From f034c6c534ad6a07dacc6e64c7e6b43f139c3831 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 31 Jul 2009 13:32:07 -0700 Subject: Add new events: graphics_resize graphics_resize_completed graphics_rotate graphics_rotate_completed graphics_composite graphics_composite_completed --- modules/gallery/helpers/graphics.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index db9b2ef5..d506a982 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -195,6 +195,8 @@ class graphics_Core { self::init_toolkit(); } + module::event("graphics_resize", $input_file, $output_file, $options); + if (@filesize($input_file) == 0) { throw new Exception("@todo EMPTY_INPUT_FILE"); } @@ -209,6 +211,8 @@ class graphics_Core { ->quality(module::get_var("gallery", "image_quality")) ->save($output_file); } + + module::event("graphics_resize_completed", $input_file, $output_file, $options); } /** @@ -223,10 +227,14 @@ class graphics_Core { self::init_toolkit(); } + module::event("graphics_rotate", $input_file, $output_file, $options); + Image::factory($input_file) ->quality(module::get_var("gallery", "image_quality")) ->rotate($options["degrees"]) ->save($output_file); + + module::event("graphics_rotate_completed", $input_file, $output_file, $options); } /** @@ -249,6 +257,8 @@ class graphics_Core { self::init_toolkit(); } + module::event("graphics_composite", $input_file, $output_file, $options); + list ($width, $height) = getimagesize($input_file); list ($w_width, $w_height) = getimagesize($options["file"]); @@ -276,6 +286,9 @@ class graphics_Core { ->composite($options["file"], $x, $y, $options["transparency"]) ->quality(module::get_var("gallery", "image_quality")) ->save($output_file); + + + module::event("graphics_composite_completed", $input_file, $output_file, $options); } /** -- cgit v1.2.3 From c9f5000e65f66b3342f2cc6e2e9623eac72ff223 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 8 Aug 2009 20:31:16 -0700 Subject: Improve the graphics toolkit detection code so that properly identifies situations where its restricted by open_basedir. We now track more informatoin about the toolkit including the version and any errors we encountered while doing the detection so that we can provide more info downstream. This makes graphics::detect_toolkits() a little heavier, but that's ok because it should not be called very often. In the process, refactor the controller and view hierarchy so that it's a little more straightforward in the code. Fixes ticket #616. --- modules/gallery/controllers/admin_graphics.php | 39 +++------ modules/gallery/helpers/graphics.php | 92 ++++++++++++++++++++-- modules/gallery/views/admin_graphics.html.php | 14 +++- modules/gallery/views/admin_graphics_gd.html.php | 15 ++-- .../views/admin_graphics_graphicsmagick.html.php | 10 +-- .../views/admin_graphics_imagemagick.html.php | 12 +-- modules/gallery/views/admin_graphics_none.html.php | 2 +- 7 files changed, 127 insertions(+), 57 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/controllers/admin_graphics.php b/modules/gallery/controllers/admin_graphics.php index 72f8d8e1..565ee1b0 100644 --- a/modules/gallery/controllers/admin_graphics.php +++ b/modules/gallery/controllers/admin_graphics.php @@ -21,41 +21,24 @@ class Admin_Graphics_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_graphics.html"); - $view->content->available = ""; - - $tk = new ArrayObject(graphics::detect_toolkits(), ArrayObject::ARRAY_AS_PROPS); - $active = module::get_var("gallery", "graphics_toolkit", "none"); - foreach (array("gd", "imagemagick", "graphicsmagick", "none") as $id) { - if ($id == $active) { - $view->content->active = new View("admin_graphics_$id.html"); - $view->content->active->tk = $tk; - $view->content->active->is_active = true; - } else if ($id != "none") { - $v = new View("admin_graphics_$id.html"); - $v->tk = $tk; - $v->is_active = false; - $view->content->available .= $v; - } - } - + $view->content->tk = graphics::detect_toolkits(); + $view->content->active = module::get_var("gallery", "graphics_toolkit", "none"); print $view; } - public function choose($toolkit) { + public function choose($toolkit_id) { access::verify_csrf(); - if ($toolkit != module::get_var("gallery", "graphics_toolkit")) { - module::set_var("gallery", "graphics_toolkit", $toolkit); - - $toolkit_info = graphics::detect_toolkits(); - if ($toolkit == "graphicsmagick" || $toolkit == "imagemagick") { - module::set_var("gallery", "graphics_toolkit_path", $toolkit_info[$toolkit]); - } + if ($toolkit_id != module::get_var("gallery", "graphics_toolkit")) { + $tk = graphics::detect_toolkits(); + module::set_var("gallery", "graphics_toolkit", $toolkit_id); + module::set_var("gallery", "graphics_toolkit_path", dirname($tk->$toolkit_id->dir)); site_status::clear("missing_graphics_toolkit"); - message::success(t("Updated Graphics Toolkit")); - log::success("graphics", t("Changed graphics toolkit to: %toolkit", - array("toolkit" => $toolkit))); + + $msg = t("Changed graphics toolkit to: %toolkit", array("toolkit" => $tk->$toolkit_id->name)); + message::success($msg); + log::success("graphics", $msg); } url::redirect("admin/graphics"); diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index d506a982..7dc46eeb 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -339,15 +339,90 @@ class graphics_Core { * GraphicsMagick we return the path to the directory containing the appropriate binaries. */ static function detect_toolkits() { + $toolkits = new stdClass(); + + // GD is special, it doesn't use exec() $gd = function_exists("gd_info") ? gd_info() : array(); - $exec = function_exists("exec"); + $toolkits->gd->name = "GD"; if (!isset($gd["GD Version"])) { - $gd["GD Version"] = false; + $toolkits->gd->installed = false; + $toolkits->gd->error = t("GD is not installed"); + } else { + $toolkits->gd->installed = true; + $toolkits->gd->version = $gd["GD Version"]; + $toolkits->gd->rotate = function_exists("imagerotate"); + $toolkits->gd->binary = ""; + $toolkits->gd->dir = ""; + + if (!$toolkits->gd->rotate) { + $toolkits->gd->error = + t("You have GD version %version, but it lacks image rotation.", + array("version" => $gd["GD Version"])); + } + } + + if (!function_exists("exec")) { + $toolkits->imagemagick->installed = false; + $toolkits->imagemagick->error = t("ImageMagick requires the exec function"); + + $toolkits->graphicsmagick->installed = false; + $toolkits->graphicsmagick->error = t("GraphicsMagick requires the exec function"); + } else { + putenv("PATH=" . getenv("PATH") . ":/usr/local/bin:/opt/local/bin:/opt/bin"); + + // @todo: consider refactoring the two segments below into a loop since they are so + // similar. + + // ImageMagick + $path = exec("which convert"); + $toolkits->imagemagick->name = "ImageMagick"; + if ($path) { + if (@is_file($path)) { + preg_match('/Version: \S+ (\S+)/', `convert -v`, $matches); + $version = $matches[1]; + + $toolkits->imagemagick->installed = true; + $toolkits->imagemagick->version = $version; + $toolkits->imagemagick->binary = $path; + $toolkits->imagemagick->dir = dirname($path); + $toolkits->imagemagick->rotate = true; + } else { + $toolkits->imagemagick->installed = false; + $toolkits->imagemagick->error = + t("ImageMagick is installed, but PHP's open_basedir restriction " . + "prevents Gallery from using it."); + } + } else { + $toolkits->imagemagick->installed = false; + $toolkits->imagemagick->error = t("We could not locate ImageMagick on your system."); + } + + // GraphicsMagick + $path = exec("which gm"); + $toolkits->graphicsmagick->name = "GraphicsMagick"; + if ($path) { + if (@is_file($path)) { + preg_match('/\S+ (\S+)/', `gm version`, $matches); + $version = $matches[1]; + + $toolkits->graphicsmagick->installed = true; + $toolkits->graphicsmagick->version = $version; + $toolkits->graphicsmagick->binary = $path; + $toolkits->graphicsmagick->dir = dirname($path); + $toolkits->graphicsmagick->rotate = true; + } else { + $toolkits->graphicsmagick->installed = false; + $toolkits->graphicsmagick->error = + t("GraphicsMagick is installed, but PHP's open_basedir restriction " . + "prevents Gallery from using it."); + } + } else { + $toolkits->graphicsmagick->installed = false; + $toolkits->graphicsmagick->error = t("We could not locate GraphicsMagick on your system."); + } } - putenv("PATH=" . getenv("PATH") . ":/usr/local/bin:/opt/local/bin:/opt/bin"); - return array("gd" => $gd, - "imagemagick" => $exec ? dirname(exec("which convert")) : false, - "graphicsmagick" => $exec ? dirname(exec("which gm")) : false); + + return $toolkits; } /** @@ -357,12 +432,13 @@ class graphics_Core { // Detect a graphics toolkit $toolkits = graphics::detect_toolkits(); foreach (array("imagemagick", "graphicsmagick", "gd") as $tk) { - if ($toolkits[$tk]) { + if ($toolkits->$tk->installed) { module::set_var("gallery", "graphics_toolkit", $tk); - module::set_var("gallery", "graphics_toolkit_path", $tk == "gd" ? "" : $toolkits[$tk]); + module::set_var("gallery", "graphics_toolkit_path", $toolkits->$tk->dir); break; } } + if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please choose a toolkit", diff --git a/modules/gallery/views/admin_graphics.html.php b/modules/gallery/views/admin_graphics.html.php index 08374471..c4a2f5c6 100644 --- a/modules/gallery/views/admin_graphics.html.php +++ b/modules/gallery/views/admin_graphics.html.php @@ -9,8 +9,8 @@ }; $("#gAdminGraphics div.gAvailable .gBlock").click(select_toolkit); }); - +

