From 6353a7c2decd62098ebc96951c38c9aade44fc4c Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Thu, 11 Feb 2010 14:28:32 -0800
Subject: Security: Fix leaking of album / photo names. Reject previous fix for
 ticket 1009. Side effect: Renaming auth::required_login() to login_page().

---
 modules/gallery/controllers/albums.php | 12 +++++++++---
 modules/gallery/controllers/movies.php |  7 ++-----
 modules/gallery/controllers/photos.php | 11 ++++-------
 3 files changed, 15 insertions(+), 15 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index e1985cfb..c2b474ee 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -26,12 +26,18 @@ class Albums_Controller extends Items_Controller {
     if (!is_object($album)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Kohana::show_404();
+      throw new Kohana_404_Exception();
     }
 
     if (!access::can("view", $album)) {
-      print auth::require_login();
-      return;
+      if ($album->id == 1) {
+        // Even show the login page to logged in users.
+        // It's a better user experience than a "Dang" error page.
+        print auth::login_page();
+        return;
+      } else {
+        access::required("view", $album);
+      }
     }
 
     $page_size = module::get_var("gallery", "page_size", 9);
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 8041066e..78a56e81 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -22,13 +22,10 @@ class Movies_Controller extends Items_Controller {
     if (!is_object($movie)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Kohana::show_404();
+      throw new Kohana_404_Exception();
     }
 
-    if (!access::can("view", $movie)) {
-      print auth::require_login();
-      return;
-    }
+    access::required("view", $movie);
 
     $where = array(array("type", "!=", "album"));
     $position = $movie->parent()->get_position($movie, $where);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 778e9ae7..f2d47eec 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -22,14 +22,11 @@ class Photos_Controller extends Items_Controller {
     if (!is_object($photo)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Kohana::show_404();
+      throw new Kohana_404_Exception();
     }
-
-    if (!access::can("view", $photo)) {
-      print auth::require_login();
-      return;
-    }
-
+  
+    access::required("view", $photo);
+  
     $where = array(array("type", "!=", "album"));
     $position = $photo->parent()->get_position($photo, $where);
     if ($position > 1) {
-- 
cgit v1.2.3


From d53f6d0e052fb455059170a311640fcd06cad798 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Fri, 12 Feb 2010 16:40:44 -0800
Subject: Fix for tickets 1009 and 603: Show a themed error page to guests /
 registered users (not to admins though). And show a login form to guests for
 404 (incl. insufficient view permissions) errors.

---
 modules/gallery/controllers/albums.php            |  13 +--
 modules/gallery/controllers/items.php             |   2 +-
 modules/gallery/controllers/movies.php            |   2 +-
 modules/gallery/controllers/photos.php            |   2 +-
 modules/gallery/helpers/access.php                |   2 +-
 modules/gallery/helpers/auth.php                  |  14 ---
 modules/gallery/libraries/MY_Kohana_Exception.php |  59 +++++++++-
 modules/gallery/views/error.html.php              |  12 ++
 modules/gallery/views/error_404.html.php          |  21 ++++
 modules/gallery/views/kohana_error_page.php       | 127 ----------------------
 10 files changed, 97 insertions(+), 157 deletions(-)
 create mode 100644 modules/gallery/views/error.html.php
 create mode 100644 modules/gallery/views/error_404.html.php
 delete mode 100644 modules/gallery/views/kohana_error_page.php

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index c2b474ee..1cc3b1ec 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -26,19 +26,10 @@ class Albums_Controller extends Items_Controller {
     if (!is_object($album)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      throw new Kohana_404_Exception();
+      Event::run('system.404');
     }
 
-    if (!access::can("view", $album)) {
-      if ($album->id == 1) {
-        // Even show the login page to logged in users.
-        // It's a better user experience than a "Dang" error page.
-        print auth::login_page();
-        return;
-      } else {
-        access::required("view", $album);
-      }
-    }
+    access::required("view", $album);
 
     $page_size = module::get_var("gallery", "page_size", 9);
     $input = Input::instance();
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php
index f261e3a9..0bd47b2d 100644
--- a/modules/gallery/controllers/items.php
+++ b/modules/gallery/controllers/items.php
@@ -21,7 +21,7 @@ class Items_Controller extends Controller {
   public function __call($function, $args) {
     $item = ORM::factory("item", (int)$function);
     if (!$item->loaded()) {
-      throw new Kohana_404_Exception();
+      Event::run('system.404');
     }
 
