From d53f6d0e052fb455059170a311640fcd06cad798 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Fri, 12 Feb 2010 16:40:44 -0800
Subject: Fix for tickets 1009 and 603: Show a themed error page to guests /
 registered users (not to admins though). And show a login form to guests for
 404 (incl. insufficient view permissions) errors.

---
 modules/gallery/helpers/access.php |  2 +-
 modules/gallery/helpers/auth.php   | 14 --------------
 2 files changed, 1 insertion(+), 15 deletions(-)

(limited to 'modules/gallery/helpers')

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 7e8b079a..c4c100ca 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -120,7 +120,7 @@ class access_Core {
     if (!self::can($perm_name, $item)) {
       if ($perm_name == "view") {
         // Treat as if the item didn't exist, don't leak any information.
-        throw new Kohana_404_Exception();
+        Event::run('system.404');
       } else {
         self::forbidden();
       }
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 8b0ce470..c3e9e6e9 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -130,18 +130,4 @@ class auth_Core {
     $session->set("admin_area_activity_timestamp", time());
     return false;
   }
-
-  /**
-   * Returns the themed login page.
-   */
-  static function login_page($continue_url=null) {
-    $view = new Theme_View("page.html", "other", "login");
-    $view->page_title = t("Log in to Gallery");
-    $view->content = new View("login_ajax.html");
-    $view->content->form = auth::get_login_form("login/auth_html");
-    // Avoid anti-phishing protection by passing the url as session variable.
-    $continue_url or $continue_url = url::current(true);
-    Session::instance()->set("continue_url", $continue_url);
-    return $view;
-  }
 }
\ No newline at end of file
-- 
cgit v1.2.3


From 7e47c3b19f522344f7083ea0bd9524bfff1a0eb2 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Fri, 12 Feb 2010 19:05:44 -0800
Subject: For consistency, use straight Kohana_404_Exception instead of the
 event system.

---
 modules/gallery/controllers/albums.php | 2 +-
 modules/gallery/controllers/items.php  | 2 +-
 modules/gallery/controllers/movies.php | 2 +-
 modules/gallery/controllers/photos.php | 2 +-
 modules/gallery/helpers/access.php     | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/gallery/helpers')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index 1cc3b1ec..036dade0 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -26,7 +26,7 @@ class Albums_Controller extends Items_Controller {
     if (!is_object($album)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     access::required("view", $album);
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php
index 0bd47b2d..f261e3a9 100644
--- a/modules/gallery/controllers/items.php
+++ b/modules/gallery/controllers/items.php
@@ -21,7 +21,7 @@ class Items_Controller extends Controller {
   public function __call($function, $args) {
     $item = ORM::factory("item", (int)$function);
     if (!$item->loaded()) {
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     // Redirect to the more specific resource type, since it will render
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 1dbcb481..78a56e81 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -22,7 +22,7 @@ class Movies_Controller extends Items_Controller {
     if (!is_object($movie)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
 
     access::required("view", $movie);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 2a77aea4..f2d47eec 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -22,7 +22,7 @@ class Photos_Controller extends Items_Controller {
     if (!is_object($photo)) {
       // show() must be public because we route to it in url::parse_url(), so make
       // sure that we're actually receiving an object
-      Event::run('system.404');
+      throw new Kohana_404_Exception();
     }
   
     access::required("view", $photo);
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index c4c100ca..7e8b079a 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -120,7 +120,7 @@ class access_Core {
     if (!self::can($perm_name, $item)) {
       if ($perm_name == "view") {
         // Treat as if the item didn't exist, don't leak any information.
-        Event::run('system.404');
+        throw new Kohana_404_Exception();
       } else {
         self::forbidden();
       }
-- 
cgit v1.2.3


From 36702b1397dcac9ba5a607f62e2a1caeb307ac7a Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Fri, 12 Feb 2010 20:59:26 -0800
Subject: Some HTML validation fixes (don't render empty <ul> lists, empty id
 attributes, use &amp; not &)

---
 modules/gallery/helpers/gallery_event.php     |  6 +++---
 modules/gallery/libraries/Menu.php            | 13 +++++++++++++
 modules/gallery/views/menu.html.php           |  4 ++--
 modules/gallery/views/menu_ajax_link.html.php |  2 +-
 modules/gallery/views/menu_dialog.html.php    |  2 +-
 modules/gallery/views/menu_link.html.php      |  2 +-
 themes/wind/views/page.html.php               |  2 +-
 7 files changed, 22 insertions(+), 9 deletions(-)

