From 28060d9dce3128cb0254d61a66d865fe8f4e1583 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 22 Sep 2009 14:25:52 -0700
Subject: Create a gallery error handler that traps php errors and rethrows
 them as Exceptions.  This fixes ticket #763

---
 modules/gallery/helpers/gallery_error.php | 32 +++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 modules/gallery/helpers/gallery_error.php

(limited to 'modules/gallery/helpers/gallery_error.php')

diff --git a/modules/gallery/helpers/gallery_error.php b/modules/gallery/helpers/gallery_error.php
new file mode 100644
index 00000000..91e05407
--- /dev/null
+++ b/modules/gallery/helpers/gallery_error.php
@@ -0,0 +1,32 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class gallery_error_Core {
+  function error_handler($severity, $message, $filename, $lineno) {
+    if (error_reporting() == 0) {
+      return;
+    }
+
+    if (error_reporting() & $severity) {
+      $e = new ErrorException($message, 0, $severity, $filename, $lineno);
+      log::error("error", $e->getMessage());
+      Kohana::log("error", $e->__toString());
+    }
+  }
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 970158f4d9904d00319c3da421024c68777a855d Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 24 Sep 2009 16:59:33 -0700
Subject: Fix unit tests by updating the xss golden file and declaring
 gallery_error::error_handler as static

---
 modules/gallery/helpers/gallery_error.php |   2 +-
 modules/gallery/tests/xss_data.txt        | 176 +++++++++++++++---------------
 2 files changed, 89 insertions(+), 89 deletions(-)

(limited to 'modules/gallery/helpers/gallery_error.php')

