From 526859d9605d137ebe053ecbd80f46ca6a331194 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 22 Apr 2011 13:56:32 -0700 Subject: Do simple transliteration when converting filenames to slugs, but check to see if the transliteration module is available and use a more complex transliteration if possible. Fixes #1668. --- modules/gallery/models/item.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'modules/gallery/models') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 8f4bc5e4..f46db696 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -336,9 +336,7 @@ class Item_Model_Core extends ORM_MPTT { // Make an url friendly slug from the name, if necessary if (empty($this->slug)) { - $tmp = pathinfo($this->name, PATHINFO_FILENAME); - $tmp = preg_replace("/[^A-Za-z0-9-_]+/", "-", $tmp); - $this->slug = trim($tmp, "-"); + $this->slug = item::convert_filename_to_slug($this->name); // If the filename is all invalid characters, then the slug may be empty here. Pick a // random value. -- cgit v1.2.3 From 91c83874e518b9106a4d54d8c3bbe28e4c055123 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 25 Apr 2011 22:15:34 -0700 Subject: Fix a bug introduced in 526859d9605d137ebe053ecbd80f46ca6a331194 where we changed the behavior of the slug code and included the file extension, not just the name. This broke Item_Model_Test::move_photo_with_conflicting_target_gets_uniqified_test so yay for unit tests! #1668 --- modules/gallery/models/item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/models') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index f46db696..2a5e6894 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -336,7 +336,7 @@ class Item_Model_Core extends ORM_MPTT { // Make an url friendly slug from the name, if necessary if (empty($this->slug)) { - $this->slug = item::convert_filename_to_slug($this->name); + $this->slug = item::convert_filename_to_slug(pathinfo($this->name, PATHINFO_FILENAME)); // If the filename is all invalid characters, then the slug may be empty here. Pick a // random value. -- cgit v1.2.3 From b875368167658fd7992812504674afeb61c64831 Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Thu, 28 Apr 2011 19:41:44 -0600 Subject: This patch helps provide raw photo support with some small changes to the framework. Items can now change their extension and MIME type. Squashed commit of the following: commit 4c2b2ebd3f2052898fbfb175650ed4cf49c8006e Author: Chad Parry Date: Wed Apr 27 20:52:35 2011 -0600 Remove a newline at the end of the file that I accidentally introduced. commit 6d564f185e5279d6cca9a7385066514ff18a2455 Merge: 7ff485f 4060640 Author: Chad Parry Date: Wed Apr 27 20:35:58 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit 7ff485fa48c392bbbb0370f67cb1bd6fcc00c2a4 Author: Chad Parry Date: Wed Apr 27 20:29:06 2011 -0600 Move the extensions helpers out of the Kohana system directory and into their own Gallery Extensions class. commit 26585fed03236f0f70a75959e1d3002025f4e15e Merge: 809567f c8f90e8 Author: Chad Parry Date: Sun Apr 24 08:28:39 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit 809567f12850f59bdeb47a2963f6968b99b5a201 Author: Chad Parry Date: Sun Apr 24 08:10:04 2011 -0600 Expose the data file field. commit fcb06bf175bb9eeff36d9c294e97ace9374ef0f3 Author: Chad Parry Date: Sun Apr 24 00:45:12 2011 -0600 Don't assign to the item->name field if the name is unchanged, because the save method will crash. commit c6ef706d70c7e48bea1145eec1b13fb5683e023f Author: Chad Parry Date: Sat Apr 23 22:55:59 2011 -0600 Preserve old data files long enough for them to be available to event handlers. commit 0d6a3a3cfc4f38f450db9e18da47a5e2ad826af8 Author: Chad Parry Date: Sat Apr 23 21:19:47 2011 -0600 Create a tempnam substitute that safely creates files with a given extension. commit e149cf7238a1f8eaddfc68580f2d636dd8255795 Author: Chad Parry Date: Sat Apr 23 16:39:25 2011 -0600 Support data files that change their extension and MIME type. commit 6702104f571413e4d57db3515b2070c48d3e9b55 Author: Chad Parry Date: Sat Apr 23 16:35:00 2011 -0600 Resolve an infinite recursion that happens when the path caches are updated during saving. commit 944cb72eea946f4c45a04b7e4c7c33929fa8b9f3 Merge: 567522b 5af74d4 Author: Chad Parry Date: Fri Apr 22 14:10:42 2011 -0600 Merge remote branch 'origin/master' into rawphoto commit 567522bfa08c370bb5baf8454afc5b04bc9e49b4 Author: Chad Parry Date: Thu Apr 21 20:12:32 2011 -0600 Add an event for when a new graphics toolkit is chosen. commit 31ba081b793141ca36866a6dd349cd2eac5af68e Author: Chad Parry Date: Thu Apr 21 02:06:53 2011 -0600 Add an event that will collect all valid filename extensions. --- modules/gallery/controllers/admin_graphics.php | 2 + modules/gallery/controllers/quick.php | 4 +- modules/gallery/controllers/uploader.php | 2 +- modules/gallery/helpers/extensions.php | 39 ++++++++++++++++ modules/gallery/helpers/system.php | 25 ++++++++++ modules/gallery/libraries/Form_Uploadify.php | 1 + modules/gallery/models/item.php | 63 ++++++++++++++------------ modules/gallery/tests/Mock_Built_In.php | 39 ++++++++++++++++ modules/gallery/tests/System_Helper_Test.php | 49 ++++++++++++++++++++ modules/gallery/views/form_uploadify.html.php | 2 +- 10 files changed, 194 insertions(+), 32 deletions(-) create mode 100644 modules/gallery/helpers/extensions.php create mode 100644 modules/gallery/tests/Mock_Built_In.php create mode 100644 modules/gallery/tests/System_Helper_Test.php (limited to 'modules/gallery/models') diff --git a/modules/gallery/controllers/admin_graphics.php b/modules/gallery/controllers/admin_graphics.php index a2d19d4a..a8a7cdc0 100644 --- a/modules/gallery/controllers/admin_graphics.php +++ b/modules/gallery/controllers/admin_graphics.php @@ -40,6 +40,8 @@ class Admin_Graphics_Controller extends Admin_Controller { $msg = t("Changed graphics toolkit to: %toolkit", array("toolkit" => $tk->$toolkit_id->name)); message::success($msg); log::success("graphics", $msg); + + module::event("graphics_toolkit_change", $toolkit_id); } url::redirect("admin/graphics"); diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index da4768fd..ce52cb8d 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -36,8 +36,8 @@ class Quick_Controller extends Controller { } if ($degrees) { - $tmpfile = tempnam(TMPPATH, "rotate") . "." . - pathinfo($item->file_path(), PATHINFO_EXTENSION); + $tmpfile = system::tempnam(TMPPATH, "rotate", + "." . pathinfo($item->file_path(), PATHINFO_EXTENSION)); gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees), $item); $item->set_data_file($tmpfile); $item->save(); diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 6b1455e4..5f3e9ca4 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -51,7 +51,7 @@ class Uploader_Controller extends Controller { $file_validation = new Validation($_FILES); $file_validation->add_rules( "Filedata", "upload::valid", "upload::required", - "upload::type[gif,jpg,jpeg,png,flv,mp4,m4v]"); + "upload::type[" . implode(",", extensions::get_upload_extensions()) . "]"); if ($form->validate() && $file_validation->validate()) { $temp_filename = upload::save("Filedata"); diff --git a/modules/gallery/helpers/extensions.php b/modules/gallery/helpers/extensions.php new file mode 100644 index 00000000..bccbfc41 --- /dev/null +++ b/modules/gallery/helpers/extensions.php @@ -0,0 +1,39 @@ +extensions = array("gif", "jpg", "jpeg", "png"); + if (movie::find_ffmpeg()) { + array_push($extensions_wrapper->extensions, "flv", "mp4", "m4v"); + } + module::event("upload_extensions", $extensions_wrapper); + return $extensions_wrapper->extensions; + } + + static function get_upload_filters() { + $filters = array(); + foreach (self::get_upload_extensions() as $extension) { + array_push($filters, "*." . $extension, "*." . strtoupper($extension)); + } + return $filters; + } +} diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php index c39c7227..31ecafa7 100644 --- a/modules/gallery/helpers/system.php +++ b/modules/gallery/helpers/system.php @@ -40,4 +40,29 @@ class system_Core { } return null; } + + /** + * Create a file with a unique file name. + * This helper is similar to the built-in tempnam, except that it supports an optional postfix. + */ + static function tempnam($dir = TMPPATH, $prefix = "", $postfix = "") { + return self::_tempnam($dir, $prefix, $postfix, "tempnam"); + } + + // This helper provides a dependency-injected implementation of tempnam. + static function _tempnam($dir, $prefix, $postfix, $builtin) { + $success = false; + do { + $basename = call_user_func($builtin, $dir, $prefix); + if (!$basename) { + return false; + } + $filename = $basename . $postfix; + $success = !file_exists($filename) && @rename($basename, $filename); + if (!$success) { + @unlink($basename); + } + } while (!$success); + return $filename; + } } \ No newline at end of file diff --git a/modules/gallery/libraries/Form_Uploadify.php b/modules/gallery/libraries/Form_Uploadify.php index 3e35e380..884653e2 100644 --- a/modules/gallery/libraries/Form_Uploadify.php +++ b/modules/gallery/libraries/Form_Uploadify.php @@ -47,6 +47,7 @@ class Form_Uploadify_Core extends Form_Input { $v->script_data = $this->data["script_data"]; $v->simultaneous_upload_limit = module::get_var("gallery", "simultaneous_upload_limit"); $v->movies_allowed = (bool) movie::find_ffmpeg(); + $v->extensions = extensions::get_upload_filters(); $v->suhosin_session_encrypt = (bool) ini_get("suhosin.session.encrypt"); list ($toolkit_max_filesize_bytes, $toolkit_max_filesize) = graphics::max_filesize(); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 2a5e6894..5ccbe75c 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -127,6 +127,15 @@ class Item_Model_Core extends ORM_MPTT { return $this; } + /** + * Get the path to the data file associated with this item. + * This data file field is only set until you call save(). + * After that, you can get the path using get_file_path(). + */ + public function get_data_file() { + return $this->data_file; + } + /** * Return the server-relative url to this item, eg: * /gallery3/index.php/BobsWedding?page=2 @@ -408,6 +417,16 @@ class Item_Model_Core extends ORM_MPTT { // If any significant fields have changed, load up a copy of the original item and // keep it around. $original = ORM::factory("item", $this->id); + + // Preserve the extension of the data file. + if (isset($this->data_file)) { + $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); + $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; + if (!empty($extension) && strcmp($this->name, $new_name)) { + $this->name = $new_name; + } + } + if (array_intersect($this->changed, array("parent_id", "name", "slug"))) { $original->_build_relative_caches(); $this->relative_path_cache = null; @@ -430,7 +449,10 @@ class Item_Model_Core extends ORM_MPTT { if ($original->parent_id != $this->parent_id || $original->name != $this->name) { // Move all of the items associated data files - @rename($original->file_path(), $this->file_path()); + $this->_build_relative_caches(); + if (!isset($this->data_file)) { + @rename($original->file_path(), $this->file_path()); + } if ($this->is_album()) { @rename(dirname($original->resize_path()), dirname($this->resize_path())); @rename(dirname($original->thumb_path()), dirname($this->thumb_path())); @@ -460,8 +482,6 @@ class Item_Model_Core extends ORM_MPTT { } // Replace the data file, if requested. - // @todo: we don't handle the case where you swap in a file of a different mime type - // should we prevent that in validation? or in set_data_file() if ($this->data_file && ($this->is_photo() || $this->is_movie())) { copy($this->data_file, $this->file_path()); @@ -481,6 +501,9 @@ class Item_Model_Core extends ORM_MPTT { // Null out the data file variable here, otherwise this event will trigger another // save() which will think that we're doing another file move. $this->data_file = null; + if ($original->file_path() != $this->file_path()) { + @unlink($original->file_path()); + } module::event("item_updated_data_file", $this); } } @@ -517,6 +540,8 @@ class Item_Model_Core extends ORM_MPTT { $this->name = "$base_name-$rand"; } $this->slug = "$base_slug-$rand"; + $this->relative_path_cache = null; + $this->relative_url_cache = null; } } @@ -768,16 +793,7 @@ class Item_Model_Core extends ORM_MPTT { } if ($this->is_movie() || $this->is_photo()) { - if ($this->loaded()) { - // Existing items can't change their extension - $original = ORM::factory("item", $this->id); - $new_ext = pathinfo($this->name, PATHINFO_EXTENSION); - $old_ext = pathinfo($original->name, PATHINFO_EXTENSION); - if (strcasecmp($new_ext, $old_ext)) { - $v->add_error("name", "illegal_data_file_extension"); - return; - } - } else { + if (!$this->loaded()) { // New items must have an extension $ext = pathinfo($this->name, PATHINFO_EXTENSION); if (!$ext) { @@ -785,9 +801,11 @@ class Item_Model_Core extends ORM_MPTT { return; } - if ($this->is_movie() && !preg_match("/^(flv|mp4|m4v)$/i", $ext)) { - $v->add_error("name", "illegal_data_file_extension"); - } else if ($this->is_photo() && !preg_match("/^(gif|jpg|jpeg|png)$/i", $ext)) { + if (($this->is_movie() || $this->is_photo()) && + !preg_match("/^(" . + implode("|", array_map("preg_quote", + extensions::get_upload_extensions())) . + ")\$/i", $ext)) { $v->add_error("name", "illegal_data_file_extension"); } } @@ -813,17 +831,6 @@ class Item_Model_Core extends ORM_MPTT { } else if (filesize($this->data_file) == 0) { $v->add_error("name", "empty_data_file"); } - - if ($this->loaded()) { - if ($this->is_photo()) { - list ($a, $b, $mime_type) = photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($a, $b, $mime_type) = movie::get_file_metadata($this->data_file); - } - if ($mime_type != $this->mime_type) { - $v->add_error("name", "cant_change_mime_type"); - } - } } /** @@ -879,7 +886,7 @@ class Item_Model_Core extends ORM_MPTT { if ($this->is_movie()) { $legal_values = array("video/flv", "video/x-flv", "video/mp4"); } if ($this->is_photo()) { - $legal_values = array("image/jpeg", "image/gif", "image/png"); + $legal_values = array("image/jpeg", "image/gif", "image/png", "image/tiff"); } break; diff --git a/modules/gallery/tests/Mock_Built_In.php b/modules/gallery/tests/Mock_Built_In.php new file mode 100644 index 00000000..b02e5ecf --- /dev/null +++ b/modules/gallery/tests/Mock_Built_In.php @@ -0,0 +1,39 @@ +nonces = func_get_args(); + } + + function _tempnam($dir, $prefix) { + if (empty($this->nonces)) + return false; + $filename = "$dir/$prefix" . array_shift($this->nonces); + if (!touch($filename)) + return false; + return $filename; + } +} diff --git a/modules/gallery/tests/System_Helper_Test.php b/modules/gallery/tests/System_Helper_Test.php new file mode 100644 index 00000000..734f98ac --- /dev/null +++ b/modules/gallery/tests/System_Helper_Test.php @@ -0,0 +1,49 @@ +assert_true(file_exists($filename), "File not created"); + unlink($filename); + } + + public function tempnam_collision_test() { + require_once('Mock_Built_In.php'); + $existing = TMPPATH . "/file1.ext"; + $available = TMPPATH . "/file2.ext"; + touch($existing); + $filename = system::_tempnam(TMPPATH, "file", ".ext", + array(new Mock_Built_In("1", "2"), "_tempnam")); + unlink($existing); + $this->assert_true(file_exists($filename), "File not created"); + unlink($filename); + $this->assert_equal($available, $filename, "Incorrect filename created"); + } + + public function tempnam_abort_test() { + require_once('Mock_Built_In.php'); + $filename = system::_tempnam(TMPPATH, "file", ".ext", + array(new Mock_Built_In(), "_tempnam")); + if ($filename) { + @unlink($filename); + } + $this->assert_false($filename, "Operation not aborted"); + } +} diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 83dfcc68..ba4a3621 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -28,7 +28,7 @@ uploader: "", script: "id}") ?