From 8493a3d36f597e183490ae880b35a3d98f50a045 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Jul 2010 08:23:17 -0700 Subject: If the admin request originates as a dialog link, don't display the entire page when reauthenticating the administrator. Just put the form in the dialog. --- modules/gallery/controllers/admin.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers/admin.php') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index c460f58c..d9bee284 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -38,7 +38,8 @@ class Admin_Controller extends Controller { return self::_reauth_check(); } if (auth::must_reauth_for_admin_area()) { - return self::_prompt_for_reauth($controller_name, $args); + print self::_prompt_for_reauth($controller_name, $args); + return; } if (request::method() == "post") { @@ -85,7 +86,13 @@ class Admin_Controller extends Controller { // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::abs_current(true)); } - url::redirect("reauthenticate"); + + // Check that we we not in a dialog. If we are, then use an ajax response. + if (strpos(Router::$query_string, "g-in-dialog") === false) { + url::redirect("reauthenticate"); + } else { + return reauthenticate::get_authenticate_form(); + } } } -- cgit v1.2.3 From 45b210c2879d93067f3d903b83cd56d392c75156 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 5 Jul 2010 08:44:46 -0700 Subject: Add maessage when we automatically log you out of the admin area. --- modules/gallery/controllers/admin.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/gallery/controllers/admin.php') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index c460f58c..40dd260b 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -74,6 +74,7 @@ class Admin_Controller extends Controller { $result = new stdClass(); $result->result = "success"; if ($time_remaining < 30) { + message::success(t("Automatically logged out of the admin area for your security")); $result->location = url::abs_site(""); } -- cgit v1.2.3 From 226d1f714635995722fe7927f8ec049fe3890011 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Jul 2010 08:58:36 -0700 Subject: Revert "If the admin request originates as a dialog link, don't display the entire page when reauthenticating the administrator. Just put the form in the dialog." This reverts commit 8493a3d36f597e183490ae880b35a3d98f50a045. --- lib/gallery.dialog.js | 3 +-- modules/gallery/controllers/admin.php | 11 ++------ modules/gallery/controllers/reauthenticate.php | 20 ++++++++++++-- modules/gallery/helpers/reauthenticate.php | 36 -------------------------- 4 files changed, 21 insertions(+), 49 deletions(-) delete mode 100644 modules/gallery/helpers/reauthenticate.php (limited to 'modules/gallery/controllers/admin.php') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index dd1a5663..6ec8c634 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -26,8 +26,7 @@ $("#g-dialog").gallery_show_loading(); - var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; - $.get(url, function(data) { + $.get(sHref, function(data) { $("#g-dialog").html(data).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index d9bee284..c460f58c 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -38,8 +38,7 @@ class Admin_Controller extends Controller { return self::_reauth_check(); } if (auth::must_reauth_for_admin_area()) { - print self::_prompt_for_reauth($controller_name, $args); - return; + return self::_prompt_for_reauth($controller_name, $args); } if (request::method() == "post") { @@ -86,13 +85,7 @@ class Admin_Controller extends Controller { // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::abs_current(true)); } - - // Check that we we not in a dialog. If we are, then use an ajax response. - if (strpos(Router::$query_string, "g-in-dialog") === false) { - url::redirect("reauthenticate"); - } else { - return reauthenticate::get_authenticate_form(); - } + url::redirect("reauthenticate"); } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 9ddaff2e..acb27f6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,7 +22,7 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - return self::_show_form(reauthenticate::get_authenticate_form()); + return self::_show_form(self::_form()); } public function auth() { @@ -31,7 +31,7 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); - $form = reauthenticate::get_authenticate_form(); + $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { @@ -54,4 +54,20 @@ class Reauthenticate_Controller extends Controller { $view->content->user_name = identity::active_user()->name; print $view; } + + private static function _form() { + $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); + $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); + $group = $form->group("reauthenticate")->label(t("Re-authenticate")); + $group->password("password")->label(t("Password"))->id("g-password")->class(null) + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid_password", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->submit("")->value(t("Submit")); + return $form; + } } diff --git a/modules/gallery/helpers/reauthenticate.php b/modules/gallery/helpers/reauthenticate.php deleted