summaryrefslogtreecommitdiff
path: root/modules/gallery
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery')
-rw-r--r--modules/gallery/libraries/MY_Kohana.php45
-rw-r--r--modules/gallery/tests/Movie_Helper_Test.php3
-rw-r--r--modules/gallery/tests/Photo_Helper_Test.php3
-rw-r--r--modules/gallery/tests/controller_auth_data.txt1
-rw-r--r--modules/gallery/tests/xss_data.txt13
5 files changed, 56 insertions, 9 deletions
diff --git a/modules/gallery/libraries/MY_Kohana.php b/modules/gallery/libraries/MY_Kohana.php
new file mode 100644
index 00000000..d344c8ed
--- /dev/null
+++ b/modules/gallery/libraries/MY_Kohana.php
@@ -0,0 +1,45 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+final class Kohana extends Kohana_Core {
+ /**
+ * Wrapper function for Kohana::auto_load that provides compatibility with Zend Guard Loader's
+ * code obfuscation. Zend Guard is enabled by default on many PHP 5.3+ installations and can
+ * cause problems with Kohana 2.4. When a class is not found, Zend Guard Loader may continue to
+ * try and load the class, eventually leading to a seg fault.
+ *
+ * Instead, if we can't find the class and we can see that code obfuscation is at level 3+, let's
+ * load a dummy class. This does not change the return value, so Kohana still knows that
+ * there is no class.
+ *
+ * This is based on the patch described here: http://blog.teatime.com.tw/1/post/403
+ */
+ public static function auto_load($class) {
+ $found = parent::auto_load($class);
+
+ if (!$found && function_exists("zend_current_obfuscation_level") &&
+ (zend_current_obfuscation_level() >= 3)) {
+ // Load a dummy class instead.
+ eval("class $class {}");
+ }
+
+ // Return the same result.
+ return $found;
+ }
+} \ No newline at end of file
diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php
index 03fa2da9..9107827a 100644
--- a/modules/gallery/tests/Movie_Helper_Test.php
+++ b/modules/gallery/tests/Movie_Helper_Test.php
@@ -71,6 +71,7 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_flv_with_no_extension");
}
public function get_file_metadata_with_illegal_extension_test() {
@@ -91,6 +92,7 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_flv_with_php_extension.php");
}
public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() {
@@ -101,5 +103,6 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
// therefore will never be executed.
$this->assert_equal(array(0, 0, "video/x-flv", "flv", 0),
movie::get_file_metadata(TMPPATH . "test_php_with_flv_extension.flv"));
+ unlink(TMPPATH . "test_php_with_flv_extension.flv");
}
}
diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php
index 79b5ccfd..7ba8324f 100644
--- a/modules/gallery/tests/Photo_Helper_Test.php
+++ b/modules/gallery/tests/Photo_Helper_Test.php
@@ -37,6 +37,7 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_no_extension");
$this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
photo::get_file_metadata(TMPPATH . "test_jpg_with_no_extension"));
+ unlink(TMPPATH . "test_jpg_with_no_extension");
}
public function get_file_metadata_with_illegal_extension_test() {
@@ -56,6 +57,7 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_php_extension.php");
$this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php"));
+ unlink(TMPPATH . "test_jpg_with_php_extension.php");
}
public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() {
@@ -66,5 +68,6 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_php_with_jpg_extension.jpg");
}
}
diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt
index 9473f9f6..4cd9f047 100644
--- a/modules/gallery/tests/controller_auth_data.txt
+++ b/modules/gallery/tests/controller_auth_data.txt
@@ -1,6 +1,5 @@
modules/comment/controllers/admin_manage_comments.php queue DIRTY_CSRF
modules/comment/helpers/comment_rss.php feed DIRTY_AUTH
-modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH
modules/g2_import/controllers/admin_g2_import.php autocomplete DIRTY_CSRF
modules/g2_import/controllers/g2.php map DIRTY_CSRF
modules/gallery/controllers/admin.php __call DIRTY_AUTH
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 67a8b948..457c157f 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -39,8 +39,6 @@ modules/comment/views/comments.html.php 31 DIRTY_ATTR $com
modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id
modules/comment/views/user_profile_comments.html.php 10 DIRTY_JS $comment->item()->url()
modules/comment/views/user_profile_comments.html.php 11 DIRTY $comment->item()->thumb_img(array(),50)
-modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php")
-modules/digibug/views/digibug_form.html.php 6 DIRTY form::hidden($key,$value)
modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"]
modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"]
modules/g2_import/views/admin_g2_import.html.php 7 DIRTY_JS url::site("__ARGS__")
@@ -343,13 +341,12 @@ modules/rss/views/feed.mrss.php 67 DIRTY_ATTR $ite
modules/rss/views/feed.mrss.php 68 DIRTY_ATTR $item->height
modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $item->width
modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url)
-modules/search/views/search.html.php 39 DIRTY_ATTR $item_class
-modules/search/views/search.html.php 40 DIRTY_JS $item->url()
-modules/search/views/search.html.php 41 DIRTY $item->thumb_img(array("class"=>"g-thumbnail"))
modules/search/views/search.html.php 43 DIRTY_ATTR $item_class
-modules/search/views/search.html.php 53 DIRTY $theme->paginator()
-modules/search/views/search_link.html.php 14 DIRTY_ATTR $item->id
-modules/search/views/search_link.html.php 16 DIRTY_ATTR $item->parent_id
+modules/search/views/search.html.php 44 DIRTY_JS $item->url()
+modules/search/views/search.html.php 45 DIRTY $item->thumb_img(array("class"=>"g-thumbnail"))
+modules/search/views/search.html.php 47 DIRTY_ATTR $item_class
+modules/search/views/search.html.php 57 DIRTY $theme->paginator()
+modules/search/views/search_link.html.php 15 DIRTY_ATTR $album_id
modules/server_add/views/admin_server_add.html.php 8 DIRTY_JS url::site("__ARGS__")
modules/server_add/views/admin_server_add.html.php 19 DIRTY $form
modules/server_add/views/admin_server_add.html.php 30 DIRTY_ATTR $id
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 09:42:00 +0000