diff options
Diffstat (limited to 'modules')
24 files changed, 114 insertions, 54 deletions
diff --git a/modules/exif/tests/Exif_Test.php b/modules/exif/tests/Exif_Test.php index cf5af851..404b6cde 100644 --- a/modules/exif/tests/Exif_Test.php +++ b/modules/exif/tests/Exif_Test.php @@ -33,8 +33,8 @@ class Exif_Test extends Gallery_Unit_Test_Case { array("caption" => "Exposure Time", "value" => "1/60 sec"), array("caption" => "Flash", "value" => "No Flash"), array("caption" => "Focal Length", "value" => "50 mm"), - array("caption" => "ISO", "value" => "6553700"), - array("caption" => "Metering Mode", "value" => "Multi-Segment"), + array("caption" => "ISO", "value" => "100"), + array("caption" => "Metering Mode", "value" => "Pattern"), array("caption" => "Date/Time", "value" => "2008:03:17 17:41:25"), array("caption" => "Copyright", "value" => "(C) 2008 - T. Almdal"), array("caption" => "Orientation", "value" => "1: Normal (0 deg)"), diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 787a2138..c460f58c 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -22,7 +22,12 @@ class Admin_Controller extends Controller { public function __construct($theme=null) { if (!identity::active_user()->admin) { - access::forbidden(); + if (identity::active_user()->guest) { + Session::instance()->set("continue_url", url::abs_current(true)); + url::redirect("login"); + } else { + access::forbidden(); + } } parent::__construct(); @@ -78,7 +83,7 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get" && !request::is_ajax()) { // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); + Session::instance()->set("continue_url", url::abs_current(true)); } url::redirect("reauthenticate"); } diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index ea15418f..eaa09be5 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -73,8 +73,8 @@ class Albums_Controller extends Items_Controller { // We can't use math in ORM or the query builder, so do this by hand. It's important // that we do this with math, otherwise concurrent accesses will damage accuracy. - db::query( - "UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id"); + db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id") + ->execute(); print $template; } diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 40125476..2b60316b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -38,15 +38,18 @@ class Login_Controller extends Controller { } public function html() { - print auth::get_login_form("login/auth_html"); + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Login"); + $view->content = auth::get_login_form("login/auth_html"); + print $view; } public function auth_html() { access::verify_csrf(); - $continue_url = Session::instance()->get("continue_url", null); list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { + $continue_url = $form->continue_url->value; url::redirect($continue_url ? $continue_url : item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 967dad49..20fa8074 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -21,14 +21,9 @@ class Logout_Controller extends Controller { public function index() { access::verify_csrf(); auth::logout(); - if ($continue_url = Input::instance()->get("continue")) { - $item = url::get_item_from_uri($continue_url); - if (access::can("view", $item)) { - // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: $continue_url"); - } else { - url::redirect(item::root()->abs_url()); - } + if ($continue_url = Input::instance()->get("continue_url")) { + url::redirect($continue_url); } + url::redirect(item::root()->abs_url()); } }
\ No newline at end of file diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 3503d80a..acb27f6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -37,8 +37,7 @@ class Reauthenticate_Controller extends Controller { if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - $continue_url = Session::instance()->get_once("continue_url", "admin"); - url::redirect($continue_url); + url::redirect($form->continue_url->value); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); @@ -59,6 +58,7 @@ class Reauthenticate_Controller extends Controller { private static function _form() { $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); $group = $form->group("reauthenticate")->label(t("Re-authenticate")); $group->password("password")->label(t("Password"))->id("g-password")->class(null) ->callback("auth::validate_too_many_failed_auth_attempts") diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 1a9fe869..48b5fc32 