summaryrefslogtreecommitdiff
path: root/modules/gallery
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery')
-rw-r--r--modules/gallery/controllers/admin_dashboard.php1
-rw-r--r--modules/gallery/controllers/admin_modules.php1
-rw-r--r--modules/gallery/controllers/upgrader.php1
-rw-r--r--modules/gallery/helpers/module.php30
-rw-r--r--modules/gallery/libraries/MY_Kohana.php45
-rw-r--r--modules/gallery/tests/Movie_Helper_Test.php3
-rw-r--r--modules/gallery/tests/Photo_Helper_Test.php3
-rw-r--r--modules/gallery/tests/controller_auth_data.txt1
-rw-r--r--modules/gallery/tests/xss_data.txt52
-rw-r--r--modules/gallery/views/admin_dashboard.html.php7
-rw-r--r--modules/gallery/views/admin_modules.html.php6
-rw-r--r--modules/gallery/views/upgrader.html.php9
12 files changed, 132 insertions, 27 deletions
diff --git a/modules/gallery/controllers/admin_dashboard.php b/modules/gallery/controllers/admin_dashboard.php
index 6bd36b07..53172109 100644
--- a/modules/gallery/controllers/admin_dashboard.php
+++ b/modules/gallery/controllers/admin_dashboard.php
@@ -26,6 +26,7 @@ class Admin_Dashboard_Controller extends Admin_Controller {
$view->sidebar = "<div id=\"g-admin-dashboard-sidebar\">" .
block_manager::get_html("dashboard_sidebar") .
"</div>";
+ $view->content->obsolete_modules_message = module::get_obsolete_modules_message();
print $view;
}
diff --git a/modules/gallery/controllers/admin_modules.php b/modules/gallery/controllers/admin_modules.php
index d13ec1c6..177a925d 100644
--- a/modules/gallery/controllers/admin_modules.php
+++ b/modules/gallery/controllers/admin_modules.php
@@ -26,6 +26,7 @@ class Admin_Modules_Controller extends Admin_Controller {
$view->page_title = t("Modules");
$view->content = new View("admin_modules.html");
$view->content->available = module::available();
+ $view->content->obsolete_modules_message = module::get_obsolete_modules_message();
print $view;
}
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index d3c6e2ec..6b3a9ef6 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -46,6 +46,7 @@ class Upgrader_Controller extends Controller {
$view->available = module::available();
$view->failed = $failed ? explode(",", $failed) : array();
$view->done = $available_upgrades == 0;
+ $view->obsolete_modules_message = module::get_obsolete_modules_message();
print $view;
}
diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php
index df258e87..d7429121 100644
--- a/modules/gallery/helpers/module.php
+++ b/modules/gallery/helpers/module.php
@@ -541,4 +541,34 @@ class module_Core {
static function get_version($module_name) {
return module::get($module_name)->version;
}
+
+ /**
+ * Check if obsolete modules are active and, if so, return a warning message.
+ * If none are found, return null.
+ */
+ static function get_obsolete_modules_message() {
+ // This is the obsolete modules list. Any active module that's on the list
+ // with version number at or below the one given will be considered obsolete.
+ // It is hard-coded here, and may be updated with future releases of Gallery.
+ $obsolete_modules = array("videos" => 4, "noffmpeg" => 1, "videodimensions" => 1,
+ "digibug" => 2);
+
+ $modules_found = array();
+ foreach ($obsolete_modules as $module => $version) {
+ if (module::is_active($module) && (module::get_version($module) <= $version)) {
+ $modules_found[] = $module;
+ }
+ }
+
+ if ($modules_found) {
+ // Need this to be on one super-long line or else the localization scanner may not work.
+ // (ref: http://sourceforge.net/apps/trac/gallery/ticket/1321)
+ return t("Recent upgrades to Gallery have made the following modules obsolete: %modules. We recommend that you <a href=\"%url_mod\">deactivate</a> the module(s). For more information, please see the <a href=\"%url_doc\">documentation page</a>.",
+ array("modules" => implode(", ", $modules_found),
+ "url_mod" => url::site("admin/modules"),
+ "url_doc" => "http://codex.galleryproject.org/Gallery3:User_guide:Obsolete_modules"));
+ }
+
+ return null;
+ }
}
diff --git a/modules/gallery/libraries/MY_Kohana.php b/modules/gallery/libraries/MY_Kohana.php
new file mode 100644
index 00000000..d344c8ed
--- /dev/null
+++ b/modules/gallery/libraries/MY_Kohana.php
@@ -0,0 +1,45 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2013 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+final class Kohana extends Kohana_Core {
+ /**
+ * Wrapper function for Kohana::auto_load that provides compatibility with Zend Guard Loader's
+ * code obfuscation. Zend Guard is enabled by default on many PHP 5.3+ installations and can
+ * cause problems with Kohana 2.4. When a class is not found, Zend Guard Loader may continue to
+ * try and load the class, eventually leading to a seg fault.
