9 files changed, 94 insertions, 30 deletions

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 29b981e8..7e8b079a 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -118,7 +118,12 @@ class access_Core {
    */
   static function required($perm_name, $item) {
     if (!self::can($perm_name, $item)) {
-      self::forbidden();
+      if ($perm_name == "view") {
+        // Treat as if the item didn't exist, don't leak any information.
+        throw new Kohana_404_Exception();
+      } else {
+        self::forbidden();
+      }
     }
   }
 
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index f5454f85..c3e9e6e9 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -130,17 +130,4 @@ class auth_Core {
     $session->set("admin_area_activity_timestamp", time());
     return false;
   }
-
-  /**
-   * Redirect to the login page.
-   */
-  static function require_login() {
-    $view = new Theme_View("page.html", "other", "login");
-    $view->page_title = t("Log in to Gallery");
-    $view->content = new View("login_ajax.html");
-    $view->content->form = auth::get_login_form("login/auth_html");
-    // Avoid anti-phishing protection by passing the url as session variable.
-    Session::instance()->set("continue_url", url::current(true));
-    return $view;
-  }
 }
\ No newline at end of file
diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php
index 84f8a7fb..a43b180b 100644
--- a/modules/gallery/helpers/gallery.php
+++ b/modules/gallery/helpers/gallery.php
@@ -18,7 +18,7 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class gallery_Core {
-  const VERSION = "3.0 git (pre-RC1)";
+  const VERSION = "3.0 RC1 (Santa Fe)";
 
   /**
    * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 63f33c12..36f91142 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -336,7 +336,7 @@ class gallery_event_Core {
             ->css_class("ui-icon-rotate-ccw")
             ->ajax_handler("function(data) { " .
                            "\$.gallery_replace_image(data, \$('$thumb_css_selector')) }")
-            ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")))
+            ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")))
           ->append(
             Menu::factory("ajax_link")
             ->id("rotate_cw")
@@ -344,7 +344,7 @@ class gallery_event_Core {
             ->css_class("ui-icon-rotate-cw")
             ->ajax_handler("function(data) { " .
                            "\$.gallery_replace_image(data, \$('$thumb_css_selector')) }")
-            ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")));
+            ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")));
       }
 
       // @todo Don't move photos from the photo page; we don't yet have a good way of redirecting
@@ -384,7 +384,7 @@ class gallery_event_Core {
                    ->label($delete_title)
                    ->css_class("ui-icon-trash")
                    ->css_id("g-quick-delete")
-                   ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")));
+                   ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")));
       }
 
       if ($item->is_album()) {
@@ -413,7 +413,7 @@ class gallery_event_Core {
 
     $fields = array("name" => t("Name"), "locale" => t("Language Preference"),
                     "email" => t("Email"), "full_name" => t("Full name"), "url" => "Web site");
-    if (!$data->display_all) {
+    if (!$data->user->guest) {
       $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site");
     }
     $v->user_profile_data = array();
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index dd53cf43..6f8a6688 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -32,6 +32,10 @@ class gallery_installer {
                  PRIMARY KEY (`id`))
                DEFAULT CHARSET=utf8;");
 
+    // Using a simple index instead of a unique key for the
+    // key column to avoid handling of concurrency issues
+    // on insert. Thus allowing concurrent inserts on the
+    // same cache key, as does Memcache / xcache.
     $db->query("CREATE TABLE {caches} (
                 `id` int(9) NOT NULL auto_increment,
                 `key` varchar(255) NOT NULL,
@@ -39,6 +43,7 @@ class gallery_installer {
                 `expiration` int(9) NOT NULL,
                 `cache` longblob,
                 PRIMARY KEY (`id`),
+                KEY (`key`),
                 KEY (`tags`))
                 DEFAULT CHARSET=utf8;");
 
