diff options
| author | Romain LE DISEZ <romain.git@ledisez.net> | 2009-07-18 17:51:23 +0200 |
|---|---|---|
| committer | Romain LE DISEZ <romain.git@ledisez.net> | 2009-07-18 17:51:23 +0200 |
| commit | c78744d4f8a0cfad7ca5aa3d2867fb66d4c6b8c4 (patch) | |
| tree | e2b4d5d066590a966d949409cb48104456edaf7e /modules | |
| parent | 7f5030ac208c30a7dc576a57cd9e665022ccbde5 (diff) | |
| parent | df22832a5b7e7c1962940becab1c90aaec3392f9 (diff) | |
Merge commit 'upstream/master'
Diffstat (limited to 'modules')
46 files changed, 289 insertions, 138 deletions
diff --git a/modules/akismet/helpers/akismet_event.php b/modules/akismet/helpers/akismet_event.php index 80fe0127..bffc0fd7 100644 --- a/modules/akismet/helpers/akismet_event.php +++ b/modules/akismet/helpers/akismet_event.php @@ -40,14 +40,14 @@ class akismet_event_Core { $comment->save(); } - static function comment_updated($old, $new) { + static function comment_updated($comment) { if (!module::get_var("akismet", "api_key")) { return; } - if ($old->state != "spam" && $new->state == "spam") { + if ($comment->original("state") != "spam" && $comment->state == "spam") { akismet::submit_spam($new); - } else if ($old->state == "spam" && $new->state != "spam") { + } else if ($comment->original("state") == "spam" && $comment->state != "spam") { akismet::submit_ham($new); } } diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php index 3e8d3c46..a164f79f 100644 --- a/modules/comment/controllers/admin_comments.php +++ b/modules/comment/controllers/admin_comments.php @@ -113,10 +113,6 @@ class Admin_Comments_Controller extends Admin_Controller { if ($comment->loaded) { $comment->state = $state; $comment->save(); - module::event("comment_updated", $orig, $comment); - if ($orig->state == "published" || $comment->state == "published") { - module::event("item_related_update", $comment->item()); - } } } diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 02c38491..9fb4796e 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -152,7 +152,6 @@ class Comments_Controller extends REST_Controller { $comment->url = $form->edit_comment->url->value; $comment->text = $form->edit_comment->text->value; $comment->save(); - module::event("comment_updated", $comment); print json_encode( array("result" => "success", diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index 08cba096..3d743325 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -61,11 +61,6 @@ class comment_Core { $comment->server_remote_port = substr($input->server("REMOTE_PORT"), 0, 16); $comment->save(); - module::event("comment_created", $comment); - if ($comment->state == "published") { - module::event("item_related_update", $comment->item()); - } - return $comment; } diff --git a/modules/comment/helpers/comment_event.php b/modules/comment/helpers/comment_event.php index a3beb27a..3850a001 100644 --- a/modules/comment/helpers/comment_event.php +++ b/modules/comment/helpers/comment_event.php @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class comment_event_Core { - static function item_before_delete($item) { + static function item_deleted($item) { Database::instance()->delete("comments", array("item_id" => $item->id)); } } diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php index 22c465df..551fb245 100644 --- a/modules/comment/models/comment.php +++ b/modules/comment/models/comment.php @@ -61,8 +61,23 @@ class Comment_Model extends ORM { $this->updated = time(); if (!$this->loaded && empty($this->created)) { $this->created = $this->updated; + $created = true; } } - return parent::save(); + parent::save(); + + if (isset($created)) { + module::event("comment_created", $this); + } else { + module::event("comment_updated", $this); + } + + // We only notify on the related items if we're making a visible change, which means moving in + // or out of a published state + if ($this->original("state") == "published" || $this->state == "published") { + module::event("item_related_update", $this->item()); + } + + return $this; } } diff --git a/modules/exif/helpers/exif_event.php b/modules/exif/helpers/exif_event.php index f5677653..826ec959 100644 --- a/modules/exif/helpers/exif_event.php +++ b/modules/exif/helpers/exif_event.php @@ -19,10 +19,12 @@ */ class exif_event_Core { static function item_created($item) { - exif::extract($item); + if (!$item->is_album()) { + exif::extract($item); + } } - static function item_before_delete($item) { + static function item_deleted($item) { Database::instance()->delete("exif_records", array("item_id" => $item->id)); } } diff --git a/modules/g2_import/helpers/g2_import_event.php b/modules/g2_import/helpers/g2_import_event.php index 13f5b1a0..77b489a7 100644 --- a/modules/g2_import/helpers/g2_import_event.php +++ b/modules/g2_import/helpers/g2_import_event.php @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class g2_import_event_Core { - static function item_before_delete($item) { + static function item_deleted($item) { Database::instance()->delete("g2_maps", array("g3_id" => $item->id)); } diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index d1b805da..ae90ad07 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -36,7 +36,7 @@ class Admin_Languages_Controller extends Admin_Controller { $form = $this->_languages_form(); if ($form->validate()) { module::set_var("gallery", "default_locale", $form->choose_language->locale->value); - locale::update_installed($form->choose_language->installed_locales->value); + locales::update_installed($form->choose_language->installed_locales->value); message::success(t("Settings saved")); } url::redirect("admin/languages"); @@ -89,8 +89,8 @@ class Admin_Languages_Controller extends Admin_Controller { } private function _languages_form() { - $all_locales = locale::available(); - $installed_locales = locale::installed(); + $all_locales = locales::available(); + $installed_locales = locales::installed(); $form = new Forge("admin/languages/save", "", "post", array("id" => "gLanguageSettingsForm")); $group = $form->group("choose_language") ->label(t("Language settings")); diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index e6d01b90..9980b676 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -182,7 +182,6 @@ class Albums_Controller extends Items_Controller { } if ($valid) { - $orig = clone $album; $album->title = $form->edit_album->title->value; $album->description = $form->edit_album->description->value; $album->sort_column = $form->edit_album->sort_order->column->value; @@ -192,8 +191,6 @@ class Albums_Controller extends Items_Controller { } $album->save(); - module::event("item_updated", $orig, $album); - log::success("content", "Updated album", "<a href=\"albums/$album->id\">view</a>"); message::success( t("Saved album %album_title", array("album_title" => p::clean($album->title)))); diff --git a/modules/gallery/controllers/combined.php b/modules/gallery/controllers/combined.php index 925d052d..9a790fdf 100644 --- a/modules/gallery/controllers/combined.php +++ b/modules/gallery/controllers/combined.php @@ -60,14 +60,15 @@ class Combined_Controller extends Controller { $cache = Cache::instance(); $use_gzip = function_exists("gzencode") && - (strpos($input->server("HTTP_ACCEPT_ENCODING"), "gzip") !== false); + stripos($input->server("HTTP_ACCEPT_ENCODING"), "gzip") !== false && + (int) ini_get("zlib.output_compression") === 0; + if ($use_gzip && $content = $cache->get("{$key}_gz")) { header("Content-Encoding: gzip"); } else { // Fall back to non-gzipped if we have to $content = $cache->get($key); } - if (empty($content)) { Kohana::show_404(); } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 30a5d78c..d954ad8d 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -85,14 +85,11 @@ class Movies_Controller extends Items_Controller { } if ($valid) { - $orig = clone $photo; $photo->title = $form->edit_photo->title->value; $photo->description = $form->edit_photo->description->value; $photo->rename($form->edit_photo->filename->value); $photo->save(); - module::event("item_updated", $orig, $photo); - log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>"); message::success( t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 6a62e859..9ce6ed23 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -78,14 +78,11 @@ class Photos_Controller extends Items_Controller { } if ($valid) { - $orig = clone $photo; $photo->title = $form->edit_photo->title->value; $photo->description = $form->edit_photo->description->value; $photo->rename($form->edit_photo->filename->value); $photo->save(); - module::event("item_updated", $orig, $photo); - log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>"); message::success( t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); diff --git a/modules/gallery/controllers/simple_uploader.php b/modules/gallery/controllers/simple_uploader.php index 75a7b810..e7c0bd6f 100644 --- a/modules/gallery/controllers/simple_uploader.php +++ b/modules/gallery/controllers/simple_uploader.php @@ -1,4 +1,3 @@ - <?php defined("SYSPATH") or die("No direct script access."); /** * Gallery - a web based photo album viewer and editor diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index c48f0b79..63324e5d 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -205,6 +205,7 @@ class access_Core { } self::_update_htaccess_files($album, $group, $perm_name, $value); + model_cache::clear(); } /** @@ -244,6 +245,22 @@ class access_Core { } /** + * Recalculate the permissions for a given item and its hierarchy. $item must be an album. + */ + static function recalculate_permissions($item) { + foreach (self::_get_all_groups() as $group) { + foreach (ORM::factory("permission")->find_all() as $perm) { + if ($perm->name == "view") { + self::_update_access_view_cache($group, $item); + } else { + self::_update_access_non_view_cache($group, $perm->name, $item); + } + } + } + model_cache::clear(); + } + + /** * Register a permission so that modules can use it. * * @param string $name The internal name for for this permission @@ -411,6 +428,7 @@ class access_Core { $cache_table = $perm_name == "view" ? "items" : "access_caches"; $db->query("ALTER TABLE {{$cache_table}} DROP `$field`"); $db->query("ALTER TABLE {access_intents} DROP `$field`"); + model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } @@ -428,6 +446,7 @@ class access_Core { $db->query("ALTER TABLE {{$cache_table}} ADD `$field` SMALLINT NOT NULL DEFAULT 0"); $db->query("ALTER TABLE {access_intents} ADD `$field` BOOLEAN DEFAULT NULL"); $db->update("access_intents", array($field => 0), array("item_id" => 1)); + model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php index 1197f243..f1a6c060 100644 --- a/modules/gallery/helpers/album.php +++ b/modules/gallery/helpers/album.php @@ -71,6 +71,8 @@ class album_Core { mkdir(dirname($album->thumb_path())); mkdir(dirname($album->resize_path())); + // @todo: publish this from inside Item_Model::save() when we refactor to the point where + // there's only one save() happening here. module::event("item_created", $album); return $album; diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index aa11b7c0..1cd96372 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -23,7 +23,7 @@ class gallery_event_Core { access::add_group($group); } - static function group_before_delete($group) { + static function group_deleted($group) { access::delete_group($group); } @@ -31,10 +31,14 @@ class gallery_event_Core { access::add_item($item); } - static function item_before_delete($item) { + static function item_deleted($item) { access::delete_item($item); } + static function item_moved($item, $old_parent) { + access::recalculate_permissions($item->parent()); + } + static function user_login($user) { // If this user is an admin, check to see if there are any post-install tasks that we need // to run and take care of those now. diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index f40b5c97..80c25862 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -53,7 +53,7 @@ class item_Core { access::required("view", $parent); access::required("edit", $parent); - model_cache::clear("item", $parent->album_cover_item_id); + model_cache::clear(); $parent->album_cover_item_id = $item->is_album() ? $item->album_cover_item_id : $item->id; $parent->thumb_dirty = 1; $parent->save(); @@ -69,7 +69,7 @@ class item_Core { access::required("edit", $album); @unlink($album->thumb_path()); - model_cache::clear("item", $album->album_cover_item_id) ; + model_cache::clear(); $album->album_cover_item_id = null; $album->thumb_width = 0; $album->thumb_height = 0; diff --git a/modules/gallery/helpers/l10n_client.php b/modules/gallery/helpers/l10n_client.php index 6d4da0eb..b576b4e1 100644 --- a/modules/gallery/helpers/l10n_client.php +++ b/modules/gallery/helpers/l10n_client.php @@ -74,7 +74,7 @@ class l10n_client_Core { $request->locales = array(); $request->messages = new stdClass(); - $locales = locale::installed(); + $locales = locales::installed(); foreach ($locales as $locale => $locale_data) { $request->locales[] = $locale; } diff --git a/modules/gallery/helpers/locale.php b/modules/gallery/helpers/locales.php index 41b78834..3762b97b 100644 --- a/modules/gallery/helpers/locale.php +++ b/modules/gallery/helpers/locales.php @@ -21,7 +21,7 @@ /** * This is the API for handling locales. */ -class locale_Core { +class locales_Core { private static $locales; /** diff --git a/modules/gallery/helpers/model_cache.php b/modules/gallery/helpers/model_cache.php index 2649fdbd..a3e09862 100644 --- a/modules/gallery/helpers/model_cache.php +++ b/modules/gallery/helpers/model_cache.php @@ -32,10 +32,8 @@ class model_cache_Core { return self::$cache->$model_name->$field_name->$id; } - static function clear($model_name, $id, $field_name="id") { - if (!empty(self::$cache->$model_name->$field_name->$id)) { - unset(self::$cache->$model_name->$field_name->$id); - } + static function clear() { + self::$cache = new stdClass(); } static function set($model) { diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index d62ead76..4f4169d5 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -102,6 +102,8 @@ class movie_Core { copy($filename, $movie->file_path()); + // @todo: publish this from inside Item_Model::save() when we refactor to the point where + // there's only one save() happening here. module::event("item_created", $movie); // Build our thumbnail diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index e8a4f357..ce964c14 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -105,6 +105,8 @@ class photo_Core { copy($filename, $photo->file_path()); + // @todo: publish this from inside Item_Model::save() when we refactor to the point where + // there's only one save() happening here. module::event("item_created", $photo); // Build our thumbnail/resizes diff --git a/modules/gallery/lib/HTMLPurifier/HTMLPurifier/Lexer/PH5P.php b/modules/gallery/lib/HTMLPurifier/HTMLPurifier/Lexer/PH5P.php index 731c3171..0d20c0ce 100644 --- a/modules/gallery/lib/HTMLPurifier/HTMLPurifier/Lexer/PH5P.php +++ b/modules/gallery/lib/HTMLPurifier/HTMLPurifier/Lexer/PH5P.php @@ -3903,4 +3903,4 @@ class HTML5TreeConstructer { return $this->dom; } } -?> + diff --git a/modules/gallery/libraries/Gallery_View.php b/modules/gallery/libraries/Gallery_View.php index 133066d7..31231ca6 100644 --- a/modules/gallery/libraries/Gallery_View.php +++ b/modules/gallery/libraries/Gallery_View.php @@ -73,6 +73,10 @@ class Gallery_View_Core extends View { protected function combine_files($files, $type) { $links = array(); + if (empty($files)) { + return; + } + // Include the url in the cache key so that if the Gallery moves, we don't use old cached // entries. $key = array(url::abs_file("")); @@ -104,7 +108,10 @@ class Gallery_View_Core extends View { } $cache->set($key, $contents, array($type), 30 * 84600); - if (function_exists("gzencode")) { + + $use_gzip = function_exists("gzencode") && + (int) ini_get("zlib.output_compression") === 0; + if ($use_gzip) { $cache->set("{$key}_gz", gzencode($contents, 9, FORCE_GZIP), array($type, "gzip"), 30 * 