@@ -18,11 +18,19 @@

- + + + + $tk->$active, "is_active" => true)) ?> +

- + + + $tk->$id, "is_active" => false)) ?> + +
diff --git a/modules/gallery/views/admin_graphics_gd.html.php b/modules/gallery/views/admin_graphics_gd.html.php index b77da8e3..aa9ee67c 100644 --- a/modules/gallery/views/admin_graphics_gd.html.php +++ b/modules/gallery/views/admin_graphics_gd.html.php @@ -1,23 +1,26 @@ -
gd["GD Version"] ? " gInstalledToolkit" : " gUnavailable" ?>"> +
installed ? " gInstalledToolkit" : " gUnavailable" ?>"> " alt="" />

GD website for more information.", array("url" => "http://www.boutell.com/gd")) ?>

- gd["GD Version"] && function_exists('imagerotate')): ?> + installed && $tk->rotate): ?>

- $tk->gd["GD Version"])) ?> + $tk->version)) ?>

- gd["GD Version"]): ?> + installed): ?> + + error): ?>

- $tk->gd["GD Version"])) ?> + error ?>

+ +

diff --git a/modules/gallery/views/admin_graphics_graphicsmagick.html.php b/modules/gallery/views/admin_graphics_graphicsmagick.html.php index e2cd0777..bf3ad339 100644 --- a/modules/gallery/views/admin_graphics_graphicsmagick.html.php +++ b/modules/gallery/views/admin_graphics_graphicsmagick.html.php @@ -1,21 +1,21 @@ -
graphicsmagick ? " gInstalledToolkit" : " gUnavailable" ?>"> +
installed ? " gInstalledToolkit" : " gUnavailable" ?>">

" alt="" />

GraphicsMagick website for more information.", array("url" => "http://www.graphicsmagick.org")) ?>

- graphicsmagick): ?> + installed): ?>

- $tk->graphicsmagick)) ?> + $tk->version, "dir" => $tk->dir)) ?>

-

- +

+ error ?>

diff --git a/modules/gallery/views/admin_graphics_imagemagick.html.php b/modules/gallery/views/admin_graphics_imagemagick.html.php index 081ddc15..b8f7ffb8 100644 --- a/modules/gallery/views/admin_graphics_imagemagick.html.php +++ b/modules/gallery/views/admin_graphics_imagemagick.html.php @@ -1,21 +1,21 @@ -
imagemagick ? " gInstalledToolkit" : " gUnavailable" ?>"> +
installed ? " gInstalledToolkit" : " gUnavailable" ?>">

" alt="" />

ImageMagick website for more information.", array("url" => "http://www.imagemagick.org")) ?>

- imagemagick): ?> + installed): ?>

- $tk->imagemagick)) ?> + $tk->version, "dir" => $tk->dir)) ?>

- -

- + error): ?> +

+ error ?>

diff --git a/modules/gallery/views/admin_graphics_none.html.php b/modules/gallery/views/admin_graphics_none.html.php index 5306a70d..be2a580d 100644 --- a/modules/gallery/views/admin_graphics_none.html.php +++ b/modules/gallery/views/admin_graphics_none.html.php @@ -2,6 +2,6 @@