>", scriptData: , - fileExt: "*.gif;*.jpg;*.jpeg;*.png;*.GIF;*.JPG;*.JPEG;*.PNG;*.flv;*.mp4;*.m4v;*.FLV;*.MP4;*.M4V", + fileExt: "", fileDesc: for_js() ?>, cancelImg: "", simUploadLimit: , -- cgit v1.2.3 From d2d37fe3f2e550dff0c62afa9faa3100f305df0e Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Sat, 30 Apr 2011 21:33:20 -0600 Subject: Results from a round of feedback with Bharat. Squashed commit of the following: commit 13dbd3515bfb5324cfbcb3bbeafc179771b54f75 Merge: f0f094c 97400b7 Author: Chad Parry Date: Sat Apr 30 20:33:02 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit f0f094c3f79b09536f58083681c28f73271c506d Author: Chad Parry Date: Sat Apr 30 20:22:49 2011 -0600 Explain the conditional rename in item::save() with a comment. commit 1b3a6b85c156e4777d2aa8205b130984f55dc66d Author: Chad Parry Date: Sat Apr 30 18:29:34 2011 -0600 Improve the comment explaining why the data_file extension is important. commit c3e8c1e3b5e3cb1046acd4c923bb0ae9dbcd603a Author: Chad Parry Date: Sat Apr 30 18:12:56 2011 -0600 The data_file field is public, so we don't need to supply an accessor method. commit 2375a02e2cdbd1ccaf7dc4d3db9d85119972e3a9 Author: Chad Parry Date: Sat Apr 30 16:40:55 2011 -0600 Change the signature of system::tempnam to something more appropriate for Gallery. commit a8ca9dcf9edd54633c0c78b3af76aa974d38fc64 Author: Chad Parry Date: Sat Apr 30 16:10:06 2011 -0600 Change the name of the extensions helper to legal_file. commit 7e61a01a96f5eab7212dba754ac64fdfb4d9e8ab Author: Chad Parry Date: Sat Apr 30 16:08:49 2011 -0600 Change the name of the extensions helper to legal_file. commit 4c2b2ebd3f2052898fbfb175650ed4cf49c8006e Author: Chad Parry Date: Wed Apr 27 20:52:35 2011 -0600 Remove a newline at the end of the file that I accidentally introduced. commit 6d564f185e5279d6cca9a7385066514ff18a2455 Merge: 7ff485f 4060640 Author: Chad Parry Date: Wed Apr 27 20:35:58 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit 7ff485fa48c392bbbb0370f67cb1bd6fcc00c2a4 Author: Chad Parry Date: Wed Apr 27 20:29:06 2011 -0600 Move the extensions helpers out of the Kohana system directory and into their own Gallery Extensions class. commit 26585fed03236f0f70a75959e1d3002025f4e15e Merge: 809567f c8f90e8 Author: Chad Parry Date: Sun Apr 24 08:28:39 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit 809567f12850f59bdeb47a2963f6968b99b5a201 Author: Chad Parry Date: Sun Apr 24 08:10:04 2011 -0600 Expose the data file field. commit fcb06bf175bb9eeff36d9c294e97ace9374ef0f3 Author: Chad Parry Date: Sun Apr 24 00:45:12 2011 -0600 Don't assign to the item->name field if the name is unchanged, because the save method will crash. commit c6ef706d70c7e48bea1145eec1b13fb5683e023f Author: Chad Parry Date: Sat Apr 23 22:55:59 2011 -0600 Preserve old data files long enough for them to be available to event handlers. commit 0d6a3a3cfc4f38f450db9e18da47a5e2ad826af8 Author: Chad Parry Date: Sat Apr 23 21:19:47 2011 -0600 Create a tempnam substitute that safely creates files with a given extension. commit e149cf7238a1f8eaddfc68580f2d636dd8255795 Author: Chad Parry Date: Sat Apr 23 16:39:25 2011 -0600 Support data files that change their extension and MIME type. commit 6702104f571413e4d57db3515b2070c48d3e9b55 Author: Chad Parry Date: Sat Apr 23 16:35:00 2011 -0600 Resolve an infinite recursion that happens when the path caches are updated during saving. commit 944cb72eea946f4c45a04b7e4c7c33929fa8b9f3 Merge: 567522b 5af74d4 Author: Chad Parry Date: Fri Apr 22 14:10:42 2011 -0600 Merge remote branch 'origin/master' into rawphoto commit 567522bfa08c370bb5baf8454afc5b04bc9e49b4 Author: Chad Parry Date: Thu Apr 21 20:12:32 2011 -0600 Add an event for when a new graphics toolkit is chosen. commit 31ba081b793141ca36866a6dd349cd2eac5af68e Author: Chad Parry Date: Thu Apr 21 02:06:53 2011 -0600 Add an event that will collect all valid filename extensions. --- modules/gallery/controllers/quick.php | 4 +-- modules/gallery/controllers/uploader.php | 2 +- modules/gallery/helpers/legal_file.php | 39 ++++++++++++++++++++++++++++ modules/gallery/helpers/system.php | 13 ++++++---- modules/gallery/libraries/Form_Uploadify.php | 2 +- modules/gallery/models/item.php | 18 ++++++++++--- modules/gallery/tests/System_Helper_Test.php | 5 ++-- 7 files changed, 69 insertions(+), 14 deletions(-) create mode 100644 modules/gallery/helpers/legal_file.php (limited to 'modules/gallery/models') diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index ce52cb8d..b6576ec0 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -36,8 +36,8 @@ class Quick_Controller extends Controller { } if ($degrees) { - $tmpfile = system::tempnam(TMPPATH, "rotate", - "." . pathinfo($item->file_path(), PATHINFO_EXTENSION)); + $tmpfile = system::temp_filename("rotate", + pathinfo($item->file_path(), PATHINFO_EXTENSION)); gallery_graphics::rotate($item->file_path(), $tmpfile, array("degrees" => $degrees), $item); $item->set_data_file($tmpfile); $item->save(); diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 5f3e9ca4..9c2bf7d7 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -51,7 +51,7 @@ class Uploader_Controller extends Controller { $file_validation = new Validation($_FILES); $file_validation->add_rules( "Filedata", "upload::valid", "upload::required", - "upload::type[" . implode(",", extensions::get_upload_extensions()) . "]"); + "upload::type[" . implode(",", legal_file::get_extensions()) . "]"); if ($form->validate() && $file_validation->validate()) { $temp_filename = upload::save("Filedata"); diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php new file mode 100644 index 00000000..2cb0fb25 --- /dev/null +++ b/modules/gallery/helpers/legal_file.php @@ -0,0 +1,39 @@ +extensions = array("gif", "jpg", "jpeg", "png"); + if (movie::find_ffmpeg()) { + array_push($extensions_wrapper->extensions, "flv", "mp4", "m4v"); + } + module::event("legal_file_extensions", $extensions_wrapper); + return $extensions_wrapper->extensions; + } + + static function get_filters() { + $filters = array(); + foreach (self::get_extensions() as $extension) { + array_push($filters, "*." . $extension, "*." . strtoupper($extension)); + } + return $filters; + } +} diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php index 31ecafa7..9815d588 100644 --- a/modules/gallery/helpers/system.php +++ b/modules/gallery/helpers/system.php @@ -43,15 +43,18 @@ class system_Core { /** * Create a file with a unique file name. - * This helper is similar to the built-in tempnam, except that it supports an optional postfix. + * This helper is similar to the built-in tempnam. + * It allows the caller to specify a prefix and an extension. + * It always places the file in TMPPATH. */ - static function tempnam($dir = TMPPATH, $prefix = "", $postfix = "") { - return self::_tempnam($dir, $prefix, $postfix, "tempnam"); + static function temp_filename($prefix = "", $extension = "") { + return self::_tempnam(TMPPATH, $prefix, ".