From b5ba61fc53e44d55978dd0d35ada80da4c47715d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 23 Dec 2010 23:34:04 -0800 Subject: Create a way for controllers to exempty themselves from maintenance mode and private gallery mode by setting the following constants in the controller to true. ALLOW_MAINTENANCE_MODE ALLOW_PRIVATE_GALLERY Fixes #1411 and the subsequent refactoring fixes #1551 as well. --- modules/gallery/controllers/combined.php | 3 +++ modules/gallery/controllers/login.php | 2 ++ 2 files changed, 5 insertions(+) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/combined.php b/modules/gallery/controllers/combined.php index 4b1a342a..64f8d22b 100644 --- a/modules/gallery/controllers/combined.php +++ b/modules/gallery/controllers/combined.php @@ -18,6 +18,9 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Combined_Controller extends Controller { + const ALLOW_MAINTENANCE_MODE = true; + const ALLOW_PRIVATE_GALLERY = true; + /** * Return the combined Javascript bundle associated with the given key. */ diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 62d33345..adb2e50b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -18,6 +18,8 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Login_Controller extends Controller { + const ALLOW_MAINTENANCE_MODE = true; + const ALLOW_PRIVATE_GALLERY = true; public function ajax() { $view = new View("login_ajax.html"); -- cgit v1.2.3 From b42fcb9cda4dafdb9db86770f54965b3fb2fc7ab Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 28 Dec 2010 23:10:05 -0800 Subject: Use db::expr instead of "new Database_Expression". Resolves #1560. --- .../comment/controllers/admin_manage_comments.php | 2 +- modules/digibug/controllers/digibug.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 2 +- modules/gallery/helpers/gallery_installer.php | 6 +++--- modules/gallery/helpers/gallery_task.php | 6 +++--- modules/gallery/helpers/module.php | 2 +- modules/gallery/libraries/ORM_MPTT.php | 22 +++++++++++----------- modules/gallery/tests/Gallery_Installer_Test.php | 2 +- modules/notification/helpers/notification.php | 2 +- modules/tag/helpers/tag.php | 2 +- 10 files changed, 24 insertions(+), 24 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/comment/controllers/admin_manage_comments.php b/modules/comment/controllers/admin_manage_comments.php index 49bd85d5..ec876fc4 100644 --- a/modules/comment/controllers/admin_manage_comments.php +++ b/modules/comment/controllers/admin_manage_comments.php @@ -25,7 +25,7 @@ class Admin_Manage_Comments_Controller extends Admin_Controller { db::build() ->delete("comments") ->where("state", "IN", array("deleted", "spam")) - ->where("updated", "<", new Database_Expression("UNIX_TIMESTAMP() - 86400 * 7")) + ->where("updated", "<", db::expr("UNIX_TIMESTAMP() - 86400 * 7")) ->execute(); // Redirect to the appropriate queue diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 22bbe1a6..c48e3e87 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -114,7 +114,7 @@ class Digibug_Controller extends Controller { private function _clean_expired() { db::build() ->delete("digibug_proxies") - ->where("request_date", "<=", new Database_Expression("(CURDATE() - INTERVAL 10 DAY)")) + ->where("request_date", "<=", db::expr("(CURDATE() - INTERVAL 10 DAY)")) ->limit(20) ->execute(); } diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 7729d797..80247a0f 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -27,7 +27,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { ->set("state", "stalled") ->where("done", "=", 0) ->where("state", "<>", "stalled") - ->where(new Database_Expression("UNIX_TIMESTAMP(NOW()) - `updated` > 15")) + ->where(db::expr("UNIX_TIMESTAMP(NOW()) - `updated` > 15")) ->execute(); $stalled_count = $query->count(); if ($stalled_count) { diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index a6b8e6a2..fb7933f7 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -503,7 +503,7 @@ class gallery_installer { foreach (db::build() ->from("items") ->select("id", "slug") - ->where(new Database_Expression("`slug` REGEXP '[^_A-Za-z0-9-]'"), "=", 1) + ->where(db::expr("`slug` REGEXP '[^_A-Za-z0-9-]'"), "=", 1) ->execute() as $row) { $new_slug = item::convert_filename_to_slug($row->slug); if (empty($new_slug)) { @@ -540,7 +540,7 @@ class gallery_installer { if ($version == 25) { db::build() ->update("items") - ->set("title", new Database_Expression("`name`")) + ->set("title", db::expr("`name`")) ->and_open() ->where("title", "IS", null) ->or_where("title", "=", "") @@ -581,7 +581,7 @@ class gallery_installer { $db->query("ALTER TABLE {modules} ADD COLUMN `weight` int(9) DEFAULT NULL"); $db->query("ALTER TABLE {modules} ADD KEY (`weight`)"); db::update("modules") - ->set("weight", new Database_Expression("`id`")) + ->set("weight", db::expr("`id`")) ->execute(); module::set_version("gallery", $version = 32); } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index e69ff91a..9ccff152 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -74,7 +74,7 @@ class gallery_task_Core { // Choose the dirty images in a random order so that if we run this task multiple times // concurrently each task is rebuilding different images simultaneously. $result = graphics::find_dirty_images_query()->select("id") - ->select(new Database_Expression("RAND() as r")) + ->select(db::expr("RAND() as r")) ->order_by("r", "ASC") ->execute(); $total_count = $task->get("total_count", $result->count()); @@ -608,7 +608,7 @@ class gallery_task_Core { static function find_dupe_slugs() { return db::build() ->select_distinct( - array("parent_slug" => new Database_Expression("CONCAT(`parent_id`, ':', LOWER(`slug`))"))) + array("parent_slug" => db::expr("CONCAT(`parent_id`, ':', LOWER(`slug`))"))) ->select("id") ->select(array("C" => "COUNT(\"*\")")) ->from("items") @@ -620,7 +620,7 @@ class gallery_task_Core { static function find_dupe_names() { return db::build() ->select_distinct( - array("parent_name" => new Database_Expression("CONCAT(`parent_id`, ':', LOWER(`name`))"))) + array("parent_name" => db::expr("CONCAT(`parent_id`, ':', LOWER(`name`))"))) ->select("id") ->select(array("C" => "COUNT(\"*\")")) ->from("items") diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 2b446daa..7c5578af 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -488,7 +488,7 @@ class module_Core { static function incr_var($module_name, $name, $increment=1) { db::build() ->update("vars") - ->set("value", new Database_Expression("`value` + $increment")) + ->set("value", db::expr("`value` + $increment")) ->where("module_name", "=", $module_name) ->where("name", "=", $name) ->execute(); diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index f20fafa0..4556273c 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -54,12 +54,12 @@ class ORM_MPTT_Core extends ORM { // Make a hole in the parent for this new item db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + 2")) + ->set("left_ptr", db::expr("`left_ptr` + 2")) ->where("left_ptr", ">=", $parent->right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` + 2")) + ->set("right_ptr", db::expr("`right_ptr` + 2")) ->where("right_ptr", ">=", $parent->right_ptr) ->execute(); $parent->right_ptr += 2; @@ -109,12 +109,12 @@ class ORM_MPTT_Core extends ORM { try { db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` - 2")) + ->set("left_ptr", db::expr("`left_ptr` - 2")) ->where("left_ptr", ">", $this->right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` - 2")) + ->set("right_ptr", db::expr("`right_ptr` - 2")) ->where("right_ptr", ">", $this->right_ptr) ->execute(); } catch (Exception $e) { @@ -253,7 +253,7 @@ class ORM_MPTT_Core extends ORM { // Update the levels for the to-be-moved items db::build() ->update($this->table_name) - ->set("level", new Database_Expression("`level` + $level_delta")) + ->set("level", db::expr("`level` + $level_delta")) ->where("left_ptr", ">=", $original_left_ptr) ->where("right_ptr", "<=", $original_right_ptr) ->execute(); @@ -262,12 +262,12 @@ class ORM_MPTT_Core extends ORM { // Make a hole in the target for the move db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + $size_of_hole")) + ->set("left_ptr", db::expr("`left_ptr` + $size_of_hole")) ->where("left_ptr", ">=", $target_right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` + $size_of_hole")) + ->set("right_ptr", db::expr("`right_ptr` + $size_of_hole")) ->where("right_ptr", ">=", $target_right_ptr) ->execute(); @@ -290,8 +290,8 @@ class ORM_MPTT_Core extends ORM { $new_offset = $target->right_ptr - $left_ptr; db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + $new_offset")) - ->set("right_ptr", new Database_Expression("`right_ptr` + $new_offset")) + ->set("left_ptr", db::expr("`left_ptr` + $new_offset")) + ->set("right_ptr", db::expr("`right_ptr` + $new_offset")) ->where("left_ptr", ">=", $left_ptr) ->where("right_ptr", "<=", $right_ptr) ->execute(); @@ -299,12 +299,12 @@ class ORM_MPTT_Core extends ORM { // Close the hole in the source's parent after the move db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` - $size_of_hole")) + ->set("left_ptr", db::expr("`left_ptr` - $size_of_hole")) ->where("left_ptr", ">", $right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` - $size_of_hole")) + ->set("right_ptr", db::expr("`right_ptr` - $size_of_hole")) ->where("right_ptr", ">", $right_ptr) ->execute(); } catch (Exception $e) { diff --git a/modules/gallery/tests/Gallery_Installer_Test.php b/modules/gallery/tests/Gallery_Installer_Test.php index 67e712de..d34c3b0e 100644 --- a/modules/gallery/tests/Gallery_Installer_Test.php +++ b/modules/gallery/tests/Gallery_Installer_Test.php @@ -35,7 +35,7 @@ class Gallery_Installer_Test extends Gallery_Unit_Test_Case { public function install_creates_root_item_test() { $max_right_ptr = ORM::factory("item") - ->select(new Database_Expression("MAX(`right_ptr`) AS `right_ptr`")) + ->select(db::expr("MAX(`right_ptr`) AS `right_ptr`")) ->find()->right_ptr; $root = ORM::factory('item')->find(1); $this->assert_equal("Gallery", $root->title); diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 0564d336..2ff8ff48 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -160,7 +160,7 @@ class notification { static function send_pending_notifications() { foreach (db::build() - ->select(new Database_Expression("DISTINCT `email`")) + ->select(db::expr("DISTINCT `email`")) ->from("pending_notifications") ->execute() as $row) { $email = $row->email; diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 14d27c94..bcd3b0c0 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -118,7 +118,7 @@ class tag_Core { static function clear_all($item) { db::build() ->update("tags") - ->set("count", new Database_Expression("`count` - 1")) + ->set("count", db::expr("`count` - 1")) ->where("count", ">", 0) ->where("id", "IN", db::build()->select("tag_id")->from("items_tags")->where("item_id", "=", $item->id)) ->execute(); -- cgit v1.2.3 From 336632fea0a955d74099cd169b3178c01f250ff5 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Mon, 3 Jan 2011 13:21:54 +0100 Subject: Keep view counters of all item types accurate Added common increment_view_count() func in item model for reuse --- modules/gallery/controllers/albums.php | 5 +---- modules/gallery/controllers/movies.php | 3 +-- modules/gallery/controllers/photos.php | 3 +-- modules/gallery/models/item.php | 10 ++++++++++ 4 files changed, 13 insertions(+), 8 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index b0887195..c0368488 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -71,10 +71,7 @@ class Albums_Controller extends Items_Controller { $template->set_global("parents", $album->parents()->as_array()); // view calls empty() on this $template->content = new View("album.html"); - // We can't use math in ORM or the query builder, so do this by hand. It's important - // that we do this with math, otherwise concurrent accesses will damage accuracy. - db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id") - ->execute(); + $album->increment_view_count(); print $template; } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 717eb8aa..15d4f950 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -49,8 +49,7 @@ class Movies_Controller extends Items_Controller { $template->content = new View("movie.html"); - $movie->view_count++; - $movie->save(); + $movie->increment_view_count(); print $template; } diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index b22ac8e5..2dc22ca4 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -49,8 +49,7 @@ class Photos_Controller extends Items_Controller { $template->content = new View("photo.html"); - $photo->view_count++; - $photo->save(); + $photo->increment_view_count(); print $template; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index fc5c3ff9..d4df0a78 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -1078,6 +1078,16 @@ class Item_Model_Core extends ORM_MPTT { return $data; } + /** + * Increments the view counter of this item + * We can't use math in ORM or the query builder, so do this by hand. It's important + * that we do this with math, otherwise concurrent accesses will damage accuracy. + */ + public function increment_view_count() { + db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $this->id") + ->execute(); + } + private function _cache_buster($path) { return "?m=" . (string)(file_exists($path) ? filemtime($path) : 0); } -- cgit v1.2.3 From cfaa62370ecbdb3badf4ab68bbefa7cfedaea154 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Sun, 2 Jan 2011 18:59:23 +0100 Subject: Reimplemented Kohana 2.3's View::set_global() with array support. Allows for cleaner code and fewer function calls. --- modules/gallery/controllers/albums.php | 17 +++++++++-------- modules/gallery/controllers/movies.php | 17 +++++++++-------- modules/gallery/controllers/photos.php | 17 +++++++++-------- modules/gallery/libraries/MY_View.php | 10 ++++++++-- 4 files changed, 35 insertions(+), 26 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index c0368488..e69f6b6d 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -61,14 +61,15 @@ class Albums_Controller extends Items_Controller { } $template = new Theme_View("page.html", "collection", "album"); - $template->set_global("page", $page); - $template->set_global("page_title", null); - $template->set_global("max_pages", $max_pages); - $template->set_global("page_size", $page_size); - $template->set_global("item", $album); - $template->set_global("children", $album->viewable()->children($page_size, $offset)); - $template->set_global("children_count", $children_count); - $template->set_global("parents", $album->parents()->as_array()); // view calls empty() on this + $template->set_global(array("page" => $page, + "page_title" => null, + "max_pages" => $max_pages, + "page_size" => $page_size, + "item" => $album, + "children" => $album->viewable()->children($page_size, $offset), + "children_count" => $children_count, + "parents" => $album->parents()->as_array())); + // view calls empty() on this $template->content = new View("album.html"); $album->increment_view_count(); diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 15d4f950..1ae969c7 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -38,14 +38,15 @@ class Movies_Controller extends Items_Controller { } $template = new Theme_View("page.html", "item", "movie"); - $template->set_global("item", $movie); - $template->set_global("children", array()); - $template->set_global("children_count", 0); - $template->set_global("parents", $movie->parents()->as_array()); - $template->set_global("next_item", $next_item); - $template->set_global("previous_item", $previous_item); - $template->set_global("sibling_count", $movie->parent()->viewable()->children_count($where)); - $template->set_global("position", $position); + $template->set_global(array("item" => $movie, + "children" => array(), + "children_count" => 0, + "parents" => $movie->parents()->as_array(), + "next_item" => $next_item, + "previous_item" => $previous_item, + "sibling_count" + => $movie->parent()->viewable()->children_count($where), + "position" => $position)); $template->content = new View("movie.html"); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 2dc22ca4..e795f336 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -38,14 +38,15 @@ class Photos_Controller extends Items_Controller { } $template = new Theme_View("page.html", "item", "photo"); - $template->set_global("item", $photo); - $template->set_global("children", array()); - $template->set_global("children_count", 0); - $template->set_global("parents", $photo->parents()->as_array()); - $template->set_global("next_item", $next_item); - $template->set_global("previous_item", $previous_item); - $template->set_global("sibling_count", $photo->parent()->viewable()->children_count($where)); - $template->set_global("position", $position); + $template->set_global(array("item" => $photo, + "children" => array(), + "children_count" => 0, + "parents" => $photo->parents()->as_array(), + "next_item" => $next_item, + "previous_item" => $previous_item, + "sibling_count" + => $photo->parent()->viewable()->children_count($where), + "position" => $position)); $template->content = new View("photo.html"); diff --git a/modules/gallery/libraries/MY_View.php b/modules/gallery/libraries/MY_View.php index ded77792..2230203a 100644 --- a/modules/gallery/libraries/MY_View.php +++ b/modules/gallery/libraries/MY_View.php @@ -23,8 +23,14 @@ class View extends View_Core { /** * Reimplement Kohana 2.3's View::set_global() functionality. */ - public function set_global($key, $value) { - View::$global_data[$key] = $value; + public function set_global($key, $value = NULL) { + if (is_array($key)) { + foreach ($key as $key2 => $value) { + View::$global_data[$key2] = $value; + } + } else { + View::$global_data[$key] = $value; + } } public function is_set($key=null) { -- cgit v1.2.3 From 4a882108259f9542a6c8f2ffe95c9ee0e1c102cd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 3 Jan 2011 11:41:25 -0800 Subject: Follow on to cfaa62370ecbdb3badf4ab68bbefa7cfedaea154 to fix indentation. Fixes #1569. --- modules/gallery/controllers/albums.php | 18 +++++++++--------- modules/gallery/controllers/movies.php | 18 +++++++++--------- modules/gallery/controllers/photos.php | 18 +++++++++--------- 3 files changed, 27 insertions(+), 27 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index e69f6b6d..25df0da7 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -61,15 +61,15 @@ class Albums_Controller extends Items_Controller { } $template = new Theme_View("page.html", "collection", "album"); - $template->set_global(array("page" => $page, - "page_title" => null, - "max_pages" => $max_pages, - "page_size" => $page_size, - "item" => $album, - "children" => $album->viewable()->children($page_size, $offset), - "children_count" => $children_count, - "parents" => $album->parents()->as_array())); - // view calls empty() on this + $template->set_global( + array("page" => $page, + "page_title" => null, + "max_pages" => $max_pages, + "page_size" => $page_size, + "item" => $album, + "children" => $album->viewable()->children($page_size, $offset), + "parents" => $album->parents()->as_array(), // view calls empty() on this + "children_count" => $children_count)); $template->content = new View("album.html"); $album->increment_view_count(); diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 1ae969c7..bf50abd5 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -38,15 +38,15 @@ class Movies_Controller extends Items_Controller { } $template = new Theme_View("page.html", "item", "movie"); - $template->set_global(array("item" => $movie, - "children" => array(), - "children_count" => 0, - "parents" => $movie->parents()->as_array(), - "next_item" => $next_item, - "previous_item" => $previous_item, - "sibling_count" - => $movie->parent()->viewable()->children_count($where), - "position" => $position)); + $template->set_global( + array("item" => $movie, + "children" => array(), + "children_count" => 0, + "parents" => $movie->parents()->as_array(), + "next_item" => $next_item, + "previous_item" => $previous_item, + "sibling_count" => $movie->parent()->viewable()->children_count($where), + "position" => $position)); $template->content = new View("movie.html"); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index e795f336..d500a92e 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -38,15 +38,15 @@ class Photos_Controller extends Items_Controller { } $template = new Theme_View("page.html", "item", "photo"); - $template->set_global(array("item" => $photo, - "children" => array(), - "children_count" => 0, - "parents" => $photo->parents()->as_array(), - "next_item" => $next_item, - "previous_item" => $previous_item, - "sibling_count" - => $photo->parent()->viewable()->children_count($where), - "position" => $position)); + $template->set_global( + array("item" => $photo, + "children" => array(), + "children_count" => 0, + "parents" => $photo->parents()->as_array(), + "next_item" => $next_item, + "previous_item" => $previous_item, + "sibling_count" => $photo->parent()->viewable()->children_count($where), + "position" => $position)); $template->content = new View("photo.html"); -- cgit v1.2.3 From 9364f0d931883bb5f17f22c4003ee59256f9efb6 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Wed, 5 Jan 2011 23:31:50 +0100 Subject: Allow '..' segment in photo/album paths through file_proxy (as is not forbidden in other places like add album/item) and explitely look for /../ instead Note: directory path can't end in '.' forcibly so this shall be fine Fixes Ticket #1518 --- modules/gallery/controllers/file_proxy.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 22854fbd..5ce9b458 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -45,7 +45,7 @@ class File_Proxy_Controller extends Controller { $file_uri = substr($request_uri, strlen($var_uri)); // Make sure that we don't leave the var dir - if (strpos($file_uri, "..") !== false) { + if (strpos($file_uri, "/../") !== false) { throw new Kohana_404_Exception(); } -- cgit v1.2.3 From d17ba036ee2a4cadb5d1fa03397bbf975d6c254b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 7 Jan 2011 20:40:24 -0800 Subject: Don't enable the REST module by default (fixes #1585). Bump the info module per changes for #662. --- installer/install.sql | 33 ++++++++++++-------------------- modules/gallery/controllers/packager.php | 2 +- 2 files changed, 13 insertions(+), 22 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/installer/install.sql b/installer/install.sql index 6aae8014..c1d71dc2 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -242,18 +242,17 @@ CREATE TABLE {modules} ( PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`), KEY `weight` (`weight`) -) AUTO_INCREMENT=11 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {modules} VALUES (1,1,'gallery',43,1); INSERT INTO {modules} VALUES (2,1,'user',3,2); INSERT INTO {modules} VALUES (3,1,'comment',3,3); INSERT INTO {modules} VALUES (4,1,'organize',2,4); -INSERT INTO {modules} VALUES (5,1,'info',1,5); -INSERT INTO {modules} VALUES (6,1,'rest',3,6); -INSERT INTO {modules} VALUES (7,1,'rss',1,7); -INSERT INTO {modules} VALUES (8,1,'search',1,8); -INSERT INTO {modules} VALUES (9,1,'slideshow',2,9); -INSERT INTO {modules} VALUES (10,1,'tag',2,10); +INSERT INTO {modules} VALUES (5,1,'info',2,5); +INSERT INTO {modules} VALUES (6,1,'rss',1,6); +INSERT INTO {modules} VALUES (7,1,'search',1,7); +INSERT INTO {modules} VALUES (8,1,'slideshow',2,8); +INSERT INTO {modules} VALUES (9,1,'tag',2,9); DROP TABLE IF EXISTS {outgoing_translations}; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; @@ -350,18 +349,6 @@ CREATE TABLE {themes} ( /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {themes} VALUES (1,'wind',1); INSERT INTO {themes} VALUES (2,'admin_wind',1); -DROP TABLE IF EXISTS {user_access_keys}; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE {user_access_keys} ( - `id` int(9) NOT NULL AUTO_INCREMENT, - `user_id` int(9) NOT NULL, - `access_key` char(32) NOT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `access_key` (`access_key`), - UNIQUE KEY `user_id` (`user_id`) -) DEFAULT CHARSET=utf8; -/*!40101 SET character_set_client = @saved_cs_client */; DROP TABLE IF EXISTS {users}; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; @@ -395,7 +382,7 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) AUTO_INCREMENT=35 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=39 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {vars} VALUES (NULL,'gallery','active_site_theme','wind'); INSERT INTO {vars} VALUES (NULL,'gallery','active_admin_theme','admin_wind'); @@ -429,5 +416,9 @@ INSERT INTO {vars} VALUES (NULL,'gallery','identity_provider','user'); INSERT INTO {vars} VALUES (NULL,'user','mininum_password_length','5'); INSERT INTO {vars} VALUES (NULL,'comment','spam_caught','0'); INSERT INTO {vars} VALUES (NULL,'comment','access_permissions','everybody'); -INSERT INTO {vars} VALUES (NULL,'rest','allow_guest_access','0'); +INSERT INTO {vars} VALUES (NULL,'info','show_title','1'); +INSERT INTO {vars} VALUES (NULL,'info','show_description','1'); +INSERT INTO {vars} VALUES (NULL,'info','show_owner','1'); +INSERT INTO {vars} VALUES (NULL,'info','show_name','1'); +INSERT INTO {vars} VALUES (NULL,'info','show_captured','1'); INSERT INTO {vars} VALUES (NULL,'slideshow','max_scale','0'); diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index bd51b93c..9da34f9c 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -59,7 +59,7 @@ class Packager_Controller extends Controller { // numbers, keeping our install.sql file more stable. srand(0); - foreach (array("gallery", "user", "comment", "organize", "info", "rest", + foreach (array("gallery", "user", "comment", "organize", "info", "rss", "search", "slideshow", "tag") as $module_name) { module::install($module_name); module::activate($module_name); -- cgit v1.2.3 From 24c0b69847d4144c29e557fa654c30247e628a9c Mon Sep 17 00:00:00 2001 From: Jérémy Subtil Date: Sun, 9 Jan 2011 00:22:46 +0100 Subject: Fixed item controllers so that any item position is computed correctly, when some other items belonging to the same parent album are not viewable. Changed depracated calls to item_Model::get_position() to item::get_position(). --- modules/gallery/controllers/albums.php | 2 +- modules/gallery/controllers/movies.php | 4 ++-- modules/gallery/controllers/photos.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 25df0da7..3435465c 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -37,7 +37,7 @@ class Albums_Controller extends Items_Controller { if ($show) { $child = ORM::factory("item", $show); - $index = $album->get_position($child); + $index = item::get_position($child); if ($index) { $page = ceil($index / $page_size); if ($page == 1) { diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index bf50abd5..7c85dd98 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -28,10 +28,10 @@ class Movies_Controller extends Items_Controller { access::required("view", $movie); $where = array(array("type", "!=", "album")); - $position = $movie->parent()->get_position($movie, $where); + $position = item::get_position($movie, $where); if ($position > 1) { list ($previous_item, $ignore, $next_item) = - $movie->parent()->children(3, $position - 2, $where); + $movie->parent()->viewable()->children(3, $position - 2, $where); } else { $previous_item = null; list ($next_item) = $movie->parent()->viewable()->children(1, $position, $where); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index d500a92e..4578747d 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -28,10 +28,10 @@ class Photos_Controller extends Items_Controller { access::required("view", $photo); $where = array(array("type", "!=", "album")); - $position = $photo->parent()->get_position($photo, $where); + $position = item::get_position($photo, $where); if ($position > 1) { list ($previous_item, $ignore, $next_item) = - $photo->parent()->children(3, $position - 2, $where); + $photo->parent()->viewable()->children(3, $position - 2, $where); } else { $previous_item = null; list ($next_item) = $photo->parent()->viewable()->children(1, $position, $where); -- cgit v1.2.3 From d557b2a63e2ea424965fb53be9f6b76ad3f18015 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 10 Jan 2011 14:50:30 -0800 Subject: Allow File_Proxy_Controller to run in private gallery mode since it does all the right permission checks. This prevents a hotlink to a private photo in a private gallery from kicking the user out to a login page. Fixes #1594. --- modules/gallery/controllers/file_proxy.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 22854fbd..c6051dfd 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -27,6 +27,7 @@ * input is sanitized against the database before we perform any file I/O. */ class File_Proxy_Controller extends Controller { + const ALLOW_PRIVATE_GALLERY = true; public function __call($function, $args) { // request_uri: gallery3/var/trunk/albums/foo/bar.jpg $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); -- cgit v1.2.3 From 7f6d87166df138073d85dd5201de8b9d19bc6cd2 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Tue, 11 Jan 2011 23:16:05 +0100 Subject: Removed check as input value is compared against dataset of validated values, and request is only processed further in case of a match. => this is unnecessary --- modules/gallery/controllers/file_proxy.php | 5 ----- 1 file changed, 5 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 5ce9b458..47e1e483 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -44,11 +44,6 @@ class File_Proxy_Controller extends Controller { $file_uri = substr($request_uri, strlen($var_uri)); - // Make sure that we don't leave the var dir - if (strpos($file_uri, "/../") !== false) { - throw new Kohana_404_Exception(); - } - list ($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { throw new Kohana_404_Exception(); -- cgit v1.2.3 From 049f2af1c982bb12fee6e5512e4830f63d06d343 Mon Sep 17 00:00:00 2001 From: Joe7 Date: Wed, 12 Jan 2011 00:05:11 +0100 Subject: Returning 2 flags from l10n_client::validate_api_key(), 1 to reflect if connection was built up properly (just a boolean, not distuingishing between reasons in case of a failure), the other to reflect API validating success status. Using this presenting a slightly more meaningfull error msg to user in case the connection would fail. Fixes Ticket #1504 --- modules/gallery/controllers/admin_languages.php | 11 +++++++---- modules/gallery/helpers/l10n_client.php | 8 ++++++-- 2 files changed, 13 insertions(+), 6 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index 573ededf..e9be2a88 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -74,9 +74,11 @@ class Admin_Languages_Controller extends Admin_Controller { private function _save_api_key($form) { $new_key = $form->sharing->api_key->value; - if ($new_key && !l10n_client::validate_api_key($new_key)) { - $form->sharing->api_key->add_error("invalid", 1); - $valid = false; + if ($new_key) { + list($connected, $valid) = l10n_client::validate_api_key($new_key); + if (!$valid) { + $form->sharing->api_key->add_error($connected ? "invalid" : "noconn", 1); + } } else { $valid = true; } @@ -119,7 +121,8 @@ class Admin_Languages_Controller extends Admin_Controller { array("server-link" => html::mark_clean(html::anchor($server_link)))) : t("API key")) ->value($api_key) - ->error_messages("invalid", t("The API key you provided is invalid.")); + ->error_messages("invalid", t("The API key you provided is invalid.")) + ->error_messages("noconn", t("Could not connect to remote server to validate the API key.")); $group->submit("save")->value(t("Save settings")); if ($api_key && $this->_outgoing_translations_count()) { // TODO: UI improvement: hide API key / save button when API key is set. diff --git a/modules/gallery/helpers/l10n_client.php b/modules/gallery/helpers/l10n_client.php index 8c2685a8..2af5c8d0 100644 --- a/modules/gallery/helpers/l10n_client.php +++ b/modules/gallery/helpers/l10n_client.php @@ -60,10 +60,14 @@ class l10n_client_Core { "client_token" => l10n_client::client_token(), "signature" => $signature, "uid" => l10n_client::server_uid($api_key))); + if (!isset($response_data) && !isset($response_status)) { + return array(false, false); + } + if (!remote::success($response_status)) { - return false; + return array(true, false); } - return true; + return array(true, true); } /** -- cgit v1.2.3 From ee53744aa73b06f262122b6236014618fe6d742c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 11 Jan 2011 16:59:57 -0800 Subject: Two improvements to Joe's fix for #1504: 1) Trap all exceptions, eg dns or connectivity issues and report back in the form (but put the stack trace in the logs) 2) Rename "noconn" to "no_connection" --- modules/gallery/controllers/admin_languages.php | 5 +++-- modules/gallery/helpers/l10n_client.php | 15 ++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index e9be2a88..f96a0eb7 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -77,7 +77,7 @@ class Admin_Languages_Controller extends Admin_Controller { if ($new_key) { list($connected, $valid) = l10n_client::validate_api_key($new_key); if (!$valid) { - $form->sharing->api_key->add_error($connected ? "invalid" : "noconn", 1); + $form->sharing->api_key->add_error($connected ? "invalid" : "no_connection", 1); } } else { $valid = true; @@ -122,7 +122,8 @@ class Admin_Languages_Controller extends Admin_Controller { : t("API key")) ->value($api_key) ->error_messages("invalid", t("The API key you provided is invalid.")) - ->error_messages("noconn", t("Could not connect to remote server to validate the API key.")); + ->error_messages( + "no_connection", t("Could not connect to remote server to validate the API key.")); $group->submit("save")->value(t("Save settings")); if ($api_key && $this->_outgoing_translations_count()) { // TODO: UI improvement: hide API key / save button when API key is set. diff --git a/modules/gallery/helpers/l10n_client.php b/modules/gallery/helpers/l10n_client.php index 2af5c8d0..8fc66b68 100644 --- a/modules/gallery/helpers/l10n_client.php +++ b/modules/gallery/helpers/l10n_client.php @@ -55,11 +55,16 @@ class l10n_client_Core { $url = self::_server_url("status"); $signature = self::_sign($version, $api_key); - list ($response_data, $response_status) = remote::post( - $url, array("version" => $version, - "client_token" => l10n_client::client_token(), - "signature" => $signature, - "uid" => l10n_client::server_uid($api_key))); + try { + list ($response_data, $response_status) = remote::post( + $url, array("version" => $version, + "client_token" => l10n_client::client_token(), + "signature" => $signature, + "uid" => l10n_client::server_uid($api_key))); + } catch (ErrorException $e) { + // Log the error, but then return a "can't make connection" error + Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString()); + } if (!isset($response_data) && !isset($response_status)) { return array(false, false); } -- cgit v1.2.3 From 09d34696a12ae15f6c7378a64b2359465b2d7277 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 11 Jan 2011 17:54:33 -0800 Subject: Update comments to annotate what data is where during the process. Follow-on for #1518. --- modules/gallery/controllers/file_proxy.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 0400d7c4..98f4e839 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -29,9 +29,11 @@ class File_Proxy_Controller extends Controller { const ALLOW_PRIVATE_GALLERY = true; public function __call($function, $args) { - // request_uri: gallery3/var/trunk/albums/foo/bar.jpg + // request_uri: gallery3/var/albums/foo/bar.jpg?m=1234 $request_uri = rawurldecode(Input::instance()->server("REQUEST_URI")); + // get rid of query parameters + // request_uri: gallery3/var/albums/foo/bar.jpg $request_uri = preg_replace("/\?.*/", "", $request_uri); // var_uri: gallery3/var/ @@ -43,8 +45,11 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } + // file_uri: albums/foo/bar.jpg $file_uri = substr($request_uri, strlen($var_uri)); + // type: albums + // path: foo/bar.jpg list ($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { throw new Kohana_404_Exception(); -- cgit v1.2.3