- +

-- cgit v1.2.3 From 0aceba6f48e5542d3edfbb1f195af50187adbac4 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 29 Aug 2009 15:20:27 -0700 Subject: Fix for ticket #628: 1) increased gallery module version to 11 2) added image_sharpened parameter to the gallery module 3) sharpen all resizes. --- modules/gallery/helpers/gallery_installer.php | 9 ++++++++- modules/gallery/helpers/graphics.php | 5 +++++ modules/gallery/module.info | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index a212ef85..40830bc0 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -223,6 +223,7 @@ class gallery_installer { module::set_var("gallery", "resize_size", 640); module::set_var("gallery", "default_locale", "en_US"); module::set_var("gallery", "image_quality", 75); + module::set_var("gallery", "image_sharpen", 15); // Add rules for generating our thumbnails and resizes graphics::add_rule( @@ -259,7 +260,7 @@ class gallery_installer { module::set_var("gallery", "show_credits", 1); // @todo this string needs to be picked up by l10n_scanner module::set_var("gallery", "credits", "Powered by Gallery %version"); - module::set_version("gallery", 10); + module::set_version("gallery", 11); } static function upgrade($version) { @@ -336,6 +337,12 @@ class gallery_installer { module::set_version("gallery", $version = 10); } + + if ($version == 10) { + module::set_var("gallery", "image_sharpen", 15); + + module::set_version("gallery", $version = 11); + } } static function uninstall() { diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 7dc46eeb..2892011f 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -206,10 +206,15 @@ class graphics_Core { // Image would get upscaled; do nothing copy($input_file, $output_file); } else { + try { Image::factory($input_file) ->resize($options["width"], $options["height"], $options["master"]) ->quality(module::get_var("gallery", "image_quality")) + ->sharpen(module::get_var("gallery", "image_sharpen")) ->save($output_file); + } catch (Exception $e) { + Kohana::log("error", $e->getMessage()); + } } module::event("graphics_resize_completed", $input_file, $output_file, $options); diff --git a/modules/gallery/module.info b/modules/gallery/module.info index dfb1a7a2..6b9dd1ba 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 10 +version = 11 -- cgit v1.2.3 From b4b638be44375c93f5222c7b48ed547845d6d7e5 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 29 Aug 2009 16:28:30 -0700 Subject: Undo url helper changes - url methods no longer return a SafeString. Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2(). --- modules/akismet/helpers/akismet.php | 2 +- modules/digibug/views/admin_digibug.html.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/g2_import/views/admin_g2_import.html.php | 10 ++++----- modules/gallery/helpers/MY_url.php | 24 +--------------------- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/tests/Xss_Security_Test.php | 15 +++++++++++--- modules/gallery/views/admin_block_welcome.html.php | 10 ++++----- modules/gallery/views/upgrader.html.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/search/helpers/search.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/user/views/reset_password.html.php | 4 +++- system/helpers/request.php | 2 +- 14 files changed, 35 insertions(+), 46 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/akismet/helpers/akismet.php b/modules/akismet/helpers/akismet.php index db45a6ab..abca78d2 100644 --- a/modules/akismet/helpers/akismet.php +++ b/modules/akismet/helpers/akismet.php @@ -94,7 +94,7 @@ class akismet_Core { if (empty($api_key)) { site_status::warning( t("Akismet is not quite ready! Please provide an API Key", - array("url" => url::site("admin/akismet"))), + array("url" => SafeString::of_safe_html(url::site("admin/akismet")))), "akismet_config"); } else { site_status::clear("akismet_config"); diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php index 7e4436ff..5f27a3fd 100644 --- a/modules/digibug/views/admin_digibug.html.php +++ b/modules/digibug/views/admin_digibug.html.php @@ -16,7 +16,7 @@

register with Digibug and enter your Digibug id in the Advanced Settings page you can make money off of your photos!", array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => url::site("admin/advanced_settings"))) ?> + "advanced_settings_url" => SafeString::of_safe_html(url::site("admin/advanced_settings")))) ?>

diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index 20ecd0cb..d4e60338 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -164,7 +164,7 @@ class exif_Core { if ($remaining) { site_status::warning( t('Your Exif index needs to be updated. Fix this now', - array("url" => url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__"))), + array("url" => SafeString::of_safe_html(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), "exif_index_out_of_date"); } } diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php index da2bb5d1..f53510f6 100644 --- a/modules/g2_import/views/admin_g2_import.html.php +++ b/modules/g2_import/views/admin_g2_import.html.php @@ -37,9 +37,9 @@
  • Using the same value will speed up your import.", - array("g2_pixels" => $g2_sizes["thumb"]["size"], - "g3_pixels" => $thumb_size, - "url" => url::site("admin/theme_options"))) ?> + array("g2_pixels" => $g2_sizes["thumb"]["size"], + "g3_pixels" => $thumb_size, + "url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?>
    • @@ -47,8 +47,8 @@
  • Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["resize"]["size"], - "g3_pixels" => $resize_size, - "url" => url::site("admin/theme_options"))) ?> + "g3_pixels" => $resize_size, + "url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?>
    • diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index 6092a9d8..c4967c52 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -30,8 +30,7 @@ class url extends url_Core { if ($parts[0] == "albums" || $parts[0] == "photos") { $uri = model_cache::get("item", $parts[1])->relative_path(); } - $url = parent::site($uri . $query, $protocol); - return SafeString::of_safe_html($url); + return parent::site($uri . $query, $protocol); } static function parse_url() { @@ -100,25 +99,4 @@ class url extends url_Core { static function abs_current($qs=false) { return self::abs_site(url::current($qs)); } - - public static function base($index=false, $protocol=false) { - $url = parent::base($index, $protocol); - return SafeString::of_safe_html($url); - } - - public static function current($qs=false) { - $url = parent::current($qs); - return SafeString::of_safe_html($url); - } - - public static function file($file, $index=false) { - $url = parent::file($file, $index); - return SafeString::of_safe_html($url); - } - - public static function merge(array $arguments) { - $url = parent::merge($arguments); - return SafeString::of_safe_html($url); - } - } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 7dc46eeb..fbb85bec 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -442,7 +442,7 @@ class graphics_Core { if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please choose a toolkit", - array("url" => url::site("admin/graphics"))), + array("url" => SafeString::of_safe_html(url::site("admin/graphics")))), "missing_graphics_toolkit"); } } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 690dc760..a2d3d59b 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -130,14 +130,14 @@ class Xss_Security_Test extends Unit_Test_Case { $token = $tokens[$token_number]; } } else if ($token[1] == "url") { - // url methods return a SafeString + // url methods return safe HTML if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && in_array($tokens[$token_number + 2][1], array("site", "current", "base", "file", "abs_site", "abs_current", "abs_file", "merge")) && self::_token_matches("(", $tokens, $token_number + 3)) { - $frame->is_safestring(true); + $frame->is_safe_html(true); $method = $tokens[$token_number + 2][1]; $frame->expr_append("::$method("); @@ -203,7 +203,8 @@ class Xss_Security_Test extends Unit_Test_Case { $state = "CLEAN"; } } else { - if ($frame->is_safestring() || $frame->purified_html_called() || $frame->for_html_called()) { + if ($frame->is_safe_html() || $frame->is_safestring() || + $frame->purified_html_called() || $frame->for_html_called()) { $state = "CLEAN"; } } @@ -259,6 +260,7 @@ class Xss_Security_Test_Frame { private $_for_html_called = false; private $_purified_html_called = false; private $_json_encode_called = false; + private $_is_safe_html = false; private $_line; function __construct($line_number, $in_script_block) { @@ -288,6 +290,13 @@ class Xss_Security_Test_Frame { return $this->_is_safestring; } + function is_safe_html($new_val=NULL) { + if ($new_val !== NULL) { + $this->_is_safe_html = (bool) $new_val; + } + return $this->_is_safe_html; + } + function json_encode_called($new_val=NULL) { if ($new_val !== NULL) { $this->_json_encode_called = (bool) $new_val; diff --git a/modules/gallery/views/admin_block_welcome.html.php b/modules/gallery/views/admin_block_welcome.html.php index 38d2bd56..c6ccdbf3 100644 --- a/modules/gallery/views/admin_block_welcome.html.php +++ b/modules/gallery/views/admin_block_welcome.html.php @@ -5,16 +5,16 @@
    • graphics and language settings.", - array("graphics_url" => url::site("admin/graphics"), - "language_url" => url::site("admin/languages"))) ?> + array("graphics_url" => SafeString::of_safe_html(url::site("admin/graphics")), + "language_url" => SafeString::of_safe_html(url::site("admin/languages")))) ?>
    • choose a theme, or customize the way it looks.", - array("theme_url" => url::site("admin/themes"), - "theme_options_url" => url::site("admin/theme_options"))) ?> + array("theme_url" => SafeString::of_safe_html(url::site("admin/themes")), + "theme_options_url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?>
    • install modules to add cool features!", - array("modules_url" => url::site("admin/modules"))) ?> + array("modules_url" => SafeString::of_safe_html(url::site("admin/modules")))) ?>
    diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index 37578855..ccc86da8 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -18,7 +18,7 @@

