diff options
| -rw-r--r-- | modules/g2_import/helpers/g2_import.php | 9 | ||||
| -rw-r--r-- | modules/gallery/helpers/access.php | 17 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_task.php | 59 | ||||
| -rw-r--r-- | modules/gallery/helpers/item.php | 10 | ||||
| -rw-r--r-- | modules/gallery/tests/controller_auth_data.txt | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 28 | ||||
| -rw-r--r-- | modules/gallery/views/admin_maintenance.html.php | 6 | ||||
| -rw-r--r--[-rwxr-xr-x] | modules/organize/lib/Gallery3WebClient.swf | bin | 760853 -> 147776 bytes | |||
| -rw-r--r-- | modules/organize/views/organize_dialog.html.php | 22 | ||||
| -rw-r--r-- | modules/rest/tests/Rest_Controller_Test.php | 8 |
10 files changed, 121 insertions, 42 deletions
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index c0ea09d6..4aa9e642 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -139,6 +139,15 @@ class g2_import_Core { "function G2_Gallery"), array_merge(array("<?php defined(\"SYSPATH\") or die(\"No direct script access.\") ?>\n"), file("$base_dir/modules/core/classes/Gallery.class")))); + } else { + // Ok, this is a good one. If you're running a bytecode accelerator and you move your + // Gallery install, these files sometimes get cached with the wrong path and then fail to + // load properly. + // Documented in https://sourceforge.net/apps/trac/gallery/ticket/1253 + touch("$mod_path/embed.php"); + touch("$mod_path/main.php"); + touch("$mod_path/bootstrap.inc"); + touch("$mod_path/Gallery.class.inc"); } require("$mod_path/embed.php"); diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 87b6b313..f1ea00c0 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -222,7 +222,7 @@ class access_Core { self::_update_access_non_view_cache($group, $perm_name, $album); } - self::_update_htaccess_files($album, $group, $perm_name, $value); + self::update_htaccess_files($album, $group, $perm_name, $value); model_cache::clear(); } @@ -623,11 +623,18 @@ class access_Core { } /** - * Maintain .htacccess files to prevent direct access to albums, resizes and thumbnails when we - * apply the view and view_full permissions to guest users. + * Rebuild the .htaccess files that prevent direct access to albums, resizes and thumbnails. We + * call this internally any time we change the view or view_full permissions for guest users. + * This function is only public because we use it in maintenance tasks. + * + * @param Item_Model the album + * @param Group_Model the group whose permission is changing + * @param string the permission name + * @param string the new permission value (eg access::DENY) */ - private static function _update_htaccess_files($album, $group, $perm_name, $value) { - if ($group->id != 1 || !($perm_name == "view" || $perm_name == "view_full")) { + static function update_htaccess_files($album, $group, $perm_name, $value) { + if ($group->id != identity::everybody()->id || + !($perm_name == "view" || $perm_name == "view_full")) { return; } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 96ea7c0d..4b5e9e93 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -50,7 +50,14 @@ class gallery_task_Core { ->callback("gallery_task::fix_mptt") ->name(t("Fix Album/Photo hierarchy")) ->description(t("Fix problems where your album/photo breadcrumbs are out of " . - "sync with your actual hierarchy.")) + "sync with your actual hierarchy")) + ->severity(log::SUCCESS); + + $tasks[] = Task_Definition::factory() + ->callback("gallery_task::fix_permissions") + ->name(t("Fix permissions")) + ->description(t("Resynchronize database permissions with the .htaccess " . + "files in your gallery3/var directory")) ->severity(log::SUCCESS); return $tasks; @@ -386,4 +393,54 @@ class gallery_task_Core { ->where("id", "=", $id) ->execute(); } + + static function fix_permissions($task) { + $start = microtime(true); + + $total = $task->get("total"); + if (empty($total)) { + $everybody_id = identity::everybody()->id; + $stack = array(); + foreach (db::build() + ->select("id") + ->from("access_intents") + ->where("view_{$everybody_id}", "=", 0) + ->or_where("view_full_{$everybody_id}", "=", 0) + ->execute() as $row) { + $stack[] = $row->id; + } + + $task->set("total", $total = count($stack)); + $task->set("stack", implode(" ", $stack)); + $task->set("completed", 0); + } + + $stack = explode(" ", $task->get("stack")); + $completed = $task->get("completed"); + + while ($stack && microtime(true) - $start < 1.5) { + $album = ORM::factory("item", array_pop($stack)); + $everybody = identity::everybody(); + if (!access::group_can($everybody, "view", $album)) { + access::update_htaccess_files($album, identity::everybody(), "view", access::DENY); + } else { + // It's one or the other, so if they have view then they don't have view_full + access::update_htaccess_files($album, identity::everybody(), "view_full", access::DENY); + } + $completed++; + } + + $task->set("stack", implode(" ", $stack)); + $task->set("completed", $completed); + + if ($total == $completed) { + $task->done = true; + $task->state = "success"; + $task->percent_complete = 100; + } else { + $task->percent_complete = round(100 * $completed / $total); + } + $task->status = t2("One album updated", "%count / %total albums updated", $completed, + array("total" => $total)); + } }
