diff options
| -rw-r--r-- | modules/gallery/controllers/admin_graphics.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/quick.php | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/uploader.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/extensions.php | 39 | ||||
| -rw-r--r-- | modules/gallery/helpers/system.php | 25 | ||||
| -rw-r--r-- | modules/gallery/libraries/Form_Uploadify.php | 1 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 63 | ||||
| -rw-r--r-- | modules/gallery/tests/Mock_Built_In.php | 39 | ||||
| -rw-r--r-- | modules/gallery/tests/System_Helper_Test.php | 49 | ||||
| -rw-r--r-- | modules/gallery/views/form_uploadify.html.php | 2 |
10 files changed, 194 insertions, 32 deletions
diff --git a/modules/gallery/controllers/admin_graphics.php b/modules/gallery/controllers/admin_graphics.php index a2d19d4a..a8a7cdc0 100644 --- a/modules/gallery/controllers/admin_graphics.php +++ b/modules/gallery/controllers/admin_graphics.php @@ -40,6 +40,8 @@ class Admin_Graphics_Controller extends Admin_Controller { $msg = t("Changed graphics toolkit to: %toolkit", array("toolkit" => $tk->$toolkit_id->name)); message::success($msg); log::success("graphics", $msg); + + module::event("graphics_toolkit_change", $toolkit_id); } url::redirect("admin/graphics"); diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index da4768fd..ce52cb8d 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -36,8 +36,8 @@ class Quick_Controller extends Controller { } if ($degrees) { - $tmpfile = tempnam(TMPPATH, "rotate") . "." . - pathinfo($item->file_path(), PATHINFO_EXTENSION); + $tmpfile = system::tempnam(TMPPATH, "rotate", + "." . pathinfo($item->file_path(), PATHINFO_EXTENSION)); gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees), $item); $item->set_data_file($tmpfile); $item->save(); diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 6b1455e4..5f3e9ca4 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -51,7 +51,7 @@ class Uploader_Controller extends Controller { $file_validation = new Validation($_FILES); $file_validation->add_rules( "Filedata", "upload::valid", "upload::required", - "upload::type[gif,jpg,jpeg,png,flv,mp4,m4v]"); + "upload::type[" . implode(",", extensions::get_upload_extensions()) . "]"); if ($form->validate() && $file_validation->validate()) { $temp_filename = upload::save("Filedata"); diff --git a/modules/gallery/helpers/extensions.php b/modules/gallery/helpers/extensions.php new file mode 100644 index 00000000..bccbfc41 --- /dev/null +++ b/modules/gallery/helpers/extensions.php @@ -0,0 +1,39 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2011 Chad Parry + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class extensions_Core { + static function get_upload_extensions() { + // Create a default list of allowed extensions and then let modules modify it. + $extensions_wrapper = new stdClass(); + $extensions_wrapper->extensions = array("gif", "jpg", "jpeg", "png"); + if (movie::find_ffmpeg()) { + array_push($extensions_wrapper->extensions, "flv", "mp4", "m4v"); + } + module::event("upload_extensions", $extensions_wrapper); + return $extensions_wrapper->extensions; + } + + static function get_upload_filters() { + $filters = array(); + foreach (self::get_upload_extensions() as $extension) { + array_push($filters, "*." . $extension, "*." . strtoupper($extension)); + } + return $filters; + } +} diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php index c39c7227..31ecafa7 100644 --- a/modules/gallery/helpers/system.php +++ b/modules/gallery/helpers/system.php @@ -40,4 +40,29 @@ class system_Core { } return null; } + + /** + * Create a file with a unique file name. + * This helper is similar to the built-in tempnam, except that it supports an optional postfix. + */ + static function tempnam($dir = TMPPATH, $prefix = "", $postfix = "") { + return self::_tempnam($dir, $prefix, $postfix, "tempnam"); + } + + // This helper provides a dependency-injected implementation of tempnam. + static function _tempnam($dir, $prefix, $postfix, $builtin) { + $success = false; + do { + $basename = call_user_func($builtin, $dir, $prefix); + if (!$basename) { + return false; + } + $filename = $basename . $postfix; + $success = !file_exists($filename) && @rename($basename, $filename); + if (!$success) { + @unlink($basename); + } + } while (!$success); + return $filename; + } }
