diff options
Diffstat (limited to 'modules/gallery')
| -rw-r--r-- | modules/gallery/controllers/file_proxy.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/user_profile.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/data_rest.php | 8 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_installer.php | 10 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_task.php | 56 | ||||
| -rw-r--r-- | modules/gallery/helpers/items_rest.php | 2 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 30 | ||||
| -rw-r--r-- | modules/gallery/module.info | 2 | ||||
| -rw-r--r-- | modules/gallery/tests/Sendmail_Test.php | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/controller_auth_data.txt | 2 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 95 | ||||
| -rw-r--r-- | modules/gallery/views/error_admin.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/error_user.html.php | 2 |
13 files changed, 138 insertions, 79 deletions
diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index d4e0d4c7..b17310c4 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -116,6 +116,8 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } + header("Content-Length: " . filesize($file)); + header("Pragma:"); // Check that the content hasn't expired or it wasn't changed since cached expires::check(2592000, $item->updated); diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index 726d3e51..e992655b 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -56,7 +56,7 @@ class User_Profile_Controller extends Controller { ->to($user->email) ->subject(html::clean($form->message->subject->value)) ->header("Mime-Version", "1.0") - ->header("Content-type", "text/html; charset=iso-8859-1") + ->header("Content-type", "text/html; charset=UTF-8") ->reply_to($form->message->reply_to->value) ->message(html::purify($form->message->message->value)) ->send(); diff --git a/modules/gallery/helpers/data_rest.php b/modules/gallery/helpers/data_rest.php index 3cd2f59a..98c98894 100644 --- a/modules/gallery/helpers/data_rest.php +++ b/modules/gallery/helpers/data_rest.php @@ -57,9 +57,17 @@ class data_rest_Core { // We don't need to save the session for this request Session::instance()->abort_save(); + if ($item->is_album() && !$item->album_cover_item_id) { + // No thumbnail. Return nothing. + // @todo: what should we do here? + return; + } + // Dump out the image. If the item is a movie, then its thumbnail will be a JPG. if ($item->is_movie() && $p->size == "thumb") { header("Content-Type: image/jpeg"); + } else if ($item->is_album()) { + header("Content-Type: " . $item->album_cover()->mime_type); } else { header("Content-Type: {$item->mime_type}"); } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 21c47ad5..569c5118 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -23,7 +23,8 @@ class gallery_installer { $db->query("CREATE TABLE {access_caches} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9), - PRIMARY KEY (`id`)) + PRIMARY KEY (`id`), + KEY (`item_id`)) DEFAULT CHARSET=utf8;"); $db->query("CREATE TABLE {access_intents} ( @@ -299,7 +300,7 @@ class gallery_installer { module::set_var("gallery", "simultaneous_upload_limit", 5); module::set_var("gallery", "admin_area_timeout", 90 * 60); module::set_var("gallery", "maintenance_mode", 0); - module::set_version("gallery", 33); + module::set_version("gallery", 34); } static function upgrade($version) { @@ -578,6 +579,11 @@ class gallery_installer { $db->query("ALTER TABLE {items} ADD KEY (`left_ptr`)"); module::set_version("gallery", $version = 33); } + + if ($version == 33) { + $db->query("ALTER TABLE {access_caches} ADD KEY (`item_id`)"); + module::set_version("gallery", $version = 34); + } } static function uninstall() { diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index bf1355b8..6a1fc28a 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -26,7 +26,9 @@ class gallery_task_Core { const FIX_STATE_RUN_DUPE_SLUGS = 