(limited to 'modules/gallery/helpers')

diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 63f33c12..faf1c0c6 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -336,7 +336,7 @@ class gallery_event_Core {
             ->css_class("ui-icon-rotate-ccw")
             ->ajax_handler("function(data) { " .
                            "\$.gallery_replace_image(data, \$('$thumb_css_selector')) }")
-            ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")))
+            ->url(url::site("quick/rotate/$item->id/ccw?csrf=$csrf&amp;from_id=$theme_item->id&amp;page_type=$page_type")))
           ->append(
             Menu::factory("ajax_link")
             ->id("rotate_cw")
@@ -344,7 +344,7 @@ class gallery_event_Core {
             ->css_class("ui-icon-rotate-cw")
             ->ajax_handler("function(data) { " .
                            "\$.gallery_replace_image(data, \$('$thumb_css_selector')) }")
-            ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")));
+            ->url(url::site("quick/rotate/$item->id/cw?csrf=$csrf&amp;from_id=$theme_item->id&amp;page_type=$page_type")));
       }
 
       // @todo Don't move photos from the photo page; we don't yet have a good way of redirecting
@@ -384,7 +384,7 @@ class gallery_event_Core {
                    ->label($delete_title)
                    ->css_class("ui-icon-trash")
                    ->css_id("g-quick-delete")
-                   ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type")));
+                   ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&amp;from_id=$theme_item->id&amp;page_type=$page_type")));
       }
 
       if ($item->is_album()) {
diff --git a/modules/gallery/libraries/Menu.php b/modules/gallery/libraries/Menu.php
index e2b68d1a..7c76ab04 100644
--- a/modules/gallery/libraries/Menu.php
+++ b/modules/gallery/libraries/Menu.php
@@ -216,6 +216,19 @@ class Menu_Core extends Menu_Element {
     return null;
   }
 
+  public function is_empty() {
+    foreach ($this->elements as $element) {
+      if ($element instanceof Menu) {
+        if (!$element->is_empty()) {
+          return false;
+        }
+      } else {
+        return false;
+      }
+    }
+    return true;
+  }
+
   public function render() {
     $view = new View(isset($this->view) ? $this->view : "menu.html");
     $view->menu = $this;
diff --git a/modules/gallery/views/menu.html.php b/modules/gallery/views/menu.html.php
index cb49bcdf..17a249dd 100644
--- a/modules/gallery/views/menu.html.php
+++ b/modules/gallery/views/menu.html.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
-<? if ($menu->elements): // Don't show the menu if it has no choices ?>
+<? if (!$menu->is_empty()): // Don't show the menu if it has no choices ?>
 <? if ($menu->is_root): ?>
-<ul <?= isset($menu->css_id) ? "id='$menu->css_id'" : "" ?> class="<?= $menu->css_class ?>">
+<ul <?= $menu->css_id ? "id='$menu->css_id'" : "" ?> class="<?= $menu->css_class ?>">
   <? foreach ($menu->elements as $element): ?>
   <?= $element->render() ?>
   <? endforeach ?>
diff --git a/modules/gallery/views/menu_ajax_link.html.php b/modules/gallery/views/menu_ajax_link.html.php
index 00a394bc..06cd6f92 100644
--- a/modules/gallery/views/menu_ajax_link.html.php
+++ b/modules/gallery/views/menu_ajax_link.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <li>
-  <a id="<?= $menu->css_id ?>"
+  <a <?= $menu->css_id ? "id='{$menu->css_id}'" : "" ?>
      class="g-ajax-link <?= $menu->css_class ?>"
      href="<?= $menu->url ?>"
      title="<?= $menu->label->for_html_attr() ?>"
diff --git a/modules/gallery/views/menu_dialog.html.php b/modules/gallery/views/menu_dialog.html.php
index 99b1b013..b44080c3 100644
--- a/modules/gallery/views/menu_dialog.html.php
+++ b/modules/gallery/views/menu_dialog.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <li>
-  <a id="<?= $menu->css_id ?>"
+  <a <?= $menu->css_id ? "id='{$menu->css_id}'" : "" ?>
      class="g-dialog-link <?= $menu->css_class ?>"
      href="<?= $menu->url ?>"
      title="<?= $menu->label->for_html_attr() ?>">
diff --git a/modules/gallery/views/menu_link.html.php b/modules/gallery/views/menu_link.html.php
index 8e4cdb95..a36d2754 100644
--- a/modules/gallery/views/menu_link.html.php
+++ b/modules/gallery/views/menu_link.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <li>
-  <a id="<?= $menu->css_id ?>"
+  <a <?= $menu->css_id ? "id='{$menu->css_id}'" : "" ?>
      class="g-menu-link <?= $menu->css_class ?>"
      href="<?= $menu->url ?>"
      title="<?= $menu->label->for_html_attr() ?>">
diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php
index 2dcc5d70..61e34145 100644
--- a/themes/wind/views/page.html.php
+++ b/themes/wind/views/page.html.php
@@ -91,7 +91,7 @@
           <div id="g-site-menu" style="visibility: hidden">
           <?= $theme->site_menu() ?>
           </div>
-          <script> $(document).ready(function() { $("#g-site-menu").css("visibility", "visible"); }) </script>
+          <script type="text/javascript"> $(document).ready(function() { $("#g-site-menu").css("visibility", "visible"); }) </script>
 
           <?= $theme->header_bottom() ?>
         </div>
-- 
cgit v1.2.3