diff options
| -rw-r--r-- | .build_number | 2 | ||||
| -rw-r--r-- | modules/comment/controllers/admin_comments.php | 8 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_installer.php | 8 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_rss.php | 20 | ||||
| -rw-r--r-- | modules/comment/module.info | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/MY_valid.php | 26 | ||||
| -rw-r--r-- | modules/gallery/helpers/random.php | 6 | ||||
| -rw-r--r-- | modules/gallery/tests/File_Structure_Test.php | 1 | ||||
| -rw-r--r-- | modules/gallery/tests/Gallery_Filters.php | 1 | ||||
| -rw-r--r-- | modules/gallery/tests/Valid_Test.php | 28 | ||||
| -rw-r--r-- | modules/gallery/vendor/joomla/crypt.php | 151 | ||||
| -rw-r--r-- | modules/gallery/views/admin_advanced_settings.html.php | 6 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_event.php | 6 | ||||
| -rw-r--r-- | modules/server_add/views/admin_server_add.html.php | 2 | ||||
| -rw-r--r-- | modules/user/controllers/users.php | 3 |
15 files changed, 254 insertions, 16 deletions
diff --git a/.build_number b/.build_number index b2f095cd..74ed7356 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=188 +build_number=193 diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php index f0308bdb..bcd6a939 100644 --- a/modules/comment/controllers/admin_comments.php +++ b/modules/comment/controllers/admin_comments.php @@ -32,6 +32,8 @@ class Admin_Comments_Controller extends Admin_Controller { $form->validate(); module::set_var("comment", "access_permissions", $form->comment_settings->access_permissions->value); + module::set_var("comment", "rss_available", + $form->comment_settings->rss_available->value); message::success(t("Comment settings updated")); url::redirect("admin/comments"); } @@ -45,6 +47,12 @@ class Admin_Comments_Controller extends Admin_Controller { ->options(array("everybody" => t("Everybody"), "registered_users" => t("Only registered users"))) ->selected(module::get_var("comment", "access_permissions")); + $comment_settings->dropdown("rss_visible") + ->label(t("Which RSS feeds can users see?")) + ->options(array("all" => t("All comment feeds"), + "newest" => t("New comments feed only"), + "per_item" => t("Comments on photos, movies and albums only"))) + ->selected(module::get_var("comment", "rss_visible")); $comment_settings->submit("save")->value(t("Save")); return $form; } diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index fee1fd18..a64064f6 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -48,7 +48,8 @@ class comment_installer { module::set_var("comment", "spam_caught", 0); module::set_var("comment", "access_permissions", "everybody"); - module::set_version("comment", 4); + module::set_var("comment", "rss_available", "both"); + module::set_version("comment", 5); } static function upgrade($version) { @@ -75,6 +76,11 @@ class comment_installer { "ALTER TABLE {comments} CHANGE `server_remote_host` `server_remote_host` varchar(255)"); module::set_version("comment", $version = 4); } + + if ($version == 4) { + module::set_var("comment", "rss_visible", "all"); + module::set_version("comment", $version = 5); + } } static function uninstall() { diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index 6434448f..cfee4727 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -19,9 +19,23 @@ */ class comment_rss_Core { + static function feed_visible($feed_id) { + $visible = module::get_var("comment", "rss_visible"); + if (!in_array($feed_id, array("newest", "per_item"))) { + return false; + } + + return ($visible == "all" || $visible == $feed_id); + } + static function available_feeds($item, $tag) { - $feeds["comment/newest"] = t("All new comments"); - if ($item) { + $feeds = array(); + + if (comment_rss::feed_visible("newest")) { + $feeds["comment/newest"] = t("All new comments"); + } + + if ($item && comment_rss::feed_visible("per_item")) { $feeds["comment/item/$item->id"] = t("Comments on %title", array("title" => html::purify($item->title))); } @@ -29,7 +43,7 @@ class comment_rss_Core { } static function feed($feed_id, $offset, $limit, $id) { - if ($feed_id != "newest" && $feed_id != "item") { + if (!comment_rss::feed_visible($feed_id)) { return; } diff --git a/modules/comment/module.info b/modules/comment/module.info index 4e7df6f1..ecbf8885 100644 --- a/modules/comment/module.info +++ b/modules/comment/module.info @@ -1,6 +1,6 @@ name = "Comments" description = "Allows users and guests to leave comments on photos and albums." -version = 4 +version = 5 author_name = "Gallery Team" author_url = "http://codex.gallery2.org/Gallery:Team" info_url = "http://codex.gallery2.org/Gallery3:Modules:comment" diff --git a/modules/gallery/helpers/MY_valid.php b/modules/gallery/helpers/MY_valid.php