From 3422185938436b44ee48515cd3cfa3df55bca3c8 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 14 May 2010 16:51:51 -0700 Subject: Remove "rnd=" param from quick changes since we have the m= cache-buster already. --- modules/gallery/controllers/quick.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 813d1a93..6cfbbc62 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -58,12 +58,12 @@ class Quick_Controller extends Controller { if (Input::instance()->get("page_type") == "collection") { print json_encode( - array("src" => $item->thumb_url() . "?rnd=" . rand(), + array("src" => $item->thumb_url(), "width" => $item->thumb_width, "height" => $item->thumb_height)); } else { print json_encode( - array("src" => $item->resize_url() . "?rnd=" . rand(), + array("src" => $item->resize_url(), "width" => $item->resize_width, "height" => $item->resize_height)); } -- cgit v1.2.3 From 30f4e143e8fbec928661dcbe75898465e7eff29c Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 11 Jun 2010 08:15:25 -0700 Subject: Actually execute the database query that updates the album view count. Fixes ticket #1092. Thanks to shinta for pointing the way. --- modules/gallery/controllers/albums.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index ea15418f..eaa09be5 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -73,8 +73,8 @@ class Albums_Controller extends Items_Controller { // We can't use math in ORM or the query builder, so do this by hand. It's important // that we do this with math, otherwise concurrent accesses will damage accuracy. - db::query( - "UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id"); + db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id") + ->execute(); print $template; } -- cgit v1.2.3 From bbbb35675acefc6b0b1b78dea9fd3a983189d772 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 11 Jun 2010 15:40:54 -0700 Subject: Fix for ticket #1039. The problem was, as Bryan76 pointed out, with passing the full url in the continue parameter. In the logout controller, we tried to get the item from the url so we could check the permission of the item to insure that the guest user had access. But url::get_item_from_url expects a relative url. --- modules/gallery/controllers/logout.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 967dad49..fdbadf1b 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -22,13 +22,16 @@ class Logout_Controller extends Controller { access::verify_csrf(); auth::logout(); if ($continue_url = Input::instance()->get("continue")) { - $item = url::get_item_from_uri($continue_url); + $components = explode("/", parse_url($continue_url, PHP_URL_PATH), 4); + $item = url::get_item_from_uri($components[3]); if (access::can("view", $item)) { // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: $continue_url"); + header("Location: {$item->relative_url()}"); } else { url::redirect(item::root()->abs_url()); } + } else { + url::redirect(item::root()->abs_url()); } } } \ No newline at end of file -- cgit v1.2.3 From 63d95087bf0f24d4e880843cd2841906c6f91b38 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 13:35:12 -0700 Subject: Stop trying to parse the continue url in the logout controller because it requires us to reproduce a bunch of complex routing logic. Instead, just have the logout link generating code generate a link that's visible to guests. --- modules/gallery/controllers/logout.php | 12 ++---------- modules/gallery/helpers/gallery_event.php | 13 ++++++++++++- 2 files changed, 14 insertions(+), 11 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index fdbadf1b..9caafec8 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -22,16 +22,8 @@ class Logout_Controller extends Controller { access::verify_csrf(); auth::logout(); if ($continue_url = Input::instance()->get("continue")) { - $components = explode("/", parse_url($continue_url, PHP_URL_PATH), 4); - $item = url::get_item_from_uri($components[3]); - if (access::can("view", $item)) { - // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: {$item->relative_url()}"); - } else { - url::redirect(item::root()->abs_url()); - } - } else { - url::redirect(item::root()->abs_url()); + url::redirect($continue_url); } + url::redirect(item::root()->abs_url()); } } \ No newline at end of file diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index ae7131ae..1b688843 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -157,11 +157,22 @@ class gallery_event_Core { ->view("login_current_user.html") ->url(user_profile::url($user->id)) ->label($user->display_name())); + + if (isset($theme->item)) { + if (access::user_can(identity::guest(), "view", $theme->item)) { + $continue_url = $theme->item->abs_url(); + } else { + $continue_url = item::root()->abs_url(); + } + } else { + $continue_url = url::abs_current(); + } + $menu->append(Menu::factory("link") ->id("user_menu_logout") ->css_id("g-logout-link") ->url(url::site("logout?csrf=$csrf&continue=" . - urlencode(url::abs_current()))) + urlencode($continue_url))) ->label(t("Logout"))); } } -- cgit v1.2.3 From b61b50604bfffc25a395df3a1aedf84d3c557ff4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:09:16 -0700 Subject: Push the continue url into the form for consistency with other login/continue code. --- modules/gallery/controllers/admin.php | 2 +- modules/gallery/controllers/reauthenticate.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 787a2138..0aeaa876 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -78,7 +78,7 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get" && !request::is_ajax()) { // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); + Session::instance()->set("continue_url", url::abs_current(true)); } url::redirect("reauthenticate"); } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 3503d80a..acb27f6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -37,8 +37,7 @@ class Reauthenticate_Controller extends Controller { if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - $continue_url = Session::instance()->get_once("continue_url", "admin"); - url::redirect($continue_url); + url::redirect($form->continue_url->value); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); @@ -59,6 +58,7 @@ class Reauthenticate_Controller extends Controller { private static function _form() { $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); $group = $form->group("reauthenticate")->label(t("Re-authenticate")); $group->password("password")->label(t("Password"))->id("g-password")->class(null) ->callback("auth::validate_too_many_failed_auth_attempts") -- cgit v1.2.3 From c026da85cdbac9e9566045f8de2718cae985f0ec Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:10:34 -0700 Subject: Use "continue_url" instead of "continue" for consistency with the reauth code. --- modules/gallery/controllers/logout.php | 2 +- modules/gallery/helpers/gallery_event.