84600); } diff --git a/modules/gallery/libraries/MY_ORM.php b/modules/gallery/libraries/MY_ORM.php index 2bd9b4eb..1d3c1ef3 100644 --- a/modules/gallery/libraries/MY_ORM.php +++ b/modules/gallery/libraries/MY_ORM.php @@ -18,6 +18,9 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class ORM extends ORM_Core { + // Track the original value of this ORM instance so that we can look it up in ORM::original() + protected $original = null; + public function open_paren() { $this->db->open_paren(); return $this; @@ -29,8 +32,30 @@ class ORM extends ORM_Core { } public function save() { - model_cache::clear($this->object_name, $this->{$this->primary_key}, $this->primary_key); - return parent::save(); + model_cache::clear(); + $result = parent::save(); + $this->original = $this->object; + return $result; + } + + public function __set($column, $value) { + if (!isset($this->original)) { + $this->original = $this->object; + } + + return parent::__set($column, $value); + } + + public function __unset($column) { + if (!isset($this->original)) { + $this->original = $this->object; + } + + return parent::__unset($column); + } + + public function original($column) { + return $this->original[$column]; } } diff --git a/modules/gallery/libraries/MY_View.php b/modules/gallery/libraries/MY_View.php index 96dcc71b..84ee0892 100644 --- a/modules/gallery/libraries/MY_View.php +++ b/modules/gallery/libraries/MY_View.php @@ -45,7 +45,7 @@ class View extends View_Core { } public function body_attributes() { - if (locale::is_rtl()) { + if (locales::is_rtl()) { return 'class="rtl"'; } return ''; diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index 46280d95..e371f159 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -285,6 +285,7 @@ class ORM_MPTT_Core extends ORM { // Lets reload to get the changes. $this->reload(); + $target->reload(); return $this; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 85b0c9a7..c7311081 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -93,6 +93,7 @@ class Item_Model extends ORM_MPTT { } public function delete() { + $old = clone $this; module::event("item_before_delete", $this); $parent = $this->parent(); @@ -114,13 +115,15 @@ class Item_Model extends ORM_MPTT { @unlink($resize_path); @unlink($thumb_path); } + + module::event("item_deleted", $old); } /** * Move this item to the specified target. * @chainable - * @param Item_Model $target Target item (must be an album - * @return ORM_MTPP + * @param Item_Model $target Target item (must be an album) + * @return ORM_MPTT */ function move_to($target) { if (!$target->is_album()) { @@ -134,8 +137,10 @@ class Item_Model extends ORM_MPTT { $original_path = $this->file_path(); $original_resize_path = $this->resize_path(); $original_thumb_path = $this->thumb_path(); + $original_parent = $this->parent(); parent::move_to($target, true); + model_cache::clear(); $this->relative_path_cache = null; rename($original_path, $this->file_path()); @@ -151,6 +156,7 @@ class Item_Model extends ORM_MPTT { @rename($original_thumb_path, $this->thumb_path()); } + module::event("item_moved", $this, $original_parent); return $this; } @@ -347,9 +353,14 @@ class Item_Model extends ORM_MPTT { $this->created = $this->updated; $r = ORM::factory("item")->select("MAX(weight) as max_weight")->find(); $this->weight = $r->max_weight + 1; + $created = 1; } } - return parent::save(); + parent::save(); + if (!isset($created)) { + module::event("item_updated", $this); + } + return $this; } /** diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index d71bf971..1352b493 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -324,4 +324,40 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(file_exists($album->resize_path() . "/.htaccess")); $this->assert_false(file_exists($album->thumb_path() . "/.htaccess")); } + + public function moved_items_inherit_new_permissions_test() { + user::set_active(user::lookup_by_name("admin")); + + $root = ORM::factory("item", 1); + $public_album = album::create($root, rand(), "public album"); + $public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", ""); + access::allow(group::everybody(), "view", $public_album); + + $root->reload(); // Account for MPTT changes + + $private_album = album::create($root, rand(), "private album"); + access::deny(group::everybody(), "view", $private_album); + $private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", ""); + + // Make sure that we now have a public photo and private photo. + $this->assert_true(access::group_can(group::everybody(), "view", $public_photo)); + $this->assert_false(access::group_can(group::everybody(), "view", $private_photo)); + + // Swap the photos + item::move($public_photo, $private_album); + $private_album->reload(); // Reload to get new MPTT pointers and cached perms. + $public_album->reload(); + $private_photo->reload(); + $public_photo->reload(); + + item::move($private_photo, $public_album); + $private_album->reload(); // Reload to get new MPTT pointers and cached perms. + $public_album->reload(); + $private_photo->reload(); + $public_photo->reload(); + + // Make sure that the public_photo is now private, and the private_photo is now public. + $this->assert_false(access::group_can(group::everybody(), "view", $public_photo)); + $this->assert_true(access::group_can(group::everybody(), "view", $private_photo)); + } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 