diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/gallery/controllers/admin.php | 9 | ||||
| -rw-r--r-- | modules/gallery/controllers/login.php | 7 | ||||
| -rw-r--r-- | modules/gallery/controllers/logout.php | 11 | ||||
| -rw-r--r-- | modules/gallery/controllers/reauthenticate.php | 4 | ||||
| -rw-r--r-- | modules/gallery/helpers/auth.php | 1 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_event.php | 15 | ||||
| -rw-r--r-- | modules/gallery/helpers/item.php | 2 | ||||
| -rw-r--r-- | modules/gallery/libraries/MY_Kohana_Exception.php | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/Item_Helper_Test.php | 5 | ||||
| -rw-r--r-- | modules/rest/helpers/rest.php | 3 | ||||
| -rw-r--r-- | modules/search/helpers/search.php | 2 | ||||
| -rw-r--r-- | modules/watermark/controllers/admin_watermarks.php | 2 |
12 files changed, 43 insertions, 22 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 787a2138..c460f58c 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -22,7 +22,12 @@ class Admin_Controller extends Controller { public function __construct($theme=null) { if (!identity::active_user()->admin) { - access::forbidden(); + if (identity::active_user()->guest) { + Session::instance()->set("continue_url", url::abs_current(true)); + url::redirect("login"); + } else { + access::forbidden(); + } } parent::__construct(); @@ -78,7 +83,7 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get" && !request::is_ajax()) { // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); + Session::instance()->set("continue_url", url::abs_current(true)); } url::redirect("reauthenticate"); } diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 40125476..2b60316b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -38,15 +38,18 @@ class Login_Controller extends Controller { } public function html() { - print auth::get_login_form("login/auth_html"); + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Login"); + $view->content = auth::get_login_form("login/auth_html"); + print $view; } public function auth_html() { access::verify_csrf(); - $continue_url = Session::instance()->get("continue_url", null); list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { + $continue_url = $form->continue_url->value; url::redirect($continue_url ? $continue_url : item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 967dad49..20fa8074 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -21,14 +21,9 @@ class Logout_Controller extends Controller { public function index() { access::verify_csrf(); auth::logout(); - if ($continue_url = Input::instance()->get("continue")) { - $item = url::get_item_from_uri($continue_url); - if (access::can("view", $item)) { - // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: $continue_url"); - } else { - url::redirect(item::root()->abs_url()); - } + if ($continue_url = Input::instance()->get("continue_url")) { + url::redirect($continue_url); } + url::redirect(item::root()->abs_url()); } }
\ No newline at end of file diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 3503d80a..acb27f6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -37,8 +37,7 @@ class Reauthenticate_Controller extends Controller { if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - $continue_url = Session::instance()->get_once("continue_url", "admin"); - url::redirect($continue_url); + url::redirect($form->continue_url->value); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); @@ -59,6 +58,7 @@ class Reauthenticate_Controller extends Controller { private static function _form() { $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); $group = $form->group("reauthenticate")->label(t("Re-authenticate")); $group->password("password")->label(t("Password"))->id("g-password")->class(null) ->callback("auth::validate_too_many_failed_auth_attempts") diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 1a9fe869..48b5fc32 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -21,6 +21,7 @@ class auth_Core { static function get_login_form($url) { $form = new Forge($url, "", "post", array("id" => "g-login-form")); $form->set_attr("class", "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url")); $group = $form->group("login")->label(t("Login")); $group->input("name")->label(t("Username"))->id("g-username")->class(null) ->callback("auth::validate_too_many_failed_logins") diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index ae7131ae..55db47ce 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -157,11 +157,22 @@ class gallery_event_Core { ->view("login_current_user.html") ->url(user_profile::url($user->id)) ->label($user->display_name())); + + if (isset($theme->item)) { + if (access::user_can(identity::guest(), "view", $theme->item)) { + $continue_url = $theme->item->abs_url(); + } else { + $continue_url = item::root()->abs_url(); + } + } else { + $continue_url = url::abs_current(); + } + $menu->append(Menu::factory("link") ->id("user_menu_logout") ->css_id("g-logout-link") - ->url(url::site("logout?csrf=$csrf&continue=" . - urlencode(url::abs_current()))) + ->url(url::site("logout?csrf=$csrf&continue_url=" . + urlencode($continue_url))) ->label(t("Logout"))); } } diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index bbbe1058..15bbe977 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -136,7 +136,7 @@ class item_Core { */ static function convert_filename_to_title($filename) { $title = strtr($filename, "_", " "); - $title = preg_replace("/\..*?$/", "", $title); + $title = preg_replace("/\..{3,4}$/", "", $title); $title = preg_replace("/ +/", " ", $title); return $title; } diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php index e7ebdb1f..df7557ae 100644 --- a/modules/gallery/libraries/MY_Kohana_Exception.php +++ b/modules/gallery/libraries/MY_Kohana_Exception.php @@ -59,7 +59,7 @@ class Kohana_Exception extends Kohana_Exception_Core { private static function _show_themed_error_page(Exception $e) { // Create a text version of the exception $error = Kohana_Exception::text($e); - + // Add this exception to the log Kohana_Log::add('error', $error); @@ -83,8 +83,6 @@ class Kohana_Exception extends Kohana_Exception_Core { if ($view->content->is_guest) { $view->content->login_form = new View("login_ajax.html"); $view->content->login_form->form = auth::get_login_form("login/auth_html"); - // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); } } else { $view->page_title = t("Dang... Something went wrong!"); diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 4771b11a..00229973 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -41,6 +41,11 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { ORM::factory("item")->viewable()->where("id", "=", $item->id)->count_all()); } + public function convert_filename_to_title_test() { + $this->assert_equal("foo", item::convert_filename_to_title("foo.jpg")); + $this->assert_equal("foo.bar", item::convert_filename_to_title("foo.bar.jpg")); + } + public function convert_filename_to_slug_test() { $this->assert_equal("foo", item::convert_filename_to_slug("{[foo]}")); $this->assert_equal("foo-bar", item::convert_filename_to_slug("{[foo!@#!$@#^$@($!(@bar]}")); diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 72927c71..3229330a 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -18,9 +18,12 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class rest_Core { + const API_VERSION = "3.0"; + static function reply($data=array()) { Session::instance()->abort_save(); + header("X-Gallery-API-Version: " . rest::API_VERSION); if (Input::instance()->get("output") == "html") { header("Content-type: text/html"); if ($data) { diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 22f83218..24c4ed2b 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -42,7 +42,7 @@ class search_Core { $data = $db->query($query); $count = $db->query("SELECT FOUND_ROWS() as c")->current()->c; - return array($count, new ORM_Iterator(ORM::factory("item"), $db->query($query))); + return array($count, new ORM_Iterator(ORM::factory("item"), $data)); } /** diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index d26919d5..18b463ca 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -124,7 +124,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/watermarks"))); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + print json_encode(array("result" => "error", "form" => rawurlencode((string) $form))); } } |