Fix for ticket #502

This patch allows users with only view permission to request fullsize prints using Digibug. There is now a Digibug config file that contains the IP ranges of the Digibug servers. Any request for the full size image via the print proxy must come from within the ranges in the config file. The reason for the "if (!Test_Mode) {..." is that the print proxy makes a call to Kohana::close_buffers, which closes all the output buffers and then we see the image download on the console which messes up the test output.
author: Tim Almdal <tnalmdal@shaw.ca> 2009-07-23 07:02:10 -0700
committer: Tim Almdal <tnalmdal@shaw.ca> 2009-07-23 07:02:10 -0700
commit: 7c2cea01a50227088d9da567b08b9fde54b4b95f (patch)
tree: 60f1c35e78fef513907c30679045d5f08cece2a1 /modules/digibug
parent: 85ed445e2333a884e140afebaeba35d08079cda6 (diff)
4 files changed, 159 insertions, 13 deletions
diff --git a/modules/digibug/config/digibug.php b/modules/digibug/config/digibug.php
new file mode 100644
index 00000000..6cd165d1
--- /dev/null
+++ b/modules/digibug/config/digibug.php
@@ -0,0 +1,29 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+/**
+ * PHP Mail Configuration parameters
+ * from        => email address that appears as the from address
+ * line-length => word wrap length (PHP documentations suggest no larger tha 70 characters
+ * reply-to    => what goes into the reply to header
+ */
+$config["ranges"] = array(
+  "Digibug1" => array("low" => "65.249.152.0", "high" => "65.249.159.255"),
+  "Digibug2" => array("low" => "208.122.55.0", "high" => "208.122.55.255")
+);
diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php
index d881db9b..e0f4b6bf 100644
--- a/modules/digibug/controllers/digibug.php
+++ b/modules/digibug/controllers/digibug.php
@@ -21,7 +21,7 @@ class Digibug_Controller extends Controller {
   public function print_photo($id) {
     access::verify_csrf();
     $item = ORM::factory("item", $id);
-    access::required("view_full", $item);
+    access::required("view", $item);
 
     if (access::group_can(group::everybody(), "view_full", $item)) {
       $full_url = $item->file_url(true);
@@ -56,6 +56,30 @@ class Digibug_Controller extends Controller {
   }
 
   public function print_proxy($type, $id) {
+    // If its a request for the full size then make sure we are coming from an
+    // authorized address
+    if ($type == "full") {
+      $remote_addr = ip2long($this->input->server("REMOTE_ADDR"));
+      if ($remote_addr === false) {
+        Kohana::show_404();
+      }
+      $config = Kohana::config("digibug");
+
+      $authorized = false;
+      foreach ($config["ranges"] as $ip_range) {
+        $low = ip2long($ip_range["low"]);
+        $high = ip2long($ip_range["high"]);
+        $authorized = $low !== false && $high !== false &&
+          $low <= $remote_addr && $remote_addr <= $high;
+        if ($authorized) {
+          break;
+        }
+      }
+      if (!$authorized) {
+        Kohana::show_404();
+      }
+    }
+
     $proxy = ORM::factory("digibug_proxy", array("uuid" => $id));
     if (!$proxy->loaded || !$proxy->item->loaded) {
       Kohana::show_404();
@@ -69,16 +93,18 @@ class Digibug_Controller extends Controller {
     // We don't need to save the session for this request
     Session::abort_save();
 
-    // Dump out the image
-    header("Content-Type: $proxy->item->mime_type");
-    Kohana::close_buffers(false);
-    $fd = fopen($file, "rb");
-    fpassthru($fd);
-    fclose($fd);
+    if (!TEST_MODE) {
+      // Dump out the image
+      header("Content-Type: $proxy->item->mime_type");
+      Kohana::close_buffers(false);
+      $fd = fopen($file, "rb");
+      fpassthru($fd);
+      fclose($fd);
 
-    // If the request was for the image and not the thumb, then delete the proxy.
-    if ($type == "full") {
-      $proxy->delete();
+      // If the request was for the image and not the thumb, then delete the proxy.
+      if ($type == "full") {
+        $proxy->delete();
+      }
     }
 