\ No newline at end of file diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 8fea49cc..092904a5 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -105,9 +105,15 @@ class item_Core { model_cache::clear(); $parent->album_cover_item_id = $item->is_album() ? $item->album_cover_item_id : $item->id; - $parent->thumb_dirty = 1; + if ($item->thumb_dirty) { + $parent->thumb_dirty = 1; + graphics::generate($parent); + } else { + copy($item->thumb_path(), $parent->thumb_path()); + $parent->thumb_width = $item->thumb_width; + $parent->thumb_height = $item->thumb_height; + } $parent->save(); - graphics::generate($parent); $grand_parent = $parent->parent(); if ($grand_parent && access::can("edit", $grand_parent) && $grand_parent->album_cover_item_id == null) { diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index f7ceed90..3c9b3afc 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -9,8 +9,6 @@ modules/gallery/controllers/albums.php show modules/gallery/controllers/combined.php javascript DIRTY_AUTH modules/gallery/controllers/combined.php css DIRTY_AUTH modules/gallery/controllers/file_proxy.php __call DIRTY_CSRF|DIRTY_AUTH -modules/gallery/controllers/flash_uploader.php start DIRTY_AUTH -modules/gallery/controllers/flash_uploader.php finish DIRTY_AUTH modules/gallery/controllers/login.php ajax DIRTY_AUTH modules/gallery/controllers/login.php auth_ajax DIRTY_AUTH modules/gallery/controllers/login.php html DIRTY_AUTH @@ -19,6 +17,8 @@ modules/gallery/controllers/logout.php index modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF modules/gallery/controllers/upgrader.php index DIRTY_AUTH +modules/gallery/controllers/uploader.php start DIRTY_AUTH +modules/gallery/controllers/uploader.php finish DIRTY_AUTH modules/gallery/controllers/user_profile.php show DIRTY_AUTH modules/gallery/controllers/user_profile.php contact DIRTY_AUTH modules/gallery/controllers/user_profile.php send DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 475f75c1..02483865 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -76,7 +76,7 @@ modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR ($de modules/gallery/views/admin_languages.html.php 62 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code])) modules/gallery/views/admin_languages.html.php 63 DIRTY $display_name modules/gallery/views/admin_languages.html.php 65 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"')) -modules/gallery/views/admin_languages.html.php 110 DIRTY $share_translations_form +modules/gallery/views/admin_languages.html.php 113 DIRTY $share_translations_form modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR log::severity_class($task->severity) modules/gallery/views/admin_maintenance.html.php 25 DIRTY_ATTR log::severity_class($task->severity) @@ -167,7 +167,7 @@ modules/gallery/views/error_admin.html.php 251 DIRTY_ATTR $env modules/gallery/views/error_admin.html.php 257 DIRTY $key modules/gallery/views/error_admin.html.php 261 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") -modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("flash_uploader/add_photo/{$album->id}") +modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") modules/gallery/views/form_uploadify.html.php 15 DIRTY_JS $simultaneous_upload_limit modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form")) @@ -206,9 +206,9 @@ modules/gallery/views/menu_dialog.html.php 5 DIRTY_JS $menu- modules/gallery/views/menu_link.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":"" modules/gallery/views/menu_link.html.php 4 DIRTY_ATTR $menu->css_class modules/gallery/views/menu_link.html.php 5 DIRTY_JS $menu->url -modules/gallery/views/move_browse.html.php 4 DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__") -modules/gallery/views/move_browse.html.php 39 DIRTY $tree -modules/gallery/views/move_browse.html.php 43 DIRTY access::csrf_form_field() +modules/gallery/views/move_browse.html.php 5 DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__") +modules/gallery/views/move_browse.html.php 40 DIRTY $tree +modules/gallery/views/move_browse.html.php 44 DIRTY access::csrf_form_field() modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_img(array(),25); modules/gallery/views/move_tree.html.php 4 DIRTY_JS $parent->id modules/gallery/views/move_tree.html.php 6 DIRTY_JS $parent->id @@ -255,14 +255,14 @@ modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permi modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form modules/gallery/views/reauthenticate.html.php 9 DIRTY $form -modules/gallery/views/upgrader.html.php 57 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 