615b8997..a21cdc13 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -140,4 +140,20 @@ class Item_Model_Test extends Unit_Test_Case { } $this->assert_false(true, "Item_Model::rename should not accept / characters"); } + + public function save_original_values_test() { + print "START\n"; + $item = $this->create_random_item(); + $item->title = "ORIGINAL_VALUE"; + $item->save(); + + print "CHANGE\n"; + $item->title = "NEW_VALUE"; + + //printf("<pre>%s</pre>",print_r($item,1));flush(); + + print "COMPARE\n"; + $this->assert_same("ORIGINAL_VALUE", $item->original("title")); + $this->assert_same("NEW_VALUE", $item->title); + } } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index e179482c..9bde11dc 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -36,7 +36,7 @@ class Xss_Security_Test extends Unit_Test_Case { // If we find a "(" after a "p::clean" then start counting levels of parens and assume // that we're inside a p::clean() call until we find the matching close paren. - if ($token[0] == "(" && $str == "p::clean") { + if ($token[0] == "(" && ($str == "p::clean" || $str == "p::purify")) { $in_p_clean = 1; } else if ($token[0] == "(" && $in_p_clean) { $in_p_clean++; diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 982343f6..e6f3721b 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -141,22 +141,28 @@ modules/gallery/views/admin_maintenance.html.php 75 DIRTY $task->na modules/gallery/views/admin_maintenance.html.php 86 DIRTY $task->percent_complete modules/gallery/views/admin_maintenance.html.php 90 DIRTY $task->status modules/gallery/views/admin_maintenance.html.php 93 $task->owner()->name -modules/gallery/views/admin_maintenance.html.php 97 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 97 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 101 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 101 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 113 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 140 DIRTY $task->state -modules/gallery/views/admin_maintenance.html.php 142 DIRTY $task->updated -modules/gallery/views/admin_maintenance.html.php 145 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 157 DIRTY $task->status -modules/gallery/views/admin_maintenance.html.php 160 DIRTY $task->owner()->name -modules/gallery/views/admin_maintenance.html.php 164 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 164 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 168 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 168 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 171 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 171 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 98 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 98 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 102 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 102 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 115 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 142 DIRTY $task->state +modules/gallery/views/admin_maintenance.html.php 144 DIRTY $task->updated +modules/gallery/views/admin_maintenance.html.php 147 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 159 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 162 DIRTY $task->owner()->name +modules/gallery/views/admin_maintenance.html.php 166 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 166 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 170 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 170 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 175 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 175 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 178 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 178 DIRTY $csrf +modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $task->id +modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $csrf +modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name +modules/gallery/views/admin_maintenance_show_log.html.php 15 $task->get_log() modules/gallery/views/admin_maintenance_task.html.php 5 DIRTY $task->id modules/gallery/views/admin_maintenance_task.html.php 5 DIRTY $csrf modules/gallery/views/admin_maintenance_task.html.php 26 DIRTY $task->name @@ -201,10 +207,10 @@ modules/gallery/views/admin_themes_preview.html.php 4 DIRTY $info->na modules/gallery/views/admin_themes_preview.html.php 7 DIRTY $url modules/gallery/views/after_install.html.php 11 $user->name modules/gallery/views/after_install.html.php 15 DIRTY $user->id -modules/gallery/views/kohana_error_page.php 98 DIRTY $message -modules/gallery/views/kohana_error_page.php 100 DIRTY $file -modules/gallery/views/kohana_error_page.php 100 DIRTY $line -modules/gallery/views/kohana_error_page.php 112 DIRTY $trace +modules/gallery/views/kohana_error_page.php 102 DIRTY $message +modules/gallery/views/kohana_error_page.php 104 DIRTY $file +modules/gallery/views/kohana_error_page.php 104 DIRTY $line +modules/gallery/views/kohana_error_page.php 116 DIRTY $trace modules/gallery/views/kohana_profiler.php 32 DIRTY $profile->render() modules/gallery/views/kohana_profiler.php 34 DIRTY $execution_time modules/gallery/views/l10n_client.html.php 17 DIRTY $string @@ -212,8 +218,8 @@ modules/gallery/views/l10n_client.html.php 19 DIRTY $string modules/gallery/views/l10n_client.html.php 