13 files changed, 85 insertions, 63 deletions

diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php
index c5b34033..a85f0a85 100644
--- a/modules/gallery/controllers/file_proxy.php
+++ b/modules/gallery/controllers/file_proxy.php
@@ -63,21 +63,20 @@ class File_Proxy_Controller extends Controller {
     // We now have the relative path to the item.  Search for it in the path cache
     $item = ORM::factory("item")->where("relative_path_cache", $path)->find();
     if (!$item->loaded) {
-      // We didn't turn it up.  This may mean that the path cache is out of date, so look it up
-      // the hard way.
-      //
-      // Find all items that match the level and name, then iterate over those to find a match.
-      // In most cases we'll get it in one.  Note that for the level calculation, we just count the
-      // size of $paths.
-      $paths = explode("/", $path);
-      $count = count($paths);
-      foreach (ORM::factory("item")
-               ->where("name", $paths[$count - 1])
-               ->where("level", $count + 1)
-               ->find_all() as $match) {
-        if ($match->relative_path() == $path) {
-          $item = $match;
-          break;
+      // We didn't turn it up.  It's possible that the relative_path_cache is out of date here.
+      // There was fallback code, but bharat deleted it in 8f1bca74.  If it turns out to be
+      // necessary, it's easily resurrected.
+
+      // If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail
+      // for a movie.  In that case, the .flv or .mp4 file would have been converted to a .jpg.
+      // So try some alternate types:
+      if (preg_match('/.jpg$/', $path)) {
+        foreach (array("flv", "mp4") as $ext) {
+          $movie_path = preg_replace('/.jpg$/', ".$ext", $path);
+          $item = ORM::factory("item")->where("relative_path_cache", $movie_path)->find();
+          if ($item->loaded) {
+            break;
+          }
         }
       }
     }
@@ -116,8 +115,13 @@ class File_Proxy_Controller extends Controller {
     // We don't need to save the session for this request
     Session::abort_save();
 
-    // Dump out the image
-    header("Content-Type: $item->mime_type");
+    // Dump out the image.  If the item is a movie, then its thumbnail will be a JPG.
+    if (in_array($item->mime_type, array("video/x-flv", "video/mp4"))) {
+      header("Content-type: image/jpeg");
+    } else {
+      print("Content-Type: $item->mime_type");
+    }
+
     Kohana::close_buffers(false);
     $fd = fopen($file, "rb");
     fpassthru($fd);
diff --git a/modules/gallery/css/quick.css b/modules/gallery/css/quick.css
index 0e45eac2..f153d475 100644
--- a/modules/gallery/css/quick.css
+++ b/modules/gallery/css/quick.css
@@ -1,4 +1,4 @@
-#gQuickPane {
+.gQuickPane {
   position: absolute;
   top: 0;
   left: 0;
@@ -17,7 +17,7 @@
   padding: 0 !important;
 }
 
-#gQuickPane {
+.gQuickPane {
   background: #000;
   border-bottom: 1px solid #ccc;
   opacity: 0.9;
@@ -26,19 +26,19 @@
   left: 0;
 }
 
-#gQuickPane a {
+.gQuickPane a {
   cursor: pointer;
   float: left;
   margin: 4px;
 }
 
-#gQuickPaneOptions {
+.gQuickPaneOptions {
   background: #000;
   float: left;
   width: 100%;
 }
 
-#gQuickPaneOptions li a {
+.gQuickPaneOptions li a {
   display: block;
   float: none;
   width: auto;
@@ -47,6 +47,6 @@
   text-align: left;
 }
 
-#gQuickPaneOptions li a:hover {
+.gQuickPaneOptions li a:hover {
   background-color: #4d4d4d;
 }
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 44ad057c..34eb709e 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -79,11 +79,23 @@ class access_Core {
    * @return boolean
    */
   static function can($perm_name, $item) {
+    return self::user_can(user::active(), $perm_name, $item);
+  }
+
+  /**
+   * Does the user have this permission on this item?
+   *
+   * @param  User_Model $user
+   * @param  string     $perm_name
+   * @param  Item_Model $item
+   * @return boolean
+   */
+  static function user_can($user, $perm_name, $item) {
     if (!$item->loaded) {
       return false;
     }
 
-    if (user::active()->admin) {
+    if ($user->admin) {
       return true;
     }
 
diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php
index b6f763b8..040b19e1 100644
--- a/modules/gallery/helpers/gallery_menu.php
+++ b/modules/gallery/helpers/gallery_menu.php
@@ -19,8 +19,6 @@
  */
 class gallery_menu_Core {
   static function site($menu, $theme) {
-    $is_admin = user::active()->admin;
-
     $menu->append(Menu::factory("link")
                   ->id("home")
                   ->label(t("Home"))
@@ -28,8 +26,8 @@ class gallery_menu_Core {
 
