diff options
| -rw-r--r-- | modules/gallery/controllers/quick.php | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/uploader.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/legal_file.php | 39 | ||||
| -rw-r--r-- | modules/gallery/helpers/system.php | 13 | ||||
| -rw-r--r-- | modules/gallery/libraries/Form_Uploadify.php | 2 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 18 | ||||
| -rw-r--r-- | modules/gallery/tests/System_Helper_Test.php | 5 |
7 files changed, 69 insertions, 14 deletions
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index ce52cb8d..b6576ec0 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -36,8 +36,8 @@ class Quick_Controller extends Controller { } if ($degrees) { - $tmpfile = system::tempnam(TMPPATH, "rotate", - "." . pathinfo($item->file_path(), PATHINFO_EXTENSION)); + $tmpfile = system::temp_filename("rotate", + pathinfo($item->file_path(), PATHINFO_EXTENSION)); gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees), $item); $item->set_data_file($tmpfile); $item->save(); diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 5f3e9ca4..9c2bf7d7 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -51,7 +51,7 @@ class Uploader_Controller extends Controller { $file_validation = new Validation($_FILES); $file_validation->add_rules( "Filedata", "upload::valid", "upload::required", - "upload::type[" . implode(",", extensions::get_upload_extensions()) . "]"); + "upload::type[" . implode(",", legal_file::get_extensions()) . "]"); if ($form->validate() && $file_validation->validate()) { $temp_filename = upload::save("Filedata"); diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php new file mode 100644 index 00000000..2cb0fb25 --- /dev/null +++ b/modules/gallery/helpers/legal_file.php @@ -0,0 +1,39 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2011 Chad Parry + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class legal_file_Core { + static function get_extensions() { + // Create a default list of allowed extensions and then let modules modify it. + $extensions_wrapper = new stdClass(); + $extensions_wrapper->extensions = array("gif", "jpg", "jpeg", "png"); + if (movie::find_ffmpeg()) { + array_push($extensions_wrapper->extensions, "flv", "mp4", "m4v"); + } + module::event("legal_file_extensions", $extensions_wrapper); + return $extensions_wrapper->extensions; + } + + static function get_filters() { + $filters = array(); + foreach (self::get_extensions() as $extension) { + array_push($filters, "*." . $extension, "*." . strtoupper($extension)); + } + return $filters; + } +} diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php index 31ecafa7..9815d588 100644 --- a/modules/gallery/helpers/system.php +++ b/modules/gallery/helpers/system.php @@ -43,15 +43,18 @@ class system_Core { /** * Create a file with a unique file name. - * This helper is similar to the built-in tempnam, except that it supports an optional postfix. + * This helper is similar to the built-in tempnam. + * It allows the caller to specify a prefix and an extension. + * It always places the file in TMPPATH. */ - static function tempnam($dir = TMPPATH, $prefix = "", $postfix = "") { - return self::_tempnam($dir, $prefix, $postfix, "tempnam"); + static function temp_filename($prefix = "", $extension = "") { + return self::_tempnam(TMPPATH, $prefix, ".$extension", "tempnam"); } - // This helper provides a dependency-injected implementation of tempnam. + /** + * This helper provides a dependency-injected implementation of tempnam. + */ static function _tempnam($dir, $prefix, $postfix, $builtin) { - $success = false; do { $basename = call_user_func($builtin, $dir, $prefix); if (!$basename) { diff --git a/modules/gallery/libraries/Form_Uploadify.php b/modules/gallery/libraries/Form_Uploadify.php index 884653e2..450320b3 100644 --- a/modules/gallery/libraries/Form_Uploadify.php +++ b/modules/gallery/libraries/Form_Uploadify.php @@ -47,7 +47,7 @@ class Form_Uploadify_Core extends Form_Input { $v->script_data = $this->data["script_data"]; $v->simultaneous_upload_limit = module::get_var("gallery", "simultaneous_upload_limit"); $v->movies_allowed = (bool) movie::find_ffmpeg(); - $v->extensions = extensions::get_upload_filters(); + $v->extensions = legal_file::get_filters(); $v->suhosin_session_encrypt = (bool) ini_get("suhosin.session.encrypt"); list ($toolkit_max_filesize_bytes, $toolkit_max_filesize) = graphics::max_filesize(); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 5ccbe75c..6eb93cfa 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -418,7 +418,11 @@ class Item_Model_Core extends ORM_MPTT { // keep it around. $original = ORM::factory("item", $this->id); - // Preserve the extension of the data file. + // Preserve the extension of the data file. Many helpers, (e.g. ImageMagick), assume + // the MIME type from the extension. So when we adopt the new data file, it's important + // to adopt the new extension. That ensures that the item's extension is always + // appropriate for its data. We don't try to preserve the name of the data file, though, + // because the name is typically a temporary randomly-generated name. if (isset($this->data_file)) { $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; @@ -448,11 +452,19 @@ class Item_Model_Core extends ORM_MPTT { } if ($original->parent_id != $this->parent_id || $original->name != $this->name) { - // Move all of the items associated data files $this->_build_relative_caches(); + // If there is a data file, then we want to preserve both the old data and the new data. + // (Third-party event handlers would like access to both). The old data file will be + // accessible via the $original item, and the new one via $this item. But in that case, + // we don't want to rename the original as below, because the old data would end up being + // clobbered by the new data file. Also, the rename isn't necessary, because the new item + // data is coming from the data file anyway. So we only perform the rename if there isn't + // a data file. Another way to solve this would be to copy the original file rather than + // conditionally rename it, but a copy would cost far more than the rename. if (!isset($this->data_file)) { @rename($original->file_path(), $this->file_path()); } + // Move all of the items associated data files if ($this->is_album()) { @rename(dirname($original->resize_path()), dirname($this->resize_path())); @rename(dirname($original->thumb_path()), dirname($this->thumb_path())); @@ -804,7 +816,7 @@ class Item_Model_Core extends ORM_MPTT { if (($this->is_movie() || $this->is_photo()) && !preg_match("/^(" . implode("|", array_map("preg_quote", - extensions::get_upload_extensions())) . + legal_file::get_extensions())) . ")\$/i", $ext)) { $v->add_error("name", "illegal_data_file_extension"); } diff --git a/modules/gallery/tests/System_Helper_Test.php b/modules/gallery/tests/System_Helper_Test.php index 734f98ac..dfe5d9ab 100644 --- a/modules/gallery/tests/System_Helper_Test.php +++ b/modules/gallery/tests/System_Helper_Test.php @@ -18,10 +18,11 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class System_Helper_Test extends Gallery_Unit_Test_Case { - public function tempnam_random_test() { - $filename = system::tempnam(TMPPATH, "file", ".ext"); + public function temp_filename_random_test() { + $filename = system::temp_filename("file", "ext"); $this->assert_true(file_exists($filename), "File not created"); unlink($filename); + $this->assert_pattern($filename, "|/file.*\\.ext$|"); } public function tempnam_collision_test() { |