remove()})}});if(typeof(settings.onClearQueue)=="function"){a(this).bind("uploadifyClearQueue",settings.onClearQueue)}var c=[];a(this).bind("uploadifyError",{action:settings.onError},function(l,h,k,j){if(l.data.action(l,h,k,j)!==false){var i=new Array(h,k,j);c.push(i);a("#"+a(this).attr("id")+h+" .percentage").text(" - "+j.type+" Error");a("#"+a(this).attr("id")+h).addClass("uploadifyError")}});a(this).bind("uploadifyProgress",{action:settings.onProgress,toDisplay:settings.displayData},function(j,h,i,k){if(j.data.action(j,h,i,k)!==false){a("#"+a(this).attr("id")+h+"ProgressBar").css("width",k.percentage+"%");if(j.data.toDisplay=="percentage"){displayData=" - "+k.percentage+"%"}if(j.data.toDisplay=="speed"){displayData=" - "+k.speed+"KB/s"}if(j.data.toDisplay==null){displayData=" "}a("#"+a(this).attr("id")+h+" .percentage").text(displayData)}});a(this).bind("uploadifyComplete",{action:settings.onComplete},function(k,h,j,i,l){if(k.data.action(k,h,j,unescape(i),l)!==false){a("#"+a(this).attr("id")+h+" .percentage").text(" - Completed");a("#"+a(this).attr("id")+h).fadeOut(250,function(){a(this).remove()})}});if(typeof(settings.onAllComplete)=="function"){a(this).bind("uploadifyAllComplete",{action:settings.onAllComplete},function(h,i){if(h.data.action(h,i)!==false){c=[]}})}})},uploadifySettings:function(f,j,c){var g=false;a(this).each(function(){if(f=="scriptData"&&j!=null){if(c){var i=j}else{var i=a.extend(settings.scriptData,j)}var l="";for(var k in i){l+="&"+k+"="+escape(i[k])}j=l.substr(1)}g=document.getElementById(a(this).attr("id")+"Uploader").updateSettings(f,j)});if(j==null){if(f=="scriptData"){var b=unescape(g).split("&");var e=new Object();for(var d=0;d<b.length;d++){var h=b[d].split("=");e[h[0]]=h[1]}g=e}return g}},uploadifyUpload:function(b){a(this).each(function(){document.getElementById(a(this).attr("id")+"Uploader").startFileUpload(b,false)})},uploadifyCancel:function(b){a(this).each(function(){document.getElementById(a(this).attr("id")+"Uploader").cancelFileUpload(b,true,false)})},uploadifyClearQueue:function(){a(this).each(function(){document.getElementById(a(this).attr("id")+"Uploader").clearFileUploadQueue(false)})}})})(jQuery)};
\ No newline at end of file +if(jQuery)(function(jQuery){jQuery.extend(jQuery.fn,{uploadify:function(options){jQuery(this).each(function(){settings=jQuery.extend({id:jQuery(this).attr('id'),uploader:'uploadify.swf',script:'uploadify.php',expressInstall:null,folder:'',height:30,width:110,cancelImg:'cancel.png',wmode:'opaque',scriptAccess:'sameDomain',fileDataName:'Filedata',method:'POST',queueSizeLimit:999,simUploadLimit:1,queueID:false,displayData:'percentage',onInit:function(){},onSelect:function(){},onQueueFull:function(){},onCheck:function(){},onCancel:function(){},onError:function(){},onProgress:function(){},onComplete:function(){},onAllComplete:function(){}},options);var pagePath=location.pathname;pagePath=pagePath.split('/');pagePath.pop();pagePath=pagePath.join('/')+'/';var data={};data.uploadifyID=settings.id;data.pagepath=pagePath;if(settings.buttonImg)data.buttonImg=escape(settings.buttonImg);if(settings.buttonText)data.buttonText=escape(settings.buttonText);if(settings.rollover)data.rollover=true;data.script=settings.script;data.folder=escape(settings.folder);if(settings.scriptData){var scriptDataString='';for(var name in settings.scriptData){scriptDataString+='&'+name+'='+settings.scriptData[name];} +data.scriptData=escape(scriptDataString.substr(1));} +data.width=settings.width;data.height=settings.height;data.wmode=settings.wmode;data.method=settings.method;data.queueSizeLimit=settings.queueSizeLimit;data.simUploadLimit=settings.simUploadLimit;if(settings.hideButton)data.hideButton=true;if(settings.fileDesc)data.fileDesc=settings.fileDesc;if(settings.fileExt)data.fileExt=settings.fileExt;if(settings.multi)data.multi=true;if(settings.auto)data.auto=true;if(settings.sizeLimit)data.sizeLimit=settings.sizeLimit;if(settings.checkScript)data.checkScript=settings.checkScript;if(settings.fileDataName)data.fileDataName=settings.fileDataName;if(settings.queueID)data.queueID=settings.queueID;if(settings.onInit()!==false){jQuery(this).css('display','none');jQuery(this).after('<div id="'+jQuery(this).attr('id')+'Uploader"></div>');swfobject.embedSWF(settings.uploader,settings.id+'Uploader',settings.width,settings.height,'9.0.24',settings.expressInstall,data,{'quality':'high','wmode':settings.wmode,'allowScriptAccess':settings.scriptAccess});if(settings.queueID==false){jQuery("#"+jQuery(this).attr('id')+"Uploader").after('<div id="'+jQuery(this).attr('id')+'Queue" class="uploadifyQueue"></div>');}} +if(typeof(settings.onOpen)=='function'){jQuery(this).bind("uploadifyOpen",settings.onOpen);} +jQuery(this).bind("uploadifySelect",{'action':settings.onSelect,'queueID':settings.queueID},function(event,ID,fileObj){if(event.data.action(event,ID,fileObj)!