diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/gallery/helpers/data_rest.php | 7 | ||||
| -rw-r--r-- | modules/gallery/tests/File_Structure_Test.php | 7 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 2 | ||||
| -rw-r--r-- | modules/gallery/views/form_uploadify.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/movieplayer.html.php | 3 | ||||
| -rw-r--r-- | modules/info/helpers/info_block.php | 7 | ||||
| -rw-r--r-- | modules/info/helpers/info_installer.php | 5 | ||||
| -rw-r--r-- | modules/info/module.info | 2 |
8 files changed, 27 insertions, 8 deletions
diff --git a/modules/gallery/helpers/data_rest.php b/modules/gallery/helpers/data_rest.php index d4f456d7..a0a225f9 100644 --- a/modules/gallery/helpers/data_rest.php +++ b/modules/gallery/helpers/data_rest.php @@ -25,7 +25,6 @@ class data_rest_Core { static function get($request) { $item = rest::resolve($request->url); - access::required("view", $item); $p = $request->params; if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) { @@ -36,10 +35,16 @@ class data_rest_Core { // see if you should make the same change there as well. if ($p->size == "full") { + if ($item->is_album()) { + throw new Kohana_404_Exception(); + } + access::required("view_full", $item); $file = $item->file_path(); } else if ($p->size == "resize") { + access::required("view", $item); $file = $item->resize_path(); } else { + access::required("view", $item); $file = $item->thumb_path(); } diff --git a/modules/gallery/tests/File_Structure_Test.php b/modules/gallery/tests/File_Structure_Test.php index f46d9d64..e42f7dcd 100644 --- a/modules/gallery/tests/File_Structure_Test.php +++ b/modules/gallery/tests/File_Structure_Test.php @@ -175,9 +175,10 @@ class File_Structure_Test extends Gallery_Unit_Test_Case { // Front controllers break; - case DOCROOT . "lib/uploadify/uploadify.php": - case DOCROOT . "lib/uploadify/uploadify.allglyphs.php": - // Uploadify wrappers - directly accessible + case DOCROOT . "lib/uploadify/uploadify.swf.php": + case DOCROOT . "lib/uploadify/uploadify.allglyphs.swf.php": + case DOCROOT . "lib/mediaelementjs/flashmediaelement.swf.php": + // SWF wrappers - directly accessible break; case DOCROOT . "local.php": diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 8504de3a..b15227d2 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -180,7 +180,7 @@ modules/gallery/views/error_admin.html.php 286 DIRTY_ATTR $env modules/gallery/views/error_admin.html.php 296 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 16 DIRTY_JS url::site("uploader/status/_S/_E") modules/gallery/views/form_uploadify.html.php 24 DIRTY_JS $flash_minimum_version -modules/gallery/views/form_uploadify.html.php 28 DIRTY_JS url::file("lib/uploadify/uploadify.php") +modules/gallery/views/form_uploadify.html.php 28 DIRTY_JS url::file("lib/uploadify/uploadify.swf.php") modules/gallery/views/form_uploadify.html.php 29 DIRTY_JS url::site("uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS implode(";",$extensions) modules/gallery/views/form_uploadify.html.php 33 DIRTY_JS url::file("lib/uploadify/cancel.png") diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 4963d185..bba6db73 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -25,7 +25,7 @@ $("#g-uploadify").uploadify({ width: 298, height: 32, - uploader: "<?= url::file("lib/uploadify/uploadify.php") ?>", + uploader: "<?= url::file("lib/uploadify/uploadify.swf.php") ?>", script: "<?= url::site("uploader/add_photo/{$album->id}") ?>", scriptData: <?= json_encode($script_data) ?>, fileExt: "<?= implode(";", $extensions) ?>", diff --git a/modules/gallery/views/movieplayer.html.php b/modules/gallery/views/movieplayer.html.php index f78cc91a..e4046906 100644 --- a/modules/gallery/views/movieplayer.html.php +++ b/modules/gallery/views/movieplayer.html.php @@ -11,7 +11,8 @@ defaultVideoHeight: <?= $height ?>, startVolume: 1.0, features: ["playpause", "progress", "current", "duration", "volume", "fullscreen"], - pluginPath: "<?= url::abs_file("lib/mediaelementjs/") ?>" + pluginPath: "<?= url::abs_file("lib/mediaelementjs/") ?>", + flashName: "flashmediaelement.swf.php" }, <?= json_encode($player_options) ?>) ); </script> diff --git a/modules/info/helpers/info_block.php b/modules/info/helpers/info_block.php index 62aa0746..238b18b5 100644 --- a/modules/info/helpers/info_block.php +++ b/modules/info/helpers/info_block.php @@ -72,6 +72,13 @@ class info_block_Core { ); } } + if (($theme->item->width && $theme->item->height) && module::get_var("info", "show_dimensions")) { + $info["size"] = array( + "label" => t("Dimensions:"), + "value" => t("%width x %height px", array("width" => $theme->item->width, "height" => $theme->item->height)) + ); + } + $block->content->metadata = $info; module::event("info_block_get_metadata", $block, $theme->item); diff --git a/modules/info/helpers/info_installer.php b/modules/info/helpers/info_installer.php index 43c216dc..2d06a0ef 100644 --- a/modules/info/helpers/info_installer.php +++ b/modules/info/helpers/info_installer.php @@ -25,6 +25,7 @@ class info_installer { module::set_var("info", "show_owner", 1); module::set_var("info", "show_name", 1); module::set_var("info", "show_captured", 1); + module::set_var("info", "show_dimensions", 1); } static function upgrade($version) { @@ -36,5 +37,9 @@ class info_installer { module::set_var("info", "show_captured", 1); module::set_version("info", $version = 2); } + if ($version == 2) { + module::set_var("info", "show_dimensions", 1); + module::set_version("info", $version = 3); + } } } diff --git a/modules/info/module.info b/modules/info/module.info index 0f35c922..33b16222 100644 --- a/modules/info/module.info +++ b/modules/info/module.info @@ -1,6 +1,6 @@ name = "Info" description = "Display extra information about photos and albums" -version = 2 +version = 3 author_name = "Gallery Team" author_url = "http://codex.galleryproject.org/Gallery:Team" info_url = "http://codex.galleryproject.org/Gallery3:Modules:info" |