diff options
Diffstat (limited to 'modules/watermark')
| -rw-r--r-- | modules/watermark/controllers/admin_watermarks.php | 45 | ||||
| -rw-r--r-- | modules/watermark/helpers/watermark.php | 2 | ||||
| -rw-r--r-- | modules/watermark/helpers/watermark_event.php | 2 | ||||
| -rw-r--r-- | modules/watermark/helpers/watermark_installer.php | 3 | ||||
| -rw-r--r-- | modules/watermark/module.info | 6 | ||||
| -rw-r--r-- | modules/watermark/tests/Admin_Watermarks_Controller_Test.php | 124 |
6 files changed, 148 insertions, 34 deletions
diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index a80f82a9..b058d6a5 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access."); /** * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2012 Bharat Mediratta + * Copyright (C) 2000-2013 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -66,7 +66,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { $form = watermark::get_delete_form(); if ($form->validate()) { - if ($name = module::get_var("watermark", "name")) { + if ($name = basename(module::get_var("watermark", "name"))) { @unlink(VARPATH . "modules/watermark/$name"); module::clear_var("watermark", "name"); @@ -93,39 +93,30 @@ class Admin_Watermarks_Controller extends Admin_Controller { access::verify_csrf(); $form = watermark::get_add_form(); - if ($form->validate()) { + // For TEST_MODE, we want to simulate a file upload. Because this is not a true upload, Forge's + // validation logic will correctly reject it. So, we skip validation when we're running tests. + if (TEST_MODE || $form->validate()) { $file = $_POST["file"]; - $pathinfo = pathinfo($file); // Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness - $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); - $name = legal_file::smash_extensions($name); - - if (!($image_info = getimagesize($file)) || - !in_array($image_info[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) { - message::error(t("Unable to identify this image file")); + $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', basename($file)); + + try { + list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); + // Sanitize filename, which ensures a valid extension. This renaming prevents the issues + // addressed in ticket #1855, where an image that looked valid (header said jpg) with a + // php extension was previously accepted without changing its extension. + $name = legal_file::sanitize_filename($name, $extension, "photo"); + } catch (Exception $e) { + message::error(t("Invalid or unidentifiable image file")); @unlink($file); return; } - if (!in_array($pathinfo["extension"], legal_file::get_photo_extensions())) { - switch ($image_info[2]) { - case IMAGETYPE_GIF: - $name = legal_file::change_extension($name, "gif"); - break; - case IMAGETYPE_JPEG: - $name = legal_file::change_extension($name, "jpg"); - break; - case IMAGETYPE_PNG: - $name = legal_file::change_extension($name, "png"); - break; - } - } - rename($file, VARPATH . "modules/watermark/$name"); module::set_var("watermark", "name", $name); - module::set_var("watermark", "width", $image_info[0]); - module::set_var("watermark", "height", $image_info[1]); - module::set_var("watermark", "mime_type", $image_info["mime"]); + module::set_var("watermark", "width", $width); + module::set_var("watermark", "height", $height); + module::set_var("watermark", "mime_type", $mime_type); module::set_var("watermark", "position", $form->add_watermark->position->value); module::set_var("watermark", "transparency", $form->add_watermark->transparency->value); $this->_update_graphics_rules(); diff --git a/modules/watermark/helpers/watermark.php b/modules/watermark/helpers/watermark.php index 47301a6a..3357c14e 100644 --- a/modules/watermark/helpers/watermark.php +++ b/modules/watermark/helpers/watermark.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access."); /** * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2012 Bharat Mediratta + * Copyright (C) 2000-2013 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/modules/watermark/helpers/watermark_event.php b/modules/watermark/helpers/watermark_event.php index 675bf68b..7547515f 100644 --- a/modules/watermark/helpers/watermark_event.php +++ b/modules/watermark/helpers/watermark_event.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access."); /** * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2012 Bharat Mediratta + * Copyright (C) 2000-2013 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/modules/watermark/helpers/watermark_installer.php b/modules/watermark/helpers/watermark_installer.php index 89489dc3..13338912 100644 --- a/modules/watermark/helpers/watermark_installer.php +++ b/modules/watermark/helpers/watermark_installer.