5; const FIX_STATE_START_DUPE_NAMES = 6; const FIX_STATE_RUN_DUPE_NAMES = 7; - const FIX_STATE_DONE = 8; + const FIX_STATE_START_MISSING_ACCESS_CACHES = 8; + const FIX_STATE_RUN_MISSING_ACCESS_CACHES = 9; + const FIX_STATE_DONE = 10; static function available_tasks() { $dirty_count = graphics::find_dirty_images_query()->count_records(); @@ -323,15 +325,14 @@ class gallery_task_Core { $total = $task->get("total"); if (empty($total)) { // mptt: 2 operations for every item - // album audit (permissions and bogus album covers): 1 operation for every album - // dupe slugs: 1 operation for each unique conflicted slug $total = 2 * db::build()->count_records("items"); + // album audit (permissions and bogus album covers): 1 operation for every album $total += db::build()->where("type", "=", "album")->count_records("items"); - foreach (self::find_dupe_slugs() as $row) { - $total++; - } - foreach (self::find_dupe_names() as $row) { - $total++; + // one operation for each missing slug, name and access cache + foreach (array("find_dupe_slugs", "find_dupe_names", "find_missing_access_caches") as $func) { + foreach (self::$func() as $row) { + $total++; + } } $task->set("total", $total); @@ -542,6 +543,36 @@ class gallery_task_Core { $completed++; if (empty($stack)) { + $state = self::FIX_STATE_START_MISSING_ACCESS_CACHES; + } + break; + + case self::FIX_STATE_START_MISSING_ACCESS_CACHES: + $stack = array(); + foreach (self::find_missing_access_caches() as $row) { + $stack[] = $row->id; + } + if ($stack) { + $task->set("stack", implode(" ", $stack)); + $state = self::FIX_STATE_RUN_MISSING_ACCESS_CACHES; + } else { + $state = self::FIX_STATE_DONE; + } + break; + + case self::FIX_STATE_RUN_MISSING_ACCESS_CACHES: + $stack = explode(" ", $task->get("stack")); + $id = array_pop($stack); + $access_cache = ORM::factory("access_cache"); + $access_cache->item_id = $id; + $access_cache->save(); + $task->set("stack", implode(" ", $stack)); + $completed++; + if (empty($stack)) { + // The new cache rows are there, but they're incorrectly populated so we have to fix + // them. If this turns out to be too slow, we'll have to refactor + // access::recalculate_permissions to allow us to do it in slices. + access::recalculate_permissions(item::root()); $state = self::FIX_STATE_DONE; } break; @@ -587,4 +618,13 @@ class gallery_task_Core { ->group_by("parent_name") ->execute(); } + + static function find_missing_access_caches() { + return db::build() + ->select("items.id") + ->from("items") + ->join("access_caches", "items.id", "access_caches.item_id", "left") + ->where("access_caches.id", "is", null) + ->execute(); + } }
\ No newline at end of file diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php index 9cca9a54..f0b68d63 100644 --- a/modules/gallery/helpers/items_rest.php +++ b/modules/gallery/helpers/items_rest.php @@ -80,7 +80,7 @@ class items_rest_Core { "relationships" => rest::relationships("item", $item)); if ($item->type == "album") { $members = array(); - foreach ($item->children() as $child) { + foreach ($item->viewable()->children() as $child) { $members[] = rest::url("item", $child); } $item_rest["members"] = $members; diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 1dea60e8..c4591279 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -668,9 +668,9 @@ class Item_Model extends ORM_MPTT { public function resize_img($extra_attrs) { $attrs = array_merge($extra_attrs, array("src" => $this->resize_url(), - "alt" => $this->title, - "width" => $this->resize_width, - "height" => $this->resize_height) + "alt" => $this->title, + "width" => $this->resize_width, + "height" => $this->resize_height) ); // html::image forces an absolute url which we don't want return "<img" . html::attributes($attrs) . "/>"; @@ -973,27 +973,25 @@ class Item_Model extends ORM_MPTT { } unset($data["album_cover_item_id"]); - if (access::can("view_full", $this) && $this->is_photo()) { - if (access::user_can(identity::guest(), "view_full", $this)) { - $data["file_url"] = $this->file_url(true); - } else { - $data["file_url"] = rest::url("data", $this, "full"); - } + if (access::can("view_full", $this) && !