==false){var byteSize=Math.round(fileObj.size/1024*100)*.01;var suffix='KB';if(byteSize>1000){byteSize=Math.round(byteSize*.001*100)*.01;suffix='MB';} +var sizeParts=byteSize.toString().split('.');if(sizeParts.length>1){byteSize=sizeParts[0]+'.'+sizeParts[1].substr(0,2);}else{byteSize=sizeParts[0];} +if(fileObj.name.length>20){fileName=fileObj.name.substr(0,20)+'...';}else{fileName=fileObj.name;} +queue='#'+jQuery(this).attr('id')+'Queue';if(event.data.queueID){queue='#'+event.data.queueID;} +jQuery(queue).append('<div id="'+jQuery(this).attr('id')+ID+'" class="uploadifyQueueItem">\ + <div class="cancel">\ + <a href="javascript:jQuery(\'#'+jQuery(this).attr('id')+'\').uploadifyCancel(\''+ID+'\')"><img src="'+settings.cancelImg+'" border="0" /></a>\ + </div>\ + <span class="fileName"></span><span class="percentage"></span>\ + <div class="uploadifyProgress">\ + <div id="'+jQuery(this).attr('id')+ID+'ProgressBar" class="uploadifyProgressBar"><!--Progress Bar--></div>\ + </div>\ + </div>');jQuery('div#'+jQuery(this).attr('id')+ID+' span.fileName').text(fileName+' ('+byteSize+suffix+')');}});if(typeof(settings.onSelectOnce)=='function'){jQuery(this).bind("uploadifySelectOnce",settings.onSelectOnce);} +jQuery(this).bind("uploadifyQueueFull",{'action':settings.onQueueFull},function(event,queueSizeLimit){if(event.data.action(event,queueSizeLimit)!==false){alert('The queue is full. The max size is '+queueSizeLimit+'.');}});jQuery(this).bind("uploadifyCheckExist",{'action':settings.onCheck},function(event,checkScript,fileQueueObj,folder,single){var postData=new Object();postData=fileQueueObj;postData.folder=pagePath+folder;if(single){for(var ID in fileQueueObj){var singleFileID=ID;}} +jQuery.post(checkScript,postData,function(data){for(var key in data){if(event.data.action(event,checkScript,fileQueueObj,folder,single)!==false){var replaceFile=confirm("Do you want to replace the file "+data[key]+"?");if(!replaceFile){document.getElementById(jQuery(event.target).attr('id')+'Uploader').cancelFileUpload(key,true,true);}}} +if(single){document.getElementById(jQuery(event.target).attr('id')+'Uploader').startFileUpload(singleFileID,true);}else{document.getElementById(jQuery(event.target).attr('id')+'Uploader').startFileUpload(null,true);}},"json");});jQuery(this).bind("uploadifyCancel",{'action':settings.onCancel},function(event,ID,fileObj,data,clearFast){if(event.data.action(event,ID,fileObj,data,clearFast)!==false){var fadeSpeed=(clearFast==true)?0:250;jQuery("#"+jQuery(this).attr('id')+ID).fadeOut(fadeSpeed,function(){jQuery(this).remove()});}});if(typeof(settings.onClearQueue)=='function'){jQuery(this).bind("uploadifyClearQueue",settings.onClearQueue);} +var errorArray=[];jQuery(this).bind("uploadifyError",{'action':settings.onError},function(event,ID,fileObj,errorObj){if(event.data.action(event,ID,fileObj,errorObj)!==false){var fileArray=new Array(ID,fileObj,errorObj);errorArray.push(fileArray);jQuery("#"+jQuery(this).attr('id')+ID+" .percentage").text(" - "+errorObj.type+" Error");jQuery("#"+jQuery(this).attr('id')+ID).addClass('uploadifyError');}});jQuery(this).bind("uploadifyProgress",{'action':settings.onProgress,'toDisplay':settings.displayData},function(event,ID,fileObj,data){if(event.data.action(event,ID,fileObj,data)!==false){jQuery("#"+jQuery(this).attr('id')+ID+"ProgressBar").css('width',data.percentage+'%');if(event.data.toDisplay=='percentage')displayData=' - '+data.percentage+'%';if(event.data.toDisplay=='speed')displayData=' - '+data.speed+'KB/s';if(event.data.toDisplay==null)displayData=' ';jQuery("#"+jQuery(this).attr('id')+ID+" .percentage").text(displayData);}});jQuery(this).bind("uploadifyComplete",{'action':settings.onComplete},function(event,ID,fileObj,response,data){if(event.data.action(event,ID,fileObj,unescape(response),data)!==false){jQuery("#"+jQuery(this).attr('id')+ID+" .percentage").text(' - Completed');jQuery("#"+jQuery(this).attr('id')+ID).fadeOut(250,function(){jQuery(this).remove()});}});if(typeof(settings.onAllComplete)=='function'){jQuery(this).bind("uploadifyAllComplete",{'action':settings.onAllComplete},function(event,uploadObj){if(event.data.action(event,uploadObj)!