+ *
+ * Instead, if we can't find the class and we can see that code obfuscation is at level 3+, let's
+ * load a dummy class. This does not change the return value, so Kohana still knows that
+ * there is no class.
+ *
+ * This is based on the patch described here: http://blog.teatime.com.tw/1/post/403
+ */
+ public static function auto_load($class) {
+ $found = parent::auto_load($class);
+
+ if (!$found && function_exists("zend_current_obfuscation_level") &&
+ (zend_current_obfuscation_level() >= 3)) {
+ // Load a dummy class instead.
+ eval("class $class {}");
+ }
+
+ // Return the same result.
+ return $found;
+ }
+} \ No newline at end of file
diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php
index 03fa2da9..9107827a 100644
--- a/modules/gallery/tests/Movie_Helper_Test.php
+++ b/modules/gallery/tests/Movie_Helper_Test.php
@@ -71,6 +71,7 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_flv_with_no_extension");
}
public function get_file_metadata_with_illegal_extension_test() {
@@ -91,6 +92,7 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_flv_with_php_extension.php");
}
public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() {
@@ -101,5 +103,6 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case {
// therefore will never be executed.
$this->assert_equal(array(0, 0, "video/x-flv", "flv", 0),
movie::get_file_metadata(TMPPATH . "test_php_with_flv_extension.flv"));
+ unlink(TMPPATH . "test_php_with_flv_extension.flv");
}
}
diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php
index 79b5ccfd..7ba8324f 100644
--- a/modules/gallery/tests/Photo_Helper_Test.php
+++ b/modules/gallery/tests/Photo_Helper_Test.php
@@ -37,6 +37,7 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_no_extension");
$this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
photo::get_file_metadata(TMPPATH . "test_jpg_with_no_extension"));
+ unlink(TMPPATH . "test_jpg_with_no_extension");
}
public function get_file_metadata_with_illegal_extension_test() {
@@ -56,6 +57,7 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
copy(MODPATH . "gallery/tests/test.jpg", TMPPATH . "test_jpg_with_php_extension.php");
$this->assert_equal(array(1024, 768, "image/jpeg", "jpg"),
photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php"));
+ unlink(TMPPATH . "test_jpg_with_php_extension.php");
}
public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() {
@@ -66,5 +68,6 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case {
} catch (Exception $e) {
// pass
}
+ unlink(TMPPATH . "test_php_with_jpg_extension.jpg");
}
}
diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt
index 9473f9f6..4cd9f047 100644
--- a/modules/gallery/tests/controller_auth_data.txt
+++ b/modules/gallery/tests/controller_auth_data.txt
@@ -1,6 +1,5 @@
modules/comment/controllers/admin_manage_comments.php queue DIRTY_CSRF
modules/comment/helpers/comment_rss.php feed DIRTY_AUTH
-modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH
modules/g2_import/controllers/admin_g2_import.php autocomplete DIRTY_CSRF
modules/g2_import/controllers/g2.php map DIRTY_CSRF
modules/gallery/controllers/admin.php __call DIRTY_AUTH
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 67a8b948..0028ac87 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -39,8 +39,6 @@ modules/comment/views/comments.html.php 31 DIRTY_ATTR $com
modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id
modules/comment/views/user_profile_comments.html.php 10 DIRTY_JS $comment->item()->url()
modules/comment/views/user_profile_comments.html.php 11 DIRTY $comment->item()->thumb_img(array(),50)
-modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php")
-modules/digibug/views/digibug_form.html.php 6 DIRTY form::hidden($key,$value)
modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"]
modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"]
modules/g2_import/views/admin_g2_import.html.php 7 DIRTY_JS url::site("__ARGS__")
