summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/g2_import/helpers/g2_import.php22
-rw-r--r--modules/g2_import/libraries/G2_Import_Exception.php39
-rw-r--r--modules/gallery/tests/xss_data.txt47
-rw-r--r--modules/rest/controllers/rest.php10
-rw-r--r--modules/rest/helpers/rest.php12
-rw-r--r--modules/rest/helpers/rest_event.php14
-rw-r--r--modules/rest/helpers/rest_installer.php14
-rw-r--r--modules/rest/models/user_access_key.php (renamed from modules/rest/models/user_access_token.php)2
-rw-r--r--modules/rest/module.info2
-rw-r--r--modules/rest/tests/Rest_Controller_Test.php22
10 files changed, 106 insertions, 78 deletions
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php
index 456c13c4..575d02bb 100644
--- a/modules/g2_import/helpers/g2_import.php
+++ b/modules/g2_import/helpers/g2_import.php
@@ -265,7 +265,7 @@ class g2_import_Core {
$e);
}
}
-
+
break;
case GROUP_ALL_USERS:
@@ -1203,23 +1203,3 @@ function g2() {
return $args;
}
}
-
-/**
- * A wrapper for exceptions to report more details in case
- * it's a ORM validation exception.
- */
-class G2_Import_Exception extends Exception {
- public function __construct($message, Exception $previous=null, $additional_messages=null) {
- if ($additional_messages) {
- $message .= "\n" . implode("\n", $additional_messages);
- }
- if ($previous && $previous instanceof ORM_Validation_Exception) {
- $message .= "\nORM validation errors: " . print_r($previous->validation->errors(), true);
- }
- if ($previous) {
- $message .= "\n" . (string) $previous;
- }
- // The $previous parameter is supported in PHP 5.3.0+.
- parent::__construct($message);
- }
-} \ No newline at end of file
diff --git a/modules/g2_import/libraries/G2_Import_Exception.php b/modules/g2_import/libraries/G2_Import_Exception.php
new file mode 100644
index 00000000..591f51cd
--- /dev/null
+++ b/modules/g2_import/libraries/G2_Import_Exception.php
@@ -0,0 +1,39 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2010 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/**
+ * A wrapper for exceptions to report more details in case
+ * it's a ORM validation exception.
+ */
+class G2_Import_Exception extends Exception {
+ public function __construct($message, Exception $previous=null, $additional_messages=null) {
+ if ($additional_messages) {
+ $message .= "\n" . implode("\n", $additional_messages);
+ }
+ if ($previous && $previous instanceof ORM_Validation_Exception) {
+ $message .= "\nORM validation errors: " . print_r($previous->validation->errors(), true);
+ }
+ if ($previous) {
+ $message .= "\n" . (string) $previous;
+ }
+ // The $previous parameter is supported in PHP 5.3.0+.