     $item = $theme->item();
 
-    $can_edit = $item && access::can("edit", $item) || $is_admin;
-    $can_add = $item && (access::can("add", $item) || $is_admin);
+    $can_edit = $item && access::can("edit", $item);
+    $can_add = $item && access::can("add", $item);
 
     if ($can_add) {
       $menu->append(Menu::factory("dialog")
@@ -38,11 +36,10 @@ class gallery_menu_Core {
                     ->url(url::site("simple_uploader/app/$item->id")));
     }
 
-    if ($item && $can_edit || $can_add) {
-      $menu->append($options_menu = Menu::factory("submenu")
-                    ->id("options_menu")
-                    ->label(t("Options")));
-
+    $menu->append($options_menu = Menu::factory("submenu")
+                  ->id("options_menu")
+                  ->label(t("Options")));
+    if ($item && ($can_edit || $can_add)) {
       if ($can_edit) {
         $options_menu
           ->append(Menu::factory("dialog")
@@ -71,7 +68,7 @@ class gallery_menu_Core {
       }
     }
 
-    if ($is_admin) {
+    if (user::active()->admin) {
       $menu->append($admin_menu = Menu::factory("submenu")
                     ->id("admin_menu")
                     ->label(t("Admin")));
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index 226b8a42..f245ea31 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -32,7 +32,11 @@ class gallery_theme_Core {
 
     if (module::is_active("rss")) {
       if ($item = $theme->item()) {
-        $buf .= rss::feed_link("gallery/album/{$item->id}");
+        if ($item->is_album()) {
+          $buf .= rss::feed_link("gallery/album/{$item->id}");
+        } else {
+          $buf .= rss::feed_link("gallery/album/{$item->parent()->id}");
+        }
       } else if ($tag = $theme->tag()) {
         $buf .= rss::feed_link("tag/tag/{$tag->id}");
       }
diff --git a/modules/gallery/helpers/task.php b/modules/gallery/helpers/task.php
index 6a9f63c2..352fe522 100644
--- a/modules/gallery/helpers/task.php
+++ b/modules/gallery/helpers/task.php
@@ -87,7 +87,7 @@ class task_Core {
       $task->log($e->__toString());
       $task->state = "error";
       $task->done = true;
-      $task->status = $e->getMessage();
+      $task->status = substr($e->getMessage(), 0, 255);
       $task->save();
     }
 
