diff options
Diffstat (limited to 'modules/gallery')
| -rw-r--r-- | modules/gallery/helpers/MY_valid.php | 26 | ||||
| -rw-r--r-- | modules/gallery/helpers/random.php | 6 | ||||
| -rw-r--r-- | modules/gallery/tests/File_Structure_Test.php | 1 | ||||
| -rw-r--r-- | modules/gallery/tests/Gallery_Filters.php | 1 | ||||
| -rw-r--r-- | modules/gallery/tests/Valid_Test.php | 28 | ||||
| -rw-r--r-- | modules/gallery/vendor/joomla/crypt.php | 151 | ||||
| -rw-r--r-- | modules/gallery/views/admin_advanced_settings.html.php | 6 |
7 files changed, 214 insertions, 5 deletions
diff --git a/modules/gallery/helpers/MY_valid.php b/modules/gallery/helpers/MY_valid.php new file mode 100644 index 00000000..ee17267a --- /dev/null +++ b/modules/gallery/helpers/MY_valid.php @@ -0,0 +1,26 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2012 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class valid extends valid_Core { + static function url($url) { + return valid_Core::url($url) && + (!strncasecmp($url, "http://", strlen("http://")) || + !strncasecmp($url, "https://", strlen("https://"))); + } +} diff --git a/modules/gallery/helpers/random.php b/modules/gallery/helpers/random.php index 0ee83f49..ea08815a 100644 --- a/modules/gallery/helpers/random.php +++ b/modules/gallery/helpers/random.php @@ -17,13 +17,15 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ + class random_Core { /** * Return a random 32 byte hash value. * @param string extra entropy data */ - static function hash($entropy="") { - return md5($entropy . uniqid(mt_rand(), true)); + static function hash($length=32) { + require_once(MODPATH . "gallery/vendor/joomla/crypt.php"); + return md5(JCrypt::genRandomBytes($length)); } /** diff --git a/modules/gallery/tests/File_Structure_Test.php b/modules/gallery/tests/File_Structure_Test.php index ad0f8111..3d2079e5 100644 --- a/modules/gallery/tests/File_Structure_Test.php +++ b/modules/gallery/tests/File_Structure_Test.php @@ -101,6 +101,7 @@ class File_Structure_Test extends Gallery_Unit_Test_Case { $expected_4 = array("<?php defined('SYSPATH') or die('No direct script access.');\n"); } else if (strpos($path, MODPATH . "forge") === 0 || strpos($path, MODPATH . "exif/lib") === 0 || + strpos($path, MODPATH . "gallery/vendor/joomla") === 0 || strpos($path, MODPATH . "gallery_unit_test/vendor") === 0 || strpos($path, MODPATH . "gallery/lib/HTMLPurifier") === 0 || $path == MODPATH . "user/lib/PasswordHash.php" || diff --git a/modules/gallery/tests/Gallery_Filters.php b/modules/gallery/tests/Gallery_Filters.php index cd188c03..73bc6284 100644 --- a/modules/gallery/tests/Gallery_Filters.php +++ b/modules/gallery/tests/Gallery_Filters.php @@ -46,6 +46,7 @@ class GalleryCodeFilterIterator extends FilterIterator { strpos($path_name, MODPATH . "user/lib/PasswordHash") !== false || strpos($path_name, SYSPATH) !== false || strpos($path_name, MODPATH . "gallery/libraries/HTMLPurifier") !== false || + strpos($path_name, MODPATH . "gallery/vendor/joomla") !== false || substr($path_name, -1, 1) == "~"); } } diff --git a/modules/gallery/tests/Valid_Test.php b/modules/gallery/tests/Valid_Test.php new file mode 100644 index 00000000..82001b94 --- /dev/null +++ b/modules/gallery/tests/Valid_Test.php @@ -0,0 +1,28 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2012 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Valid_Test extends Gallery_Unit_Test_Case { + public function url_test() { + $this->assert_true(valid::url("http://foo.bar.com")); + $this->assert_true(valid::url("https://foo.bar.com")); + + $this->assert_false(valid::url("mailto://bar")); + $this->assert_false(valid::url("ftp://bar")); + } +}