     // Redirect to the more specific resource type, since it will render
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 78a56e81..1dbcb481 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -22,7 +22,7 @@ class Movies_Controller extends Items_Controller {
     if (!is_object($movie)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      throw new Kohana_404_Exception();
+      Event::run('system.404');
     }
 
     access::required("view", $movie);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index f2d47eec..2a77aea4 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -22,7 +22,7 @@ class Photos_Controller extends Items_Controller {
     if (!is_object($photo)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      throw new Kohana_404_Exception();
+      Event::run('system.404');
     }
   
     access::required("view", $photo);
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 7e8b079a..c4c100ca 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -120,7 +120,7 @@ class access_Core {
     if (!self::can($perm_name, $item)) {
       if ($perm_name == "view") {
         // Treat as if the item didn't exist, don't leak any information.
-        throw new Kohana_404_Exception();
+        Event::run('system.404');
       } else {
         self::forbidden();
       }
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 8b0ce470..c3e9e6e9 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -130,18 +130,4 @@ class auth_Core {
     $session->set("admin_area_activity_timestamp", time());
     return false;
   }
-
-  /**
-   * Returns the themed login page.
-   */
-  static function login_page($continue_url=null) {
-    $view = new Theme_View("page.html", "other", "login");
-    $view->page_title = t("Log in to Gallery");
-    $view->content = new View("login_ajax.html");
-    $view->content->form = auth::get_login_form("login/auth_html");
-    // Avoid anti-phishing protection by passing the url as session variable.
-    $continue_url or $continue_url = url::current(true);
-    Session::instance()->set("continue_url", $continue_url);
-    return $view;
-  }
 }
\ No newline at end of file
diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php
index 1c40091a..d6f1f467 100644
--- a/modules/gallery/libraries/MY_Kohana_Exception.php
+++ b/modules/gallery/libraries/MY_Kohana_Exception.php
@@ -33,6 +33,63 @@ class Kohana_Exception extends Kohana_Exception_Core {
     if ($e instanceof ORM_Validation_Exception) {
       Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1));
     }
-    return parent::handle($e);
+    try {
+      $user = identity::active_user();
+      $try_themed_view = $user && !$user->admin;
+    } catch (Exception $e2) {
+      $try_themed_view = false;
+    }
+
+    if ($try_themed_view) {
+      try {
+        return self::_show_themed_error_page($e);
+      } catch (Exception $e3) {
+        Kohana_Log::add("error", "Exception in exception handling code: " . self::text($e3));
+        return parent::handle($e);
+      }
+    } else {
+      return parent::handle($e);
+    }
+  }
+
+  /**
+   * Shows a themed error page.
+   * @see Kohana_Exception::handle
+   */
+  private static function _show_themed_error_page(Exception $e) {
+    // Create a text version of the exception
+    $error = Kohana_Exception::text($e);
+    
+    // Add this exception to the log
+    Kohana_Log::add('error', $error);
+
+    // Manually save logs after exceptions
+    Kohana_Log::save();
+
+    if (!headers_sent()) {
+      if ($e instanceof Kohana_Exception) {
+        $e->sendHeaders();
+      } else {
+        header("HTTP/1.1 500 Internal Server Error");
+      }
+    }
+
+    $view = new Theme_View("page.html", "other", "error");
+    if ($e instanceof Kohana_404_Exception) {
+      $view->page_title = t("Dang...  Page not found!");
+      $view->content = new View("error_404.html");
+      $user = identity::active_user();
+      $view->content->is_guest = $user && $user->guest;
+      if ($view->content->is_guest) {
+        $view->content->login_form = new View("login_ajax.html");
+        $view->content->login_form->form = auth::get_login_form("login/auth_html");
+        // Avoid anti-phishing protection by passing the url as session variable.
+        Session::instance()->set("continue_url", url::current(true));
+      }
+    } else {
+      $view->page_title = t("Dang...  Something went wrong!");
+      $view->content = new View("error.html");
+    }
+    print $view;
   }
 }
\ No newline at end of file
diff --git a/modules/gallery/views/error.html.php b/modules/gallery/views/error.html.php
new file mode 100644
index 00000000..5d81b651
--- /dev/null
+++ b/modules/gallery/views/error.html.php
@@ -0,0 +1,12 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-error">
+  <h1>
+    <?= t("Dang...  Something went wrong!") ?>
+  </h1>
+  <h2>
+    <?= t("We tried really hard, but it's broken.") ?>