    Gallery is up to date.", - array("url" => url::site("albums/1"))) ?> + array("url" => SafeString::of_safe_html(url::site("albums/1")))) ?>

    diff --git a/modules/recaptcha/helpers/recaptcha.php b/modules/recaptcha/helpers/recaptcha.php index 501dd972..35d9febd 100644 --- a/modules/recaptcha/helpers/recaptcha.php +++ b/modules/recaptcha/helpers/recaptcha.php @@ -43,7 +43,7 @@ class recaptcha_Core { if (empty($public_key) || empty($private_key)) { site_status::warning( t("reCAPTCHA is not quite ready! Please configure the reCAPTCHA Keys", - array("url" => url::site("admin/recaptcha"))), + array("url" => SafeString::of_safe_html(url::site("admin/recaptcha")))), "recaptcha_config"); } else { site_status::clear("recaptcha_config"); diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 355c4493..4be04039 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -58,7 +58,7 @@ class search_Core { if ($remaining) { site_status::warning( t('Your search index needs to be updated. Fix this now', - array("url" => url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__"))), + array("url" => SafeString::of_safe_html(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date"); } } diff --git a/modules/server_add/helpers/server_add.php b/modules/server_add/helpers/server_add.php index 74f51ad9..57afac12 100644 --- a/modules/server_add/helpers/server_add.php +++ b/modules/server_add/helpers/server_add.php @@ -25,7 +25,7 @@ class server_add_Core { if (empty($paths)) { site_status::warning( t("Server Add needs configuration. Configure it now!", - array("url" => url::site("admin/server_add"))), + array("url" => SafeString::of_safe_html(url::site("admin/server_add")))), "server_add_configuration"); } else { site_status::clear("server_add_configuration"); diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 3dc7aebf..6fa92d54 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -9,7 +9,9 @@ $user->full_name ? $user->full_name : $user->name)) ?>

    - %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?> + %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", + array("site_url" => SafeString::of_safe_html(url::base(false, "http")), + "confirm_url" => $confirm_url)) ?>

    diff --git a/system/helpers/request.php b/system/helpers/request.php index 15b8edfa..4203d0e5 100644 --- a/system/helpers/request.php +++ b/system/helpers/request.php @@ -30,7 +30,7 @@ class request_Core { // Set referrer $ref = $_SERVER['HTTP_REFERER']; - if (strpos($ref, (string) url::base(FALSE)) === 0) + if (strpos($ref, url::base(FALSE)) === 0) { // Remove the base URL from the referrer $ref = substr($ref, strlen(url::base(FALSE))); -- cgit v1.2.3 From 878b9c91b234f464eb9e1a3bdfbd0e6285a1a0e7 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 29 Aug 2009 16:38:53 -0700 Subject: Remove try/catch in resize() since that will swallow any exceptions that we generate when resizing. --- modules/gallery/helpers/graphics.php | 4 ---- 1 file changed, 4 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 2892011f..a20c58dd 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -206,15 +206,11 @@ class graphics_Core { // Image would get upscaled; do nothing copy($input_file, $output_file); } else { - try { Image::factory($input_file) ->resize($options["width"], $options["height"], $options["master"]) ->quality(module::get_var("gallery", "image_quality")) ->sharpen(module::get_var("gallery", "image_sharpen")) ->save($output_file); - } catch (Exception $e) { - Kohana::log("error", $e->getMessage()); - } } module::event("graphics_resize_completed", $input_file, $output_file, $options); -- cgit v1.2.3 From effccfd41d2618cfd41ce6db0834c2298fdb42d8 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 30 Aug 2009 07:00:56 -0700 Subject: Change all instances of SafeString::of_safe_html() to html::mark_safe() in views. --- modules/akismet/helpers/akismet.php | 2 +- modules/digibug/views/admin_digibug.html.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/g2_import/views/admin_g2_import.html.php | 4 ++-- modules/gallery/controllers/admin_languages.php | 2 +- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/views/admin_block_welcome.html.php | 10 +++++----- modules/gallery/views/upgrader.html.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/search/helpers/search.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/user/views/login.html.php | 2 +- modules/user/views/reset_password.html.php | 2 +- 13 files changed, 18 insertions(+), 18 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/akismet/helpers/akismet.php b/modules/akismet/helpers/akismet.php index abca78d2..7cd598cd 100644 --- a/modules/akismet/helpers/akismet.php +++ b/modules/akismet/helpers/akismet.php @@ -94,7 +94,7 @@ class akismet_Core { if (empty($api_key)) { site_status::warning( t("Akismet is not quite ready! Please provide an API Key", - array("url" => SafeString::of_safe_html(url::site("admin/akismet")))), + array("url" => html::mark_safe(url::site("admin/akismet")))), "akismet_config"); } else { site_status::clear("akismet_config"); diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php index 5f27a3fd..c4956591 100644 --- a/modules/digibug/views/admin_digibug.html.php +++ b/modules/digibug/views/admin_digibug.html.php @@ -16,7 +16,7 @@

    register with Digibug and enter your Digibug id in the Advanced Settings page you can make money off of your photos!", array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => SafeString::of_safe_html(url::site("admin/advanced_settings")))) ?> + "advanced_settings_url" => html::mark_safe(url::site("admin/advanced_settings")))) ?>

    diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index d4e60338..9a4dbeec 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -164,7 +164,7 @@ class exif_Core { if ($remaining) { site_status::warning( t('Your Exif index needs to be updated. Fix this now', - array("url" => SafeString::of_safe_html(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_safe(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), "exif_index_out_of_date"); } } diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php index f53510f6..fde3464b 100644 --- a/modules/g2_import/views/admin_g2_import.html.php +++ b/modules/g2_import/views/admin_g2_import.html.php @@ -39,7 +39,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["thumb"]["size"], "g3_pixels" => $thumb_size, - "url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?> + "url" => html::mark_safe(url::site("admin/theme_options")))) ?> @@ -48,7 +48,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["resize"]["size"], "g3_pixels" => $resize_size, - "url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?> + "url" => html::mark_safe(url::site("admin/theme_options")))) ?> diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index 68be709e..b1bc4cff 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -111,7 +111,7 @@ class Admin_Languages_Controller extends Admin_Controller { $group->input("api_key") ->label(empty($api_key) ? t("This is a unique key that will allow you to send translations to the remote server. To get your API key go to %server-link.", - array("server-link" => SafeString::of_safe_html(html::anchor($server_link)))) + array("server-link" => html::mark_safe(html::anchor($server_link)))) : t("API Key")) ->value($api_key) ->error_messages("invalid", t("The API key you provided is invalid.")); diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index fbb85bec..cc37a193 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -442,7 +442,7 @@ class graphics_Core { if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please choose a toolkit", - array("url" => SafeString::of_safe_html(url::site("admin/graphics")))), + array("url" => html::mark_safe(url::site("admin/graphics")))), "missing_graphics_toolkit"); } } diff --git a/modules/gallery/views/admin_block_welcome.html.php b/modules/gallery/views/admin_block_welcome.html.php index c6ccdbf3..71ef4368 100644 --- a/modules/gallery/views/admin_block_welcome.html.php +++ b/modules/gallery/views/admin_block_welcome.html.php @@ -5,16 +5,16 @@
    • graphics and language settings.", - array("graphics_url" => SafeString::of_safe_html(url::site("admin/graphics")), - "language_url" => SafeString::of_safe_html(url::site("admin/languages")))) ?> + array("graphics_url" => html::mark_safe(url::site("admin/graphics")), + "language_url" => html::mark_safe(url::site("admin/languages")))) ?>
    • choose a theme, or customize the way it looks.", - array("theme_url" => SafeString::of_safe_html(url::site("admin/themes")), - "theme_options_url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?> + array("theme_url" => html::mark_safe(url::site("admin/themes")), + "theme_options_url" => html::mark_safe(url::site("admin/theme_options")))) ?>
    • install modules to add cool features!", - array("modules_url" => SafeString::of_safe_html(url::site("admin/modules")))) ?> + array("modules_url" => html::mark_safe(url::site("admin/modules")))) ?>
    diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index ccc86da8..de6ce0e7 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -18,7 +18,7 @@

    Gallery is up to date.", - array("url" => SafeString::of_safe_html(url::site("albums/1")))) ?> + array("url" => html::mark_safe(url::site("albums/1")))) ?>

    diff --git a/modules/recaptcha/helpers/recaptcha.php b/modules/recaptcha/helpers/recaptcha.php index 35d9febd..5ac65661 100644 --- a/modules/recaptcha/helpers/recaptcha.php +++ b/modules/recaptcha/helpers/recaptcha.php @@ -43,7 +43,7 @@ class recaptcha_Core { if (empty($public_key) || empty($private_key)) { site_status::warning( t("reCAPTCHA is not quite ready! Please configure the reCAPTCHA Keys", - array("url" => SafeString::of_safe_html(url::site("admin/recaptcha")))), + array("url" => html::mark_safe(url::site("admin/recaptcha")))), "recaptcha_config"); } else { site_status::clear("recaptcha_config"); diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 4be04039..5e23a04b 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -58,7 +58,7 @@ class search_Core { if ($remaining) { site_status::warning( t('Your search index needs to be updated. Fix this now', - array("url" => SafeString::of_safe_html(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_safe(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date"); } } diff --git a/modules/server_add/helpers/server_add.php b/modules/server_add/helpers/server_add.php index 57afac12..a84e1afd 100644 --- a/modules/server_add/helpers/server_add.php +++ b/modules/server_add/helpers/server_add.php @@ -25,7 +25,7 @@ class server_add_Core { if (empty($paths)) { site_status::warning( t("Server Add needs configuration. Configure it now!", - array("url" => SafeString::of_safe_html(url::site("admin/server_add")))), + array("url" => html::mark_safe(url::site("admin/server_add")))), "server_add_configuration"); } else { site_status::clear("server_add_configuration"); diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index 85f673ce..dfd09661 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -8,7 +8,7 @@
  • - SafeString::of_safe_html( + html::mark_safe( 'id}") . '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 6fa92d54..4097bb82 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -10,7 +10,7 @@

    %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", - array("site_url" => SafeString::of_safe_html(url::base(false, "http")), + array("site_url" => html::mark_safe(url::base(false, "http")), "confirm_url" => $confirm_url)) ?>

    -- cgit v1.2.3 From ddb84c84e16766c6b79bd7fea61532257e83ef8b Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Mon, 31 Aug 2009 00:42:18 -0700 Subject: Rename mark_safe() to mark_clean() --- modules/akismet/helpers/akismet.php | 2 +- modules/digibug/views/admin_digibug.html.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/g2_import/views/admin_g2_import.html.php | 4 ++-- modules/gallery/controllers/admin_languages.php | 2 +- modules/gallery/helpers/MY_html.php | 6 +++--- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/tests/Html_Helper_Test.php | 4 ++-- modules/gallery/tests/Xss_Security_Test.php | 2 +- modules/gallery/views/admin_block_welcome.html.php | 10 +++++----- modules/gallery/views/permissions_browse.html.php | 2 +- modules/gallery/views/upgrader.html.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/search/helpers/search.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/user/views/login.html.php | 2 +- modules/user/views/reset_password.html.php | 2 +- 17 files changed, 25 insertions(+), 25 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/akismet/helpers/akismet.php b/modules/akismet/helpers/akismet.php index 7cd598cd..acd5cb3e 100644 --- a/modules/akismet/helpers/akismet.php +++ b/modules/akismet/helpers/akismet.php @@ -94,7 +94,7 @@ class akismet_Core { if (empty($api_key)) { site_status::warning( t("Akismet is not quite ready! Please provide an API Key", - array("url" => html::mark_safe(url::site("admin/akismet")))), + array("url" => html::mark_clean(url::site("admin/akismet")))), "akismet_config"); } else { site_status::clear("akismet_config"); diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php index c4956591..9a1838f7 100644 --- a/modules/digibug/views/admin_digibug.html.php +++ b/modules/digibug/views/admin_digibug.html.php @@ -16,7 +16,7 @@

    register with Digibug and enter your Digibug id in the Advanced Settings page you can make money off of your photos!", array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => html::mark_safe(url::site("admin/advanced_settings")))) ?> + "advanced_settings_url" => html::mark_clean(url::site("admin/advanced_settings")))) ?>

    diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index 9a4dbeec..83540622 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -164,7 +164,7 @@ class exif_Core { if ($remaining) { site_status::warning( t('Your Exif index needs to be updated. Fix this now', - array("url" => html::mark_safe(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_clean(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), "exif_index_out_of_date"); } } diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php index fde3464b..23ff27a8 100644 --- a/modules/g2_import/views/admin_g2_import.html.php +++ b/modules/g2_import/views/admin_g2_import.html.php @@ -39,7 +39,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["thumb"]["size"], "g3_pixels" => $thumb_size, - "url" => html::mark_safe(url::site("admin/theme_options")))) ?> + "url" => html::mark_clean(url::site("admin/theme_options")))) ?>
    • @@ -48,7 +48,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["resize"]["size"], "g3_pixels" => $resize_size, - "url" => html::mark_safe(url::site("admin/theme_options")))) ?> + "url" => html::mark_clean(url::site("admin/theme_options")))) ?> diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index d85c47f9..894daedb 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -111,7 +111,7 @@ class Admin_Languages_Controller extends Admin_Controller { $group->input("api_key") ->label(empty($api_key) ? t("This is a unique key that will allow you to send translations to the remote server. To get your API key go to %server-link.", - array("server-link" => html::mark_safe(html::anchor($server_link)))) + array("server-link" => html::mark_clean(html::anchor($server_link)))) : t("API Key")) ->value($api_key) ->error_messages("invalid", t("The API key you provided is invalid.")); diff --git a/modules/gallery/helpers/MY_html.php b/modules/gallery/helpers/MY_html.php index 4522d01c..b29f287f 100644 --- a/modules/gallery/helpers/MY_html.php +++ b/modules/gallery/helpers/MY_html.php @@ -51,12 +51,12 @@ class html extends html_Core { * * Example:
        *   // Parameters to t() are automatically escaped by default.
-   *   // If the parameter is marked as safe, it won't get escaped.
+   *   // If the parameter is marked as clean, it won't get escaped.
    *   t('Go there',
-   *     array("url" => html::mark_safe(url::current())))
+   *     array("url" => html::mark_clean(url::current())))
    *
    */ - static function mark_safe($html) { + static function mark_clean($html) { return SafeString::of_safe_html($html); } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 787f8dc3..acbcb9b2 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -443,7 +443,7 @@ class graphics_Core { if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please choose a toolkit", - array("url" => html::mark_safe(url::site("admin/graphics")))), + array("url" => html::mark_clean(url::site("admin/graphics")))), "missing_graphics_toolkit"); } } diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php index 3623705e..bfce6dcf 100644 --- a/modules/gallery/tests/Html_Helper_Test.php +++ b/modules/gallery/tests/Html_Helper_Test.php @@ -32,8 +32,8 @@ class Html_Helper_Test extends Unit_Test_Case { $this->assert_true($safe_string instanceof SafeString); } - public function mark_safe_test() { - $safe_string = html::mark_safe("hello

    world

    "); + public function mark_clean_test() { + $safe_string = html::mark_clean("hello

    world

    "); $this->assert_true($safe_string instanceof SafeString); $safe_string_2 = html::clean($safe_string); $this->assert_equal("hello

    world

    ", diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index ef36f6b7..0ba5a587 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -195,7 +195,7 @@ class Xss_Security_Test extends Unit_Test_Case { in_array($tokens[$token_number + 2][1], array("clean", "purify", "js_string", "clean_attribute")) && self::_token_matches("(", $tokens, $token_number + 3)) { - // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). + // Not checking for mark_clean(). We want such calls to be marked dirty (thus reviewed). $method = $tokens[$token_number + 2][1]; $frame->expr_append("::$method("); diff --git a/modules/gallery/views/admin_block_welcome.html.php b/modules/gallery/views/admin_block_welcome.html.php index 71ef4368..d8c96187 100644 --- a/modules/gallery/views/admin_block_welcome.html.php +++ b/modules/gallery/views/admin_block_welcome.html.php @@ -5,16 +5,16 @@
    • graphics and language settings.", - array("graphics_url" => html::mark_safe(url::site("admin/graphics")), - "language_url" => html::mark_safe(url::site("admin/languages")))) ?> + array("graphics_url" => html::mark_clean(url::site("admin/graphics")), + "language_url" => html::mark_clean(url::site("admin/languages")))) ?>
    • choose a theme, or customize the way it looks.", - array("theme_url" => html::mark_safe(url::site("admin/themes")), - "theme_options_url" => html::mark_safe(url::site("admin/theme_options")))) ?> + array("theme_url" => html::mark_clean(url::site("admin/themes")), + "theme_options_url" => html::mark_clean(url::site("admin/theme_options")))) ?>
    • install modules to add cool features!", - array("modules_url" => html::mark_safe(url::site("admin/modules")))) ?> + array("modules_url" => html::mark_clean(url::site("admin/modules")))) ?>
    diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 231daa04..b9af9117 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -29,7 +29,7 @@
    • mod_rewrite and set AllowOverride FileInfo Options to fix this.", - array("mod_rewrite_attrs" => html::mark_safe("href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\""))) ?> + array("mod_rewrite_attrs" => html::mark_clean("href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\""))) ?>
    diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index de6ce0e7..04200920 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -18,7 +18,7 @@

    Gallery is up to date.", - array("url" => html::mark_safe(url::site("albums/1")))) ?> + array("url" => html::mark_clean(url::site("albums/1")))) ?>

    diff --git a/modules/recaptcha/helpers/recaptcha.php b/modules/recaptcha/helpers/recaptcha.php index 5ac65661..bead6156 100644 --- a/modules/recaptcha/helpers/recaptcha.php +++ b/modules/recaptcha/helpers/recaptcha.php @@ -43,7 +43,7 @@ class recaptcha_Core { if (empty($public_key) || empty($private_key)) { site_status::warning( t("reCAPTCHA is not quite ready! Please configure the reCAPTCHA Keys", - array("url" => html::mark_safe(url::site("admin/recaptcha")))), + array("url" => html::mark_clean(url::site("admin/recaptcha")))), "recaptcha_config"); } else { site_status::clear("recaptcha_config"); diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 5e23a04b..0080b4ce 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -58,7 +58,7 @@ class search_Core { if ($remaining) { site_status::warning( t('Your search index needs to be updated. Fix this now', - array("url" => html::mark_safe(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_clean(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date"); } } diff --git a/modules/server_add/helpers/server_add.php b/modules/server_add/helpers/server_add.php index a84e1afd..27794855 100644 --- a/modules/server_add/helpers/server_add.php +++ b/modules/server_add/helpers/server_add.php @@ -25,7 +25,7 @@ class server_add_Core { if (empty($paths)) { site_status::warning( t("Server Add needs configuration. Configure it now!", - array("url" => html::mark_safe(url::site("admin/server_add")))), + array("url" => html::mark_clean(url::site("admin/server_add")))), "server_add_configuration"); } else { site_status::clear("server_add_configuration"); diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index dfd09661..27431ce8 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -8,7 +8,7 @@
  • - html::mark_safe( + html::mark_clean( 'id}") . '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 4097bb82..92ca4917 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -10,7 +10,7 @@

    %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", - array("site_url" => html::mark_safe(url::base(false, "http")), + array("site_url" => html::mark_clean(url::base(false, "http")), "confirm_url" => $confirm_url)) ?>

