From 391a90e3cedd1cca7631f9a4d786c6c513b1dd48 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 8 Sep 2010 20:36:22 -0700 Subject: Detect when a module fails to upgrade properly and put up an informative message to help the user know that she needs to get a newer copy of the module. Fixes ticket #1189. --- modules/gallery/controllers/upgrader.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index cb940b46..a3cfac48 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -39,10 +39,12 @@ class Upgrader_Controller extends Controller { } } + $failed = Input::instance()->get("failed"); $view = new View("upgrader.html"); $view->can_upgrade = identity::active_user()->admin || $session->get("can_upgrade"); $view->upgrade_token = $upgrade_token; $view->available = module::available(); + $view->failed = $failed ? explode(",", $failed) : array(); $view->done = $available_upgrades == 0; print $view; } @@ -65,20 +67,26 @@ class Upgrader_Controller extends Controller { } // Then upgrade the rest + $failed = array(); foreach (module::available() as $id => $module) { if ($id == "gallery") { continue; } if ($module->active && $module->code_version != $module->version) { - module::upgrade($id); + try { + module::upgrade($id); + } catch (Exception $e) { + // @todo assume it's MODULE_FAILED_TO_UPGRADE for now + $failed[] = $id; + } } } if (php_sapi_name() == "cli") { print "Upgrade complete\n"; } else { - url::redirect("upgrader"); + url::redirect("upgrader?failed=" . join(",", $failed)); } } } -- cgit v1.2.3 From cbb6967405569606de3b67e1f1dcde2ed8d6bb03 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 8 Sep 2010 20:59:40 -0700 Subject: Detect out-of-date modules and put up a message for site admins. Fixes ticket #1353. --- modules/gallery/controllers/admin_modules.php | 5 +++++ modules/gallery/controllers/upgrader.php | 3 +++ modules/gallery/helpers/module.php | 4 ++++ 3 files changed, 12 insertions(+) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin_modules.php b/modules/gallery/controllers/admin_modules.php index f5af9a5a..650b7e9e 100644 --- a/modules/gallery/controllers/admin_modules.php +++ b/modules/gallery/controllers/admin_modules.php @@ -95,12 +95,17 @@ class Admin_Modules_Controller extends Admin_Controller { $activated_names[] = t($info->name); } } catch (Exception $e) { + message::warning(t("An error occurred while installing the %module_name module", + array("module_name" => $info->name))); Kohana_Log::add("error", (string)$e); } } module::event("module_change", $changes); + // If modules need upgrading, this will get recreated + site_status::clear("upgrade_now"); + // @todo this type of collation is questionable from an i18n perspective if ($activated_names) { message::success(t("Activated: %names", array("names" => join(", ", $activated_names)))); diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index a3cfac48..6613d671 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -83,6 +83,9 @@ class Upgrader_Controller extends Controller { } } + // If the upgrade failed, this will get recreated + site_status::clear("upgrade_now"); + if (php_sapi_name() == "cli") { print "Upgrade complete\n"; } else { diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index be9c4249..7863520e 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -99,6 +99,10 @@ class module_Core { $m->code_version = $m->version; $m->version = self::get_version($module_name); $m->locked = false; + + if ($m->active && $m->version != $m->code_version) { + site_status::warning(t("Some of your modules are out of date. Upgrade now!", array("upgrader_url" => url::site("upgrader"))), "upgrade_now"); + } } // Lock certain modules -- cgit v1.2.3 From 5892712b237cb1e585b2cc7a6820d2cf3a8c1a34 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 10 Sep 2010 23:01:47 -0700 Subject: If the user is not an admin, don't 403 -- instead just redirect them to the root album. Fixes ticket #1356. --- modules/gallery/controllers/reauthenticate.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 0486c0fe..53a96374 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -19,12 +19,19 @@ */ class Reauthenticate_Controller extends Controller { public function index() { + $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); if (!identity::active_user()->admin) { - access::forbidden(); + if ($is_ajax) { + // We should never be able to get here since Admin_Controller::_reauth_check() won't work + // for non-admins. + access::forbidden(); + } else { + url::redirect(item::root()->abs_url()); + } } + // On redirects from the admin controller, the ajax request indicator is lost, // so we store it in the session. - $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); if ($is_ajax) { $v = new View("reauthenticate.html"); $v->form = self::_form(); -- cgit v1.2.3 From 67f45cfa781ef4b446676e199470e421f5463812 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 11 Sep 2010 01:46:45 -0700 Subject: Add CSRF protection to the upgrader. And update the CLI output so that it tells you which modules failed to upgrade properly. Fixes ticket #1359. --- modules/gallery/controllers/upgrader.php | 21 ++++++++++++++++++--- modules/gallery/views/upgrader.html.php | 2 +- 2 files changed, 19 insertions(+), 4 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 6613d671..b2646874 