==false){errorArray=[];}});}});},uploadifySettings:function(settingName,settingValue,resetObject){var returnValue=false;jQuery(this).each(function(){if(settingName=='scriptData'&&settingValue!=null){if(resetObject){var scriptData=settingValue;}else{var scriptData=jQuery.extend(settings.scriptData,settingValue);} +var scriptDataString='';for(var name in scriptData){scriptDataString+='&'+name+'='+escape(scriptData[name]);} +settingValue=scriptDataString.substr(1);} +returnValue=document.getElementById(jQuery(this).attr('id')+'Uploader').updateSettings(settingName,settingValue);});if(settingValue==null){if(settingName=='scriptData'){var returnSplit=unescape(returnValue).split('&');var returnObj=new Object();for(var i=0;i<returnSplit.length;i++){var iSplit=returnSplit[i].split('=');returnObj[iSplit[0]]=iSplit[1];} +returnValue=returnObj;} +return returnValue;}},uploadifyUpload:function(ID){jQuery(this).each(function(){document.getElementById(jQuery(this).attr('id')+'Uploader').startFileUpload(ID,false);});},uploadifyCancel:function(ID){jQuery(this).each(function(){document.getElementById(jQuery(this).attr('id')+'Uploader').cancelFileUpload(ID,true,false);});},uploadifyClearQueue:function(){jQuery(this).each(function(){document.getElementById(jQuery(this).attr('id')+'Uploader').clearFileUploadQueue(false);});}})})(jQuery);
\ No newline at end of file diff --git a/modules/g2_import/controllers/admin_g2_import.php b/modules/g2_import/controllers/admin_g2_import.php index 5edd2a1b..2e435321 100644 --- a/modules/g2_import/controllers/admin_g2_import.php +++ b/modules/g2_import/controllers/admin_g2_import.php @@ -104,6 +104,7 @@ class Admin_g2_import_Controller extends Admin_Controller { $path_prefix = Input::instance()->get("q"); foreach (glob("{$path_prefix}*") as $file) { if (is_dir($file) && !is_link($file)) { + $file = html::clean($file); $directories[] = $file; // If we find an embed.php, include it as well diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 36c6bc2a..49aa9c5a 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -29,6 +29,13 @@ class File_Proxy_Controller extends Controller { const ALLOW_PRIVATE_GALLERY = true; public function __call($function, $args) { + + // Force zlib compression off. Image and movie files are already compressed and + // recompressing them is CPU intensive. + if (ini_get("zlib.output_compression")) { + ini_set("zlib.output_compression", "Off"); + } + // request_uri: gallery3/var/albums/foo/bar.jpg?m=1234 $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); @@ -128,7 +135,12 @@ class File_Proxy_Controller extends Controller { // going to buffer up whatever file we're proxying (and it may be very large). This may // affect embedding or systems with PHP's output_buffering enabled. while (ob_get_level()) { - ob_end_clean(); + Kohana_Log::add("error","".print_r(ob_get_level(),1)); + if (!@ob_end_clean()) { + // ob_end_clean() can return false if the buffer can't be removed for some reason + // (zlib output compression buffers sometimes cause problems). + break; + } } readfile($file); diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 7292b106..e4f41d3d 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -110,10 +110,7 @@ class module_Core { $identity_module = module::get_var("gallery", "identity_provider", "user"); $modules->$identity_module->locked = true; - function natural_name_sort($a, $b) { - return strnatcasecmp($a->name, $b->name); - } - $modules->uasort('natural_name_sort'); + $modules->uasort(array("module", "module_comparator")); self::$available = $modules; } @@ -121,6 +118,13 @@ class module_Core { } /** + * Natural name sort comparator + */ + static function module_comparator($a, $b) { + return strnatcasecmp($a->name, $b->name); + } + + /** * Return a list of all the active modules in no particular order. */ static function active() { diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php index fb54bfcd..4fbd62fd 100644 --- a/modules/gallery/libraries/MY_Database.php +++ b/modules/gallery/libraries/MY_Database.php @@ -58,7 +58,7 @@ abstract class Database extends Database_Core { $open_brace = strpos($sql, "{") + 1; $close_brace = strpos($sql, "}", $open_brace); $name = substr($sql, $open_brace, $close_brace - $open_brace); - $this->_table_names["{{$name}}"] = "{$prefix}$name"; + $this->_table_names["{{$name}}"] = "`{$prefix}$name`"; } else if (strpos($sql, "RENAME TABLE") === 0) { // Renaming a table; add it to the table cache. // You must use the form "TO {new_table_name}" exactly for this to work. diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php