summaryrefslogtreecommitdiff
path: root/modules/gallery
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery')
-rw-r--r--modules/gallery/controllers/admin_maintenance.php14
-rw-r--r--modules/gallery/helpers/album.php9
-rw-r--r--modules/gallery/helpers/auth.php10
-rw-r--r--modules/gallery/helpers/gallery_event.php12
-rw-r--r--modules/gallery/helpers/gallery_installer.php14
-rw-r--r--modules/gallery/helpers/task.php9
-rw-r--r--modules/gallery/module.info2
-rw-r--r--modules/gallery/tests/xss_data.txt25
-rw-r--r--modules/gallery/views/admin_maintenance.html.php10
-rw-r--r--modules/gallery/views/user_profile.html.php7
10 files changed, 82 insertions, 30 deletions
diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index 3062ea09..8e4845a9 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -46,6 +46,15 @@ class Admin_Maintenance_Controller extends Admin_Controller {
->where("done", "=", 0)->order_by("updated", "DESC")->find_all();
$view->content->finished_tasks = ORM::factory("task")
->where("done", "=", 1)->order_by("updated", "DESC")->find_all();
+ $task_buttons =
+ new ArrayObject(array((object)array("text" => t("run"),
+ "url" =>url::site("admin/maintenance/start"))));
+ module::event("admin_maintenance_task_buttons", $task_buttons);
+ $view->content->task_buttons = $task_buttons;
+
+ $maintenance_content = new ArrayObject();
+ module::event("admin_maintenance_content", $maintenance_content);
+ $view->content->task_maintenance_content = $maintenance_content;
print $view;
}
@@ -56,13 +65,10 @@ class Admin_Maintenance_Controller extends Admin_Controller {
public function start($task_callback) {
access::verify_csrf();
- $tasks = task::get_definitions();
- $task = task::create($tasks[$task_callback], array());
+ $task = task::start($task_callback);
$view = new View("admin_maintenance_task.html");
$view->task = $task;
- $task->log(t("Task %task_name started (task id %task_id)",
- array("task_name" => $task->name, "task_id" => $task->id)));
log::info("tasks", t("Task %task_name started (task id %task_id)",
array("task_name" => $task->name, "task_id" => $task->id)),
html::anchor("admin/maintenance", t("maintenance")));
diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php
index 389f6e48..15e0c3ca 100644
--- a/modules/gallery/helpers/album.php
+++ b/modules/gallery/helpers/album.php
@@ -36,7 +36,8 @@ class album_Core {
$group->input("name")->label(t("Directory name"))
->error_messages("no_slashes", t("The directory name can't contain the \"/\" character"))
->error_messages("required", t("You must provide a directory name"))
- ->error_messages("length", t("Your directory name is too long"));
+ ->error_messages("length", t("Your directory name is too long"))
+ ->error_messages("conflict", t("There is already a movie, photo or album with this name"));
$group->input("slug")->label(t("Internet Address"))
->error_messages(
"not_url_safe",
@@ -51,7 +52,8 @@ class album_Core {
}
static function get_edit_form($parent) {
- $form = new Forge("albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form"));
+ $form = new Forge(
+ "albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form"));
$form->hidden("from_id");
$group = $form->group("edit_item")->label(t("Edit Album"));
@@ -61,8 +63,7 @@ class album_Core {
$group->textarea("description")->label(t("Description"))->value($parent->description);
if ($parent->id != 1) {
$group->input("name")->label(t("Directory Name"))->value($parent->name)
- ->error_messages(
- "conflict", t("There is already a movie, photo or album with this name"))
+ ->error_messages("conflict", t("There is already a movie, photo or album with this name"))
->error_messages("no_slashes", t("The directory name can't contain a \"/\""))
->error_messages("no_trailing_period", t("The directory name can't end in \".\""))
->error_messages("required", t("You must provide a directory name"))
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 16f8915a..45561861 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -78,10 +78,16 @@ class auth_Core {
}
}
+ static function validate_too_many_failed_password_changes($password_input) {
+ if (self::too_many_failed_logins(identity::active_user()->name)) {
+ $password_input->add_error("too_many_failed_password_changes", 1);
+ }
+ }
+
/**
* Record a failed login for this user
*/
- static function record_failed_login($name) {
+ static function record_failed_auth_attempts($name) {
$failed_login = ORM::factory("failed_login")
->where("name", "=", $name)
->find();
@@ -96,7 +102,7 @@ class auth_Core {
/**
* Clear any failed logins for this user
*/
- static function record_successful_login($user) {
+ static function clear_failed_auth_attempts($user) {
db::build()
->delete("failed_logins")
->where("name", "=", $user->name)
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 6479e2c3..7b538c49 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -110,11 +110,19 @@ class gallery_event_Core {
graphics::choose_default_toolkit();
module::clear_var("gallery", "choose_default_tookit");
}
- auth::record_successful_login($user);
+ auth::clear_failed_auth_attempts($user);
}
static function user_login_failed($name) {
- auth::record_failed_login($name);
+ auth::record_failed_auth_attempts($name);
+ }
+
+ static function user_password_changed($user) {
+ auth::clear_failed_auth_attempts($user);
+ }
+
+ static function user_password_change_failed($name) {
+ auth::record_failed_auth_attempts($name);
}
static function item_index_data($item, $data) {
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index bffef8e6..761843b0 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -287,7 +287,7 @@ class gallery_installer {
// @todo this string needs to be picked up by l10n_scanner
module::set_var("gallery", "credits", "Powered by <a href=\"%url\">Gallery %version</a>");
module::set_var("gallery", "simultaneous_upload_limit", 5);
