From 97c3ded2bae24fa18801c94548d1cfd97e19cf2a Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Wed, 18 May 2011 22:01:51 -0600 Subject: Better validation for uploaded files, especially where third-party modules might make a mistake. Squashed commit of the following: commit f2336a5aaa0eb797f252388ecd7b93a82f9646fd Author: Chad Parry Date: Wed May 18 21:56:10 2011 -0600 Behave reasonably if the image cannot be resized. commit e06b20738d0e0bdb80bae68b7fec2b3746192f6e Author: Chad Parry Date: Wed May 18 21:10:08 2011 -0600 Adding an image representing a broken thumbnail. This image was derived from the equivalent Gallery2 icon. It uses the same washed-out gray color scheme as the Gallery3 missing_movie icon. commit 4e3964527b66d8ccd76fb261d549cd9861a7a780 Author: Chad Parry Date: Wed May 18 20:30:28 2011 -0600 Initialize legal file arrays correctly. commit e9862d8fbc4d6fd06abf157f48dce671a7283993 Author: Chad Parry Date: Wed May 18 20:20:19 2011 -0600 Correction for the merge conflict markers I accidentally committed. commit 5e62d327a8dc477d3edea99826183548aca3e7f3 Author: Chad Parry Date: Wed May 18 20:17:36 2011 -0600 Expand the legal_file events to include separate photo and movie events, and to support MIME types. commit f0bfd1fef0b6d17da9a491f7c724ae53491926a2 Merge: 72f3fc4 db73413 Author: Chad Parry Date: Wed May 18 19:49:25 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto Conflicts: modules/gallery/helpers/system.php modules/gallery/tests/System_Helper_Test.php commit db734130c5fe10408040b2326b28b102f3131271 Author: Automatic Build Number Updater Date: Mon May 16 21:38:07 2011 -0700 Automated update of .build_number to 153 for branch master Last update: 9aeb824aa1d15bd94bd7cef0a322c4e8a667e67b (1 commits ago) commit 8549ba30ca5045211d2efcf8e1c4f98f8a1e9f25 Author: Chad Kieffer Date: Mon May 16 22:37:09 2011 -0600 Stop IE 9 album grid craziness. Thanks floridave. Fixes #1430. commit 9aeb824aa1d15bd94bd7cef0a322c4e8a667e67b Author: Automatic Build Number Updater Date: Sun May 8 11:43:38 2011 -0700 Automated update of .build_number to 152 for branch master Last update: 7c80e6ef84b460dcade80c4dd5a65b41b0523505 (1 commits ago) commit 57f7e42a128848d73ad2a7ac0bf9df2fee6ba8b8 Author: Bharat Mediratta Date: Sun May 8 11:42:40 2011 -0700 Add the item id to the print_proxy line so that we have a little more info about what the original was, and extend the timeout to 90 days from 10. Fixes #1733. commit 7c80e6ef84b460dcade80c4dd5a65b41b0523505 Author: Automatic Build Number Updater Date: Fri May 6 11:48:43 2011 -0700 Automated update of .build_number to 151 for branch master Last update: 5d09cbff048fc2f457c8b19adb2177a12445890a (1 commits ago) commit 80dda6f64fd26f373cc138a199652099accceb26 Merge: 5d09cbf 46da011 Author: Bharat Mediratta Date: Fri May 6 11:48:13 2011 -0700 Merge pull request #52 from chadparry/tempnam Fixes #1732 commit 5d09cbff048fc2f457c8b19adb2177a12445890a Author: Automatic Build Number Updater Date: Thu May 5 21:53:39 2011 -0700 Automated update of .build_number to 150 for branch master Last update: 011eaa6480cbee8d328a31c9ac5c8e0ddc1f8a84 (1 commits ago) commit d5a31ceedee5841531f57342266746bb62d7d923 Author: Tim Almdal Date: Thu May 5 21:53:10 2011 -0700 Fix for ticket 1275. Do the same checking as Kohana uses and don't worry about calling the utf8_encode routine. Corrected the error messages and also added a check to insure the XML Parser extension is loaded as we still need the utf8_encode function from it. commit 011eaa6480cbee8d328a31c9ac5c8e0ddc1f8a84 Author: Automatic Build Number Updater Date: Thu May 5 14:53:06 2011 -0700 Automated update of .build_number to 149 for branch master Last update: 05ecfda36b7acee7f8d36df8391ba960097178a8 (1 commits ago) commit 5bae21864f54a03b557ab349cf97ba5f1d4276dc Author: Bharat Mediratta Date: Thu May 5 14:52:47 2011 -0700 Follow-on to 6f916e49d5b431c2c1961a13d1a61fef8c02d628 -- don't make database calls if Gallery isn't installed, else we fail to bounce the user to the installer on fresh packages. #1637. commit 46da011bf69bbc4e45757feda8f0d28e91e7fb6a Author: Chad Parry Date: Wed May 4 17:51:00 2011 -0600 