diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2010-03-31 07:14:06 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2010-03-31 07:14:06 -0700 |
| commit | f2ed1eeab2074fc004c604d02bbf2ebe7c1177db (patch) | |
| tree | fe0f4037e44cd33d5716d1a44930ed19ca3a34fc /modules | |
| parent | e56473c5d78842210b7825300bd9b373c104cb83 (diff) | |
| parent | ca977dce516b9e2ca9539db69fce188ed33d971c (diff) | |
Merge branch 'master' into talmdal_dev
Conflicts:
modules/rest/controllers/rest.php
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/g2_import/helpers/g2_import.php | 22 | ||||
| -rw-r--r-- | modules/g2_import/libraries/G2_Import_Exception.php | 39 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 47 | ||||
| -rw-r--r-- | modules/rest/controllers/rest.php | 10 | ||||
| -rw-r--r-- | modules/rest/helpers/rest.php | 12 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_event.php | 14 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_installer.php | 14 | ||||
| -rw-r--r-- | modules/rest/models/user_access_key.php (renamed from modules/rest/models/user_access_token.php) | 2 | ||||
| -rw-r--r-- | modules/rest/module.info | 2 | ||||
| -rw-r--r-- | modules/rest/tests/Rest_Controller_Test.php | 22 |
10 files changed, 106 insertions, 78 deletions
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index 456c13c4..575d02bb 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -265,7 +265,7 @@ class g2_import_Core { $e); } } - + break; case GROUP_ALL_USERS: @@ -1203,23 +1203,3 @@ function g2() { return $args; } } - -/** - * A wrapper for exceptions to report more details in case - * it's a ORM validation exception. - */ -class G2_Import_Exception extends Exception { - public function __construct($message, Exception $previous=null, $additional_messages=null) { - if ($additional_messages) { - $message .= "\n" . implode("\n", $additional_messages); - } - if ($previous && $previous instanceof ORM_Validation_Exception) { - $message .= "\nORM validation errors: " . print_r($previous->validation->errors(), true); - } - if ($previous) { - $message .= "\n" . (string) $previous; - } - // The $previous parameter is supported in PHP 5.3.0+. - parent::__construct($message); - } -}
\ No newline at end of file diff --git a/modules/g2_import/libraries/G2_Import_Exception.php b/modules/g2_import/libraries/G2_Import_Exception.php new file mode 100644 index 00000000..591f51cd --- /dev/null +++ b/modules/g2_import/libraries/G2_Import_Exception.php @@ -0,0 +1,39 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2010 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + +/** + * A wrapper for exceptions to report more details in case + * it's a ORM validation exception. + */ +class G2_Import_Exception extends Exception { + public function __construct($message, Exception $previous=null, $additional_messages=null) { + if ($additional_messages) { + $message .= "\n" . implode("\n", $additional_messages); + } + if ($previous && $previous instanceof ORM_Validation_Exception) { + $message .= "\nORM validation errors: " . print_r($previous->validation->errors(), true); + } + if ($previous) { + $message .= "\n" . (string) $previous; + } + // The $previous parameter is supported in PHP 5.3.0+. + parent::__construct($message); + } +}
\ No newline at end of file diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index a3ca31f4..afad9e13 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -70,12 +70,12 @@ modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY_ATTR $is_ modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY_ATTR $tk->installed?" g-installed-toolkit":" g-unavailable" modules/gallery/views/admin_graphics_imagemagick.html.php 18 DIRTY $tk->error modules/gallery/views/admin_languages.html.php 43 DIRTY access::csrf_form_field() -modules/gallery/views/admin_languages.html.php 60 DIRTY_ATTR (isset($installed_locales[$code]))?"g-available":"" -modules/gallery/views/admin_languages.html.php 60 DIRTY_ATTR ($default_locale==$code)?" g-selected":"" -modules/gallery/views/admin_languages.html.php 61 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code])) -modules/gallery/views/admin_languages.html.php 62 DIRTY $display_name -modules/gallery/views/admin_languages.html.php 64 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"')) -modules/gallery/views/admin_languages.html.php 109 DIRTY $share_translations_form +modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR (isset($installed_locales[$code]))?"g-available":"" +modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR ($default_locale==$code)?" g-selected":"" +modules/gallery/views/admin_languages.html.php 62 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code])) +modules/gallery/views/admin_languages.html.php 63 DIRTY $display_name +modules/gallery/views/admin_languages.html.php 65 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"')) +modules/gallery/views/admin_languages.html.php 110 DIRTY $share_translations_form modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR log::severity_class($task->severity) modules/gallery/views/admin_maintenance.html.php 25 DIRTY_ATTR log::severity_class($task->severity) @@ -121,10 +121,10 @@ modules/gallery/views/admin_themes.html.php 76 DIRTY $info- modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url