- module::set_version("gallery", 25);
+ module::set_version("gallery", 26);
}
static function upgrade($version) {
@@ -514,6 +514,18 @@ class gallery_installer {
}
module::set_version("gallery", $version = 25);
}
+
+ if ($version == 25) {
+ db::build()
+ ->update("items")
+ ->set("title", new Database_Expression("`name`"))
+ ->and_open()
+ ->where("title", "IS", null)
+ ->or_where("title", "=", "")
+ ->close()
+ ->execute();
+ module::set_version("gallery", $version = 26);
+ }
}
static function uninstall() {
diff --git a/modules/gallery/helpers/task.php b/modules/gallery/helpers/task.php
index 645850d1..aa0eb94d 100644
--- a/modules/gallery/helpers/task.php
+++ b/modules/gallery/helpers/task.php
@@ -35,6 +35,15 @@ class task_Core {
return $tasks;
}
+ static function start($task_callback, $context=array()) {
+ $tasks = task::get_definitions();
+ $task = task::create($tasks[$task_callback], array());
+
+ $task->log(t("Task %task_name started (task id %task_id)",
+ array("task_name" => $task->name, "task_id" => $task->id)));
+ return $task;
+ }
+
static function create($task_def, $context) {
$task = ORM::factory("task");
$task->callback = $task_def->callback;
diff --git a/modules/gallery/module.info b/modules/gallery/module.info
index 50a1505f..fd241066 100644
--- a/modules/gallery/module.info
+++ b/modules/gallery/module.info
@@ -1,3 +1,3 @@
name = "Gallery 3"
description = "Gallery core application"
-version = 25
+version = 26
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 65b45a08..e53502ee 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -81,18 +81,19 @@ modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR log:
modules/gallery/views/admin_maintenance.html.php 25 DIRTY_ATTR log::severity_class($task->severity)
modules/gallery/views/admin_maintenance.html.php 26 DIRTY $task->name
modules/gallery/views/admin_maintenance.html.php 29 DIRTY $task->description
-modules/gallery/views/admin_maintenance.html.php 70 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/gallery/views/admin_maintenance.html.php 70 DIRTY_ATTR $task->state=="stalled"?"g-warning":""
-modules/gallery/views/admin_maintenance.html.php 71 DIRTY_ATTR $task->state=="stalled"?"g-warning":""
-modules/gallery/views/admin_maintenance.html.php 72 DIRTY gallery::date_time($task->updated)
-modules/gallery/views/admin_maintenance.html.php 75 DIRTY $task->name
-modules/gallery/views/admin_maintenance.html.php 90 DIRTY $task->status
-modules/gallery/views/admin_maintenance.html.php 141 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/gallery/views/admin_maintenance.html.php 141 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
-modules/gallery/views/admin_maintenance.html.php 142 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
-modules/gallery/views/admin_maintenance.html.php 143 DIRTY gallery::date_time($task->updated)
-modules/gallery/views/admin_maintenance.html.php 146 DIRTY $task->name
-modules/gallery/views/admin_maintenance.html.php 158 DIRTY $task->status
+modules/gallery/views/admin_maintenance.html.php 33 DIRTY_JS "{$button->url}/$task->callback?csrf=$csrf"
+modules/gallery/views/admin_maintenance.html.php 76 DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/gallery/views/admin_maintenance.html.php 76 DIRTY_ATTR $task->state=="stalled"?"g-warning":""
+modules/gallery/views/admin_maintenance.html.php 77 DIRTY_ATTR $task->state=="stalled"?"g-warning":""
+modules/gallery/views/admin_maintenance.html.php 78 DIRTY gallery::date_time($task->updated)
+modules/gallery/views/admin_maintenance.html.php 81 DIRTY $task->name
+modules/gallery/views/admin_maintenance.html.php 96 DIRTY $task->status
+modules/gallery/views/admin_maintenance.html.php 147 DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/gallery/views/admin_maintenance.html.php 147 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
+modules/gallery/views/admin_maintenance.html.php 148 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
+modules/gallery/views/admin_maintenance.html.php 149 DIRTY gallery::date_time($task->updated)
+modules/gallery/views/admin_maintenance.html.php 152 DIRTY $task->name
+modules/gallery/views/admin_maintenance.html.php 164 DIRTY $task->status
modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf")
modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name
modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index ac597715..19375670 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -29,16 +29,22 @@
<?= $task->description ?>
</td>
<td>
- <a href="<?= url::site("admin/maintenance/start/$task->callback?csrf=$csrf") ?>"
+ <? foreach ($task_buttons as $button): ?>
+ <a href="<?= "{$button->url}/$task->callback?csrf=$csrf" ?>"
class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
- <?= t("run") ?>
+ <?= html::clean($button->text) ?>
</a>
+ <? endforeach ?>
</td>
</tr>
<? endforeach ?>
</table>
</div>
+ <? foreach ($task_maintenance_content as $content): ?>
+ <?= html::purify($content) ?>
+ <? endforeach ?>
+
<? if ($running_tasks->count()): ?>
<div id="g-running-tasks">
<h2> <?= t("Running tasks") ?> </h2>
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index f35f8c3f..78e1c579 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -57,13 +57,16 @@
</a>
<? endif ?>
<? if ($editable): ?>
- <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>">
+ <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>">
<?= t("Edit") ?>
</a>
+ <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_password/{$user->id}") ?>">
+ <?= t("Change password") ?>
+ </a>
<? endif ?>
<a id="g-profile-return" class="g-button ui-icon-right ui-state-default ui-corner-all" href="#">
<?= t("Return") ?>
</a>
</div>
-</div> \ No newline at end of file
+</div>
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-14 20:19:29 +0000