Remove a newline I accidentally introduced. commit 5c6c71ffcdea354b5b9b30aaea2c1f92c8860d42 Merge: d2331bf 05ecfda Author: Chad Parry Date: Wed May 4 17:49:42 2011 -0600 Merge branch 'master' into tempnam commit d2331bf43457a8d33491921f106879f087438171 Author: Chad Parry Date: Wed May 4 17:48:25 2011 -0600 Simplified the temp_filename implementation and removed the mocks. commit 72f3fc46f6c7c9043e730063051ecfd88bf314c8 Author: Chad Parry Date: Wed May 4 17:22:15 2011 -0600 Avoid "self::" because Kohana can't override it. commit 05ecfda36b7acee7f8d36df8391ba960097178a8 Author: Automatic Build Number Updater Date: Mon May 2 21:38:50 2011 -0700 Automated update of .build_number to 148 for branch master Last update: 97400b78153620262120868b37545170416413c9 (2 commits ago) commit 229bfc5c7c760c53d1357503fd61bf9a165acf6e Author: Bharat Mediratta Date: Mon May 2 21:37:04 2011 -0700 Track and redirect core.DownloadItem requests properly. This can happen if the G2 was imported with rewrite on, so the g2_url in the g2_map table has a shortened url, but then rewrite is disabled and the .htaccess mod_rewrite rules are sending over a &g2_view=core.DownloadItem request. Fixes #1728. commit 68370b92f5f6fa68744655f8c68b4b0ca59bf4fd Author: Bharat Mediratta Date: Mon May 2 21:36:17 2011 -0700 Map the G2 album highlight thumbnail derivative id to the G3 album's thumbnail. Fixes #1729. commit 13dbd3515bfb5324cfbcb3bbeafc179771b54f75 Merge: f0f094c 97400b7 Author: Chad Parry Date: Sat Apr 30 20:33:02 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit f0f094c3f79b09536f58083681c28f73271c506d Author: Chad Parry Date: Sat Apr 30 20:22:49 2011 -0600 Explain the conditional rename in item::save() with a comment. commit 1b3a6b85c156e4777d2aa8205b130984f55dc66d Author: Chad Parry Date: Sat Apr 30 18:29:34 2011 -0600 Improve the comment explaining why the data_file extension is important. commit c3e8c1e3b5e3cb1046acd4c923bb0ae9dbcd603a Author: Chad Parry Date: Sat Apr 30 18:12:56 2011 -0600 The data_file field is public, so we don't need to supply an accessor method. commit 0e844766baf3b3875cbb2d84579626e05e879420 Author: Chad Parry Date: Sat Apr 30 16:40:55 2011 -0600 Change the signature of system::tempnam to something more appropriate for Gallery. commit 5c9a3b3f39f6ff0d5c84c2cf283d27eaebe2e66e Author: Chad Parry Date: Sat Apr 23 21:19:47 2011 -0600 Create a tempnam substitute that safely creates files with a given extension. commit 2375a02e2cdbd1ccaf7dc4d3db9d85119972e3a9 Author: Chad Parry Date: Sat Apr 30 16:40:55 2011 -0600 Change the signature of system::tempnam to something more appropriate for Gallery. commit a8ca9dcf9edd54633c0c78b3af76aa974d38fc64 Author: Chad Parry Date: Sat Apr 30 16:10:06 2011 -0600 Change the name of the extensions helper to legal_file. commit 7e61a01a96f5eab7212dba754ac64fdfb4d9e8ab Author: Chad Parry Date: Sat Apr 30 16:08:49 2011 -0600 Change the name of the extensions helper to legal_file. commit 4c2b2ebd3f2052898fbfb175650ed4cf49c8006e Author: Chad Parry Date: Wed Apr 27 20:52:35 2011 -0600 Remove a newline at the end of the file that I accidentally introduced. commit 6d564f185e5279d6cca9a7385066514ff18a2455 Merge: 7ff485f 4060640 Author: Chad Parry Date: Wed Apr 27 20:35:58 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit 7ff485fa48c392bbbb0370f67cb1bd6fcc00c2a4 Author: Chad Parry Date: Wed Apr 27 20:29:06 2011 -0600 Move the extensions helpers out of the Kohana system directory and into their own Gallery Extensions class. commit 26585fed03236f0f70a75959e1d3002025f4e15e Merge: 809567f c8f90e8 Author: Chad Parry Date: Sun Apr 24 08:28:39 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit 809567f12850f59bdeb47a2963f6968b99b5a201 Author: Chad Parry Date: Sun Apr 24 08:10:04 2011 -0600 Expose the data file field. commit fcb06bf175bb9eeff36d9c294e97ace9374ef0f3 Author: Chad Parry Date: Sun Apr 24 00:45:12 2011 -0600 Don't assign to the item->name field if the name is unchanged, because the save method will crash. commit c6ef706d70c7e48bea1145eec1b13fb5683e023f Author: Chad Parry Date: Sat Apr 23 22:55:59 2011 -0600 Preserve old data files long enough for