61 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 69 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" -modules/gallery/views/upgrader.html.php 70 DIRTY_ATTR $id -modules/gallery/views/upgrader.html.php 74 DIRTY $module->version -modules/gallery/views/upgrader.html.php 77 DIRTY $module->code_version -modules/gallery/views/upgrader.html.php 99 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 59 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 63 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 71 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" +modules/gallery/views/upgrader.html.php 72 DIRTY_ATTR $id +modules/gallery/views/upgrader.html.php 76 DIRTY $module->version +modules/gallery/views/upgrader.html.php 79 DIRTY $module->code_version +modules/gallery/views/upgrader.html.php 101 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 104 DIRTY_ATTR $done?"muted":"" modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $user->avatar_url(40,$theme->url(,true)) modules/gallery/views/user_profile.html.php 43 DIRTY $info->view @@ -289,7 +289,9 @@ modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $sort_ modules/organize/views/organize_dialog.html.php 96 DIRTY_JS $album->id modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $rest_uri modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $controller_uri +modules/organize/views/organize_dialog.html.php 104 DIRTY_JS $flash_minimum_version="10.0.0" modules/organize/views/organize_dialog.html.php 122 DIRTY_JS $swf_uri +modules/organize/views/organize_dialog.html.php 136 DIRTY_ATTR request::protocol() modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index ac597715..ad0e2f55 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -41,6 +41,9 @@ <? if ($running_tasks->count()): ?> <div id="g-running-tasks"> + <a href="<?= url::site("admin/maintenance/cancel_running_tasks?csrf=$csrf") ?>" + class="g-button g-right ui-icon-left ui-state-default ui-corner-all"> + <?= t("cancel all running") ?></a> <h2> <?= t("Running tasks") ?> </h2> <table> <tr> @@ -60,9 +63,6 @@ <?= t("Owner") ?> </th> <th> - <a href="<?= url::site("admin/maintenance/cancel_running_tasks?csrf=$csrf") ?>" - class="g-button g-right ui-icon-left ui-state-default ui-corner-all"> - <?= t("cancel all") ?></a> <?= t("Action") ?> </th> </tr> diff --git a/modules/organize/lib/Gallery3WebClient.swf b/modules/organize/lib/Gallery3WebClient.swf Binary files differindex e6b70922..40249a73 100755..100644 --- a/modules/organize/lib/Gallery3WebClient.swf +++ b/modules/organize/lib/Gallery3WebClient.swf diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php index 4e8ada80..4cc6385e 100644 --- a/modules/organize/views/organize_dialog.html.php +++ b/modules/organize/views/organize_dialog.html.php @@ -127,16 +127,14 @@ <!-- The following spans are placeholders so we can load the hover and active styles for the flex component --> <span id="g-organize-hover" /><span id="g-organize-active" /> <h1 style="display:none"><?= t("Organize :: %name", array("name" => html::purify($album->title))) ?></h1> - <div id="flashContent"> - <p> - <?= t("To use the Organize feature, please ensure that Adobe Flash Player version %flash_minimum_version " . - "or greater is installed.", array("flash_minimum_version" => $flash_minimum_version)) ?> - </p> - <script type="text/javascript"> - var pageHost = ((document.location.protocol == "https:") ? "https://" : "http://"); - $("#flashContent").append("<a href='http://www.adobe.com/go/getflashplayer'><img src='" + pageHost + - "www.adobe.com/images/shared/download_buttons/get_flash_player.gif' " + - "alt='<?= t("Get Adobe Flash Player") ?>' /></a>" ); - </script> -</div> + <div id="flashContent"> + <p> + <?= t("To use the Organize feature, please ensure that Adobe Flash Player version %flash_minimum_version " . + "or greater is installed.", array("flash_minimum_version" => $flash_minimum_version)) ?> + </p> + <a href="http://www.adobe.com/go/getflashplayer"> + <img src="<?= request::protocol() ?>://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" + alt=<?= t("Get Adobe Flash Player")->for_js() ?> /> + </a> + </div> </div> diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php index 0c8a4a98..43139d29 100644 --- a/modules/rest/tests/Rest_Controller_Test.php +++ b/modules/rest/tests/Rest_Controller_Test.php @@ -142,8 +142,8 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { } class mock_rest { - static function get($request) { return $request; } - static function post($request) { return $request; } - static function put($request) { return $request; } - static function delete($request) { return $request; } + static function get($request) { return (array)$request; } + static function post($request) { return (array)$request; } + static function put($request) { return (array)$request; } + static function delete($request) { return (array)$request; } }
\ No newline at end of file |