7 files changed, 103 insertions, 13 deletions

diff --git a/modules/gallery/controllers/admin_modules.php b/modules/gallery/controllers/admin_modules.php
index f5af9a5a..650b7e9e 100644
--- a/modules/gallery/controllers/admin_modules.php
+++ b/modules/gallery/controllers/admin_modules.php
@@ -95,12 +95,17 @@ class Admin_Modules_Controller extends Admin_Controller {
           $activated_names[] = t($info->name);
         }
       } catch (Exception $e) {
+        message::warning(t("An error occurred while installing the <b>%module_name</b> module",
+                           array("module_name" => $info->name)));
         Kohana_Log::add("error", (string)$e);
       }
     }
 
     module::event("module_change", $changes);
 
+    // If modules need upgrading, this will get recreated
+    site_status::clear("upgrade_now");
+
     // @todo this type of collation is questionable from an i18n perspective
     if ($activated_names) {
       message::success(t("Activated: %names", array("names" => join(", ", $activated_names))));
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php
index f205bf86..39b0f638 100644
--- a/modules/gallery/controllers/items.php
+++ b/modules/gallery/controllers/items.php
@@ -31,4 +31,13 @@ class Items_Controller extends Controller {
     access::required("view", $item);
     url::redirect($item->abs_url());
   }
+
+  // Return the width/height dimensinons for the given item
+  public function dimensions($id) {
+    $item = ORM::factory("item", $id);
+    access::required("view", $item);
+    json::reply(array("thumb" => array((int)$item->thumb_width, (int)$item->thumb_height),
+                      "resize" => array((int)$item->resize_width, (int)$item->resize_height),
+                      "full" => array((int)$item->width, (int)$item->height)));
+  }
 }
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index c34209da..3db4f5df 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -36,7 +36,8 @@ class Quick_Controller extends Controller {
     }
 
     if ($degrees) {
-      $tmpfile = tempnam(TMPPATH, "rotate");
+      $tmpfile = tempnam(TMPPATH, "rotate") . "." .
+        pathinfo($item->file_path(), PATHINFO_EXTENSION);
       gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees));
       $item->set_data_file($tmpfile);
       $item->save();
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index 0486c0fe..53a96374 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -19,12 +19,19 @@
  */
 class Reauthenticate_Controller extends Controller {
   public function index() {
+    $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax());
     if (!identity::active_user()->admin) {
-      access::forbidden();
+      if ($is_ajax) {
+        // We should never be able to get here since Admin_Controller::_reauth_check() won't work
+        // for non-admins.
+        access::forbidden();
+      } else {
+        url::redirect(item::root()->abs_url());
+      }
     }
+
     // On redirects from the admin controller, the ajax request indicator is lost,
     // so we store it in the session.
-    $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax());
     if ($is_ajax) {
       $v = new View("reauthenticate.html");
       $v->form = self::_form();
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index cb940b46..b2646874 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -39,10 +39,12 @@ class Upgrader_Controller extends Controller {
       }
     }
 
+    $failed = Input::instance()->get("failed");
     $view = new View("upgrader.html");
     $view->can_upgrade = identity::active_user()->admin || $session->get("can_upgrade");
     $view->upgrade_token = $upgrade_token;
     $view->available = module::available();
+    $view->failed = $failed ? explode(",", $failed) : array();
     $view->done = $available_upgrades == 0;
     print $view;
   }
@@ -52,8 +54,16 @@ class Upgrader_Controller extends Controller {
       // @todo this may screw up some module installers, but we don't have a better answer at
       // this time.
       $_SERVER["HTTP_HOST"] = "example.com";
-    } else if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
-      access::forbidden();
+    } else {
+      if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
+        access::forbidden();
+      }
+
+      try {
+        access::verify_csrf();
+      } catch (Exception $e) {
+        url::redirect("upgrader");
+      }
     }
 
     $available = module::available();
@@ -65,20 +75,36 @@ class Upgrader_Controller extends Controller {
     }
 
