Merge branch 'master' of git://github.com/gallery/gallery3

author: Nathan Kinkade <nath@nkinka.de> 2013-06-13 21:42:10 +0000
committer: Nathan Kinkade <nath@nkinka.de> 2013-06-13 21:42:10 +0000
commit: 9ef4eff6aea4ec1135f7b12ff8f22dc296cc91ba (patch)
tree: fa8363f922cbc0bdde1838b744e2ed36c23c0bc9 /modules/gallery
parent: 9569b43035de9645e82271896e302c8d082d960a (diff)
parent: a3d06cc5bca05cc1b892872f494e83a24837d06f (diff)
5 files changed, 14 insertions, 7 deletions
diff --git a/modules/gallery/helpers/data_rest.php b/modules/gallery/helpers/data_rest.php
index d4f456d7..a0a225f9 100644
--- a/modules/gallery/helpers/data_rest.php
+++ b/modules/gallery/helpers/data_rest.php
@@ -25,7 +25,6 @@
 class data_rest_Core {
   static function get($request) {
     $item = rest::resolve($request->url);
-    access::required("view", $item);
 
     $p = $request->params;
     if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) {
@@ -36,10 +35,16 @@ class data_rest_Core {
     // see if you should make the same change there as well.
 
     if ($p->size == "full") {
+      if ($item->is_album()) {
+        throw new Kohana_404_Exception();
+      }
+      access::required("view_full", $item);
       $file = $item->file_path();
     } else if ($p->size == "resize") {
+      access::required("view", $item);
       $file = $item->resize_path();
     } else {
+      access::required("view", $item);
       $file = $item->thumb_path();
     }
 
diff --git a/modules/gallery/tests/File_Structure_Test.php b/modules/gallery/tests/File_Structure_Test.php
index f46d9d64..e42f7dcd 100644
--- a/modules/gallery/tests/File_Structure_Test.php
+++ b/modules/gallery/tests/File_Structure_Test.php
@@ -175,9 +175,10 @@ class File_Structure_Test extends Gallery_Unit_Test_Case {
         // Front controllers
         break;
 
-      case DOCROOT . "lib/uploadify/uploadify.php":
-      case DOCROOT . "lib/uploadify/uploadify.allglyphs.php":
-        // Uploadify wrappers - directly accessible
+      case DOCROOT . "lib/uploadify/uploadify.swf.php":
+      case DOCROOT . "lib/uploadify/uploadify.allglyphs.swf.php":
+      case DOCROOT . "lib/mediaelementjs/flashmediaelement.swf.php":
+        // SWF wrappers - directly accessible
         break;
 
       case DOCROOT . "local.php":
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 8504de3a..b15227d2 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -180,7 +180,7 @@ modules/gallery/views/error_admin.html.php                   286 DIRTY_ATTR $env
 modules/gallery/views/error_admin.html.php                   296 DIRTY    Kohana_Exception::safe_dump($value,$key)
 modules/gallery/views/form_uploadify.html.php                16  DIRTY_JS url::site("uploader/status/_S/_E")
 modules/gallery/views/form_uploadify.html.php                24  DIRTY_JS $flash_minimum_version
-modules/gallery/views/form_uploadify.html.php                28  DIRTY_JS url::file("lib/uploadify/uploadify.php")
+modules/gallery/views/form_uploadify.html.php                28  DIRTY_JS url::file("lib/uploadify/uploadify.swf.php")
 modules/gallery/views/form_uploadify.html.php                29  DIRTY_JS url::site("uploader/add_photo/{$album->id}")
 modules/gallery/views/form_uploadify.html.php                31  DIRTY_JS implode(";",$extensions)
 modules/gallery/views/form_uploadify.html.php                33  DIRTY_JS url::file("lib/uploadify/cancel.png")
diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php
index 4963d185..bba6db73 100644
--- a/modules/gallery/views/form_uploadify.html.php
+++ b/modules/gallery/views/form_uploadify.html.php
@@ -25,7 +25,7 @@
       $("#g-uploadify").uploadify({
         width: 298,
         height: 32,
-        uploader: "<?= url::file("lib/uploadify/uploadify.php") ?>",
+        uploader: "<?= url::file("lib/uploadify/uploadify.swf.php") ?>",
         script: "<?= url::site("uploader/add_photo/{$album->id}") ?>",
         scriptData: <?= json_encode($script_data) ?>,
         fileExt: "<?= implode(";", $extensions) ?>",
diff --git a/modules/gallery/views/movieplayer.html.php b/modules/gallery/views/movieplayer.html.php
index f78cc91a..e4046906 100644
--- a/modules/gallery/views/movieplayer.html.php
+++ b/modules/gallery/views/movieplayer.html.php
@@ -11,7 +11,8 @@
       defaultVideoHeight: <?= $height ?>,
       startVolume: 1.0,
       features: ["playpause", "progress", "current", "duration", "volume", "fullscreen"],
-      pluginPath: "<?= url::abs_file("lib/mediaelementjs/") ?>"
+      pluginPath: "<?= url::abs_file("lib/mediaelementjs/") ?>",
+      flashName: "flashmediaelement.swf.php"
     }, <?= json_encode($player_options) ?>)
   );
 </script>
author	Nathan Kinkade <nath@nkinka.de>	2013-06-13 21:42:10 +0000
committer	Nathan Kinkade <nath@nkinka.de>	2013-06-13 21:42:10 +0000
commit	9ef4eff6aea4ec1135f7b12ff8f22dc296cc91ba (patch)
tree	fa8363f922cbc0bdde1838b744e2ed36c23c0bc9 /modules/gallery
parent	9569b43035de9645e82271896e302c8d082d960a (diff)
parent	a3d06cc5bca05cc1b892872f494e83a24837d06f (diff)