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 9caafec8..20fa8074 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -21,7 +21,7 @@ class Logout_Controller extends Controller { public function index() { access::verify_csrf(); auth::logout(); - if ($continue_url = Input::instance()->get("continue")) { + if ($continue_url = Input::instance()->get("continue_url")) { url::redirect($continue_url); } url::redirect(item::root()->abs_url()); diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 1b688843..55db47ce 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -171,7 +171,7 @@ class gallery_event_Core { $menu->append(Menu::factory("link") ->id("user_menu_logout") ->css_id("g-logout-link") - ->url(url::site("logout?csrf=$csrf&continue=" . + ->url(url::site("logout?csrf=$csrf&continue_url=" . urlencode($continue_url))) ->label(t("Logout"))); } -- cgit v1.2.3 From dceecabbf1b736604ceb2e08e803b12c99dc4509 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:16:47 -0700 Subject: Make login/logout continuation url code consistent. Where necessary, we specify the continue_url in the session, but we store it in the login form so that we can propagate it across the session creation that happens at login time. --- modules/gallery/controllers/login.php | 4 ++-- modules/gallery/helpers/auth.php | 1 + modules/gallery/libraries/MY_Kohana_Exception.php | 4 +--- 3 files changed, 4 insertions(+), 5 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 40125476..19335d88 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -44,10 +44,10 @@ class Login_Controller extends Controller { public function auth_html() { access::verify_csrf(); - $continue_url = Session::instance()->get("continue_url", null); list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { - url::redirect($continue_url ? $continue_url : item::root()->abs_url()); + url::redirect($form->continue_url->value ? $form->continue_url_value : + item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); $view->page_title = t("Log in to Gallery"); diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 1a9fe869..48b5fc32 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -21,6 +21,7 @@ class auth_Core { static function get_login_form($url) { $form = new Forge($url, "", "post", array("id" => "g-login-form")); $form->set_attr("class", "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url")); $group = $form->group("login")->label(t("Login")); $group->input("name")->label(t("Username"))->id("g-username")->class(null) ->callback("auth::validate_too_many_failed_logins") diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php index e7ebdb1f..df7557ae 100644 --- a/modules/gallery/libraries/MY_Kohana_Exception.php +++ b/modules/gallery/libraries/MY_Kohana_Exception.php @@ -59,7 +59,7 @@ class Kohana_Exception extends Kohana_Exception_Core { private static function _show_themed_error_page(Exception $e) { // Create a text version of the exception $error = Kohana_Exception::text($e); - + // Add this exception to the log Kohana_Log::add('error', $error); @@ -83,8 +83,6 @@ class Kohana_Exception extends Kohana_Exception_Core { if ($view->content->is_guest) { $view->content->login_form = new View("login_ajax.html"); $view->content->login_form->form = auth::get_login_form("login/auth_html"); - // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); } } else { $view->page_title = t("Dang... Something went wrong!"); -- cgit v1.2.3 From 87f8b6ff0a76f51183f14515723a8345f7c14fa6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:28:03 -0700 Subject: Bounce the user to the login page if they try to get to part of the admin site as a guest. Also, theme the login/html page. --- modules/gallery/controllers/admin.php | 7 ++++++- modules/gallery/controllers/login.php | 9 ++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 0aeaa876..c460f58c 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -22,7 +22,12 @@ class Admin_Controller extends Controller { public function __construct($theme=null) { if (!identity::active_user()->admin) { - access::forbidden(); + if (identity::active_user()->guest) { + Session::instance()->set("continue_url", url::abs_current(true)); + url::redirect("login"); + } else { + access::forbidden(); + } } parent::__construct(); diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 19335d88..2b60316b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -38,7 +38,10 @@ class Login_Controller extends Controller { } public function html() { - print auth::get_login_form("login/auth_html"); + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Login"); + $view->content = auth::get_login_form("login/auth_html"); + print $view; } public function auth_html() { @@ -46,8 +49,8 @@ class Login_Controller extends Controller { list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { - url::redirect($form->continue_url->value ? $form->continue_url_value : - item::root()->abs_url()); + $continue_url = $form->continue_url->value; + url::redirect($continue_url ? $continue_url : item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); $view->page_title = t("Log in to Gallery"); -- cgit v1.2.3 From 2492280cc0ec9eb64a8daeccc7b5698ece7fea66 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 15 Jun 2010 12:52:28 -0700 Subject: Change the item rest update processing to call the item::move(source, target) helper when the parent member has changed. Using the move method insures that names and slugs that could conflict in the target album are resolved properly. Changed the item::move method so it returns a message to be displayed if the caller chooses. And changed the move controller to display the message returned by the move if the item name was renamed as part of the move. --- modules/gallery/controllers/move.php | 10 ++++------ modules/gallery/helpers/item.php | 15 +++++++++------ modules/gallery/helpers/item_rest.php | 16 +++++++++------- 3 files changed, 22 insertions(+), 19 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/move.php b/modules/gallery/controllers/move.php index f8b85b6f..3ce44546 100644 --- a/modules/gallery/controllers/move.php +++ b/modules/gallery/controllers/move.php @@ -34,12 +34,10 @@ class Move_Controller extends Controller { $source = ORM::factory("item", $source_id); $target = ORM::factory("item", Input::instance()->post("target_id")); - access::required("view", $source); - access::required("edit", $source); - access::required("view", $target); - access::required("edit", $target); - - item::move($source, $target); + $message = item::move($source, $target); + if (!empty($message)) { + message.info($message); + } print json_encode( array("result" => "success", diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 15bbe977..6a740de4 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -47,27 +47,28 @@ class item_Core { $orig_name_filename = pathinfo($source->name, PATHINFO_FILENAME); $orig_name_extension = pathinfo($source->name, PATHINFO_EXTENSION); $orig_slug = $source->slug; + $message = ""; for ($i = 0; $i < 5; $i++) { try { $source->save(); if ($orig_name != $source->name) { switch ($source->type) { case "album": - message::info( + $message = t("Album %old_name renamed to %new_name to avoid a conflict", - array("old_name" => $orig_name, "new_name" => $source->name))); + array("old_name" => $orig_name, "new_name" => $source->name)); break; case "photo": - message::info( + $message = t("Photo %old_name renamed to %new_name to avoid a conflict", - array("old_name" => $orig_name, "new_name" => $source->name))); + array("old_name" => $orig_name, "new_name" => $source->name)); break; case "movie": - message::info( + $message = t("Movie %old_name renamed to %new_name to avoid a conflict", - array("old_name" => $orig_name, "new_name" => $source->name))); + array("old_name" => $orig_name, "new_name" => $source->name)); break; } } @@ -95,6 +96,8 @@ class item_Core { if ($target->album_cover_item_id == null) { item::make_album_cover($source); } + + return $message; } static function make_album_cover($item) { diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 0839b144..692d0895 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -99,7 +99,7 @@ class item_rest_Core { if ($entity = $request->params->entity) { // Only change fields from a whitelist. foreach (array("album_cover", "captured", "description", - "height", "mime_type", "name", "parent", "rand_key", "resize_dirty", + "height", "mime_type", "name", "rand_key", "resize_dirty", "resize_height", "resize_width", "slug", "sort_column", "sort_order", "thumb_dirty", "thumb_height", "thumb_width", "title", "view_count", "width") as $key) { @@ -113,11 +113,6 @@ class item_rest_Core { break; case "parent": - if (property_exists($entity, "parent")) { - $parent = rest::resolve($entity->parent); - access::required("edit", $parent); - $item->parent_id = $parent->id; - } break; default: if (property_exists($entity, $key)) { @@ -125,8 +120,15 @@ class item_rest_Core { } } } + + // There is an explicit save in item::move + if (property_exists($entity, "parent")) { + $parent = rest::resolve($entity->parent); + item::move($item, $parent); + } else { + $item->save(); + } } - $item->save(); if (isset($request->params->members) && $item->sort_column == "weight") { $weight = 0; -- cgit v1.2.3 From 9504f71efcadc7ed27f6f09e5d663e8025bf3b86 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 15 Jun 2010 14:18:23 -0700 Subject: Fix for ticket #1118. Create a item::save_with_retries helper method, which encapsulates saving an item and handling name and slug conflicts. Call this instead of doing a save directly. --- modules/gallery/controllers/simple_uploader.php | 10 +++++++--- modules/gallery/helpers/item.php | 17 +++++++++++------ modules/gallery/helpers/item_rest.php | 8 +++----- 3 files changed, 21 insertions(+), 14 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/simple_uploader.php b/modules/gallery/controllers/simple_uploader.php index c7e5031b..8ac1fc8b 100644 --- a/modules/gallery/controllers/simple_uploader.php +++ b/modules/gallery/controllers/simple_uploader.php @@ -65,12 +65,16 @@ class Simple_Uploader_Controller extends Controller { if (array_key_exists("extension", $path_info) && in_array(strtolower($path_info["extension"]), array("flv", "mp4"))) { $item->type = "movie"; - $item->save(); + } else { + $item->type = "photo"; + } + + item::save_with_retries($item); + + if ($item->type == "movie") { log::success("content", t("Added a movie"), html::anchor("movies/$item->id", t("view movie"))); } else { - $item->type = "photo"; - $item->save(); log::success("content", t("Added a photo"), html::anchor("photos/$item->id", t("view photo"))); } diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 6a740de4..0710d8b2 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -43,6 +43,17 @@ class item_Core { // Moving may result in name or slug conflicts. If that happens, try up to 5 times to pick a // random name (or slug) to avoid the conflict. + $message = item::save_with_retries($source); + + // If the target has no cover item, make this it. + if ($target->album_cover_item_id == null) { + item::make_album_cover($source); + } + + return $message; + } + + static function save_with_retries($source, $retries=5) { $orig_name = $source->name; $orig_name_filename = pathinfo($source->name, PATHINFO_FILENAME); $orig_name_extension = pathinfo($source->name, PATHINFO_EXTENSION); @@ -91,12 +102,6 @@ class item_Core { } } } - - // If the target has no cover item, make this it. - if ($target->album_cover_item_id == null) { - item::make_album_cover($source); - } - return $message; } diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 692d0895..74fab2e7 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -112,8 +112,6 @@ class item_rest_Core { } break; - case "parent": - break; default: if (property_exists($entity, $key)) { $item->$key = $entity->$key; @@ -126,7 +124,7 @@ class item_rest_Core { $parent = rest::resolve($entity->parent); item::move($item, $parent); } else { - $item->save(); + $item::save_with_retries($item); } } @@ -157,7 +155,7 @@ class item_rest_Core { $item->title = isset($entity->title) ? $entity->title : $entity->name; $item->description = isset($entity->description) ? $entity->description : null; $item->slug = isset($entity->slug) ? $entity->slug : null; - $item->save(); + $item::save_with_retries($item); break; case "photo": @@ -172,7 +170,7 @@ class item_rest_Core { $item->title = isset($entity->title) ? $entity->title : $entity->name; $item->description = isset($entity->description) ? $entity->description : null; $item->slug = isset($entity->slug) ? $entity->slug : null; - $item->save(); + $item::save_with_retries($item); break; default: -- cgit v1.2.3 From 4d40cf62e98e7e2f103740a401a08606c73fe72d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 Jun 2010 15:50:10 -0700 Subject: Sort files by path in _dump_var() for consistent output. Skip . and .. (PHP 5.3 iterators seem to include those now). --- modules/gallery/controllers/packager.