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -54,8 +54,16 @@ class Upgrader_Controller extends Controller { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; - } else if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { - access::forbidden(); + } else { + if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { + access::forbidden(); + } + + try { + access::verify_csrf(); + } catch (Exception $e) { + url::redirect("upgrader"); + } } $available = module::available(); @@ -87,7 +95,14 @@ class Upgrader_Controller extends Controller { site_status::clear("upgrade_now"); if (php_sapi_name() == "cli") { - print "Upgrade complete\n"; + if ($failed) { + print "Upgrade completed ** WITH FAILURES **\n"; + print "The following modules were not successfully upgraded:\n"; + print " " . implode($failed, "\n ") . "\n"; + print "Try getting newer versions or deactivating those modules\n"; + } else { + print "Upgrade complete\n"; + } } else { url::redirect("upgrader?failed=" . join(",", $failed)); } diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index c2d8a552..554cf30d 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -84,7 +84,7 @@ -- cgit v1.2.3 From 5e316f78c6d73fcba9b39c0f9033f1d670de83cb Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Sep 2010 15:17:00 -0700 Subject: Restrict viewing user profile pages to registered users only, but provide a "show_user_profiles_to" setting to allow admins to open it up to everybody (choices there are "registered_users", "admin_users" or "everybody"). Fixes ticket #1378. --- installer/install.sql | 5 ++-- modules/gallery/controllers/user_profile.php | 39 +++++++++++++++++++++++++++ modules/gallery/helpers/gallery_installer.php | 10 ++++--- modules/gallery/module.info | 2 +- 4 files changed, 50 insertions(+), 6 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/installer/install.sql b/installer/install.sql index 7a40918d..05dfcb5e 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -244,7 +244,7 @@ CREATE TABLE {modules} ( KEY `weight` (`weight`) ) AUTO_INCREMENT=11 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; -INSERT INTO {modules} VALUES (1,1,'gallery',38,1); +INSERT INTO {modules} VALUES (1,1,'gallery',39,1); INSERT INTO {modules} VALUES (2,1,'user',3,2); INSERT INTO {modules} VALUES (3,1,'comment',3,3); INSERT INTO {modules} VALUES (4,1,'organize',2,4); @@ -395,7 +395,7 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) AUTO_INCREMENT=49 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=50 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {vars} VALUES (NULL,'gallery','active_site_theme','wind'); INSERT INTO {vars} VALUES (NULL,'gallery','active_admin_theme','admin_wind'); @@ -422,6 +422,7 @@ INSERT INTO {vars} VALUES (NULL,'gallery','email_reply_to','unknown@unknown.com' INSERT INTO {vars} VALUES (NULL,'gallery','choose_default_tookit','1'); INSERT INTO {vars} VALUES (NULL,'gallery','email_line_length','70'); INSERT INTO {vars} VALUES (NULL,'gallery','email_header_separator','s:1:\"\n\";'); +INSERT INTO {vars} VALUES (NULL,'gallery','show_user_profiles_to','registered_users'); INSERT INTO {vars} VALUES (NULL,'comment','spam_caught','0'); INSERT INTO {vars} VALUES (NULL,'comment','access_permissions','everybody'); INSERT INTO {vars} VALUES (NULL,'gallery','blocks_site_sidebar','a:4:{i:9;a:2:{i:0;s:7:\"gallery\";i:1;s:8:\"language\";}i:10;a:2:{i:0;s:4:\"info\";i:1;s:8:\"metadata\";}i:11;a:2:{i:0;s:3:\"rss\";i:1;s:9:\"rss_feeds\";}i:12;a:2:{i:0;s:3:\"tag\";i:1;s:3:\"tag\";}}'); diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index e992655b..4922416c 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -18,6 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class User_Profile_Controller extends Controller { + public function show($id) { // If we get here, then we should have a user id other than guest. $user = identity::lookup_user($id); @@ -25,6 +26,10 @@ class User_Profile_Controller extends Controller { throw new Kohana_404_Exception(); } + if (!$this->_can_view_profile_pages($user)) { + throw new Kohana_404_Exception(); + } + $v = new Theme_View("page.html", "other", "profile"); $v->page_title = t("%name Profile", array("name" => $user->display_name())); $v->content = new View("user_profile.html"); @@ -44,12 +49,20 @@ class User_Profile_Controller extends Controller { public function contact($id) { $user = identity::lookup_user($id); + if (!$this->_can_view_profile_pages($user)) { + throw new Kohana_404_Exception(); + } + print user_profile::get_contact_form($user); } public function send($id) { access::verify_csrf(); $user = identity::lookup_user($id); + if (!$this->_can_view_profile_pages($user)) { + throw new Kohana_404_Exception(); + } + $form = user_profile::get_contact_form($user); if ($form->validate()) { Sendmail::factory() @@ -66,4 +79,30 @@ class User_Profile_Controller extends Controller { json::reply(array("result" => "error", "html" => (string)$form)); } } + + private function _can_view_profile_pages($user) { + if (!