them to be available to event handlers. commit 0d6a3a3cfc4f38f450db9e18da47a5e2ad826af8 Author: Chad Parry Date: Sat Apr 23 21:19:47 2011 -0600 Create a tempnam substitute that safely creates files with a given extension. commit e149cf7238a1f8eaddfc68580f2d636dd8255795 Author: Chad Parry Date: Sat Apr 23 16:39:25 2011 -0600 Support data files that change their extension and MIME type. commit 6702104f571413e4d57db3515b2070c48d3e9b55 Author: Chad Parry Date: Sat Apr 23 16:35:00 2011 -0600 Resolve an infinite recursion that happens when the path caches are updated during saving. commit 944cb72eea946f4c45a04b7e4c7c33929fa8b9f3 Merge: 567522b 5af74d4 Author: Chad Parry Date: Fri Apr 22 14:10:42 2011 -0600 Merge remote branch 'origin/master' into rawphoto commit 567522bfa08c370bb5baf8454afc5b04bc9e49b4 Author: Chad Parry Date: Thu Apr 21 20:12:32 2011 -0600 Add an event for when a new graphics toolkit is chosen. commit 31ba081b793141ca36866a6dd349cd2eac5af68e Author: Chad Parry Date: Thu Apr 21 02:06:53 2011 -0600 Add an event that will collect all valid filename extensions. --- modules/gallery/helpers/graphics.php | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index acb11bfb..3b9769de 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -170,23 +170,37 @@ class graphics_Core { foreach (self::_get_rules($target) as $rule) { $args = array($working_file, $output_file, unserialize($rule->args), $item); - call_user_func_array($rule->operation, $args); - $working_file = $output_file; + try { + call_user_func_array($rule->operation, $args); + $working_file = $output_file; + } catch (Exception $e) { + // Ignore this filter and move on. + Kohana_Log::add("error", "Caught exception filtering image: {$item->title}\n" . + $e->getMessage() . "\n" . $e->getTraceAsString()); + } } } if (!empty($ops["thumb"])) { + if (file_exists($item->thumb_path())) { + $item->thumb_dirty = 0; + } else { + copy(MODPATH . "gallery/images/missing_photo.png", $item->thumb_path()); + } $dims = getimagesize($item->thumb_path()); $item->thumb_width = $dims[0]; $item->thumb_height = $dims[1]; - $item->thumb_dirty = 0; } if (!empty($ops["resize"])) { + if (file_exists($item->resize_path())) { + $item->resize_dirty = 0; + } else { + copy(MODPATH . "gallery/images/missing_photo.png", $item->resize_path()); + } $dims = getimagesize($item->resize_path()); $item->resize_width = $dims[0]; $item->resize_height = $dims[1]; - $item->resize_dirty = 0; } $item->save(); } catch (Exception $e) { -- cgit v1.2.3 From c76c4e654880a6e03d70522ed8427154d53c1590 Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Wed, 15 Jun 2011 20:15:20 -0600 Subject: Refer to "rules" not "filters" --- modules/gallery/helpers/graphics.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 3b9769de..39c87fbd 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -174,8 +174,8 @@ class graphics_Core { call_user_func_array($rule->operation, $args); $working_file = $output_file; } catch (Exception $e) { - // Ignore this filter and move on. - Kohana_Log::add("error", "Caught exception filtering image: {$item->title}\n" . + // Ignore this rule and move on. + Kohana_Log::add("error", "Caught exception processing image: {$item->title}\n" . $e->getMessage() . "\n" . $e->getTraceAsString()); } } -- cgit v1.2.3 From 0672c8f83f068c546454bacefac123b5acb508cc Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Thu, 21 Jul 2011 01:12:26 -0600 Subject: Polishing the rawphoto changes, including adding some tests. Squashed commit of the following: commit 945316a8c220b12adb687c896bcc5e86f99f46a4 Author: Chad Parry Date: Thu Jul 21 01:11:13 2011 -0600 Add a test for the sunny-day scenario where a rule changes a data file's MIME type. commit 4ee1ee000c8f4d8ebaae66f637bc71080486fd73 Author: Chad Parry Date: Thu Jul 21 00:49:47 2011 -0600 Ensure that a third-party cannot swap out a legitimate photo with an unsafe file type. commit 7dd0105bfc59c150e5640e693778f51bbaa44eab Author: Chad Parry Date: Thu Jul 21 00:48:19 2011 -0600 Update the MIME type and other meta-data when a new data file is provided. commit 5a8844c7947b21cf658f22cc61f20ffa9e8f07f2 Author: Chad Parry Date: Thu