index dd04b25f..0c07ea5e 100644 --- a/modules/gallery/libraries/MY_Kohana_Exception.php +++ b/modules/gallery/libraries/MY_Kohana_Exception.php @@ -23,7 +23,7 @@ class Kohana_Exception extends Kohana_Exception_Core { */ public static function text($e) { if ($e instanceof Kohana_404_Exception) { - return "File not found: " . Router::$complete_uri; + return "File not found: " . rawurlencode(Router::$complete_uri); } else { return sprintf( "%s [ %s ]: %s\n%s [ %s ]\n%s", @@ -94,4 +94,8 @@ class Kohana_Exception extends Kohana_Exception_Core { } return $result; } + + public static function debug_path($file) { + return html::clean(parent::debug_path($file)); + } }
\ No newline at end of file diff --git a/modules/gallery/tests/Database_Test.php b/modules/gallery/tests/Database_Test.php index 55006abc..fa9e5370 100644 --- a/modules/gallery/tests/Database_Test.php +++ b/modules/gallery/tests/Database_Test.php @@ -106,7 +106,7 @@ class Database_Test extends Gallery_Unit_Test_Case { PRIMARY KEY (`id`), UNIQUE KEY(`name`)) ENGINE=InnoDB DEFAULT CHARSET=utf8"); - $expected = "CREATE TABLE IF NOT EXISTS g_test ( + $expected = "CREATE TABLE IF NOT EXISTS `g_test` ( `id` int(9) NOT NULL auto_increment, `name` varchar(32) NOT NULL, PRIMARY KEY (`id`), @@ -121,9 +121,9 @@ class Database_Test extends Gallery_Unit_Test_Case { " AND `right_ptr` <= 6)"; $sql = $db->add_table_prefixes($sql); - $expected = "UPDATE g_test SET `name` = '{test string}' " . + $expected = "UPDATE `g_test` SET `name` = '{test string}' " . "WHERE `item_id` IN " . - " (SELECT `id` FROM g_test " . + " (SELECT `id` FROM `g_test` " . " WHERE `left_ptr` >= 1 " . " AND `right_ptr` <= 6)"; @@ -133,7 +133,7 @@ class Database_Test extends Gallery_Unit_Test_Case { function prefix_replacement_for_rename_table_test() { $db = Database::instance("mock"); $this->assert_same( - "RENAME TABLE g_test TO g_new_test", + "RENAME TABLE `g_test` TO `g_new_test`", $db->add_table_prefixes("RENAME TABLE {test} TO {new_test}")); } diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 38042f85..2bfacb47 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -134,52 +134,51 @@ modules/gallery/views/admin_themes_buttonset.html.php 26 DIRTY_JS $info[ modules/gallery/views/admin_themes_buttonset.html.php 39 DIRTY_JS $info['discuss_url'] modules/gallery/views/admin_themes_preview.html.php 8 DIRTY_ATTR $url modules/gallery/views/error_404.html.php 14 DIRTY $login_form -modules/gallery/views/error_admin.html.php 178 DIRTY @gallery_block::get("platform_info") -modules/gallery/views/error_admin.html.php 179 DIRTY @gallery_block::get("stats") -modules/gallery/views/error_admin.html.php 184 DIRTY $type -modules/gallery/views/error_admin.html.php 184 DIRTY $code -modules/gallery/views/error_admin.html.php 187 DIRTY $message -modules/gallery/views/error_admin.html.php 190 DIRTY_ATTR $error_id -modules/gallery/views/error_admin.html.php 195 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 195 DIRTY $line -modules/gallery/views/error_admin.html.php 200 DIRTY_ATTR ($num==$line)?"highlight":"" -modules/gallery/views/error_admin.html.php 200 DIRTY $num -modules/gallery/views/error_admin.html.php 200 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) -modules/gallery/views/error_admin.html.php 212 DIRTY_ATTR $source_id -modules/gallery/views/error_admin.html.php 212 DIRTY_JS $source_id -modules/gallery/views/error_admin.html.php 212 DIRTY Kohana_Exception::debug_path($step["file"]) -modules/gallery/views/error_admin.html.php 212 DIRTY $step["line"] -modules/gallery/views/error_admin.html.php 214 DIRTY Kohana_Exception::debug_path($step["file"]) -modules/gallery/views/error_admin.html.php 214 DIRTY $step["line"] -modules/gallery/views/error_admin.html.php 221 DIRTY $step["function"] -modules/gallery/views/error_admin.html.php 222 DIRTY_ATTR $args_id -modules/gallery/views/error_admin.html.php 222 DIRTY_JS $args_id -modules/gallery/views/error_admin.html.php 226 DIRTY_ATTR $args_id -modules/gallery/views/error_admin.html.php 231 DIRTY $name -modules/gallery/views/error_admin.html.php 234 DIRTY Kohana_Exception::safe_dump($arg,$name) -modules/gallery/views/error_admin.html.php 242 DIRTY_ATTR $source_id -modules/gallery/views/error_admin.html.php 242 DIRTY_ATTR ($num==$step["line"])?"highlight":"" -modules/gallery/views/error_admin.html.php 242 DIRTY $num -modules/gallery/views/error_admin.html.php 242 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) -modules/gallery/views/error_admin.html.php 252 DIRTY_ATTR $env_id=$error_id."environment" -modules/gallery/views/error_admin.html.php 252 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 254 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 256 DIRTY_ATTR $env_id=$error_id."environment_included" -modules/gallery/views/error_admin.html.php 256 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 256 DIRTY count($included) -modules/gallery/views/error_admin.html.php 257 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 262 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 269 DIRTY_ATTR $env_id=$error_id."environment_loaded" -modules/gallery/views/error_admin.html.php 269 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 269 DIRTY count($included) -modules/gallery/views/error_admin.html.php 270 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 275 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 283 DIRTY_ATTR $env_id="$error_id.environment".strtolower($var) -modules/gallery/views/error_admin.html.php 284 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 284 DIRTY $var -modules/gallery/views/error_admin.html.php 285 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 291 DIRTY $key -modules/gallery/views/error_admin.html.php 295 DIRTY Kohana_Exception::safe_dump($value,$key) +modules/gallery/views/error_admin.html.php 179 DIRTY @gallery_block::get("platform_info") +modules/gallery/views/error_admin.html.php 180 DIRTY @gallery_block::get("stats") +modules/gallery/views/error_admin.html.php 185 DIRTY $type +modules/gallery/views/error_admin.html.php 185 DIRTY $code +modules/gallery/views/error_admin.html.php 191 DIRTY_ATTR $error_id +modules/gallery/views/error_admin.html.php 196 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 196 DIRTY $line +modules/gallery/views/error_admin.html.php 201 DIRTY_ATTR ($num==$line)?"highlight":"" +modules/gallery/views/error_admin.html.php 201 DIRTY $num +modules/gallery/views/error_admin.html.php 201 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) +modules/gallery/views/error_admin.html.php 213 DIRTY_ATTR $source_id +modules/gallery/views/error_admin.html.php 213 DIRTY_JS $source_id +modules/gallery/views/error_admin.html.php 213 DIRTY Kohana_Exception::debug_path($step["file"]) +modules/gallery/views/error_admin.html.php 213 DIRTY $step["line"] +modules/gallery/views/error_admin.html.php 215 DIRTY Kohana_Exception::debug_path($step["file"]) +modules/gallery/views/error_admin.html.php 215 DIRTY $step["line"] +modules/gallery/views/error_admin.html.php 222 DIRTY $step["function"] +modules/gallery/views/error_admin.html.php 223 DIRTY_ATTR $args_id +modules/gallery/views/error_admin.html.php 223 DIRTY_JS $args_id +modules/gallery/views/error_admin.html.php 227 DIRTY_ATTR $args_id +modules/gallery/views/error_admin.html.php 232 DIRTY $name +modules/gallery/views/error_admin.html.php 235 DIRTY Kohana_Exception::safe_dump($arg,$name) +modules/gallery/views/error_admin.html.php 243 DIRTY_ATTR $source_id +modules/gallery/views/error_admin.html.php 243 DIRTY_ATTR ($num==$step["line"])?"highlight":"" +modules/gallery/views/error_admin.html.php 243 DIRTY $num +modules/gallery/views/error_admin.html.php 243 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) +modules/gallery/views/error_admin.html.php 253 DIRTY_ATTR $env_id=$error_id."environment" +modules/gallery/views/error_admin.html.php 253 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 255 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 257 DIRTY_ATTR $env_id=$error_id."environment_included" +modules/gallery/views/error_admin.html.php 257 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 257 DIRTY count($included) +modules/gallery/views/error_admin.html.php 258 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 263 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 270 DIRTY_ATTR $env_id=$error_id."environment_loaded" +modules/gallery/views/error_admin.html.php 270 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 270 DIRTY count($included) +modules/gallery/views/error_admin.html.php 271 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 276 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 284 DIRTY_ATTR $env_id="$error_id.environment".strtolower($var) +modules/gallery/views/error_admin.html.php 285 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 285 DIRTY $var +modules/gallery/views/error_admin.html.php 286 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 292 DIRTY $key +modules/gallery/views/error_admin.html.php 296 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 