+  </h2>
+  <p>
+    <?= t("Talk to your Gallery administrator for help fixing this!") ?>
+  </p>
+</div>
\ No newline at end of file
diff --git a/modules/gallery/views/error_404.html.php b/modules/gallery/views/error_404.html.php
new file mode 100644
index 00000000..e5846e65
--- /dev/null
+++ b/modules/gallery/views/error_404.html.php
@@ -0,0 +1,21 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-error">
+  <h1>
+    <?= t("Dang...  Page not found!") ?>
+  </h1>
+  <? if ($is_guest): ?>
+    <h2>
+      <?= t("Hey wait, you're not signed in yet!") ?>
+    </h2>
+    <p>
+       <?= t("Maybe the page exists, but is only visible to authorized users.") ?>
+       <?= t("Please sign in to find out.") ?>
+    </p>
+    <?= $login_form ?>
+  <? else: ?>
+    <p>
+      <?= t("Maybe the page exists, but is only visible to authorized users.") ?>
+      <?= t("Talk to your Gallery administrator if you think this is an error for help fixing this!") ?>
+    </p>
+ <? endif; ?>
+</div>
\ No newline at end of file
diff --git a/modules/gallery/views/kohana_error_page.php b/modules/gallery/views/kohana_error_page.php
deleted file mode 100644
index b9fdcc19..00000000
--- a/modules/gallery/views/kohana_error_page.php
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-  <head>
-    <style type="text/css">
-      body {
-        background: #fff;
-        font-size: 14px;
-        line-height: 130%;
-      }
-
-      div.big_box {
-        padding: 10px;
-        background: #eee;
-        border: solid 1px #ccc;
-        font-family: sans-serif;
-        color: #111;
-        width: 42em;
-        margin: 20px auto;
-      }
-
-      div#framework_error {
-        text-align: center;
-      }
-
-      div#error_details {
-        text-align: left;
-      }
-
-      code {
-        font-family: monospace;
-        font-size: 12px;
-        margin: 20px;
-        color: #333;
-        white-space: pre-wrap;
-        white-space: -moz-pre-wrap;
-        word-wrap: break-word;
-      }
-
-      h3 {
-        font-family: sans-serif;
-        margin: 2px 0px 0px 0px;
-        padding: 8px 0px 0px 0px;
-        border-top: 1px solid #ddd;
-      }
-
-      p {
-        padding: 0px;
-        margin: 0px 0px 10px 0px;
-      }
-
-      li, pre {
-        padding: 0px;
-        margin: 0px;
-      }
-    </style>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
-    <title><?= t("Something went wrong!") ?></title>
-  </head>
-  <body>
-    <? try { $user = identity::active_user(); } catch (Exception $e) { } ?>
-    <? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
-    <div class="big_box" id="framework_error">
-      <h1>
-        <?= t("Dang...  Something went wrong!") ?>
-      </h1>
-      <h2>
-        <?= t("We tried really hard, but it's broken.") ?>
-      </h2>
-      <? if (!$admin): ?>
-      <p>
-        <?= t("Talk to your Gallery administrator for help fixing this!") ?>
-      </p>
-      <? endif ?>
-    </div>
-    <? if ($admin): ?>
-    <div class="big_box" id="error_details">
-      <h2>
-        <?= t("Hey wait, you're an admin!  We can tell you stuff.") ?>
-      </h2>
-      <script type="text/javascript">
-        var show_details = function() {
-          document.getElementById("stuff").style.display = "block";
-          document.getElementById("toggle").style.display = "none";
-        }
-      </script>
-      <a id="toggle" href="#" onclick="javascript:show_details(); return false;">
-        <b><?= t("Ok.. tell me stuff!") ?></b>
-      </a>
-      <div id="stuff" style="display: none">
-        <? if (!empty($line) and !empty($file)): ?>
-        <div id="summary">
-          <h3>
-            <?= t("Help!") ?>
-          </h3>
-          <p>
-            <?= t("If this stuff doesn't make any sense to you, <a href=\"%url\">ask for help in the Gallery forums</a>!", array("url" => "http://gallery.menalto.com/forum/96")) ?>
-          </p>
-          <h3>
-            <?= t("So here's the error:") ?>
-          </h3>
-
-          <code class="block"><?= $message ?></code>
-          <p>
-            <?= t("File: <b>%file</b>, line: <b>%line</b>", array("file" => $file, "line" => $line)) ?>
-          </p>
-        </div>
-        <? endif ?>
-
-        <? $trace = $PHP_ERROR ? array_slice(debug_backtrace(), 1) : $exception->getTrace(); ?>
-        <? $trace = Kohana::backtrace($trace); ?>
-        <? if (!empty($trace)): ?>
-        <div id="stack_trace">
-          <h3>
-            <?= t("And here's how we got there:") ?>
-          </h3>
-          <?= $trace ?>
-          <? endif ?>
-        </div>
-      </div>
-      <? else: ?>
-      <? $trace = $PHP_ERROR ? array_slice(debug_backtrace(), 1) : $exception->getTraceAsString(); ?>
-      <? if (!empty($trace)): ?>
-      <? Kohana_Log::add("error", print_r($trace, 1)); ?>
-      <? endif ?>
-      <? endif ?>
-  </body>
-</html>
-- 
cgit v1.2.3