file mode 100644 index 1ad90e15..00000000 --- a/modules/gallery/helpers/reauthenticate.php +++ /dev/null @@ -1,36 +0,0 @@ - "g-reauthenticate-form")); - $form->set_attr('class', "g-narrow"); - $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); - $group = $form->group("reauthenticate")->label(t("Re-authenticate")); - $group->password("password")->label(t("Password"))->id("g-password")->class(null) - ->callback("auth::validate_too_many_failed_auth_attempts") - ->callback("user::valid_password") - ->error_messages("invalid_password", t("Incorrect password")) - ->error_messages( - "too_many_failed_auth_attempts", - t("Too many incorrect passwords. Try again later")); - $group->submit("")->value(t("Submit")); - return $form; - } -} -- cgit v1.2.3 From 9538b3888dadbe3a6fac72e2a97f97c7db3d86f2 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 7 Jul 2010 08:58:38 -0700 Subject: Fix for ticket #1176. Have the gallery.dialog code add a g-in-dialog parameter to the url to let the controller know its in a dialog. The reauthenticate controller will format the password prompt as a page or a form content. If authentication is successful, then the original controller is called instead of being redirected to. --- lib/gallery.dialog.js | 3 +- modules/gallery/controllers/admin.php | 8 +++-- modules/gallery/controllers/reauthenticate.php | 45 ++++++++++++++++++++++++-- 3 files changed, 50 insertions(+), 6 deletions(-) (limited to 'modules/gallery/controllers/admin.php') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 1e91e3ae..e6bd7392 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -27,7 +27,8 @@ $("#g-dialog").gallery_show_loading(); - $.getJSON(sHref, function(data) { + var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; + $.getJSON(url, function(data) { $("#g-dialog").html(unescape(data.form)).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 40dd260b..7d2a0c43 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -82,10 +82,14 @@ class Admin_Controller extends Controller { } private static function _prompt_for_reauth($controller_name, $args) { - if (request::method() == "get" && !request::is_ajax()) { + if (request::method() == "get") { // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::abs_current(true)); + $reauthenticate = array("continue_url" => url::abs_current(true), + "in_dialog" => strpos(Router::$query_string, "g-in-dialog") !== false, + "controller" => $controller_name, "args" => $args); + Session::instance()->set("reauthenticate", $reauthenticate); } + url::redirect("reauthenticate"); } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index acb27f6a..fb1b13bc 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,7 +22,12 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - return self::_show_form(self::_form()); + $reauthenticate = Session::instance()->get("reauthenticate", array()); + if (empty($reauthenticate["in_dialog"])) { + self::_show_form(self::_form()); + } else { + print json_encode(array("form" => (string) self::_form())); + } } public function auth() { @@ -31,18 +36,30 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); + $reauthenticate = Session::instance()->get("reauthenticate", array()); + Kohana_Log::add("error", Kohana::debug($reauthenticate)); + $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - url::redirect($form->continue_url->value); + Session::instance()->delete("reauthenticate"); + if (empty($reauthenticate["in_dialog"])) { + url::redirect($reauthenticate["continue_url"]); + } else { + self::_call_admin_function($reauthenticate); + } } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); module::event("user_auth_failed", $name); - return self::_show_form($form); + if (empty($reauthenticate["in_dialog"])) { + self::_show_form($form); + } else { + print json_encode(array("form" => (string) $form)); + } } } @@ -52,6 +69,7 @@ class Reauthenticate_Controller extends Controller { $view->content = new View("reauthenticate.html"); $view->content->form = $form; $view->content->user_name = identity::active_user()->name; + print $view; } @@ -70,4 +88,25 @@ class Reauthenticate_Controller extends Controller { $group->submit("")->value(t("Submit")); return $form; } + + private static function _call_admin_function($reauthenticate) { + $controller_name = $reauthenticate["controller"]; + $args = $reauthenticate["args"]; + if ($controller_name == "index") { + $controller_name = "dashboard"; + } + + $controller_name = "Admin_{$controller_name}_Controller"; + if ($args) { + $method = array_shift($args); + } else { + $method = "index"; + } + + if (!method_exists($controller_name, $method)) { + throw new Kohana_404_Exception(); + } + + call_user_func_array(array(new $controller_name, $method), $args); + } } -- cgit v1.2.3 From 155d2b809b5d416f39bc71ce10c2704b886eccef Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 15 Jul 2010 14:54:45 -0700 Subject: Rename g-in-dialog to the naming standard for query parameters and give it something more representative... 'gallery_dialog_request' --- lib/gallery.dialog.js | 2 +- modules/gallery/controllers/admin.