summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/comment/controllers/admin_comments.php52
-rw-r--r--modules/comment/controllers/comments.php6
-rw-r--r--modules/comment/helpers/comment.php5
-rw-r--r--modules/comment/helpers/comment_event.php2
-rw-r--r--modules/comment/helpers/comment_installer.php8
-rw-r--r--modules/comment/module.info2
-rw-r--r--modules/comment/views/admin_comments.html.php7
-rw-r--r--modules/comment/views/comments.html.php5
-rw-r--r--modules/gallery/helpers/item.php5
-rw-r--r--modules/gallery/helpers/item_rest.php2
-rw-r--r--modules/gallery/helpers/items_rest.php20
-rw-r--r--modules/gallery/helpers/module.php7
-rw-r--r--modules/gallery/tests/controller_auth_data.txt2
-rw-r--r--modules/gallery/tests/xss_data.txt37
-rw-r--r--modules/image_block/helpers/image_block_block.php2
-rw-r--r--modules/rest/helpers/rest.php7
-rw-r--r--modules/rest/helpers/rest_installer.php8
-rw-r--r--modules/rest/module.info2
18 files changed, 128 insertions, 51 deletions
diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php
new file mode 100644
index 00000000..fda3873c
--- /dev/null
+++ b/modules/comment/controllers/admin_comments.php
@@ -0,0 +1,52 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2010 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class Admin_Comments_Controller extends Admin_Controller {
+ public function index() {
+ $view = new Admin_View("admin.html");
+ $view->page_title = t("Comment settings");
+ $view->content = new View("admin_comments.html");
+ $view->content->form = $this->_get_admin_form();
+ print $view;
+ }
+
+ public function save() {
+ access::verify_csrf();
+ $form = $this->_get_admin_form();
+ $form->validate();
+ module::set_var("comment", "access_permissions",
+ $form->comment_settings->access_permissions->value);
+ message::success(t("Comment settings updated"));
+ url::redirect("admin/comments");
+ }
+
+ private function _get_admin_form() {
+ $form = new Forge("admin/comments/save", "", "post",
+ array("id" => "g-comments-admin-form"));
+ $comment_settings = $form->group("comment_settings")->label(t("Permissions"));
+ $comment_settings->dropdown("access_permissions")
+ ->label(t("Who can leave comments?"))
+ ->options(array("everybody" => t("Everybody"),
+ "registered_users" => t("Only registered users")))
+ ->selected(module::get_var("comment", "access_permissions"));
+ $comment_settings->submit("save")->value(t("Save"));
+ return $form;
+ }
+}
+
diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 465b1bcd..c42ad24e 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -24,6 +24,9 @@ class Comments_Controller extends Controller {
public function create($id) {
$item = ORM::factory("item", $id);
access::required("view", $item);
+ if (!comment::can_comment()) {
+ access::forbidden();
+ }
$form = comment::get_add_form($item);
try {
@@ -69,6 +72,9 @@ class Comments_Controller extends Controller {
public function form_add($item_id) {
$item = ORM::factory("item", $item_id);
access::required("view", $item);
+ if (!comment::can_comment()) {
+ access::forbidden();
+ }
print comment::prefill_add_form(comment::get_add_form($item));
}
diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php
index 94b14d0d..92a286c7 100644
--- a/modules/comment/helpers/comment.php
+++ b/modules/comment/helpers/comment.php
@@ -60,5 +60,10 @@ class comment_Core {
}
return $form;
}
+
+ static function can_comment() {
+ return !identity::active_user()->guest ||
+ module::get_var("comment", "access_permissions") == "everybody";
+ }
}
diff --git a/modules/comment/helpers/comment_event.php b/modules/comment/helpers/comment_event.php
index 25fd4171..33d4cd05 100644
--- a/modules/comment/helpers/comment_event.php
+++ b/modules/comment/helpers/comment_event.php
@@ -51,13 +51,11 @@ class comment_event_Core {
}
static function admin_menu($menu, $theme) {
- /*
$menu->get("settings_menu")
->append(Menu::factory("link")
->id("comment")
->label(t("Comments"))
->url(url::site("admin/comments")));
- */
$menu->get("content_menu")
->append(Menu::factory("link")
diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php
index 9ca47f1a..7a32bf67 100644
--- a/modules/comment/helpers/comment_installer.php
+++ b/modules/comment/helpers/comment_installer.php
@@ -47,7 +47,8 @@ class comment_installer {
DEFAULT CHARSET=utf8;");
module::set_var("comment", "spam_caught", 0);
- module::set_version("comment", 2);
+ module::set_var("comment", "access_permissions", "everybody");
+ module::set_version("comment", 3);
}
static function upgrade($version) {
@@ -56,6 +57,11 @@ class comment_installer {
$db->query("ALTER TABLE {comments} CHANGE `state` `state` varchar(15) default 'unpublished'");
module::set_version("comment", 2);
}
+
+ if ($version == 2) {
+ module::set_var("comment", "access_permissions", "everybody");
+ module::set_version("comment", 3);
+ }
}
static function uninstall() {
diff --git a/modules/comment/module.info b/modules/comment/module.info
index c371cf27..cd34f140 100644
--- a/modules/comment/module.info
+++ b/modules/comment/module.info
@@ -1,3 +1,3 @@
name = "Comments"
description = "Allows users and guests to leave comments on photos and albums."
