Results from a round of feedback with Bharat.

Squashed commit of the following:

commit 13dbd3515bfb5324cfbcb3bbeafc179771b54f75
Merge: f0f094c 97400b7
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 30 20:33:02 2011 -0600

    Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto

commit f0f094c3f79b09536f58083681c28f73271c506d
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 30 20:22:49 2011 -0600

    Explain the conditional rename in item::save() with a comment.

commit 1b3a6b85c156e4777d2aa8205b130984f55dc66d
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 30 18:29:34 2011 -0600

    Improve the comment explaining why the data_file extension is important.

commit c3e8c1e3b5e3cb1046acd4c923bb0ae9dbcd603a
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 30 18:12:56 2011 -0600

    The data_file field is public, so we don't need to supply an accessor method.

commit 2375a02e2cdbd1ccaf7dc4d3db9d85119972e3a9
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 30 16:40:55 2011 -0600

    Change the signature of system::tempnam to something more appropriate for Gallery.

commit a8ca9dcf9edd54633c0c78b3af76aa974d38fc64
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 30 16:10:06 2011 -0600

    Change the name of the extensions helper to legal_file.

commit 7e61a01a96f5eab7212dba754ac64fdfb4d9e8ab
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 30 16:08:49 2011 -0600

    Change the name of the extensions helper to legal_file.

commit 4c2b2ebd3f2052898fbfb175650ed4cf49c8006e
Author: Chad Parry <github@chad.parry.org>
Date:   Wed Apr 27 20:52:35 2011 -0600

    Remove a newline at the end of the file that I accidentally introduced.

commit 6d564f185e5279d6cca9a7385066514ff18a2455
Merge: 7ff485f 4060640
Author: Chad Parry <github@chad.parry.org>
Date:   Wed Apr 27 20:35:58 2011 -0600

    Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto

commit 7ff485fa48c392bbbb0370f67cb1bd6fcc00c2a4
Author: Chad Parry <github@chad.parry.org>
Date:   Wed Apr 27 20:29:06 2011 -0600

    Move the extensions helpers out of the Kohana system directory and into their own Gallery Extensions class.

commit 26585fed03236f0f70a75959e1d3002025f4e15e
Merge: 809567f c8f90e8
Author: Chad Parry <github@chad.parry.org>
Date:   Sun Apr 24 08:28:39 2011 -0600

    Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto

commit 809567f12850f59bdeb47a2963f6968b99b5a201
Author: Chad Parry <github@chad.parry.org>
Date:   Sun Apr 24 08:10:04 2011 -0600

    Expose the data file field.

commit fcb06bf175bb9eeff36d9c294e97ace9374ef0f3
Author: Chad Parry <github@chad.parry.org>
Date:   Sun Apr 24 00:45:12 2011 -0600

    Don't assign to the item->name field if the name is unchanged, because the save method will crash.

commit c6ef706d70c7e48bea1145eec1b13fb5683e023f
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 23 22:55:59 2011 -0600

    Preserve old data files long enough for them to be available to event handlers.

commit 0d6a3a3cfc4f38f450db9e18da47a5e2ad826af8
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 23 21:19:47 2011 -0600

    Create a tempnam substitute that safely creates files with a given extension.

commit e149cf7238a1f8eaddfc68580f2d636dd8255795
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 23 16:39:25 2011 -0600

    Support data files that change their extension and MIME type.

commit 6702104f571413e4d57db3515b2070c48d3e9b55
Author: Chad Parry <github@chad.parry.org>
Date:   Sat Apr 23 16:35:00 2011 -0600

    Resolve an infinite recursion that happens when the path caches are updated during saving.

commit 944cb72eea946f4c45a04b7e4c7c33929fa8b9f3
Merge: 567522b 5af74d4
Author: Chad Parry <github@chad.parry.org>
Date:   Fri Apr 22 14:10:42 2011 -0600

    Merge remote branch 'origin/master' into rawphoto

commit 567522bfa08c370bb5baf8454afc5b04bc9e49b4
Author: Chad Parry <github@chad.parry.org>
Date:   Thu Apr 21 20:12:32 2011 -0600

    Add an event for when a new graphics toolkit is chosen.

commit 31ba081b793141ca36866a6dd349cd2eac5af68e
Author: Chad Parry <github@chad.parry.org>
Date:   Thu Apr 21 02:06:53 2011 -0600

    Add an event that will collect all valid filename extensions.