@@ -58,7 +56,8 @@ modules/gallery/views/admin_block_photo_stream.html.php 5 DIRTY_JS $photo
modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY photo::img_dimensions($photo->width,$photo->height,72)
modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY_ATTR $photo->thumb_url()
modules/gallery/views/admin_dashboard.html.php 5 DIRTY_JS $csrf
-modules/gallery/views/admin_dashboard.html.php 35 DIRTY $blocks
+modules/gallery/views/admin_dashboard.html.php 37 DIRTY $obsolete_modules_message
+modules/gallery/views/admin_dashboard.html.php 42 DIRTY $blocks
modules/gallery/views/admin_graphics.html.php 25 DIRTY newView("admin_graphics_none.html")
modules/gallery/views/admin_graphics.html.php 27 DIRTY newView("admin_graphics_$active.html",array("tk"=>$tk->$active,"is_active"=>true))
modules/gallery/views/admin_graphics.html.php 34 DIRTY newView("admin_graphics_$id.html",array("tk"=>$tk->$id,"is_active"=>false))
@@ -98,15 +97,16 @@ modules/gallery/views/admin_maintenance.html.php 181 DIRTY $task-
modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf")
modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name
modules/gallery/views/admin_maintenance_task.html.php 75 DIRTY $task->name
-modules/gallery/views/admin_modules.html.php 51 DIRTY access::csrf_form_field()
-modules/gallery/views/admin_modules.html.php 61 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/gallery/views/admin_modules.html.php 64 DIRTY form::checkbox($data,'1',module::is_active($module_name))
-modules/gallery/views/admin_modules.html.php 66 DIRTY $module_info->version
-modules/gallery/views/admin_modules.html.php 74 DIRTY_JS $module_info->author_url
-modules/gallery/views/admin_modules.html.php 81 DIRTY_ATTR $module_info->author_name
-modules/gallery/views/admin_modules.html.php 85 DIRTY $module_info->author_name
-modules/gallery/views/admin_modules.html.php 93 DIRTY_JS $module_info->info_url
-modules/gallery/views/admin_modules.html.php 106 DIRTY_JS $module_info->discuss_url
+modules/gallery/views/admin_modules.html.php 51 DIRTY $obsolete_modules_message
+modules/gallery/views/admin_modules.html.php 57 DIRTY access::csrf_form_field()
+modules/gallery/views/admin_modules.html.php 67 DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/gallery/views/admin_modules.html.php 70 DIRTY form::checkbox($data,'1',module::is_active($module_name))
+modules/gallery/views/admin_modules.html.php 72 DIRTY $module_info->version
+modules/gallery/views/admin_modules.html.php 80 DIRTY_JS $module_info->author_url
+modules/gallery/views/admin_modules.html.php 87 DIRTY_ATTR $module_info->author_name
+modules/gallery/views/admin_modules.html.php 91 DIRTY $module_info->author_name
+modules/gallery/views/admin_modules.html.php 99 DIRTY_JS $module_info->info_url
+modules/gallery/views/admin_modules.html.php 112 DIRTY_JS $module_info->discuss_url
modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY_ATTR $css_class
modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY $message
modules/gallery/views/admin_modules_confirm.html.php 16 DIRTY access::csrf_form_field()
@@ -266,14 +266,15 @@ modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form
modules/gallery/views/reauthenticate.html.php 9 DIRTY $form
modules/gallery/views/upgrade_checker_block.html.php 19 DIRTY $new_version
modules/gallery/views/upgrader.html.php 76 DIRTY_ATTR $done?"muted":""
-modules/gallery/views/upgrader.html.php 94 DIRTY_ATTR $done?"muted":""
-modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable"
-modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR in_array($id,$failed)?"failed":""
-modules/gallery/views/upgrader.html.php 103 DIRTY_ATTR $id
-modules/gallery/views/upgrader.html.php 107 DIRTY $module->version
-modules/gallery/views/upgrader.html.php 110 DIRTY $module->code_version
-modules/gallery/views/upgrader.html.php 120 DIRTY_ATTR $done?"muted":""
-modules/gallery/views/upgrader.html.php 123 DIRTY_ATTR $done?"muted":""
+modules/gallery/views/upgrader.html.php 97 DIRTY $obsolete_modules_message