\ No newline at end of file diff --git a/modules/gallery/libraries/Form_Uploadify.php b/modules/gallery/libraries/Form_Uploadify.php index 3e35e380..884653e2 100644 --- a/modules/gallery/libraries/Form_Uploadify.php +++ b/modules/gallery/libraries/Form_Uploadify.php @@ -47,6 +47,7 @@ class Form_Uploadify_Core extends Form_Input { $v->script_data = $this->data["script_data"]; $v->simultaneous_upload_limit = module::get_var("gallery", "simultaneous_upload_limit"); $v->movies_allowed = (bool) movie::find_ffmpeg(); + $v->extensions = extensions::get_upload_filters(); $v->suhosin_session_encrypt = (bool) ini_get("suhosin.session.encrypt"); list ($toolkit_max_filesize_bytes, $toolkit_max_filesize) = graphics::max_filesize(); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 2a5e6894..5ccbe75c 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -128,6 +128,15 @@ class Item_Model_Core extends ORM_MPTT { } /** + * Get the path to the data file associated with this item. + * This data file field is only set until you call save(). + * After that, you can get the path using get_file_path(). + */ + public function get_data_file() { + return $this->data_file; + } + + /** * Return the server-relative url to this item, eg: * /gallery3/index.php/BobsWedding?page=2 * /gallery3/index.php/BobsWedding/Eating-Cake.jpg @@ -408,6 +417,16 @@ class Item_Model_Core extends ORM_MPTT { // If any significant fields have changed, load up a copy of the original item and // keep it around. $original = ORM::factory("item", $this->id); + + // Preserve the extension of the data file. + if (isset($this->data_file)) { + $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); + $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; + if (!empty($extension) && strcmp($this->name, $new_name)) { + $this->name = $new_name; + } + } + if (array_intersect($this->changed, array("parent_id", "name", "slug"))) { $original->_build_relative_caches(); $this->relative_path_cache = null; @@ -430,7 +449,10 @@ class Item_Model_Core extends ORM_MPTT { if ($original->parent_id != $this->parent_id || $original->name != $this->name) { // Move all of the items associated data files - @rename($original->file_path(), $this->file_path()); + $this->_build_relative_caches(); + if (!isset($this->data_file)) { + @rename($original->file_path(), $this->file_path()); + } if ($this->is_album()) { @rename(dirname($original->resize_path()), dirname($this->resize_path())); @rename(dirname($original->thumb_path()), dirname($this->thumb_path())); @@ -460,8 +482,6 @@ class Item_Model_Core extends ORM_MPTT { } // Replace the data file, if requested. - // @todo: we don't handle the case where you swap in a file of a different mime type - // should we prevent that in validation? or in set_data_file() if ($this->data_file && ($this->is_photo() || $this->is_movie())) { copy($this->data_file, $this->file_path()); @@ -481,6 +501,9 @@ class Item_Model_Core extends ORM_MPTT { // Null out the data file variable here, otherwise this event will trigger another // save() which will think that we're doing another file move. $this->data_file = null; + if ($original->file_path() != $this->file_path()) { + @unlink($original->file_path()); + } module::event("item_updated_data_file", $this); } } @@ -517,6 +540,8 @@ class Item_Model_Core extends ORM_MPTT { $this->name = "$base_name-$rand"; } $this->slug = "$base_slug-$rand"; + $this->relative_path_cache = null; + $this->relative_url_cache = null; } } @@ -768,16 +793,7 @@ class Item_Model_Core extends ORM_MPTT { } if ($this->is_movie() || $this->is_photo()) { - if ($this->loaded()) { - // Existing items can't change their extension - $original = ORM::factory("item", $this->id); - $new_ext = pathinfo($this->name, PATHINFO_EXTENSION); - $old_ext = pathinfo($original->name, PATHINFO_EXTENSION); - if (strcasecmp($new_ext, $old_ext)) { - $v->add_error("name", "illegal_data_file_extension"); - return; - } - } else { + if (!$this->loaded()) { // New items must have an extension $ext = pathinfo($this->name, PATHINFO_EXTENSION); if (!