7 files changed, 69 insertions, 14 deletions

diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index ce52cb8d..b6576ec0 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -36,8 +36,8 @@ class Quick_Controller extends Controller {
     }
 
     if ($degrees) {
-      $tmpfile = system::tempnam(TMPPATH, "rotate",
-        "." . pathinfo($item->file_path(), PATHINFO_EXTENSION));
+      $tmpfile = system::temp_filename("rotate",
+        pathinfo($item->file_path(), PATHINFO_EXTENSION));
       gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees), $item);
       $item->set_data_file($tmpfile);
       $item->save();
diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php
index 5f3e9ca4..9c2bf7d7 100644
--- a/modules/gallery/controllers/uploader.php
+++ b/modules/gallery/controllers/uploader.php
@@ -51,7 +51,7 @@ class Uploader_Controller extends Controller {
     $file_validation = new Validation($_FILES);
     $file_validation->add_rules(
       "Filedata", "upload::valid",  "upload::required",
-      "upload::type[" . implode(",", extensions::get_upload_extensions()) . "]");
+      "upload::type[" . implode(",", legal_file::get_extensions()) . "]");
 
     if ($form->validate() && $file_validation->validate()) {
       $temp_filename = upload::save("Filedata");
diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php
new file mode 100644
index 00000000..2cb0fb25
--- /dev/null
+++ b/modules/gallery/helpers/legal_file.php
@@ -0,0 +1,39 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2011 Chad Parry
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class legal_file_Core {
+  static function get_extensions() {
+    // Create a default list of allowed extensions and then let modules modify it.
+    $extensions_wrapper = new stdClass();
+    $extensions_wrapper->extensions = array("gif", "jpg", "jpeg", "png");
+    if (movie::find_ffmpeg()) {
+      array_push($extensions_wrapper->extensions, "flv", "mp4", "m4v");
+    }
+    module::event("legal_file_extensions", $extensions_wrapper);
+    return $extensions_wrapper->extensions;
+  }
+
+  static function get_filters() {
+    $filters = array();
+    foreach (self::get_extensions() as $extension) {
+      array_push($filters, "*." . $extension, "*." . strtoupper($extension));
+    }
+    return $filters;
+  }
+}
diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php
index 31ecafa7..9815d588 100644
--- a/modules/gallery/helpers/system.php
+++ b/modules/gallery/helpers/system.php
@@ -43,15 +43,18 @@ class system_Core {
 
   /**
    * Create a file with a unique file name.
-   * This helper is similar to the built-in tempnam, except that it supports an optional postfix.
+   * This helper is similar to the built-in tempnam.
+   * It allows the caller to specify a prefix and an extension.
+   * It always places the file in TMPPATH.
    */
-  static function tempnam($dir = TMPPATH, $prefix = "", $postfix = "") {
-    return self::_tempnam($dir, $prefix, $postfix, "tempnam");
+  static function temp_filename($prefix = "", $extension = "") {
+    return self::_tempnam(TMPPATH, $prefix, ".$extension", "tempnam");
   }
 