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -21,6 +21,7 @@ class auth_Core { static function get_login_form($url) { $form = new Forge($url, "", "post", array("id" => "g-login-form")); $form->set_attr("class", "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url")); $group = $form->group("login")->label(t("Login")); $group->input("name")->label(t("Username"))->id("g-username")->class(null) ->callback("auth::validate_too_many_failed_logins") diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index ae7131ae..55db47ce 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -157,11 +157,22 @@ class gallery_event_Core { ->view("login_current_user.html") ->url(user_profile::url($user->id)) ->label($user->display_name())); + + if (isset($theme->item)) { + if (access::user_can(identity::guest(), "view", $theme->item)) { + $continue_url = $theme->item->abs_url(); + } else { + $continue_url = item::root()->abs_url(); + } + } else { + $continue_url = url::abs_current(); + } + $menu->append(Menu::factory("link") ->id("user_menu_logout") ->css_id("g-logout-link") - ->url(url::site("logout?csrf=$csrf&continue=" . - urlencode(url::abs_current()))) + ->url(url::site("logout?csrf=$csrf&continue_url=" . + urlencode($continue_url))) ->label(t("Logout"))); } } diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index bbbe1058..15bbe977 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -136,7 +136,7 @@ class item_Core { */ static function convert_filename_to_title($filename) { $title = strtr($filename, "_", " "); - $title = preg_replace("/\..*?$/", "", $title); + $title = preg_replace("/\..{3,4}$/", "", $title); $title = preg_replace("/ +/", " ", $title); return $title; } diff --git a/modules/gallery/helpers/message.php b/modules/gallery/helpers/message.php index 047eb2c7..1f69e2a9 100644 --- a/modules/gallery/helpers/message.php +++ b/modules/gallery/helpers/message.php @@ -78,6 +78,7 @@ class message_Core { $messages = Session::instance()->get_once("messages", array()); foreach ($messages as $msg) { + $msg[0] = str_replace("__CSRF__", access::csrf_token(), $msg[0]); $buf[] = "<li class=\"" . self::severity_class($msg[1]) . "\">$msg[0]</li>"; } if ($buf) { diff --git a/modules/gallery/helpers/site_status.php b/modules/gallery/helpers/site_status.php index 759eb382..13c42dda 100644 --- a/modules/gallery/helpers/site_status.php +++ b/modules/gallery/helpers/site_status.php @@ -100,7 +100,7 @@ class site_status_Core { } $buf = array(); foreach (ORM::factory("message")->find_all() as $msg) { - $value = str_replace('__CSRF__', access::csrf_token(), $msg->value); + $value = str_replace("__CSRF__", access::csrf_token(), $msg->value); $buf[] = "<li class=\"" . self::severity_class($msg->severity) . "\">$value</li>"; } diff --git a/modules/gallery/js/l10n_client.js b/modules/gallery/js/l10n_client.js index a1170e2d..a1b970e7 100644 --- a/modules/gallery/js/l10n_client.js +++ b/modules/gallery/js/l10n_client.js @@ -60,25 +60,21 @@ jQuery.extend(Gallery, { $('#l10n-client').height('22em').removeClass('hidden'); //$('#l10n-client').slideUp(); $('#g-minimize-l10n').text("_"); - /* - * This CSS clashes with Gallery's CSS, probably due to - * YUI's grid / floats. - if(!$.browser.msie) { - $('body').css('border-bottom', '22em solid #fff'); - } - */ + // This CSS clashes with Gallery's CSS, probably due to + // YUI's grid / floats. + // if(!$.browser.msie) { + // $('body').css('border-bottom', '22em solid #fff'); + // } $.cookie('Gallery_l10n_client', '1', {expires: 7, path: '/'}); break; case 0: $('#l10n-client-string-select, #l10n-client-string-editor, #l10n-client .labels .label').hide(); $('#l10n-client').height('2em').addClass('hidden'); // TODO: Localize this message - $('#g-minimize-l10n').text(MSG_TRANSLATE_TEXT); - /* - if(!$.browser.msie) { - $('body').css('border-bottom', '0px'); - } - */ + $('#g-minimize-l10n').text(MSG_TRANSLATE_TEXT); + // if(!