diff options
| -rw-r--r-- | modules/gallery/controllers/admin_graphics.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/uploader.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/legal_file.php | 83 | ||||
| -rw-r--r-- | modules/gallery/libraries/Form_Uploadify.php | 1 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 69 | ||||
| -rw-r--r-- | modules/gallery/views/form_uploadify.html.php | 2 |
6 files changed, 127 insertions, 32 deletions
diff --git a/modules/gallery/controllers/admin_graphics.php b/modules/gallery/controllers/admin_graphics.php index a2d19d4a..a8a7cdc0 100644 --- a/modules/gallery/controllers/admin_graphics.php +++ b/modules/gallery/controllers/admin_graphics.php @@ -40,6 +40,8 @@ class Admin_Graphics_Controller extends Admin_Controller { $msg = t("Changed graphics toolkit to: %toolkit", array("toolkit" => $tk->$toolkit_id->name)); message::success($msg); log::success("graphics", $msg); + + module::event("graphics_toolkit_change", $toolkit_id); } url::redirect("admin/graphics"); diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 6b1455e4..9c2bf7d7 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -51,7 +51,7 @@ class Uploader_Controller extends Controller { $file_validation = new Validation($_FILES); $file_validation->add_rules( "Filedata", "upload::valid", "upload::required", - "upload::type[gif,jpg,jpeg,png,flv,mp4,m4v]"); + "upload::type[" . implode(",", legal_file::get_extensions()) . "]"); if ($form->validate() && $file_validation->validate()) { $temp_filename = upload::save("Filedata"); diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php new file mode 100644 index 00000000..d78efdda --- /dev/null +++ b/modules/gallery/helpers/legal_file.php @@ -0,0 +1,83 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2011 Chad Parry + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class legal_file_Core { + /** + * Create a default list of allowed photo extensions and then let modules modify it. + */ + static function get_photo_extensions() { + $extensions_wrapper = new stdClass(); + $extensions_wrapper->extensions = array("gif", "jpg", "jpeg", "png"); + module::event("legal_photo_extensions", $extensions_wrapper); + return $extensions_wrapper->extensions; + } + + /** + * Create a default list of allowed movie extensions and then let modules modify it. + */ + static function get_movie_extensions() { + $extensions_wrapper = new stdClass(); + $extensions_wrapper->extensions = array("flv", "mp4", "m4v"); + module::event("legal_movie_extensions", $extensions_wrapper); + return $extensions_wrapper->extensions; + } + + /** + * Create a merged list of all allowed photo and movie extensions. + */ + static function get_extensions() { + $extensions = legal_file::get_photo_extensions(); + if (movie::find_ffmpeg()) { + $extensions = array_merge($extensions, legal_file::get_movie_extensions()); + } + return $extensions; + } + + /** + * Create a merged list of all photo and movie filename filters, + * (e.g. "*.gif"), based on allowed extensions. + */ + static function get_filters() { + $filters = array(); + foreach (legal_file::get_extensions() as $extension) { + array_push($filters, "*." . $extension, "*." . strtoupper($extension)); + } + return $filters; + } + + /** + * Create a default list of allowed photo MIME types and then let modules modify it. + */ + static function get_photo_types() { + $types_wrapper = new stdClass(); + $types_wrapper->types = array("image/jpeg", "image/gif", "image/png"); + module::event("legal_photo_types", $types_wrapper); + return $types_wrapper->types; + } + + /** + * Create a default list of allowed movie MIME types and then let modules modify it. + */ + static function get_movie_types() { + $types_wrapper = new stdClass(); + $types_wrapper->types = array("video/flv", "video/x-flv", "video/mp4"); + module::event("legal_movie_types", $types_wrapper); + return $types_wrapper->types; + } +} diff --git a/modules/gallery/libraries/Form_Uploadify.php b/modules/gallery/libraries/Form_Uploadify.php index 3e35e380..450320b3 100644 --- a/modules/gallery/libraries/Form_Uploadify.php +++ b/modules/gallery/libraries/Form_Uploadify.php @@ -47,6 +47,7 @@ class Form_Uploadify_Core extends Form_Input { $v->script_data = $this->data["script_data"]; $v->simultaneous_upload_limit = module::get_var("gallery", "simultaneous_upload_limit"); $v->movies_allowed = (bool) movie::find_ffmpeg(); + $v->extensions = legal_file::get_filters(); $v->suhosin_session_encrypt = (bool) ini_get("suhosin.session.encrypt"); list ($toolkit_max_filesize_bytes, $toolkit_max_filesize) = graphics::max_filesize(); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 2a5e6894..cccb7074 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -408,6 +408,20 @@ class Item_Model_Core extends ORM_MPTT { // If any significant fields have changed, load up a copy of the original item and // keep it around. $original = ORM::factory("item", $this->id); + + // Preserve the extension of the data file. Many helpers, (e.g. ImageMagick), assume + // the MIME type from the extension. So when we adopt the new data file, it's important + // to adopt the new extension. That ensures that the item's extension is always + // appropriate for its data. We don't try to preserve the name of the data file, though, + // because the name is typically a temporary