From 8412aeb1337c4060a77af7c94441ca8cbc6bb4ad Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Fri, 12 Feb 2010 19:05:44 -0800
Subject: For consistency, use straight Kohana_404_Exception instead of the
 event system.

---
 modules/gallery/controllers/albums.php | 2 +-
 modules/gallery/controllers/items.php  | 2 +-
 modules/gallery/controllers/movies.php | 2 +-
 modules/gallery/controllers/photos.php | 2 +-
 modules/gallery/helpers/access.php     | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index 1cc3b1ec..036dade0 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -26,7 +26,7 @@ class Albums_Controller extends Items_Controller {
     if (!is_object($album)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     access::required("view", $album);
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php
index 0bd47b2d..f261e3a9 100644
--- a/modules/gallery/controllers/items.php
+++ b/modules/gallery/controllers/items.php
@@ -21,7 +21,7 @@ class Items_Controller extends Controller {
   public function __call($function, $args) {
     $item = ORM::factory("item", (int)$function);
     if (!$item->loaded()) {
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     // Redirect to the more specific resource type, since it will render
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 1dbcb481..78a56e81 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -22,7 +22,7 @@ class Movies_Controller extends Items_Controller {
     if (!is_object($movie)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     access::required("view", $movie);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 2a77aea4..f2d47eec 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -22,7 +22,7 @@ class Photos_Controller extends Items_Controller {
     if (!is_object($photo)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
   
     access::required("view", $photo);
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index c4c100ca..7e8b079a 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -120,7 +120,7 @@ class access_Core {
     if (!self::can($perm_name, $item)) {
       if ($perm_name == "view") {
         // Treat as if the item didn't exist, don't leak any information.
-        Event::run('system.404');
+        throw new Kohana_404_Exception();
       } else {
         self::forbidden();
       }
-- 
cgit v1.2.3


From 0f66db51efc427482aaf3b575fff84f015a3a2ab Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 13 Feb 2010 18:03:46 -0800
Subject: Change JavaScript reauthentication check to check via XHR. Benefit:
 Getting the real deadline this way, not interfering with an ongoing
 maintenance task.

---
 modules/gallery/controllers/admin.php     | 21 +++++++++++++++++++++
 modules/gallery/helpers/gallery_theme.php | 17 +++++++++++------
 2 files changed, 32 insertions(+), 6 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index 7706e9fc..838c2b50 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -29,6 +29,9 @@ class Admin_Controller extends Controller {
   }
 
   public function __call($controller_name, $args) {
+    if (Input::instance()->get("reauth_check")) {
+      return self::_reauth_check();
+    }
     if (auth::must_reauth_for_admin_area()) {
       return self::_prompt_for_reauth($controller_name, $args);
     }
@@ -54,6 +57,24 @@ class Admin_Controller extends Controller {
     call_user_func_array(array(new $controller_name, $method), $args);
   }
 
+  private static function _reauth_check() {
+    $session = Session::instance();
+    $last_active_auth = $session->get("active_auth_timestamp", 0);
+    $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
+    $admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
+
+    $time_remaining = max($last_active_auth, $last_admin_area_activity) +
+      $admin_area_timeout - time();
+
+    $result = new stdClass();
+    $result->result = "success";
+    if ($time_remaining < 30) {
+      $result->location = url::abs_site("");
+    }
+
+    print json_encode($result);
+  }
+
   private static function _prompt_for_reauth($controller_name, $args) {
     if (request::method() == "get" && !request::is_ajax()) {
       // Avoid anti-phishing protection by passing the url as session variable.
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index 9ffeb911..ec650e1c 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -92,13 +92,18 @@ class gallery_theme_Core {
     }
 
     // Redirect to the root album when the admin session expires.
-    $redirect_url = url::abs_site("");
-    $admin_area_timeout = 1000 * module::get_var("gallery", "admin_area_timeout");
     $admin_session_redirect_check = '<script type="text/javascript">
-        var page_loaded_timestamp = new Date();
-        setInterval("if (new Date() - page_loaded_timestamp > ' . $admin_area_timeout .
-        ') document.location = \'' . $redirect_url . '\';", 60 * 1000);
-        </script>';
+      var adminReauthCheck = function() {
+        $.ajax({url: "' . url::site("admin?reauth_check=1") . '",
+                dataType: "json",
+                success: function(data){
+                  if ("location" in data) {
+                    document.location = data.location;
+                  }
+                }});
+      };
+      setInterval("adminReauthCheck();", 60 * 1000);
+      </script>';
     print $admin_session_redirect_check;
 
     if ($session->get("l10n_mode", false)) {
-- 
cgit v1.2.3


From 409121942590e12692eaf4e6e9e8b71bfe5ed60c Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 14 Feb 2010 19:26:34 -0800
Subject: Fix for ticket #491: Make user and group names translatable. Also
 fixed a UI bug: No longer showing the edit user buttons to admins in the
 profile view (to be consistent with the requirements in the controller).

---
 modules/gallery/controllers/user_profile.php    | 5 +++--
 modules/gallery/helpers/gallery_event.php       | 3 +++
 modules/gallery/views/permissions_form.html.php | 2 +-
 modules/user/helpers/user_installer.php         | 8 ++++----
 modules/user/models/user.php                    | 2 +-
 modules/user/views/admin_users.html.php         | 2 +-
 modules/user/views/admin_users_group.html.php   | 6 +++---
 7 files changed, 16 insertions(+), 12 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 327d2ff1..05373466 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -23,7 +23,8 @@ class User_Profile_Controller extends Controller {
     $user = identity::lookup_user($id);
     $active_user = identity::active_user();
     $is_current_active = $active_user->id == $id;
-    $display_all =  $active_user->admin || ($is_current_active && !$active_user->guest);
+    $can_edit = $is_current_active && !$active_user->guest;
+    $display_all = $active_user->admin || $can_edit;
 