     // Then upgrade the rest
+    $failed = array();
     foreach (module::available() as $id => $module) {
       if ($id == "gallery") {
         continue;
       }
 
       if ($module->active && $module->code_version != $module->version) {
-        module::upgrade($id);
+        try {
+          module::upgrade($id);
+        } catch (Exception $e) {
+          // @todo assume it's MODULE_FAILED_TO_UPGRADE for now
+          $failed[] = $id;
+        }
       }
     }
 
+    // If the upgrade failed, this will get recreated
+    site_status::clear("upgrade_now");
+
     if (php_sapi_name() == "cli") {
-      print "Upgrade complete\n";
+      if ($failed) {
+        print "Upgrade completed ** WITH FAILURES **\n";
+        print "The following modules were not successfully upgraded:\n";
+        print "  " . implode($failed, "\n  ") . "\n";
+        print "Try getting newer versions or deactivating those modules\n";
+      } else {
+        print "Upgrade complete\n";
+      }
     } else {
-      url::redirect("upgrader");
+      url::redirect("upgrader?failed=" . join(",", $failed));
     }
   }
 }
diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php
index fb496f60..168e8b2d 100644
--- a/modules/gallery/controllers/uploader.php
+++ b/modules/gallery/controllers/uploader.php
@@ -103,11 +103,14 @@ class Uploader_Controller extends Controller {
   }
 
   public function status($success_count, $error_count) {
-    // The "errors" won't be properly pluralized :-/
-    print t2("Uploaded %count photo (%error errors)",
-             "Uploaded %count photos (%error errors)",
-             $success_count,
-             array("error" => $error_count));
+    if ($error_count) {
+      // The "errors" won't be properly pluralized :-/
+      print t2("Uploaded %count photo (%error errors)",
+               "Uploaded %count photos (%error errors)",
+               $success_count,
+               array("error" => $error_count));
+    } else {
+      print t2("Uploaded %count photo", "Uploaded %count photos", $success_count);}
   }
 
   public function finish() {
diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index e992655b..4922416c 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -18,6 +18,7 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class User_Profile_Controller extends Controller {
+
   public function show($id) {
     // If we get here, then we should have a user id other than guest.
     $user = identity::lookup_user($id);
@@ -25,6 +26,10 @@ class User_Profile_Controller extends Controller {
       throw new Kohana_404_Exception();
     }
 
+    if (!$this->_can_view_profile_pages($user)) {
+      throw new Kohana_404_Exception();
+    }
+
     $v = new Theme_View("page.html", "other", "profile");
     $v->page_title = t("%name Profile", array("name" => $user->display_name()));
     $v->content = new View("user_profile.html");
@@ -44,12 +49,20 @@ class User_Profile_Controller extends Controller {
 
   public function contact($id) {
     $user = identity::lookup_user($id);
+    if (!$this->_can_view_profile_pages($user)) {
+      throw new Kohana_404_Exception();
+    }
+
     print user_profile::get_contact_form($user);
   }
 
   public function send($id) {
     access::verify_csrf();
     $user = identity::lookup_user($id);
+    if (!$this->_can_view_profile_pages($user)) {
+      throw new Kohana_404_Exception();
+    }
+
     $form = user_profile::get_contact_form($user);
     if ($form->validate()) {
       Sendmail::factory()
@@ -66,4 +79,30 @@ class User_Profile_Controller extends Controller {
       json::reply(array("result" => "error", "html" => (string)$form));
     }
   }
+
+  private function _can_view_profile_pages($user) {
+    if (!$user->loaded()) {
+      return false;
+    }
+
+    if ($user->id == identity::active_user()->id) {
+      // You can always view your own profile
+      return true;
+    }
+
+    switch (module::get_var("gallery", "show_user_profiles_to")) {
+    case "admin_users":
+      return identity::active_user()->admin;
+
+    case "registered_users":
+      return !identity::active_user()->guest;
+
+    case "everybody":
+      return true;
+
+    default:
+      // Fail in private mode on an invalid setting
+      return false;
+    }
+  }
 }