Expand on the maintenance code to make it more robust and give the

admin more control.  You can now track running tasks, resume stalled
tasks, cancel running tasks, and remove finished tasks.

Added graphics::compose() as a placeholder for future watermark
operations.

Added CSRF protection to maintenance urls.

3 files changed, 20 insertions, 9 deletions

diff --git a/core/helpers/access.php b/core/helpers/access.php
index c6ee1fcc..d05f3df0 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -305,7 +305,8 @@ class access_Core {
    * Verify our Cross Site Request Forgery token is valid, else throw an exception.
    */
   public static function verify_csrf() {
-    if (Input::instance()->post("csrf") !== Session::instance()->get("csrf")) {
+    $input = Input::instance();
+    if ($input->post("csrf", $input->get("csrf", null)) !== Session::instance()->get("csrf")) {
       access::forbidden();
     }
   }
diff --git a/core/helpers/core_installer.php b/core/helpers/core_installer.php
index 46eb24c6..c83d9bcb 100644
--- a/core/helpers/core_installer.php
+++ b/core/helpers/core_installer.php
@@ -128,11 +128,14 @@ class core_installer {
                  ENGINE=InnoDB DEFAULT CHARSET=utf8;");
 
       $db->query("CREATE TABLE `tasks` (
+                  `callback` varchar(255) default NULL,
                   `context` text NOT NULL,
-                  `done` boolean DEFAULT 0,
+                  `done` boolean default 0,
                   `id` int(9) NOT NULL auto_increment,
+                  `updated` int(9) default NULL,
                   `name` varchar(255) default NULL,
                   `percent_complete` int(9) default 0,
+                  `state` varchar(32) default NULL,
                   `status` varchar(255) default NULL,
                   PRIMARY KEY (`id`))
                  ENGINE=InnoDB DEFAULT CHARSET=utf8;");
diff --git a/core/helpers/graphics.php b/core/helpers/graphics.php
index 68aacaca..62bde88a 100644
--- a/core/helpers/graphics.php
+++ b/core/helpers/graphics.php
@@ -129,10 +129,17 @@ class graphics_Core {
   }
 
   /**
+   * Stub.
+   * @todo implement this
+   */
+  public static function compose($input_file, $output_file, $other_args)  {
+  }
+
+  /**
    * Return a query result that locates all items with dirty images.
    * @return Database_Result Query result
    */
-  private static function _find_dirty_images_query() {
+  public static function find_dirty_images_query() {
     return Database::instance()->query(
       "SELECT `id` FROM `items` " .
       "WHERE (`thumb_dirty` = 1 AND (`type` <> 'album' OR `right` - `left` > 1))" .
@@ -147,12 +154,12 @@ class graphics_Core {
     $db = Database::instance();
     $db->query("UPDATE `items` SET `thumb_dirty` = 1, `resize_dirty` = 1");
 
-    $count = self::_find_dirty_images_query()->count();
+    $count = self::find_dirty_images_query()->count();
     if ($count) {
       message::warning(
         sprintf(_("%d of your photos are out of date.  %sClick here to fix them%s"),
                 $count, "<a href=\"" .
-                url::site("admin/maintenance/start/rebuild_images") .
+                url::site("admin/maintenance/start/rebuild_images?csrf=" . access::csrf_token()) .
                 "\" class=\"gDialogLink\">", "</a>"),
         "graphics_dirty");
     }
@@ -165,7 +172,7 @@ class graphics_Core {
   public static function rebuild_dirty_images($task) {
     $db = Database::instance();
 
-    $result = self::_find_dirty_images_query();
+    $result = self::find_dirty_images_query();
     $remaining = $result->count();
     $completed = $task->get("completed", 0);
 
@@ -194,9 +201,9 @@ class graphics_Core {
     }
 
     $task->set("completed", $completed);
-    $task->done = ($remaining == 0);
-
-    if ($task->done) {
+    if ($remaining == 0) {
+      $task->done = true;
+      $task->state = "success";
       message::clear_permanent("graphics_dirty");
     }
   }