diff --git a/modules/gallery/helpers/gallery_error.php b/modules/gallery/helpers/gallery_error.php
index 91e05407..39568c93 100644
--- a/modules/gallery/helpers/gallery_error.php
+++ b/modules/gallery/helpers/gallery_error.php
@@ -18,7 +18,7 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class gallery_error_Core {
-  function error_handler($severity, $message, $filename, $lineno) {
+  static function error_handler($severity, $message, $filename, $lineno) {
     if (error_reporting() == 0) {
       return;
     }
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index f3c90e18..7d3cf362 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -148,31 +148,31 @@ modules/gallery/views/permissions_browse.html.php            44  DIRTY_JS $paren
 modules/gallery/views/permissions_browse.html.php            52  DIRTY_ATTR $item->id
 modules/gallery/views/permissions_browse.html.php            53  DIRTY_JS $item->id
 modules/gallery/views/permissions_browse.html.php            60  DIRTY    $form
-modules/gallery/views/permissions_form.html.php              24  DIRTY_JS $lock->id
-modules/gallery/views/permissions_form.html.php              32  DIRTY_JS $group->id
-modules/gallery/views/permissions_form.html.php              32  DIRTY_JS $permission->id
-modules/gallery/views/permissions_form.html.php              32  DIRTY_JS $item->id
-modules/gallery/views/permissions_form.html.php              36  DIRTY_JS $group->id
-modules/gallery/views/permissions_form.html.php              36  DIRTY_JS $permission->id
-modules/gallery/views/permissions_form.html.php              36  DIRTY_JS $item->id
-modules/gallery/views/permissions_form.html.php              43  DIRTY_JS $group->id
-modules/gallery/views/permissions_form.html.php              43  DIRTY_JS $permission->id
-modules/gallery/views/permissions_form.html.php              43  DIRTY_JS $item->id
-modules/gallery/views/permissions_form.html.php              47  DIRTY_JS $group->id
-modules/gallery/views/permissions_form.html.php              47  DIRTY_JS $permission->id
-modules/gallery/views/permissions_form.html.php              47  DIRTY_JS $item->id
-modules/gallery/views/permissions_form.html.php              56  DIRTY_JS $group->id
-modules/gallery/views/permissions_form.html.php              56  DIRTY_JS $permission->id
-modules/gallery/views/permissions_form.html.php              56  DIRTY_JS $item->id
-modules/gallery/views/permissions_form.html.php              63  DIRTY_JS $group->id
-modules/gallery/views/permissions_form.html.php              63  DIRTY_JS $permission->id
-modules/gallery/views/permissions_form.html.php              63  DIRTY_JS $item->id
-modules/gallery/views/permissions_form.html.php              74  DIRTY_JS $group->id
-modules/gallery/views/permissions_form.html.php              74  DIRTY_JS $permission->id
-modules/gallery/views/permissions_form.html.php              74  DIRTY_JS $item->id
-modules/gallery/views/permissions_form.html.php              79  DIRTY_JS $group->id
-modules/gallery/views/permissions_form.html.php              79  DIRTY_JS $permission->id
-modules/gallery/views/permissions_form.html.php              79  DIRTY_JS $item->id
+modules/gallery/views/permissions_form.html.php              26  DIRTY_JS $lock->id
+modules/gallery/views/permissions_form.html.php              34  DIRTY_JS $group->id
+modules/gallery/views/permissions_form.html.php              34  DIRTY_JS $permission->id
+modules/gallery/views/permissions_form.html.php              34  DIRTY_JS $item->id
+modules/gallery/views/permissions_form.html.php              37  DIRTY_JS $group->id
+modules/gallery/views/permissions_form.html.php              37  DIRTY_JS $permission->id
+modules/gallery/views/permissions_form.html.php              37  DIRTY_JS $item->id
+modules/gallery/views/permissions_form.html.php              44  DIRTY_JS $group->id
+modules/gallery/views/permissions_form.html.php              44  DIRTY_JS $permission->id
+modules/gallery/views/permissions_form.html.php              44  DIRTY_JS $item->id
+modules/gallery/views/permissions_form.html.php              48  DIRTY_JS $group->id
+modules/gallery/views/permissions_form.html.php              48  DIRTY_JS $permission->id
+modules/gallery/views/permissions_form.html.php              48  DIRTY_JS $item->id
+modules/gallery/views/permissions_form.html.php              57  DIRTY_JS $group->id
+modules/gallery/views/permissions_form.html.php              57  DIRTY_JS $permission->id
+modules/gallery/views/permissions_form.html.php              57  DIRTY_JS $item->id
+modules/gallery/views/permissions_form.html.php              64  DIRTY_JS $group->id
+modules/gallery/views/permissions_form.html.php              64  DIRTY_JS $permission->id
+modules/gallery/views/permissions_form.html.php              64  DIRTY_JS $item->id
+modules/gallery/views/permissions_form.html.php              75  DIRTY_JS $group->id
+modules/gallery/views/permissions_form.html.php              75  DIRTY_JS $permission->id
