diff options
Diffstat (limited to 'modules/gallery/controllers')
| -rw-r--r-- | modules/gallery/controllers/admin.php | 10 | ||||
| -rw-r--r-- | modules/gallery/controllers/albums.php | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/file_proxy.php | 6 | ||||
| -rw-r--r-- | modules/gallery/controllers/flash_uploader.php (renamed from modules/gallery/controllers/simple_uploader.php) | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/login.php | 7 | ||||
| -rw-r--r-- | modules/gallery/controllers/logout.php | 11 | ||||
| -rw-r--r-- | modules/gallery/controllers/packager.php | 11 | ||||
| -rw-r--r-- | modules/gallery/controllers/quick.php | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/reauthenticate.php | 4 |
9 files changed, 34 insertions, 27 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 787a2138..40dd260b 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -22,7 +22,12 @@ class Admin_Controller extends Controller { public function __construct($theme=null) { if (!identity::active_user()->admin) { - access::forbidden(); + if (identity::active_user()->guest) { + Session::instance()->set("continue_url", url::abs_current(true)); + url::redirect("login"); + } else { + access::forbidden(); + } } parent::__construct(); @@ -69,6 +74,7 @@ class Admin_Controller extends Controller { $result = new stdClass(); $result->result = "success"; if ($time_remaining < 30) { + message::success(t("Automatically logged out of the admin area for your security")); $result->location = url::abs_site(""); } @@ -78,7 +84,7 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get" && !request::is_ajax()) { // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); + Session::instance()->set("continue_url", url::abs_current(true)); } url::redirect("reauthenticate"); } diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index ea15418f..eaa09be5 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -73,8 +73,8 @@ class Albums_Controller extends Items_Controller { // We can't use math in ORM or the query builder, so do this by hand. It's important // that we do this with math, otherwise concurrent accesses will damage accuracy. - db::query( - "UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id"); + db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id") + ->execute(); print $template; } diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index fff90ec5..32690fc0 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -60,12 +60,12 @@ class File_Proxy_Controller extends Controller { foreach (explode("/", $path) as $path_part) { $encoded_path[] = rawurlencode($path_part); } - + $encoded_path = implode("/", $encoded_path); // We now have the relative path to the item. Search for it in the path cache // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to // insure that the paths are normalized. $item = ORM::factory("item") - ->where("relative_path_cache", "=", implode("/", $encoded_path))->find(); + ->where("relative_path_cache", "=", $encoded_path)->find(); if (!$item->loaded()) { // We didn't turn it up. It's possible that the relative_path_cache is out of date here. // There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be @@ -76,7 +76,7 @@ class File_Proxy_Controller extends Controller { // So try some alternate types: if (preg_match('/.jpg$/', $path)) { foreach (array("flv", "mp4") as $ext) { - $movie_path = preg_replace('/.jpg$/', ".$ext", $path); + $movie_path = preg_replace('/.jpg$/', ".$ext", $encoded_path); $item = ORM::factory("item")->where("relative_path_cache", "=", $movie_path)->find(); if ($item->loaded()) { break; diff --git a/modules/gallery/controllers/simple_uploader.php b/modules/gallery/controllers/flash_uploader.php index c7e5031b..f7da5124 100644 --- a/modules/gallery/controllers/simple_uploader.php +++ b/modules/gallery/controllers/flash_uploader.php @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -class Simple_Uploader_Controller extends Controller { +class Flash_Uploader_Controller extends Controller { public function app($id) { $item = ORM::factory("item", $id); access::required("view", $item); @@ -109,7 +109,7 @@ class Simple_Uploader_Controller extends Controller { } private function _get_add_form($album) { - $form = new Forge("simple_uploader/finish", "", "post", array("id" => "g-add-photos-form")); + $form = new Forge("flash_uploader/finish", "", "post", array("id" => "g-add-photos-form")); $group = $form->group("add_photos") ->label(t("Add photos to %album_title", array("album_title" => html::purify($album->title)))); $group->uploadify("uploadify")->album($album); diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 40125476..2b60316b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -38,15 +38,18 @@ class Login_Controller extends Controller { } public function html() { - print auth::get_login_form("login/auth_html"); + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Login"); + $view->content = auth::get_login_form("login/auth_html"); + print $view; } public function auth_html() { access::verify_csrf(); - $continue_url = Session::instance()->get("continue_url", null); list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { + $continue_url = $form->continue_url->value; url::redirect($continue_url ? $continue_url : item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 967dad49..20fa8074 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -21,14 +21,9 @@ class Logout_Controller extends Controller { public function index() { access::verify_csrf(); auth::logout(); - if ($continue_url = Input::instance()->get("continue")) { - $item = url::get_item_from_uri($continue_url); - if (access::can("view", $item)) { - // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: $continue_url"); - } else { - url::redirect(item::root()->abs_url()); - } + if ($continue_url = Input::instance()->get("continue_url")) { + url::redirect($continue_url); } + url::redirect(item::root()->abs_url()); } }
\ No newline at end of file diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index 6eafd9df..835cb903 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -63,8 +63,8 @@ class Packager_Controller extends Controller { module::load_modules(); - foreach (array("user", "comment", "organize", "info", "rss", - "search", "slideshow", "tag") as $module_name) { + foreach (array("user", "comment", "organize", "info", "rest", + "rss", "search", "slideshow", "tag") as $module_name) { module::install($module_name); module::activate($module_name); } @@ -163,9 +163,11 @@ class Packager_Controller extends Controller { $paths = array(); foreach($objects as $name => $file){ - if ($file->getBasename() == "database.php") { + $path = $file->getPath(); + $basename = $file->getBasename(); + if ($basename == "database.php" || $basename == "." || $basename == "..") { continue; - } else if (basename($file->getPath()) == "logs" && $file->getBasename() != ".htaccess") { + } else if (basename($path) == "logs" && $basename != ".htaccess") { continue; } @@ -186,6 +188,7 @@ class Packager_Controller extends Controller { foreach ($paths as $path) { fwrite($fd, "!file_exists($path) && mkdir($path);\n"); } + ksort($files); foreach ($files as $file => $contents) { fwrite($fd, "file_put_contents($file, base64_decode(\"$contents\"));\n"); } diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 813d1a93..6cfbbc62 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -58,12 +58,12 @@ class Quick_Controller extends Controller { if (Input::instance()->get("page_type") == "collection") { print json_encode( - array("src" => $item->thumb_url() . "?rnd=" . rand(), + array("src" => $item->thumb_url(), "width" => $item->thumb_width, "height" => $item->thumb_height)); } else { print json_encode( - array("src" => $item->resize_url() . "?rnd=" . rand(), + array("src" => $item->resize_url(), "width" => $item->resize_width, "height" => $item->resize_height)); } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 3503d80a..acb27f6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -37,8 +37,7 @@ class Reauthenticate_Controller extends Controller { if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - $continue_url = Session::instance()->get_once("continue_url", "admin"); - url::redirect($continue_url); + url::redirect($form->continue_url->value); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); @@ -59,6 +58,7 @@ class Reauthenticate_Controller extends Controller { private static function _form() { $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); $group = $form->group("reauthenticate")->label(t("Re-authenticate")); $group->password("password")->label(t("Password"))->id("g-password")->class(null) ->callback("auth::validate_too_many_failed_auth_attempts") |