$.browser.msie) { + // $('body').css('border-bottom', '0px'); + // } $.cookie('Gallery_l10n_client', '0', {expires: 7, path: '/'}); break; } diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php index e7ebdb1f..df7557ae 100644 --- a/modules/gallery/libraries/MY_Kohana_Exception.php +++ b/modules/gallery/libraries/MY_Kohana_Exception.php @@ -59,7 +59,7 @@ class Kohana_Exception extends Kohana_Exception_Core { private static function _show_themed_error_page(Exception $e) { // Create a text version of the exception $error = Kohana_Exception::text($e); - + // Add this exception to the log Kohana_Log::add('error', $error); @@ -83,8 +83,6 @@ class Kohana_Exception extends Kohana_Exception_Core { if ($view->content->is_guest) { $view->content->login_form = new View("login_ajax.html"); $view->content->login_form->form = auth::get_login_form("login/auth_html"); - // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); } } else { $view->page_title = t("Dang... Something went wrong!"); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 409ed3cc..009457c1 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -924,17 +924,21 @@ class Item_Model extends ORM_MPTT { /** * Same as ORM::as_array() but convert id fields into their RESTful form. */ - public function as_restful_array() { + public function as_restful_array($convert_ids=true) { // Convert item ids to rest URLs for consistency $data = $this->as_array(); - if ($tmp = $this->parent()) { - $data["parent"] = rest::url("item", $tmp); - } - unset($data["parent_id"]); - if ($tmp = $this->album_cover()) { - $data["album_cover"] = rest::url("item", $tmp); + + if ($convert_ids) { + if ($tmp = $this->parent()) { + $data["parent"] = rest::url("item", $tmp); + } + unset($data["parent_id"]); + + if ($tmp = $this->album_cover()) { + $data["album_cover"] = rest::url("item", $tmp); + } + unset($data["album_cover_item_id"]); } - unset($data["album_cover_item_id"]); if (access::can("view_full", $this) && $this->is_photo()) { $data["file_url"] = $this->file_url(true); @@ -944,6 +948,7 @@ class Item_Model extends ORM_MPTT { $data["resize_url"] = $tmp; } $data["thumb_url"] = $this->thumb_url(true); + $data["can_edit"] = access::can("edit", $this); // Elide some internal-only data that is going to cause confusion in the client. foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr", diff --git a/modules/gallery/tests/Gallery_Filters.php b/modules/gallery/tests/Gallery_Filters.php index 4e32553b..debbe846 100644 --- a/modules/gallery/tests/Gallery_Filters.php +++ b/modules/gallery/tests/Gallery_Filters.php @@ -28,8 +28,10 @@ class GalleryCodeFilterIterator extends FilterIterator { public function accept() { // Skip anything that we didn"t write $path_name = $this->getInnerIterator()->getPathName(); + $file_name = $this->getInnerIterator()->getFileName(); return !( - strpos($path_name, ".svn") || + $file_name == "." || + $file_name == ".." || strpos($path_name, DOCROOT . "test") !== false || strpos($path_name, DOCROOT . "var") !== false || strpos($path_name, MODPATH . "forge") !== false || diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 4771b11a..00229973 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -41,6 +41,11 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { ORM::factory("item")->viewable()->where("id", "=", $item->id)->count_all()); } + public function convert_filename_to_title_test() { + $this->assert_equal("foo", item::convert_filename_to_title("foo.jpg")); + $this->assert_equal("foo.bar", item::convert_filename_to_title("foo.bar.jpg")); + } + public function convert_filename_to_slug_test() { $this->assert_equal("foo", item::convert_filename_to_slug("{[foo]}")); $this->assert_equal("foo-bar", item::convert_filename_to_slug("{[foo!@#!$@#^$@($!(@bar]}")); diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 15aa2d8c..f9e6a4e3 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -18,6 +18,10 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Item_Model_Test extends Gallery_Unit_Test_Case { + public function teardown() { + identity::set_active_user(identity::admin_user()); + } + public function saving_sets_created_and_updated_dates_test() { $item = test::random_photo(); $this->assert_true(!empty($item->created)); @@ -364,6 +368,27 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(!array_key_exists("album_cover_item_id", $result)); } + public function as_restful_array_with_ids_test() { + $album = test::random_album(); + $photo = test::random_photo($album); + $album->reload(); + + $result = $album->as_restful_array(false); + $this->assert_same(item::root()->id, $result["parent_id"]); + $this->assert_same($photo->id, $result["album_cover_item_id"]); + $this->assert_true(!array_key_exists("parent", $result)); + $this->assert_true(!array_key_exists("album_cover_item", $result)); + } + + public function as_restful_array_with_edit_bit_test() { + $response = item::root()->as_restful_array(true); + $this->assert_true($response["can_edit"]); + + identity::set_active_user(identity::guest()); + $response = item::root()->as_restful_array(true); + $this->assert_false($response["can_edit"]); + } + public function first_photo_becomes_album_cover() { $album = test::random_album(); $photo = test::random_photo($album); diff --git a/modules/gallery/tests/Items_Rest_Helper_Test.php b/modules/gallery/tests/Items_Rest_Helper_Test.php index 94bf912a..17e979a5 100644 --- a/modules/gallery/tests/Items_Rest_Helper_Test.php +++ b/modules/gallery/tests/Items_Rest_Helper_Test.php @@ -135,7 +135,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { items_rest::get($request)); } - public function get_ancestor_test() { + public function get_ancestors_test() { $album1 = test::random_album(); $photo1 = test::random_photo($album1); $album2 = test::random_album($album1); @@ -155,7 +155,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request = new stdClass(); $request->params = new stdClass(); - $request->params->ancestor_for = rest::url("item", $photo2); + $request->params->ancestors_for = rest::url("item", $photo2); $this->assert_equal_array( array( $restful_root, diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 0a75d6f7..68dca9cb 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -4,6 +4,7 @@ modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urle modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd") modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true)) modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) +modules/comment/views/admin_comments.html.php 5 DIRTY $form modules/comment/views/admin_manage_comments.html.php 43 DIRTY $menu->render() modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR $comment->id modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") @@ -32,8 +33,8 @@ modules/comment/views/comment.mrss.php 29 DIRTY $child modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width -modules/comment/views/comments.html.php 18 DIRTY_ATTR $comment->id -modules/comment/views/comments.html.php 21 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/comments.html.php 21 DIRTY_ATTR $comment->id +modules/comment/views/comments.html.php 24 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id modules/comment/views/user_profile_comments.html.php 10 DIRTY_JS $comment->item()->url() modules/comment/views/user_profile_comments.html.php 11 DIRTY $comment->item()->thumb_img(array(),50) diff --git a/modules/gallery_unit_test/controllers/gallery_unit_test.php b/modules/gallery_unit_test/controllers/gallery_unit_test.php index 80ee16d9..e241e1dd 100644 --- a/modules/gallery_unit_test/controllers/gallery_unit_test.php +++ b/modules/gallery_unit_test/controllers/gallery_unit_test.php @@ -89,7 +89,9 @@ class Gallery_Unit_Test_Controller extends Controller { } } - // Clean out the filesystem + // Clean out the filesystem. Note that this cleans out test/var/database.php, but that's ok + // because we technically don't need it anymore. If this is confusing, we could always + // arrange to preserve that one file. @system("rm -rf test/var"); @mkdir('test/var/logs', 0777, true); diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 72927c71..3229330a 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -18,9 +18,12 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class rest_Core { + const API_VERSION = "3.0"; + static function reply($data=array()) { Session::instance()->abort_save(); + header("X-Gallery-API-Version: " . rest::API_VERSION); if (Input::instance()->get("output") == "html") { header("Content-type: text/html"); if ($data) { diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index e4e53ef6..f23b9a58 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -29,6 +29,13 @@ class rest_event { ->execute(); } + + static function change_provider($new_provider) { + db::build() + ->delete("user_access_keys") + ->execute(); + } + /** * Called after a user has been added. Just add a remote access key * on every add. diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 22f83218..24c4ed2b 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -42,7 +42,7 @@ class search_Core { $data = $db->query($query); $count = $db->query("SELECT FOUND_ROWS() as c")->current()->c; - return array($count, new ORM_Iterator(ORM::factory("item"), $db->query($query))); + return array($count, new ORM_Iterator(ORM::factory("item"), $data)); } /** diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index d26919d5..18b463ca 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -124,7 +124,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/watermarks"))); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + print json_encode(array("result" => "error", "form" => rawurlencode((string) $form))); } } |