-version = 2
+version = 3
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php
new file mode 100644
index 00000000..dc6985b2
--- /dev/null
+++ b/modules/comment/views/admin_comments.html.php
@@ -0,0 +1,7 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div class="g-block">
+ <h1> <?= t("Comment settings") ?> </h1>
+ <div class="g-block-content">
+ <?= $form ?>
+ </div>
+</div>
diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php
index e4322e08..9a608a43 100644
--- a/modules/comment/views/comments.html.php
+++ b/modules/comment/views/comments.html.php
@@ -1,9 +1,12 @@
<?php defined("SYSPATH") or die("No direct script access.") ?>
- <a href="<?= url::site("form/add/comments/{$item->id}") ?>#comment-form" id="g-add-comment"
+<? if (comment::can_comment()): ?>
+<a href="<?= url::site("form/add/comments/{$item->id}") ?>#comment-form" id="g-add-comment"
class="g-button ui-corner-all ui-icon-left ui-state-default">
<span class="ui-icon ui-icon-comment"></span>
<?= t("Add a comment") ?>
</a>
+<? endif ?>
+
<div id="g-comment-detail">
<? if (!$comments->count()): ?>
<p class="g-no-comments">
diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php
index 43c93225..bbbe1058 100644
--- a/modules/gallery/helpers/item.php
+++ b/modules/gallery/helpers/item.php
@@ -209,17 +209,14 @@ class item_Core {
/**
* Return a query to get a random Item_Model, with optional filters
- *
- * @param array (optional) where tuple
*/
- static function random_query($where=null) {
+ static function random_query() {
// Pick a random number and find the item that's got nearest smaller number.
// This approach works best when the random numbers in the system are roughly evenly
// distributed so this is going to be more efficient with larger data sets.
return ORM::factory("item")
->viewable()
->where("rand_key", "<", ((float)mt_rand()) / (float)mt_getrandmax())
- ->merge_where($where)
->order_by("rand_key", "DESC");
}
} \ No newline at end of file
diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php
index ec86ce93..f99afbc2 100644
--- a/modules/gallery/helpers/item_rest.php
+++ b/modules/gallery/helpers/item_rest.php
@@ -152,7 +152,7 @@ class item_rest_Core {
$item->type = "album";
$item->parent_id = $parent->id;
$item->name = $entity->name;
- $item->title = isset($entity->title) ? $entity->title : $name;
+ $item->title = isset($entity->title) ? $entity->title : $entity->name;
$item->description = isset($entity->description) ? $entity->description : null;
$item->slug = isset($entity->slug) ? $entity->slug : null;
$item->save();
diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php
index 32597a65..9cca9a54 100644
--- a/modules/gallery/helpers/items_rest.php
+++ b/modules/gallery/helpers/items_rest.php
@@ -21,14 +21,14 @@ class items_rest_Core {
/**
* To retrieve a collection of items, you can specify the following query parameters to specify
* the type of the collection. If both are specified, then the url parameter is used and the
- * ancestor_for is ignored. Specifying the "type" parameter with the urls parameter, will
+ * ancestors_for is ignored. Specifying the "type" parameter with the urls parameter, will
* filter the results based on the specified type. Using the type parameter with the
- * ancestor_for parameter makes no sense and will be ignored.