     $v = new Theme_View("page.html", "other", "profile");
     $v->page_title = t("%name Profile", array("name" => $user->display_name()));
@@ -32,7 +33,7 @@ class User_Profile_Controller extends Controller {
     // @todo modify user_home to supply a link to their album,
     $v->content->user = $user;
     $v->content->not_current = !$is_current_active;
-    $v->content->editable = identity::is_writable() && $display_all;
+    $v->content->editable = identity::is_writable() && $can_edit;
 
     $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
     module::event("show_user_profile", $event_data);
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index faf1c0c6..3f77bc42 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -423,6 +423,9 @@ class gallery_event_Core {
         if ($field == "locale") {
           $value = locales::display_name($value);
         }
+        if ($field == "full_name") {
+          $value = t($value);
+        }
         $v->user_profile_data[(string) $label] = $value;
       }
     }
diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php
index f1714119..b486acb7 100644
--- a/modules/gallery/views/permissions_form.html.php
+++ b/modules/gallery/views/permissions_form.html.php
@@ -5,7 +5,7 @@
     <tr>
       <th> </th>
       <? foreach ($groups as $group): ?>
-      <th> <?= html::clean($group->name) ?> </th>
+      <th> <?= html::clean(t($group->name)) ?> </th>
       <? endforeach ?>
     </tr>
 
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index 729f087a..c57ad010 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -98,25 +98,25 @@ class user_installer {
                DEFAULT CHARSET=utf8;");
 
     $everybody = ORM::factory("group");
-    $everybody->name = "Everybody";
+    $everybody->name = t("Everybody", array("locale" => "root"));
     $everybody->special = true;
     $everybody->save();
 
     $registered = ORM::factory("group");
-    $registered->name = "Registered Users";
+    $registered->name = t("Registered Users", array("locale" => "root"));
     $registered->special = true;
     $registered->save();
 
     $guest = ORM::factory("user");
     $guest->name = "guest";
-    $guest->full_name = "Guest User";
+    $guest->full_name = t("Guest User", array("locale" => "root"));
     $guest->password = "";
     $guest->guest = true;
     $guest->save();
 
     $admin = ORM::factory("user");
     $admin->name = "admin";
-    $admin->full_name = "Gallery Administrator";
+    $admin->full_name = t("Gallery Administrator", array("locale" => "root"));
     $admin->password = "admin";
     $admin->email = "unknown@unknown.com";
     $admin->admin = true;
diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index 4404ee63..aa752203 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -113,7 +113,7 @@ class User_Model extends ORM implements User_Definition {
    * @return string
    */
   public function display_name() {
-    return empty($this->full_name) ? $this->name : $this->full_name;
+    return empty($this->full_name) ? $this->name : t($this->full_name);
   }
 
   /**
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 270a7207..69d97547 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -78,7 +78,7 @@
               <?= html::clean($user->name) ?>
             </td>
             <td>
-              <?= html::clean($user->full_name) ?>
+            <?= t(html::clean($user->full_name)) ?>
             </td>
             <td>
               <?= html::clean($user->email) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index 6c6c341e..8317d393 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,9 +1,9 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <h4>
-  <?= html::clean($group->name) ?>
+  <?= t(html::clean($group->name)) ?>
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
+    title="<?= t("Delete the %name group", array("name" => t(html::clean($group->name))))->for_html_attr() ?>"
     class="g-dialog-link g-button g-right">
     <span class="ui-icon ui-icon-trash"><?= t("Delete") ?></span></a>
   <? else: ?>
@@ -22,7 +22,7 @@
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
        class="g-button g-right ui-state-default ui-corner-all ui-icon-left"
        title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
+              array("user" => $user->name, "group" => t(html::clean($group->name))))->for_html_attr() ?>">
       <span class="ui-icon ui-icon-closethick"><?= t("Remove") ?></span>
     </a>
     <? endif ?>
-- 
cgit v1.2.3


From d388e4bb868602f293b73918981bee1de6176a24 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 19 Feb 2010 11:40:49 -0800
Subject: Refactor away the "display_all" construct in User_Profile_Controller.
 "display_all" is too coarse, and we should be letting event handlers make the
 appropriate decision on what to display and when.  This duplicates some code,
 but it's now very clear in the event handlers what's getting shown.

Throw a 404 if we try to view the user profile for a missing user.

The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.