$extension", "tempnam"); } - // This helper provides a dependency-injected implementation of tempnam. + /** + * This helper provides a dependency-injected implementation of tempnam. + */ static function _tempnam($dir, $prefix, $postfix, $builtin) { - $success = false; do { $basename = call_user_func($builtin, $dir, $prefix); if (!$basename) { diff --git a/modules/gallery/libraries/Form_Uploadify.php b/modules/gallery/libraries/Form_Uploadify.php index 884653e2..450320b3 100644 --- a/modules/gallery/libraries/Form_Uploadify.php +++ b/modules/gallery/libraries/Form_Uploadify.php @@ -47,7 +47,7 @@ class Form_Uploadify_Core extends Form_Input { $v->script_data = $this->data["script_data"]; $v->simultaneous_upload_limit = module::get_var("gallery", "simultaneous_upload_limit"); $v->movies_allowed = (bool) movie::find_ffmpeg(); - $v->extensions = extensions::get_upload_filters(); + $v->extensions = legal_file::get_filters(); $v->suhosin_session_encrypt = (bool) ini_get("suhosin.session.encrypt"); list ($toolkit_max_filesize_bytes, $toolkit_max_filesize) = graphics::max_filesize(); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 5ccbe75c..6eb93cfa 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -418,7 +418,11 @@ class Item_Model_Core extends ORM_MPTT { // keep it around. $original = ORM::factory("item", $this->id); - // Preserve the extension of the data file. + // Preserve the extension of the data file. Many helpers, (e.g. ImageMagick), assume + // the MIME type from the extension. So when we adopt the new data file, it's important + // to adopt the new extension. That ensures that the item's extension is always + // appropriate for its data. We don't try to preserve the name of the data file, though, + // because the name is typically a temporary randomly-generated name. if (isset($this->data_file)) { $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; @@ -448,11 +452,19 @@ class Item_Model_Core extends ORM_MPTT { } if ($original->parent_id != $this->parent_id || $original->name != $this->name) { - // Move all of the items associated data files $this->_build_relative_caches(); + // If there is a data file, then we want to preserve both the old data and the new data. + // (Third-party event handlers would like access to both). The old data file will be + // accessible via the $original item, and the new one via $this item. But in that case, + // we don't want to rename the original as below, because the old data would end up being + // clobbered by the new data file. Also, the rename isn't necessary, because the new item + // data is coming from the data file anyway. So we only perform the rename if there isn't + // a data file. Another way to solve this would be to copy the original file rather than + // conditionally rename it, but a copy would cost far more than the rename. if (!isset($this->data_file)) { @rename($original->file_path(), $this->file_path()); } + // Move all of the items associated data files if ($this->is_album()) { @rename(dirname($original->resize_path()), dirname($this->resize_path())); @rename(dirname($original->thumb_path()), dirname($this->thumb_path())); @@ -804,7 +816,7 @@ class Item_Model_Core extends ORM_MPTT { if (($this->is_movie() || $this->is_photo()) && !preg_match("/^(" . implode("|", array_map("preg_quote", - extensions::get_upload_extensions())) . + legal_file::get_extensions())) . ")\$/i", $ext)) { $v->add_error("name", "illegal_data_file_extension"); } diff --git a/modules/gallery/tests/System_Helper_Test.php b/modules/gallery/tests/System_Helper_Test.php index 734f98ac..dfe5d9ab 100644 --- a/modules/gallery/tests/System_Helper_Test.php +++ b/modules/gallery/tests/System_Helper_Test.php @@ -18,10 +18,11 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class System_Helper_Test extends Gallery_Unit_Test_Case { - public function tempnam_random_test() { - $filename = system::tempnam(TMPPATH, "file", ".ext"); + public function temp_filename_random_test() { + $filename = system::temp_filename("file", "ext"); $this->assert_true(file_exists($filename), "File not created"); unlink($filename); + $this->assert_pattern($filename, "|/file.*\\.ext$|"); } public function tempnam_collision_test() { -- cgit v1.2.3 From 97c3ded2bae24fa18801c94548d1cfd97e19cf2a Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Wed, 18 May 2011 22:01:51 -0600 Subject: Better validation for uploaded files, especially where third-party modules might make a mistake. Squashed commit of the following: commit f2336a5aaa0eb797f252388ecd7b93a82f9646fd Author: Chad Parry Date: Wed May 18 21:56:10 2011 -0600 Behave reasonably if the image cannot be resized. commit e06b20738d0e0bdb80bae68b7fec2b3746192f6e Author: Chad Parry Date: Wed May 18 21:10:08 2011 -0600 Adding an image representing a broken thumbnail. This image was derived from the equivalent Gallery2 icon. It uses the same washed-out gray color scheme as the Gallery3 missing_movie icon. commit 4e3964527b66d8ccd76fb261d549cd9861a7a780 Author: Chad Parry Date: Wed May 18 20:30:28 2011 -0600 Initialize legal file arrays correctly. commit e9862d8fbc4d6fd06abf157f48dce671a7283993 Author: Chad Parry Date: Wed May 18 20:20:19 2011 -0600 Correction for the merge conflict markers I accidentally committed. commit 5e62d327a8dc477d3edea99826183548aca3e7f3 Author: Chad Parry Date: Wed May 18 20:17:36 2011 -0600 Expand the legal_file events to include separate photo and movie events, and to support MIME types. commit f0bfd1fef0b6d17da9a491f7c724ae53491926a2 Merge: 72f3fc4 db73413 Author: Chad Parry Date: Wed May 18 19:49:25 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto Conflicts: modules/gallery/helpers/system.php modules/gallery/tests/System_Helper_Test.php commit db734130c5fe10408040b2326b28b102f3131271 Author: Automatic Build Number Updater Date: Mon May 16 21:38:07 2011 -0700 Automated update of .build_number to 153 for branch master Last update: 9aeb824aa1d15bd94bd7cef0a322c4e8a667e67b (1 commits ago) commit 8549ba30ca5045211d2efcf8e1c4f98f8a1e9f25 Author: Chad Kieffer Date: Mon May 16 22:37:09 2011 -0600 Stop IE 9 album grid craziness. Thanks floridave. Fixes #1430. commit 9aeb824aa1d15bd94bd7cef0a322c4e8a667e67b Author: Automatic Build Number Updater Date: Sun May 8 11:43:38 2011 -0700 Automated update of .build_number to 152 for branch master Last update: 7c80e6ef84b460dcade80c4dd5a65b41b0523505 (1 commits ago) commit 57f7e42a128848d73ad2a7ac0bf9df2fee6ba8b8 Author: Bharat Mediratta Date: Sun May 8 11:42:40 2011 -0700 Add the item id to the print_proxy line so that we have a little more info about what the original was, and extend the timeout to 90 days from 10. Fixes #1733. commit 7c80e6ef84b460dcade80c4dd5a65b41b0523505 Author: Automatic Build Number Updater Date: Fri May 6 11:48:43 2011 -0700 Automated update of .build_number to 151 for branch master Last update: 5d09cbff048fc2f457c8b19adb2177a12445890a (1 commits ago) commit 80dda6f64fd26f373cc138a199652099accceb26 Merge: 5d09cbf 46da011 Author: Bharat Mediratta Date: Fri May 6 11:48:13 2011 -0700 Merge pull request #52 from chadparry/tempnam Fixes #1732 commit 5d09cbff048fc2f457c8b19adb2177a12445890a Author: Automatic Build Number Updater Date: Thu May 5 21:53:39 2011 -0700 Automated update of .build_number to 150 for branch master Last update: 011eaa6480cbee8d328a31c9ac5c8e0ddc1f8a84 (1 commits ago) commit d5a31ceedee5841531f57342266746bb62d7d923 Author: Tim Almdal Date: Thu May 5 21:53:10 2011 -0700 Fix for ticket 1275. Do the same checking as Kohana uses and don't worry about calling the utf8_encode routine. Corrected the error messages and also added a check to insure the XML Parser extension is loaded as we still need the utf8_encode function from it. commit 011eaa6480cbee8d328a31c9ac5c8e0ddc1f8a84 Author: Automatic Build Number Updater Date: Thu May 5 14:53:06 2011 -0700 Automated update of .build_number to 149 for branch master Last update: 05ecfda36b7acee7f8d36df8391ba960097178a8 (1 commits ago) commit 5bae21864f54a03b557ab349cf97ba5f1d4276dc Author: Bharat Mediratta Date: Thu May 5 14:52:47 2011 -0700 Follow-on to 6f916e49d5b431c2c1961a13d1a61fef8c02d628 -- don't make database calls if Gallery isn't installed, else we fail to bounce the user to the installer on fresh packages. #1637. commit 46da011bf69bbc4e45757feda8f0d28e91e7fb6a Author: Chad Parry Date: Wed May 4 17:51:00 2011 -0600 Remove a newline I accidentally introduced. commit 5c6c71ffcdea354b5b9b30aaea2c1f92c8860d42 Merge: d2331bf 05ecfda Author: Chad Parry Date: Wed May 4 17:49:42 2011 -0600 Merge branch 'master' into tempnam commit d2331bf43457a8d33491921f106879f087438171 Author: Chad Parry Date: Wed May 4 17:48:25 2011 -0600 Simplified the temp_filename implementation and removed the mocks. commit 72f3fc46f6c7c9043e730063051ecfd88bf314c8 Author: Chad Parry Date: Wed May 4 17:22:15 2011 -0600 Avoid "self::" because Kohana can't override it. commit 05ecfda36b7acee7f8d36df8391ba960097178a8 Author: Automatic Build Number Updater Date: Mon May 2 21:38:50 2011 -0700 Automated update of .build_number to 148 for branch master Last update: 97400b78153620262120868b37545170416413c9 (2 commits ago) commit 229bfc5c7c760c53d1357503fd61bf9a165acf6e Author: Bharat Mediratta Date: Mon May 2 21:37:04 2011 -0700 Track and redirect core.DownloadItem requests properly. This can happen if the G2 was imported with rewrite on, so the g2_url in the g2_map table has a shortened url, but then rewrite is disabled and the .htaccess mod_rewrite rules are sending over a &g2_view=core.DownloadItem request. Fixes #1728. commit 68370b92f5f6fa68744655f8c68b4b0ca59bf4fd Author: Bharat Mediratta Date: Mon May 2 21:36:17 2011 -0700 Map the G2 album highlight thumbnail derivative id to the G3 album's thumbnail. Fixes #1729. commit 13dbd3515bfb5324cfbcb3bbeafc179771b54f75 Merge: f0f094c 97400b7 Author: Chad Parry Date: Sat Apr 30 20:33:02 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit f0f094c3f79b09536f58083681c28f73271c506d Author: Chad Parry Date: Sat Apr 30 20:22:49 2011 -0600 Explain the conditional rename in item::save() with a comment. commit 1b3a6b85c156e4777d2aa8205b130984f55dc66d Author: Chad Parry Date: Sat Apr 30 18:29:34 2011 -0600 Improve the comment explaining why the data_file extension is important. commit c3e8c1e3b5e3cb1046acd4c923bb0ae9dbcd603a Author: Chad Parry Date: Sat Apr 30 18:12:56 2011 -0600 The data_file field is public, so we don't need to supply an accessor method. commit 0e844766baf3b3875cbb2d84579626e05e879420 Author: Chad Parry Date: Sat Apr 30 16:40:55 2011 -0600 Change the signature of system::tempnam to something more appropriate for Gallery. commit 5c9a3b3f39f6ff0d5c84c2cf283d27eaebe2e66e Author: Chad Parry Date: Sat Apr 23 21:19:47 2011 -0600 Create a tempnam substitute that safely creates files with a given extension. commit 2375a02e2cdbd1ccaf7dc4d3db9d85119972e3a9 Author: Chad Parry Date: Sat Apr 30 16:40:55 2011 -0600 Change the signature of system::tempnam to something more appropriate for Gallery. commit a8ca9dcf9edd54633c0c78b3af76aa974d38fc64 Author: Chad Parry Date: Sat Apr 30 16:10:06 2011 -0600 Change the name of the extensions helper to legal_file. commit 7e61a01a96f5eab7212dba754ac64fdfb4d9e8ab Author: Chad Parry Date: Sat Apr 30 16:08:49 2011 -0600 Change the name of the extensions helper to legal_file. commit 4c2b2ebd3f2052898fbfb175650ed4cf49c8006e Author: Chad Parry Date: Wed Apr 27 20:52:35 2011 -0600 Remove a newline at the end of the file that I accidentally introduced. commit 6d564f185e5279d6cca9a7385066514ff18a2455 Merge: 7ff485f 4060640 Author: Chad Parry Date: Wed Apr 27 20:35:58 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit 7ff485fa48c392bbbb0370f67cb1bd6fcc00c2a4 Author: Chad Parry Date: Wed Apr 27 20:29:06 2011 -0600 Move the extensions helpers out of the Kohana system directory and into their own Gallery Extensions class. commit 26585fed03236f0f70a75959e1d3002025f4e15e Merge: 809567f c8f90e8 Author: Chad Parry Date: Sun Apr 24 08:28:39 2011 -0600 Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto commit 809567f12850f59bdeb47a2963f6968b99b5a201 Author: Chad Parry Date: Sun Apr 24 08:10:04 2011 -0600 Expose the data file field. commit fcb06bf175bb9eeff36d9c294e97ace9374ef0f3 Author: Chad Parry Date: Sun Apr 24 00:45:12 2011 -0600 Don't assign to the item->name field if the name is unchanged, because the save method will crash. commit c6ef706d70c7e48bea1145eec1b13fb5683e023f Author: Chad Parry Date: Sat Apr 23 22:55:59 2011 -0600 Preserve old data files long enough for them to be available to event handlers. commit 0d6a3a3cfc4f38f450db9e18da47a5e2ad826af8 Author: Chad Parry Date: Sat Apr 23 21:19:47 2011 -0600 Create a tempnam substitute that safely creates files with a given extension. commit e149cf7238a1f8eaddfc68580f2d636dd8255795 Author: Chad Parry Date: Sat Apr 23 16:39:25 2011 -0600 Support data files that change their extension and MIME type. commit 6702104f571413e4d57db3515b2070c48d3e9b55 Author: Chad Parry Date: Sat Apr 23 16:35:00 2011 -0600 Resolve an infinite recursion that happens when the path caches are updated during saving. commit 944cb72eea946f4c45a04b7e4c7c33929fa8b9f3 Merge: 567522b 5af74d4 Author: Chad Parry Date: Fri Apr 22 14:10:42 2011 -0600 Merge remote branch 'origin/master' into rawphoto commit 567522bfa08c370bb5baf8454afc5b04bc9e49b4 Author: Chad Parry Date: Thu Apr 21 20:12:32 2011 -0600 Add an event for when a new graphics toolkit is chosen. commit 31ba081b793141ca36866a6dd349cd2eac5af68e Author: Chad Parry Date: Thu Apr 21 02:06:53 2011 -0600 Add an event that will collect all valid filename extensions. --- .build_number | 2 +- installer/installer.php | 10 +++++-- modules/digibug/controllers/digibug.php | 6 ++--- modules/g2_import/controllers/g2.php | 4 ++- modules/g2_import/helpers/g2_import.php | 7 ++++- modules/gallery/config/locale.php | 7 ++++- modules/gallery/helpers/graphics.php | 22 ++++++++++++--- modules/gallery/helpers/legal_file.php | 39 +++++++++++++++++++++++---- modules/gallery/helpers/system.php | 13 +++------ modules/gallery/images/missing_photo.png | Bin 0 -> 1570 bytes modules/gallery/models/item.php | 15 ++++++----- modules/gallery/tests/System_Helper_Test.php | 25 +---------------- themes/wind/js/ui.init.js | 2 +- 13 files changed, 93 insertions(+), 59 deletions(-) create mode 100644 modules/gallery/images/missing_photo.png (limited to 'modules/gallery/models') diff --git a/.build_number b/.build_number index 1bdd507d..190e1781 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=147 +build_number=153 diff --git a/installer/installer.php b/installer/installer.php index c23d918f..0bef57ae 100644 --- a/installer/installer.php +++ b/installer/installer.php @@ -191,8 +191,10 @@ class installer { $errors[] = "Gallery 3 requires a MySQL database, but PHP doesn't have either the MySQL or the MySQLi extension."; } - if (!