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'modules/gallery/controllers/admin.php') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 1d0eae7e..a36c561a 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -27,7 +27,7 @@ $("#g-dialog").gallery_show_loading(); - var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; + var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "gallery_dialog_request=1"; $.getJSON(url, function(data) { $("#g-dialog").html(unescape(data.form)).gallery_show_loading(); diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 7d2a0c43..3befac7d 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -84,9 +84,9 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get") { // Avoid anti-phishing protection by passing the url as session variable. - $reauthenticate = array("continue_url" => url::abs_current(true), - "in_dialog" => strpos(Router::$query_string, "g-in-dialog") !== false, - "controller" => $controller_name, "args" => $args); + $reauthenticate = + array("continue_url" => url::abs_current(true), + "in_dialog" => strpos(Router::$query_string, "gallery_dialog_request") !== false); Session::instance()->set("reauthenticate", $reauthenticate); } -- cgit v1.2.3 From 583950616ef7c89acc0b0cbb52e77ffdb0afbb3d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 16 Jul 2010 11:58:13 -0700 Subject: Improve the fix for #1176 to use request::is_ajax() instead of tacking on a query param to urls that appear in dialogs. This keeps things simpler. --- lib/gallery.dialog.js | 3 +-- modules/gallery/controllers/admin.php | 5 +---- modules/gallery/controllers/reauthenticate.php | 17 ++++++----------- 3 files changed, 8 insertions(+), 17 deletions(-) (limited to 'modules/gallery/controllers/admin.php') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index a36c561a..cc35f5cd 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -27,8 +27,7 @@ $("#g-dialog").gallery_show_loading(); - var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "gallery_dialog_request=1"; - $.getJSON(url, function(data) { + $.getJSON(sHref, function(data) { $("#g-dialog").html(unescape(data.form)).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 3befac7d..eacacb28 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -84,10 +84,7 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get") { // Avoid anti-phishing protection by passing the url as session variable. - $reauthenticate = - array("continue_url" => url::abs_current(true), - "in_dialog" => strpos(Router::$query_string, "gallery_dialog_request") !== false); - Session::instance()->set("reauthenticate", $reauthenticate); + Session::instance()->set("continue_url", url::abs_current(true)); } url::redirect("reauthenticate"); diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 7378ea73..3cff2b6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,11 +22,10 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - $reauthenticate = Session::instance()->get("reauthenticate", array()); - if (empty($reauthenticate["in_dialog"])) { - self::_show_form(self::_form()); - } else { + if (request::is_ajax()) { print json_encode(array("form" => (string) self::_form())); + } else { + self::_show_form(self::_form()); } } @@ -36,18 +35,15 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); - $reauthenticate = Session::instance()->get("reauthenticate", array()); - $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { module::event("user_auth", $user); - Session::instance()->delete("reauthenticate"); - if (empty($reauthenticate["in_dialog"])) { + if (!request::is_ajax()) { message::success(t("Successfully re-authenticated!")); } - url::redirect($reauthenticate["continue_url"]); + url::redirect(Session::instance()->get_once("continue_url")); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); @@ -72,8 +68,7 @@ class Reauthenticate_Controller extends Controller { private static function _form() { $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); - $form->set_attr('class', "g-narrow"); - $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); + $form->set_attr("class", "g-narrow"); $group = $form->group("reauthenticate")->label(t("Re-authenticate")); $group->password("password")->label(t("Password"))->id("g-password")->class(null) ->callback("auth::validate_too_many_failed_auth_attempts") -- cgit v1.2.3 From 48c2e73048be15c7d575293e0e5c69b93ab92398 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 21 Jul 2010 21:30:13 -0700 Subject: More patches as part of #1225. Change the 'core' modules to use the json::reply method to set the content type header and encode the response as a json object --- .../comment/controllers/admin_manage_comments.php | 8 ++++---- modules/comment/controllers/comments.php | 9 ++++----- modules/exif/controllers/exif.php | 2 +- modules/gallery/controllers/admin.php | 2 +- .../controllers/admin_advanced_settings.php | 4 ++-- modules/gallery/controllers/admin_languages.