diff options
| -rw-r--r-- | .build_number | 2 | ||||
| -rw-r--r-- | application/Bootstrap.php | 2 | ||||
| -rw-r--r-- | modules/gallery/libraries/MY_Kohana.php | 45 | ||||
| -rw-r--r-- | modules/gallery/tests/Movie_Helper_Test.php | 3 | ||||
| -rw-r--r-- | modules/gallery/tests/Photo_Helper_Test.php | 3 | ||||
| -rw-r--r-- | modules/gallery/tests/controller_auth_data.txt | 1 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 13 | ||||
| -rw-r--r-- | modules/search/views/search.html.php | 6 | ||||
| -rw-r--r-- | modules/search/views/search_link.html.php | 19 |
9 files changed, 74 insertions, 20 deletions
diff --git a/.build_number b/.build_number index ee5a0def..a7bb78ad 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=353 +build_number=356 diff --git a/application/Bootstrap.php b/application/Bootstrap.php index 93353b47..a79ccba4 100644 --- a/application/Bootstrap.php +++ b/application/Bootstrap.php @@ -35,7 +35,7 @@ require SYSPATH.'core/Event'.EXT; final class Event extends Event_Core {} require SYSPATH.'core/Kohana'.EXT; -final class Kohana extends Kohana_Core {} +require MODPATH.'gallery/libraries/MY_Kohana'.EXT; require SYSPATH.'core/Kohana_Exception'.EXT; require MODPATH.'gallery/libraries/MY_Kohana_Exception'.EXT; diff --git a/modules/gallery/libraries/MY_Kohana.php b/modules/gallery/libraries/MY_Kohana.php new file mode 100644 index 00000000..d344c8ed --- /dev/null +++ b/modules/gallery/libraries/MY_Kohana.php @@ -0,0 +1,45 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +final class Kohana extends Kohana_Core { + /** + * Wrapper function for Kohana::auto_load that provides compatibility with Zend Guard Loader's + * code obfuscation. Zend Guard is enabled by default on many PHP 5.3+ installations and can + * cause problems with Kohana 2.4. When a class is not found, Zend Guard Loader may continue to + * try and load the class, eventually leading to a seg fault. + * + * Instead, if we can't find the class and we can see that code obfuscation is at level 3+, let's + * load a dummy class. This does not change the return value, so Kohana still knows that + * there is no class. + * + * This is based on the patch described here: http://blog.teatime.com.tw/1/post/403 + */ + public static function auto_load($class) { + $found = parent::auto_load($class); + + if (!$found && function_exists("zend_current_obfuscation_level") && + (zend_current_obfuscation_level() >= 3)) { + // Load a dummy class instead. + eval("class $class {}"); + } + + // Return the same result. + return $found; + } +}
\ No newline at end of file diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php index 03fa2da9..9107827a 100644 --- a/modules/gallery/tests/Movie_Helper_Test.php +++ b/modules/gallery/tests/Movie_Helper_Test.php @@ -71,6 +71,7 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case { } catch (Exception $e) { // pass } + unlink(TMPPATH . "test_flv_with_no_extension"); } public function get_file_metadata_with_illegal_extension_test() { @@ -91,6 +92,7 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case { } catch (Exception $e) { // pass } + unlink(TMPPATH . "test_flv_with_php_extension.php"); } public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() { @@ -101,5 +103,6 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case { // therefore will never be executed. $this->assert_equal(array(0, 0, "video/x-flv", "flv", 0), movie::get_file_metadata(TMPPATH . "test_php_with_flv_extension.flv")); + unlink(TMPPATH . "test_php_with_flv_extension.flv"); } } diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php index 79b5ccfd..7ba8324f 100644 --- a/modules/gallery/tests/Photo_Helper_Test.php +++ b/modules/gallery/tests/Photo_Helper_Test.php @@ -37,6 +37,7 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case { copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_no_extension"); $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), photo::get_file_metadata(TMPPATH . "test_jpg_with_no_extension")); + unlink(TMPPATH . "test_jpg_with_no_extension"); } public function get_file_metadata_with_illegal_extension_test() { @@ -56,6 +57,7 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case { copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_php_extension.php"); $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php")); + unlink(TMPPATH . "test_jpg_with_php_extension.php"); } public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() { @@ -66,5 +68,6 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case { } catch (Exception $e) { // pass } + unlink(TMPPATH . "test_php_with_jpg_extension.jpg"); } } diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 9473f9f6..4cd9f047 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -1,6 +1,5 @@ modules/comment/controllers/admin_manage_comments.php queue DIRTY_CSRF modules/comment/helpers/comment_rss.php feed DIRTY_AUTH -modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH modules/g2_import/controllers/admin_g2_import.php autocomplete DIRTY_CSRF modules/g2_import/controllers/g2.php map DIRTY_CSRF modules/gallery/controllers/admin.php __call DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 67a8b948..457c157f 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -39,8 +39,6 @@ modules/comment/views/comments.html.php 31 DIRTY_ATTR $com modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id modules/comment/views/user_profile_comments.html.php 10 DIRTY_JS $comment->item()->url() modules/comment/views/user_profile_comments.html.php 11 DIRTY $comment->item()->thumb_img(array(),50) -modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php") -modules/digibug/views/digibug_form.html.php 6 DIRTY form::hidden($key,$value) modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] modules/g2_import/views/admin_g2_import.html.php 7 DIRTY_JS url::site("__ARGS__") @@ -343,13 +341,12 @@ modules/rss/views/feed.mrss.php 67 DIRTY_ATTR $ite modules/rss/views/feed.mrss.php 68 DIRTY_ATTR $item->height modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $item->width modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) -modules/search/views/search.html.php 39 DIRTY_ATTR $item_class -modules/search/views/search.html.php 40 DIRTY_JS $item->url() -modules/search/views/search.html.php 41 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) modules/search/views/search.html.php 43 DIRTY_ATTR $item_class -modules/search/views/search.html.php 53 DIRTY $theme->paginator() -modules/search/views/search_link.html.php 14 DIRTY_ATTR $item->id -modules/search/views/search_link.html.php 16 DIRTY_ATTR $item->parent_id +modules/search/views/search.html.php 44 DIRTY_JS $item->url() +modules/search/views/search.html.php 45 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) +modules/search/views/search.html.php 47 DIRTY_ATTR $item_class +modules/search/views/search.html.php 57 DIRTY $theme->paginator() +modules/search/views/search_link.html.php 15 DIRTY_ATTR $album_id modules/server_add/views/admin_server_add.html.php 8 DIRTY_JS url::site("__ARGS__") modules/server_add/views/admin_server_add.html.php 19 DIRTY $form modules/server_add/views/admin_server_add.html.php 30 DIRTY_ATTR $id diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index f1906744..a42c31dd 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -7,7 +7,11 @@ </legend> <ul> <li> - <label for="q"><?= t("Search the gallery") ?></label> + <? if ($album->id == item::root()->id): ?> + <label for="q"><?= t("Search the gallery") ?></label> + <? else: ?> + <label for="q"><?= t("Search this album") ?></label> + <? endif; ?> <input name="album" type="hidden" value="<?= html::clean_attribute($album->id) ?>" /> <input name="q" id="q" type="text" value="<?= html::clean_attribute($q) ?>" class="text" /> </li> diff --git a/modules/search/views/search_link.html.php b/modules/search/views/search_link.html.php index be3305b7..4f9abc1a 100644 --- a/modules/search/views/search_link.html.php +++ b/modules/search/views/search_link.html.php @@ -1,19 +1,22 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <form action="<?= url::site("search") ?>" id="g-quick-search-form" class="g-short-form"> + <? if (isset($item)): ?> + <? $album_id = $item->is_album() ? $item->id : $item->parent_id; ?> + <? else: ?> + <? $album_id = item::root()->id; ?> + <? endif; ?> <ul> <li> - <label for="g-search"><?= t("Search the gallery") ?></label> + <? if ($album_id == item::root()->id): ?> + <label for="g-search"><?= t("Search the gallery") ?></label> + <? else: ?> + <label for="g-search"><?= t("Search this album") ?></label> + <? endif; ?> + <input type="hidden" name="album" value="<?= $album_id ?>" /> <input type="text" name="q" id="g-search" class="text" /> </li> <li> <input type="submit" value="<?= t("Go")->for_html_attr() ?>" class="submit" /> </li> </ul> - <? if (isset($item) && $item instanceof Item_Model_Core): ?> - <? if ($item->is_album()): ?> - <input type="hidden" name="album" value="<?= $item->id ?>" /> - <? else: ?> - <input type="hidden" name="album" value="<?= $item->parent_id ?>" /> - <? endif; ?> - <? endif; ?> </form> |