+ parent::__construct($message);
+ }
+} \ No newline at end of file
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index a3ca31f4..afad9e13 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -70,12 +70,12 @@ modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY_ATTR $is_
modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY_ATTR $tk->installed?" g-installed-toolkit":" g-unavailable"
modules/gallery/views/admin_graphics_imagemagick.html.php 18 DIRTY $tk->error
modules/gallery/views/admin_languages.html.php 43 DIRTY access::csrf_form_field()
-modules/gallery/views/admin_languages.html.php 60 DIRTY_ATTR (isset($installed_locales[$code]))?"g-available":""
-modules/gallery/views/admin_languages.html.php 60 DIRTY_ATTR ($default_locale==$code)?" g-selected":""
-modules/gallery/views/admin_languages.html.php 61 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code]))
-modules/gallery/views/admin_languages.html.php 62 DIRTY $display_name
-modules/gallery/views/admin_languages.html.php 64 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"'))
-modules/gallery/views/admin_languages.html.php 109 DIRTY $share_translations_form
+modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR (isset($installed_locales[$code]))?"g-available":""
+modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR ($default_locale==$code)?" g-selected":""
+modules/gallery/views/admin_languages.html.php 62 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code]))
+modules/gallery/views/admin_languages.html.php 63 DIRTY $display_name
+modules/gallery/views/admin_languages.html.php 65 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"'))
+modules/gallery/views/admin_languages.html.php 110 DIRTY $share_translations_form
modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR text::alternate("g-odd","g-even")
modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR log::severity_class($task->severity)
modules/gallery/views/admin_maintenance.html.php 25 DIRTY_ATTR log::severity_class($task->severity)
@@ -121,10 +121,10 @@ modules/gallery/views/admin_themes.html.php 76 DIRTY $info-
modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description
modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url
modules/gallery/views/error_404.html.php 14 DIRTY $login_form
-modules/gallery/views/form_uploadify.html.php 30 DIRTY_JS url::file("lib/uploadify/uploadify.swf")
-modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}")
-modules/gallery/views/form_uploadify.html.php 35 DIRTY_JS url::file("lib/uploadify/cancel.png")
-modules/gallery/views/form_uploadify.html.php 36 DIRTY_JS $simultaneous_upload_limit
+modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf")
+modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}")
+modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png")
+modules/gallery/views/form_uploadify.html.php 15 DIRTY_JS $simultaneous_upload_limit
modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form"))
modules/gallery/views/in_place_edit.html.php 3 DIRTY access::csrf_form_field()
modules/gallery/views/in_place_edit.html.php 6 DIRTY form::input("input",$form["input"]," class=\"textbox\"")
@@ -320,19 +320,20 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url
-themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme->url()
-themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head()
-themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top()
-themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top()
-themes/admin_wind/views/admin.html.php 46 DIRTY_JS item::root()->url()
-themes/admin_wind/views/admin.html.php 49 DIRTY $theme->user_menu()
-themes/admin_wind/views/admin.html.php 51 DIRTY $theme->admin_menu()
-themes/admin_wind/views/admin.html.php 53 DIRTY $theme->admin_header_bottom()
-themes/admin_wind/views/admin.html.php 60 DIRTY $content
-themes/admin_wind/views/admin.html.php 66 DIRTY $sidebar
-themes/admin_wind/views/admin.html.php 71 DIRTY $theme->admin_footer()
-themes/admin_wind/views/admin.html.php 73 DIRTY $theme->admin_credits()
-themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_page_bottom()
+themes/admin_wind/views/admin.html.php 9 DIRTY $page_title
+themes/admin_wind/views/admin.html.php 22 DIRTY_JS $theme->url()
+themes/admin_wind/views/admin.html.php 39 DIRTY $theme->admin_head()
+themes/admin_wind/views/admin.html.php 43 DIRTY $theme->admin_page_top()
+themes/admin_wind/views/admin.html.php 51 DIRTY $theme->admin_header_top()
+themes/admin_wind/views/admin.html.php 52 DIRTY_JS item::root()->url()