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 10 +++++----- modules/gallery/controllers/admin_modules.php | 2 +- modules/gallery/controllers/admin_sidebar.php | 2 +- modules/gallery/controllers/albums.php | 14 +++++++------- modules/gallery/controllers/l10n_client.php | 2 +- modules/gallery/controllers/login.php | 7 +++---- modules/gallery/controllers/move.php | 6 ++---- modules/gallery/controllers/movies.php | 8 ++++---- modules/gallery/controllers/permissions.php | 2 +- modules/gallery/controllers/photos.php | 8 ++++---- modules/gallery/controllers/quick.php | 14 +++++++------- modules/gallery/controllers/reauthenticate.php | 4 ++-- modules/gallery/controllers/uploader.php | 4 ++-- modules/gallery/controllers/user_profile.php | 6 +++--- modules/organize/controllers/organize.php | 10 +++++----- modules/rest/helpers/rest.php | 3 +-- modules/server_add/controllers/server_add.php | 6 +++--- modules/tag/controllers/admin_tags.php | 13 +++++-------- modules/tag/controllers/tags.php | 6 ++---- modules/user/controllers/password.php | 8 +++----- modules/watermark/controllers/admin_watermarks.php | 22 +++++++++------------- 27 files changed, 84 insertions(+), 100 deletions(-) (limited to 'modules/gallery/controllers/admin.php') diff --git a/modules/comment/controllers/admin_manage_comments.php b/modules/comment/controllers/admin_manage_comments.php index bc1c9e64..e451791f 100644 --- a/modules/comment/controllers/admin_manage_comments.php +++ b/modules/comment/controllers/admin_manage_comments.php @@ -34,10 +34,10 @@ class Admin_Manage_Comments_Controller extends Admin_Controller { public function menu_labels() { $menu = $this->_menu($this->_counts()); - print json_encode(array((string) $menu->get("unpublished")->label, - (string) $menu->get("published")->label, - (string) $menu->get("spam")->label, - (string) $menu->get("deleted")->label)); + json::reply(array((string) $menu->get("unpublished")->label, + (string) $menu->get("published")->label, + (string) $menu->get("spam")->label, + (string) $menu->get("deleted")->label)); } public function queue($state) { diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index c42ad24e..8826469d 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -56,13 +56,12 @@ class Comments_Controller extends Controller { $view = new Theme_View("comment.html", "other", "comment-fragment"); $view->comment = $comment; - print json_encode( - array("result" => "success", - "view" => (string) $view, - "form" => (string) comment::get_add_form($item))); + json::reply(array("result" => "success", + "view" => (string) $view, + "form" => (string) comment::get_add_form($item))); } else { $form = comment::prefill_add_form($form); - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } diff --git a/modules/exif/controllers/exif.php b/modules/exif/controllers/exif.php index fe5b2ff4..51e33081 100644 --- a/modules/exif/controllers/exif.php +++ b/modules/exif/controllers/exif.php @@ -28,6 +28,6 @@ class Exif_Controller extends Controller { $view = new View("exif_dialog.html"); $view->details = exif::get($item); - print json_encode(array("form" => (string) $view)); + json::reply(array("form" => (string) $view)); } } diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index eacacb28..7ea15d3d 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -78,7 +78,7 @@ class Admin_Controller extends Controller { $result->location = url::abs_site(""); } - print json_encode($result); + json::reply($result); } private static function _prompt_for_reauth($controller_name, $args) { diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 2bbbdf50..086f7603 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -39,7 +39,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { $group->input("var_name")->label(t("Setting"))->value($var_name)->disabled(1); $group->textarea("value")->label(t("Value"))->value($value); $group->submit("")->value(t("Save")); - print json_encode(array("form" => (string) $form)); + json::reply(array("form" => (string) $form)); } public function save($module_name, $var_name) { @@ -50,6 +50,6 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { t("Saved value for %var (%module_name)", array("var" => $var_name, "module_name" => $module_name))); - print json_encode(array("result" => "success")); + json::reply(array("result" => "success")); } } diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index 2e993816..573ededf 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -51,7 +51,7 @@ class Admin_Languages_Controller extends Admin_Controller { } module::set_var("gallery", "default_locale", $new_default_locale); - print json_encode(array("result" => "success")); + json::reply(array("result" => "success")); } public function share() { diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 489f5d54..5d06d224 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -64,7 +64,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { log::info("tasks", t("Task %task_name started (task id %task_id)", array("task_name" => $task->name, "task_id" => $task->id)), html::anchor("admin/maintenance", t("maintenance"))); - print json_encode(array("form" => (string) $view)); + json::reply(array("form" => (string) $view)); } /** @@ -86,7 +86,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { log::info("tasks", t("Task %task_name resumed (task id %task_id)", array("task_name" => $task->name, "task_id" => $task->id)), html::anchor("admin/maintenance", t("maintenance"))); - print