$user->loaded()) { + return false; + } + + if ($user->id == identity::active_user()->id) { + // You can always view your own profile + return true; + } + + switch (module::get_var("gallery", "show_user_profiles_to")) { + case "admin_users": + return identity::active_user()->admin; + + case "registered_users": + return !identity::active_user()->guest; + + case "everybody": + return true; + + default: + // Fail in private mode on an invalid setting + return false; + } + } } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index c23bcca8..444d307b 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -302,14 +302,13 @@ class gallery_installer { module::set_var("gallery", "maintenance_mode", 0); module::set_var("gallery", "visible_title_length", 15); module::set_var("gallery", "favicon_url", "lib/images/favicon.ico"); - - // Sendmail configuration module::set_var("gallery", "email_from", ""); module::set_var("gallery", "email_reply_to", ""); module::set_var("gallery", "email_line_length", 70); module::set_var("gallery", "email_header_separator", serialize("\n")); + module::set_var("gallery", "show_user_profiles_to", "registered_users"); - module::set_version("gallery", 38); + module::set_version("gallery", 39); } static function upgrade($version) { @@ -627,6 +626,11 @@ class gallery_installer { } module::set_version("gallery", $version = 38); } + + if ($version == 38) { + module::set_var("gallery", "show_user_profiles_to", "registered_users"); + module::set_version("gallery", $version = 39); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index cc3b2723..5791f79d 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 38 +version = 39 -- cgit v1.2.3 From 64dfccc4eddf204a80ce533bad69ac8c0c83c1bd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Sep 2010 20:04:22 -0700 Subject: Preserve the image extension on the temp file that we create for rotating images. Some versions of GD won't work if we don't do this. Fixes ticket #1375. --- modules/gallery/controllers/quick.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index c34209da..3db4f5df 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -36,7 +36,8 @@ class Quick_Controller extends Controller { } if ($degrees) { - $tmpfile = tempnam(TMPPATH, "rotate"); + $tmpfile = tempnam(TMPPATH, "rotate") . "." . + pathinfo($item->file_path(), PATHINFO_EXTENSION); gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees)); $item->set_data_file($tmpfile); $item->save(); -- cgit v1.2.3 From fad1f05203f9c45b759fd0f4731e9025bca86114 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 18 Sep 2010 17:46:28 -0700 Subject: The Kohana folks removed the cache cleanup code back in http://dev.kohanaframework.org/projects/kohana2/repository/revisions/4605 So now our cache entries don't expire. For now, do cache expiration whenever we render Admin > Maintenance, since that's the type of place that users will go when they want their cache to expire anyway. --- modules/gallery/controllers/admin_maintenance.php | 7 +++++++ modules/gallery/libraries/drivers/Cache/Database.php | 14 -------------- modules/gallery/tests/Cache_Test.php | 20 -------------------- 3 files changed, 7 insertions(+), 34 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index a9cc933c..7729d797 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -48,6 +48,13 @@ class Admin_Maintenance_Controller extends Admin_Controller { $view->content->finished_tasks = ORM::factory("task") ->where("done", "=", 1)->order_by("updated", "DESC")->find_all(); print $view; + + // Do some maintenance while we're in here + db::build() + ->delete("caches") + ->where("expiration", "<>", 0) + ->where("expiration", "<=", time()) + ->execute(); } /** diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php index 9ada52e1..b7822811 100644 --- a/modules/gallery/libraries/drivers/Cache/Database.php +++ b/modules/gallery/libraries/drivers/Cache/Database.php @@ -178,20 +178,6 @@ class Cache_Database_Driver extends Cache_Driver { return $this->delete($tags, true); } - /** - * Deletes all cache files that are older than the current time. - */ - public function delete_expired() { - // Delete all expired caches - $status = db::build() - ->delete("caches") - ->where("expiration", "<>", 0) - ->where("expiration", "<=", time()) - ->execute(); - - return count($status) > 0; - } - /** * Empty the cache */ diff --git a/modules/gallery/tests/Cache_Test.php b/modules/gallery/tests/Cache_Test.php index 4c65698a..e8d8b6f4 100644 --- a/modules/gallery/tests/Cache_Test.php +++ b/modules/gallery/tests/Cache_Test.php @@ -85,26 +85,6 @@ class Cache_Test extends Gallery_Unit_Test_Case { $this->assert_equal(array($id3 => $value3), $data, "Expected id3"); } - public function cache_delete_expired_test() { - $id1 = md5(rand()); - $value1 = array("field1" => "value1", "field2" => "value2"); - $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), -84600); - - $id2 = md5(rand()); - $value2 = array("field3" => "value3", "field4" => "value4"); - $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), -846000); - - $id3 = md5(rand()); - $value3 = array("field5" => "value5", "field6" => "value6"); - $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), -84600); - - $data = $this->_driver->delete_expired(); - - $this->assert_false($this->_driver->exists($id1), "$id1 should have been deleted"); - $this->assert_false($this->_driver->exists($id2), "$id2 should have been deleted"); - $this->assert_false($this->_driver->exists($id3), "$id3 should have been deleted"); - } - public function cache_delete_id_test() { $id1 = md5(rand()); $value1 = array("field1" => "value1", "field2" => "value2"); -- cgit v1.2.3