@@ -284,11 +289,13 @@ class gallery_installer {
     module::set_var("gallery", "date_time_format", "Y-M-d H:i:s");
     module::set_var("gallery", "time_format", "H:i:s");
     module::set_var("gallery", "show_credits", 1);
-    // @todo this string needs to be picked up by l10n_scanner
-    module::set_var("gallery", "credits", "Powered by <a href=\"%url\">Gallery %version</a>");
+    // Mark string for translation
+    $powered_by_string = t("Powered by <a href=\"%url\">%gallery_version</a>",
+                           array("locale" => "root"));
+    module::set_var("gallery", "credits", (string) $powered_by_string);
     module::set_var("gallery", "simultaneous_upload_limit", 5);
     module::set_var("gallery", "admin_area_timeout", 90 * 60);
-    module::set_version("gallery", 28);
+    module::set_version("gallery", 30);
   }
 
   static function upgrade($version) {
@@ -538,6 +545,16 @@ class gallery_installer {
       module::set_var("gallery", "admin_area_timeout", 90 * 60);
       module::set_version("gallery", $version = 28);
     }
+
+    if ($version == 28) {
+      module::set_var("gallery", "credits", "Powered by <a href=\"%url\">%gallery_version</a>");
+      module::set_version("gallery", $version = 29);
+    }
+
+    if ($version == 29) {
+      $db->query("ALTER TABLE {caches} ADD KEY (`key`);");
+      module::set_version("gallery", $version = 30);
+    }                
   }
 
   static function uninstall() {
diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php
index 3e6278e5..617f7f48 100644
--- a/modules/gallery/helpers/gallery_task.php
+++ b/modules/gallery/helpers/gallery_task.php
@@ -201,6 +201,8 @@ class gallery_task_Core {
           $total = $num_fetched + $num_remaining;
           $task->percent_complete = 70 + 30 * ((float) $num_fetched / $total);
         } else {
+          Gallery_I18n::clear_cache();
+
           $task->done = true;
           $task->state = "success";
           $task->status = t("Translations installed/updated");
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index 9ffeb911..d6944323 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -92,13 +92,18 @@ class gallery_theme_Core {
     }
 
     // Redirect to the root album when the admin session expires.
-    $redirect_url = url::abs_site("");
-    $admin_area_timeout = 1000 * module::get_var("gallery", "admin_area_timeout");
     $admin_session_redirect_check = '<script type="text/javascript">
-        var page_loaded_timestamp = new Date();
-        setInterval("if (new Date() - page_loaded_timestamp > ' . $admin_area_timeout .
-        ') document.location = \'' . $redirect_url . '\';", 60 * 1000);
-        </script>';
+      var adminReauthCheck = function() {
+        $.ajax({url: "' . url::site("admin?reauth_check=1") . '",
+                dataType: "json",
+                success: function(data){
+                  if ("location" in data) {
+                    document.location = data.location;
+                  }
+                }});
+      };
+      setInterval("adminReauthCheck();", 60 * 1000);
+      </script>';
     print $admin_session_redirect_check;
 
     if ($session->get("l10n_mode", false)) {
@@ -107,9 +112,12 @@ class gallery_theme_Core {
   }
 
   static function credits() {
-     return "<li class=\"g-first\">" .
+    $version_string = SafeString::of_safe_html(
+        '<bdo dir="ltr">Gallery ' . gallery::VERSION . '</bdo>');
+    return "<li class=\"g-first\">" .
       t(module::get_var("gallery", "credits"),
-        array("url" => "http://gallery.menalto.com", "version" => gallery::VERSION)) .
+        array("url" => "http://gallery.menalto.com",
+              "gallery_version" => $version_string)) .
       "</li>";
   }
 
diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php
new file mode 100644
index 00000000..c4dd4a5f
--- /dev/null
+++ b/modules/gallery/helpers/items_rest.php
@@ -0,0 +1,44 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class items_rest_Core {
+  static function get($request) {
+
+    $items = array();
+    if (isset($request->params->url)) {
+      foreach($request->params->url as $url) {
+        $item = rest::resolve($url);
+        if (access::can("view", $item)) {
+          $members = array();
+          if ($item->type == "album") {
+            foreach ($item->children() as $child) {
+              $members[] = rest::url("item", $child);
+            }
+          }
+          $items[] = array("url" => $url,
+                           "entity" => $item->as_restful_array(),
+                           "members" => $members,
+                           "relationship" => rest::relationships("item", $item));
+        }
+      }
+    }
+
+    return $items;
+  }
+}
diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index e72d7ed9..62b08fb9 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -81,6 +81,7 @@ class locales_Core {
     $l["eu_ES"] = "Euskara";                  // Basque
     $l["fa_IR"] = "فارس";                     // Farsi
     $l["fi_FI"] = "Suomi";                    // Finnish
+    $l["fo_FO"] = "Føroyskt";                    // Faroese
     $l["fr_FR"] = "Français";                 // French
     $l["ga_IE"] = "Gaeilge";                  // Irish
     $l["he_IL"] = "עברית";                    // Hebrew