new file mode 100644 index 00000000..ee17267a --- /dev/null +++ b/modules/gallery/helpers/MY_valid.php @@ -0,0 +1,26 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2012 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class valid extends valid_Core { + static function url($url) { + return valid_Core::url($url) && + (!strncasecmp($url, "http://", strlen("http://")) || + !strncasecmp($url, "https://", strlen("https://"))); + } +} diff --git a/modules/gallery/helpers/random.php b/modules/gallery/helpers/random.php index 0ee83f49..ea08815a 100644 --- a/modules/gallery/helpers/random.php +++ b/modules/gallery/helpers/random.php @@ -17,13 +17,15 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ + class random_Core { /** * Return a random 32 byte hash value. * @param string extra entropy data */ - static function hash($entropy="") { - return md5($entropy . uniqid(mt_rand(), true)); + static function hash($length=32) { + require_once(MODPATH . "gallery/vendor/joomla/crypt.php"); + return md5(JCrypt::genRandomBytes($length)); } /** diff --git a/modules/gallery/tests/File_Structure_Test.php b/modules/gallery/tests/File_Structure_Test.php index ad0f8111..3d2079e5 100644 --- a/modules/gallery/tests/File_Structure_Test.php +++ b/modules/gallery/tests/File_Structure_Test.php @@ -101,6 +101,7 @@ class File_Structure_Test extends Gallery_Unit_Test_Case { $expected_4 = array("<?php defined('SYSPATH') or die('No direct script access.');\n"); } else if (strpos($path, MODPATH . "forge") === 0 || strpos($path, MODPATH . "exif/lib") === 0 || + strpos($path, MODPATH . "gallery/vendor/joomla") === 0 || strpos($path, MODPATH . "gallery_unit_test/vendor") === 0 || strpos($path, MODPATH . "gallery/lib/HTMLPurifier") === 0 || $path == MODPATH . "user/lib/PasswordHash.php" || diff --git a/modules/gallery/tests/Gallery_Filters.php b/modules/gallery/tests/Gallery_Filters.php index cd188c03..73bc6284 100644 --- a/modules/gallery/tests/Gallery_Filters.php +++ b/modules/gallery/tests/Gallery_Filters.php @@ -46,6 +46,7 @@ class GalleryCodeFilterIterator extends FilterIterator { strpos($path_name, MODPATH . "user/lib/PasswordHash") !== false || strpos($path_name, SYSPATH) !== false || strpos($path_name, MODPATH . "gallery/libraries/HTMLPurifier") !== false || + strpos($path_name, MODPATH . "gallery/vendor/joomla") !== false || substr($path_name, -1, 1) == "~"); } } diff --git a/modules/gallery/tests/Valid_Test.php b/modules/gallery/tests/Valid_Test.php new file mode 100644 index 00000000..82001b94 --- /dev/null +++ b/modules/gallery/tests/Valid_Test.php @@ -0,0 +1,28 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2012 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Valid_Test extends Gallery_Unit_Test_Case { + public function url_test() { + $this->assert_true(valid::url("http://foo.bar.com")); + $this->assert_true(valid::url("https://foo.bar.com")); + + $this->assert_false(valid::url("mailto://bar")); + $this->assert_false(valid::url("ftp://bar")); + } +}
\ No newline at end of file diff --git a/modules/gallery/vendor/joomla/crypt.php b/modules/gallery/vendor/joomla/crypt.php new file mode 100644 index 00000000..c7d477dd --- /dev/null +++ b/modules/gallery/vendor/joomla/crypt.php @@ -0,0 +1,151 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * @package Joomla.Platform + * @subpackage Crypt + * + * @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved. + * @license GNU General Public License version 2 or later; see LICENSE + */ + +// defined('JPATH_PLATFORM') or die; + +/** + * JCrypt is a Joomla Platform class for handling basic encryption/decryption of data. + * + * @package Joomla.Platform + * @subpackage Crypt + * @since 12.1 + */ +class JCrypt +{ + /** + * Generate random bytes. + * + * @param integer $length Length of the random data to generate + * + * @return string Random binary data + * + * @since 12.1 + */ + public static function genRandomBytes($length = 16) + { + $sslStr = ''; + /* + * if a secure randomness generator exists and we don't + * have a buggy PHP version use it. + */ + if ( + function_exists('openssl_random_pseudo_bytes') + && (version_compare(PHP_VERSION, '5.3.4') >= 0 + || substr(PHP_OS, 0, 3) !== 'WIN' + ) + ) + { + $sslStr = openssl_random_pseudo_bytes($length, $strong); + if ($strong) + { + return $sslStr; + } + } + + /* + * Collect any entropy available in the system along with a number + * of time measurements of operating system randomness. + */ + $bitsPerRound = 2; + $maxTimeMicro = 400; + $shaHashLength = 20; + $randomStr = ''; + $total = $length; + + // Check if we can use /dev/urandom. + $urandom = false; + $handle = null; + if (function_exists('stream_set_read_buffer') && @is_readable('/dev/urandom')) + { + $handle = @fopen('/dev/urandom', 'rb'); + if ($handle) + { + $urandom = true; + } + } + + while ($length > strlen($randomStr)) + { + $bytes = ($total > $shaHashLength)? $shaHashLength : $total; + $total -= $bytes; + /* + * Collect any entropy available from the PHP system and filesystem. + * If we have ssl data that isn't strong, we use it once. + */ + $entropy = rand() . uniqid(mt_rand(), true) . $sslStr; + $entropy .