    -- cgit v1.2.3 From 8312eb116e65195e3fc70d59b3b0817b9c807287 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Mon, 31 Aug 2009 02:12:01 -0700 Subject: XSS review fixes (mostly adding missing html::mark_clean()) calls. --- modules/akismet/controllers/admin_akismet.php | 3 +- .../controllers/admin_advanced_settings.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 2 +- modules/gallery/controllers/albums.php | 238 ++++++++++----------- modules/gallery/controllers/photos.php | 3 +- modules/gallery/helpers/graphics.php | 4 +- modules/notification/controllers/notification.php | 4 +- modules/slideshow/helpers/slideshow_event.php | 2 +- 8 files changed, 130 insertions(+), 128 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/akismet/controllers/admin_akismet.php b/modules/akismet/controllers/admin_akismet.php index 9ba89bd4..ca3a1473 100644 --- a/modules/akismet/controllers/admin_akismet.php +++ b/modules/akismet/controllers/admin_akismet.php @@ -45,7 +45,8 @@ class Admin_Akismet_Controller extends Admin_Controller { message::success(t("Your Akismet key has been saved.")); } - log::success("akismet", t("Akismet key changed to $new_key")); + log::success("akismet", t("Akismet key changed to %new_key", + array("new_key" => $new_key))); module::set_var("akismet", "api_key", $new_key); akismet::check_config(); url::redirect("admin/akismet"); diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 43c77340..79bc1183 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success( t("Saved value for %var (%module_name)", - array("var" => html::clean($var_name), "module_name" => $module_name))); + array("var" => $var_name, "module_name" => $module_name))); print json_encode(array("result" => "success")); } diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 543961a1..66bcce55 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -34,7 +34,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { "%count tasks are stalled", $stalled_count), t('view', - array("url" => url::site("admin/maintenance")))); + array("url" => html::mark_clean(url::site("admin/maintenance"))))); } $view = new Admin_View("admin.html"); diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index ec3eb426..78f12c80 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -1,118 +1,118 @@ -id == 1) { - $view = new Theme_View("page.html", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = user::get_login_form("login/auth_html"); - print $view; - return; - } else { - access::forbidden(); - } - } - - $show = $this->input->get("show"); - - if ($show) { - $index = $album->get_position($show); - $page = ceil($index / $page_size); - if ($page == 1) { - url::redirect("albums/$album->id"); - } else { - url::redirect("albums/$album->id?page=$page"); - } - } - - $page = $this->input->get("page", "1"); - $children_count = $album->viewable()->children_count(); - $offset = ($page - 1) * $page_size; - $max_pages = max(ceil($children_count / $page_size), 1); - - // Make sure that the page references a valid offset - if ($page < 1) { - url::redirect("albums/$album->id"); - } else if ($page > $max_pages) { - url::redirect("albums/$album->id?page=$max_pages"); - } - - $template = new Theme_View("page.html", "album"); - $template->set_global("page_size", $page_size); - $template->set_global("item", $album); - $template->set_global("children", $album->viewable()->children($page_size, $offset)); - $template->set_global("children_count", $children_count); - $template->set_global("parents", $album->parents()); - $template->content = new View("album.html"); - - // We can't use math in ORM or the query builder, so do this by hand. It's important - // that we do this with math, otherwise concurrent accesses will damage accuracy. - Database::instance()->query( - "UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id"); - - print $template; - } - - /** - * @see REST_Controller::_create($resource) - */ - public function _create($album) { - access::verify_csrf(); - access::required("view", $album); - access::required("add", $album); - - switch ($this->input->post("type")) { - case "album": - return $this->_create_album($album); - - case "photo": - return $this->_create_photo($album); - - default: - access::forbidden(); - } - } - - private function _create_album($album) { - access::required("view", $album); - access::required("add", $album); - - $form = album::get_add_form($album); - if ($form->validate()) { - $new_album = album::create( - $album, - $this->input->post("name"), - $this->input->post("title", $this->input->post("name")), - $this->input->post("description"), - user::active()->id); - - log::success("content", "Created an album", - html::anchor("albums/$new_album->id", "view album")); - message::success( - t("Created album %album_title", array("album_title" => $new_album->title))); + id == 1) { + $view = new Theme_View("page.html", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = user::get_login_form("login/auth_html"); + print $view; + return; + } else { + access::forbidden(); + } + } + + $show = $this->input->get("show"); + + if ($show) { + $index = $album->get_position($show); + $page = ceil($index / $page_size); + if ($page == 1) { + url::redirect("albums/$album->id"); + } else { + url::redirect("albums/$album->id?page=$page"); + } + } + + $page = $this->input->get("page", "1"); + $children_count = $album->viewable()->children_count(); + $offset = ($page - 1) * $page_size; + $max_pages = max(ceil($children_count / $page_size), 1); + + // Make sure that the page references a valid offset + if ($page < 1) { + url::redirect("albums/$album->id"); + } else if ($page > $max_pages) { + url::redirect("albums/$album->id?page=$max_pages"); + } + + $template = new Theme_View("page.html", "album"); + $template->set_global("page_size", $page_size); + $template->set_global("item", $album); + $template->set_global("children", $album->viewable()->children($page_size, $offset)); + $template->set_global("children_count", $children_count); + $template->set_global("parents", $album->parents()); + $template->content = new View("album.html"); + + // We can't use math in ORM or the query builder, so do this by hand. It's important + // that we do this with math, otherwise concurrent accesses will damage accuracy. + Database::instance()->query( + "UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id"); + + print $template; + } + + /** + * @see REST_Controller::_create($resource) + */ + public function _create($album) { + access::verify_csrf(); + access::required("view", $album); + access::required("add", $album); + + switch ($this->input->post("type")) { + case "album": + return $this->_create_album($album); + + case "photo": + return $this->_create_photo($album); + + default: + access::forbidden(); + } + } + + private function _create_album($album) { + access::required("view", $album); + access::required("add", $album); + + $form = album::get_add_form($album); + if ($form->validate()) { + $new_album = album::create( + $album, + $this->input->post("name"), + $this->input->post("title", $this->input->post("name")), + $this->input->post("description"), + user::active()->id); + + log::success("content", "Created an album", + html::anchor("albums/$new_album->id", "view album")); + message::success(t("Created album %album_title", + array("album_title" => html::purify($new_album->title)))); print json_encode( array("result" => "success", @@ -144,8 +144,8 @@ class Albums_Controller extends Items_Controller { user::active()->id); log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo")); - message::success( - t("Added photo %photo_title", array("photo_title" => $photo->title))); + message::success(t("Added photo %photo_title", + array("photo_title" => html::purify($photo->title)))); print json_encode( array("result" => "success", @@ -193,8 +193,8 @@ class Albums_Controller extends Items_Controller { module::event("item_edit_form_completed", $album, $form); log::success("content", "Updated album", "id\">view"); - message::success( - t("Saved album %album_title", array("album_title" => $album->title))); + message::success(t("Saved album %album_title", + array("album_title" => html::purify($album->title)))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 3447b4c6..3b9662c7 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -86,7 +86,8 @@ class Photos_Controller extends Items_Controller { log::success("content", "Updated photo", "id\">view"); message::success( - t("Saved