diff --git a/modules/gallery/js/quick.js b/modules/gallery/js/quick.js
index 3ac97f8e..fda6470f 100644
--- a/modules/gallery/js/quick.js
+++ b/modules/gallery/js/quick.js
@@ -12,15 +12,15 @@ var show_quick = function() {
   var cont = $(this);
   var quick = $(this).find(".gQuick");
   var img = cont.find(".gThumbnail,.gResize");
-  $("#gQuickPane").remove();
-  cont.append("<div id=\"gQuickPane\"></div>");
-  $("#gQuickPane").hide();
-  cont.hover(function() {}, hide_quick);
+  cont.find(".gQuickPane").remove();
+  cont.append("<div class=\"gQuickPane\"></div>");
+  cont.find(".gQuickPane").hide();
+  cont.hover(function() {}, function() { cont.find(".gQuickPane").remove(); });
   $.get(
     quick.attr("href"),
     {},
     function(data, textStatus) {
-      $("#gQuickPane").html(data).slideDown("fast");
+      cont.find(".gQuickPane").html(data).slideDown("fast");
       $(".ui-state-default").hover(
         function() {
           $(this).addClass("ui-state-hover");
@@ -29,13 +29,13 @@ var show_quick = function() {
           $(this).removeClass("ui-state-hover");
         }
       );
-      $("#gQuickPane a:not(.options)").click(function(e) {
+      cont.find(".gQuickPane a:not(.options)").click(function(e) {
         e.preventDefault();
         quick_do(cont, $(this), img);
       });
-      $("#gQuickPane a.options").click(function(e) {
+      cont.find(".gQuickPane a.options").click(function(e) {
         e.preventDefault();
-        $("#gQuickPaneOptions").slideToggle("fast");
+        cont.find(".gQuickPaneOptions").slideToggle("fast");
       });
     }
   );
@@ -76,7 +76,3 @@ var quick_do = function(cont, pane, img) {
   }
   return false;
 };
-
-var hide_quick = function() {
-  $("#gQuickPane").remove();
-};
diff --git a/modules/gallery/libraries/MY_View.php b/modules/gallery/libraries/MY_View.php
index 84ee0892..43783158 100644
--- a/modules/gallery/libraries/MY_View.php
+++ b/modules/gallery/libraries/MY_View.php
@@ -38,8 +38,7 @@ class View extends View_Core {
     try {
       return parent::render($print, $renderer);
     } catch (Exception $e) {
-      Kohana::Log('error', $e->getTraceAsString());
-      Kohana::Log('debug', $e->getMessage());
+      Kohana::Log("error", $e->getMessage() . "\n" . $e->getTraceAsString());
       return "";
     }
   }
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index e6f3721b..ce2fa2a5 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -237,7 +237,7 @@ modules/gallery/views/move_tree.html.php                     15  DIRTY $child->i
 modules/gallery/views/move_tree.html.php                     15        $child->title
 modules/gallery/views/movieplayer.html.php                   2   DIRTY $item->file_url(true)
 modules/gallery/views/movieplayer.html.php                   2   DIRTY $attrs
-modules/gallery/views/movieplayer.html.php                   4   DIRTY $attrs
+modules/gallery/views/movieplayer.html.php                   5   DIRTY $attrs
 modules/gallery/views/permissions_browse.html.php            15  DIRTY $csrf
 modules/gallery/views/permissions_browse.html.php            37  DIRTY $parent->id
 modules/gallery/views/permissions_browse.html.php            38        $parent->title
diff --git a/modules/gallery/views/admin_block_platform.html.php b/modules/gallery/views/admin_block_platform.html.php
index 6b79f047..f27b9e7a 100644
--- a/modules/gallery/views/admin_block_platform.html.php
+++ b/modules/gallery/views/admin_block_platform.html.php
@@ -1,7 +1,10 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <ul>
   <li>
-    <?= t("Operating System: %operating_system", array("operating_system" => PHP_OS)) ?>
+    <?= t("Host name: %host_name", array("host_name" => php_uname("n"))) ?>
+  </li>
+  <li>
+    <?= t("Operating System: %os %version", array("os" => php_uname("s"), "version" => php_uname("r"))) ?>
   </li>
   <li>
     <?= t("Apache: %apache_version", array("apache_version" => function_exists("apache_get_version") ? apache_get_version() : t("Unknown"))) ?>
diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php
index d6ba8e7c..e4842163 100644
--- a/modules/gallery/views/after_install.html.php
+++ b/modules/gallery/views/after_install.html.php
@@ -21,7 +21,7 @@
 </p>
 
 <p>
-  <?= t("Want to learn more? The <a href=\"%url\">Gallery website</a> has news and information about Gallery Project and community.", array("url" => "http://gallery.menalto.com")) ?>
+  <?= t("Want to learn more? The <a href=\"%url\">Gallery website</a> has news and information about the Gallery project and community.", array("url" => "http://gallery.menalto.com")) ?>
 </p>
 
 <p>
diff --git a/modules/gallery/views/movieplayer.html.php b/modules/gallery/views/movieplayer.html.php
index e8cabd31..e9783eb8 100644
--- a/modules/gallery/views/movieplayer.html.php
+++ b/modules/gallery/views/movieplayer.html.php
@@ -1,15 +1,22 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <?= html::anchor($item->file_url(true), "", $attrs) ?>
 <script>
-  flowplayer("<?= $attrs["id"] ?>", "<?= url::abs_file("lib/flowplayer.swf") ?>", {
-    plugins: {
-      h264streaming: {
-        url: "<?= url::abs_file("lib/flowplayer.h264streaming.swf") ?>"
-      },
-      controls: {
-        autoHide: 'always',
-        hideDelay: 2000
+  flowplayer(
+    "<?= $attrs["id"] ?>",
+    {
+      src: "<?= url::abs_file("lib/flowplayer.swf") ?>",
+      wmode: "transparent"
+    },
+    {
+      plugins: {
+        h264streaming: {
+          url: "<?= url::abs_file("lib/flowplayer.h264streaming.swf") ?>"
+        },
+        controls: {
+          autoHide: 'always',
+          hideDelay: 2000
+        }
       }
     }
-  })
+  )
 </script>
diff --git a/modules/gallery/views/quick_pane.html.php b/modules/gallery/views/quick_pane.html.php
index eabf4a67..e5469696 100644
--- a/modules/gallery/views/quick_pane.html.php
+++ b/modules/gallery/views/quick_pane.html.php
@@ -15,7 +15,7 @@
   </span>
 </a>
 
-<ul id="gQuickPaneOptions" style="display: none">
+<ul class="gQuickPaneOptions" style="display: none">
   <? foreach ($button_list->additional as $button): ?>
   <li><a class="<?= $button->class ?>" href="<?= $button->href ?>"
     title="<?= $button->title ?>">