+ * ancestors_for parameter makes no sense and will be ignored.
*
* urls=url1,url2,url3
* return items that match the specified urls. Typically used to return the member detail
*
- * ancestor_for=url
+ * ancestors_for=url
* return the ancestors of the specified item
*
* type=<comma separate list of photo, movie or album>
@@ -45,21 +45,21 @@ class items_rest_Core {
if (access::can("view", $item)) {
if (isset($types)) {
if (in_array($item->type, $types)) {
- $items[] = items_rest::format_restful_item($item);
+ $items[] = items_rest::_format_restful_item($item);
}
} else {
- $items[] = items_rest::format_restful_item($item);
+ $items[] = items_rest::_format_restful_item($item);
}
}
}
- } else if (isset($request->params->ancestor_for)) {
- $item = rest::resolve($request->params->ancestor_for);
+ } else if (isset($request->params->ancestors_for)) {
+ $item = rest::resolve($request->params->ancestors_for);
if (!access::can("view", $item)) {
throw new Kohana_404_Exception();
}
- $items[] = items_rest::format_restful_item($item);
+ $items[] = items_rest::_format_restful_item($item);
while (($item = $item->parent()) != null) {
- array_unshift($items, items_rest::format_restful_item($item));
+ array_unshift($items, items_rest::_format_restful_item($item));
};
}
@@ -74,7 +74,7 @@ class items_rest_Core {
return $item;
}
- private static function format_restful_item($item) {
+ private static function _format_restful_item($item) {
$item_rest = array("url" => rest::url("item", $item),
"entity" => $item->as_restful_array(),
"relationships" => rest::relationships("item", $item));
diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php
index 18d65ed5..5134c7b3 100644
--- a/modules/gallery/helpers/module.php
+++ b/modules/gallery/helpers/module.php
@@ -214,13 +214,6 @@ class module_Core {
throw new Exception("@todo UNKNOWN_MODULE");
}
}
-
- // Now the module is upgraded so deactivate it, but we can'it deactivae gallery or the
- // current identity provider.
- $identity_provider = module::get_var("gallery", "identity_provider", "user");
- if (!in_array($module_name, array("gallery", $identity_provider)) ) {
- self::deactivate($module_name);
- }
module::load_modules();
$version_after = module::get_version($module_name);
diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt
index 0aa26057..94e7a07f 100644
--- a/modules/gallery/tests/controller_auth_data.txt
+++ b/modules/gallery/tests/controller_auth_data.txt
@@ -1,4 +1,4 @@
-modules/comment/controllers/admin_comments.php queue DIRTY_CSRF
+modules/comment/controllers/admin_manage_comments.php queue DIRTY_CSRF
modules/comment/helpers/comment_rss.php feed DIRTY_AUTH
modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH
modules/digibug/controllers/digibug.php close_window DIRTY_AUTH
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index afad9e13..0a75d6f7 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -4,21 +4,21 @@ modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urle
modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd")
modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true))
modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created)
-modules/comment/views/admin_comments.html.php 43 DIRTY $menu->render()
-modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR $comment->id
-modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/comment/views/admin_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
-modules/comment/views/admin_comments.html.php 123 DIRTY_JS $item->url()
-modules/comment/views/admin_comments.html.php 125 DIRTY_ATTR $item->thumb_url()
-modules/comment/views/admin_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75)
-modules/comment/views/admin_comments.html.php 135 DIRTY gallery::date($comment->created)
-modules/comment/views/admin_comments.html.php 142 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 151 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 160 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 169 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 176 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 184 DIRTY_JS $comment->id
-modules/comment/views/admin_comments.html.php 197 DIRTY $pager
+modules/comment/views/admin_manage_comments.html.php 43 DIRTY $menu->render()
+modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR $comment->id
+modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/comment/views/admin_manage_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
+modules/comment/views/admin_manage_comments.html.php 123 DIRTY_JS $item->url()
+modules/comment/views/admin_manage_comments.html.php 125 DIRTY_ATTR $item->thumb_url()
+modules/comment/views/admin_manage_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75)
+modules/comment/views/admin_manage_comments.html.php 135 DIRTY gallery::date($comment->created)