Don't show any of the edit buttons unless identity::is_writable()
---
 modules/gallery/controllers/user_profile.php       | 16 +++++-----
 modules/gallery/helpers/gallery_event.php          |  2 +-
 modules/gallery/views/user_profile.html.php        |  4 +--
 .../notification/helpers/notification_event.php    | 36 +++++++++++++---------
 modules/rest/helpers/rest_event.php                | 28 +++++++++++------
 5 files changed, 51 insertions(+), 35 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 05373466..b89bc358 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -21,21 +21,21 @@ class User_Profile_Controller extends Controller {
   public function show($id) {
     // If we get here, then we should have a user id other than guest.
     $user = identity::lookup_user($id);
-    $active_user = identity::active_user();
-    $is_current_active = $active_user->id == $id;
-    $can_edit = $is_current_active && !$active_user->guest;
-    $display_all = $active_user->admin || $can_edit;
+    if (!$user) {
+      throw new Kohana_404_Exception();
+    }
 
     $v = new Theme_View("page.html", "other", "profile");
     $v->page_title = t("%name Profile", array("name" => $user->display_name()));
     $v->content = new View("user_profile.html");
 
-    // @todo modify user_home to supply a link to their album,
     $v->content->user = $user;
-    $v->content->not_current = !$is_current_active;
-    $v->content->editable = identity::is_writable() && $can_edit;
+    $v->content->contactable =
+      !$user->guest && $user->id != identity::active_user()->id && $user->email;
+    $v->content->editable =
+      identity::is_writable() && !$user->guest && $user->id == identity::active_user()->id;
 
-    $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
+    $event_data = (object)array("user" => $user, "content" => array());
     module::event("show_user_profile", $event_data);
     $v->content->info_parts = $event_data->content;
 
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index faf1c0c6..36f91142 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -413,7 +413,7 @@ class gallery_event_Core {
 
     $fields = array("name" => t("Name"), "locale" => t("Language Preference"),
                     "email" => t("Email"), "full_name" => t("Full name"), "url" => "Web site");
-    if (!$data->display_all) {
+    if (!$data->user->guest) {
       $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site");
     }
     $v->user_profile_data = array();
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index 53e8dc1e..257bd7ca 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -12,18 +12,18 @@
     <a id="g-profile-return" class="g-button g-right ui-state-default ui-corner-all" href="#">
       <?= t("Return") ?>
     </a>
+    <? if ($editable): ?>
     <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_email/{$user->id}") ?>">
       <?= t("Change email") ?>
     </a>
     <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_password/{$user->id}") ?>">
       <?= t("Change password") ?>
     </a>
-    <? if ($editable): ?>
     <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>">
       <?= t("Edit") ?>
     </a>
     <? endif ?>
-    <? if (!$user->guest && $not_current && !empty($user->email)): ?>
+    <? if ($contactable): ?>
     <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link"
        href="<?= url::site("user_profile/contact/{$user->id}") ?>">
       <?= t("Contact") ?>
diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php
index c8628ae4..19e8dedb 100644
--- a/modules/notification/helpers/notification_event.php
+++ b/modules/notification/helpers/notification_event.php
@@ -128,23 +128,31 @@ class notification_event_Core {
   }
 
   static function show_user_profile($data) {
-    if ($data->display_all) {
-      $view = new View("user_profile_notification.html");
-      $view->subscriptions = array();
-      foreach(ORM::factory("subscription")
-              ->where("user_id", "=", $data->user->id)
-              ->find_all() as $subscription) {
-        $item = ORM::factory("item")
+    // Guests don't see comment listings
+    if (identity::active_user()->guest) {
+      return;
+    }
+
+    // Only logged in users can see their comment listings
+    if (identity::active_user()->id != $data->user->id) {
+      return;
+    }
+
+    $view = new View("user_profile_notification.html");
+    $view->subscriptions = array();
+    foreach(ORM::factory("subscription")
+            ->where("user_id", "=", $data->user->id)
+            ->find_all() as $subscription) {
+      $item = ORM::factory("item")
           ->where("id", "=", $subscription->item_id)
           ->find();
-        if ($item->loaded()) {
-          $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title,
-                                                 "url" => $item->url());
-        }
-      }
-      if (count($view->subscriptions) > 0) {
-        $data->content[] = (object)array("title" => t("Watching"), "view" => $view);
+      if ($item->loaded()) {
+        $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title,
+                                               "url" => $item->url());
       }
     }
+    if (count($view->subscriptions) > 0) {
+      $data->content[] = (object)array("title" => t("Watching"), "view" => $view);
+    }
   }
 }
\ No newline at end of file
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index f9aa34e3..c46e65c4 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -76,19 +76,27 @@ class rest_event {
   }
 
   static function show_user_profile($data) {
-    if ($data->display_all) {
-      $view = new View("user_profile_rest.html");
-      $key = ORM::factory("user_access_token")
+    // Guests can't see a REST key
+    if (identity::active_user()->guest) {
+      return;
+    }
+
+    // Only logged in users can see their own REST key
+    if (identity::active_user()->id != $data->user->id) {
+      return;
+    }
+
+    $view = new View("user_profile_rest.html");
+    $key = ORM::factory("user_access_token")
         ->where("user_id", "=", $data->user->id)
         ->find();
 
-      if (!$key->loaded()) {
-        $key->user_id = $data->user->id;
-        $key->access_key = md5($data->user->name . rand());
-        $key->save();
-      }
-      $view->rest_key = $key->access_key;
-      $data->content[] = (object)array("title" => t("Rest api"), "view" => $view);
+    if (!$key->loaded()) {
+      $key->user_id = $data->user->id;
+      $key->access_key = md5($data->user->name . rand());
+      $key->save();
     }
+    $view->rest_key = $key->access_key;
+    $data->content[] = (object)array("title" => t("Rest api"), "view" => $view);
   }
 }
-- 
cgit v1.2.3


From 8e7eda9cc62c64e77fffabacae7441f8ea076c9d Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 21 Feb 2010 23:23:48 -0800
Subject: Fix progress bar / maintenance tasks for locales that use comma as
 decimal separator, such as German.

