9 files changed, 57 insertions, 49 deletions

diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php
index 573ededf..f96a0eb7 100644
--- a/modules/gallery/controllers/admin_languages.php
+++ b/modules/gallery/controllers/admin_languages.php
@@ -74,9 +74,11 @@ class Admin_Languages_Controller extends Admin_Controller {
 
   private function _save_api_key($form) {
     $new_key = $form->sharing->api_key->value;
-    if ($new_key && !l10n_client::validate_api_key($new_key)) {
-      $form->sharing->api_key->add_error("invalid", 1);
-      $valid = false;
+    if ($new_key) {
+      list($connected, $valid) = l10n_client::validate_api_key($new_key);
+      if (!$valid) {
+        $form->sharing->api_key->add_error($connected ? "invalid" : "no_connection", 1);
+      }
     } else {
       $valid = true;
     }
@@ -119,7 +121,9 @@ class Admin_Languages_Controller extends Admin_Controller {
                   array("server-link" => html::mark_clean(html::anchor($server_link))))
               : t("API key"))
       ->value($api_key)
-      ->error_messages("invalid", t("The API key you provided is invalid."));
+      ->error_messages("invalid", t("The API key you provided is invalid."))
+      ->error_messages(
+        "no_connection", t("Could not connect to remote server to validate the API key."));
     $group->submit("save")->value(t("Save settings"));
     if ($api_key && $this->_outgoing_translations_count()) {
       // TODO: UI improvement: hide API key / save button when API key is set.
diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index 7729d797..80247a0f 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -27,7 +27,7 @@ class Admin_Maintenance_Controller extends Admin_Controller {
       ->set("state", "stalled")
       ->where("done", "=", 0)
       ->where("state", "<>", "stalled")
-      ->where(new Database_Expression("UNIX_TIMESTAMP(NOW()) - `updated` > 15"))
+      ->where(db::expr("UNIX_TIMESTAMP(NOW()) - `updated` > 15"))
       ->execute();
     $stalled_count = $query->count();
     if ($stalled_count) {
diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index b0887195..3435465c 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -37,7 +37,7 @@ class Albums_Controller extends Items_Controller {
 
     if ($show) {
       $child = ORM::factory("item", $show);
-      $index = $album->get_position($child);
+      $index = item::get_position($child);
       if ($index) {
         $page = ceil($index / $page_size);
         if ($page == 1) {
@@ -61,20 +61,18 @@ class Albums_Controller extends Items_Controller {
     }
 
     $template = new Theme_View("page.html", "collection", "album");
-    $template->set_global("page", $page);
-    $template->set_global("page_title", null);
-    $template->set_global("max_pages", $max_pages);
-    $template->set_global("page_size", $page_size);
-    $template->set_global("item", $album);
-    $template->set_global("children", $album->viewable()->children($page_size, $offset));
-    $template->set_global("children_count", $children_count);
-    $template->set_global("parents", $album->parents()->as_array()); // view calls empty() on this
+    $template->set_global(
+      array("page" => $page,
+            "page_title" => null,
+            "max_pages" => $max_pages,
+            "page_size" => $page_size,
+            "item" => $album,
+            "children" => $album->viewable()->children($page_size, $offset),
+            "parents" => $album->parents()->as_array(), // view calls empty() on this
+            "children_count" => $children_count));
     $template->content = new View("album.html");
 
-    // We can't use math in ORM or the query builder, so do this by hand.  It's important
-    // that we do this with math, otherwise concurrent accesses will damage accuracy.
-    db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id")
-      ->execute();
+    $album->increment_view_count();
 
     print $template;
   }
diff --git a/modules/gallery/controllers/combined.php b/modules/gallery/controllers/combined.php
index 4b1a342a..64f8d22b 100644
--- a/modules/gallery/controllers/combined.php
+++ b/modules/gallery/controllers/combined.php
@@ -18,6 +18,9 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Combined_Controller extends Controller {
+  const ALLOW_MAINTENANCE_MODE = true;
+  const ALLOW_PRIVATE_GALLERY = true;
+
   /**
    * Return the combined Javascript bundle associated with the given key.
    */
diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php
index 22854fbd..98f4e839 100644
--- a/modules/gallery/controllers/file_proxy.php
+++ b/modules/gallery/controllers/file_proxy.php
@@ -27,10 +27,13 @@
  * input is sanitized against the database before we perform any file I/O.
  */
 class File_Proxy_Controller extends Controller {
+  const ALLOW_PRIVATE_GALLERY = true;
   public function __call($function, $args) {
-    // request_uri: gallery3/var/trunk/albums/foo/bar.jpg
+    // request_uri: gallery3/var/albums/foo/bar.jpg?m=1234
     $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI"));
 
+    // get rid of query parameters
+    // request_uri: gallery3/var/albums/foo/bar.jpg
     $request_uri = preg_replace("/\?.*/", "", $request_uri);
 