json_encode(array("form" => (string) $view)); + json::reply(array("form" => (string) $view)); } /** @@ -103,7 +103,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { $view = new View("admin_maintenance_show_log.html"); $view->task = $task; - print json_encode(array("form" => (string) $view)); + json::reply(array("form" => (string) $view)); } /** @@ -211,7 +211,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { break; } // Using sprintf("%F") to avoid comma as decimal separator. - print json_encode(array("result" => "success", + json::reply(array("result" => "success", "task" => array( "percent_complete" => sprintf("%F", $task->percent_complete), "status" => (string) $task->status, @@ -219,7 +219,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { "location" => url::site("admin/maintenance"))); } else { - print json_encode(array("result" => "in_progress", + json::reply(array("result" => "in_progress", "task" => array( "percent_complete" => sprintf("%F", $task->percent_complete), "status" => (string) $task->status, diff --git a/modules/gallery/controllers/admin_modules.php b/modules/gallery/controllers/admin_modules.php index bf638a37..f5af9a5a 100644 --- a/modules/gallery/controllers/admin_modules.php +++ b/modules/gallery/controllers/admin_modules.php @@ -57,7 +57,7 @@ class Admin_Modules_Controller extends Admin_Controller { $result["dialog"] = (string)$v; $result["allow_continue"] = empty($messages["error"]); } - print json_encode($result); + json::reply($result); } public function save() { diff --git a/modules/gallery/controllers/admin_sidebar.php b/modules/gallery/controllers/admin_sidebar.php index fb857e4e..2e49097a 100644 --- a/modules/gallery/controllers/admin_sidebar.php +++ b/modules/gallery/controllers/admin_sidebar.php @@ -50,7 +50,7 @@ class Admin_Sidebar_Controller extends Admin_Controller { $result["active"] = $v->render(); $message = t("Updated sidebar blocks"); $result["message"] = (string) $message; - print json_encode($result); + json::reply($result); } private function _get_blocks() { diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 8aed1341..584e4f15 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -113,9 +113,9 @@ class Albums_Controller extends Items_Controller { message::success(t("Created album %album_title", array("album_title" => html::purify($album->title)))); - print json_encode(array("result" => "success", "location" => $album->url())); + json::reply(array("result" => "success", "location" => $album->url())); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } @@ -153,13 +153,13 @@ class Albums_Controller extends Items_Controller { if ($form->from_id->value == $album->id) { // Use the new url; it might have changed. - print json_encode(array("result" => "success", "location" => $album->url())); + json::reply(array("result" => "success", "location" => $album->url())); } else { // Stay on the same page - print json_encode(array("result" => "success")); + json::reply(array("result" => "success")); } } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } @@ -168,7 +168,7 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("add", $album); - print json_encode(array("form" => (string) album::get_add_form($album))); + json::reply(array("form" => (string) album::get_add_form($album))); } public function form_edit($album_id) { @@ -176,6 +176,6 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("edit", $album); - print json_encode(array("form" => (string) album::get_edit_form($album))); + json::reply(array("form" => (string) album::get_edit_form($album))); } } diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php index d5b322ef..6833a9ae 100644 --- a/modules/gallery/controllers/l10n_client.php +++ b/modules/gallery/controllers/l10n_client.php @@ -91,7 +91,7 @@ class L10n_Client_Controller extends Controller { Gallery_I18n::clear_cache($locale); - print json_encode(new stdClass()); + json::reply(new stdClass()); } public function toggle_l10n_mode() { diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index b823504b..3454a245 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -22,7 +22,7 @@ class Login_Controller extends Controller { public function ajax() { $view = new View("login_ajax.html"); $view->form = auth::get_login_form("login/auth_ajax"); - print json_encode(array("form" => (string) $view)); + json::reply(array("form" => (string) $view)); } public function auth_ajax() { @@ -30,10 +30,9 @@ class Login_Controller extends Controller { list ($valid, $form) = $this->_auth("login/auth_ajax"); if ($valid) { - print json_encode( - array("result" => "success")); + json::reply(array("result" => "success")); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } diff --git a/modules/gallery/controllers/move.php b/modules/gallery/controllers/move.php index a99ef341..c47cdd95 100644 --- a/modules/gallery/controllers/move.php +++ b/modules/gallery/controllers/move.php @@ -26,7 +26,7 @@ class Move_Controller extends Controller { $view = new View("move_browse.html"); $view->source = $source; $view->tree = $this->_get_tree_html($source, ORM::factory("item", 1)); - print json_encode(array("form" => (string) $view)); + json::reply(array("form" => (string) $view)); } public