$this->is_album()) { + $data["file_url"] = rest::url("data", $this, "full"); + } + if (access::user_can(identity::guest(), "view_full", $this)) { + $data["file_url_public"] = $this->file_url(true); } - if (($tmp = $this->resize_url(true)) && $this->is_photo()) { + if ($this->is_photo()) { + $data["resize_url"] = rest::url("data", $this, "resize"); if (access::user_can(identity::guest(), "view", $this)) { - $data["resize_url"] = $tmp; - } else { - $data["resize_url"] = rest::url("data", $this, "resize"); + $data["resize_url_public"] = $this->resize_url(true); } } + $data["thumb_url"] = rest::url("data", $this, "thumb"); if (access::user_can(identity::guest(), "view", $this)) { - $data["thumb_url"] = $this->thumb_url(true); - } else { - $data["thumb_url"] = rest::url("data", $this, "thumb"); + $data["thumb_url_public"] = $this->thumb_url(true); } + $data["can_edit"] = access::can("edit", $this); // Elide some internal-only data that is going to cause confusion in the client. diff --git a/modules/gallery/module.info b/modules/gallery/module.info index dbecda03..084a0945 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 33 +version = 34 diff --git a/modules/gallery/tests/Sendmail_Test.php b/modules/gallery/tests/Sendmail_Test.php index b20543d1..b9406047 100644 --- a/modules/gallery/tests/Sendmail_Test.php +++ b/modules/gallery/tests/Sendmail_Test.php @@ -65,14 +65,14 @@ class Sendmail_Test extends Gallery_Unit_Test_Case { "From: from@gallery3.com\n" . "Reply-To: public@gallery3.com\n" . "MIME-Version: 1.0\n" . - "Content-type: text/html; charset=iso-8859-1\r\n" . + "Content-Type: text/html; charset=UTF-8\r\n" . "Subject: Test Email Unit test\r\n\r\n" . "<html><body><p>This is an html msg</p></body></html>"; $result = Sendmail_For_Test::factory() ->to("receiver@someemail.com") ->subject("Test Email Unit test") ->header("MIME-Version", "1.0") - ->header("Content-type", "text/html; charset=iso-8859-1") + ->header("Content-Type", "text/html; charset=UTF-8") ->message("<html><body><p>This is an html msg</p></body></html>") ->send() ->send_text; diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 0864a928..8b776fb9 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -25,6 +25,8 @@ modules/gallery/controllers/welcome_message.php index modules/organize/controllers/organize.php dialog DIRTY_CSRF modules/organize/controllers/organize.php add_album_fields DIRTY_AUTH modules/rest/controllers/rest.php index DIRTY_CSRF|DIRTY_AUTH +modules/rest/controllers/rest.php reset_api_key_confirm DIRTY_AUTH +modules/rest/controllers/rest.php reset_api_key DIRTY_AUTH modules/rest/controllers/rest.php __call DIRTY_CSRF|DIRTY_AUTH modules/rss/controllers/rss.php feed DIRTY_CSRF|DIRTY_AUTH modules/search/controllers/search.php index DIRTY_CSRF|DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index ef92970b..3eae3d07 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -122,50 +122,52 @@ modules/gallery/views/admin_themes.html.php 76 DIRTY $info- modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description modules/gallery/views/admin_themes_preview.html.php 8 DIRTY_ATTR $url modules/gallery/views/error_404.html.php 14 DIRTY $login_form -modules/gallery/views/error_admin.html.php 183 DIRTY $type -modules/gallery/views/error_admin.html.php 183 DIRTY $code -modules/gallery/views/error_admin.html.php 186 DIRTY $message -modules/gallery/views/error_admin.html.php 189 DIRTY_ATTR $error_id -modules/gallery/views/error_admin.html.php 194 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 194 DIRTY $line -modules/gallery/views/error_admin.html.php 199 DIRTY_ATTR ($num==$line)?"highlight":"" -modules/gallery/views/error_admin.html.php 199 DIRTY $num -modules/gallery/views/error_admin.html.php 199 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) -modules/gallery/views/error_admin.html.php 211 DIRTY_ATTR $source_id -modules/gallery/views/error_admin.html.php 211 DIRTY_JS $source_id -modules/gallery/views/error_admin.html.php 211 DIRTY Kohana_Exception::debug_path($step["file"]) -modules/gallery/views/error_admin.html.php 211 DIRTY $step["line"] -modules/gallery/views/error_admin.html.php 213 DIRTY Kohana_Exception::debug_path($step["file"]) -modules/gallery/views/error_admin.html.php 213 DIRTY $step["line"] -modules/gallery/views/error_admin.html.php 220 DIRTY $step["function"] -modules/gallery/views/error_admin.html.php 221 DIRTY_ATTR $args_id -modules/gallery/views/error_admin.html.php 221 DIRTY_JS $args_id -modules/gallery/views/error_admin.html.php 225 DIRTY_ATTR $args_id -modules/gallery/views/error_admin.html.php 230 DIRTY $name -modules/gallery/views/error_admin.html.php 233 DIRTY Kohana_Exception::safe_dump($arg,$name) -modules/gallery/views/error_admin.html.php 241 DIRTY_ATTR $source_id -modules/gallery/views/error_admin.html.php 241 DIRTY_ATTR ($num==$step["line"])?"highlight":"" -modules/gallery/views/error_admin.html.php 241 DIRTY $num -modules/gallery/views/error_admin.html.php 241 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) -modules/gallery/views/error_admin.html.php 251 DIRTY_ATTR $env_id=$error_id."environment" -modules/gallery/views/error_admin.html.php 251 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 253 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 255 DIRTY_ATTR $env_id=$error_id."environment_included" -modules/gallery/views/error_admin.html.php 255 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 255 DIRTY count($included) -modules/gallery/views/error_admin.html.php 256 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 261 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 268 DIRTY_ATTR $env_id=$error_id."environment_loaded" -modules/gallery/views/error_admin.html.php 268 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 268 DIRTY count($included) -modules/gallery/views/error_admin.html.php 269 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 274 DIRTY Kohana_Exception::debug_path($file) -modules/gallery/views/error_admin.html.php 282 DIRTY_ATTR $env_id="$error_id.environment".strtolower($var) -modules/gallery/views/error_admin.html.php 283 DIRTY_JS $env_id -modules/gallery/views/error_admin.html.php 283 DIRTY $var -modules/gallery/views/error_admin.html.php 284 DIRTY_ATTR $env_id -modules/gallery/views/error_admin.html.php 290 DIRTY $key -modules/gallery/views/error_admin.html.php 294 DIRTY Kohana_Exception::safe_dump($value,$key) +modules/gallery/views/error_admin.html.php 178 DIRTY @gallery_block::get("platform_info") +modules/gallery/views/error_admin.html.php 179 DIRTY @gallery_block::get("stats") +modules/gallery/views/error_admin.html.php 184 DIRTY $type +modules/gallery/views/error_admin.html.php 184 DIRTY $code +modules/gallery/views/error_admin.html.php 187 DIRTY $message +modules/gallery/views/error_admin.html.php 190 DIRTY_ATTR $error_id +modules/gallery/views/error_admin.html.php 195 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 195 DIRTY $line +modules/gallery/views/error_admin.html.php 200 DIRTY_ATTR ($num==$line)?"highlight":"" +modules/gallery/views/error_admin.html.php 200 DIRTY $num +modules/gallery/views/error_admin.html.php 200 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) +modules/gallery/views/error_admin.html.php 212 DIRTY_ATTR $source_id +modules/gallery/views/error_admin.html.php 212 DIRTY_JS $source_id +modules/gallery/views/error_admin.html.php 212 DIRTY Kohana_Exception::debug_path($step["file"]) +modules/gallery/views/error_admin.html.php 212 DIRTY $step["line"] +modules/gallery/views/error_admin.html.php 214 DIRTY Kohana_Exception::debug_path($step["file"]) +modules/gallery/views/error_admin.html.php 214 