diff options
| -rw-r--r-- | .build_number | 2 | ||||
| -rw-r--r-- | index.php | 3 | ||||
| -rw-r--r-- | installer/install.sql | 6 | ||||
| -rw-r--r-- | modules/gallery/controllers/file_proxy.php | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/uploader.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_installer.php | 34 | ||||
| -rw-r--r-- | modules/gallery/helpers/graphics.php | 26 | ||||
| -rw-r--r-- | modules/gallery/helpers/item.php | 7 | ||||
| -rw-r--r-- | modules/gallery/helpers/item_rest.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/legal_file.php | 55 | ||||
| -rw-r--r-- | modules/gallery/helpers/movie.php | 80 | ||||
| -rw-r--r-- | modules/gallery/helpers/photo.php | 17 | ||||
| -rw-r--r-- | modules/gallery/libraries/ORM_MPTT.php | 3 | ||||
| -rw-r--r-- | modules/gallery/module.info | 2 | ||||
| -rw-r--r-- | modules/search/controllers/search.php | 35 | ||||
| -rw-r--r-- | modules/search/helpers/search.php | 41 | ||||
| -rw-r--r-- | modules/search/views/search.html.php | 12 | ||||
| -rw-r--r-- | modules/search/views/search_link.html.php | 7 | ||||
| -rw-r--r-- | themes/admin_wind/views/admin.html.php | 1 | ||||
| -rw-r--r-- | themes/wind/views/page.html.php | 3 |
20 files changed, 277 insertions, 65 deletions
diff --git a/.build_number b/.build_number index 83ac23ec..96f7df1c 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=255 +build_number=266 @@ -51,6 +51,9 @@ ini_set("display_errors", false); // Ajax code. ini_set("session.use_trans_sid", false); +// Restrict all response frames to the same origin for security +header("X-Frame-Options: SAMEORIGIN"); + define("EXT", ".php"); define("DOCROOT", getcwd() . "/"); define("KOHANA", "index.php"); diff --git a/installer/install.sql b/installer/install.sql index aee0900c..b01c5a7c 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -244,7 +244,7 @@ CREATE TABLE {modules} ( KEY `weight` (`weight`) ) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; -INSERT INTO {modules} VALUES (1,1,'gallery',50,1); +INSERT INTO {modules} VALUES (1,1,'gallery',53,1); INSERT INTO {modules} VALUES (2,1,'user',4,2); INSERT INTO {modules} VALUES (3,1,'comment',7,3); INSERT INTO {modules} VALUES (4,1,'organize',4,4); @@ -382,7 +382,7 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) AUTO_INCREMENT=44 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=46 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {vars} VALUES (NULL,'gallery','active_site_theme','wind'); INSERT INTO {vars} VALUES (NULL,'gallery','active_admin_theme','admin_wind'); @@ -414,6 +414,8 @@ INSERT INTO {vars} VALUES (NULL,'gallery','email_header_separator','s:1:\"\n\";' INSERT INTO {vars} VALUES (NULL,'gallery','show_user_profiles_to','registered_users'); INSERT INTO {vars} VALUES (NULL,'gallery','extra_binary_paths','/usr/local/bin:/opt/local/bin:/opt/bin'); INSERT INTO {vars} VALUES (NULL,'gallery','timezone',NULL); +INSERT INTO {vars} VALUES (NULL,'gallery','lock_timeout','1'); +INSERT INTO {vars} VALUES (NULL,'gallery','movie_extract_frame_time','3'); INSERT INTO {vars} VALUES (NULL,'gallery','blocks_site_sidebar','a:4:{i:10;a:2:{i:0;s:7:\"gallery\";i:1;s:8:\"language\";}i:11;a:2:{i:0;s:4:\"info\";i:1;s:8:\"metadata\";}i:12;a:2:{i:0;s:3:\"rss\";i:1;s:9:\"rss_feeds\";}i:13;a:2:{i:0;s:3:\"tag\";i:1;s:3:\"tag\";}}'); INSERT INTO {vars} VALUES (NULL,'gallery','identity_provider','user'); INSERT INTO {vars} VALUES (NULL,'user','minimum_password_length','5'); diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 49aa9c5a..b9ff7df1 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -68,10 +68,10 @@ class File_Proxy_Controller extends Controller { $item = item::find_by_path($path); if (!$item->loaded()) { // We didn't turn it up. If we're looking for a .jpg then it's it's possible that we're - // requesting the thumbnail for a movie. In that case, the .flv, .mp4 or .m4v file would + // requesting the thumbnail for a movie. In that case, the movie file would // have been converted to a .jpg. So try some alternate types: if (preg_match('/.jpg$/', $path)) { - foreach (array("flv", "mp4", "m4v") as $ext) { + foreach (legal_file::get_movie_extensions() as $ext) { $movie_path = preg_replace('/.jpg$/', ".