-  // This helper provides a dependency-injected implementation of tempnam.
+  /**
+   * This helper provides a dependency-injected implementation of tempnam.
+   */
   static function _tempnam($dir, $prefix, $postfix, $builtin) {
-    $success = false;
     do {
       $basename = call_user_func($builtin, $dir, $prefix);
       if (!$basename) {
diff --git a/modules/gallery/libraries/Form_Uploadify.php b/modules/gallery/libraries/Form_Uploadify.php
index 884653e2..450320b3 100644
--- a/modules/gallery/libraries/Form_Uploadify.php
+++ b/modules/gallery/libraries/Form_Uploadify.php
@@ -47,7 +47,7 @@ class Form_Uploadify_Core extends Form_Input {
     $v->script_data = $this->data["script_data"];
     $v->simultaneous_upload_limit = module::get_var("gallery", "simultaneous_upload_limit");
     $v->movies_allowed = (bool) movie::find_ffmpeg();
-    $v->extensions = extensions::get_upload_filters();
+    $v->extensions = legal_file::get_filters();
     $v->suhosin_session_encrypt = (bool) ini_get("suhosin.session.encrypt");
 
     list ($toolkit_max_filesize_bytes, $toolkit_max_filesize) = graphics::max_filesize();
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 5ccbe75c..6eb93cfa 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -418,7 +418,11 @@ class Item_Model_Core extends ORM_MPTT {
         // keep it around.
         $original = ORM::factory("item", $this->id);
 
-        // Preserve the extension of the data file.
+        // Preserve the extension of the data file. Many helpers, (e.g. ImageMagick), assume
+        // the MIME type from the extension. So when we adopt the new data file, it's important
+        // to adopt the new extension. That ensures that the item's extension is always
+        // appropriate for its data. We don't try to preserve the name of the data file, though,
+        // because the name is typically a temporary randomly-generated name.
         if (isset($this->data_file)) {
           $extension = pathinfo($this->data_file, PATHINFO_EXTENSION);
           $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension";
@@ -448,11 +452,19 @@ class Item_Model_Core extends ORM_MPTT {
         }
 
         if ($original->parent_id != $this->parent_id || $original->name != $this->name) {
-          // Move all of the items associated data files
           $this->_build_relative_caches();
+          // If there is a data file, then we want to preserve both the old data and the new data.
+          // (Third-party event handlers would like access to both). The old data file will be
+          // accessible via the $original item, and the new one via $this item. But in that case,
+          // we don't want to rename the original as below, because the old data would end up being
+          // clobbered by the new data file. Also, the rename isn't necessary, because the new item
+          // data is coming from the data file anyway. So we only perform the rename if there isn't
+          // a data file. Another way to solve this would be to copy the original file rather than
+          // conditionally rename it, but a copy would cost far more than the rename.
           if (!isset($this->data_file)) {
             @rename($original->file_path(), $this->file_path());
           }
+          // Move all of the items associated data files
           if ($this->is_album()) {
             @rename(dirname($original->resize_path()), dirname($this->resize_path()));
             @rename(dirname($original->thumb_path()), dirname($this->thumb_path()));
@@ -804,7 +816,7 @@ class Item_Model_Core extends ORM_MPTT {
         if (($this->is_movie() || $this->is_photo()) &&
             !preg_match("/^(" .
                         implode("|", array_map("preg_quote",
-                                               extensions::get_upload_extensions())) .
+                                               legal_file::get_extensions())) .
                         ")\$/i", $ext)) {
           $v->add_error("name", "illegal_data_file_extension");
         }
diff --git a/modules/gallery/tests/System_Helper_Test.php b/modules/gallery/tests/System_Helper_Test.php
index 734f98ac..dfe5d9ab 100644
--- a/modules/gallery/tests/System_Helper_Test.php
+++ b/modules/gallery/tests/System_Helper_Test.php
@@ -18,10 +18,11 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class System_Helper_Test extends Gallery_Unit_Test_Case {
-  public function tempnam_random_test() {
-    $filename = system::tempnam(TMPPATH, "file", ".ext");
+  public function temp_filename_random_test() {
+    $filename = system::temp_filename("file", "ext");
     $this->assert_true(file_exists($filename), "File not created");
     unlink($filename);
+    $this->assert_pattern($filename, "|/file.*\\.ext$|");
   }
 
   public function tempnam_collision_test() {