20 DIRTY $string modules/gallery/views/l10n_client.html.php 22 DIRTY $string modules/gallery/views/l10n_client.html.php 28 DIRTY $l10n_search_form -modules/gallery/views/l10n_client.html.php 72 DIRTY $string_list -modules/gallery/views/l10n_client.html.php 73 DIRTY $plural_forms +modules/gallery/views/l10n_client.html.php 74 DIRTY $string_list +modules/gallery/views/l10n_client.html.php 75 DIRTY $plural_forms modules/gallery/views/move_browse.html.php 4 DIRTY $source->id modules/gallery/views/move_browse.html.php 39 DIRTY $tree modules/gallery/views/move_browse.html.php 42 DIRTY $source->id @@ -280,8 +286,8 @@ modules/gallery/views/simple_uploader.html.php 7 DIRTY $csrf modules/gallery/views/simple_uploader.html.php 9 $item->title modules/gallery/views/simple_uploader.html.php 29 $parent->title modules/gallery/views/simple_uploader.html.php 31 $item->title -modules/gallery/views/simple_uploader.html.php 85 DIRTY $item->id -modules/gallery/views/simple_uploader.html.php 89 DIRTY $csrf +modules/gallery/views/simple_uploader.html.php 86 DIRTY $item->id +modules/gallery/views/simple_uploader.html.php 90 DIRTY $csrf modules/gallery/views/upgrader.html.php 44 DIRTY $module->version modules/gallery/views/upgrader.html.php 44 DIRTY $module->code_version modules/gallery/views/upgrader.html.php 45 DIRTY $id @@ -320,12 +326,12 @@ modules/notification/views/item_deleted.html.php 18 DIRTY $item->pa modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->url(array(), true) modules/notification/views/item_updated.html.php 4 $subject modules/notification/views/item_updated.html.php 7 $subject -modules/notification/views/item_updated.html.php 12 $new->title -modules/notification/views/item_updated.html.php 15 $new->title -modules/notification/views/item_updated.html.php 20 DIRTY $new->url(array(), true) -modules/notification/views/item_updated.html.php 20 DIRTY $new->url(array(), true) -modules/notification/views/item_updated.html.php 25 $new->description -modules/notification/views/item_updated.html.php 30 $new->description +modules/notification/views/item_updated.html.php 12 $item->title +modules/notification/views/item_updated.html.php 15 $item->title +modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(), true) +modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(), true) +modules/notification/views/item_updated.html.php 25 $item->description +modules/notification/views/item_updated.html.php 30 $item->description modules/organize/views/organize.html.php 10 DIRTY $item->id modules/organize/views/organize.html.php 12 DIRTY $csrf modules/organize/views/organize.html.php 13 DIRTY $csrf @@ -417,16 +423,17 @@ modules/server_add/views/admin_server_add.html.php 14 DIRTY $csrf modules/server_add/views/admin_server_add.html.php 15 DIRTY $id modules/server_add/views/admin_server_add.html.php 19 DIRTY $path modules/server_add/views/admin_server_add.html.php 24 DIRTY $form -modules/server_add/views/server_add_tree.html.php 4 DIRTY $tree_id -modules/server_add/views/server_add_tree.html.php 6 DIRTY $file_info -modules/server_add/views/server_add_tree.html.php 10 $file_info -modules/server_add/views/server_add_tree.html.php 10 DIRTY $checked -modules/server_add/views/server_add_tree.html.php 10 $file -modules/server_add/views/server_add_tree_dialog.html.php 10 $album_title -modules/server_add/views/server_add_tree_dialog.html.php 15 $parent->title -modules/server_add/views/server_add_tree_dialog.html.php 17 $album_title -modules/server_add/views/server_add_tree_dialog.html.php 20 DIRTY $action -modules/server_add/views/server_add_tree_dialog.html.php 22 DIRTY $tree +modules/server_add/views/server_add_tree.html.php 12 DIRTY $dir +modules/server_add/views/server_add_tree.html.php 13 DIRTY $dir +modules/server_add/views/server_add_tree.html.php 20 DIRTY $file +modules/server_add/views/server_add_tree.html.php 25 DIRTY $file +modules/server_add/views/server_add_tree.html.php 27 $file +modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY $item->id +modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY $csrf +modules/server_add/views/server_add_tree_dialog.html.php 8 $item->title +modules/server_add/views/server_add_tree_dialog.html.php 14 $parent->title +modules/server_add/views/server_add_tree_dialog.html.php 18 $item->title +modules/server_add/views/server_add_tree_dialog.html.php 23 DIRTY $tree modules/tag/views/admin_tags.html.php 13 DIRTY $csrf modules/tag/views/admin_tags.html.php 27 DIRTY $tags->count() modules/tag/views/admin_tags.html.php 35 DIRTY $current_letter @@ -501,14 +508,14 @@ themes/admin_default/views/admin.html.php 37 DIRTY $theme->a themes/admin_default/views/admin.html.php 43 DIRTY $theme->site_status() themes/admin_default/views/admin.html.php 45 DIRTY $theme->admin_header_top() themes/admin_default/views/admin.html.php 48 DIRTY $csrf -themes/admin_default/views/admin.html.php 52 DIRTY $theme->admin_menu() -themes/admin_default/views/admin.html.php 54 DIRTY $theme->admin_header_bottom() -themes/admin_default/views/admin.html.php 60 DIRTY $theme->messages() -themes/admin_default/views/admin.html.php 61 DIRTY $content -themes/admin_default/views/admin.html.php 67 DIRTY $sidebar -themes/admin_default/views/admin.html.php 72 DIRTY $theme->admin_footer() -themes/admin_default/views/admin.html.php 74 DIRTY $theme->admin_credits() -themes/admin_default/views/admin.html.php 78 DIRTY $theme->admin_page_bottom() +themes/admin_default/views/admin.html.php 54 DIRTY $theme->admin_menu() +themes/admin_default/views/admin.html.php 56 DIRTY $theme->admin_header_bottom() +themes/admin_default/views/admin.html.php 62 DIRTY $theme->messages() +themes/admin_default/views/admin.html.php 63 DIRTY $content +themes/admin_default/views/admin.html.php 69 DIRTY $sidebar +themes/admin_default/views/admin.html.php 74 DIRTY $theme->admin_footer() +themes/admin_default/views/admin.html.php 76 DIRTY $theme->admin_credits() +themes/admin_default/views/admin.html.php 80 DIRTY $theme->admin_page_bottom() themes/admin_default/views/block.html.php 2 DIRTY $id themes/admin_default/views/block.html.php 2 DIRTY $css_id themes/admin_default/views/block.html.php 5 DIRTY $id @@ -544,7 +551,7 @@ themes/default/views/block.html.php 3 DIRTY $css_id themes/default/views/block.html.php 4 DIRTY $title themes/default/views/block.html.php 6 DIRTY $content themes/default/views/dynamic.html.php 4 DIRTY $theme->dynamic_top() -themes/default/views/dynamic.html.php 6 $tag->name +themes/default/views/dynamic.html.php 6 $title themes/default/views/dynamic.html.php 11 DIRTY $child->is_album() themes/default/views/dynamic.html.php 12 DIRTY $theme->thumb_top($child) themes/default/views/dynamic.html.php 13 DIRTY $child->url() diff --git a/modules/gallery/views/l10n_client.html.php b/modules/gallery/views/l10n_client.html.php index c0cbbfa2..c73719ca 100644 --- a/modules/gallery/views/l10n_client.html.php +++ b/modules/gallery/views/l10n_client.html.php @@ -9,7 +9,7 @@ </h2></div> <div class="label source"><h2><?= t("Source") ?></div> <div class="label translation"><h2><?= t("Translation to %language", - array("language" => locale::display_name())) ?></h2></div> + array("language" => locales::display_name())) ?></h2></div> </div> <div id="l10n-client-string-select"> <ul class="string-list"> diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 8ee0c6ba..e246af2c 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -82,17 +82,16 @@ class notification { return $subscribers; } - static function send_item_updated($old, $new) { + static function send_item_updated($item) { $v = new View("item_updated.html"); - $v->old = $old; - $v->new = $new; - $v->subject = $old->is_album() ? - t("Album %title updated", array("title" => $old->title)) : - ($old->is_photo() ? - t("Photo %title updated", array("title" => $old->title)) - : t("Movie %title updated", array("title" => $old->title))); - - self::_notify_subscribers($old, $v->render(), $v->subject); + $v->item = $item; + $v->subject = $item->is_album() ? + t("Album %title updated", array("title" => $item->original("title"))) : + ($item->is_photo() ? + t("Photo %title updated", array("title" => $item->original("title"))) + : t("Movie %title updated", array("title" => $item->original("title")))); + + self::_notify_subscribers($item, $v->render(), $v->subject); } static function send_item_add($item) { diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php index 1cf9ff58..536557c6 100644 --- a/modules/notification/helpers/notification_event.php +++ b/modules/notification/helpers/notification_event.php @@ -18,15 +18,15 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class notification_event_Core { - static function item_updated($old, $new) { - notification::send_item_updated($old, $new); + static function item_updated($item) { + notification::send_item_updated($item); } static function item_created($item) { notification::send_item_add($item); } - static function item_before_delete($item) { + static function item_deleted($item) { notification::send_item_deleted($item); if (notification::is_watching($item)) { @@ -40,8 +40,8 @@ class notification_event_Core { } } - static function comment_updated($old, $new) { - if ($new->state == "published" && $old->state != "published") { + static function comment_updated($item) { + if ($item->state == "published" && $item->original("state") != "published") { notification::send_comment_published($new); } } diff --git a/modules/notification/helpers/notification_menu.php b/modules/notification/helpers/notification_menu.php index 696aad62..87478b8a 100644 --- a/modules/notification/helpers/notification_menu.php +++ b/modules/notification/helpers/notification_menu.php @@ -21,7 +21,7 @@ class notification_menu_Core { static function site($menu, $theme) { if (!user::active()->guest) { $item = $theme->item(); - + if ($item && $item->is_album()) { $watching = notification::is_watching($item); diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php index 0620c50c..39f9113b 100644 --- a/modules/notification/views/item_updated.html.php +++ b/modules/notification/views/item_updated.html.php @@ -7,27 +7,27 @@ <h2> <?= p::clean($subject) ?> </h2> <table> <tr> - <? if ($old->title != $new->title): ?> + <? if ($item->original("title") != $item->title): ?> <td><?= t("New Title:") ?></td> - <td><?= p::clean($new->title) ?></td> + <td><?= p::clean($item->title) ?></td> <? else: ?> <td><?= t("Title:") ?></td> - <td><?= p::clean($new->title) ?></td> + <td><?= p::clean($item->title) ?></td> <? endif ?> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $new->url(array(), true) ?>"><?= $new->url(array(), true) ?></a></td> + <td><a href="<?= $item->url(array(), true) ?>"><?