@preg_match("/^.$/u", utf8_encode("\xF1"))) { - $errors[] = "PHP is missing Perl-Compatible Regular Expression support."; + if (!preg_match("/^.$/u", "ñ")) { + $errors[] = "PHP is missing Perl-Compatible Regular Expression with UTF-8 support."; + } else if (!preg_match("/^\pL$/u", "ñ")) { + $errors[] = "PHP is missing Perl-Compatible Regular Expression with Unicode support."; } if (!(function_exists("spl_autoload_register"))) { @@ -211,6 +213,10 @@ class installer { $errors[] = "PHP is missing the iconv extension"; } + if (!(extension_loaded("xml"))) { + $errors[] = "PHP is missing the XML Parser extension"; + } + if (!(extension_loaded("simplexml"))) { $errors[] = "PHP is missing the SimpleXML extension"; } diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 4acb6513..672afe57 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -33,8 +33,8 @@ class Digibug_Controller extends Controller { $proxy->uuid = random::hash(); $proxy->item_id = $item->id; $proxy->save(); - $full_url = url::abs_site("digibug/print_proxy/full/$proxy->uuid"); - $thumb_url = url::abs_site("digibug/print_proxy/thumb/$proxy->uuid"); + $full_url = url::abs_site("digibug/print_proxy/full/$proxy->uuid/$item->id"); + $thumb_url = url::abs_site("digibug/print_proxy/thumb/$proxy->uuid/$item->id"); } $v = new View("digibug_form.html"); @@ -114,7 +114,7 @@ class Digibug_Controller extends Controller { private function _clean_expired() { db::build() ->delete("digibug_proxies") - ->where("request_date", "<=", db::expr("(CURDATE() - INTERVAL 10 DAY)")) + ->where("request_date", "<=", db::expr("(CURDATE() - INTERVAL 90 DAY)")) ->limit(20) ->execute(); } diff --git a/modules/g2_import/controllers/g2.php b/modules/g2_import/controllers/g2.php index 6e60bed0..90984e84 100644 --- a/modules/g2_import/controllers/g2.php +++ b/modules/g2_import/controllers/g2.php @@ -41,7 +41,9 @@ class G2_Controller extends Controller { // (bbcode, embedding) people are using the id style URLs although URL rewriting is enabled. $where = array(array("g2_id", "=", $id)); $view = $input->get("g2_view"); - if ($view) { + if ($view == "core.DownloadItem") { + $where[] = array("resource_type", "IN", array("file", "resize", "thumbnail", "full")); + } else if ($view) { $where[] = array("g2_url", "like", "%g2_view=$view%"); } // else: Assuming that the first search hit is sufficiently good. } else if ($path) { diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index 3606c7ef..c79a8d36 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -560,7 +560,7 @@ class g2_import_Core { $table = g2(GalleryCoreApi::fetchThumbnailsByItemIds(array($g2_album_id))); if (isset($table[$g2_album_id])) { // Backtrack the source id to an item - $g2_source = $table[$g2_album_id]; + $orig_g2_source = $g2_source = $table[$g2_album_id]; while (GalleryUtilities::isA($g2_source, "GalleryDerivative")) { $g2_source = g2(GalleryCoreApi::loadEntitiesById($g2_source->getDerivativeSourceId())); } @@ -584,6 +584,11 @@ class g2_import_Core { array("name" => $g3_album->name)), $e); } + + self::set_map( + $orig_g2_source->getId(), $g3_album->id, + "thumbnail", + self::g2_url(array("view" => "core.DownloadItem", "itemId" => $orig_g2_source->getId()))); } } } diff --git a/modules/gallery/config/locale.php b/modules/gallery/config/locale.php index 13de9098..bce7fb49 100644 --- a/modules/gallery/config/locale.php +++ b/modules/gallery/config/locale.php @@ -32,7 +32,12 @@ $config['language'] = array('en_US', 'English_United States'); * Locale timezone. Set in 'Advanced' settings, falling back to the server's zone. * @see http://php.net/timezones */ -$config['timezone'] = module::get_var("gallery", "timezone", date_default_timezone_get()); +if (file_exists(VARPATH . "database.php")) { + $config['timezone'] = module::get_var("gallery", "timezone", date_default_timezone_get()); +} else { + // Gallery3 is not installed yet -- don't make module::get_var() calls. + $config['timezone'] = date_default_timezone_get(); +} // i18n settings diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index acb11bfb..3b9769de 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -170,23 +170,37 @@ class graphics_Core { foreach (self::_get_rules($target) as $rule) { $args = array($working_file, $output_file, unserialize($rule->args), $item); - call_user_func_array($rule->operation, $args); - $working_file = $output_file; + try { + call_user_func_array($rule->operation, $args); + $working_file = $output_file; + } catch (Exception $e) { + // Ignore this filter and move on. + Kohana_Log::add("error", "Caught exception filtering image: {$item->title}\n" . + $e->getMessage() . "\n" . $e->getTraceAsString()); + } } } if (!empty($ops["thumb"])) { + if (file_exists($item->thumb_path())) { + $item->thumb_dirty = 0; + } else { + copy(MODPATH . "gallery/images/missing_photo.png", $item->thumb_path()); + } $dims = getimagesize($item->thumb_path()); $item->thumb_width = $dims[0]; $item->thumb_height = $dims[1]; - $item->thumb_dirty = 0; } if (!empty($ops["resize"])) { + if (file_exists($item->resize_path())) { + $item->resize_dirty = 0; + } else { + copy(MODPATH . "gallery/images/missing_photo.png", $item->resize_path()); + } $dims = getimagesize($item->resize_path()); $item->resize_width = $dims[0]; $item->resize_height = $dims[1]; - $item->resize_dirty = 0; } $item->save(); } catch (Exception $e) { diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index 2cb0fb25..0d3e9728 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -18,22 +18,51 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class legal_file_Core { - static function get_extensions() { + static function get_photo_extensions() { // Create a default list of allowed extensions and then let modules modify it. $extensions_wrapper = new stdClass(); $extensions_wrapper->extensions = array("gif", "jpg", "jpeg", "png"); + module::event("legal_photo_extensions", $extensions_wrapper); + return $extensions_wrapper->extensions; + } + + static function get_movie_extensions() { + // Create a default list of allowed extensions and then let modules modify it. + $extensions_wrapper = new stdClass(); + $extensions_wrapper->extensions = array("flv", "mp4", "m4v"); + module::event("legal_movie_extensions", $extensions_wrapper); + return $extensions_wrapper->extensions; + } + + static function get_extensions() { + $extensions = legal_file::get_photo_extensions(); if (movie::find_ffmpeg()) { - array_push($extensions_wrapper->extensions, "flv", "mp4", "m4v"); + $extensions = array_merge($extensions, legal_file::get_movie_extensions()); } - module::event("legal_file_extensions", $extensions_wrapper); - return $extensions_wrapper->extensions; + return $extensions; } static function get_filters() { $filters = array(); - foreach (self::get_extensions() as $extension) { + foreach (legal_file::get_extensions() as $extension) { array_push($filters, "*." . $extension, "*." . strtoupper($extension)); } return $filters; } + + static function get_photo_types() { + // Create a default list of allowed types and then let modules modify it. + $types_wrapper = new stdClass(); + $types_wrapper->types = array("image/jpeg", "image/gif", "image/png"); + module::event("legal_photo_types", $types_wrapper); + return $types_wrapper->types; + } + + static function get_movie_types() { + // Create a default list of allowed types and then let modules modify it. + $types_wrapper = new stdClass(); + $types_wrapper->types = array("video/flv", "video/x-flv", "video/mp4"); + module::event("legal_movie_types", $types_wrapper); + return $types_wrapper->types; + } } diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php index 9815d588..4110b4ed 100644 --- a/modules/gallery/helpers/system.php +++ b/modules/gallery/helpers/system.php @@ -47,20 +47,13 @@ class system_Core { * It allows the caller to specify a prefix and an extension. * It always places the file in TMPPATH. */ - static function temp_filename($prefix = "", $extension = "") { - return self::_tempnam(TMPPATH, $prefix, ".$extension", "tempnam"); - } - - /** - * This helper provides a dependency-injected implementation of tempnam. - */ - static function _tempnam($dir, $prefix, $postfix, $builtin) { + static function temp_filename($prefix="", $extension="") { do { - $basename = call_user_func($builtin, $dir, $prefix); + $basename = tempnam(TMPPATH, $prefix); if (!$basename) { return false; } - $filename = $basename . $postfix; + $filename = "$basename.$extension"; $success = !file_exists($filename) && @rename($basename, $filename); if (!$success) { @unlink($basename); diff --git a/modules/gallery/images/missing_photo.png b/modules/gallery/images/missing_photo.png new file mode 100644 index 00000000..67786275 Binary files /dev/null and b/modules/gallery/images/missing_photo.png differ diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 6eb93cfa..4a0c8e38 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -813,10 +813,13 @@ class Item_Model_Core extends ORM_MPTT { return; } - if (($this->is_movie() || $this->is_photo()) && + if ($this->is_photo() && !preg_match("/^(" . - implode("|", array_map("preg_quote", - legal_file::get_extensions())) . + implode("|", array_map("preg_quote", legal_file::get_photo_extensions())) . + ")\$/i", $ext) || + $this->is_movie() && + !preg_match("/^(" . + implode("|", array_map("preg_quote", legal_file::get_movie_extensions())) . ")\$/i", $ext)) { $v->add_error("name", "illegal_data_file_extension"); } @@ -896,9 +899,9 @@ class Item_Model_Core extends ORM_MPTT { switch($field) { case "mime_type": if ($this->is_movie()) { - $legal_values = array("video/flv", "video/x-flv", "video/mp4"); - } if ($this->is_photo()) { - $legal_values = array("image/jpeg", "image/gif", "image/png", "image/tiff"); + $legal_values = legal_file::get_movie_types(); + } else if ($this->is_photo()) { + $legal_values = legal_file::get_photo_types(); } break; diff --git a/modules/gallery/tests/System_Helper_Test.php b/modules/gallery/tests/System_Helper_Test.php index dfe5d9ab..3d56c516 100644 --- a/modules/gallery/tests/System_Helper_Test.php +++ b/modules/gallery/tests/System_Helper_Test.php @@ -18,33 +18,10 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class System_Helper_Test extends Gallery_Unit_Test_Case { - public function temp_filename_random_test() { + public function temp_filename_test() { $filename = system::temp_filename("file", "ext"); $this->assert_true(file_exists($filename), "File not created"); unlink($filename); $this->assert_pattern($filename, "|/file.*\\.ext$|"); } - - public function tempnam_collision_test() { - require_once('Mock_Built_In.php'); - $existing = TMPPATH . "/file1.ext"; - $available = TMPPATH . "/file2.ext"; - touch($existing); - $filename = system::_tempnam(TMPPATH, "file", ".ext", - array(new Mock_Built_In("1", "2"), "_tempnam")); - unlink($existing); - $this->assert_true(file_exists($filename), "File not created"); - unlink($filename); - $this->assert_equal($available, $filename, "Incorrect filename created"); - } - - public function tempnam_abort_test() { - require_once('Mock_Built_In.php'); - $filename = system::_tempnam(TMPPATH, "file", ".ext", - array(new Mock_Built_In(), "_tempnam")); - if ($filename) { - @unlink($filename); - } - $this->assert_false($filename, "Operation not aborted"); - } } diff --git a/themes/wind/js/ui.init.js b/themes/wind/js/ui.init.js index 2c67bf3a..3ee3e32e 100644 --- a/themes/wind/js/ui.init.js +++ b/themes/wind/js/ui.init.js @@ -82,7 +82,7 @@ $(document).ready(function() { } else { var sib_height = $(this).prev().height(); } - if ($.browser.msie && $.browser.version >= 8) { + if ($.browser.msie && $.browser.version <= 8) { sib_height = sib_height + 1; } $(this).css("height", sib_height); -- cgit v1.2.3 From 1807e10a56be504b11900f3ffe3cfb28b7bca5ed Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Wed, 18 May 2011 22:05:40 -0600 Subject: Merging some changes from rawphoto --- modules/gallery/helpers/extensions.php | 39 ---------------------------------- modules/gallery/models/item.php | 9 -------- 2 files changed, 48 deletions(-) delete mode 100644 modules/gallery/helpers/extensions.php (limited to 'modules/gallery/models') diff --git a/modules/gallery/helpers/extensions.php b/modules/gallery/helpers/extensions.php deleted file mode 100644 index bccbfc41..00000000 --- a/modules/gallery/helpers/extensions.php +++ /dev/null @@ -1,39 +0,0 @@ -extensions = array("gif", "jpg", "jpeg", "png"); - if (movie::find_ffmpeg()) { - array_push($extensions_wrapper->extensions, "flv", "mp4", "m4v"); - } - module::event("upload_extensions", $extensions_wrapper); - return $extensions_wrapper->extensions; - } - - static function get_upload_filters() { - $filters = array(); - foreach (self::get_upload_extensions() as $extension) { - array_push($filters, "*." . $extension, "*." . strtoupper($extension)); - } - return $filters; - } -} diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 4a0c8e38..1dd9b00b 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -127,15 +127,6 @@ class Item_Model_Core extends ORM_MPTT { return $this; } - /** - * Get the path to the data file associated with this item. - * This data file field is only set until you call save(). - * After that, you can get the path using get_file_path(). - */ - public function get_data_file() { - return $this->data_file; - } - /** * Return the server-relative url to this item, eg: * /gallery3/index.php/BobsWedding?page=2 -- cgit v1.2.3 From 44b624f6fbc34cbc638afa1c2a1f6cb0ae154a03 Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Thu, 21 Jul 2011 00:11:52 -0600 Subject: Squashed commit of the following: commit 41d379c2b777ae7b3a11f528971228e234f8976f Author: Chad Parry Date: Thu Jul 21 00:10:10 2011 -0600 Replace an overly-complicated regular expression with a simple in_array, at Bharat's suggestion. commit 1b3f7111d4c2607baaa2da0aab3b501f2d9a1426 Merge: 8f7904a 403f64b Author: Chad Parry Date: Wed Jul 20 21:02:56 2011 -0600 Merge branch 'master' into rawphoto commit 