DIRTY $step["line"] +modules/gallery/views/error_admin.html.php 221 DIRTY $step["function"] +modules/gallery/views/error_admin.html.php 222 DIRTY_ATTR $args_id +modules/gallery/views/error_admin.html.php 222 DIRTY_JS $args_id +modules/gallery/views/error_admin.html.php 226 DIRTY_ATTR $args_id +modules/gallery/views/error_admin.html.php 231 DIRTY $name +modules/gallery/views/error_admin.html.php 234 DIRTY Kohana_Exception::safe_dump($arg,$name) +modules/gallery/views/error_admin.html.php 242 DIRTY_ATTR $source_id +modules/gallery/views/error_admin.html.php 242 DIRTY_ATTR ($num==$step["line"])?"highlight":"" +modules/gallery/views/error_admin.html.php 242 DIRTY $num +modules/gallery/views/error_admin.html.php 242 DIRTY htmlspecialchars($row,ENT_NOQUOTES,Kohana::CHARSET) +modules/gallery/views/error_admin.html.php 252 DIRTY_ATTR $env_id=$error_id."environment" +modules/gallery/views/error_admin.html.php 252 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 254 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 256 DIRTY_ATTR $env_id=$error_id."environment_included" +modules/gallery/views/error_admin.html.php 256 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 256 DIRTY count($included) +modules/gallery/views/error_admin.html.php 257 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 262 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 269 DIRTY_ATTR $env_id=$error_id."environment_loaded" +modules/gallery/views/error_admin.html.php 269 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 269 DIRTY count($included) +modules/gallery/views/error_admin.html.php 270 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 275 DIRTY Kohana_Exception::debug_path($file) +modules/gallery/views/error_admin.html.php 283 DIRTY_ATTR $env_id="$error_id.environment".strtolower($var) +modules/gallery/views/error_admin.html.php 284 DIRTY_JS $env_id +modules/gallery/views/error_admin.html.php 284 DIRTY $var +modules/gallery/views/error_admin.html.php 285 DIRTY_ATTR $env_id +modules/gallery/views/error_admin.html.php 291 DIRTY $key +modules/gallery/views/error_admin.html.php 295 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") @@ -294,6 +296,7 @@ modules/organize/views/organize_dialog.html.php 136 DIRTY_ATTR requ modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key +modules/rest/views/reset_api_key_confirm.html.php 6 DIRTY $form modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed->previous_page_uri @@ -367,8 +370,8 @@ themes/admin_wind/views/admin.html.php 61 DIRTY $theme themes/admin_wind/views/admin.html.php 68 DIRTY $content themes/admin_wind/views/admin.html.php 74 DIRTY $sidebar themes/admin_wind/views/admin.html.php 79 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 81 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 85 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/admin.html.php 82 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 87 DIRTY $theme->admin_page_bottom() themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/admin_wind/views/block.html.php 5 DIRTY $id themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id diff --git a/modules/gallery/views/error_admin.html.php b/modules/gallery/views/error_admin.html.php index f5004eae..af78c59c 100644 --- a/modules/gallery/views/error_admin.html.php +++ b/modules/gallery/views/error_admin.html.php @@ -120,7 +120,7 @@ font-size: 1.1em; } </style> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title><?= t("Something went wrong!") ?></title> <script type="text/javascript"> diff --git a/modules/gallery/views/error_user.html.php b/modules/gallery/views/error_user.html.php index b64cfb53..09ab752a 100644 --- a/modules/gallery/views/error_user.html.php +++ b/modules/gallery/views/error_user.html.php @@ -36,7 +36,7 @@ margin: 0 auto; } </style> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title><?= t("Something went wrong!") ?></title> </head> <body> |