Merge branch 'master' into talmdal_dev

13 files changed, 45 insertions, 23 deletions

diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js
index 3587108c..f280a525 100644
--- a/lib/gallery.dialog.js
+++ b/lib/gallery.dialog.js
@@ -114,7 +114,8 @@
          },
          success: function(data) {
            if (data.form) {
-             $("#g-dialog form").replaceWith(data.form);
+             var formData = unescape(data.form);
+             $("#g-dialog form").replaceWith(formData);
              $("#g-dialog form :submit").removeClass("ui-state-disabled")
                .attr("disabled", null);
              self._ajaxify_dialog();
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index 787a2138..c460f58c 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -22,7 +22,12 @@ class Admin_Controller extends Controller {
 
   public function __construct($theme=null) {
     if (!identity::active_user()->admin) {
-      access::forbidden();
+      if (identity::active_user()->guest) {
+        Session::instance()->set("continue_url", url::abs_current(true));
+        url::redirect("login");
+      } else {
+        access::forbidden();
+      }
     }
 
     parent::__construct();
@@ -78,7 +83,7 @@ class Admin_Controller extends Controller {
   private static function _prompt_for_reauth($controller_name, $args) {
     if (request::method() == "get" && !request::is_ajax()) {
       // Avoid anti-phishing protection by passing the url as session variable.
-      Session::instance()->set("continue_url", url::current(true));
+      Session::instance()->set("continue_url", url::abs_current(true));
     }
     url::redirect("reauthenticate");
   }
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 40125476..2b60316b 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -38,15 +38,18 @@ class Login_Controller extends Controller {
   }
 
   public function html() {
-    print auth::get_login_form("login/auth_html");
+    $view = new Theme_View("page.html", "other", "login");
+    $view->page_title = t("Login");
+    $view->content = auth::get_login_form("login/auth_html");
+    print $view;
   }
 
   public function auth_html() {
     access::verify_csrf();
 
-    $continue_url = Session::instance()->get("continue_url", null);
     list ($valid, $form) = $this->_auth("login/auth_html");
     if ($valid) {
+      $continue_url = $form->continue_url->value;
       url::redirect($continue_url ? $continue_url : item::root()->abs_url());
     } else {
       $view = new Theme_View("page.html", "other", "login");
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
index 967dad49..20fa8074 100644
--- a/modules/gallery/controllers/logout.php
+++ b/modules/gallery/controllers/logout.php
@@ -21,14 +21,9 @@ class Logout_Controller extends Controller {
   public function index() {
     access::verify_csrf();
     auth::logout();
-    if ($continue_url = Input::instance()->get("continue")) {
-      $item = url::get_item_from_uri($continue_url);
-      if (access::can("view", $item)) {
-        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
-        header("Location: $continue_url");
-      } else {
-        url::redirect(item::root()->abs_url());
-      }
+    if ($continue_url = Input::instance()->get("continue_url")) {
+      url::redirect($continue_url);
     }
+    url::redirect(item::root()->abs_url());
   }
 }
\ No newline at end of file
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index 3503d80a..acb27f6a 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -37,8 +37,7 @@ class Reauthenticate_Controller extends Controller {
     if ($valid) {
       message::success(t("Successfully re-authenticated!"));
       module::event("user_auth", $user);
-      $continue_url = Session::instance()->get_once("continue_url", "admin");
-      url::redirect($continue_url);
+      url::redirect($form->continue_url->value);
     } else {
       $name = $user->name;
       log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
@@ -59,6 +58,7 @@ class Reauthenticate_Controller extends Controller {
   private static function _form() {
     $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form"));
     $form->set_attr('class', "g-narrow");
+    $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin"));
     $group = $form->group("reauthenticate")->label(t("Re-authenticate"));
     $group->password("password")->label(t("Password"))->id("g-password")->class(null)
       ->callback("auth::validate_too_many_failed_auth_attempts")
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 1a9fe869..48b5fc32 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -21,6 +21,7 @@ class auth_Core {
   static function get_login_form($url) {
     $form = new Forge($url, "", "post", array("id" => "g-login-form"));
     $form->set_attr("class", "g-narrow");
+    $form->hidden("continue_url")->value(Session::instance()->get("continue_url"));
     $group = $form->group("login")->label(t("Login"));
     $group->input("name")->label(t("Username"))->id("g-username")->class(null)
       ->callback("auth::validate_too_many_failed_logins")
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index ae7131ae..55db47ce 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -157,11 +157,22 @@ class gallery_event_Core {
                       ->view("login_current_user.html")
                       ->url(user_profile::url($user->id))
                       ->label($user->display_name()));
+
+        if (isset($theme->item)) {
+          if (access::user_can(identity::guest(), "view", $theme->item)) {
+            $continue_url = $theme->item->abs_url();
+          } else {
+            $continue_url = item::root()->abs_url();
+          }
+        } else {
+          $continue_url = url::abs_current();
+        }
+
         $menu->append(Menu::factory("link")
                       ->id("user_menu_logout")
                       ->css_id("g-logout-link")
-                      ->url(url::site("logout?csrf=$csrf&continue=" .
-                                      urlencode(url::abs_current())))
+                      ->url(url::site("logout?csrf=$csrf&continue_url=" .
+                                      urlencode($continue_url)))
                       ->label(t("Logout")));
       }
     }
diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php
index bbbe1058..15bbe977 100644
--- a/modules/gallery/helpers/item.php
+++ b/modules/gallery/helpers/item.php
@@ -136,7 +136,7 @@ class item_Core {
    */
   static function convert_filename_to_title($filename) {
     $title = strtr($filename, "_", " ");
-    $title = preg_replace("/\..*?$/", "", $title);
+    $title = preg_replace("/\..{3,4}$/", "", $title);
     $title = preg_replace("/ +/", " ", $title);
     return $title;
   }
diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php
index e7ebdb1f..df7557ae 100644
--- a/modules/gallery/libraries/MY_Kohana_Exception.php
+++ b/modules/gallery/libraries/MY_Kohana_Exception.php
@@ -59,7 +59,7 @@ class Kohana_Exception extends Kohana_Exception_Core {
   private static function _show_themed_error_page(Exception $e) {
     // Create a text version of the exception
     $error = Kohana_Exception::text($e);
-    
+
     // Add this exception to the log
     Kohana_Log::add('error', $error);
 