$ext", $path); $item = item::find_by_path($movie_path); if ($item->loaded()) { diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 4ea55ff6..ecb0ca89 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -69,7 +69,7 @@ class Uploader_Controller extends Controller { $path_info = @pathinfo($temp_filename); if (array_key_exists("extension", $path_info) && - in_array(strtolower($path_info["extension"]), array("flv", "mp4", "m4v"))) { + in_array(strtolower($path_info["extension"]), legal_file::get_movie_extensions())) { $item->type = "movie"; $item->save(); log::success("content", t("Added a movie"), diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index e556b49a..597771f3 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -312,8 +312,10 @@ class gallery_installer { module::set_var("gallery", "show_user_profiles_to", "registered_users"); module::set_var("gallery", "extra_binary_paths", "/usr/local/bin:/opt/local/bin:/opt/bin"); module::set_var("gallery", "timezone", null); + module::set_var("gallery", "lock_timeout", 1); + module::set_var("gallery", "movie_extract_frame_time", 3); - module::set_version("gallery", 50); + module::set_version("gallery", 53); } static function upgrade($version) { @@ -687,7 +689,7 @@ class gallery_installer { if ($version == 47 || $version == 48) { // Add configuration variable to set timezone. Defaults to the currently - // used timezone (from PHP configuration). Note that in v48 we werew + // used timezone (from PHP configuration). Note that in v48 we were // setting this value incorrectly, so we're going to stomp this value for v49. module::set_var("gallery", "timezone", null); module::set_version("gallery", $version = 49); @@ -713,6 +715,34 @@ class gallery_installer { } module::set_version("gallery", $version = 50); } + + if ($version == 50) { + // In v51, we added a lock_timeout variable so that administrators could edit the time out + // from 1 second to a higher variable if their system runs concurrent parallel uploads for + // instance. + module::set_var("gallery", "lock_timeout", 1); + module::set_version("gallery", $version = 51); + } + + if ($version == 51) { + // In v52, we added functions to the legal_file helper that map photo and movie file + // extensions to their mime types (and allow extension of the list by other modules). During + // this process, we correctly mapped m4v files to video/x-m4v, correcting a previous error + // where they were mapped to video/mp4. This corrects the existing items. + db::build() + ->update("items") + ->set("mime_type", "video/x-m4v") + ->where("name", "REGEXP", "\.m4v$") // case insensitive since name column is utf8_general_ci + ->execute(); + module::set_version("gallery", $version = 52); + } + + if ($version == 52) { + // In v53, we added the ability to change the default time used when extracting frames from + // movies. Previously we hard-coded this at 3 seconds, so we use that as the default. + module::set_var("gallery", "movie_extract_frame_time", 3); + module::set_version("gallery", $version = 53); + } } static function uninstall() { diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index c19fbe6d..c7f87403 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -155,13 +155,27 @@ class graphics_Core { try { foreach ($ops as $target => $output_file) { if ($input_item->is_movie()) { - // Convert the movie to a JPG first + // Convert the movie filename to a JPG first, delete anything that might already be there $output_file = legal_file::change_extension($output_file, "jpg"); - try { - movie::extract_frame($input_file, $output_file); - } catch (Exception $e) { - // Assuming this is MISSING_FFMPEG for now - copy(MODPATH . "gallery/images/missing_movie.jpg", $output_file); + unlink($output_file); + // Run movie_extract_frame events, which can either: + // - generate an output file, bypassing the ffmpeg-based movie::extract_frame + // - add to the options sent to movie::extract_frame (e.g. change frame extract time, + // add de-interlacing arguments to ffmpeg... see movie helper for more info) + // Note that the args are similar to those of the events in gallery_graphics + $movie_options_wrapper = new stdClass(); + $movie_options_wrapper->movie_options = array(); + module::event("movie_extract_frame", $input_file, $output_file, + $movie_options_wrapper, $input_item); + // If no output_file generated by events, run movie::extract_frame with movie_options + clearstatcache(); + if (@filesize($output_file) == 0) { + try { + movie::extract_frame($input_file, $output_file, $movie_options_wrapper->movie_options); + } catch (Exception $e) { + // Didn't work, likely because of MISSING_FFMPEG - copy missing_movie instead + copy(MODPATH . "gallery/images/missing_movie.jpg", $output_file); + } } $working_file = $output_file; } else { diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index d8b660d9..b739e8bd 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -415,6 +415,13 @@ class item_Core { } /** + * Get rid of the display context callback + */ + static function clear_display_context_callback() { + Cache::instance()->delete("display_context_" . $sid = Session::instance()->id()); + } + + /** * Call the display context callback for the given item */ static function get_display_context($item) { diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 14580cd9..43fec3ab 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -150,7 +150,7 @@ class item_rest_Core { static function post($request) { $parent = rest::resolve($request->url); - access::required("edit", $parent); + access::required("add", $parent); $entity = $request->params->entity; $item = ORM::factory("item"); diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index bd48d7b7..b3622764 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -19,11 +19,53 @@ */ class legal_file_Core { /** + * Create a default list of allowed photo MIME types paired with their extensions and then let + * modules modify it. This is an ordered map, mapping extensions to their MIME types. + * Extensions cannot be duplicated, but MIMEs can (e.g. jpeg and jpg both map to image/jpeg). + * + * @param string $extension (opt.) - return MIME of extension; if not given, return complete array + */ + static function get_photo_types_by_extension($extension=NULL) { + $types_by_extension_wrapper = new stdClass(); + $types_by_extension_wrapper->types_by_extension = array( + "jpg" => "image/jpeg", "jpeg" => "image/jpeg", "gif" => "image/gif", "png" => "image/png"); + module::event("photo_types_by_extension", $types_by_extension_wrapper); + if ($extension) { + // return matching MIME type + return $types_by_extension_wrapper->types_by_extension[$extension]; + } else { + // return complete array + return $types_by_extension_wrapper->types_by_extension; + } + } + + /** + * Create a default list of allowed movie MIME types paired with their extensions and then let + * modules modify it. This is an ordered map, mapping extensions to their MIME types. + * Extensions cannot be duplicated, but MIMEs can (e.g. jpeg and jpg both map to image/jpeg). + * + * @param string $extension (opt.) - return MIME of extension; if not given, return complete array + */ + static function get_movie_types_by_extension($extension=NULL) { + $types_by_extension_wrapper = new stdClass(); + $types_by_extension_wrapper->types_by_extension = array( + "flv" => "video/x-flv", "mp4" => "video/mp4", "m4v" => "video/x-m4v"); + module::event("movie_types_by_extension", $types_by_extension_wrapper); + if ($extension) { + // return matching MIME type + return $types_by_extension_wrapper->types_by_extension[$extension]; + } else { + // return complete array + return $types_by_extension_wrapper->types_by_extension; + } + } + + /** * Create a default list of allowed photo extensions and then let modules modify it. */ static function get_photo_extensions() { $extensions_wrapper = new stdClass(); - $extensions_wrapper->extensions = array("gif", "jpg", "jpeg", "png"); + $extensions_wrapper->extensions = array_keys(legal_file::get_photo_types_by_extension()); module::event("legal_photo_extensions", $extensions_wrapper); return $extensions_wrapper->extensions; } @@ -33,7 +75,7 @@ class legal_file_Core { */ static function get_movie_extensions() { $extensions_wrapper = new stdClass(); - $extensions_wrapper->extensions = array("flv", "mp4", "m4v"); + $extensions_wrapper->extensions = array_keys(legal_file::get_movie_types_by_extension()); module::event("legal_movie_extensions", $extensions_wrapper); return $extensions_wrapper->extensions; } @@ -63,20 +105,25 @@ class legal_file_Core { /** * Create a default list of allowed photo MIME types and then let modules modify it. + * Can be used to add legal alternatives for default MIME types. + * (e.g. flv maps to video/x-flv by default, but video/flv is still legal). */ static function get_photo_types() { $types_wrapper = new stdClass(); - $types_wrapper->types = array("image/jpeg", "image/gif", "image/png"); + $types_wrapper->types = array_values(legal_file::get_photo_types_by_extension()); module::event("legal_photo_types", $types_wrapper); return $types_wrapper->types; } /** * Create a default list of allowed movie MIME types and then let modules modify it. + * Can be used to add legal alternatives for default MIME types. + * (e.g. flv maps to video/x-flv by default, but video/flv is still legal). */ static function get_movie_types() { $types_wrapper = new stdClass(); - $types_wrapper->types = array("video/flv", "video/x-flv", "video/mp4"); + $types_wrapper->types = array_values(legal_file::get_movie_types_by_extension()); + $types_wrapper->types[] = "video/flv"; module::event("legal_movie_types", $types_wrapper); return $types_wrapper->types; } diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index b54811df..6d70ab2d 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -57,27 +57,53 @@ class movie_Core { return $form; } - static function extract_frame($input_file, $output_file) { + /** + * Extract a frame from a movie file. Valid movie_options are start_time (in seconds), + * input_args (extra ffmpeg input args) and output_args (extra ffmpeg output args). Extra args + * are added at the end of the list, so they can override any prior args. + * + * @param string $input_file + * @param string $output_file + * @param array $movie_options (optional) + */ + static function extract_frame($input_file, $output_file, $movie_options=NULL) { $ffmpeg = movie::find_ffmpeg(); if (empty($ffmpeg)) { throw new Exception("@todo MISSING_FFMPEG"); } - $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($input_file) . - " -an -ss 00:00:03 -an -r 1 -vframes 1" . - " -y -f mjpeg " . escapeshellarg($output_file) . " 2>&1"; - exec($cmd); + list($width, $height, $mime_type, $extension, $duration) = movie::get_file_metadata($input_file); + + if (is_numeric($movie_options["start_time"])) { + $start_time = max(0, $movie_options["start_time"]); // ensure it's non-negative + } else { + $start_time = module::get_var("gallery", "movie_extract_frame_time", 3); // use default + } + // extract frame at start_time, unless movie is too short + $start_time_arg = ($duration >= $start_time + 0.1) ? + "-ss " . date("H:i:s", mktime(0,0,$start_time,0,0,0,0)) : ""; + + $input_args = $movie_options["input_args"] ? $movie_options["input_args"] : ""; + $output_args = $movie_options["output_args"] ? $movie_options["output_args"] : ""; + + $cmd = escapeshellcmd($ffmpeg) . " $input_args -i " . escapeshellarg($input_file) . + " -an $start_time_arg -an -r 1 -vframes 1" . + " -s {$width}x{$height}" . + " -y -f mjpeg $output_args " . escapeshellarg($output_file) . " 2>&1"; + exec($cmd, $exec_output, $exec_return); clearstatcache(); // use $filename parameter when PHP_version is 5.3+ - if (filesize($output_file) == 0) { - // Maybe the movie is shorter, fall back to the first frame. - $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($input_file) . - " -an -an -r 1 -vframes 1" . - " -y -f mjpeg " . escapeshellarg($output_file) . " 2>&1"; - exec($cmd); + if (filesize($output_file) == 0 || $exec_return) { + // Maybe the movie needs the "-threads 1" argument added + // (see http://sourceforge.net/apps/trac/gallery/ticket/1924) + $cmd = escapeshellcmd($ffmpeg) . " -threads 1 $input_args -i " . escapeshellarg($input_file) . + " -an $start_time_arg -an -r 1 -vframes 1" . + " -s {$width}x{$height}" . + " -y -f mjpeg $output_args " . escapeshellarg($output_file) . " 2>&1"; + exec($cmd, $exec_output, $exec_return); clearstatcache(); - if (filesize($output_file) == 0) { + if (filesize($output_file) == 0 || $exec_return) { throw new Exception("@todo FFMPEG_FAILED"); } } @@ -96,7 +122,7 @@ class movie_Core { } /** - * Return the width, height, mime_type and extension of the given movie file. + * Return the width, height, mime_type, extension and duration of the given movie file. */ static function get_file_metadata($file_path) { $ffmpeg = movie::find_ffmpeg(); @@ -106,18 +132,32 @@ class movie_Core { $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($file_path) . " 2>&1"; $result = `$cmd`; - if (preg_match("/Stream.