$ext) { @@ -785,9 +801,11 @@ class Item_Model_Core extends ORM_MPTT { return; } - if ($this->is_movie() && !preg_match("/^(flv|mp4|m4v)$/i", $ext)) { - $v->add_error("name", "illegal_data_file_extension"); - } else if ($this->is_photo() && !preg_match("/^(gif|jpg|jpeg|png)$/i", $ext)) { + if (($this->is_movie() || $this->is_photo()) && + !preg_match("/^(" . + implode("|", array_map("preg_quote", + extensions::get_upload_extensions())) . + ")\$/i", $ext)) { $v->add_error("name", "illegal_data_file_extension"); } } @@ -813,17 +831,6 @@ class Item_Model_Core extends ORM_MPTT { } else if (filesize($this->data_file) == 0) { $v->add_error("name", "empty_data_file"); } - - if ($this->loaded()) { - if ($this->is_photo()) { - list ($a, $b, $mime_type) = photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($a, $b, $mime_type) = movie::get_file_metadata($this->data_file); - } - if ($mime_type != $this->mime_type) { - $v->add_error("name", "cant_change_mime_type"); - } - } } /** @@ -879,7 +886,7 @@ class Item_Model_Core extends ORM_MPTT { if ($this->is_movie()) { $legal_values = array("video/flv", "video/x-flv", "video/mp4"); } if ($this->is_photo()) { - $legal_values = array("image/jpeg", "image/gif", "image/png"); + $legal_values = array("image/jpeg", "image/gif", "image/png", "image/tiff"); } break; diff --git a/modules/gallery/tests/Mock_Built_In.php b/modules/gallery/tests/Mock_Built_In.php new file mode 100644 index 00000000..b02e5ecf --- /dev/null +++ b/modules/gallery/tests/Mock_Built_In.php @@ -0,0 +1,39 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2011 Chad Parry + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +/** + * Deterministic replacement for the built-in tempnam function. + * This is useful in unit tests where a dependency on tempnam needs to be mocked. + */ +class Mock_Built_In { + private $nonces; + + function __construct() { + $this->nonces = func_get_args(); + } + + function _tempnam($dir, $prefix) { + if (empty($this->nonces)) + return false; + $filename = "$dir/$prefix" . array_shift($this->nonces); + if (!touch($filename)) + return false; + return $filename; + } +} diff --git a/modules/gallery/tests/System_Helper_Test.php b/modules/gallery/tests/System_Helper_Test.php new file mode 100644 index 00000000..734f98ac --- /dev/null +++ b/modules/gallery/tests/System_Helper_Test.php @@ -0,0 +1,49 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2011 Chad Parry + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class System_Helper_Test extends Gallery_Unit_Test_Case { + public function tempnam_random_test() { + $filename = system::tempnam(TMPPATH, "file", ".ext"); + $this->assert_true(file_exists($filename), "File not created"); + unlink($filename); + } + + public function tempnam_collision_test() { + require_once('Mock_Built_In.php'); + $existing = TMPPATH . "/file1.ext"; + $available = TMPPATH . "/file2.ext"; + touch($existing); + $filename = system::_tempnam(TMPPATH, "file", ".ext", + array(new Mock_Built_In("1", "2"), "_tempnam")); + unlink($existing); + $this->assert_true(file_exists($filename), "File not created"); + unlink($filename); + $this->assert_equal($available, $filename, "Incorrect filename created"); + } + + public function tempnam_abort_test() { + require_once('Mock_Built_In.php'); + $filename = system::_tempnam(TMPPATH, "file", ".ext", + array(new Mock_Built_In(), "_tempnam")); + if ($filename) { + @unlink($filename); + } + $this->assert_false($filename, "Operation not aborted"); + } +} diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 83dfcc68..ba4a3621 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -28,7 +28,7 @@ uploader: "<?= url::file("lib/uploadify/uploadify.swf") ?>", script: "<?= url::site("uploader/add_photo/{$album->id}") ?>", scriptData: <?= json_encode($script_data) ?>, - fileExt: "*.gif;*.jpg;*.jpeg;*.png;*.GIF;*.JPG;*.JPEG;*.PNG<? if ($movies_allowed): ?>;*.flv;*.mp4;*.m4v;*.FLV;*.MP4;*.M4V<? endif ?>", + fileExt: "<?= implode(";", $extensions) ?>", fileDesc: <?= t("Photos and movies")->for_js() ?>, cancelImg: "<?= url::file("lib/uploadify/cancel.png") ?>", simUploadLimit: <?= $simultaneous_upload_limit ?>, |