= implode('', @fstat(fopen( __FILE__, 'r'))); + $entropy .= memory_get_usage(); + $sslStr = ''; + if ($urandom) + { + stream_set_read_buffer($handle, 0); + $entropy .= @fread($handle, $bytes); + } + else + { + /* + * There is no external source of entropy so we repeat calls + * to mt_rand until we are assured there's real randomness in + * the result. + * + * Measure the time that the operations will take on average. + */ + $samples = 3; + $duration = 0; + for ($pass = 0; $pass < $samples; ++$pass) + { + $microStart = microtime(true) * 1000000; + $hash = sha1(mt_rand(), true); + for ($count = 0; $count < 50; ++$count) + { + $hash = sha1($hash, true); + } + $microEnd = microtime(true) * 1000000; + $entropy .= $microStart . $microEnd; + if ($microStart > $microEnd) { + $microEnd += 1000000; + } + $duration += $microEnd - $microStart; + } + $duration = $duration / $samples; + + /* + * Based on the average time, determine the total rounds so that + * the total running time is bounded to a reasonable number. + */ + $rounds = (int)(($maxTimeMicro / $duration) * 50); + + /* + * Take additional measurements. On average we can expect + * at least $bitsPerRound bits of entropy from each measurement. + */ + $iter = $bytes * (int) ceil(8 / $bitsPerRound); + for ($pass = 0; $pass < $iter; ++$pass) + { + $microStart = microtime(true); + $hash = sha1(mt_rand(), true); + for ($count = 0; $count < $rounds; ++$count) + { + $hash = sha1($hash, true); + } + $entropy .= $microStart . microtime(true); + } + } + + $randomStr .= sha1($entropy, true); + } + + if ($urandom) + { + @fclose($handle); + } + + return substr($randomStr, 0, $length); + } +} diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index d4f646f8..8d21d890 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -43,9 +43,9 @@ var filter = $(this).attr("value"); if (filter) { $("tr.setting-row").fadeOut("fast"); - $("tr.setting-row td:contains(" + filter + "), tr.setting-row td a:contains(" + filter + ")").each(function() { - if ($(this).children().length < 1) { - $(this).closest("tr").stop().show(); + $("tr.setting-row").each(function() { + if ($(this).text().indexOf(filter) > 0) { + $(this).stop().show(); } }); } else { diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index 0204eb55..ec500884 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -43,7 +43,7 @@ class rest_event { static function user_add_form_admin_completed($user, $form) { $key = ORM::factory("user_access_key"); $key->user_id = $user->id; - $key->access_key = random::hash($user->name); + $key->access_key = random::hash(); $key->save(); } @@ -64,7 +64,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $user->id; - $key->access_key = random::hash($user->name); + $key->access_key = random::hash(); $key->save(); } @@ -93,7 +93,7 @@ class rest_event { if (!$key->loaded()) { $key->user_id = $data->user->id; - $key->access_key = random::hash($data->user->name); + $key->access_key = random::hash(); $key->save(); } $view->rest_key = $key->access_key; diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php index 474ad428..176cff72 100644 --- a/modules/server_add/views/admin_server_add.html.php +++ b/modules/server_add/views/admin_server_add.html.php @@ -26,7 +26,7 @@ $("document").ready(function() { <? foreach ($paths as $id => $path): ?> <li> <?= html::clean($path) ?> - <a href="<?= url::site("admin/server_add/remove_path?path=" . urlencode($path) . "&csrf=<?= access::csrf_token() ?>") ?>" + <a href="<?= url::site("admin/server_add/remove_path?path=" . urlencode($path) . "&csrf=" . access::csrf_token()) ?>" id="icon_<?= $id ?>" class="g-remove-dir g-button"> <span class="ui-icon ui-icon-trash"> diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 441a41bf..0f880fa9 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -209,7 +209,8 @@ class Users_Controller extends Controller { $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name) ->error_messages("length", t("Your name is too long")); self::_add_locale_dropdown($group, $user); - $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); + $group->input("url")->label(t("URL"))->id("g-url")->value($user->url) + ->error_messages("url", t("You must enter a valid url")); module::event("user_edit_form", $user, $form); $group->submit("")->value(t("Save")); |