5 files changed, 41 insertions, 11 deletions

diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php
index c4dc915b..cd4abe07 100644
--- a/modules/gallery/tests/Controller_Auth_Test.php
+++ b/modules/gallery/tests/Controller_Auth_Test.php
@@ -26,7 +26,7 @@ class Controller_Auth_Test extends Unit_Test_Case {
   public function find_missing_auth_test() {
     $found = array();
     foreach (glob("*/*/controllers/*.php") as $controller) {
-      if (strpos($controller, "modules/unit_test/") !== false) {
+      if (preg_match("{modules/(gallery_)?unit_test/}", $controller)) {
         continue;
       }
 
@@ -54,11 +54,11 @@ class Controller_Auth_Test extends Unit_Test_Case {
             $open_braces--;
             if ($open_braces == 1 && $function) {
               $found[$controller][] = $function;
+              $function = null;
             } else if ($open_braces == 0) {
               $is_admin_controller = false;
               $is_rest_controller = false;
             }
-            $function = null;
           } else if ($token == "{") {
             $open_braces++;
           }
@@ -80,6 +80,7 @@ class Controller_Auth_Test extends Unit_Test_Case {
             $previous_2 = $tokens[$token_number - 2][0];
             $is_private = in_array($previous, array(T_PRIVATE, T_PROTECTED)) ||
               in_array($previous_2, array(T_PRIVATE, T_PROTECTED));
+            $is_static = $previous == T_STATIC || $previous_2 == T_STATIC;
 
             // Search forward to get function name
             do {
@@ -91,7 +92,9 @@ class Controller_Auth_Test extends Unit_Test_Case {
               }
             } while ($token_number < count($tokens));
 
-            if (!$is_private || ($is_rest_controller && in_array($name, self::$rest_methods))) {
+            if (!$is_static &&
+                (!$is_private ||
+                 ($is_rest_controller && in_array($name, self::$rest_methods)))) {
               $function = self::_function($name, $line, $is_admin_controller);
               if ($is_rest_controller && in_array($name, self::$rest_methods_with_csrf_check)) {
                 $function->checks_csrf(true);
@@ -110,7 +113,8 @@ class Controller_Auth_Test extends Unit_Test_Case {
             if ($token[0] == T_STRING) {
               if ($token[1] == "access" &&
                   self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) &&
-                  self::_token_matches(array(T_STRING, "required"), $tokens, $token_number + 2) &&
+                  self::_token_matches(array(T_STRING), $tokens, $token_number + 2) &&
+                  in_array($tokens[$token_number + 2][1], array("forbidden", "required")) && 
                   self::_token_matches("(", $tokens, $token_number + 3)) {
                 $token_number += 3;
                 $function->checks_authorization(true);
@@ -125,7 +129,7 @@ class Controller_Auth_Test extends Unit_Test_Case {
                 $token_number++;
                 $function->uses_input(true);
               }
-            } else if ($token == T_VARIABLE) {
+            } else if ($token[0] == T_VARIABLE) {
               if ($token[1] == '$this' &&
                   self::_token_matches(array(T_OBJECT_OPERATOR), $tokens, $token_number + 1) &&
                   self::_token_matches(array(T_STRING, "input"), $tokens, $token_number + 2)) {
@@ -152,7 +156,6 @@ class Controller_Auth_Test extends Unit_Test_Case {
       $is_admin_controller = true;
       foreach ($functions as $function) {
         $is_admin_controller &= $function->is_admin_controller;
-
         $flags = array();
         if ($function->uses_input() && !$function->checks_csrf()) {
           $flags[] = "DIRTY_CSRF";
@@ -224,14 +227,14 @@ class Controller_Auth_Test_Function {
 
   function uses_input($val=null) {
     if ($val !== null) {
-      $this->_uses_input = $val;
+      $this->_uses_input = (bool) $val;
     }
     return $this->_uses_input;
   }
 