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index 6eafd9df..0ccfe743 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -163,9 +163,11 @@ class Packager_Controller extends Controller { $paths = array(); foreach($objects as $name => $file){ - if ($file->getBasename() == "database.php") { + $path = $file->getPath(); + $basename = $file->getBasename(); + if ($basename == "database.php" || $basename == "." || $basename == "..") { continue; - } else if (basename($file->getPath()) == "logs" && $file->getBasename() != ".htaccess") { + } else if (basename($path) == "logs" && $basename != ".htaccess") { continue; } @@ -186,6 +188,7 @@ class Packager_Controller extends Controller { foreach ($paths as $path) { fwrite($fd, "!file_exists($path) && mkdir($path);\n"); } + ksort($files); foreach ($files as $file => $contents) { fwrite($fd, "file_put_contents($file, base64_decode(\"$contents\"));\n"); } -- cgit v1.2.3 From ae6af2f9b61d69a3adc36f52257cdbd9c4fedf4e Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 Jun 2010 16:01:41 -0700 Subject: Install the rest module by default. --- installer/install.sql | 26 ++++++++++++++++++++------ modules/gallery/controllers/packager.php | 4 ++-- 2 files changed, 22 insertions(+), 8 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/installer/install.sql b/installer/install.sql index d3ba4419..2d0cac0f 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -238,17 +238,18 @@ CREATE TABLE {modules} ( `version` int(9) DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) -) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=11 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {modules} VALUES (1,1,'gallery',30); INSERT INTO {modules} VALUES (2,1,'user',3); INSERT INTO {modules} VALUES (3,1,'comment',3); INSERT INTO {modules} VALUES (4,1,'organize',1); INSERT INTO {modules} VALUES (5,1,'info',1); -INSERT INTO {modules} VALUES (6,1,'rss',1); -INSERT INTO {modules} VALUES (7,1,'search',1); -INSERT INTO {modules} VALUES (8,1,'slideshow',2); -INSERT INTO {modules} VALUES (9,1,'tag',1); +INSERT INTO {modules} VALUES (6,1,'rest',3); +INSERT INTO {modules} VALUES (7,1,'rss',1); +INSERT INTO {modules} VALUES (8,1,'search',1); +INSERT INTO {modules} VALUES (9,1,'slideshow',2); +INSERT INTO {modules} VALUES (10,1,'tag',1); DROP TABLE IF EXISTS {outgoing_translations}; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; @@ -345,6 +346,18 @@ CREATE TABLE {themes} ( /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {themes} VALUES (1,'wind',1); INSERT INTO {themes} VALUES (2,'admin_wind',1); +DROP TABLE IF EXISTS {user_access_keys}; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE {user_access_keys} ( + `id` int(9) NOT NULL AUTO_INCREMENT, + `user_id` int(9) NOT NULL, + `access_key` char(32) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `access_key` (`access_key`), + UNIQUE KEY `user_id` (`user_id`) +) DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; DROP TABLE IF EXISTS {users}; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; @@ -378,7 +391,7 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) AUTO_INCREMENT=41 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=42 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {vars} VALUES (NULL,'gallery','active_site_theme','wind'); INSERT INTO {vars} VALUES (NULL,'gallery','active_admin_theme','admin_wind'); @@ -402,5 +415,6 @@ INSERT INTO {vars} VALUES (NULL,'gallery','identity_provider','user'); INSERT INTO {vars} VALUES (NULL,'user','mininum_password_length','5'); INSERT INTO {vars} VALUES (NULL,'comment','access_permissions','everybody'); INSERT INTO {vars} VALUES (NULL,'comment','spam_caught','0'); +INSERT INTO {vars} VALUES (NULL,'rest','allow_guest_access','0'); INSERT INTO {vars} VALUES (NULL,'gallery','blocks_site_sidebar','a:3:{i:9;a:2:{i:0;s:4:\"info\";i:1;s:8:\"metadata\";}i:10;a:2:{i:0;s:3:\"rss\";i:1;s:9:\"rss_feeds\";}i:11;a:2:{i:0;s:3:\"tag\";i:1;s:3:\"tag\";}}'); INSERT INTO {vars} VALUES (NULL,'slideshow','max_scale','0'); diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index 0ccfe743..835cb903 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -63,8 +63,8 @@ class Packager_Controller extends Controller { module::load_modules(); - foreach (array("user", "comment", "organize", "info", "rss", - "search", "slideshow", "tag") as $module_name) { + foreach (array("user", "comment", "organize", "info", "rest", + "rss", "search", "slideshow", "tag") as $module_name) { module::install($module_name); module::activate($module_name); } -- cgit v1.2.3 From 48dc07dbc8189eb16f97b7013b0481982286ab2c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 Jun 2010 17:17:25 -0700 Subject: Revert "Fix for ticket #1118. Create a item::save_with_retries helper method, which encapsulates saving an item and handling name and slug conflicts. Call this instead of doing a save directly." Rolled this back because it fails KISS. We already have an API for saving models with Item_Model::save() that's consistent with all of our other model code. Adding a new way to save items is confusing and inconsistent. This reverts commit 9504f71efcadc7ed27f6f09e5d663e8025bf3b86. --- modules/gallery/controllers/simple_uploader.php | 10 +++------- modules/gallery/helpers/item.php | 17 ++++++----------- modules/gallery/helpers/item_rest.php | 8 +++++--- 3 files changed, 14 insertions(+), 21 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/simple_uploader.php b/modules/gallery/controllers/simple_uploader.php index 8ac1fc8b..c7e5031b 100644 --- a/modules/gallery/controllers/simple_uploader.php +++ b/modules/gallery/controllers/simple_uploader.php @@ -65,16 +65,12 @@ class Simple_Uploader_Controller extends Controller { if (array_key_exists("extension", $path_info) && in_array(strtolower($path_info["extension"]), array("flv", "mp4"))) { $item->type = "movie"; - } else { - $item->type = "photo"; - } - - item::save_with_retries($item); - - if ($item->type == "movie") { + $item->save(); log::success("content", t("Added a movie"), html::anchor("movies/$item->id", t("view movie"))); } else { + $item->type = "photo"; + $item->save(); log::success("content", t("Added a photo"), html::anchor("photos/$item->id", t("view photo"))); } diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 0710d8b2..6a740de4 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -43,17 +43,6 @@ class item_Core { // Moving may result in name or slug conflicts. If that happens, try up to 5 times to pick a // random name (or slug) to avoid the conflict. - $message = item::save_with_retries($source); - - // If the target has no cover item, make this it. - if ($target->album_cover_item_id == null) { - item::make_album_cover($source); - } - - return $message; - } - - static function save_with_retries($source, $retries=5) { $orig_name = $source->name; $orig_name_filename = pathinfo($source->name, PATHINFO_FILENAME); $orig_name_extension = pathinfo($source->name, PATHINFO_EXTENSION); @@ -102,6 +91,12 @@ class item_Core { } } } + + // If the target has no cover item, make this it. + if ($target->album_cover_item_id == null) { + item::make_album_cover($source); + } + return $message; } diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 74fab2e7..692d0895 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -112,6 +112,8 @@ class item_rest_Core { } break; + case "parent": + break; default: if (property_exists($entity, $key)) { $item->$key = $entity->$key; @@ -124,7 +126,7 @@ class item_rest_Core { $parent = rest::resolve($entity->parent); item::move($item, $parent); } else { - $item::save_with_retries($item); + $item->save(); } } @@ -155,7 +157,7 @@ class item_rest_Core { $item->title = isset($entity->title) ? $entity->title : $entity->name; $item->description = isset($entity->description) ? $entity->description : null; $item->slug = isset($entity->slug) ? $entity->slug : null; - $item::save_with_retries($item); + $item->save(); break; case "photo": @@ -170,7 +172,7 @@ class item_rest_Core { $item->title = isset($entity->title) ? $entity->title : $entity->name; $item->description = isset($entity->description) ? $entity->description : null; $item->slug = isset($entity->slug) ? $entity->slug : null; - $item::save_with_retries($item); + $item->save(); break; default: -- cgit v1.2.3 From a432a43b3b39fbec70d4cece1eb0ba5625b2679c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 Jun 2010 17:18:22 -0700 Subject: Revert "Change the item rest update processing to call the item::move(source, target) helper when the parent member has changed. Using the move method insures that names and slugs that could conflict in the target album are resolved properly. Changed the item::move method so it returns a message to be displayed if the caller chooses. And changed the move controller to display the message returned by the move if the item name was renamed as part of the move." Rolling this back for a couple of reasons: 1) Bug in move.php ("message.info" is not a function name) 2) Having the message come back from the API call as a side-effect is sloppy. We should find a cleaner way to do this checking. 3) having item::move() call save() on any changed values in the ORM is counter-intuitive. Move should move, save should save. I think the right approach here is to roll the move() code properly into save(). This reverts commit 2492280cc0ec9eb64a8daeccc7b5698ece7fea66. --- modules/gallery/controllers/move.php | 10 ++++++---- modules/gallery/helpers/item.php | 15 ++++++--------- modules/gallery/helpers/item_rest.php | 16 +++++++--------- 3 files changed, 19 insertions(+), 22 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/move.php b/modules/gallery/controllers/move.php index 3ce44546..f8b85b6f 100644 --- a/modules/gallery/controllers/move.php +++ b/modules/gallery/controllers/move.php @@ -34,10 +34,12 @@ class Move_Controller extends Controller { $source = ORM::factory("item", $source_id); $target = ORM::factory("item", Input::instance()->post("target_id")); - $message = item::move($source, $target); - if (!empty($message)) { - message.info($message); - } + access::required("view", $source); + access::required("edit", $source); + access::required("view", $target); + access::required("edit", $target); + + item::move($source, $target); print json_encode( array("result" => "success", diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 6a740de4..15bbe977 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -47,28 +47,27 @@ class item_Core { $orig_name_filename = pathinfo($source->name, PATHINFO_FILENAME); $orig_name_extension = pathinfo($source->name, PATHINFO_EXTENSION); $orig_slug = $source->slug; - $message = ""; for ($i = 0; $i < 5; $i++) { try { $source->save(); if ($orig_name != $source->name) { switch ($source->type) { case "album": - $message = + message::info( t("Album %old_name renamed to %new_name to avoid a conflict", - array("old_name" => $orig_name, "new_name" => $source->name)); + array("old_name" => $orig_name, "new_name" => $source->name))); break; case "photo": - $message = + message::info( t("Photo %old_name renamed to %new_name to avoid a conflict", - array("old_name" => $orig_name, "new_name" => $source->name)); + array("old_name" => $orig_name, "new_name" => $source->name))); break; case "movie": - $message = + message::info( t("Movie %old_name renamed to %new_name to avoid a conflict", - array("old_name" => $orig_name, "new_name" => $source->name)); + array("old_name" => $orig_name, "new_name" => $source->name))); break; } } @@ -96,8 +95,6 @@ class item_Core { if ($target->album_cover_item_id == null) { item::make_album_cover($source); } - - return $message; } static function make_album_cover($item) { diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 692d0895..0839b144 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -99,7 +99,7 @@ class item_rest_Core { if ($entity = $request->params->entity) { // Only change fields from a whitelist. foreach (array("album_cover", "captured", "description", - "height", "mime_type", "name", "rand_key", "resize_dirty", + "height", "mime_type", "name", "parent", "rand_key", "resize_dirty", "resize_height", "resize_width", "slug", "sort_column", "sort_order", "thumb_dirty", "thumb_height", "thumb_width", "title", "view_count", "width") as $key) { @@ -113,6 +113,11 @@ class item_rest_Core { break; case "parent": + if (property_exists($entity, "parent")) { + $parent = rest::resolve($entity->parent); + access::required("edit", $parent); + $item->parent_id = $parent->id; + } break; default: if (property_exists($entity, $key)) { @@ -120,15 +125,8 @@ class item_rest_Core { } } } - - // There is an explicit save in item::move - if (property_exists($entity, "parent")) { - $parent = rest::resolve($entity->parent); - item::move($item, $parent); - } else { - $item->save(); - } } + $item->save(); if (isset($request->params->members) && $item->sort_column == "weight") { $weight = 0; -- cgit v1.2.3 From a03e3d1dc1b59e45e5b0dbf4cf23eed91d545c25 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Jun 2010 09:38:36 -0700 Subject: Fix for ticket #1110. Need to use the encode_path with a movie extension to find the item. Thanks to samdavidoff for the initial fix. --- modules/gallery/controllers/file_proxy.