From caa2002d7777e0ceb884d4c628650804620ca2b6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 13 Sep 2009 01:04:16 -0700 Subject: If there's a show= param and we can't find the given id in the current album, just ignore the parameter. --- modules/gallery/controllers/albums.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 183c26d0..08a60132 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -40,11 +40,13 @@ class Albums_Controller extends Items_Controller { if ($show) { $index = $album->get_position($show); - $page = ceil($index / $page_size); - if ($page == 1) { - url::redirect($album->abs_url()); - } else { - url::redirect($album->abs_url("page=$page")); + if ($index) { + $page = ceil($index / $page_size); + if ($page == 1) { + url::redirect($album->abs_url()); + } else { + url::redirect($album->abs_url("page=$page")); + } } } -- cgit v1.2.3 From e168e0dfae28bb56289b4debae8825c104ee69f9 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 21:50:48 -0700 Subject: CSRF / auth fixes, golden data file checkpoint --- modules/gallery/controllers/permissions.php | 2 +- modules/gallery/controllers/simple_uploader.php | 1 + modules/gallery/tests/Controller_Auth_Test.php | 8 ++++++-- modules/gallery/tests/controller_auth_data.txt | 17 +++++++++++++++++ modules/tag/controllers/tags.php | 2 ++ modules/user/controllers/admin_users.php | 2 +- 6 files changed, 28 insertions(+), 4 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index 5f4620b2..8d75862e 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -81,7 +81,7 @@ class Permissions_Controller extends Controller { } } - function _get_form($item) { + private function _get_form($item) { $view = new View("permissions_form.html"); $view->item = $item; $view->groups = ORM::factory("group")->find_all(); diff --git a/modules/gallery/controllers/simple_uploader.php b/modules/gallery/controllers/simple_uploader.php index 156d18ac..bc508319 100644 --- a/modules/gallery/controllers/simple_uploader.php +++ b/modules/gallery/controllers/simple_uploader.php @@ -32,6 +32,7 @@ class Simple_Uploader_Controller extends Controller { } public function start() { + access::verify_csrf(); batch::start(); } diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php index e3eb4eaf..50afae8f 100644 --- a/modules/gallery/tests/Controller_Auth_Test.php +++ b/modules/gallery/tests/Controller_Auth_Test.php @@ -21,6 +21,10 @@ class Controller_Auth_Test extends Unit_Test_Case { public function find_missing_auth_test() { $found = array(); foreach (glob("*/*/controllers/*.php") as $controller) { + if (strpos($controller, "modules/unit_test/") !== false) { + continue; + } + // List of all tokens without whitespace, simplifying parsing. $tokens = array(); foreach (token_get_all(file_get_contents($controller)) as $token) { @@ -150,12 +154,12 @@ class Controller_Auth_Test extends Unit_Test_Case { continue; } - fprintf($fd, "%-60s %-20s %-21s\n", + fprintf($fd, "%-60s %-20s %s\n", $controller, $function->name, implode("|", $flags)); } if (strpos(basename($controller), "admin_") === 0 && !$is_admin_controller) { - fprintf($fd, "%-60s %-20s %-21s\n", + fprintf($fd, "%-60s %-20s %s\n", $controller, basename($controller), "NO_ADMIN_CONTROLLER"); } } diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index e69de29b..aabd2863 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -0,0 +1,17 @@ +modules/comment/controllers/admin_comments.php queue DIRTY_CSRF +modules/digibug/controllers/digibug.php close_window DIRTY_AUTH +modules/gallery/controllers/combined.php javascript DIRTY_AUTH +modules/gallery/controllers/combined.php css DIRTY_AUTH +modules/gallery/controllers/maintenance.php index DIRTY_AUTH +modules/gallery/controllers/rest.php form_add DIRTY_AUTH +modules/gallery/controllers/rest.php _index DIRTY_AUTH +modules/gallery/controllers/rest.php _create DIRTY_AUTH +modules/gallery/controllers/rest.php _show DIRTY_AUTH +modules/gallery/controllers/rest.php _update DIRTY_AUTH +modules/gallery/controllers/rest.php _delete DIRTY_AUTH +modules/gallery/controllers/rest.php _form_add DIRTY_AUTH +modules/gallery/controllers/rest.php _form_edit DIRTY_AUTH +modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH +modules/gallery/controllers/simple_uploader.php finish DIRTY_AUTH +modules/user/controllers/login.php ajax DIRTY_AUTH +modules/user/controllers/login.php html DIRTY_AUTH diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index c993e374..f4f98090 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -43,6 +43,8 @@ class Tags_Controller extends REST_Controller { } public function _index() { + // Far from perfection, but at least require view permission for the root album + access::required("view", 1); print tag::cloud(30); } diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 521f82fa..0b748955 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -class Admin_Users_Controller extends Controller { +class Admin_Users_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_users.html"); -- cgit v1.2.3 From 9d76797b17d65540a903ef37eee6edca3e83108b Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 16 Sep 2009 22:23:32 -0700 Subject: Changed the search module installer to explicitly specify MyISAM as the database type. Changed the packager to not remove the engine specification if the table is search_records. Fixes Ticket #774 --- installer/install.sql | 2 +- modules/gallery/controllers/packager.php | 10 ++++++++-- modules/search/helpers/search_installer.php | 10 ++++++++++ modules/search/module.info | 2 +- 4 files changed, 20 insertions(+), 4 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/installer/install.sql b/installer/install.sql index ca0ecadf..e8aaa681 100755 --- a/installer/install.sql +++ b/installer/install.sql @@ -278,7 +278,7 @@ CREATE TABLE {search_records} ( PRIMARY KEY (`id`), KEY `item_id` (`item_id`), FULLTEXT KEY `data` (`data`) -) AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; +) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; INSERT INTO {search_records} VALUES (1,1,0,' Gallery'); DROP TABLE IF EXISTS {sessions}; diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index fbb1d07d..ae87d74b 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -114,18 +114,24 @@ class Packager_Controller extends Controller { $root = ORM::factory("item", 1); $root_created_timestamp = $root->created; $root_updated_timestamp = $root->updated; + $table_name = ""; foreach (file($sql_file) as $line) { // Prefix tables $line = preg_replace( "/(CREATE TABLE|IF EXISTS|INSERT INTO) `{$dbconfig['table_prefix']}(\w+)`/", "\\1 {\\2}", $line); + if (preg_match("/CREATE TABLE {(\w+)}/", $line, $matches)) { + $table_name = $matches[1]; + } // Normalize dates $line = preg_replace("/,$root_created_timestamp,/", ",UNIX_TIMESTAMP(),", $line); $line = preg_replace("/,$root_updated_timestamp,/", ",UNIX_TIMESTAMP(),", $line); - // Remove ENGINE= specifications - $line = preg_replace("/ENGINE=\S+ /", "", $line); + // Remove ENGINE= specifications execpt for search records, it always needs to be MyISAM + if ($table_name != "search_records") { + $line = preg_replace("/ENGINE=\S+ /", "", $line); + } $buf .= $line; } diff --git a/modules/search/helpers/search_installer.php b/modules/search/helpers/search_installer.php index 10d8211f..096f46c7 100644 --- a/modules/search/helpers/search_installer.php +++ b/modules/search/helpers/search_installer.php @@ -28,6 +28,7 @@ class search_installer { PRIMARY KEY (`id`), KEY(`item_id`), FULLTEXT INDEX (`data`)) + ENGINE=MYISAM DEFAULT CHARSET=utf8;"); module::set_version("search", 1); } @@ -47,4 +48,13 @@ class search_installer { static function uninstall() { Database::instance()->query("DROP TABLE {search_records}"); } + + static function upgrade($version) { + $db = Database::instance(); + if ($version == 1) { + $db->query("ALTER TABLE {search_records} ENGINE=MYISAM"); + module::set_version("search", 2); + } + } + } diff --git a/modules/search/module.info b/modules/search/module.info index f417c4fa..2f2ebdf1 100644 --- a/modules/search/module.info +++ b/modules/search/module.info @@ -1,3 +1,3 @@ name = "Search" description = "Allows users to search their Gallery" -version = 1 +version = 2 -- cgit v1.2.3