   function checks_authorization($val=null) {
     if ($val !== null) {
-      $this->_checks_authorization = $val;
+      $this->_checks_authorization = (bool) $val;
     }
     return $this->_checks_authorization;
   }
diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt
index aabd2863..fcb977e4 100644
--- a/modules/gallery/tests/controller_auth_data.txt
+++ b/modules/gallery/tests/controller_auth_data.txt
@@ -1,8 +1,17 @@
 modules/comment/controllers/admin_comments.php               queue                DIRTY_CSRF
+modules/comment/controllers/comments.php                     _index               DIRTY_CSRF
+modules/digibug/controllers/digibug.php                      print_proxy          DIRTY_CSRF|DIRTY_AUTH
 modules/digibug/controllers/digibug.php                      close_window         DIRTY_AUTH
+modules/gallery/controllers/admin.php                        __call               DIRTY_AUTH
+modules/gallery/controllers/albums.php                       _show                DIRTY_CSRF
+modules/gallery/controllers/albums.php                       _form_add            DIRTY_CSRF
 modules/gallery/controllers/combined.php                     javascript           DIRTY_AUTH
 modules/gallery/controllers/combined.php                     css                  DIRTY_AUTH
+modules/gallery/controllers/file_proxy.php                   __call               DIRTY_CSRF|DIRTY_AUTH
 modules/gallery/controllers/maintenance.php                  index                DIRTY_AUTH
+modules/gallery/controllers/rest.php                         __construct          DIRTY_AUTH
+modules/gallery/controllers/rest.php                         __call               DIRTY_AUTH
+modules/gallery/controllers/rest.php                         form_edit            DIRTY_AUTH
 modules/gallery/controllers/rest.php                         form_add             DIRTY_AUTH
 modules/gallery/controllers/rest.php                         _index               DIRTY_AUTH
 modules/gallery/controllers/rest.php                         _create              DIRTY_AUTH
@@ -13,5 +22,18 @@ modules/gallery/controllers/rest.php                         _form_add
 modules/gallery/controllers/rest.php                         _form_edit           DIRTY_AUTH
 modules/gallery/controllers/simple_uploader.php              start                DIRTY_AUTH
 modules/gallery/controllers/simple_uploader.php              finish               DIRTY_AUTH
+modules/gallery/controllers/upgrader.php                     index                DIRTY_AUTH
+modules/gallery/controllers/welcome_message.php              index                DIRTY_AUTH
+modules/rss/controllers/rss.php                              feed                 DIRTY_CSRF|DIRTY_AUTH
+modules/search/controllers/search.php                        index                DIRTY_CSRF|DIRTY_AUTH
+modules/server_add/controllers/admin_server_add.php          autocomplete         DIRTY_CSRF
+modules/server_add/controllers/server_add.php                children             DIRTY_CSRF
+modules/tag/controllers/admin_tags.php                       index                DIRTY_CSRF
+modules/tag/controllers/tags.php                             _show                DIRTY_CSRF|DIRTY_AUTH
 modules/user/controllers/login.php                           ajax                 DIRTY_AUTH
+modules/user/controllers/login.php                           auth_ajax            DIRTY_AUTH
 modules/user/controllers/login.php                           html                 DIRTY_AUTH
+modules/user/controllers/login.php                           auth_html            DIRTY_AUTH
+modules/user/controllers/logout.php                          index                DIRTY_CSRF|DIRTY_AUTH
+modules/user/controllers/password.php                        reset                DIRTY_AUTH
+modules/user/controllers/password.php                        do_reset             DIRTY_CSRF|DIRTY_AUTH
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php
index 259c94e7..08c80de3 100644
--- a/modules/organize/controllers/organize.php
+++ b/modules/organize/controllers/organize.php
@@ -45,9 +45,13 @@ class Organize_Controller extends Controller {
     access::verify_csrf();
 
     $target_album = ORM::factory("item", $target_album_id);
+    access::required("view", $target_album);
+    access::required("add", $target_album);
+
     foreach ($this->input->post("source_ids") as $source_id) {
       $source = ORM::factory("item", $source_id);
       if (!$source->contains($target_album)) {
+        access::required("edit", $source);
         item::move($source, $target_album);
       }
     }
diff --git a/modules/rss/controllers/rss.php b/modules/rss/controllers/rss.php
index b89bed40..015d6032 100644
--- a/modules/rss/controllers/rss.php
+++ b/modules/rss/controllers/rss.php
@@ -21,13 +21,13 @@ class Rss_Controller extends Controller {
   public static $page_size = 20;
 
   public function feed($module_id, $feed_id, $id=null) {
-    $page = $this->input->get("page", 1);
+    $page = (int) $this->input->get("page", 1);
     if ($page < 1) {
       url::redirect(url::merge(array("page" => 1)));
     }
 
     // Configurable page size between 1 and 100, default 20
-    $page_size = max(1, min(100, $this->input->get("page_size", self::$page_size)));
+    $page_size = max(1, min(100, (int) $this->input->get("page_size", self::$page_size)));
 
     // Run the appropriate feed callback
     if (module::is_active($module_id)) {
diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php
index f4f98090..b9f2c61c 100644
--- a/modules/tag/controllers/tags.php
+++ b/modules/tag/controllers/tags.php
@@ -44,7 +44,8 @@ class Tags_Controller extends REST_Controller {
 
   public function _index() {
     // Far from perfection, but at least require view permission for the root album
-    access::required("view", 1);
+    $album = ORM::factory("item", 1);
+    access::required("view", $album);
     print tag::cloud(30);
   }