---
 modules/gallery/controllers/admin_maintenance.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index d90fe0ea..c16c5c41 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -209,9 +209,10 @@ class Admin_Maintenance_Controller extends Admin_Controller {
         message::success(t("Task failed"));
         break;
       }
+      // Using sprintf("%F") to avoid comma as decimal separator.
       print json_encode(array("result" => "success",
                               "task" => array(
-                                "percent_complete" => $task->percent_complete,
+                                "percent_complete" => sprintf("%F", $task->percent_complete),
                                 "status" => (string) $task->status,
                                 "done" => (bool) $task->done),
                               "location" => url::site("admin/maintenance")));
@@ -219,7 +220,7 @@ class Admin_Maintenance_Controller extends Admin_Controller {
     } else {
       print json_encode(array("result" => "in_progress",
                               "task" => array(
-                                "percent_complete" => $task->percent_complete,
+                                "percent_complete" => sprintf("%F", $task->percent_complete),
                                 "status" => (string) $task->status,
                                 "done" => (bool) $task->done)));
     }
-- 
cgit v1.2.3


From 334cd2368de24a76cd49681a14295350e85714d0 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 21 Feb 2010 23:50:01 -0800
Subject: Performance improvement: Load all translations of a locale as one
 serialized array from the Cache. Until now, we loaded hundreds of translation
 messages row by row, and unserializing one by one at bootstrap time. That
 amounted to a significant percentage of the complete request time. This
 approach is more than 10x faster.

---
 modules/gallery/controllers/l10n_client.php |  2 ++
 modules/gallery/helpers/gallery_task.php    |  2 ++
 modules/gallery/libraries/Gallery_I18n.php  | 45 ++++++++++++++++++++---------
 3 files changed, 36 insertions(+), 13 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php
index e20bab50..be0aaa11 100644
--- a/modules/gallery/controllers/l10n_client.php
+++ b/modules/gallery/controllers/l10n_client.php
@@ -80,6 +80,8 @@ class L10n_Client_Controller extends Controller {
 
     $entry->save();
 
+    Gallery_I18n::clear_cache($locale);
+
     print json_encode(new stdClass());
   }
 
diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php
index 3e6278e5..617f7f48 100644
--- a/modules/gallery/helpers/gallery_task.php
+++ b/modules/gallery/helpers/gallery_task.php
@@ -201,6 +201,8 @@ class gallery_task_Core {
           $total = $num_fetched + $num_remaining;
           $task->percent_complete = 70 + 30 * ((float) $num_fetched / $total);
         } else {
+          Gallery_I18n::clear_cache();
+
           $task->done = true;
           $task->state = "success";
           $task->status = t("Translations installed/updated");
diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php
index ac0588e3..0e9c0bdc 100644
--- a/modules/gallery/libraries/Gallery_I18n.php
+++ b/modules/gallery/libraries/Gallery_I18n.php
@@ -150,33 +150,43 @@ class Gallery_I18n_Core {
 
   private function lookup($locale, $message) {
     if (!isset($this->_cache[$locale])) {
-      $this->_cache[$locale] = array();
-      // TODO: Load data from locale file instead of the DB.
+      $this->_cache[$locale] = self::load_translations($locale);
+    }
+
+    $key = self::get_message_key($message);
+
+    if (isset($this->_cache[$locale][$key])) {
+      return $this->_cache[$locale][$key];
+    } else {
+      return null;
+    }
+  }
+
+  private static function load_translations($locale) {
+    $cache_key = "translation|" . $locale;
+    $cache = Cache::instance();
+    $translations = $cache->get($cache_key);
+    if (empty($translations)) {
       foreach (db::build()
                ->select("key", "translation")
                ->from("incoming_translations")
                ->where("locale", "=", $locale)
                ->execute() as $row) {
-        $this->_cache[$locale][$row->key] = unserialize($row->translation);
+        $translations[$row->key] = unserialize($row->translation);
       }
-
+      
       // Override incoming with outgoing...
       foreach (db::build()
                ->select("key", "translation")
                ->from("outgoing_translations")
                ->where("locale", "=", $locale)
                ->execute() as $row) {
-        $this->_cache[$locale][$row->key] = unserialize($row->translation);
+        $translations[$row->key] = unserialize($row->translation);
       }
+      
+      $cache->set($cache_key, $translations, array("translation"), 0);
     }
-
-    $key = self::get_message_key($message);
-
-    if (isset($this->_cache[$locale][$key])) {
-      return $this->_cache[$locale][$key];
-    } else {
-      return null;
-    }
+    return $translations;
   }
 
   public function has_translation($message, $options=null) {
@@ -256,6 +266,15 @@ class Gallery_I18n_Core {
     return $this->_call_log;
   }
 