+modules/gallery/views/permissions_form.html.php              75  DIRTY_JS $item->id
+modules/gallery/views/permissions_form.html.php              80  DIRTY_JS $group->id
+modules/gallery/views/permissions_form.html.php              80  DIRTY_JS $permission->id
+modules/gallery/views/permissions_form.html.php              80  DIRTY_JS $item->id
 modules/gallery/views/upgrader.html.php                      44  DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable"
 modules/gallery/views/upgrader.html.php                      45  DIRTY_ATTR $id
 modules/gallery/views/upgrader.html.php                      49  DIRTY    $module->version
@@ -251,8 +251,8 @@ modules/search/views/search.html.php                         31  DIRTY_JS $item-
 modules/search/views/search.html.php                         32  DIRTY    $item->thumb_img()
 modules/server_add/views/admin_server_add.html.php           15  DIRTY_ATTR $id
 modules/server_add/views/admin_server_add.html.php           24  DIRTY    $form
-modules/server_add/views/server_add_tree.html.php            12  DIRTY_JS html::js_string($dir)
 modules/server_add/views/server_add_tree.html.php            20  DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document"
+modules/server_add/views/server_add_tree.html.php            21  DIRTY_ATTR is_dir($file)?"gDirectory":"gFile"
 modules/server_add/views/server_add_tree_dialog.html.php     3   DIRTY_JS url::site("server_add/children?path=__PATH__")
 modules/server_add/views/server_add_tree_dialog.html.php     4   DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf")
 modules/server_add/views/server_add_tree_dialog.html.php     23  DIRTY    $tree
@@ -283,65 +283,65 @@ modules/user/views/user_languages_block.html.php             2   DIRTY    form::
 modules/watermark/views/admin_watermarks.html.php            19  DIRTY_ATTR $width
 modules/watermark/views/admin_watermarks.html.php            19  DIRTY_ATTR $height
 modules/watermark/views/admin_watermarks.html.php            19  DIRTY_ATTR $url
-themes/admin_wind/views/admin.html.php                    15  DIRTY_JS $theme->url()
-themes/admin_wind/views/admin.html.php                    32  DIRTY    $theme->admin_head()
-themes/admin_wind/views/admin.html.php                    36  DIRTY    $theme->admin_page_top()
-themes/admin_wind/views/admin.html.php                    44  DIRTY    $theme->admin_header_top()
-themes/admin_wind/views/admin.html.php                    49  DIRTY_JS item::root()->url()
-themes/admin_wind/views/admin.html.php                    53  DIRTY    $theme->admin_menu()
-themes/admin_wind/views/admin.html.php                    55  DIRTY    $theme->admin_header_bottom()
-themes/admin_wind/views/admin.html.php                    62  DIRTY    $content
-themes/admin_wind/views/admin.html.php                    68  DIRTY    $sidebar
-themes/admin_wind/views/admin.html.php                    73  DIRTY    $theme->admin_footer()
-themes/admin_wind/views/admin.html.php                    75  DIRTY    $theme->admin_credits()
-themes/admin_wind/views/admin.html.php                    79  DIRTY    $theme->admin_page_bottom()
-themes/admin_wind/views/block.html.php                    3   DIRTY_ATTR $anchor
-themes/admin_wind/views/block.html.php                    5   DIRTY    $id
-themes/admin_wind/views/block.html.php                    5   DIRTY_ATTR $css_id
-themes/admin_wind/views/block.html.php                    13  DIRTY    $title
-themes/admin_wind/views/block.html.php                    16  DIRTY    $content
-themes/admin_wind/views/pager.html.php                    13  DIRTY_JS str_replace('{page}',1,$url)
-themes/admin_wind/views/pager.html.php                    20  DIRTY_JS str_replace('{page}',$previous_page,$url)
-themes/admin_wind/views/pager.html.php                    27  DIRTY    $from_to_msg
-themes/admin_wind/views/pager.html.php                    30  DIRTY_JS str_replace('{page}',$next_page,$url)
-themes/admin_wind/views/pager.html.php                    37  DIRTY_JS str_replace('{page}',$last_page,$url)
-themes/wind/views/album.html.php                          16  DIRTY_ATTR $child->id
-themes/wind/views/album.html.php                          16  DIRTY_ATTR $item_class
-themes/wind/views/album.html.php                          18  DIRTY_JS $child->url()
-themes/wind/views/album.html.php                          19  DIRTY    $child->thumb_img(array("class"=>"gThumbnail"))
-themes/wind/views/album.html.php                          23  DIRTY_JS $child->url()
-themes/wind/views/block.html.php                          3   DIRTY_ATTR $anchor
-themes/wind/views/block.html.php                          5   DIRTY_ATTR $css_id
-themes/wind/views/block.html.php                          6   DIRTY    $title
-themes/wind/views/block.html.php                          8   DIRTY    $content
-themes/wind/views/dynamic.html.php                        11  DIRTY_ATTR $child->is_album()?"gAlbum":""
-themes/wind/views/dynamic.html.php                        13  DIRTY_JS $child->url()