\ No newline at end of file diff --git a/modules/gallery/vendor/joomla/crypt.php b/modules/gallery/vendor/joomla/crypt.php new file mode 100644 index 00000000..c7d477dd --- /dev/null +++ b/modules/gallery/vendor/joomla/crypt.php @@ -0,0 +1,151 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * @package Joomla.Platform + * @subpackage Crypt + * + * @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved. + * @license GNU General Public License version 2 or later; see LICENSE + */ + +// defined('JPATH_PLATFORM') or die; + +/** + * JCrypt is a Joomla Platform class for handling basic encryption/decryption of data. + * + * @package Joomla.Platform + * @subpackage Crypt + * @since 12.1 + */ +class JCrypt +{ + /** + * Generate random bytes. + * + * @param integer $length Length of the random data to generate + * + * @return string Random binary data + * + * @since 12.1 + */ + public static function genRandomBytes($length = 16) + { + $sslStr = ''; + /* + * if a secure randomness generator exists and we don't + * have a buggy PHP version use it. + */ + if ( + function_exists('openssl_random_pseudo_bytes') + && (version_compare(PHP_VERSION, '5.3.4') >= 0 + || substr(PHP_OS, 0, 3) !== 'WIN' + ) + ) + { + $sslStr = openssl_random_pseudo_bytes($length, $strong); + if ($strong) + { + return $sslStr; + } + } + + /* + * Collect any entropy available in the system along with a number + * of time measurements of operating system randomness. + */ + $bitsPerRound = 2; + $maxTimeMicro = 400; + $shaHashLength = 20; + $randomStr = ''; + $total = $length; + + // Check if we can use /dev/urandom. + $urandom = false; + $handle = null; + if (function_exists('stream_set_read_buffer') && @is_readable('/dev/urandom')) + { + $handle = @fopen('/dev/urandom', 'rb'); + if ($handle) + { + $urandom = true; + } + } + + while ($length > strlen($randomStr)) + { + $bytes = ($total > $shaHashLength)? $shaHashLength : $total; + $total -= $bytes; + /* + * Collect any entropy available from the PHP system and filesystem. + * If we have ssl data that isn't strong, we use it once. + */ + $entropy = rand() . uniqid(mt_rand(), true) . $sslStr; + $entropy .= implode('', @fstat(fopen( __FILE__, 'r'))); + $entropy .= memory_get_usage(); + $sslStr = ''; + if ($urandom) + { + stream_set_read_buffer($handle, 0); + $entropy .= @fread($handle, $bytes); + } + else + { + /* + * There is no external source of entropy so we repeat calls + * to mt_rand until we are assured there's real randomness in + * the result. + * + * Measure the time that the operations will take on average. + */ + $samples = 3; + $duration = 0; + for ($pass = 0; $pass < $samples; ++$pass) + { + $microStart = microtime(true) * 1000000; + $hash = sha1(mt_rand(), true); + for ($count = 0; $count < 50; ++$count) + { + $hash = sha1($hash, true); + } + $microEnd = microtime(true) * 1000000; + $entropy .= $microStart . $microEnd; + if ($microStart > $microEnd) { + $microEnd += 1000000; + } + $duration += $microEnd - $microStart; + } + $duration = $duration / $samples; + + /* + * Based on the average time, determine the total rounds so that + * the total running time is bounded to a reasonable number. + */ + $rounds = (int)(($maxTimeMicro / $duration) * 50); + + /* + * Take additional measurements. On average we can expect + * at least $bitsPerRound bits of entropy from each measurement. + */ + $iter = $bytes * (int) ceil(8 / $bitsPerRound); + for ($pass = 0; $pass < $iter; ++$pass) + { + $microStart = microtime(true); + $hash = sha1(mt_rand(), true); + for ($count = 0; $count < $rounds; ++$count) + { + $hash = sha1($hash, true); + } + $entropy .= $microStart . microtime(true); + } + } + + $randomStr .= sha1($entropy, true); + } + + if ($urandom) + { + @fclose($handle); + } + + return substr($randomStr, 0, $length); + } +} diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index d4f646f8..8d21d890 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -43,9 +43,9 @@ var filter = $(this).attr("value"); if (filter) { $("tr.setting-row").fadeOut("fast"); - $("tr.setting-row td:contains(" + filter + "), tr.setting-row td a:contains(" + filter + ")").each(function() { - if ($(this).children().length < 1) { - $(this).closest("tr").stop().show(); + $("tr.setting-row").each(function() { + if ($(this).text().indexOf(filter) > 0) { + $(this).stop().show(); } }); } else { |