     $this->_clean_expired();
@@ -89,8 +115,8 @@ class Digibug_Controller extends Controller {
   }
 
   private function _clean_expired() {
-    Database::instance()>query(
-      "DELETE FROM {digibug_proxy} " .
+    Database::instance()->query(
+      "DELETE FROM {digibug_proxies} " .
       "WHERE request_date <= (CURDATE() - INTERVAL 10 DAY) " .
       "LIMIT 20");
   }
diff --git a/modules/digibug/helpers/digibug_menu.php b/modules/digibug/helpers/digibug_menu.php
index c95cada2..3f70fa24 100644
--- a/modules/digibug/helpers/digibug_menu.php
+++ b/modules/digibug/helpers/digibug_menu.php
@@ -37,7 +37,7 @@ class digibug_menu {
   }
 
   static function thumb($menu, $theme, $item) {
-    if ($item->type == "photo" && access::can("view_full", $item)) {
+    if ($item->type == "photo") {
       $menu->get("options_menu")
         ->append(
           Menu::factory("link")
diff --git a/modules/digibug/tests/Digibug_Controller_Test.php b/modules/digibug/tests/Digibug_Controller_Test.php
new file mode 100644
index 00000000..6838da5c
--- /dev/null
+++ b/modules/digibug/tests/Digibug_Controller_Test.php
@@ -0,0 +1,91 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Digibug_Controller_Test extends Unit_Test_Case {
+  private $_proxy;
+  private $_item;
+  private $_server;
+
+  public function teardown() {
+    $_SERVER = $this->_server;
+
+    if ($this->_proxy) {
+      $this->_proxy->delete();
+    }
+  }
+
+  public function setup() {
+    $this->_server = $_SERVER;
+
+    $root = ORM::factory("item", 1);
+    $this->_album = album::create($root,  rand(), "test album");
+    access::deny(group::everybody(), "view_full", $this->_album);
+    access::deny(group::registered_users(), "view_full", $this->_album);
+
+    $rand = rand();
+    $this->_item = photo::create($this->_album, MODPATH . "gallery/tests/test.jpg", "$rand.jpg",
+                                 $rand, $rand);
+    $this->_proxy = ORM::factory("digibug_proxy");
+    $this->_proxy->uuid =  md5(rand());
+    $this->_proxy->item_id = $this->_item->id;
+    $this->_proxy->save();
+  }
+
+  public function digibug_request_thumb_test() {
+    try {
+      $controller = new Digibug_Controller();
+      $controller->print_proxy("thumb", $this->_proxy->uuid);
+    } catch (Exception $e) {
+      $this->assert_true(false, "Exception Occurred\n" . $e->__toString());
+    }
+  }
+
+  public function digibug_request_full_malicious_ip_test() {
+    $_SERVER["REMOTE_ADDR"] = "123.456.789.012";
+    try {
+      $controller = new Digibug_Controller();
+      $controller->print_proxy("full", $this->_proxy->uuid);
+      $this->assert_true(false, "Should have failed with an 404 exception");
+    } catch (Exception $e) {
+      if (get_class($e) !== "Kohana_404_Exception") {
+        $this->assert_true(false, "Exception Occurred\n" . $e->__toString());
+      }
+    }
+  }
+
+  public function digibug_request_full_authorized_ip_test() {
+    $config = Kohana::config("digibug");
+    if (empty($config)) {
+      $this->assert_true(false, "The Digibug config is empty");
+    }
+    $ranges = array_values($config["ranges"]);
+    $low = ip2long($ranges[0]["low"]);
+    $high = ip2long($ranges[0]["high"]);
+
+    $_SERVER["REMOTE_ADDR"] = long2ip(rand($low, $high));
+    try {
+      $controller = new Digibug_Controller();
+      $controller->print_proxy("full", $this->_proxy->uuid);
+      $results = ob_get_contents();
+    } catch (Exception $e) {
+      $this->assert_true(false, "Exception Occurred\n" . $e->__toString());
+    }
+  }
+
+}
author	Tim Almdal <tnalmdal@shaw.ca>	2009-07-23 07:02:10 -0700
committer	Tim Almdal <tnalmdal@shaw.ca>	2009-07-23 07:02:10 -0700
commit	7c2cea01a50227088d9da567b08b9fde54b4b95f (patch)
tree	60f1c35e78fef513907c30679045d5f08cece2a1 /modules/digibug
parent	85ed445e2333a884e140afebaeba35d08079cda6 (diff)