*?Video:.*?, (\d+)x(\d+)/", $result, $regs)) { - list ($width, $height) = array($regs[1], $regs[2]); + if (preg_match("/Stream.*?Video:.*?, (\d+)x(\d+)/", $result, $matches_res)) { + if (preg_match("/Stream.*?Video:.*? \[.*?DAR (\d+):(\d+).*?\]/", $result, $matches_dar) && + $matches_dar[1] >= 1 && $matches_dar[2] >= 1) { + // DAR is defined - determine width based on height and DAR + // (should always be int, but adding round to be sure) + $matches_res[1] = round($matches_res[2] * $matches_dar[1] / $matches_dar[2]); + } + list ($width, $height) = array($matches_res[1], $matches_res[2]); } else { list ($width, $height) = array(0, 0); } - $pi = pathinfo($file_path); - $extension = isset($pi["extension"]) ? $pi["extension"] : "flv"; // No extension? Assume FLV. - $mime_type = in_array(strtolower($extension), array("mp4", "m4v")) ? - "video/mp4" : "video/x-flv"; + $extension = strtolower(pathinfo($file_path, PATHINFO_EXTENSION)); + $extension = $extension ? $extension : "flv"; // No extension? Assume FLV. + $mime_type = legal_file::get_movie_types_by_extension($extension); + $mime_type = $mime_type ? $mime_type : "video/x-flv"; // No MIME found? Default to video/x-flv. + + if (preg_match("/Duration: (\d+):(\d+):(\d+\.\d+)/", $result, $matches)) { + $duration = 3600 * $matches[1] + 60 * $matches[2] + $matches[3]; + } else if (preg_match("/duration.*?:.*?(\d+)/", $result, $matches)) { + $duration = $matches[1]; + } else { + $duration = 0; + } - return array($width, $height, $mime_type, $extension); + return array($width, $height, $mime_type, $extension, $duration); } } diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 9f2951d5..c4001bd5 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -83,10 +83,17 @@ class photo_Core { */ static function get_file_metadata($file_path) { $image_info = getimagesize($file_path); - $width = $image_info[0]; - $height = $image_info[1]; - $mime_type = $image_info["mime"]; - $extension = image_type_to_extension($image_info[2], false); - return array($width, $height, $mime_type, $extension); + if ($image_info) { + $width = $image_info[0]; + $height = $image_info[1]; + $mime_type = $image_info["mime"]; + $extension = image_type_to_extension($image_info[2], false); + return array($width, $height, $mime_type, $extension); + } else { + // getimagesize failed - use legal_file mapping instead. + $extension = strtolower(pathinfo($file_path, PATHINFO_EXTENSION)); + $mime_type = legal_file::get_photo_types_by_extension($extension); + return array(0, 0, $mime_type, $extension); + } } } diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index 534dd13b..ce0b102c 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -324,7 +324,8 @@ class ORM_MPTT_Core extends ORM { * Lock the tree to prevent concurrent modification. */ protected function lock() { - $result = $this->db->query("SELECT GET_LOCK('{$this->table_name}', 1) AS l")->current(); + $timeout = module::get_var("gallery", "lock_timeout"); + $result = $this->db->query("SELECT GET_LOCK('{$this->table_name}', $timeout) AS l")->current(); if (empty($result->l)) { throw new Exception("@todo UNABLE_TO_LOCK_EXCEPTION"); } diff --git a/modules/gallery/module.info b/modules/gallery/module.info index a905a241..64cad0a7 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,6 +1,6 @@ name = "Gallery 3" description = "Gallery core application" -version = 50 +version = 53 author_name = "Gallery Team" author_url = "http://codex.gallery2.org/Gallery:Team" info_url = "http://codex.gallery2.org/Gallery3:Modules:gallery" diff --git a/modules/search/controllers/search.php b/modules/search/controllers/search.php index 235cc90e..52eb973c 100644 --- a/modules/search/controllers/search.php +++ b/modules/search/controllers/search.php @@ -24,12 +24,21 @@ class Search_Controller extends Controller { $q_with_more_terms = search::add_query_terms($q); $show = Input::instance()->get("show"); + $album_id = Input::instance()->get("album", item::root()->id); + $album = ORM::factory("item", $album_id); + if (!access::can("view", $album) || !