From a11bf295078656612603c1c561e9261555d0c40c Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 9 Jan 2010 23:57:16 -0800 Subject: Fix for ticket #972 and more. In Kohana 2.4, ORM::delete_all ignores any where clauses and deletes all the entries in the table unless an array of id's are passed as the parameter. This fix used the Database_builder to specify any where conditions. Thanks psvo for find the first one. :-) --- modules/gallery/helpers/graphics.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 7577d7ac..5a290905 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -60,11 +60,12 @@ class graphics_Core { * @param string $operation the name of the operation(::method) */ static function remove_rule($module_name, $target, $operation) { - ORM::factory("graphics_rule") + db::build() + ->delete("graphics_rules") ->where("module_name", "=", $module_name) ->where("target", "=", $target) ->where("operation", "=", $operation) - ->delete_all(); + ->execute(); self::mark_dirty($target == "thumb", $target == "resize"); } -- cgit v1.2.3 From 3ab6c4915aa0c9dbd2061ffcad0af00e2c50136e Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 11 Jan 2010 10:42:39 -0800 Subject: Fixes ticket #671. In the graphics_rules table height and width set the maximum height and width values and should be equal. Initially, the height on the resize target rule was less than the height, which artificially constrained images in portrait mode. **Note"" this fix requires an upgrade to version 22. All the resizes will be flagged dirty. --- installer/install.sql | 2 +- modules/gallery/helpers/gallery_installer.php | 19 ++++++++++++++++++- modules/gallery/module.info | 2 +- 3 files changed, 20 insertions(+), 3 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/installer/install.sql b/installer/install.sql index 6e7c06a2..95a57d86 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -89,7 +89,7 @@ CREATE TABLE {graphics_rules} ( ) AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; INSERT INTO {graphics_rules} VALUES (1,1,'a:3:{s:5:\"width\";i:200;s:6:\"height\";i:200;s:6:\"master\";i:2;}','gallery','gallery_graphics::resize',100,'thumb'); -INSERT INTO {graphics_rules} VALUES (2,1,'a:3:{s:5:\"width\";i:640;s:6:\"height\";i:480;s:6:\"master\";i:2;}','gallery','gallery_graphics::resize',100,'resize'); +INSERT INTO {graphics_rules} VALUES (2,1,'a:3:{s:5:\"width\";i:640;s:6:\"height\";i:640;s:6:\"master\";i:2;}','gallery','gallery_graphics::resize',100,'resize'); DROP TABLE IF EXISTS {groups}; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 410b6413..02ce1b18 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -240,7 +240,7 @@ class gallery_installer { 100); graphics::add_rule( "gallery", "resize", "gallery_graphics::resize", - array("width" => 640, "height" => 480, "master" => Image::AUTO), + array("width" => 640, "height" => 640, "master" => Image::AUTO), 100); // Instantiate default themes (site and admin) @@ -440,6 +440,23 @@ class gallery_installer { module::set_var("gallery", "simultaneous_upload_limit", 5); module::set_version("gallery", $version = 21); } + + // Update the graphics rules table so that the maximum height for resizes is 640 not 480. + // Fixes ticket #671 + if ( $version == 21) { + $resize_rule = ORM::factory("graphics_rule") + ->where("id", "=", "2") + ->find(); + // make sure it hasn't been changed already + $args = unserialize($resize_rule->args); + if ($args["height"] == 480 && $args["width"] == 640) { + $args["height"] = 640; + $resize_rule->args = serialize($args); + $resize_rule->save(); + graphics::mark_dirty(false, true); + } + module::set_version("gallery", $version = 22); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index b3366f7d..107d9a12 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,4 +1,4 @@ name = "Gallery 3" description = "Gallery core application" -version = 21 +version = 22 -- cgit v1.2.3 From 284e14d50e33fb6a1ef0ce00444f216fcdbeb904 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 11 Jan 2010 10:48:27 -0800 Subject: Remove the automatically marking the resizes dirty line as this could cause alot of pain to some installations --- modules/gallery/helpers/gallery_installer.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 02ce1b18..1e0ad28c 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -453,7 +453,6 @@ class gallery_installer { $args["height"] = 640; $resize_rule->args = serialize($args); $resize_rule->save(); - graphics::mark_dirty(false, true); } module::set_version("gallery", $version = 22); } -- cgit v1.2.3 From 0dc184e99f0ca607774a68257432a9a981f4d5b7 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 18 Jan 2010 11:10:37 -0800 Subject: Overload url::current() and url::merge() to make the current url XSS safe. Add tests to make sure that it doesn't relapse with future Kohana changes. Fixes ticket #983. Ref: http://gallery.menalto.com/node/93738 --- modules/gallery/helpers/MY_url.php | 14 ++++++++++ modules/gallery/tests/Url_Security_Test.php | 43 +++++++++++++++++++++++++++++ modules/rss/controllers/rss.php | 8 ++---- 