-themes/wind/views/dynamic.html.php                        14  DIRTY_ATTR $child->id
-themes/wind/views/dynamic.html.php                        15  DIRTY_ATTR $child->thumb_url()
-themes/wind/views/dynamic.html.php                        16  DIRTY_ATTR $child->thumb_width
-themes/wind/views/dynamic.html.php                        17  DIRTY_ATTR $child->thumb_height
-themes/wind/views/movie.html.php                          8   DIRTY_JS $previous_item->url()
-themes/wind/views/movie.html.php                          18  DIRTY_JS $next_item->url()
-themes/wind/views/movie.html.php                          28  DIRTY    $item->movie_img(array("class"=>"gMovie","id"=>"gMovieId-{$item->id}"))
-themes/wind/views/page.html.php                           9   DIRTY    $page_title
-themes/wind/views/page.html.php                           32  DIRTY_JS $theme->url()
-themes/wind/views/page.html.php                           41  DIRTY    $new_width
-themes/wind/views/page.html.php                           42  DIRTY    $new_height
-themes/wind/views/page.html.php                           43  DIRTY    $thumb_proportion
-themes/wind/views/page.html.php                           82  DIRTY    $header_text
-themes/wind/views/page.html.php                           84  DIRTY_JS item::root()->url()
-themes/wind/views/page.html.php                           102 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null)
-themes/wind/views/page.html.php                           117 DIRTY    $content
-themes/wind/views/page.html.php                           123 DIRTY    newView("sidebar.html")
-themes/wind/views/page.html.php                           130 DIRTY    $footer_text
-themes/wind/views/pager.html.php                          13  DIRTY_JS str_replace('{page}',1,$url)
-themes/wind/views/pager.html.php                          20  DIRTY_JS str_replace('{page}',$previous_page,$url)
-themes/wind/views/pager.html.php                          27  DIRTY    $from_to_msg
-themes/wind/views/pager.html.php                          30  DIRTY_JS str_replace('{page}',$next_page,$url)
-themes/wind/views/pager.html.php                          37  DIRTY_JS str_replace('{page}',$last_page,$url)
-themes/wind/views/photo.html.php                          8   DIRTY_JS $theme->item()->width
-themes/wind/views/photo.html.php                          8   DIRTY_JS $theme->item()->height
-themes/wind/views/photo.html.php                          21  DIRTY_JS $previous_item->url()
-themes/wind/views/photo.html.php                          31  DIRTY_JS $next_item->url()
-themes/wind/views/photo.html.php                          43  DIRTY_JS $item->file_url()
-themes/wind/views/photo.html.php                          45  DIRTY    $item->resize_img(array("id"=>"gPhotoId-{$item->id}","class"=>"gResize"))
+themes/admin_wind/views/admin.html.php                       15  DIRTY_JS $theme->url()
+themes/admin_wind/views/admin.html.php                       32  DIRTY    $theme->admin_head()
+themes/admin_wind/views/admin.html.php                       36  DIRTY    $theme->admin_page_top()
+themes/admin_wind/views/admin.html.php                       44  DIRTY    $theme->admin_header_top()
+themes/admin_wind/views/admin.html.php                       49  DIRTY_JS item::root()->url()
+themes/admin_wind/views/admin.html.php                       53  DIRTY    $theme->admin_menu()
+themes/admin_wind/views/admin.html.php                       55  DIRTY    $theme->admin_header_bottom()
+themes/admin_wind/views/admin.html.php                       62  DIRTY    $content
+themes/admin_wind/views/admin.html.php                       68  DIRTY    $sidebar
+themes/admin_wind/views/admin.html.php                       73  DIRTY    $theme->admin_footer()
+themes/admin_wind/views/admin.html.php                       75  DIRTY    $theme->admin_credits()
+themes/admin_wind/views/admin.html.php                       79  DIRTY    $theme->admin_page_bottom()
+themes/admin_wind/views/block.html.php                       3   DIRTY_ATTR $anchor
+themes/admin_wind/views/block.html.php                       5   DIRTY    $id
+themes/admin_wind/views/block.html.php                       5   DIRTY_ATTR $css_id
+themes/admin_wind/views/block.html.php                       13  DIRTY    $title
+themes/admin_wind/views/block.html.php                       16  DIRTY    $content
+themes/admin_wind/views/pager.html.php                       13  DIRTY_JS str_replace('{page}',1,$url)
+themes/admin_wind/views/pager.html.php                       20  DIRTY_JS str_replace('{page}',$previous_page,$url)
+themes/admin_wind/views/pager.html.php                       27  DIRTY    $from_to_msg
+themes/admin_wind/views/pager.html.php                       30  DIRTY_JS str_replace('{page}',$next_page,$url)
+themes/admin_wind/views/pager.html.php                       37  DIRTY_JS str_replace('{page}',$last_page,$url)
+themes/wind/views/album.html.php                             16  DIRTY_ATTR $child->id
