From a6581ede0b7a50c6159eb5d36cf6be340a072609 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 21 Sep 2009 11:35:27 -0700 Subject: Fix Item_Model::get_position() so that our sort is stable when the comparison row has a null value in the sort field. Fix for #627 Note: this changes get_position() to take an Item_Model instead of an id! --- modules/gallery/controllers/photos.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/controllers/photos.php') diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 79ad674a..e6154535 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -25,7 +25,7 @@ class Photos_Controller extends Items_Controller { public function _show($photo) { access::required("view", $photo); - $position = $photo->parent()->get_position($photo->id); + $position = $photo->parent()->get_position($photo); if ($position > 1) { list ($previous_item, $ignore, $next_item) = $photo->parent()->children(3, $position - 2); -- cgit v1.2.3 From 9e6be40e31b06e5dffe7552928cb8b2d9ee7ad59 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 21 Sep 2009 20:47:55 -0700 Subject: Add viewable() protection to children() and children_count() calls. This is not currently necessary (nor is it a security hole) because we don't constrain permissions at the child level in the core, but it makes our security audits easier and will enable the scenario where somebody writes a module to add per-photo permissions. --- modules/gallery/controllers/photos.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers/photos.php') diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index e6154535..3de9b3ee 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -31,7 +31,7 @@ class Photos_Controller extends Items_Controller { $photo->parent()->children(3, $position - 2); } else { $previous_item = null; - list ($next_item) = $photo->parent()->children(1, $position); + list ($next_item) = $photo->parent()->viewable()->children(1, $position); } $template = new Theme_View("page.html", "photo"); @@ -41,7 +41,7 @@ class Photos_Controller extends Items_Controller { $template->set_global("parents", $photo->parents()); $template->set_global("next_item", $next_item); $template->set_global("previous_item", $previous_item); - $template->set_global("sibling_count", $photo->parent()->children_count()); + $template->set_global("sibling_count", $photo->parent()->viewable()->children_count()); $template->set_global("position", $position); $template->content = new View("photo.html"); -- cgit v1.2.3 From 123afc954281c1f924f851a33ae5016774e6d9f3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 21 Sep 2009 21:22:07 -0700 Subject: Set children_count to 0, photos have no children. --- modules/gallery/controllers/photos.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/controllers/photos.php') diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 3de9b3ee..81e7519e 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -37,7 +37,7 @@ class Photos_Controller extends Items_Controller { $template = new Theme_View("page.html", "photo"); $template->set_global("item", $photo); $template->set_global("children", array()); - $template->set_global("children_count", $photo->children_count()); + $template->set_global("children_count", 0); $template->set_global("parents", $photo->parents()); $template->set_global("next_item", $next_item); $template->set_global("previous_item", $previous_item); -- cgit v1.2.3