@@ -83,8 +83,6 @@ class Kohana_Exception extends Kohana_Exception_Core {
       if ($view->content->is_guest) {
         $view->content->login_form = new View("login_ajax.html");
         $view->content->login_form->form = auth::get_login_form("login/auth_html");
-        // Avoid anti-phishing protection by passing the url as session variable.
-        Session::instance()->set("continue_url", url::current(true));
       }
     } else {
       $view->page_title = t("Dang...  Something went wrong!");
diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php
index 4771b11a..00229973 100644
--- a/modules/gallery/tests/Item_Helper_Test.php
+++ b/modules/gallery/tests/Item_Helper_Test.php
@@ -41,6 +41,11 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case {
       ORM::factory("item")->viewable()->where("id", "=", $item->id)->count_all());
   }
 
+  public function convert_filename_to_title_test() {
+    $this->assert_equal("foo", item::convert_filename_to_title("foo.jpg"));
+    $this->assert_equal("foo.bar", item::convert_filename_to_title("foo.bar.jpg"));
+  }
+
   public function convert_filename_to_slug_test() {
     $this->assert_equal("foo", item::convert_filename_to_slug("{[foo]}"));
     $this->assert_equal("foo-bar", item::convert_filename_to_slug("{[foo!@#!$@#^$@($!(@bar]}"));
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 72927c71..3229330a 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -18,9 +18,12 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class rest_Core {
+  const API_VERSION = "3.0";
+
   static function reply($data=array()) {
     Session::instance()->abort_save();
 
+    header("X-Gallery-API-Version: " . rest::API_VERSION);
     if (Input::instance()->get("output") == "html") {
       header("Content-type: text/html");
       if ($data) {
diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php
index 22f83218..24c4ed2b 100644
--- a/modules/search/helpers/search.php
+++ b/modules/search/helpers/search.php
@@ -42,7 +42,7 @@ class search_Core {
     $data = $db->query($query);
     $count = $db->query("SELECT FOUND_ROWS() as c")->current()->c;
 
-    return array($count, new ORM_Iterator(ORM::factory("item"), $db->query($query)));
+    return array($count, new ORM_Iterator(ORM::factory("item"), $data));
   }
 
   /**
diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php
index d26919d5..18b463ca 100644
--- a/modules/watermark/controllers/admin_watermarks.php
+++ b/modules/watermark/controllers/admin_watermarks.php
@@ -124,7 +124,7 @@ class Admin_Watermarks_Controller extends Admin_Controller {
         array("result" => "success",
               "location" => url::site("admin/watermarks")));
     } else {
-      print json_encode(array("result" => "error", "form" => (string) $form));
+      print json_encode(array("result" => "error", "form" => rawurlencode((string) $form)));
     }
   }