+themes/admin_wind/views/admin.html.php 55 DIRTY $theme->user_menu()
+themes/admin_wind/views/admin.html.php 57 DIRTY $theme->admin_menu()
+themes/admin_wind/views/admin.html.php 59 DIRTY $theme->admin_header_bottom()
+themes/admin_wind/views/admin.html.php 66 DIRTY $content
+themes/admin_wind/views/admin.html.php 72 DIRTY $sidebar
+themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_footer()
+themes/admin_wind/views/admin.html.php 79 DIRTY $theme->admin_credits()
+themes/admin_wind/views/admin.html.php 83 DIRTY $theme->admin_page_bottom()
themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor
themes/admin_wind/views/block.html.php 5 DIRTY $id
themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index 13594763..410eeece 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -34,7 +34,7 @@ class Rest_Controller extends Controller {
auth::login($user);
- $key = rest::get_access_token($user->id);
+ $key = rest::get_access_key($user->id);
rest::reply($key->access_key);
}
@@ -56,15 +56,15 @@ class Rest_Controller extends Controller {
}
$request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
- $request->access_token = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
+ $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
- if (empty($request->access_token) && !empty($request->params->access_token)) {
- $request->access_token = $request->params->access_token;
+ if (empty($request->access_key) && !empty($request->params->access_key)) {
+ $request->access_key = $request->params->access_key;
}
$request->url = url::abs_current(true);
- rest::set_active_user($request->access_token);
+ rest::set_active_user($request->access_key);
$handler_class = "{$function}_rest";
$handler_method = $request->method;
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 7440350f..49999520 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -37,13 +37,13 @@ class rest_Core {
}
}
- static function set_active_user($access_token) {
- if (empty($access_token)) {
+ static function set_active_user($access_key) {
+ if (empty($access_key)) {
throw new Rest_Exception("Forbidden", 403);
}
- $key = ORM::factory("user_access_token")
- ->where("access_key", "=", $access_token)
+ $key = ORM::factory("user_access_key")
+ ->where("access_key", "=", $access_key)
->find();
if (!$key->loaded()) {
@@ -58,8 +58,8 @@ class rest_Core {
identity::set_active_user($user);
}
- static function get_access_token($user_id) {
- $key = ORM::factory("user_access_token")
+ static function get_access_key($user_id) {
+ $key = ORM::factory("user_access_key")
->where("user_id", "=", $user_id)
->find();
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index 91affe7a..c89436c0 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -24,7 +24,7 @@ class rest_event {
*/
static function user_before_delete($user) {
db::build()
- ->delete("user_access_tokens")
+ ->delete("user_access_keys")
->where("id", "=", $user->id)
->execute();
}
@@ -34,7 +34,7 @@ class rest_event {
* on every add.
*/
static function user_add_form_admin_completed($user, $form) {
- $key = ORM::factory("user_access_token");
+ $key = ORM::factory("user_access_key");
$key->user_id = $user->id;
$key->access_key = md5($user->name . rand());
$key->save();
@@ -58,7 +58,7 @@ class rest_event {
* Get the form fields for user edit
*/
static function _get_access_key_form($user, $form) {
- $key = ORM::factory("user_access_token")
+ $key = ORM::factory("user_access_key")
->where("user_id", "=", $user->id)
->find();
@@ -68,7 +68,7 @@ class rest_event {
$key->save();
}
- $form->edit_user->input("user_access_token")
+ $form->edit_user->input("user_access_key")
->value($key->access_key)
->readonly("readonly")
->class("g-form-static")
@@ -87,9 +87,9 @@ class rest_event {
}
$view = new View("user_profile_rest.html");
- $key = ORM::factory("user_access_token")
- ->where("user_id", "=", $data->user->id)
- ->find();
+ $key = ORM::factory("user_access_key")
+ ->where("user_id", "=", $data->user->id)
+ ->find();
if (!$key->loaded()) {
$key->user_id = $data->user->id;
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
index f69f62d1..aeb9573e 100644
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -20,7 +20,7 @@
class rest_installer {
static function install() {
Database::instance()
- ->query("CREATE TABLE {user_access_tokens} (
+ ->query("CREATE TABLE {user_access_keys} (
`id` int(9) NOT NULL auto_increment,
`user_id` int(9) NOT NULL,
`access_key` char(32) NOT NULL,
@@ -28,10 +28,18 @@ class rest_installer {
UNIQUE KEY(`access_key`),
