1 files changed, 47 insertions, 30 deletions

diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php
index 2bb55ccb..282289b5 100644
--- a/modules/gallery/helpers/gallery.php
+++ b/modules/gallery/helpers/gallery.php
@@ -25,18 +25,27 @@ class gallery_Core {
    * down for maintenance" page.
    */
   static function maintenance_mode() {
-    // @todo: we need a mechanism here to identify controllers that are still legally accessible
-    // when the entire Gallery is in maintenance mode.  Perhaps a controller class function or
-    // method?
-    // https://sourceforge.net/apps/trac/gallery/ticket/1411
-    if (Router::$controller != "login" &&
-        Router::$controller != "combined" &&
-        module::get_var("gallery", "maintenance_mode", 0) &&
+    if (module::get_var("gallery", "maintenance_mode", 0) &&
         !identity::active_user()->admin) {
-      Session::instance()->set("continue_url", url::abs_site("admin/maintenance"));
-      Router::$controller = "login";
-      Router::$controller_path = MODPATH . "gallery/controllers/login.php";
-      Router::$method = "html";
+      try {
+        $class = new ReflectionClass(ucfirst(Router::$controller).'_Controller');
+        $allowed = $class->getConstant("ALLOW_MAINTENANCE_MODE") === true;
+      } catch (ReflectionClass $e) {
+        $allowed = false;
+      }
+      if (!$allowed) {
+        if (Router::$controller == "admin") {
+          // At this point we're in the admin theme and it doesn't have a themed login page, so
+          // we can't just swap in the login controller and have it work.  So redirect back to the
+          // root item where we'll run this code again with the site theme.
+          url::redirect(item::root()->abs_url());
+        } else {
+          Session::instance()->set("continue_url", url::abs_site("admin/maintenance"));
+          Router::$controller = "login";
+          Router::$controller_path = MODPATH . "gallery/controllers/login.php";
+          Router::$method = "html";
+        }
+      }
     }
   }
 
@@ -45,26 +54,27 @@ class gallery_Core {
    * the login page.
    */
   static function private_gallery() {
-    // @todo: we need a mechanism here to identify controllers that are still legally accessible
-    // when the entire Gallery is private.  Perhaps a controller class function or method?
-    // https://sourceforge.net/apps/trac/gallery/ticket/1411
-    if (Router::$controller != "login" &&
-        Router::$controller != "combined" &&
-        Router::$controller != "digibug" &&
-        Router::$controller != "rest" &&
-        identity::active_user()->guest &&
+    if (identity::active_user()->guest &&
         !access::user_can(identity::guest(), "view", item::root()) &&
         php_sapi_name() != "cli") {
-      if (Router::$controller == "admin") {
-        // At this point we're in the admin theme and it doesn't have a themed login page, so
-        // we can't just swap in the login controller and have it work.  So redirect back to the
-        // root item where we'll run this code again with the site theme.
-        url::redirect(item::root()->abs_url());
-      } else {
-        Session::instance()->set("continue_url", url::abs_current());
-        Router::$controller = "login";
-        Router::$controller_path = MODPATH . "gallery/controllers/login.php";
-        Router::$method = "html";
+      try {
+        $class = new ReflectionClass(ucfirst(Router::$controller).'_Controller');
+        $allowed = $class->getConstant("ALLOW_PRIVATE_GALLERY") === true;
+      } catch (ReflectionClass $e) {
+        $allowed = false;
+      }
+      if (!$allowed) {
+        if (Router::$controller == "admin") {
+          // At this point we're in the admin theme and it doesn't have a themed login page, so
+          // we can't just swap in the login controller and have it work.  So redirect back to the
+          // root item where we'll run this code again with the site theme.
+          url::redirect(item::root()->abs_url());
+        } else {
+          Session::instance()->set("continue_url", url::abs_current());
+          Router::$controller = "login";
+          Router::$controller_path = MODPATH . "gallery/controllers/login.php";
+          Router::$method = "html";
+        }
       }
     }
   }
@@ -143,8 +153,15 @@ class gallery_Core {
     if (is_string($file_name)) {
       // make relative to DOCROOT
       $parts = explode("/", $file_name);
+      $count = count($parts);
       foreach ($parts as $idx => $part) {
-        if (in_array($part, array("application", "modules", "themes", "lib"))) {
+        // If this part is "modules" or "themes" make sure that the part 2 after this
+        // is the target directory, and if it is then we're done.  This check makes
+        // sure that if Gallery is installed in a directory called "modules" or "themes"
+        // We don't parse the directory structure incorrectly.
+        if (in_array($part, array("modules", "themes")) &&
+            $idx + 2 < $count &&
+            $parts[$idx + 2] == $directory) {
           break;
         }
         unset($parts[$idx]);