randomly-generated name. + if (isset($this->data_file)) { + $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); + $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; + if (!empty($extension) && strcmp($this->name, $new_name)) { + $this->name = $new_name; + } + } + if (array_intersect($this->changed, array("parent_id", "name", "slug"))) { $original->_build_relative_caches(); $this->relative_path_cache = null; @@ -429,8 +443,19 @@ class Item_Model_Core extends ORM_MPTT { } if ($original->parent_id != $this->parent_id || $original->name != $this->name) { + $this->_build_relative_caches(); + // If there is a data file, then we want to preserve both the old data and the new data. + // (Third-party event handlers would like access to both). The old data file will be + // accessible via the $original item, and the new one via $this item. But in that case, + // we don't want to rename the original as below, because the old data would end up being + // clobbered by the new data file. Also, the rename isn't necessary, because the new item + // data is coming from the data file anyway. So we only perform the rename if there isn't + // a data file. Another way to solve this would be to copy the original file rather than + // conditionally rename it, but a copy would cost far more than the rename. + if (!isset($this->data_file)) { + @rename($original->file_path(), $this->file_path()); + } // Move all of the items associated data files - @rename($original->file_path(), $this->file_path()); if ($this->is_album()) { @rename(dirname($original->resize_path()), dirname($this->resize_path())); @rename(dirname($original->thumb_path()), dirname($this->thumb_path())); @@ -460,8 +485,6 @@ class Item_Model_Core extends ORM_MPTT { } // Replace the data file, if requested. - // @todo: we don't handle the case where you swap in a file of a different mime type - // should we prevent that in validation? or in set_data_file() if ($this->data_file && ($this->is_photo() || $this->is_movie())) { copy($this->data_file, $this->file_path()); @@ -481,6 +504,9 @@ class Item_Model_Core extends ORM_MPTT { // Null out the data file variable here, otherwise this event will trigger another // save() which will think that we're doing another file move. $this->data_file = null; + if ($original->file_path() != $this->file_path()) { + @unlink($original->file_path()); + } module::event("item_updated_data_file", $this); } } @@ -517,6 +543,8 @@ class Item_Model_Core extends ORM_MPTT { $this->name = "$base_name-$rand"; } $this->slug = "$base_slug-$rand"; + $this->relative_path_cache = null; + $this->relative_url_cache = null; } } @@ -768,16 +796,7 @@ class Item_Model_Core extends ORM_MPTT { } if ($this->is_movie() || $this->is_photo()) { - if ($this->loaded()) { - // Existing items can't change their extension - $original = ORM::factory("item", $this->id); - $new_ext = pathinfo($this->name, PATHINFO_EXTENSION); - $old_ext = pathinfo($original->name, PATHINFO_EXTENSION); - if (strcasecmp($new_ext, $old_ext)) { - $v->add_error("name", "illegal_data_file_extension"); - return; - } - } else { + if (!$this->loaded()) { // New items must have an extension $ext = pathinfo($this->name, PATHINFO_EXTENSION); if (!$ext) { @@ -785,9 +804,10 @@ class Item_Model_Core extends ORM_MPTT { return; } - if ($this->is_movie() && !preg_match("/^(flv|mp4|m4v)$/i", $ext)) { - $v->add_error("name", "illegal_data_file_extension"); - } else if ($this->is_photo() && !preg_match("/^(gif|jpg|jpeg|png)$/i", $ext)) { + if ($this->is_photo() && + !in_array(strtolower($ext), array_map("strtolower", legal_file::get_photo_extensions())) || + $this->is_movie() && + !in_array(strtolower($ext), array_map("strtolower", legal_file::get_movie_extensions()))) { $v->add_error("name", "illegal_data_file_extension"); } } @@ -813,17 +833,6 @@ class Item_Model_Core extends ORM_MPTT { } else if (filesize($this->data_file) == 0) { $v->add_error("name", "empty_data_file"); } - - if ($this->loaded()) { - if ($this->is_photo()) { - list ($a, $b, $mime_type) = photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($a, $b, $mime_type) = movie::get_file_metadata($this->data_file); - } - if ($mime_type != $this->mime_type) { - $v->add_error("name", "cant_change_mime_type"); - } - } } /** @@ -877,9 +886,9 @@ class Item_Model_Core extends ORM_MPTT { switch($field) { case "mime_type": if ($this->is_movie()) { - $legal_values = array("video/flv", "video/x-flv", "video/mp4"); - } if ($this->is_photo()) { - $legal_values = array("image/jpeg", "image/gif", "image/png"); + $legal_values = legal_file::get_movie_types(); + } else if ($this->is_photo()) { + $legal_values = legal_file::get_photo_types(); } break; diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 83dfcc68..ba4a3621 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -28,7 +28,7 @@ uploader: "<?= url::file("lib/uploadify/uploadify.swf") ?>", script: "<?= url::site("uploader/add_photo/{$album->id}") ?>", scriptData: <?= json_encode($script_data) ?>, - fileExt: "*.gif;*.jpg;*.jpeg;*.png;*.GIF;*.JPG;*.JPEG;*.PNG<? if ($movies_allowed): ?>;*.flv;*.mp4;*.m4v;*.FLV;*.MP4;*.M4V<? endif ?>", + fileExt: "<?= implode(";", $extensions) ?>", fileDesc: <?= t("Photos and movies")->for_js() ?>, cancelImg: "<?= url::file("lib/uploadify/cancel.png") ?>", simUploadLimit: <?= $simultaneous_upload_limit ?>, |