function save($source_id) { @@ -41,9 +41,7 @@ class Move_Controller extends Controller { item::move($source, $target); - print json_encode( - array("result" => "success", - "location" => $target->url())); + json::reply(array("result" => "success", "location" => $target->url())); } public function show_sub_tree($source_id, $target_id) { diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index c18dbcde..fe6669e6 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -87,13 +87,13 @@ class Movies_Controller extends Items_Controller { if ($form->from_id->value == $movie->id) { // Use the new url; it might have changed. - print json_encode(array("result" => "success", "location" => $movie->url())); + json::reply(array("result" => "success", "location" => $movie->url())); } else { // Stay on the same page - print json_encode(array("result" => "success")); + json::reply(array("result" => "success")); } } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } @@ -102,6 +102,6 @@ class Movies_Controller extends Items_Controller { access::required("view", $movie); access::required("edit", $movie); - print json_encode(array("form" => (string) movie::get_edit_form($movie))); + json::reply(array("form" => (string) movie::get_edit_form($movie))); } } diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index 8fdda7b2..57f5ccb6 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -33,7 +33,7 @@ class Permissions_Controller extends Controller { $view->parents = $item->parents(); $view->form = $this->_get_form($item); - print json_encode(array("form" => (string) $view)); + json::reply(array("form" => (string) $view)); } function form($id) { diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 9f17cebb..7c834e64 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -87,13 +87,13 @@ class Photos_Controller extends Items_Controller { if ($form->from_id->value == $photo->id) { // Use the new url; it might have changed. - print json_encode(array("result" => "success", "location" => $photo->url())); + json::reply(array("result" => "success", "location" => $photo->url())); } else { // Stay on the same page - print json_encode(array("result" => "success")); + json::reply(array("result" => "success")); } } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } @@ -102,6 +102,6 @@ class Photos_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - print json_encode(array("form" => (string) photo::get_edit_form($photo))); + json::reply(array("form" => (string) photo::get_edit_form($photo))); } } diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 253a279b..1d9194c7 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -58,12 +58,12 @@ class Quick_Controller extends Controller { } if (Input::instance()->get("page_type") == "collection") { - print json_encode( + json::reply( array("src" => $item->thumb_url(), "width" => $item->thumb_width, "height" => $item->thumb_height)); } else { - print json_encode( + json::reply( array("src" => $item->resize_url(), "width" => $item->resize_width, "height" => $item->resize_height)); @@ -83,7 +83,7 @@ class Quick_Controller extends Controller { item::make_album_cover($item); message::success($msg); - print json_encode(array("result" => "success", "reload" => 1)); + json::reply(array("result" => "success", "reload" => 1)); } public function form_delete($id) { @@ -94,7 +94,7 @@ class Quick_Controller extends Controller { $v = new View("quick_delete_confirm.html"); $v->item = $item; $v->form = item::get_delete_form($item); - print json_encode(array("form" => (string) $v)); + json::reply(array("form" => (string) $v)); } public function delete($id) { @@ -125,9 +125,9 @@ class Quick_Controller extends Controller { $from_id = Input::instance()->get("from_id"); if (Input::instance()->get("page_type") == "collection" && $from_id != $id /* deleted the item we were viewing */) { - print json_encode(array("result" => "success", "reload" => 1)); + json::reply(array("result" => "success", "reload" => 1)); } else { - print json_encode(array("result" => "success", + json::reply(array("result" => "success", "location" => $parent->url())); } } @@ -154,6 +154,6 @@ class Quick_Controller extends Controller { // Pass on the source item where this form was generated, so we have an idea where to return to. $form->hidden("from_id")->value((int)Input::instance()->get("from_id", 0)); - print json_encode(array("form" => (string) $form)); + json::reply(array("form" => (string) $form)); } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 3cff2b6a..2b1f6d14 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -23,7 +23,7 @@ class Reauthenticate_Controller extends Controller { access::forbidden(); } if (request::is_ajax()) { - print json_encode(array("form" => (string) self::_form())); + json::reply(array("form" => (string) self::_form())); } else { self::_show_form(self::_form()); } @@ -51,7 +51,7 @@ class Reauthenticate_Controller extends Controller { if (empty($reauthenticate["in_dialog"])) { self::_show_form($form); } else { - print json_encode(array("form" => (string) $form)); + json::reply(array("form" => (string) $form)); } } } diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 38e22cee..c686c787 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -26,7 +26,7 @@ class Uploader_Controller extends Controller { $item = $item->parent(); } - print json_encode(array("form" => (string)$this->_get_add_form($item))); + json::reply(array("form" => (string)$this->_get_add_form($item))); //print $this->_get_add_form($item); } @@ -106,7 +106,7 @@ class Uploader_Controller extends Controller { access::verify_csrf(); batch::stop(); - print json_encode(array("result" => "success")); + json::reply(array("result" => "success")); } private function _get_add_form($album) { diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index 431918ff..113be1fa 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -44,7 +44,7 @@ class User_Profile_Controller extends Controller { public function contact($id) { $user = identity::lookup_user($id); - print json_encode(array("form" => (string) user_profile::get_contact_form($user))); + json::reply(array("form" => (string) user_profile::get_contact_form($user))); } public function send($id) { @@ -61,9 +61,9 @@ class User_Profile_Controller extends Controller { ->message(html::purify($form->message->message->value)) ->send(); message::success(t("Sent message to %user_name", array("user_name" => $user->display_name()))); - print json_encode(array("result" => "success")); + json::reply(array("result" => "success")); } else { - print json_encode(array("result" => "error", "form" => (string)$form)); + json::reply(array("result" => "error", "form" => (string)$form)); } } } diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 0e647e09..99933c7e 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -47,14 +47,14 @@ class Organize_Controller extends Controller { $v->controller_uri = url::site("organize") . "/"; $v->swf_uri = url::file("modules/organize/lib/Gallery3WebClient.swf?") . filemtime(MODPATH . "organize/lib/Gallery3WebClient.swf"); - print json_encode(array("form" => (string) $v)); + json::reply(array("form" => (string) $v)); } function add_album_fields() { - print json_encode(array("title" => (string)t("Title"), - "description" => (string)t("Description"), - "name" => (string)t("Directory name"), - "slug" => (string)t("Internet Address"))); + json::reply(array("title" => (string)t("Title"), + "description" => (string)t("Description"), + "name" => (string)t("Directory name"), + "slug" => (string)t("Internet Address"))); } } diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index bcb12d58..644779da 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -35,8 +35,7 @@ class rest_Core { } print "
$html
"; } else { - header("Content-type: application/json"); - print json_encode($data); + json::reply($data); } } diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index e91d9dd9..afa1f862 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -30,7 +30,7 @@ class Server_Add_Controller extends Admin_Controller { $view->tree = new View("server_add_tree.html"); $view->tree->files = $files; $view->tree->parents = array(); - print json_encode(array("form" => (string) $view)); + json::reply(array("form" => (string) $view)); } public function children() { @@ -91,7 +91,7 @@ class Server_Add_Controller extends Admin_Controller { ->name(t("Add from server")); $task = task::create($task_def, array("item_id" => $item->id, "queue" => $paths)); - print json_encode( + json::reply( array("result" => "started", "status" => (string)$task->status, "url" => url::site("server_add/run/$task->id?csrf=" . access::csrf_token()))); @@ -111,7 +111,7 @@ class Server_Add_Controller extends Admin_Controller { $task = task::run($task_id); // Prevent the JavaScript code from breaking by forcing a period as // decimal separator for all locales with sprintf("%F", $value). - print json_encode(array("done" => (bool)$task->done, + json::reply(array("done" => (bool)$task->done, "status" => (string)$task->status, "percent_complete" => sprintf("%F", $task->percent_complete))); } diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index c2da7bc3..32c54945 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -37,7 +37,7 @@ class Admin_Tags_Controller extends Admin_Controller { public function form_delete($id) { $tag = ORM::factory("tag", $id); if ($tag->loaded()) { - print json_encode(array("form" => (string) tag::get_delete_form($tag))); + json::reply(array("form" => (string) tag::get_delete_form($tag))); } } @@ -57,11 +57,9 @@ class Admin_Tags_Controller extends Admin_Controller { message::success(t("Deleted tag %tag_name", array("tag_name" => $name))); log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name))); - print json_encode( - array("result" => "success", - "location" => url::site("admin/tags"))); + json::reply(array("result" => "success", "location" => url::site("admin/tags"))); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } @@ -98,10 +96,9 @@ class Admin_Tags_Controller extends Admin_Controller { message::success($message); log::success("tags", $message); - print json_encode(array("result" => "success", - "location" => url::site("admin/tags"))); + json::reply(array("result" => "success", "location" => url::site("admin/tags"))); } else { - print