16 DIRTY_JS url::site("uploader/status/_S/_E") modules/gallery/views/form_uploadify.html.php 24 DIRTY_JS $flash_minimum_version modules/gallery/views/form_uploadify.html.php 28 DIRTY_JS url::file("lib/uploadify/uploadify.swf") @@ -188,7 +187,7 @@ modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS implod modules/gallery/views/form_uploadify.html.php 33 DIRTY_JS url::file("lib/uploadify/cancel.png") modules/gallery/views/form_uploadify.html.php 34 DIRTY_JS $simultaneous_upload_limit modules/gallery/views/form_uploadify.html.php 35 DIRTY_JS $size_limit_bytes -modules/gallery/views/form_uploadify.html.php 162 DIRTY_ATTR request::protocol() +modules/gallery/views/form_uploadify.html.php 164 DIRTY_ATTR request::protocol() modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form")) modules/gallery/views/in_place_edit.html.php 3 DIRTY access::csrf_form_field() modules/gallery/views/in_place_edit.html.php 6 DIRTY form::input("input",$form["input"]," class=\"textbox\"") @@ -275,7 +274,6 @@ modules/gallery/views/upgrader.html.php 123 DIRTY_ATTR $don modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $user->avatar_url(40,$theme->url(,true)) modules/gallery/views/user_profile.html.php 43 DIRTY $info->view -modules/image_block/views/image_block_block.html.php 4 DIRTY_JS $item->url() modules/image_block/views/image_block_block.html.php 5 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) modules/info/views/info_block.html.php 5 DIRTY $info["label"] modules/info/views/info_block.html.php 5 DIRTY $info["value"] @@ -290,7 +288,7 @@ modules/notification/views/item_updated.html.php 20 DIRTY $item- modules/notification/views/user_profile_notification.html.php 5 DIRTY_ATTR $subscription->id modules/notification/views/user_profile_notification.html.php 6 DIRTY_JS $subscription->url modules/organize/views/organize_dialog.html.php 8 DIRTY_JS url::site("items/__ID__") -modules/organize/views/organize_dialog.html.php 14 DIRTY_JS $album->title +modules/organize/views/organize_dialog.html.php 14 DIRTY_JS html::clean($album->title) modules/organize/views/organize_frame.html.php 12 DIRTY_JS url::file("modules/organize/vendor/ext/images/default/s.gif") modules/organize/views/organize_frame.html.php 56 DIRTY_JS url::site("organize/album_info/__ID__") modules/organize/views/organize_frame.html.php 94 DIRTY_JS access::csrf_token() @@ -304,7 +302,7 @@ modules/organize/views/organize_frame.html.php 410 DIRTY_JS url::s modules/organize/views/organize_frame.html.php 468 DIRTY_JS url::site("organize/reparent") modules/organize/views/organize_frame.html.php 491 DIRTY_JS access::csrf_token() modules/organize/views/organize_frame.html.php 507 DIRTY_JS access::can("edit",item::root()) -modules/organize/views/organize_frame.html.php 509 DIRTY_JS item::root()->title +modules/organize/views/organize_frame.html.php 509 DIRTY_JS html::clean(item::root()->title) modules/organize/views/organize_frame.html.php 511 DIRTY_JS item::root()->id modules/organize/views/organize_frame.html.php 519 DIRTY_JS $album->id modules/organize/views/organize_frame.html.php 520 DIRTY_JS $album->id @@ -319,7 +317,7 @@ modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed- modules/rss/views/feed.mrss.php 19 DIRTY_JS $feed->next_page_uri modules/rss/views/feed.mrss.php 21 DIRTY $pub_date modules/rss/views/feed.mrss.php 22 DIRTY $pub_date -modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$item->created); +modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s O",$item->created); modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $item->resize_url(true) modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $item->resize_height modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $item->resize_width @@ -342,8 +340,9 @@ modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $ite modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) modules/search/views/search.html.php 27 DIRTY_ATTR $item_class modules/search/views/search.html.php 28 DIRTY_JS $item->url() -modules/search/views/search.html.php 29 DIRTY $item->thumb_img() -modules/search/views/search.html.php 40 DIRTY $theme->paginator() +modules/search/views/search.html.php 29 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) +modules/search/views/search.html.php 31 DIRTY_ATTR $item_class +modules/search/views/search.html.php 41 DIRTY $theme->paginator() modules/server_add/views/admin_server_add.html.php 8 DIRTY_JS url::site("__ARGS__") modules/server_add/views/admin_server_add.html.php 19 DIRTY $form