photo %photo_title", array("photo_title" => $photo->title))); + t("Saved photo %photo_title", + array("photo_title" => html::purify($photo->title)))); print json_encode( array("result" => "success", diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index acbcb9b2..521dc5a4 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -326,9 +326,9 @@ class graphics_Core { t2("One of your photos is out of date. Click here to fix it", "%count of your photos are out of date. Click here to fix them", $count, - array("attrs" => sprintf( + array("attrs" => html::mark_clean(sprintf( 'href="%s" class="gDialogLink"', - url::site("admin/maintenance/start/gallery_task::rebuild_dirty_images?csrf=__CSRF__")))), + url::site("admin/maintenance/start/gallery_task::rebuild_dirty_images?csrf=__CSRF__"))))), "graphics_dirty"); } } diff --git a/modules/notification/controllers/notification.php b/modules/notification/controllers/notification.php index ffb4b46a..5745de5d 100644 --- a/modules/notification/controllers/notification.php +++ b/modules/notification/controllers/notification.php @@ -26,10 +26,10 @@ class Notification_Controller extends Controller { if (notification::is_watching($item)) { notification::remove_watch($item); - message::success(sprintf(t("You are no longer watching %s"), $item->title)); + message::success(sprintf(t("You are no longer watching %s"), html::purify($item->title))); } else { notification::add_watch($item); - message::success(sprintf(t("You are now watching %s"), $item->title)); + message::success(sprintf(t("You are now watching %s"), html::purify($item->title))); } url::redirect($item->url(array(), true)); } diff --git a/modules/slideshow/helpers/slideshow_event.php b/modules/slideshow/helpers/slideshow_event.php index 1b881de4..77e296e8 100644 --- a/modules/slideshow/helpers/slideshow_event.php +++ b/modules/slideshow/helpers/slideshow_event.php @@ -23,7 +23,7 @@ class slideshow_event_Core { site_status::warning( t("The Slideshow module requires the RSS module. " . "Activate the RSS module now", - array("url" => url::site("admin/modules"))), + array("url" => html::mark_clean(url::site("admin/modules")))), "slideshow_needs_rss"); } else { site_status::clear("slideshow_needs_rss"); -- cgit v1.2.3 From b9293755c03a6bf55a33732968481aa7a73fcce0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 2 Sep 2009 11:57:20 -0700 Subject: Deal with the aftermath of adding sharpen() calls. Since GD does not support it, this causes crashes as soon as you try to use it, which breaks a bunch of our tests. Also, give the user some idea that sharpen() is missing in the UI. Fixes #689. --- modules/gallery/helpers/graphics.php | 37 ++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 521dc5a4..66182a68 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -206,11 +206,13 @@ class graphics_Core { // Image would get upscaled; do nothing copy($input_file, $output_file); } else { - Image::factory($input_file) + $image = Image::factory($input_file) ->resize($options["width"], $options["height"], $options["master"]) - ->quality(module::get_var("gallery", "image_quality")) - ->sharpen(module::get_var("gallery", "image_sharpen")) - ->save($output_file); + ->quality(module::get_var("gallery", "image_quality")); + if (graphics::can("sharpen")) { + $image->sharpen(module::get_var("gallery", "image_sharpen")); + } + $image->save($output_file); } module::event("graphics_resize_completed", $input_file, $output_file, $options); @@ -352,13 +354,22 @@ class graphics_Core { $toolkits->gd->installed = true; $toolkits->gd->version = $gd["GD Version"]; $toolkits->gd->rotate = function_exists("imagerotate"); + $toolkits->gd->sharpen = function_exists("imageconvolution"); $toolkits->gd->binary = ""; $toolkits->gd->dir = ""; - if (!$toolkits->gd->rotate) { + if (!$toolkits->gd->rotate && !$toolkits->gd->sharpen) { + $toolkits->gd->error = + t("You have GD version %version, but it lacks image rotation and sharpening.", + array("version" => $gd["GD Version"])); + } else if (!$toolkits->gd->rotate) { $toolkits->gd->error = t("You have GD version %version, but it lacks image rotation.", array("version" => $gd["GD Version"])); + } else if (!$toolkits->gd->sharpen) { + $toolkits->gd->error = + t("You have GD version %version, but it lacks image sharpening.", + array("version" => $gd["GD Version"])); } } @@ -387,6 +398,7 @@ class graphics_Core { $toolkits->imagemagick->binary = $path; $toolkits->imagemagick->dir = dirname($path); $toolkits->imagemagick->rotate = true; + $toolkits->imagemagick->sharpen = true; } else { $toolkits->imagemagick->installed = false; $toolkits->imagemagick->error = @@ -411,6 +423,7 @@ class graphics_Core { $toolkits->graphicsmagick->binary = $path; $toolkits->graphicsmagick->dir = dirname($path); $toolkits->graphicsmagick->rotate = true; + $toolkits->graphicsmagick->sharpen = true; } else { $toolkits->graphicsmagick->installed = false; $toolkits->graphicsmagick->error = @@ -475,14 +488,18 @@ class graphics_Core { /** * Verify that a specific graphics function is available with the active toolkit. - * @param string $func (eg rotate, resize) + * @param string $func (eg rotate, sharpen) * @return boolean */ static function can($func) { - if (module::get_var("gallery", "graphics_toolkit") == "gd" && - $func == "rotate" && - !function_exists("imagerotate")) { - return false; + if (module::get_var("gallery", "graphics_toolkit") == "gd") { + switch ($func) { + case "rotate": + return function_exists("imagerotate"); + + case "sharpen": + return function_exists("imageconvolution"); + } } return true; -- cgit v1.2.3 From 9237ab9bc1e7b3286ceecd5bf6b03cdbfcfa98a5 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 2 Sep 2009 15:29:00 -0700 Subject: Change graphics::generate() API so that it doesn't return a boolean, instead it throws an exception if there's a problem. The normal case for graphics::generate is that it's going to succeed. It'll only fail if something un-handleable went wrong, so just use the resulting exception. --- modules/gallery/helpers/gallery_task.php | 11 ++++++----- modules/gallery/helpers/graphics.php | 10 ++++------ modules/gallery/helpers/photo.php | 6 ++++-- 3 files changed, 14 insertions(+), 13 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index c9557324..1b56ab97 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -60,14 +60,15 @@ class gallery_task_Core { $item = ORM::factory("item", $row->id); if ($item->loaded) { - $success = graphics::generate($item); - if (!$success) { + try { + graphics::generate($item); $ignored[$item->id] = 1; - $errors[] = t("Unable to rebuild images for '%title'", - array("title" => html::purify($item->title))); - } else { $errors[] = t("Successfully rebuilt images for '%title'", array("title" => html::purify($item->title))); + } catch (Exception $e) { + $errors[] = t("Unable to rebuild images for '%title'", + array("title" => html::purify($item->title))); + $errors[] = $e->__toString(); } } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 66182a68..78812794 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -102,12 +102,12 @@ class graphics_Core { /** * Rebuild the thumb and resize for the given item. * @param Item_Model $item - * @return true on successful generation */ static function generate($item) { if ($item->is_album()) { if (!$cover = $item->album_cover()) { - return false; + // This album has no cover; there's nothing to generate. + return; } $input_file = $cover->file_path(); $input_item = $cover; @@ -127,7 +127,7 @@ class graphics_Core { $item->thumb_dirty = 0; $item->resize_dirty = 0; $item->save(); - return true; + return; } try { @@ -176,10 +176,8 @@ class graphics_Core { // @todo we should handle this better. Kohana::log("error", "Caught exception rebuilding image: {$item->title}\n" . $e->getMessage() . "\n" . $e->getTraceAsString()); - return false; + throw $e; } - - return true; } /** diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 96a66d29..40b645a2 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -111,9 +111,11 @@ class photo_Core { // Build our thumbnail/resizes. If we fail to build thumbnail/resize we assume that the image // is bad in some way and discard it. - if (!graphics::generate($photo)) { + try { + graphics::generate($photo); + } catch (Exception $e) { $photo->delete(); - throw new Exception("@todo BAD_IMAGE_FILE"); + throw $e; } // If the parent has no cover item, make this it. -- cgit v1.2.3