json_encode(array("result" => "error", "form" => $in_place_edit->render())); + json::reply(array("result" => "error", "form" => $in_place_edit->render())); } } diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index f3d456d3..7fa8534c 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -67,11 +67,9 @@ class Tags_Controller extends Controller { } } - print json_encode( - array("result" => "success", - "cloud" => (string)tag::cloud(30))); + json::reply(array("result" => "success", "cloud" => (string)tag::cloud(30))); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 522b6b35..4058ef50 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -27,11 +27,10 @@ class Password_Controller extends Controller { if ($form->validate()) { $this->_send_reset($form); } else { - print json_encode(array("result" => "error", - "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } else { - print $form; + json::reply(array("form" => (string) $form)); } } @@ -83,8 +82,7 @@ class Password_Controller extends Controller { // Always pretend that an email has been sent to avoid leaking // information on what user names are actually real. message::success(t("Password reset email sent")); - print json_encode( - array("result" => "success")); + json::reply(array("result" => "success")); } private static function _reset_form() { diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 8b217b4a..922b050b 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -35,7 +35,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { } public function form_edit() { - print json_encode(array("form" => (string) watermark::get_edit_form())); + json::reply(array("form" => (string) watermark::get_edit_form())); } public function edit() { @@ -49,16 +49,16 @@ class Admin_Watermarks_Controller extends Admin_Controller { log::success("watermark", t("Watermark changed")); message::success(t("Watermark changed")); - print json_encode( + json::reply( array("result" => "success", "location" => url::site("admin/watermarks"))); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } public function form_delete() { - print json_encode(array("form" => (string) watermark::get_delete_form())); + json::reply(array("form" => (string) watermark::get_delete_form())); } public function delete() { @@ -79,16 +79,14 @@ class Admin_Watermarks_Controller extends Admin_Controller { log::success("watermark", t("Watermark deleted")); message::success(t("Watermark deleted")); } - print json_encode( - array("result" => "success", - "location" => url::site("admin/watermarks"))); + json::reply(array("result" => "success", "location" => url::site("admin/watermarks"))); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + json::reply(array("result" => "error", "form" => (string) $form)); } } public function form_add() { - print json_encode(array("form" => (string) watermark::get_add_form())); + json::reply(array("form" => (string) watermark::get_add_form())); } public function add() { @@ -120,11 +118,9 @@ class Admin_Watermarks_Controller extends Admin_Controller { message::success(t("Watermark saved")); log::success("watermark", t("Watermark saved")); - print json_encode( - array("result" => "success", - "location" => url::site("admin/watermarks"))); + json::reply(array("result" => "success", "location" => url::site("admin/watermarks"))); } else { - print json_encode(array("result" => "error", "form" => rawurlencode((string) $form))); + json::reply(array("result" => "error", "form" => rawurlencode((string) $form))); } } -- cgit v1.2.3 From 64eae641e5db841b89d67c69634ed409992eed54 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 28 Jul 2010 07:57:27 -0700 Subject: When the admin controller redirects to the reauthenticate controller, the value of request::is_ajax() from the original request is lost. This patch stores its value in the session so the reauthenticate controller knows whether its in a dialog/panel or not. --- modules/gallery/controllers/admin.php | 3 ++- modules/gallery/controllers/reauthenticate.php | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'modules/gallery/controllers/admin.php') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 7ea15d3d..8fc5432d 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -86,7 +86,8 @@ class Admin_Controller extends Controller { // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::abs_current(true)); } - + // Save the is_ajax value as we lose it, if set, when we redirect + Session::instance()->set("is_ajax_request", request::is_ajax()); url::redirect("reauthenticate"); } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 2b1f6d14..5ea2f229 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,8 +22,13 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - if (request::is_ajax()) { - json::reply(array("form" => (string) self::_form())); + // On redirects from the admin controller, the ajax request indicator is lost, + // so we store it in the session. + $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); + if ($is_ajax) { + $v = new View("reauthenticate.html"); + $v->form = self::_form(); + json::reply(array("form" => (string) $v)); } else { self::_show_form(self::_form()); } -- cgit v1.2.3