Jul 21 00:30:01 2011 -0600 Remove a unit test that no longer applies. Replacement data files are allowed to have different MIME types. commit 0de9c6283ce4f5773cad8e92b6785d6a1f7b5e46 Author: Chad Parry Date: Thu Jul 21 00:27:45 2011 -0600 If one rule fails, then abort processing, rather than trying to proceed to subsequent rules. commit 41d379c2b777ae7b3a11f528971228e234f8976f Author: Chad Parry Date: Thu Jul 21 00:10:10 2011 -0600 Replace an overly-complicated regular expression with a simple in_array, at Bharat's suggestion. commit 1b3f7111d4c2607baaa2da0aab3b501f2d9a1426 Merge: 8f7904a 403f64b Author: Chad Parry Date: Wed Jul 20 21:02:56 2011 -0600 Merge branch 'master' into rawphoto commit 8f7904ab62c71a7e4ee68762f936030b4dcb4ea1 Merge: e950573 771de0a Author: Chad Parry Date: Sat Jun 25 14:12:39 2011 -0600 Merge branches 'master' and 'rawphoto' into rawphoto commit e95057337996351e49915d9f85d007d50103a4be Author: Chad Parry Date: Wed Jun 15 20:24:18 2011 -0600 Merge branches 'rawphoto-squash' and 'rawphoto' into rawphoto --- modules/gallery/helpers/graphics.php | 10 ++-------- modules/gallery/models/item.php | 7 +++++++ modules/gallery/tests/Item_Model_Test.php | 23 +++++++++++++++++++++-- 3 files changed, 30 insertions(+), 10 deletions(-) (limited to 'modules/gallery/helpers/graphics.php') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 39c87fbd..3548faa1 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -170,14 +170,8 @@ class graphics_Core { foreach (self::_get_rules($target) as $rule) { $args = array($working_file, $output_file, unserialize($rule->args), $item); - try { - call_user_func_array($rule->operation, $args); - $working_file = $output_file; - } catch (Exception $e) { - // Ignore this rule and move on. - Kohana_Log::add("error", "Caught exception processing image: {$item->title}\n" . - $e->getMessage() . "\n" . $e->getTraceAsString()); - } + call_user_func_array($rule->operation, $args); + $working_file = $output_file; } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index cccb7074..93e97af6 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -420,6 +420,13 @@ class Item_Model_Core extends ORM_MPTT { if (!empty($extension) && strcmp($this->name, $new_name)) { $this->name = $new_name; } + if ($this->is_photo()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + photo::get_file_metadata($this->data_file); + } else if ($this->is_movie()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + movie::get_file_metadata($this->data_file); + } } if (array_intersect($this->changed, array("parent_id", "name", "slug"))) { diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 968d7510..19ab8ec4 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -394,15 +394,34 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_equal(20337, filesize($photo->file_path())); } - public function replacement_data_file_must_be_same_mime_type_test() { + public function replace_data_file_type_test() { // Random photo is modules/gallery/tests/test.jpg $photo = test::random_photo(); + $this->assert_equal(1024, $photo->width); + $this->assert_equal(768, $photo->height); + $this->assert_equal(6232, filesize($photo->file_path())); + $this->assert_equal("image/jpeg", $photo->mime_type); + $orig_name = $photo->name; + + // Random photo is gallery/images/graphicsmagick.png is 104x76 and 1486 bytes $photo->set_data_file(MODPATH . "gallery/images/graphicsmagick.png"); + $photo->save(); + + $this->assert_equal(104, $photo->width); + $this->assert_equal(76, $photo->height); + $this->assert_equal(1486, filesize($photo->file_path())); + $this->assert_equal("image/png", $photo->mime_type); + $this->assert_equal("png", pathinfo($photo->name, PATHINFO_EXTENSION)); + $this->assert_equal(pathinfo($orig_name, PATHINFO_FILENAME), pathinfo($photo->name, PATHINFO_FILENAME)); + } + public function unsafe_data_file_replacement_test() { try { + $photo = test::random_photo(); + $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "cant_change_mime_type"), $e->validation->errors()); + $this->assert_same(array("mime_type" => "invalid"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); -- cgit v1.2.3