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index fff90ec5..32690fc0 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -60,12 +60,12 @@ class File_Proxy_Controller extends Controller { foreach (explode("/", $path) as $path_part) { $encoded_path[] = rawurlencode($path_part); } - + $encoded_path = implode("/", $encoded_path); // We now have the relative path to the item. Search for it in the path cache // The patch cache is urlencoded so re-encode the path. (it was decoded earlier to // insure that the paths are normalized. $item = ORM::factory("item") - ->where("relative_path_cache", "=", implode("/", $encoded_path))->find(); + ->where("relative_path_cache", "=", $encoded_path)->find(); if (!$item->loaded()) { // We didn't turn it up. It's possible that the relative_path_cache is out of date here. // There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be @@ -76,7 +76,7 @@ class File_Proxy_Controller extends Controller { // So try some alternate types: if (preg_match('/.jpg$/', $path)) { foreach (array("flv", "mp4") as $ext) { - $movie_path = preg_replace('/.jpg$/', ".$ext", $path); + $movie_path = preg_replace('/.jpg$/', ".$ext", $encoded_path); $item = ORM::factory("item")->where("relative_path_cache", "=", $movie_path)->find(); if ($item->loaded()) { break; -- cgit v1.2.3 From d82863421df3e7c8d500ab32c11c556a50691dbd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 20 Jun 2010 21:10:22 -0700 Subject: Rename "simple_uploader" to "flash_uploader" to make room for an HTML uploader. --- modules/gallery/controllers/flash_uploader.php | 124 ++++++++++++++++++++++++ modules/gallery/controllers/simple_uploader.php | 124 ------------------------ modules/gallery/helpers/gallery_event.php | 4 +- modules/gallery/views/form_uploadify.html.php | 2 +- themes/wind/views/album.html.php | 2 +- 5 files changed, 128 insertions(+), 128 deletions(-) create mode 100644 modules/gallery/controllers/flash_uploader.php delete mode 100644 modules/gallery/controllers/simple_uploader.php (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/flash_uploader.php b/modules/gallery/controllers/flash_uploader.php new file mode 100644 index 00000000..f7da5124 --- /dev/null +++ b/modules/gallery/controllers/flash_uploader.php @@ -0,0 +1,124 @@ +is_album()) { + $item = $item->parent(); + } + + print $this->_get_add_form($item); + } + + public function start() { + access::verify_csrf(); + batch::start(); + } + + public function add_photo($id) { + $album = ORM::factory("item", $id); + access::required("view", $album); + access::required("add", $album); + access::verify_csrf(); + + // The Flash uploader not call /start directly, so simulate it here for now. + if (!batch::in_progress()) { + batch::start(); + } + + $form = $this->_get_add_form($album); + + // Uploadify adds its own field to the form, so validate that separately. + $file_validation = new Validation($_FILES); + $file_validation->add_rules( + "Filedata", "upload::valid", "upload::required", "upload::type[gif,jpg,jpeg,png,flv,mp4]"); + + if ($form->validate() && $file_validation->validate()) { + $temp_filename = upload::save("Filedata"); + try { + $item = ORM::factory("item"); + $item->name = substr(basename($temp_filename), 10); // Skip unique identifier Kohana adds + $item->title = item::convert_filename_to_title($item->name); + $item->parent_id = $album->id; + $item->set_data_file($temp_filename); + + $path_info = @pathinfo($temp_filename); + if (array_key_exists("extension", $path_info) && + in_array(strtolower($path_info["extension"]), array("flv", "mp4"))) { + $item->type = "movie"; + $item->save(); + log::success("content", t("Added a movie"), + html::anchor("movies/$item->id", t("view movie"))); + } else { + $item->type = "photo"; + $item->save(); + log::success("content", t("Added a photo"), + html::anchor("photos/$item->id", t("view photo"))); + } + + module::event("add_photos_form_completed", $item, $form); + } catch (Exception $e) { + // The Flash uploader has no good way of reporting complex errors, so just keep it simple. + Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString()); + + // Ugh. I hate to use instanceof, But this beats catching the exception separately since + // we mostly want to treat it the same way as all other exceptions + if ($e instanceof ORM_Validation_Exception) { + Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1)); + } + + if (file_exists($temp_filename)) { + unlink($temp_filename); + } + header("HTTP/1.1 500 Internal Server Error"); + print "ERROR: " . $e->getMessage(); + return; + } + unlink($temp_filename); + print "FILEID: $item->id"; + } else { + header("HTTP/1.1 400 Bad Request"); + print "ERROR: " . t("Invalid upload"); + } + } + + public function finish() { + access::verify_csrf(); + + batch::stop(); + print json_encode(array("result" => "success")); + } + + private function _get_add_form($album) { + $form = new Forge("flash_uploader/finish", "", "post", array("id" => "g-add-photos-form")); + $group = $form->group("add_photos") + ->label(t("Add photos to %album_title", array("album_title" => html::purify($album->title)))); + $group->uploadify("uploadify")->album($album); + + $group = $form->group("actions"); + $group->uploadify_buttons(""); + + module::event("add_photos_form", $album, $form); + + return $form; + } +} diff --git a/modules/gallery/controllers/simple_uploader.php b/modules/gallery/controllers/simple_uploader.php deleted file mode 100644 index c7e5031b..00000000 --- a/modules/gallery/controllers/simple_uploader.php +++ /dev/null @@ -1,124 +0,0 @@ -is_album()) { - $item = $item->parent(); - } - - print $this->_get_add_form($item); - } - - public function start() { - access::verify_csrf(); - batch::start(); - } - - public function add_photo($id) { - $album = ORM::factory("item", $id); - access::required("view", $album); - access::required("add", $album); - access::verify_csrf(); - - // The Flash uploader not call /start directly, so simulate it here for now. - if (!batch::in_progress()) { - batch::start(); - } - - $form = $this->_get_add_form($album); - - // Uploadify adds its own field to the form, so validate that separately. - $file_validation = new Validation($_FILES); - $file_validation->add_rules( - "Filedata", "upload::valid", "upload::required", "upload::type[gif,jpg,jpeg,png,flv,mp4]"); - - if ($form->validate() && $file_validation->validate()) { - $temp_filename = upload::save("Filedata"); - try { - $item = ORM::factory("item"); - $item->name = substr(basename($temp_filename), 10); // Skip unique identifier Kohana adds - $item->title = item::convert_filename_to_title($item->name); - $item->parent_id = $album->id; - $item->set_data_file($temp_filename); - - $path_info = @pathinfo($temp_filename); - if (array_key_exists("extension", $path_info) && - in_array(strtolower($path_info["extension"]), array("flv", "mp4"))) { - $item->type = "movie"; - $item->save(); - log::success("content", t("Added a movie"), - html::anchor("movies/$item->id", t("view movie"))); - } else { - $item->type = "photo"; - $item->save(); - log::success("content", t("Added a photo"), - html::anchor("photos/$item->id", t("view photo"))); - } - - module::event("add_photos_form_completed", $item, $form); - } catch (Exception $e) { - // The Flash uploader has no good way of reporting complex errors, so just keep it simple. - Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString()); - - // Ugh. I hate to use instanceof, But this beats catching the exception separately since - // we mostly want to treat it the same way as all other exceptions - if ($e instanceof ORM_Validation_Exception) { - Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1)); - } - - if (file_exists($temp_filename)) { - unlink($temp_filename); - } - header("HTTP/1.1 500 Internal Server Error"); - print "ERROR: " . $e->getMessage(); - return; - } - unlink($temp_filename); - print "FILEID: $item->id"; - } else { - header("HTTP/1.1 400 Bad Request"); - print "ERROR: " . t("Invalid upload"); - } - } - - public function finish() { - access::verify_csrf(); - - batch::stop(); - print json_encode(array("result" => "success")); - } - - private function _get_add_form($album) { - $form = new Forge("simple_uploader/finish", "", "post", array("id" => "g-add-photos-form")); - $group = $form->group("add_photos") - ->label(t("Add photos to %album_title", array("album_title" => html::purify($album->title)))); - $group->uploadify("uploadify")->album($album); - - $group = $form->group("actions"); - $group->uploadify_buttons(""); - - module::event("add_photos_form", $album, $form); - - return $form; - } -} diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 55db47ce..82f42d98 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -202,7 +202,7 @@ class gallery_event_Core { $add_menu->append(Menu::factory("dialog") ->id("add_photos_item") ->label(t("Add photos")) - ->url(url::site("simple_uploader/app/$item->id"))); + ->url(url::site("flash_uploader/app/$item->id"))); if ($item->is_album()) { $add_menu->append(Menu::factory("dialog") ->id("add_album_item") @@ -471,7 +471,7 @@ class gallery_event_Core { ->id("add_item") ->label(t("Add a photo")) ->css_class("ui-icon-plus") - ->url(url::site("simple_uploader/app/$item->id"))) + ->url(url::site("flash_uploader/app/$item->id"))) ->append(Menu::factory("dialog") ->id("add_album") ->label(t("Add an album")) diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index d811f913..588fa16d 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -7,7 +7,7 @@ width: 150, height: 33, uploader: "", - script: "id}") ?>", + script: "id}") ?>", scriptData: , fileExt: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4", fileDesc: for_js() ?>, diff --git a/themes/wind/views/album.html.php b/themes/wind/views/album.html.php index eabe07c3..b9072e2b 100644 --- a/themes/wind/views/album.html.php +++ b/themes/wind/views/album.html.php @@ -29,7 +29,7 @@ admin || access::can("add", $item)): ?> - id") ?> + id") ?>
  • Add some.", array("attrs" => html::mark_clean("href=\"$addurl\" class=\"g-dialog-link\""))) ?>
    • -- cgit v1.2.3 From 8493a3d36f597e183490ae880b35a3d98f50a045 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Jul 2010 08:23:17 -0700 Subject: If the admin request originates as a dialog link, don't display the entire page when reauthenticating the administrator. Just put the form in the dialog. --- lib/gallery.dialog.js | 3 ++- modules/gallery/controllers/admin.php | 11 ++++++-- modules/gallery/controllers/reauthenticate.php | 20 ++------------ modules/gallery/helpers/reauthenticate.php | 36 ++++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 21 deletions(-) create mode 100644 modules/gallery/helpers/reauthenticate.php (limited to 'modules/gallery/controllers') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 6ec8c634..dd1a5663 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -26,7 +26,8 @@ $("#g-dialog").gallery_show_loading(); - $.get(sHref, function(data) { + var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; + $.get(url, function(data) { $("#g-dialog").html(data).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index c460f58c..d9bee284 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -38,7 +38,8 @@ class Admin_Controller extends Controller { return self::_reauth_check(); } if (auth::must_reauth_for_admin_area()) { - return self::_prompt_for_reauth($controller_name, $args); + print self::_prompt_for_reauth($controller_name, $args); + return; } if (request::method() == "post") { @@ -85,7 +86,13 @@ class Admin_Controller extends Controller { // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::abs_current(true)); } - url::redirect("reauthenticate"); + + // Check that we we not in a dialog. If we are, then use an ajax response. + if (strpos(Router::$query_string, "g-in-dialog") === false) { + url::redirect("reauthenticate"); + } else { + return reauthenticate::get_authenticate_form(); + } } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index acb27f6a..9ddaff2e 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,7 +22,7 