+  public static function clear_cache($locale=null) {
+    $cache = Cache::instance();
+    if ($locale) {
+      $cache->delete("translation|" . $locale);
+    } else {
+      $cache->delete_tag("translation");
+    }
+  }
+
   private static function get_plural_key($locale, $count) {
     $parts = explode('_', $locale);
     $language = $parts[0];
-- 
cgit v1.2.3


From 6ce01328422cc587dedf555d0ba3eb8a0ee05a9f Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Mon, 22 Feb 2010 00:30:54 -0800
Subject: Fix for ticket #1027: Add index on cache key column. (and fix the
 packager to truncate the cache table before packaging)

---
 installer/install.sql                         |  3 ++-
 modules/gallery/controllers/packager.php      |  1 +
 modules/gallery/helpers/gallery_installer.php | 12 +++++++++++-
 modules/gallery/module.info                   |  2 +-
 4 files changed, 15 insertions(+), 3 deletions(-)

(limited to 'modules/gallery/controllers')

diff --git a/installer/install.sql b/installer/install.sql
index 28a9caa5..ebe3651d 100644
--- a/installer/install.sql
+++ b/installer/install.sql
@@ -42,6 +42,7 @@ CREATE TABLE {caches} (
   `expiration` int(9) NOT NULL,
   `cache` longblob,
   PRIMARY KEY  (`id`),
+  KEY `key` (`key`),
   KEY `tags` (`tags`)
 ) DEFAULT CHARSET=utf8;
 SET character_set_client = @saved_cs_client;
@@ -239,7 +240,7 @@ CREATE TABLE {modules} (
   UNIQUE KEY `name` (`name`)
 ) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8;
 SET character_set_client = @saved_cs_client;
-INSERT INTO {modules} VALUES (1,1,'gallery',29);
+INSERT INTO {modules} VALUES (1,1,'gallery',30);
 INSERT INTO {modules} VALUES (2,1,'user',3);
 INSERT INTO {modules} VALUES (3,1,'comment',2);
 INSERT INTO {modules} VALUES (4,1,'organize',1);
diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php
index 66626483..aef032a0 100644
--- a/modules/gallery/controllers/packager.php
+++ b/modules/gallery/controllers/packager.php
@@ -82,6 +82,7 @@ class Packager_Controller extends Controller {
       module::set_var("gallery", "blocks_{$key}", serialize($blocks));
     }
 
+    Database::instance()->query("TRUNCATE {caches}");
     Database::instance()->query("TRUNCATE {sessions}");
     Database::instance()->query("TRUNCATE {logs}");
     db::build()
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index b594ddcf..6f8a6688 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -32,6 +32,10 @@ class gallery_installer {
                  PRIMARY KEY (`id`))
                DEFAULT CHARSET=utf8;");
 
+    // Using a simple index instead of a unique key for the
+    // key column to avoid handling of concurrency issues
+    // on insert. Thus allowing concurrent inserts on the
+    // same cache key, as does Memcache / xcache.
     $db->query("CREATE TABLE {caches} (
                 `id` int(9) NOT NULL auto_increment,
                 `key` varchar(255) NOT NULL,
@@ -39,6 +43,7 @@ class gallery_installer {
                 `expiration` int(9) NOT NULL,
                 `cache` longblob,
                 PRIMARY KEY (`id`),
+                KEY (`key`),
                 KEY (`tags`))
                 DEFAULT CHARSET=utf8;");
 
@@ -290,7 +295,7 @@ class gallery_installer {
     module::set_var("gallery", "credits", (string) $powered_by_string);
     module::set_var("gallery", "simultaneous_upload_limit", 5);
     module::set_var("gallery", "admin_area_timeout", 90 * 60);
-    module::set_version("gallery", 29);
+    module::set_version("gallery", 30);
   }
 
   static function upgrade($version) {
@@ -545,6 +550,11 @@ class gallery_installer {
       module::set_var("gallery", "credits", "Powered by <a href=\"%url\">%gallery_version</a>");
       module::set_version("gallery", $version = 29);
     }
+
+    if ($version == 29) {
+      $db->query("ALTER TABLE {caches} ADD KEY (`key`);");
+      module::set_version("gallery", $version = 30);
+    }                
   }
 
   static function uninstall() {
diff --git a/modules/gallery/module.info b/modules/gallery/module.info
index 39615e1c..df2be978 100644
--- a/modules/gallery/module.info
+++ b/modules/gallery/module.info
@@ -1,3 +1,3 @@
 name = "Gallery 3"
 description = "Gallery core application"
-version = 29
+version = 30
-- 
cgit v1.2.3