= $item->url(array(), true) ?></a></td> </tr> - <? if ($old->description != $new->description): ?> + <? if ($item->original("description") != $item->description): ?> <tr> <td><?= t("New Description:") ?></td> - <td><?= p::clean($new->description) ?></td> + <td><?= p::clean($item->description) ?></td> </tr> - <? elseif (!empty($new->description)): ?> + <? elseif (!empty($item->description)): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= p::clean($new->description) ?></td> + <td><?= p::clean($item->description) ?></td> </tr> <? endif ?> </table> diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 6792573d..27852904 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -279,8 +279,6 @@ class Organize_Controller extends Controller { $item->rename($form->dirname->value); $item->save(); - module::event("item_updated", $orig, $item); - if ($item->is_album()) { log::success("content", "Updated album", "<a href=\"albums/$item->id\">view</a>"); $message = t("Saved album %album_title", array("album_title" => p::purify($item->title))); @@ -322,8 +320,6 @@ class Organize_Controller extends Controller { $item->sort_order = $form->direction->value; $item->save(); - module::event("item_updated", $orig, $item); - log::success("content", "Updated album", "<a href=\"albums/$item->id\">view</a>"); $message = t("Saved album %album_title", array("album_title" => p::purify($item->title))); print json_encode(array("form" => $form->__toString(), "message" => $message)); diff --git a/modules/search/helpers/search_event.php b/modules/search/helpers/search_event.php index b9657395..764fdd18 100644 --- a/modules/search/helpers/search_event.php +++ b/modules/search/helpers/search_event.php @@ -22,11 +22,11 @@ class search_event_Core { search::update($item); } - static function item_updated($old_item, $new_item) { - search::update($new_item); + static function item_updated($item) { + search::update($item); } - static function item_before_delete($item) { + static function item_deleted($item) { ORM::factory("search_record") ->where("item_id", $item->id) ->delete_all(); diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index 7a170bf8..0164f556 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -59,7 +59,7 @@ class tag_event_Core { return; } - static function item_before_delete($item) { + static function item_deleted($item) { $db = Database::instance(); $db->query("UPDATE {tags} SET `count` = `count` - 1 WHERE `count` > 0 " . "AND `id` IN (SELECT `tag_id` from {items_tags} WHERE `item_id` = $item->id)"); diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index ed3b9736..2af1b879 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -74,7 +74,7 @@ class Password_Controller extends Controller { log::success( "user", - t("Password reset email sent for user %name", array("name" => p::clean($user->name))); + t("Password reset email sent for user %name", array("name" => p::clean($user->name)))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php index 1dace840..04e6efd6 100644 --- a/modules/user/helpers/group.php +++ b/modules/user/helpers/group.php @@ -39,7 +39,6 @@ class group_Core { $group->name = $name; $group->save(); - module::event("group_created", $group); return $group; } diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index a59588f8..53e9052c 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -79,7 +79,7 @@ class user_Core { } private static function _add_locale_dropdown(&$form, $user=null) { - $locales = locale::installed(); + $locales = locales::installed(); if (count($locales) > 1) { // Put "none" at the first position in the array $locales = array_merge(array("" => t("« none »")), $locales); @@ -202,7 +202,6 @@ class user_Core { $user->add(group::registered_users()); $user->save(); - module::event("user_created", $user); return $user; } diff --git a/modules/user/models/group.php b/modules/user/models/group.php index 45948887..bb3fb58b 100644 --- a/modules/user/models/group.php +++ b/modules/user/models/group.php @@ -27,7 +27,22 @@ class Group_Model extends ORM { * @see ORM::delete() */ public function delete($id=null) { + $old = clone $this; module::event("group_before_delete", $this); parent::delete($id); + module::event("group_deleted", $old); + } + + public function save() { + if (!$this->loaded) { + $created = 1; + } + parent::save(); + if (isset($created)) { + module::event("group_created", $this); + } else { + module::event("group_updated", $this); + } + return $this; } }
\ No newline at end of file diff --git a/modules/user/models/user.php b/modules/user/models/user.php index b447892e..0234f186 100644 --- a/modules/user/models/user.php +++ b/modules/user/models/user.php @@ -44,8 +44,10 @@ class User_Model extends ORM { * @see ORM::delete() */ public function delete($id=null) { + $old = clone $this; module::event("user_before_delete", $this); parent::delete($id); + module::event("user_deleted", $old); } /** @@ -57,4 +59,17 @@ class User_Model extends ORM { return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s", md5($this->email), $size, $default ? "&d=" . urlencode($default) : ""); } + + public function save() { + if (!$this->loaded) { + $created = 1; + } + parent::save(); + if (isset($created)) { + module::event("user_created", $this); + } else { + module::event("user_updated", $this); + } + return $this; + } }
\ No newline at end of file |