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access."); /** * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2012 Bharat Mediratta + * Copyright (C) 2000-2013 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,7 +33,6 @@ class watermark_installer { DEFAULT CHARSET=utf8;"); @mkdir(VARPATH . "modules/watermark"); - module::set_version("watermark", 2); } static function uninstall() { diff --git a/modules/watermark/module.info b/modules/watermark/module.info index 58efa43f..e5003cda 100644 --- a/modules/watermark/module.info +++ b/modules/watermark/module.info @@ -2,6 +2,6 @@ name = "Watermarks" description = "Allows users to watermark their photos" version = 2 author_name = "Gallery Team" -author_url = "http://codex.gallery2.org/Gallery:Team" -info_url = "http://codex.gallery2.org/Gallery3:Modules:watermark" -discuss_url = "http://gallery.menalto.com/forum_module_watermark" +author_url = "http://codex.galleryproject.org/Gallery:Team" +info_url = "http://codex.galleryproject.org/Gallery3:Modules:watermark" +discuss_url = "http://galleryproject.org/forum_module_watermark" diff --git a/modules/watermark/tests/Admin_Watermarks_Controller_Test.php b/modules/watermark/tests/Admin_Watermarks_Controller_Test.php new file mode 100644 index 00000000..0b4ba84b --- /dev/null +++ b/modules/watermark/tests/Admin_Watermarks_Controller_Test.php @@ -0,0 +1,124 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Admin_Watermarks_Controller_Test extends Gallery_Unit_Test_Case { + public function setup() { + $this->_save = array($_POST, $_SERVER); + $_SERVER["HTTP_REFERER"] = "HTTP_REFERER"; + } + + public function teardown() { + list($_POST, $_SERVER) = $this->_save; + } + + public function add_watermark_test() { + // Source is a jpg file, watermark path has extension jpg + $name = test::random_name(); + $source_path = MODPATH . "gallery/images/imagemagick.jpg"; + $watermark_path = TMPPATH . "uploadfile-123-{$name}.jpg"; + copy($source_path, $watermark_path); + + // Setup and run Admin_Watermarks_Controller::add + $controller = new Admin_Watermarks_Controller(); + $_POST["file"] = $watermark_path; + $_POST["csrf"] = access::csrf_token(); + ob_start(); + $controller->add(); + $results = ob_get_clean(); + + // Add should be successful + $this->assert_equal(json_encode(array("result" => "success", + "location" => url::site("admin/watermarks"))), $results); + $this->assert_equal(file_get_contents($source_path), + file_get_contents(VARPATH . "modules/watermark/$name.jpg")); + $this->assert_equal("$name.jpg", module::get_var("watermark", "name")); + $this->assert_equal(114, module::get_var("watermark", "width")); + $this->assert_equal(118, module::get_var("watermark", "height")); + $this->assert_equal("image/jpeg", module::get_var("watermark", "mime_type")); + } + + public function add_watermark_reject_illegal_file_test() { + // Source is a php file, watermark path has extension php + $name = test::random_name(); + $source_path = MODPATH . "watermark/tests/Admin_Watermarks_Controller_Test.php"; + $watermark_path = TMPPATH . "uploadfile-123-{$name}.php"; + copy($source_path, $watermark_path); + + // Setup and run Admin_Watermarks_Controller::add + $controller = new Admin_Watermarks_Controller(); + $_POST["file"] = $watermark_path; + $_POST["csrf"] = access::csrf_token(); + ob_start(); + $controller->add(); + $results = ob_get_clean(); + + // Add should *not* be successful, and watermark should be deleted + $this->assert_equal("", $results); + $this->assert_false(file_exists($watermark_path)); + $this->assert_false(file_exists(VARPATH . "modules/watermark/$name.php")); + } + + public function add_watermark_rename_legal_file_with_illegal_extension_test() { + // Source is a jpg file, watermark path has extension php + $name = test::random_name(); + $source_path = MODPATH . "gallery/images/imagemagick.jpg"; + $watermark_path = TMPPATH . "uploadfile-123-{$name}.php"; + copy($source_path, $watermark_path); + + // Setup and run Admin_Watermarks_Controller::add + $controller = new Admin_Watermarks_Controller(); + $_POST["file"] = $watermark_path; + $_POST["csrf"] = access::csrf_token(); + ob_start(); + $controller->add(); + $results = ob_get_clean(); + + // Add should be successful with file renamed as jpg + $this->assert_equal(json_encode(array("result" => "success", + "location" => url::site("admin/watermarks"))), $results); + $this->assert_equal(file_get_contents($source_path), + file_get_contents(VARPATH . "modules/watermark/$name.jpg")); + $this->assert_equal("$name.jpg", module::get_var("watermark", "name")); + $this->assert_equal(114, module::get_var("watermark", "width")); + $this->assert_equal(118, module::get_var("watermark", "height")); + $this->assert_equal("image/jpeg", module::get_var("watermark", "mime_type")); + } + + public function add_watermark_reject_illegal_file_with_legal_extension_test() { + // Source is a php file, watermark path has extension jpg + $name = test::random_name(); + $source_path = MODPATH . "watermark/tests/Admin_Watermarks_Controller_Test.php"; + $watermark_path = TMPPATH . "uploadfile-123-{$name}.jpg"; + copy($source_path, $watermark_path); + + // Setup and run Admin_Watermarks_Controller::add + $controller = new Admin_Watermarks_Controller(); + $_POST["file"] = $watermark_path; + $_POST["csrf"] = access::csrf_token(); + ob_start(); + $controller->add(); + $results = ob_get_clean(); + + // Add should *not* be successful, and watermark should be deleted + $this->assert_equal("", $results); + $this->assert_false(file_exists($watermark_path)); + $this->assert_false(file_exists(VARPATH . "modules/watermark/$name.php")); + $this->assert_false(file_exists(VARPATH . "modules/watermark/$name.jpg")); + } +} |