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - return self::_show_form(self::_form()); + return self::_show_form(reauthenticate::get_authenticate_form()); } public function auth() { @@ -31,7 +31,7 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); - $form = self::_form(); + $form = reauthenticate::get_authenticate_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { @@ -54,20 +54,4 @@ class Reauthenticate_Controller extends Controller { $view->content->user_name = identity::active_user()->name; print $view; } - - private static function _form() { - $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); - $form->set_attr('class', "g-narrow"); - $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); - $group = $form->group("reauthenticate")->label(t("Re-authenticate")); - $group->password("password")->label(t("Password"))->id("g-password")->class(null) - ->callback("auth::validate_too_many_failed_auth_attempts") - ->callback("user::valid_password") - ->error_messages("invalid_password", t("Incorrect password")) - ->error_messages( - "too_many_failed_auth_attempts", - t("Too many incorrect passwords. Try again later")); - $group->submit("")->value(t("Submit")); - return $form; - } } diff --git a/modules/gallery/helpers/reauthenticate.php b/modules/gallery/helpers/reauthenticate.php new file mode 100644 index 00000000..1ad90e15 --- /dev/null +++ b/modules/gallery/helpers/reauthenticate.php @@ -0,0 +1,36 @@ + "g-reauthenticate-form")); + $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); + $group = $form->group("reauthenticate")->label(t("Re-authenticate")); + $group->password("password")->label(t("Password"))->id("g-password")->class(null) + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid_password", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->submit("")->value(t("Submit")); + return $form; + } +} -- cgit v1.2.3 From 45b210c2879d93067f3d903b83cd56d392c75156 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 5 Jul 2010 08:44:46 -0700 Subject: Add maessage when we automatically log you out of the admin area. --- modules/gallery/controllers/admin.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index c460f58c..40dd260b 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -74,6 +74,7 @@ class Admin_Controller extends Controller { $result = new stdClass(); $result->result = "success"; if ($time_remaining < 30) { + message::success(t("Automatically logged out of the admin area for your security")); $result->location = url::abs_site(""); } -- cgit v1.2.3 From 226d1f714635995722fe7927f8ec049fe3890011 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Jul 2010 08:58:36 -0700 Subject: Revert "If the admin request originates as a dialog link, don't display the entire page when reauthenticating the administrator. Just put the form in the dialog." This reverts commit 8493a3d36f597e183490ae880b35a3d98f50a045. --- lib/gallery.dialog.js | 3 +-- modules/gallery/controllers/admin.php | 11 ++------ modules/gallery/controllers/reauthenticate.php | 20 ++++++++++++-- modules/gallery/helpers/reauthenticate.php | 36 -------------------------- 4 files changed, 21 insertions(+), 49 deletions(-) delete mode 100644 modules/gallery/helpers/reauthenticate.php (limited to 'modules/gallery/controllers') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index dd1a5663..6ec8c634 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -26,8 +26,7 @@ $("#g-dialog").gallery_show_loading(); - var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog"; - $.get(url, function(data) { + $.get(sHref, function(data) { $("#g-dialog").html(data).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index d9bee284..c460f58c 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -38,8 +38,7 @@ class Admin_Controller extends Controller { return self::_reauth_check(); } if (auth::must_reauth_for_admin_area()) { - print self::_prompt_for_reauth($controller_name, $args); - return; + return self::_prompt_for_reauth($controller_name, $args); } if (request::method() == "post") { @@ -86,13 +85,7 @@ class Admin_Controller extends Controller { // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::abs_current(true)); } - - // Check that we we not in a dialog. If we are, then use an ajax response. - if (strpos(Router::$query_string, "g-in-dialog") === false) { - url::redirect("reauthenticate"); - } else { - return reauthenticate::get_authenticate_form(); - } + url::redirect("reauthenticate"); } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 9ddaff2e..acb27f6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,7 +22,7 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - return self::_show_form(reauthenticate::get_authenticate_form()); + return self::_show_form(self::_form()); } public function auth() { @@ -31,7 +31,7 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); - $form = reauthenticate::get_authenticate_form(); + $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { @@ -54,4 +54,20 @@ class Reauthenticate_Controller extends Controller { $view->content->user_name = identity::active_user()->name; print $view; } + + private static function _form() { + $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); + $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); + $group = $form->group("reauthenticate")->label(t("Re-authenticate")); + $group->password("password")->label(t("Password"))->id("g-password")->class(null) + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid_password", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->submit("")->value(t("Submit")); + return $form; + } } diff --git a/modules/gallery/helpers/reauthenticate.php b/modules/gallery/helpers/reauthenticate.php deleted file mode 100644 index 1ad90e15..00000000 --- a/modules/gallery/helpers/reauthenticate.php +++ /dev/null @@ -1,36 +0,0 @@ - "g-reauthenticate-form")); - $form->set_attr('class', "g-narrow"); - $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); - $group = $form->group("reauthenticate")->label(t("Re-authenticate")); - $group->password("password")->label(t("Password"))->id("g-password")->class(null) - ->callback("auth::validate_too_many_failed_auth_attempts") - ->callback("user::valid_password") - ->error_messages("invalid_password", t("Incorrect password")) - ->error_messages( - "too_many_failed_auth_attempts", - t("Too many incorrect passwords. Try again later")); - $group->submit("")->value(t("Submit")); - return $form; - } -} -- cgit v1.2.3