UNIQUE KEY(`user_id`))
DEFAULT CHARSET=utf8;");
- module::set_version("rest", 1);
+ module::set_version("rest", 2);
+ }
+
+ static function upgrade($version) {
+ $db = Database::instance();
+ if ($version == 1) {
+ $db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}");
+ module::set_version("rest", $version = 2);
+ }
}
static function uninstall() {
- Database::instance()->query("DROP TABLE IF EXISTS {user_access_tokens}");
+ Database::instance()->query("DROP TABLE IF EXISTS {user_access_keys}");
}
}
diff --git a/modules/rest/models/user_access_token.php b/modules/rest/models/user_access_key.php
index 44330768..1da0f5eb 100644
--- a/modules/rest/models/user_access_token.php
+++ b/modules/rest/models/user_access_key.php
@@ -17,5 +17,5 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
-class User_Access_Token_Model extends ORM {
+class User_Access_Key_Model extends ORM {
}
diff --git a/modules/rest/module.info b/modules/rest/module.info
index 45bd79e4..3ab7e165 100644
--- a/modules/rest/module.info
+++ b/modules/rest/module.info
@@ -1,4 +1,4 @@
name = "REST Access Module"
description = "The RESTful implementation/interface to Gallery3"
-version = 1
+version = 2
diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index 21be8300..6d09b214 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -21,7 +21,7 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
public function setup() {
$this->_save = array($_GET, $_POST, $_SERVER);
- $key = rest::get_access_token(1); // admin user
+ $key = rest::get_access_key(1); // admin user
$_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
}
@@ -34,14 +34,14 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
// There's no access key at first
$this->assert_false(
- ORM::factory("user_access_token")->where("user_id", "=", $user->id)->find()->loaded());
+ ORM::factory("user_access_key")->where("user_id", "=", $user->id)->find()->loaded());
$_POST["user"] = $user->name;
$_POST["password"] = "password";
$response = test::call_and_capture(array(new Rest_Controller(), "index"));
$expected =
- ORM::factory("user_access_token")->where("user_id", "=", $user->id)->find()->access_key;
+ ORM::factory("user_access_key")->where("user_id", "=", $user->id)->find()->access_key;
// Now there is an access key, and it was returned
$this->assert_equal(json_encode($expected), $response);
@@ -82,11 +82,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
$_SERVER["REQUEST_METHOD"] = "GET";
$_GET["key"] = "value";
- $key = rest::get_access_token(1); // admin user
+ $key = rest::get_access_key(1); // admin user
$this->assert_array_equal_to_json(
array("params" => array("key" => "value"),
"method" => "get",
- "access_token" => $key->access_key,
+ "access_key" => $key->access_key,
"url" => "http://./index.php/gallery_unit_test"),
test::call_and_capture(array(new Rest_Controller(), "mock")));
}
@@ -95,11 +95,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
$_SERVER["REQUEST_METHOD"] = "POST";
$_POST["key"] = "value";
- $key = rest::get_access_token(1); // admin user
+ $key = rest::get_access_key(1); // admin user
$this->assert_array_equal_to_json(
array("params" => array("key" => "value"),
"method" => "post",
- "access_token" => $key->access_key,
+ "access_key" => $key->access_key,
"url" => "http://./index.php/gallery_unit_test"),
test::call_and_capture(array(new Rest_Controller(), "mock")));
}
@@ -109,11 +109,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
$_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put";
$_POST["key"] = "value";
- $key = rest::get_access_token(1); // admin user
+ $key = rest::get_access_key(1); // admin user
$this->assert_array_equal_to_json(
array("params" => array("key" => "value"),
"method" => "put",
- "access_token" => $key->access_key,
+ "access_key" => $key->access_key,
"url" => "http://./index.php/gallery_unit_test"),
test::call_and_capture(array(new Rest_Controller(), "mock")));
}
@@ -123,11 +123,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
$_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete";
$_POST["key"] = "value";
- $key = rest::get_access_token(1); // admin user
+ $key = rest::get_access_key(1); // admin user
$this->assert_array_equal_to_json(
array("params" => array("key" => "value"),
"method" => "delete",
- "access_token" => $key->access_key,
+ "access_key" => $key->access_key,
"url" => "http://./index.php/gallery_unit_test"),
test::call_and_capture(array(new Rest_Controller(), "mock")));
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 12:46:52 +0000