+themes/wind/views/album.html.php                             16  DIRTY_ATTR $item_class
+themes/wind/views/album.html.php                             18  DIRTY_JS $child->url()
+themes/wind/views/album.html.php                             19  DIRTY    $child->thumb_img(array("class"=>"gThumbnail"))
+themes/wind/views/album.html.php                             23  DIRTY_JS $child->url()
+themes/wind/views/block.html.php                             3   DIRTY_ATTR $anchor
+themes/wind/views/block.html.php                             5   DIRTY_ATTR $css_id
+themes/wind/views/block.html.php                             6   DIRTY    $title
+themes/wind/views/block.html.php                             8   DIRTY    $content
+themes/wind/views/dynamic.html.php                           11  DIRTY_ATTR $child->is_album()?"gAlbum":""
+themes/wind/views/dynamic.html.php                           13  DIRTY_JS $child->url()
+themes/wind/views/dynamic.html.php                           14  DIRTY_ATTR $child->id
+themes/wind/views/dynamic.html.php                           15  DIRTY_ATTR $child->thumb_url()
+themes/wind/views/dynamic.html.php                           16  DIRTY_ATTR $child->thumb_width
+themes/wind/views/dynamic.html.php                           17  DIRTY_ATTR $child->thumb_height
+themes/wind/views/movie.html.php                             8   DIRTY_JS $previous_item->url()
+themes/wind/views/movie.html.php                             18  DIRTY_JS $next_item->url()
+themes/wind/views/movie.html.php                             28  DIRTY    $item->movie_img(array("class"=>"gMovie","id"=>"gMovieId-{$item->id}"))
+themes/wind/views/page.html.php                              9   DIRTY    $page_title
+themes/wind/views/page.html.php                              32  DIRTY_JS $theme->url()
+themes/wind/views/page.html.php                              41  DIRTY    $new_width
+themes/wind/views/page.html.php                              42  DIRTY    $new_height
+themes/wind/views/page.html.php                              43  DIRTY    $thumb_proportion
+themes/wind/views/page.html.php                              82  DIRTY    $header_text
+themes/wind/views/page.html.php                              84  DIRTY_JS item::root()->url()
+themes/wind/views/page.html.php                              102 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null)
+themes/wind/views/page.html.php                              117 DIRTY    $content
+themes/wind/views/page.html.php                              123 DIRTY    newView("sidebar.html")
+themes/wind/views/page.html.php                              130 DIRTY    $footer_text
+themes/wind/views/pager.html.php                             13  DIRTY_JS str_replace('{page}',1,$url)
+themes/wind/views/pager.html.php                             20  DIRTY_JS str_replace('{page}',$previous_page,$url)
+themes/wind/views/pager.html.php                             27  DIRTY    $from_to_msg
+themes/wind/views/pager.html.php                             30  DIRTY_JS str_replace('{page}',$next_page,$url)
+themes/wind/views/pager.html.php                             37  DIRTY_JS str_replace('{page}',$last_page,$url)
+themes/wind/views/photo.html.php                             8   DIRTY_JS $theme->item()->width
+themes/wind/views/photo.html.php                             8   DIRTY_JS $theme->item()->height
+themes/wind/views/photo.html.php                             21  DIRTY_JS $previous_item->url()
+themes/wind/views/photo.html.php                             31  DIRTY_JS $next_item->url()
+themes/wind/views/photo.html.php                             43  DIRTY_JS $item->file_url()
+themes/wind/views/photo.html.php                             45  DIRTY    $item->resize_img(array("id"=>"gPhotoId-{$item->id}","class"=>"gResize"))
-- 
cgit v1.2.3


From dd5471b8600a9a6efbfbfab81972db59e512493a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 28 Sep 2009 21:05:07 -0700
Subject: Create and throw the exception, instead of logging.  The theory
 behind exceptions is that they only need to be logged if they can't be caught
 and handled.  If we don't throw it, then the error gets swallowed and the
 code that errored out just blithely continues.

---
 modules/gallery/helpers/gallery_error.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'modules/gallery/helpers/gallery_error.php')

diff --git a/modules/gallery/helpers/gallery_error.php b/modules/gallery/helpers/gallery_error.php
index 39568c93..551f8c63 100644
--- a/modules/gallery/helpers/gallery_error.php
+++ b/modules/gallery/helpers/gallery_error.php
@@ -24,9 +24,7 @@ class gallery_error_Core {
     }
 
     if (error_reporting() & $severity) {
-      $e = new ErrorException($message, 0, $severity, $filename, $lineno);
-      log::error("error", $e->getMessage());
-      Kohana::log("error", $e->__toString());
+      throw new ErrorException($message, 0, $severity, $filename, $lineno);
     }
   }
 }
\ No newline at end of file
-- 
cgit v1.2.3