$album->is_album()) { + $album = item::root(); + } + if ($show) { $child = ORM::factory("item", $show); - $index = search::get_position($child, $q_with_more_terms); + $index = search::get_position_within_album($child, $q_with_more_terms, $album); if ($index) { $page = ceil($index / $page_size); - url::redirect(url::abs_site("search?q=" . urlencode($q) . ($page == 1 ? "" : "&page=$page"))); + url::redirect(url::abs_site("search" . + "?q=" . urlencode($q) . + "&album=" . urlencode($album->id) . + ($page == 1 ? "" : "&page=$page"))); } } @@ -42,7 +51,8 @@ class Search_Controller extends Controller { $offset = ($page - 1) * $page_size; - list ($count, $result) = search::search($q_with_more_terms, $page_size, $offset); + list ($count, $result) = + search::search_within_album($q_with_more_terms, $album, $page_size, $offset); $title = t("Search: %q", array("q" => $q_with_more_terms)); @@ -61,28 +71,35 @@ class Search_Controller extends Controller { "children_count" => $count)); $template->content = new View("search.html"); + $template->content->album = $album; $template->content->items = $result; $template->content->q = $q; print $template; item::set_display_context_callback( - "Search_Controller::get_display_context", $title, $q_with_more_terms, $q); + "Search_Controller::get_display_context", $album->id, $title, $q_with_more_terms, $q); } - static function get_display_context($item, $title, $query_terms, $q) { - $position = search::get_position($item, $query_terms); + static function get_display_context($item, $album_id, $title, $query_terms, $q) { + $album = ORM::factory("item", $album_id); + $position = search::get_position_within_album($item, $query_terms, $album); if ($position > 1) { - list ($count, $result_data) = search::search($query_terms, 3, $position - 2); + list ($count, $result_data) = + search::search_within_album($query_terms, $album, 3, $position - 2); list ($previous_item, $ignore, $next_item) = $result_data; } else { $previous_item = null; - list ($count, $result_data) = search::search($query_terms, 1, $position); + list ($count, $result_data) = + search::search_within_album($query_terms, $album, 1, $position); list ($next_item) = $result_data; } - $search_url = url::abs_site("search?q=" . urlencode($q) . "&show={$item->id}"); + $search_url = url::abs_site("search" . + "?q=" . urlencode($q) . + "&album=" . urlencode($album_id) . + "&show={$item->id}"); $root = item::root(); return array("position" => $position, diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index b7fa21c4..32b36e73 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -35,9 +35,13 @@ class search_Core { } static function search($q, $limit, $offset) { + return search::search_within_album($q, item::root(), $limit, $offset); + } + + static function search_within_album($q, $album, $limit, $offset) { $db = Database::instance(); - $query = self::_build_query_base($q) . + $query = self::_build_query_base($q, $album) . "ORDER BY `score` DESC " . "LIMIT $limit OFFSET " . (int)$offset; @@ -47,8 +51,10 @@ class search_Core { return array($count, new ORM_Iterator(ORM::factory("item"), $data)); } - private static function _build_query_base($q, $where=array()) { - $q = Database::instance()->escape($q); + private static function _build_query_base($q, $album, $where=array()) { + $db = Database::instance(); + $q = $db->escape($q); + if (!identity::active_user()->admin) { foreach (identity::group_ids_for_active_user() as $id) { $fields[] = "`view_$id` = TRUE"; // access::ALLOW @@ -58,13 +64,23 @@ class search_Core { $access_sql = ""; } + if ($album->id == item::root()->id) { + $album_sql = ""; + } else { + $album_sql = + " AND {items}.left_ptr > " .$db->escape($album->left_ptr) . + " AND {items}.right_ptr <= " . $db->escape($album->right_ptr); + } + return "SELECT SQL_CALC_FOUND_ROWS {items}.