     // var_uri: gallery3/var/
@@ -42,13 +45,11 @@ class File_Proxy_Controller extends Controller {
       throw new Kohana_404_Exception();
     }
 
+    // file_uri: albums/foo/bar.jpg
     $file_uri = substr($request_uri, strlen($var_uri));
 
-    // Make sure that we don't leave the var dir
-    if (strpos($file_uri, "..") !== false) {
-      throw new Kohana_404_Exception();
-    }
-
+    // type: albums
+    // path: foo/bar.jpg
     list ($type, $path) = explode("/", $file_uri, 2);
     if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
       throw new Kohana_404_Exception();
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 62d33345..adb2e50b 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -18,6 +18,8 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Login_Controller extends Controller {
+  const ALLOW_MAINTENANCE_MODE = true;
+  const ALLOW_PRIVATE_GALLERY = true;
 
   public function ajax() {
     $view = new View("login_ajax.html");
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 717eb8aa..7c85dd98 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -28,29 +28,29 @@ class Movies_Controller extends Items_Controller {
     access::required("view", $movie);
 
     $where = array(array("type", "!=", "album"));
-    $position = $movie->parent()->get_position($movie, $where);
+    $position = item::get_position($movie, $where);
     if ($position > 1) {
       list ($previous_item, $ignore, $next_item) =
-        $movie->parent()->children(3, $position - 2, $where);
+        $movie->parent()->viewable()->children(3, $position - 2, $where);
     } else {
       $previous_item = null;
       list ($next_item) = $movie->parent()->viewable()->children(1, $position, $where);
     }
 
     $template = new Theme_View("page.html", "item", "movie");
-    $template->set_global("item", $movie);
-    $template->set_global("children", array());
-    $template->set_global("children_count", 0);
-    $template->set_global("parents", $movie->parents()->as_array());
-    $template->set_global("next_item", $next_item);
-    $template->set_global("previous_item", $previous_item);
-    $template->set_global("sibling_count", $movie->parent()->viewable()->children_count($where));
-    $template->set_global("position", $position);
+    $template->set_global(
+      array("item" => $movie,
+            "children" => array(),
+            "children_count" => 0,
+            "parents" => $movie->parents()->as_array(),
+            "next_item" => $next_item,
+            "previous_item" => $previous_item,
+            "sibling_count" => $movie->parent()->viewable()->children_count($where),
+            "position" => $position));
 
     $template->content = new View("movie.html");
 
-    $movie->view_count++;
-    $movie->save();
+    $movie->increment_view_count();
 
     print $template;
   }
diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php
index bd51b93c..9da34f9c 100644
--- a/modules/gallery/controllers/packager.php
+++ b/modules/gallery/controllers/packager.php
@@ -59,7 +59,7 @@ class Packager_Controller extends Controller {
     // numbers, keeping our install.sql file more stable.
     srand(0);
 
-    foreach (array("gallery", "user", "comment", "organize", "info", "rest",
+    foreach (array("gallery", "user", "comment", "organize", "info",
                    "rss", "search", "slideshow", "tag") as $module_name) {
       module::install($module_name);
       module::activate($module_name);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index b22ac8e5..4578747d 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -28,29 +28,29 @@ class Photos_Controller extends Items_Controller {
     access::required("view", $photo);
 
     $where = array(array("type", "!=", "album"));
-    $position = $photo->parent()->get_position($photo, $where);
+    $position = item::get_position($photo, $where);
     if ($position > 1) {
       list ($previous_item, $ignore, $next_item) =
-        $photo->parent()->children(3, $position - 2, $where);
+        $photo->parent()->viewable()->children(3, $position - 2, $where);
     } else {
       $previous_item = null;
       list ($next_item) = $photo->parent()->viewable()->children(1, $position, $where);
     }
 
     $template = new Theme_View("page.html", "item", "photo");
-    $template->set_global("item", $photo);
-    $template->set_global("children", array());
-    $template->set_global("children_count", 0);
-    $template->set_global("parents", $photo->parents()->as_array());
-    $template->set_global("next_item", $next_item);
-    $template->set_global("previous_item", $previous_item);
-    $template->set_global("sibling_count", $photo->parent()->viewable()->children_count($where));
-    $template->set_global("position", $position);
+    $template->set_global(
+      array("item" => $photo,
+            "children" => array(),
+            "children_count" => 0,
+            "parents" => $photo->parents()->as_array(),
+            "next_item" => $next_item,
+            "previous_item" => $previous_item,
+            "sibling_count" => $photo->parent()->viewable()->children_count($where),
+            "position" => $position));
 
     $template->content = new View("photo.html");
 
-    $photo->view_count++;
-    $photo->save();
+    $photo->increment_view_count();
 
     print $template;
   }