modules/server_add/views/admin_server_add.html.php 30 DIRTY_ATTR $id @@ -379,22 +378,22 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url -themes/admin_wind/views/admin.html.php 4 DIRTY $theme->html_attributes() -themes/admin_wind/views/admin.html.php 34 DIRTY $theme->admin_head() -themes/admin_wind/views/admin.html.php 46 DIRTY_JS $theme->url() -themes/admin_wind/views/admin.html.php 51 DIRTY $theme->get_combined("css") -themes/admin_wind/views/admin.html.php 54 DIRTY $theme->get_combined("script") -themes/admin_wind/views/admin.html.php 58 DIRTY $theme->admin_page_top() -themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_top() -themes/admin_wind/views/admin.html.php 67 DIRTY_JS item::root()->url() -themes/admin_wind/views/admin.html.php 70 DIRTY $theme->user_menu() -themes/admin_wind/views/admin.html.php 73 DIRTY $theme->admin_menu() -themes/admin_wind/views/admin.html.php 76 DIRTY $theme->admin_header_bottom() -themes/admin_wind/views/admin.html.php 83 DIRTY $content -themes/admin_wind/views/admin.html.php 89 DIRTY $sidebar -themes/admin_wind/views/admin.html.php 94 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 97 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 102 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/admin.html.php 5 DIRTY $theme->html_attributes() +themes/admin_wind/views/admin.html.php 35 DIRTY $theme->admin_head() +themes/admin_wind/views/admin.html.php 47 DIRTY_JS $theme->url() +themes/admin_wind/views/admin.html.php 52 DIRTY $theme->get_combined("css") +themes/admin_wind/views/admin.html.php 55 DIRTY $theme->get_combined("script") +themes/admin_wind/views/admin.html.php 59 DIRTY $theme->admin_page_top() +themes/admin_wind/views/admin.html.php 67 DIRTY $theme->admin_header_top() +themes/admin_wind/views/admin.html.php 68 DIRTY_JS item::root()->url() +themes/admin_wind/views/admin.html.php 71 DIRTY $theme->user_menu() +themes/admin_wind/views/admin.html.php 74 DIRTY $theme->admin_menu() +themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_header_bottom() +themes/admin_wind/views/admin.html.php 84 DIRTY $content +themes/admin_wind/views/admin.html.php 90 DIRTY $sidebar +themes/admin_wind/views/admin.html.php 95 DIRTY $theme->admin_footer() +themes/admin_wind/views/admin.html.php 98 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 103 DIRTY $theme->admin_page_bottom() themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/admin_wind/views/block.html.php 5 DIRTY $id themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id @@ -404,13 +403,13 @@ themes/admin_wind/views/paginator.html.php 35 DIRTY_JS $first themes/admin_wind/views/paginator.html.php 44 DIRTY_JS $previous_page_url themes/admin_wind/views/paginator.html.php 70 DIRTY_JS $next_page_url themes/admin_wind/views/paginator.html.php 79 DIRTY_JS $last_page_url -themes/wind/views/album.html.php 16 DIRTY_ATTR $child->id -themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class -themes/wind/views/album.html.php 18 DIRTY_JS $child->url() -themes/wind/views/album.html.php 20 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) -themes/wind/views/album.html.php 25 DIRTY_ATTR $item_class -themes/wind/views/album.html.php 26 DIRTY_JS $child->url() -themes/wind/views/album.html.php 44 DIRTY $theme->paginator() +themes/wind/views/album.html.php 19 DIRTY_ATTR $child->id +themes/wind/views/album.html.php 19 DIRTY_ATTR $item_class +themes/wind/views/album.html.php 21 DIRTY_JS $child->url() +themes/wind/views/album.html.php 23 DIRTY $child->thumb_img(array("class"=>"g-thumbnail")) +themes/wind/views/album.html.php 28 DIRTY_ATTR $item_class +themes/wind/views/album.html.php 29 DIRTY_JS $child->url() +themes/wind/views/album.html.php 47 DIRTY $theme->paginator() themes/wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/wind/views/block.html.php 5 DIRTY_ATTR $css_id themes/wind/views/block.html.php 6 DIRTY $title @@ -424,25 +423,23 @@ themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $chi themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) -themes/wind/views/page.html.php 4 DIRTY $theme->html_attributes() -themes/wind/views/page.html.php 10 DIRTY $page_title -themes/wind/views/page.html.php 13 DIRTY $theme->item()->title -themes/wind/views/page.html.php 17 DIRTY item::root()->title -themes/wind/views/page.html.php 32 DIRTY $new_width -themes/wind/views/page.html.php 33 DIRTY $new_height -themes/wind/views/page.html.php 34 DIRTY $thumb_proportion -themes/wind/views/page.html.php 74 DIRTY_JS $theme->url() -themes/wind/views/page.html.php 