+modules/comment/views/admin_manage_comments.html.php 142 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments.html.php 151 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments.html.php 160 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments.html.php 169 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments.html.php 176 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments.html.php 184 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments.html.php 197 DIRTY $pager
modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id;
modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri
@@ -175,7 +175,7 @@ modules/gallery/views/move_tree.html.php 15 DIRTY_JS $child
modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs)
modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"]
modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf")
-modules/gallery/views/movieplayer.html.php 13 DIRTY_JS url::abs_file("lib/flowplayer.h264streaming.swf")
+modules/gallery/views/movieplayer.html.php 14 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf")
modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__")
modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf")
modules/gallery/views/permissions_browse.html.php 43 DIRTY_ATTR $parent->id
@@ -320,7 +320,6 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url
-themes/admin_wind/views/admin.html.php 9 DIRTY $page_title
themes/admin_wind/views/admin.html.php 22 DIRTY_JS $theme->url()
themes/admin_wind/views/admin.html.php 39 DIRTY $theme->admin_head()
themes/admin_wind/views/admin.html.php 43 DIRTY $theme->admin_page_top()
@@ -363,7 +362,7 @@ themes/wind/views/dynamic.html.php 16 DIRTY_ATTR $chi
themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $child->thumb_height
themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator()
themes/wind/views/movie.html.php 5 DIRTY $theme->paginator()
-themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-movie-id-{$item->id}"))
+themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}"))
themes/wind/views/page.html.php 9 DIRTY $page_title
themes/wind/views/page.html.php 33 DIRTY_JS $theme->url()
themes/wind/views/page.html.php 42 DIRTY $new_width
@@ -384,4 +383,4 @@ themes/wind/views/photo.html.php 8 DIRTY_JS $theme
themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height
themes/wind/views/photo.html.php 18 DIRTY $theme->paginator()
themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url()
-themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-photo-id-{$item->id}","class"=>"g-resize"))
+themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-item-id-{$item->id}","class"=>"g-resize"))
diff --git a/modules/image_block/helpers/image_block_block.php b/modules/image_block/helpers/image_block_block.php
index 51ccc4a0..da6e8782 100644
--- a/modules/image_block/helpers/image_block_block.php
+++ b/modules/image_block/helpers/image_block_block.php
@@ -31,7 +31,7 @@ class image_block_block_Core {
// @todo Consider another fallback if further optimizations are necessary.
$attempts = 0;
do {
- $item = item::random_query(array(array("type", "!=", "album")))->find_all(1)->current();
+ $item = item::random_query()->where("type", "!=", "album")->find_all(1)->current();
} while (!$item && $attempts++ < 3);
if ($item && $item->loaded()) {
$block = new Block();
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 49999520..72927c71 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -39,7 +39,12 @@ class rest_Core {
static function set_active_user($access_key) {
if (empty($access_key)) {
- throw new Rest_Exception("Forbidden", 403);
+ if (module::get_var("rest", "allow_guest_access")) {
+ identity::set_active_user(identity::guest());
+ return;
+ } else {
+ throw new Rest_Exception("Forbidden", 403);
+ }
}
$key = ORM::factory("user_access_key")
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
index aeb9573e..c2694a29 100644
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -28,7 +28,8 @@ class rest_installer {
UNIQUE KEY(`access_key`),
UNIQUE KEY(`user_id`))
DEFAULT CHARSET=utf8;");
- module::set_version("rest", 2);
+ module::set_var("rest", "allow_guest_access", false);
+ module::set_version("rest", 3);
}
static function upgrade($version) {
@@ -37,6 +38,11 @@ class rest_installer {
$db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}");
module::set_version("rest", $version = 2);
}
+
+ if ($version == 2) {
+ module::set_var("rest", "allow_guest_access", false);
+ module::set_version("rest", $version = 3);
+ }
}
static function uninstall() {
diff --git a/modules/rest/module.info b/modules/rest/module.info
index 3ab7e165..4b6b5464 100644
--- a/modules/rest/module.info
+++ b/modules/rest/module.info
@@ -1,4 +1,4 @@
name = "REST Access Module"
description = "The RESTful implementation/interface to Gallery3"
-version = 2
+version = 3
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 11:54:14 +0000