From 1531c3898fde620abfa9e306dc6efc73e520bd1c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 14 May 2012 20:50:36 -0700 Subject: Force uploader status messages to be integers. Fixes #1863. --- modules/gallery/controllers/uploader.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 20c10b3a..906373b6 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -104,8 +104,8 @@ class Uploader_Controller extends Controller { // The "errors" won't be properly pluralized :-/ print t2("Uploaded %count photo (%error errors)", "Uploaded %count photos (%error errors)", - $success_count, - array("error" => $error_count)); + (int)$success_count, + array("error" => (int)$error_count)); } else { print t2("Uploaded %count photo", "Uploaded %count photos", $success_count);} } -- cgit v1.2.3 From e3d50dd8be9cd4bdefb42f41aa6ed96b6fece676 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 14 May 2012 20:51:27 -0700 Subject: Simplify dialog title for editing advanced settings. Fixes #1864. --- modules/gallery/controllers/admin_advanced_settings.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index fd03b275..3fc48b1d 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -32,9 +32,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { public function edit($module_name, $var_name) { $value = module::get_var($module_name, $var_name); $form = new Forge("admin/advanced_settings/save/$module_name/$var_name", "", "post"); - $group = $form->group("edit_var")->label( - t("Edit %var (%module_name)", - array("module_name" => $module_name, "var" => $var_name))); + $group = $form->group("edit_var")->label(t("Edit setting")) $group->input("module_name")->label(t("Module"))->value($module_name)->disabled(1); $group->input("var_name")->label(t("Setting"))->value($var_name)->disabled(1); $group->textarea("value")->label(t("Value"))->value($value); -- cgit v1.2.3 From f06c2275052f638ffaf671dda4604d3fb35dfe8c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 May 2012 09:26:13 -0700 Subject: Oops dropped a semicolon in e3d50dd8be9cd4bdefb42f41aa6ed96b6fece676 --- modules/gallery/controllers/admin_advanced_settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 3fc48b1d..1ce47529 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -32,7 +32,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { public function edit($module_name, $var_name) { $value = module::get_var($module_name, $var_name); $form = new Forge("admin/advanced_settings/save/$module_name/$var_name", "", "post"); - $group = $form->group("edit_var")->label(t("Edit setting")) + $group = $form->group("edit_var")->label(t("Edit setting")); $group->input("module_name")->label(t("Module"))->value($module_name)->disabled(1); $group->input("var_name")->label(t("Setting"))->value($var_name)->disabled(1); $group->textarea("value")->label(t("Value"))->value($value); -- cgit v1.2.3 From 891652b233df120464d8fe7d3ca80c5091681dea Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 May 2012 16:00:46 -0700 Subject: Send back form errors wrapped in JSON. Fixes #1867. --- modules/gallery/controllers/albums.php | 2 +- modules/tag/controllers/admin_tags.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index b2ec0700..9b968871 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -133,7 +133,7 @@ class Albums_Controller extends Items_Controller { json::reply(array("result" => "success", "location" => $album->url())); } else { - print $form; + json::reply(array("result" => "error", "html" => (string)$form)); } } diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index ff69ad94..515b6891 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -58,7 +58,7 @@ class Admin_Tags_Controller extends Admin_Controller { json::reply(array("result" => "success", "location" => url::site("admin/tags"))); } else { - print $form; + json::reply(array("result" => "error", "html" => (string)$form)); } } -- cgit v1.2.3 From 9e2ea2ffedb22f83137db4e5ba4c06b91f11e09d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 17 May 2012 20:25:27 -0700 Subject: Smash multiple extensions down into a single one when accepting file uploads. Fixes #1872. --- modules/gallery/controllers/uploader.php | 4 ++++ modules/gallery/helpers/legal_file.php | 16 ++++++++++++++++ modules/gallery/models/item.php | 10 +++++++++- modules/gallery/tests/Item_Model_Test.php | 3 ++- modules/gallery/tests/Legal_File_Helper_Test.php | 10 ++++++++++ modules/watermark/controllers/admin_watermarks.php | 1 + 6 files changed, 42 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 906373b6..4ea55ff6 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -63,6 +63,10 @@ class Uploader_Controller extends Controller { $item->parent_id = $album->id; $item->set_data_file($temp_filename); + // Remove double extensions from the filename - they'll be disallowed in the model but if + // we don't do it here then it'll result in a failed upload. + $item->name = legal_file::smash_extensions($item->name); + $path_info = @pathinfo($temp_filename); if (array_key_exists("extension", $path_info) && in_array(strtolower($path_info["extension"]), array("flv", "mp4", "m4v"))) { diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index 075de9cd..bd48d7b7 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -92,4 +92,20 @@ class legal_file_Core { return preg_replace("/\.[^\.]*?$/", ".{$new_ext}", $filename); } } + + /** + * Reduce the given file to having a single extension. + */ + static function smash_extensions($filename) { + $parts = pathinfo($filename); + $result = ""; + if ($parts["dirname"] != ".") { + $result .= $parts["dirname"] . "/"; + } + $parts["filename"] = str_replace(".", "_", $parts["filename"]); + $parts["filename"] = preg_replace("/[_]+/", "_", $parts["filename"]); + $parts["filename"] = trim($parts["filename"], "_"); + $result .= "{$parts['filename']}.{$parts['extension']}"; + return $result; + } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 992af0cc..903dadad 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -797,11 +797,19 @@ class Item_Model_Core extends ORM_MPTT { if (strpos($this->name, "/") !== false) { $v->add_error("name", "no_slashes"); return; - } else if (rtrim($this->name, ".") !== $this->name) { + } + + if (rtrim($this->name, ".") !== $this->name) { $v->add_error("name", "no_trailing_period"); return; } + // Do not accept files with double extensions, they can cause problems on some + // versions of Apache. + if (substr_count($this->name, ".") > 1) { + $v->add_error("name", "illegal_data_file_extension"); + } + if ($this->is_movie() || $this->is_photo()) { $ext = pathinfo($this->name, PATHINFO_EXTENSION); diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 6d40230f..876fc137 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -490,7 +490,8 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { } public function illegal_extension_test() { - foreach (array("test.php", "test.PHP", "test.php5", "test.php4", "test.pl") as $name) { + foreach (array("test.php", "test.PHP", "test.php5", "test.php4", + "test.pl", "test.php.png") as $name) { try { $photo = test::random_photo_unsaved(item::root()); $photo->name = $name; diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php index 6f94c9cd..d80bcafe 100644 --- a/modules/gallery/tests/Legal_File_Helper_Test.php +++ b/modules/gallery/tests/Legal_File_Helper_Test.php @@ -35,4 +35,14 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case { "/website/foo.com/VID_20120513_105421.jpg", legal_file::change_extension("/website/foo.com/VID_20120513_105421.mp4", "jpg")); } + + public function smash_extensions_test() { + $this->assert_equal("foo_bar.jpg", legal_file::smash_extensions("foo.bar.jpg")); + $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("foo.bar.baz.jpg")); + $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("foo.bar.baz.jpg")); + $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("...foo...bar..baz...jpg")); + $this->assert_equal("/path/to/foo_bar.jpg", legal_file::smash_extensions("/path/to/foo.bar.jpg")); + $this->assert_equal("/path/to.to/foo_bar.jpg", legal_file::smash_extensions("/path/to.to/foo.bar.jpg")); + $this->assert_equal("foo_bar-12345678.jpg", legal_file::smash_extensions("foo.bar-12345678.jpg")); + } } \ No newline at end of file diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 92a44a86..a80f82a9 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -98,6 +98,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { $pathinfo = pathinfo($file); // Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); + $name = legal_file::smash_extensions($name); if (!($image_info = getimagesize($file)) || !in_array($image_info[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) { -- cgit v1.2.3