*, " . " MATCH({search_records}.`data`) AGAINST ('$q') AS `score` " . "FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " . "WHERE MATCH({search_records}.`data`) AGAINST ('$q' IN BOOLEAN MODE) " . + $album_sql . (empty($where) ? "" : " AND " . join(" AND ", $where)) . - $access_sql; + $access_sql . + " "; } /** @@ -111,18 +127,29 @@ class search_Core { } static function get_position($item, $q) { + return search::get_position_within_album($item, $q, item::root()); + } + + static function get_position_within_album($item, $q, $album) { $page_size = module::get_var("gallery", "page_size", 9); - $query = self::_build_query_base($q, array("{items}.id = " . $item->id)); + $query = self::_build_query_base($q, $album, array("{items}.id = " . $item->id)); $db = Database::instance(); // Truncate the score by two decimal places as this resolves the issues // that arise due to in exact numeric conversions. - $score = $db->query($query)->current()->score; + $current = $db->query($query)->current(); + if (!$current) { + // We can't find this result in our result set - perhaps we've fallen out of context? Clear + // the context and try again. + item::clear_display_context_callback(); + url::redirect(url::current()); + } + $score = $current->score; if (strlen($score) > 7) { $score = substr($score, 0, strlen($score) - 2); } - $data = $db->query(self::_build_query_base($q) . " HAVING `score` >= " . $score); + $data = $db->query(self::_build_query_base($q, $album) . " HAVING `score` >= " . $score); $data->seek($data->count() - 1); while ($data->get("id") != $item->id && $data->prev()->valid()) { diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index 4279cbab..f1906744 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,6 +8,7 @@ <ul> <li> <label for="q"><?= t("Search the gallery") ?></label> + <input name="album" type="hidden" value="<?= html::clean_attribute($album->id) ?>" /> <input name="q" id="q" type="text" value="<?= html::clean_attribute($q) ?>" class="text" /> </li> <li> @@ -20,6 +21,17 @@ <div id="g-search-results"> <h1><?= t("Search results") ?></h1> + <? if ($album->id == item::root()->id): ?> + <div> + <?= t("Searched the whole gallery.") ?> + </div> + <? else: ?> + <div> + <?= t("Searched within album <b>%album</b>.", array("album" => html::purify($album->title))) ?> + <a href="<?= url::site(url::merge(array("album" => item::root()->id))) ?>"><?= t("Search whole gallery") ?></a> + </div> + <? endif; ?> + <? if (count($items)): ?> <ul id="g-album-grid" class="ui-helper-clearfix"> <? foreach ($items as $item): ?> diff --git a/modules/search/views/search_link.html.php b/modules/search/views/search_link.html.php index dd3a76a4..be3305b7 100644 --- a/modules/search/views/search_link.html.php +++ b/modules/search/views/search_link.html.php @@ -9,4 +9,11 @@ <input type="submit" value="<?= t("Go")->for_html_attr() ?>" class="submit" /> </li> </ul> + <? if (isset($item) && $item instanceof Item_Model_Core): ?> + <? if ($item->is_album()): ?> + <input type="hidden" name="album" value="<?= $item->id ?>" /> + <? else: ?> + <input type="hidden" name="album" value="<?= $item->parent_id ?>" /> + <? endif; ?> + <? endif; ?> </form> diff --git a/themes/admin_wind/views/admin.html.php b/themes/admin_wind/views/admin.html.php index 0300f7af..9a149149 100644 --- a/themes/admin_wind/views/admin.html.php +++ b/themes/admin_wind/views/admin.html.php @@ -1,5 +1,4 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> -<?php header("X-Frame-Options: SAMEORIGIN"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" <?= $theme->html_attributes() ?> xml:lang="en" lang="en"> diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index c3e212c5..23021e4d 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -1,5 +1,4 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> -<?php header("X-Frame-Options: SAMEORIGIN"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" <?= $theme->html_attributes() ?> xml:lang="en" lang="en"> @@ -131,7 +130,7 @@ </div> </div> <div id="g-sidebar" class="yui-b"> - <? if ($theme->page_subtype != "login"): ?> + <? if (!in_array($theme->page_subtype, array("login", "error"))): ?> <?= new View("sidebar.html") ?> <? endif ?> </div> |