3 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 modules/gallery/tests/Url_Security_Test.php (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index 74284951..8a7909b6 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -89,4 +89,18 @@ class url extends url_Core { static function abs_current($qs=false) { return self::abs_site(url::current($qs)); } + + /** + * Just like url::merge except that it escapes any XSS in the path. + */ + static function merge($params) { + return htmlspecialchars(parent::merge($params)); + } + + /** + * Just like url::current except that it escapes any XSS in the path. + */ + static function current($qs=false, $suffix=false) { + return htmlspecialchars(parent::current($qs, $suffix)); + } } diff --git a/modules/gallery/tests/Url_Security_Test.php b/modules/gallery/tests/Url_Security_Test.php new file mode 100644 index 00000000..de25880f --- /dev/null +++ b/modules/gallery/tests/Url_Security_Test.php @@ -0,0 +1,43 @@ +save = array(Router::$current_uri, Router::$complete_uri, $_GET); + } + + public function teardown() { + list(Router::$current_uri, Router::$complete_uri, $_GET) = $this->save; + } + + public function xss_in_current_url_test() { + Router::$current_uri = "foo//bar"; + Router::$complete_uri = "foo//bar?foo=bar"; + $this->assert_same("foo/<xss>/bar", url::current()); + $this->assert_same("foo/<xss>/bar?foo=bar", url::current(true)); + } + + public function xss_in_merged_url_test() { + Router::$current_uri = "foo//bar"; + Router::$complete_uri = "foo//bar?foo=bar"; + $_GET = array("foo" => "bar"); + $this->assert_same("foo/<xss>/bar?foo=bar", url::merge(array())); + $this->assert_same("foo/<xss>/bar?foo=bar&a=b", url::merge(array("a" => "b"))); + } +} \ No newline at end of file diff --git a/modules/rss/controllers/rss.php b/modules/rss/controllers/rss.php index 41c781d9..3066ba16 100644 --- a/modules/rss/controllers/rss.php +++ b/modules/rss/controllers/rss.php @@ -52,14 +52,12 @@ class Rss_Controller extends Controller { $view->feed = $feed; $view->pub_date = date("D, d M Y H:i:s T"); - $feed->uri = url::abs_site(str_replace("&", "&", url::merge($_GET))); + $feed->uri = url::abs_site(url::merge($_GET)); if ($page > 1) { - $feed->previous_page_uri = - url::abs_site(str_replace("&", "&", url::merge(array("page" => $page - 1)))); + $feed->previous_page_uri = url::abs_site(url::merge(array("page" => $page - 1))); } if ($page < $feed->max_pages) { - $feed->next_page_uri = - url::abs_site(str_replace("&", "&", url::merge(array("page" => $page + 1)))); + $feed->next_page_uri = url::abs_site(url::merge(array("page" => $page + 1))); } header("Content-Type: application/rss+xml"); -- cgit v1.2.3 From 41a392611c0e602d2e14859e5c0d5bf9e61d0073 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 18 Jan 2010 12:08:05 -0800 Subject: Change DENY and ALLOW to "0" and "1" to match the fact that ORM no longer typecasts values as of http://dev.kohanaphp.com/issues/2459 --- modules/gallery/helpers/access.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 8ce7e436..e0a0e979 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -66,8 +66,8 @@ * the Access_Intent_Model */ class access_Core { - const DENY = false; - const ALLOW = true; + const DENY = "0"; + const ALLOW = "1"; const INHERIT = null; // access_intent const UNKNOWN = null; // cache (access_cache, items) -- cgit v1.2.3 From 284788d964688385f77b18bc063a841d0dbcdcd8 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 18 Jan 2010 12:08:39 -0800 Subject: Switch from stdClass to arrays which works around issues caused in http://dev.kohanaphp.com/issues/2459 -- I don't exactly know why, but the solutions are equivalent so I'm not going to dig too far. --- modules/gallery/helpers/model_cache.php | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/model_cache.php b/modules/gallery/helpers/model_cache.php index 302e42d9..88756407 100644 --- a/modules/gallery/helpers/model_cache.php +++ b/modules/gallery/helpers/model_cache.php @@ -18,27 +18,25 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class model_cache_Core { - private static $cache; + private static $cache = array(); static function get($model_name, $id, $field_name="id") { - if (TEST_MODE || empty(self::$cache->$model_name->$field_name->$id)) { + if (TEST_MODE || empty(self::$cache[$model_name][$field_name][$id])) { $model = ORM::factory($model_name)->where($field_name, "=", $id)->find(); if (!$model->loaded()) { throw new Exception("@todo MISSING_MODEL $model_name:$id"); } - self::$cache->$model_name->$field_name->$id = $model; + self::$cache[$model_name][$field_name][$id] = $model; } - return self::$cache->$model_name->$field_name->$id; + return self::$cache[$model_name][$field_name][$id]; } static function clear() { - self::$cache = new stdClass(); + self::$cache = array(); } static function set($model) { - self::$cache->{$model->object_name} - ->{$model->primary_key} - ->{$model->{$model->primary_key}} = $model; + self::$cache[$model->object_name][$model->primary_key][$model->{$model->primary_key}] = $model; } } -- cgit v1.2.3