summaryrefslogtreecommitdiff
path: root/modules/gallery/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/controllers')
-rw-r--r--modules/gallery/controllers/admin_maintenance.php7
-rw-r--r--modules/gallery/controllers/admin_modules.php5
-rw-r--r--modules/gallery/controllers/quick.php3
-rw-r--r--modules/gallery/controllers/reauthenticate.php11
-rw-r--r--modules/gallery/controllers/upgrader.php36
-rw-r--r--modules/gallery/controllers/user_profile.php39
6 files changed, 93 insertions, 8 deletions
diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index a9cc933c..7729d797 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -48,6 +48,13 @@ class Admin_Maintenance_Controller extends Admin_Controller {
$view->content->finished_tasks = ORM::factory("task")
->where("done", "=", 1)->order_by("updated", "DESC")->find_all();
print $view;
+
+ // Do some maintenance while we're in here
+ db::build()
+ ->delete("caches")
+ ->where("expiration", "<>", 0)
+ ->where("expiration", "<=", time())
+ ->execute();
}
/**
diff --git a/modules/gallery/controllers/admin_modules.php b/modules/gallery/controllers/admin_modules.php
index f5af9a5a..650b7e9e 100644
--- a/modules/gallery/controllers/admin_modules.php
+++ b/modules/gallery/controllers/admin_modules.php
@@ -95,12 +95,17 @@ class Admin_Modules_Controller extends Admin_Controller {
$activated_names[] = t($info->name);
}
} catch (Exception $e) {
+ message::warning(t("An error occurred while installing the <b>%module_name</b> module",
+ array("module_name" => $info->name)));
Kohana_Log::add("error", (string)$e);
}
}
module::event("module_change", $changes);
+ // If modules need upgrading, this will get recreated
+ site_status::clear("upgrade_now");
+
// @todo this type of collation is questionable from an i18n perspective
if ($activated_names) {
message::success(t("Activated: %names", array("names" => join(", ", $activated_names))));
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index c34209da..3db4f5df 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -36,7 +36,8 @@ class Quick_Controller extends Controller {
}
if ($degrees) {
- $tmpfile = tempnam(TMPPATH, "rotate");
+ $tmpfile = tempnam(TMPPATH, "rotate") . "." .
+ pathinfo($item->file_path(), PATHINFO_EXTENSION);
gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees));
$item->set_data_file($tmpfile);
$item->save();
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index 0486c0fe..53a96374 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -19,12 +19,19 @@
*/
class Reauthenticate_Controller extends Controller {
public function index() {
+ $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax());
if (!identity::active_user()->admin) {
- access::forbidden();
+ if ($is_ajax) {
+ // We should never be able to get here since Admin_Controller::_reauth_check() won't work
+ // for non-admins.
+ access::forbidden();
+ } else {
+ url::redirect(item::root()->abs_url());
+ }
}
+
// On redirects from the admin controller, the ajax request indicator is lost,
// so we store it in the session.
- $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax());
if ($is_ajax) {
$v = new View("reauthenticate.html");
$v->form = self::_form();
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index cb940b46..b2646874 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -39,10 +39,12 @@ class Upgrader_Controller extends Controller {
}
}
+ $failed = Input::instance()->get("failed");
$view = new View("upgrader.html");
$view->can_upgrade = identity::active_user()->admin || $session->get("can_upgrade");
$view->upgrade_token = $upgrade_token;
$view->available = module::available();
+ $view->failed = $failed ? explode(",", $failed) : array();
$view->done = $available_upgrades == 0;
print $view;
}
@@ -52,8 +54,16 @@ class Upgrader_Controller extends Controller {
// @todo this may screw up some module installers, but we don't have a better answer at
// this time.
$_SERVER["HTTP_HOST"] = "example.com";
- } else if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
- access::forbidden();
+ } else {
+ if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
+ access::forbidden();
+ }
+
+ try {
+ access::verify_csrf();
+ } catch (Exception $e) {
+ url::redirect("upgrader");
+ }
}
$available = module::available();
@@ -65,20 +75,36 @@ class Upgrader_Controller extends Controller {
}
// Then upgrade the rest
+ $failed = array();
foreach (module::available() as $id => $module) {
if ($id == "gallery") {
continue;
}
if ($module->active && $module->code_version != $module->version) {
- module::upgrade($id);
+ try {
+ module::upgrade($id);
+ } catch (Exception $e) {
+ // @todo assume it's MODULE_FAILED_TO_UPGRADE for now
+ $failed[] = $id;
+ }
}
}
+ // If the upgrade failed, this will get recreated
+ site_status::clear("upgrade_now");
+
if (php_sapi_name() == "cli") {
- print "Upgrade complete\n";
+ if ($failed) {
+ print "Upgrade completed ** WITH FAILURES **\n";
+ print "The following modules were not successfully upgraded:\n";
+ print " " . implode($failed, "\n ") . "\n";
+ print "Try getting newer versions or deactivating those modules\n";
+ } else {
+ print "Upgrade complete\n";
+ }
} else {
- url::redirect("upgrader");
+ url::redirect("upgrader?failed=" . join(",", $failed));
}
}
}
diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index e992655b..4922416c 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -18,6 +18,7 @@
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class User_Profile_Controller extends Controller {
+
public function show($id) {
// If we get here, then we should have a user id other than guest.
$user = identity::lookup_user($id);
@@ -25,6 +26,10 @@ class User_Profile_Controller extends Controller {
throw new Kohana_404_Exception();
}
+ if (!$this->_can_view_profile_pages($user)) {
+ throw new Kohana_404_Exception();
+ }
+
$v = new Theme_View("page.html", "other", "profile");
$v->page_title = t("%name Profile", array("name" => $user->display_name()));
$v->content = new View("user_profile.html");
@@ -44,12 +49,20 @@ class User_Profile_Controller extends Controller {
public function contact($id) {
$user = identity::lookup_user($id);
+ if (!$this->_can_view_profile_pages($user)) {
+ throw new Kohana_404_Exception();
+ }
+
print user_profile::get_contact_form($user);
}
public function send($id) {
access::verify_csrf();
$user = identity::lookup_user($id);
+ if (!$this->_can_view_profile_pages($user)) {
+ throw new Kohana_404_Exception();
+ }
+
$form = user_profile::get_contact_form($user);
if ($form->validate()) {
Sendmail::factory()
@@ -66,4 +79,30 @@ class User_Profile_Controller extends Controller {
json::reply(array("result" => "error", "html" => (string)$form));
}
}
+
+ private function _can_view_profile_pages($user) {
+ if (!$user->loaded()) {
+ return false;
+ }
+
+ if ($user->id == identity::active_user()->id) {
+ // You can always view your own profile
+ return true;
+ }
+
+ switch (module::get_var("gallery", "show_user_profiles_to")) {
+ case "admin_users":
+ return identity::active_user()->admin;
+
+ case "registered_users":
+ return !identity::active_user()->guest;
+
+ case "everybody":
+ return true;
+
+ default:
+ // Fail in private mode on an invalid setting
+ return false;
+ }
+ }
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-15 03:54:33 +0000