79 DIRTY $theme->get_combined("css") -themes/wind/views/page.html.php 82 DIRTY $theme->get_combined("script") -themes/wind/views/page.html.php 92 DIRTY $header_text -themes/wind/views/page.html.php 94 DIRTY_JS item::root()->url() -themes/wind/views/page.html.php 98 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 113 DIRTY_ATTR $breadcrumb->last?"g-active":"" -themes/wind/views/page.html.php 114 DIRTY_ATTR $breadcrumb->first?"g-first":"" -themes/wind/views/page.html.php 115 DIRTY_JS $breadcrumb->url -themes/wind/views/page.html.php 128 DIRTY $content -themes/wind/views/page.html.php 134 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 141 DIRTY $footer_text +themes/wind/views/page.html.php 5 DIRTY $theme->html_attributes() +themes/wind/views/page.html.php 11 DIRTY $page_title +themes/wind/views/page.html.php 33 DIRTY $new_width +themes/wind/views/page.html.php 34 DIRTY $new_height +themes/wind/views/page.html.php 35 DIRTY $thumb_proportion +themes/wind/views/page.html.php 75 DIRTY_JS $theme->url() +themes/wind/views/page.html.php 80 DIRTY $theme->get_combined("css") +themes/wind/views/page.html.php 83 DIRTY $theme->get_combined("script") +themes/wind/views/page.html.php 93 DIRTY $header_text +themes/wind/views/page.html.php 95 DIRTY_JS item::root()->url() +themes/wind/views/page.html.php 99 DIRTY $theme->user_menu() +themes/wind/views/page.html.php 114 DIRTY_ATTR $breadcrumb->last?"g-active":"" +themes/wind/views/page.html.php 115 DIRTY_ATTR $breadcrumb->first?"g-first":"" +themes/wind/views/page.html.php 116 DIRTY_JS $breadcrumb->url +themes/wind/views/page.html.php 129 DIRTY $content +themes/wind/views/page.html.php 135 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 142 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index ba4a3621..22332e82 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -59,8 +59,9 @@ var re = /^error: (.*)$/i; var msg = re.exec(response); $("#g-add-photos-status ul").append( - "<li id=\"q" + queueID + "\" class=\"g-success\">" + fileObj.name + " - " + + "<li id=\"q" + queueID + "\" class=\"g-success\"><span></span> - " + <?= t("Completed")->for_js() ?> + "</li>"); + $("#g-add-photos-status li#q" + queueID + " span").text(fileObj.name); setTimeout(function() { $("#q" + queueID).slideUp("slow").remove() }, 5000); success_count++; update_status(); @@ -92,7 +93,8 @@ error_msg + "</a>"; $("#g-add-photos-status ul").append( - "<li id=\"q" + queueID + "\" class=\"g-error\">" + fileObj.name + msg + "</li>"); + "<li id=\"q" + queueID + "\" class=\"g-error\"><span></span>" + msg + "</li>"); + $("#g-add-photos-status li#q" + queueID + " span").text(fileObj.name); $("#g-uploadify").uploadifyCancel(queueID); error_count++; update_status(); diff --git a/modules/image_block/controllers/image_block.php b/modules/image_block/controllers/image_block.php index 94024b3b..4956c08d 100644 --- a/modules/image_block/controllers/image_block.php +++ b/modules/image_block/controllers/image_block.php @@ -20,6 +20,7 @@ class Image_Block_Controller extends Controller { public function random($item_id) { $item = ORM::factory("item", $item_id); + access::required("view", $item); item::set_display_context_callback("Albums_Controller::get_display_context"); url::redirect($item->abs_url()); } diff --git a/modules/info/helpers/info_block.php b/modules/info/helpers/info_block.php index 3dcfa338..d62c900d 100644 --- a/modules/info/helpers/info_block.php +++ b/modules/info/helpers/info_block.php @@ -29,7 +29,8 @@ class info_block_Core { if ($theme->item()) { $block = new Block(); $block->css_id = "g-metadata"; - $block->title = $theme->item()->is_album() ? t("Album info") : t("Photo info"); + $block->title = $theme->item()->is_album() ? t("Album info") : + ($theme->item()->is_movie() ? t("Movie info") : t("Photo info")); $block->content = new View("info_block.html"); if ($theme->item->title && module::get_var("info", "show_title")) { $info["title"] = array( diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index 3436a00c..4279cbab 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -26,11 +26,12 @@ <? $item_class = $item->is_album() ? "g-album" : "g-photo" ?> <li class="g-item <?= $item_class ?>"> <a href="<?= $item->url() ?>"> - <?= $item->thumb_img() ?> + <?= $item->thumb_img(array("class" => "g-thumbnail")) ?> <p> + <span class="<?= $item_class ?>"></span> <?= html::purify(text::limit_chars($item->title, 32, "…")) ?> - </p> - <div> + </p> + <div> <?= nl2br(html::purify(text::limit_chars($item->description, 64, "…"))) ?> </div> </a> |