modules/gallery/views/error_404.html.php 14 DIRTY $login_form -modules/gallery/views/form_uploadify.html.php 30 DIRTY_JS url::file("lib/uploadify/uploadify.swf") -modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") -modules/gallery/views/form_uploadify.html.php 35 DIRTY_JS url::file("lib/uploadify/cancel.png") -modules/gallery/views/form_uploadify.html.php 36 DIRTY_JS $simultaneous_upload_limit +modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") +modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") +modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") +modules/gallery/views/form_uploadify.html.php 15 DIRTY_JS $simultaneous_upload_limit modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form")) modules/gallery/views/in_place_edit.html.php 3 DIRTY access::csrf_form_field() modules/gallery/views/in_place_edit.html.php 6 DIRTY form::input("input",$form["input"]," class=\"textbox\"") @@ -320,19 +320,20 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url -themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme->url() -themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head() -themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top() -themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top() -themes/admin_wind/views/admin.html.php 46 DIRTY_JS item::root()->url() -themes/admin_wind/views/admin.html.php 49 DIRTY $theme->user_menu() -themes/admin_wind/views/admin.html.php 51 DIRTY $theme->admin_menu() -themes/admin_wind/views/admin.html.php 53 DIRTY $theme->admin_header_bottom() -themes/admin_wind/views/admin.html.php 60 DIRTY $content -themes/admin_wind/views/admin.html.php 66 DIRTY $sidebar -themes/admin_wind/views/admin.html.php 71 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 73 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/admin.html.php 9 DIRTY $page_title +themes/admin_wind/views/admin.html.php 22 DIRTY_JS $theme->url() +themes/admin_wind/views/admin.html.php 39 DIRTY $theme->admin_head() +themes/admin_wind/views/admin.html.php 43 DIRTY $theme->admin_page_top() +themes/admin_wind/views/admin.html.php 51 DIRTY $theme->admin_header_top() +themes/admin_wind/views/admin.html.php 52 DIRTY_JS item::root()->url() +themes/admin_wind/views/admin.html.php 55 DIRTY $theme->user_menu() +themes/admin_wind/views/admin.html.php 57 DIRTY $theme->admin_menu() +themes/admin_wind/views/admin.html.php 59 DIRTY $theme->admin_header_bottom() +themes/admin_wind/views/admin.html.php 66 DIRTY $content +themes/admin_wind/views/admin.html.php 72 DIRTY $sidebar +themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_footer() +themes/admin_wind/views/admin.html.php 79 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 83 DIRTY $theme->admin_page_bottom() themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/admin_wind/views/block.html.php 5 DIRTY $id themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index 13594763..410eeece 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -34,7 +34,7 @@ class Rest_Controller extends Controller { auth::login($user); - $key = rest::get_access_token($user->id); + $key = rest::get_access_key($user->id); rest::reply($key->access_key); } @@ -56,15 +56,15 @@ class Rest_Controller extends Controller { } $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method)); - $request->access_token = $input->server("HTTP_X_GALLERY_REQUEST_KEY"); + $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY"); - if (empty($request->access_token) && !empty($request->params->access_token)) { - $request->access_token = $request->params->access_token; + if (empty($request->access_key) && !empty($request->params->access_key)) { + $request->access_key = $request->params->access_key; } $request->url = url::abs_current(true); - rest::set_active_user($request->access_token); + rest::set_active_user($request->access_key); $handler_class = "{$function}_rest"; $handler_method = $request->method; diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 7440350f..49999520 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -37,13 +37,13 @@ class rest_Core { } } - static function set_active_user($access_token) { - if (empty($access_token)) { + static function set_active_user($access_key) { + if (empty($access_key)) { throw new Rest_Exception("Forbidden", 403); } - $key = ORM::factory("user_access_token") - ->where("access_key", "=", $access_token) + $key = ORM::factory("user_access_key") + ->where("access_key", "=", $access_key) ->find(); if (!$key->loaded()) { @@ -58,8 +58,8 @@ class rest_Core { identity::set_active_user($user); } - static function get_access_token($user_id) { - $key = ORM::factory("user_access_token") + static function get_access_key($user_id) { + $key = ORM::factory("user_access_key") ->where("user_id", "=", $user_id) ->find(); diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index 91affe7a..c89436c0 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -24,7 +24,7 @@ class rest_event { */ static function user_before_delete($user) { db::build() - ->delete("user_access_tokens") + ->delete("user_access_keys") ->where("id", "=", $user->id) ->execute(); } @@ -34,7 +34,7 @@ class rest_event { * on every add. */ static function user_add_form_admin_completed($user, $form) { - $key = ORM::factory("user_access_token"); + $key = ORM::factory("user_access_key"); $key->user_id = $user->id; $key->access_key = md5($user->name . rand()); $key->save(); @@ -58,7 +58,7 @@ class rest_event { * Get the form fields for user edit */ static function _get_access_key_form($user, $form) { - $key = ORM::factory("user_access_token") + $key = ORM::factory("user_access_key") ->where("user_id", "=", $user->id) ->find(); @@ -68,7 +68,7 @@ class rest_event { $key->save(); } - $form->edit_user->input("user_access_token") + $form->edit_user->input("user_access_key") ->value($key->access_key) ->readonly("readonly") ->class("g-form-static") @@ -87,9 +87,9 @@ class rest_event { } $view = new View("user_profile_rest.html"); - $key = ORM::factory("user_access_token") - ->where("user_id", "=", $data->user->id) - ->find(); + $key = ORM::factory("user_access_key") + ->where("user_id", "=", $data->user->id) + ->find(); if (!$key->loaded()) { $key->user_id = $data->user->id; diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php index f69f62d1..aeb9573e 100644 --- a/modules/rest/helpers/rest_installer.php +++ b/modules/rest/helpers/rest_installer.php @@ -20,7 +20,7 @@ class rest_installer { static function install() { Database::instance() - ->query("CREATE TABLE {user_access_tokens} ( + ->query("CREATE TABLE {user_access_keys} ( `id` int(9) NOT NULL auto_increment, `user_id` int(9) NOT NULL, `access_key` char(32) NOT NULL, @@ -28,10 +28,18 @@ class rest_installer { UNIQUE KEY(`access_key`), UNIQUE KEY(`user_id`)) DEFAULT CHARSET=utf8;"); - module::set_version("rest", 1); + module::set_version("rest", 2); + } + + static function upgrade($version) { + $db = Database::instance(); + if ($version == 1) { + $db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}"); + module::set_version("rest", $version = 2); + } } static function uninstall() { - Database::instance()->query("DROP TABLE IF EXISTS {user_access_tokens}"); + Database::instance()->query("DROP TABLE IF EXISTS {user_access_keys}"); } } diff --git a/modules/rest/models/user_access_token.php b/modules/rest/models/user_access_key.php index 44330768..1da0f5eb 100644 --- a/modules/rest/models/user_access_token.php +++ b/modules/rest/models/user_access_key.php @@ -17,5 +17,5 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -class User_Access_Token_Model extends ORM { +class User_Access_Key_Model extends ORM { } diff --git a/modules/rest/module.info b/modules/rest/module.info index 45bd79e4..3ab7e165 100644 --- a/modules/rest/module.info +++ b/modules/rest/module.info @@ -1,4 +1,4 @@ name = "REST Access Module" description = "The RESTful implementation/interface to Gallery3" -version = 1 +version = 2 diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php index 21be8300..6d09b214 100644 --- a/modules/rest/tests/Rest_Controller_Test.php +++ b/modules/rest/tests/Rest_Controller_Test.php @@ -21,7 +21,7 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { public function setup() { $this->_save = array($_GET, $_POST, $_SERVER); - $key = rest::get_access_token(1); // admin user + $key = rest::get_access_key(1); // admin user $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key; } @@ -34,14 +34,14 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { // There's no access key at first $this->assert_false( - ORM::factory("user_access_token")->where("user_id", "=", $user->id)->find()->loaded()); + ORM::factory("user_access_key")->where("user_id", "=", $user->id)->find()->loaded()); $_POST["user"] = $user->name; $_POST["password"] = "password"; $response = test::call_and_capture(array(new Rest_Controller(), "index")); $expected = - ORM::factory("user_access_token")->where("user_id", "=", $user->id)->find()->access_key; + ORM::factory("user_access_key")->where("user_id", "=", $user->id)->find()->access_key; // Now there is an access key, and it was returned $this->assert_equal(json_encode($expected), $response); @@ -82,11 +82,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["REQUEST_METHOD"] = "GET"; $_GET["key"] = "value"; - $key = rest::get_access_token(1); // admin user + $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "get", - "access_token" => $key->access_key, + "access_key" => $key->access_key, "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -95,11 +95,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["REQUEST_METHOD"] = "POST"; $_POST["key"] = "value"; - $key = rest::get_access_token(1); // admin user + $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "post", - "access_token" => $key->access_key, + "access_key" => $key->access_key, "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -109,11 +109,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put"; $_POST["key"] = "value"; - $key = rest::get_access_token(1); // admin user + $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "put", - "access_token" => $key->access_key, + "access_key" => $key->access_key, "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -123,11 +123,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete"; $_POST["key"] = "value"; - $key = rest::get_access_token(1); // admin user + $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "delete", - "access_token" => $key->access_key, + "access_key" => $key->access_key, "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } |