From 511826a33cbbf03bf1e3cb151f1a181b8e6723e8 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 2 Sep 2010 01:10:15 -0700
Subject: Don't show the "(## errors)" part of the status message if there
 haven't been any errors.

---
 modules/gallery/controllers/uploader.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php
index fb496f60..168e8b2d 100644
--- a/modules/gallery/controllers/uploader.php
+++ b/modules/gallery/controllers/uploader.php
@@ -103,11 +103,14 @@ class Uploader_Controller extends Controller {
   }
 
   public function status($success_count, $error_count) {
-    // The "errors" won't be properly pluralized :-/
-    print t2("Uploaded %count photo (%error errors)",
-             "Uploaded %count photos (%error errors)",
-             $success_count,
-             array("error" => $error_count));
+    if ($error_count) {
+      // The "errors" won't be properly pluralized :-/
+      print t2("Uploaded %count photo (%error errors)",
+               "Uploaded %count photos (%error errors)",
+               $success_count,
+               array("error" => $error_count));
+    } else {
+      print t2("Uploaded %count photo", "Uploaded %count photos", $success_count);}
   }
 
   public function finish() {
-- 
cgit v1.2.3


From c51b6ab38d7f16d64127fd3a73df38166a698f0f Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 4 Sep 2010 15:54:07 -0700
Subject: Fix full size dimensions after rotating an image on the photo view
 page.

The photo view page caches the dimensions of the full size and then
renders it in Javascript.  But after rotation, those dimensions are no
longer valid.  Create a new function on the items controller that
returns the appropriate dimensions, then add a hook on
$.gallery_replace_image and implement the hook on the photo view page
to have it make an async call to get the new dimensions.

Fixes ticket #1317
---
 lib/gallery.common.js                 |  3 +++
 modules/gallery/controllers/items.php |  9 +++++++++
 themes/wind/views/photo.html.php      | 15 ++++++++++++++-
 3 files changed, 26 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/controllers')

diff --git a/lib/gallery.common.js b/lib/gallery.common.js
index a8b237bf..69452f39 100644
--- a/lib/gallery.common.js
+++ b/lib/gallery.common.js
@@ -121,6 +121,9 @@
   // Ajax handler for replacing an image, used in Ajax thumbnail rotation
   $.gallery_replace_image = function(data, thumb) {
     $(thumb).attr({src: data.src, width: data.width, height: data.height});
+    if (typeof gallery_image_replaced_hook == 'function') {
+      gallery_image_replaced_hook(data, thumb);
+    }
   };
 
   // Initialize context menus
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php
index f205bf86..39b0f638 100644
--- a/modules/gallery/controllers/items.php
+++ b/modules/gallery/controllers/items.php
@@ -31,4 +31,13 @@ class Items_Controller extends Controller {
     access::required("view", $item);
     url::redirect($item->abs_url());
   }
+
+  // Return the width/height dimensinons for the given item
+  public function dimensions($id) {
+    $item = ORM::factory("item", $id);
+    access::required("view", $item);
+    json::reply(array("thumb" => array((int)$item->thumb_width, (int)$item->thumb_height),
+                      "resize" => array((int)$item->resize_width, (int)$item->resize_height),
+                      "full" => array((int)$item->width, (int)$item->height)));
+  }
 }
diff --git a/themes/wind/views/photo.html.php b/themes/wind/views/photo.html.php
index f8b5511c..cb830e23 100644
--- a/themes/wind/views/photo.html.php
+++ b/themes/wind/views/photo.html.php
@@ -4,10 +4,23 @@
 <!-- Use javascript to show the full size as an overlay on the current page -->
 <script type="text/javascript">
   $(document).ready(function() {
+    full_dims = [<?= $theme->item()->width ?>, <?= $theme->item()->height ?>];
     $(".g-fullsize-link").click(function() {
-      $.gallery_show_full_size(<?= html::js_string($theme->item()->file_url()) ?>, "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
+      $.gallery_show_full_size(<?= html::js_string($theme->item()->file_url()) ?>, full_dims[0], full_dims[1]);
       return false;
     });
+
+    // After the image is rotated or replaced we have to reload the image dimensions
+    // so that the full size view isn't distorted.
+    gallery_image_replaced_hook = function(data, thumb) {
+      $.ajax({
+        url: "<?= url::site("items/dimensions/" . $theme->item()->id) ?>",
+        dataType: "json",
+        success: function(data, textStatus) {
+          full_dims = data.full;
+        }
+      });
+    }
   });
 </script>
 <? endif ?>
-- 
cgit v1.2.3


From 391a90e3cedd1cca7631f9a4d786c6c513b1dd48 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 8 Sep 2010 20:36:22 -0700
Subject: Detect when a module fails to upgrade properly and put up an
 informative message to help the user know that she needs to get a newer copy
 of the module.  Fixes ticket #1189.

---
 modules/gallery/controllers/upgrader.php | 12 ++++++--
 modules/gallery/css/upgrader.css         | 28 +++++++++++++++++
 modules/gallery/helpers/module.php       |  6 +++-
 modules/gallery/views/upgrader.html.php  | 53 ++++++++++++++++++++++----------
 4 files changed, 79 insertions(+), 20 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index cb940b46..a3cfac48 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -39,10 +39,12 @@ class Upgrader_Controller extends Controller {
       }
     }
 
+    $failed = Input::instance()->get("failed");
     $view = new View("upgrader.html");
     $view->can_upgrade = identity::active_user()->admin || $session->get("can_upgrade");
     $view->upgrade_token = $upgrade_token;
     $view->available = module::available();
+    $view->failed = $failed ? explode(",", $failed) : array();
     $view->done = $available_upgrades == 0;
     print $view;
   }
@@ -65,20 +67,26 @@ class Upgrader_Controller extends Controller {
     }
 
     // Then upgrade the rest
+    $failed = array();
     foreach (module::available() as $id => $module) {
       if ($id == "gallery") {
         continue;
       }
 
       if ($module->active && $module->code_version != $module->version) {
-        module::upgrade($id);
+        try {
+          module::upgrade($id);
+        } catch (Exception $e) {
+          // @todo assume it's MODULE_FAILED_TO_UPGRADE for now
+          $failed[] = $id;
+        }
       }
     }
 
     if (php_sapi_name() == "cli") {
       print "Upgrade complete\n";
     } else {
-      url::redirect("upgrader");
+      url::redirect("upgrader?failed=" . join(",", $failed));
     }
   }
 }
diff --git a/modules/gallery/css/upgrader.css b/modules/gallery/css/upgrader.css
index d1b74c31..8610016e 100644
--- a/modules/gallery/css/upgrader.css
+++ b/modules/gallery/css/upgrader.css
@@ -58,6 +58,10 @@ tr.upgradeable td.gallery {
   color: #00d;
 }
 
+tr.failed td {
+  color: red;
+}
+
 p {
   font-size: .9em;
 }
@@ -120,12 +124,28 @@ div#dialog div {
   opacity: 0.5;
 }
 
+.failed {
+  color: red;
+}
+
 pre {
   display: inline;
   margin: 0px;
   padding: 0px;
 }
 
+div#upgrade_button {
+  margin-bottom: 20px;
+}
+
+div#welcome_message {
+  margin-left: 30px;
+}
+
+#logo {
+  margin-left: 14px;
+}
+
 .rtl {
   direction: rtl;
 }
@@ -153,3 +173,11 @@ pre {
 .rtl div#dialog a.close {
   float: left;
 }
+
+.rtl div#welcome_message {
+  padding-right: 30px;
+}
+
+.rtl #logo {
+  padding-right: 12px;
+}
diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php
index e3fb8684..be9c4249 100644
--- a/modules/gallery/helpers/module.php
+++ b/modules/gallery/helpers/module.php
@@ -214,10 +214,10 @@ class module_Core {
   static function upgrade($module_name) {
     $version_before = module::get_version($module_name);
     $installer_class = "{$module_name}_installer";
+    $available = module::available();
     if (method_exists($installer_class, "upgrade")) {
       call_user_func_array(array($installer_class, "upgrade"), array($version_before));
     } else {
-      $available = module::available();
       if (isset($available->$module_name->code_version)) {
         module::set_version($module_name, $available->$module_name->code_version);
       } else {
@@ -234,6 +234,10 @@ class module_Core {
                           "version_before" => $version_before,
                           "version_after" => $version_after)));
     }
+
+    if ($version_after != $available->$module_name->code_version) {
+      throw new Exception("@todo MODULE_FAILED_TO_UPGRADE");
+    }
   }
 
   /**
diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php
index 0ce24ef8..c2d8a552 100644
--- a/modules/gallery/views/upgrader.html.php
+++ b/modules/gallery/views/upgrader.html.php
@@ -10,7 +10,7 @@
   </head>
   <body<? if (locales::is_rtl()) { echo ' class="rtl"'; } ?>>
     <div id="outer">
-      <img src="<?= url::file("modules/gallery/images/gallery.png") ?>" />
+      <img id="logo" src="<?= url::file("modules/gallery/images/gallery.png") ?>" />
       <div id="inner">
         <? if ($can_upgrade): ?>
         <div id="dialog" style="visibility: hidden">
@@ -31,6 +31,12 @@
                     array("url" => html::mark_clean(url::base()))) ?>
             </p>
           </div>
+          <div id="failed" style="display: none">
+            <h1> <?= t("Some modules failed to upgrade!") ?> </h1>
+            <p>
+              <?= t("Failed modules are <span class=\"failed\">highlighted</span>.  Try getting newer versions or <a href=\"%admin_modules\">deactivating those modules</a>.", array("admin_modules" => url::site("admin/modules"))) ?>
+            </p>
+          </div>
         </div>
         <script type="text/javascript">
           $(document).ready(function() {
@@ -41,6 +47,10 @@
             <? if ($done): ?>
             show_done();
             <? endif ?>
+
+            <? if ($failed): ?>
+            show_failed();
+            <? endif ?>
           });
 
           var show_busy = function() {
@@ -55,10 +65,31 @@
             $("#done").show();
             $("#dialog_close_link").show();
           }
+
+          var show_failed = function() {
+            $("#dialog").css("visibility", "visible");
+            $("#failed").show();
+            $("#dialog_close_link").show();
+          }
         </script>
-        <p class="<?= $done ? "muted" : "" ?>">
-          <?= t("Welcome to the Gallery upgrader.  One click and you're done!") ?>
-        </p>
+        <div id="welcome_message">
+          <p class="<?= $done ? "muted" : "" ?>">
+            <?= t("Welcome to the Gallery upgrader.  One click and you're done!") ?>
+          </p>
+        </div>
+
+        <? if ($done): ?>
+        <div id="upgrade_button" class="button muted">
+          <?= t("Upgrade all") ?>
+        </div>
+        <? else: ?>
+        <div id="upgrade_button" class="button button-active">
+          <a id="upgrade_link" href="<?= url::site("upgrader/upgrade") ?>">
+            <?= t("Upgrade all") ?>
+          </a>
+        </div>
+        <? endif ?>
+
         <table>
           <tr class="<?= $done ? "muted" : "" ?>">
             <th class="name"> <?= t("Module name") ?> </th>
@@ -68,7 +99,7 @@
 
           <? foreach ($available as $id => $module): ?>
           <? if ($module->active): ?>
-          <tr class="<?= $module->version == $module->code_version ? "current" : "upgradeable" ?>" >
+          <tr class="<?= $module->version == $module->code_version ? "current" : "upgradeable" ?> <?= in_array($id, $failed) ? "failed" : "" ?>" >
             <td class="name <?= $id ?>">
               <?= t($module->name) ?>
             </td>
@@ -85,18 +116,6 @@
           <? endforeach ?>
         </table>
 
-        <? if ($done): ?>
-        <div class="button muted">
-          <?= t("Upgrade all") ?>
-        </div>
-        <? else: ?>
-        <div class="button button-active">
-          <a id="upgrade_link" href="<?= url::site("upgrader/upgrade") ?>">
-            <?= t("Upgrade all") ?>
-          </a>
-        </div>
-        <? endif ?>
-
         <? if (@$inactive): ?>
         <p class="<?= $done ? "muted" : "" ?>">
           <?= t("The following modules are inactive and don't require an upgrade.") ?>
-- 
cgit v1.2.3


From cbb6967405569606de3b67e1f1dcde2ed8d6bb03 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 8 Sep 2010 20:59:40 -0700
Subject: Detect out-of-date modules and put up a message for site admins.
 Fixes ticket #1353.

---
 modules/gallery/controllers/admin_modules.php | 5 +++++
 modules/gallery/controllers/upgrader.php      | 3 +++
 modules/gallery/helpers/module.php            | 4 ++++
 3 files changed, 12 insertions(+)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/admin_modules.php b/modules/gallery/controllers/admin_modules.php
index f5af9a5a..650b7e9e 100644
--- a/modules/gallery/controllers/admin_modules.php
+++ b/modules/gallery/controllers/admin_modules.php
@@ -95,12 +95,17 @@ class Admin_Modules_Controller extends Admin_Controller {
           $activated_names[] = t($info->name);
         }
       } catch (Exception $e) {
+        message::warning(t("An error occurred while installing the <b>%module_name</b> module",
+                           array("module_name" => $info->name)));
         Kohana_Log::add("error", (string)$e);
       }
     }
 
     module::event("module_change", $changes);
 
+    // If modules need upgrading, this will get recreated
+    site_status::clear("upgrade_now");
+
     // @todo this type of collation is questionable from an i18n perspective
     if ($activated_names) {
       message::success(t("Activated: %names", array("names" => join(", ", $activated_names))));
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index a3cfac48..6613d671 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -83,6 +83,9 @@ class Upgrader_Controller extends Controller {
       }
     }
 
+    // If the upgrade failed, this will get recreated
+    site_status::clear("upgrade_now");
+
     if (php_sapi_name() == "cli") {
       print "Upgrade complete\n";
     } else {
diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php
index be9c4249..7863520e 100644
--- a/modules/gallery/helpers/module.php
+++ b/modules/gallery/helpers/module.php
@@ -99,6 +99,10 @@ class module_Core {
         $m->code_version = $m->version;
         $m->version = self::get_version($module_name);
         $m->locked = false;
+
+        if ($m->active && $m->version != $m->code_version) {
+          site_status::warning(t("Some of your modules are out of date.  <a href=\"%upgrader_url\">Upgrade now!</a>", array("upgrader_url" => url::site("upgrader"))), "upgrade_now");
+        }
       }
 
       // Lock certain modules
-- 
cgit v1.2.3


From 5892712b237cb1e585b2cc7a6820d2cf3a8c1a34 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 10 Sep 2010 23:01:47 -0700
Subject: If the user is not an admin, don't 403 -- instead just redirect them
 to the root album.  Fixes ticket #1356.

---
 modules/gallery/controllers/reauthenticate.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index 0486c0fe..53a96374 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -19,12 +19,19 @@
  */
 class Reauthenticate_Controller extends Controller {
   public function index() {
+    $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax());
     if (!identity::active_user()->admin) {
-      access::forbidden();
+      if ($is_ajax) {
+        // We should never be able to get here since Admin_Controller::_reauth_check() won't work
+        // for non-admins.
+        access::forbidden();
+      } else {
+        url::redirect(item::root()->abs_url());
+      }
     }
+
     // On redirects from the admin controller, the ajax request indicator is lost,
     // so we store it in the session.
-    $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax());
     if ($is_ajax) {
       $v = new View("reauthenticate.html");
       $v->form = self::_form();
-- 
cgit v1.2.3


From 67f45cfa781ef4b446676e199470e421f5463812 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 11 Sep 2010 01:46:45 -0700
Subject: Add CSRF protection to the upgrader.  And update the CLI output so
 that it tells you which modules failed to upgrade properly.  Fixes ticket
 #1359.

---
 modules/gallery/controllers/upgrader.php | 21 ++++++++++++++++++---
 modules/gallery/views/upgrader.html.php  |  2 +-
 2 files changed, 19 insertions(+), 4 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index 6613d671..b2646874 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -54,8 +54,16 @@ class Upgrader_Controller extends Controller {
       // @todo this may screw up some module installers, but we don't have a better answer at
       // this time.
       $_SERVER["HTTP_HOST"] = "example.com";
-    } else if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
-      access::forbidden();
+    } else {
+      if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
+        access::forbidden();
+      }
+
+      try {
+        access::verify_csrf();
+      } catch (Exception $e) {
+        url::redirect("upgrader");
+      }
     }
 
     $available = module::available();
@@ -87,7 +95,14 @@ class Upgrader_Controller extends Controller {
     site_status::clear("upgrade_now");
 
     if (php_sapi_name() == "cli") {
-      print "Upgrade complete\n";
+      if ($failed) {
+        print "Upgrade completed ** WITH FAILURES **\n";
+        print "The following modules were not successfully upgraded:\n";
+        print "  " . implode($failed, "\n  ") . "\n";
+        print "Try getting newer versions or deactivating those modules\n";
+      } else {
+        print "Upgrade complete\n";
+      }
     } else {
       url::redirect("upgrader?failed=" . join(",", $failed));
     }
diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php
index c2d8a552..554cf30d 100644
--- a/modules/gallery/views/upgrader.html.php
+++ b/modules/gallery/views/upgrader.html.php
@@ -84,7 +84,7 @@
         </div>
         <? else: ?>
         <div id="upgrade_button" class="button button-active">
-          <a id="upgrade_link" href="<?= url::site("upgrader/upgrade") ?>">
+          <a id="upgrade_link" href="<?= url::site("upgrader/upgrade?csrf=__CSRF__") ?>">
             <?= t("Upgrade all") ?>
           </a>
         </div>
-- 
cgit v1.2.3


From 5e316f78c6d73fcba9b39c0f9033f1d670de83cb Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 16 Sep 2010 15:17:00 -0700
Subject: Restrict viewing user profile pages to registered users only, but
 provide a "show_user_profiles_to" setting to allow admins to open it up to
 everybody (choices there are "registered_users", "admin_users" or
 "everybody").  Fixes ticket #1378.

---
 installer/install.sql                         |  5 ++--
 modules/gallery/controllers/user_profile.php  | 39 +++++++++++++++++++++++++++
 modules/gallery/helpers/gallery_installer.php | 10 ++++---
 modules/gallery/module.info                   |  2 +-
 4 files changed, 50 insertions(+), 6 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/installer/install.sql b/installer/install.sql
index 7a40918d..05dfcb5e 100644
--- a/installer/install.sql
+++ b/installer/install.sql
@@ -244,7 +244,7 @@ CREATE TABLE {modules} (
   KEY `weight` (`weight`)
 ) AUTO_INCREMENT=11 DEFAULT CHARSET=utf8;
 /*!40101 SET character_set_client = @saved_cs_client */;
-INSERT INTO {modules} VALUES (1,1,'gallery',38,1);
+INSERT INTO {modules} VALUES (1,1,'gallery',39,1);
 INSERT INTO {modules} VALUES (2,1,'user',3,2);
 INSERT INTO {modules} VALUES (3,1,'comment',3,3);
 INSERT INTO {modules} VALUES (4,1,'organize',2,4);
@@ -395,7 +395,7 @@ CREATE TABLE {vars} (
   `value` text,
   PRIMARY KEY (`id`),
   UNIQUE KEY `module_name` (`module_name`,`name`)
-) AUTO_INCREMENT=49 DEFAULT CHARSET=utf8;
+) AUTO_INCREMENT=50 DEFAULT CHARSET=utf8;
 /*!40101 SET character_set_client = @saved_cs_client */;
 INSERT INTO {vars} VALUES (NULL,'gallery','active_site_theme','wind');
 INSERT INTO {vars} VALUES (NULL,'gallery','active_admin_theme','admin_wind');
@@ -422,6 +422,7 @@ INSERT INTO {vars} VALUES (NULL,'gallery','email_reply_to','unknown@unknown.com'
 INSERT INTO {vars} VALUES (NULL,'gallery','choose_default_tookit','1');
 INSERT INTO {vars} VALUES (NULL,'gallery','email_line_length','70');
 INSERT INTO {vars} VALUES (NULL,'gallery','email_header_separator','s:1:\"\n\";');
+INSERT INTO {vars} VALUES (NULL,'gallery','show_user_profiles_to','registered_users');
 INSERT INTO {vars} VALUES (NULL,'comment','spam_caught','0');
 INSERT INTO {vars} VALUES (NULL,'comment','access_permissions','everybody');
 INSERT INTO {vars} VALUES (NULL,'gallery','blocks_site_sidebar','a:4:{i:9;a:2:{i:0;s:7:\"gallery\";i:1;s:8:\"language\";}i:10;a:2:{i:0;s:4:\"info\";i:1;s:8:\"metadata\";}i:11;a:2:{i:0;s:3:\"rss\";i:1;s:9:\"rss_feeds\";}i:12;a:2:{i:0;s:3:\"tag\";i:1;s:3:\"tag\";}}');
diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index e992655b..4922416c 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -18,6 +18,7 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class User_Profile_Controller extends Controller {
+
   public function show($id) {
     // If we get here, then we should have a user id other than guest.
     $user = identity::lookup_user($id);
@@ -25,6 +26,10 @@ class User_Profile_Controller extends Controller {
       throw new Kohana_404_Exception();
     }
 
+    if (!$this->_can_view_profile_pages($user)) {
+      throw new Kohana_404_Exception();
+    }
+
     $v = new Theme_View("page.html", "other", "profile");
     $v->page_title = t("%name Profile", array("name" => $user->display_name()));
     $v->content = new View("user_profile.html");
@@ -44,12 +49,20 @@ class User_Profile_Controller extends Controller {
 
   public function contact($id) {
     $user = identity::lookup_user($id);
+    if (!$this->_can_view_profile_pages($user)) {
+      throw new Kohana_404_Exception();
+    }
+
     print user_profile::get_contact_form($user);
   }
 
   public function send($id) {
     access::verify_csrf();
     $user = identity::lookup_user($id);
+    if (!$this->_can_view_profile_pages($user)) {
+      throw new Kohana_404_Exception();
+    }
+
     $form = user_profile::get_contact_form($user);
     if ($form->validate()) {
       Sendmail::factory()
@@ -66,4 +79,30 @@ class User_Profile_Controller extends Controller {
       json::reply(array("result" => "error", "html" => (string)$form));
     }
   }
+
+  private function _can_view_profile_pages($user) {
+    if (!$user->loaded()) {
+      return false;
+    }
+
+    if ($user->id == identity::active_user()->id) {
+      // You can always view your own profile
+      return true;
+    }
+
+    switch (module::get_var("gallery", "show_user_profiles_to")) {
+    case "admin_users":
+      return identity::active_user()->admin;
+
+    case "registered_users":
+      return !identity::active_user()->guest;
+
+    case "everybody":
+      return true;
+
+    default:
+      // Fail in private mode on an invalid setting
+      return false;
+    }
+  }
 }
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index c23bcca8..444d307b 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -302,14 +302,13 @@ class gallery_installer {
     module::set_var("gallery", "maintenance_mode", 0);
     module::set_var("gallery", "visible_title_length", 15);
     module::set_var("gallery", "favicon_url", "lib/images/favicon.ico");
-
-    // Sendmail configuration
     module::set_var("gallery", "email_from", "");
     module::set_var("gallery", "email_reply_to", "");
     module::set_var("gallery", "email_line_length", 70);
     module::set_var("gallery", "email_header_separator", serialize("\n"));
+    module::set_var("gallery", "show_user_profiles_to", "registered_users");
 
-    module::set_version("gallery", 38);
+    module::set_version("gallery", 39);
   }
 
   static function upgrade($version) {
@@ -627,6 +626,11 @@ class gallery_installer {
       }
       module::set_version("gallery", $version = 38);
     }
+
+    if ($version == 38) {
+      module::set_var("gallery", "show_user_profiles_to", "registered_users");
+      module::set_version("gallery", $version = 39);
+    }
   }
 
   static function uninstall() {
diff --git a/modules/gallery/module.info b/modules/gallery/module.info
index cc3b2723..5791f79d 100644
--- a/modules/gallery/module.info
+++ b/modules/gallery/module.info
@@ -1,3 +1,3 @@
 name = "Gallery 3"
 description = "Gallery core application"
-version = 38
+version = 39
-- 
cgit v1.2.3


From 64dfccc4eddf204a80ce533bad69ac8c0c83c1bd Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 16 Sep 2010 20:04:22 -0700
Subject: Preserve the image extension on the temp file that we create for
 rotating images.  Some versions of GD won't work if we don't do this. Fixes
 ticket #1375.

---
 modules/gallery/controllers/quick.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index c34209da..3db4f5df 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -36,7 +36,8 @@ class Quick_Controller extends Controller {
     }
 
     if ($degrees) {
-      $tmpfile = tempnam(TMPPATH, "rotate");
+      $tmpfile = tempnam(TMPPATH, "rotate") . "." .
+        pathinfo($item->file_path(), PATHINFO_EXTENSION);
       gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees));
       $item->set_data_file($tmpfile);
       $item->save();
-- 
cgit v1.2.3