+modules/gallery/views/upgrader.html.php 103 DIRTY_ATTR $done?"muted":""
+modules/gallery/views/upgrader.html.php 111 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable"
+modules/gallery/views/upgrader.html.php 111 DIRTY_ATTR in_array($id,$failed)?"failed":""
+modules/gallery/views/upgrader.html.php 112 DIRTY_ATTR $id
+modules/gallery/views/upgrader.html.php 116 DIRTY $module->version
+modules/gallery/views/upgrader.html.php 119 DIRTY $module->code_version
+modules/gallery/views/upgrader.html.php 129 DIRTY_ATTR $done?"muted":""
+modules/gallery/views/upgrader.html.php 132 DIRTY_ATTR $done?"muted":""
modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected)
modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $user->avatar_url(40,$theme->url(,true))
modules/gallery/views/user_profile.html.php 43 DIRTY $info->view
@@ -343,13 +344,12 @@ modules/rss/views/feed.mrss.php 67 DIRTY_ATTR $ite
modules/rss/views/feed.mrss.php 68 DIRTY_ATTR $item->height
modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $item->width
modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url)
-modules/search/views/search.html.php 39 DIRTY_ATTR $item_class
-modules/search/views/search.html.php 40 DIRTY_JS $item->url()
-modules/search/views/search.html.php 41 DIRTY $item->thumb_img(array("class"=>"g-thumbnail"))
modules/search/views/search.html.php 43 DIRTY_ATTR $item_class
-modules/search/views/search.html.php 53 DIRTY $theme->paginator()
-modules/search/views/search_link.html.php 14 DIRTY_ATTR $item->id
-modules/search/views/search_link.html.php 16 DIRTY_ATTR $item->parent_id
+modules/search/views/search.html.php 44 DIRTY_JS $item->url()
+modules/search/views/search.html.php 45 DIRTY $item->thumb_img(array("class"=>"g-thumbnail"))
+modules/search/views/search.html.php 47 DIRTY_ATTR $item_class
+modules/search/views/search.html.php 57 DIRTY $theme->paginator()
+modules/search/views/search_link.html.php 15 DIRTY_ATTR $album_id
modules/server_add/views/admin_server_add.html.php 8 DIRTY_JS url::site("__ARGS__")
modules/server_add/views/admin_server_add.html.php 19 DIRTY $form
modules/server_add/views/admin_server_add.html.php 30 DIRTY_ATTR $id
diff --git a/modules/gallery/views/admin_dashboard.html.php b/modules/gallery/views/admin_dashboard.html.php
index f391547e..cf90ef28 100644
--- a/modules/gallery/views/admin_dashboard.html.php
+++ b/modules/gallery/views/admin_dashboard.html.php
@@ -31,6 +31,13 @@
});
});
</script>
+<div>
+ <? if ($obsolete_modules_message): ?>
+ <p class="g-warning">
+ <?= $obsolete_modules_message ?>
+ </p>
+ <? endif ?>
+</div>
<div id="g-admin-dashboard">
<?= $blocks ?>
</div>
diff --git a/modules/gallery/views/admin_modules.html.php b/modules/gallery/views/admin_modules.html.php
index 5a7f7b6c..96576ae4 100644
--- a/modules/gallery/views/admin_modules.html.php
+++ b/modules/gallery/views/admin_modules.html.php
@@ -46,6 +46,12 @@
<?= t("Power up your Gallery by <a href=\"%url\">adding more modules</a>! Each module provides new cool features.", array("url" => "http://codex.galleryproject.org/Category:Gallery_3:Modules")) ?>
</p>
+ <? if ($obsolete_modules_message): ?>
+ <p class="g-warning">
+ <?= $obsolete_modules_message ?>
+ </p>
+ <? endif ?>
+
<div class="g-block-content">
<form id="g-module-update-form" method="post" action="<?= url::site("admin/modules/confirm") ?>">
<?= access::csrf_form_field() ?>
diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php
index edfaf720..4c611f7e 100644
--- a/modules/gallery/views/upgrader.html.php
+++ b/modules/gallery/views/upgrader.html.php
@@ -90,6 +90,15 @@
</div>
<? endif ?>
+ <? if ($obsolete_modules_message): ?>
+ <div id="obsolete_modules_message">
+ <p>
+ <span class="failed"><?= t("Warning!") ?></span>
+ <?= $obsolete_modules_message ?>
+ </p>
+ </div>
+ <? endif ?>
+
<table>
<tr class="<?= $done ? "muted" : "" ?>">
<th class="name"> <?= t("Module name") ?> </th>
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 13:52:08 +0000