403f64bf2a91fe3ac2496a0a6a6180ece26afd82 Author: Automatic Build Number Updater Date: Tue Jul 12 21:44:14 2011 -0700 Automated update of .build_number to 163 for branch master Last update: e8382b960a3c19bb28140833e348e6c9c9db8a8a (1 commits ago) commit 51726f9e4b8372c40b27f843fca7b783e6db9623 Author: Tim Almdal Date: Tue Jul 12 21:44:40 2011 -0700 Fix for ticket #1752. Add an RSS field link for the current album. Or, in the case of a photo or movie, add a link to the rss field of the parent album. commit e8382b960a3c19bb28140833e348e6c9c9db8a8a Author: Automatic Build Number Updater Date: Mon Jun 27 22:27:04 2011 -0700 Automated update of .build_number to 162 for branch master Last update: 40cda7fa3fa8d9ede1f24bfa8460aab1ac681c34 (1 commits ago) commit 1afbcafe0e556ac571a5282f8b481fb90f5fb05a Merge: 40cda7f fc6c139 Author: Bharat Mediratta Date: Mon Jun 27 22:26:41 2011 -0700 Merge pull request #56 from alindeman/alindeman/1758 [Fixes #1758] Link to themes codex page instead of modules codex page commit 40cda7fa3fa8d9ede1f24bfa8460aab1ac681c34 Author: Automatic Build Number Updater Date: Mon Jun 27 22:25:54 2011 -0700 Automated update of .build_number to 161 for branch master Last update: 771de0a3746ac0d780cb5dce2a14aa5a6ddf06d7 (1 commits ago) commit aa08df7f0a839c95d268853cd745f622c98cadd0 Merge: 771de0a 784c429 Author: Bharat Mediratta Date: Mon Jun 27 22:25:46 2011 -0700 Merge pull request #55 from alindeman/alindeman/1757 [Fixes #1757] Redirect to root album if path comes in as main.php or index.php commit fc6c1390d3d5f3d99d75b04acf208ae3729c11ce Author: Andy Lindeman Date: Mon Jun 27 08:25:50 2011 -0400 [Fixes #1758] Link to themes codex page instead of modules codex page commit 784c429070db54e183feb3e0ea6f2726b6507081 Author: Andy Lindeman Date: Mon Jun 27 07:24:37 2011 -0400 [Fixes #1757] Redirect to root album if path comes in as main.php or index.php commit 8f7904ab62c71a7e4ee68762f936030b4dcb4ea1 Merge: e950573 771de0a Author: Chad Parry Date: Sat Jun 25 14:12:39 2011 -0600 Merge branches 'master' and 'rawphoto' into rawphoto commit e95057337996351e49915d9f85d007d50103a4be Author: Chad Parry Date: Wed Jun 15 20:24:18 2011 -0600 Merge branches 'rawphoto-squash' and 'rawphoto' into rawphoto --- .build_number | 2 +- modules/g2_import/controllers/g2.php | 2 +- modules/gallery/helpers/gallery_rss.php | 8 ++++++++ modules/gallery/models/item.php | 8 ++------ modules/gallery/views/admin_themes.html.php | 4 ++-- 5 files changed, 14 insertions(+), 10 deletions(-) (limited to 'modules/gallery/models') diff --git a/.build_number b/.build_number index e627526e..a10819e7 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=160 +build_number=163 diff --git a/modules/g2_import/controllers/g2.php b/modules/g2_import/controllers/g2.php index 90984e84..1252014f 100644 --- a/modules/g2_import/controllers/g2.php +++ b/modules/g2_import/controllers/g2.php @@ -34,7 +34,7 @@ class G2_Controller extends Controller { $path = $input->get("path"); $id = $input->get("g2_itemId"); - if ($path || $id) { + if (($path && $path != 'index.php' && $path != 'main.php') || $id) { if ($id) { // Requests by id are either core.DownloadItem or core.ShowItem requests. Later versions of // Gallery 2 don't specify g2_view if it's the default (core.ShowItem). And in some cases diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php index 612872e6..9af67118 100644 --- a/modules/gallery/helpers/gallery_rss.php +++ b/modules/gallery/helpers/gallery_rss.php @@ -21,6 +21,14 @@ class gallery_rss_Core { static function available_feeds($item, $tag) { $feeds["gallery/latest"] = t("Latest photos and movies"); + + if ($item) { + $feed_item = $item -> is_album() ? $item : $item->parent(); + + $feeds["gallery/album/{$feed_item->id}"] = + t("%title photos and movies", array("title" => $feed_item->title)); + } + return $feeds; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 1dd9b00b..cccb7074 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -805,13 +805,9 @@ class Item_Model_Core extends ORM_MPTT { } if ($this->is_photo() && - !preg_match("/^(" . - implode("|", array_map("preg_quote", legal_file::get_photo_extensions())) . - ")\$/i", $ext) || + !in_array(strtolower($ext), array_map("strtolower", legal_file::get_photo_extensions())) || $this->is_movie() && - !preg_match("/^(" . - implode("|", array_map("preg_quote", legal_file::get_movie_extensions())) . - ")\$/i", $ext)) { + !in_array(strtolower($ext), array_map("strtolower", legal_file::get_movie_extensions()))) { $v->add_error("name", "illegal_data_file_extension"); } } diff --git a/modules/gallery/views/admin_themes.html.php b/modules/gallery/views/admin_themes.html.php index 7d947b28..9d53779f 100644 --- a/modules/gallery/views/admin_themes.html.php +++ b/modules/gallery/views/admin_themes.html.php @@ -48,7 +48,7 @@

- Download one now!", array("url" => "http://codex.gallery2.org/Category:Gallery_3:Modules")) ?> + Download one now!", array("url" => "http://codex.gallery2.org/Category:Gallery_3:Themes")) ?>

@@ -88,7 +88,7 @@

- Download one now!", array("url" => "http://codex.gallery2.org/Category:Gallery_3:Modules")) ?> + Download one now!", array("url" => "http://codex.gallery2.org/Category:Gallery_3:Themes")) ?>

-- cgit v1.2.3 From 0672c8f83f068c546454bacefac123b5acb508cc Mon Sep 17 00:00:00 2001 From: Chad Parry Date: Thu, 21 Jul 2011 01:12:26 -0600 Subject: Polishing the rawphoto changes, including adding some tests. Squashed commit of the following: commit 945316a8c220b12adb687c896bcc5e86f99f46a4 Author: Chad Parry Date: Thu Jul 21 01:11:13 2011 -0600 Add a test for the sunny-day scenario where a rule changes a data file's MIME type. commit 4ee1ee000c8f4d8ebaae66f637bc71080486fd73 Author: Chad Parry Date: Thu Jul 21 00:49:47 2011 -0600 Ensure that a third-party cannot swap out a legitimate photo with an unsafe file type. commit 7dd0105bfc59c150e5640e693778f51bbaa44eab Author: Chad Parry Date: Thu Jul 21 00:48:19 2011 -0600 Update the MIME type and other meta-data when a new data file is provided. commit 5a8844c7947b21cf658f22cc61f20ffa9e8f07f2 Author: Chad Parry Date: Thu Jul 21 00:30:01 2011 -0600 Remove a unit test that no longer applies. Replacement data files are allowed to have different MIME types. commit 0de9c6283ce4f5773cad8e92b6785d6a1f7b5e46 Author: Chad Parry Date: Thu Jul 21 00:27:45 2011 -0600 If one rule fails, then abort processing, rather than trying to proceed to subsequent rules. commit 41d379c2b777ae7b3a11f528971228e234f8976f Author: Chad Parry Date: Thu Jul 21 00:10:10 2011 -0600 Replace an overly-complicated regular expression with a simple in_array, at Bharat's suggestion. commit 1b3f7111d4c2607baaa2da0aab3b501f2d9a1426 Merge: 8f7904a 403f64b Author: Chad Parry Date: Wed Jul 20 21:02:56 2011 -0600 Merge branch 'master' into rawphoto commit 8f7904ab62c71a7e4ee68762f936030b4dcb4ea1 Merge: e950573 771de0a Author: Chad Parry Date: Sat Jun 25 14:12:39 2011 -0600 Merge branches 'master' and 'rawphoto' into rawphoto commit e95057337996351e49915d9f85d007d50103a4be Author: Chad Parry Date: Wed Jun 15 20:24:18 2011 -0600 Merge branches 'rawphoto-squash' and 'rawphoto' into rawphoto --- modules/gallery/helpers/graphics.php | 10 ++-------- modules/gallery/models/item.php | 7 +++++++ modules/gallery/tests/Item_Model_Test.php | 23 +++++++++++++++++++++-- 3 files changed, 30 insertions(+), 10 deletions(-) (limited to 'modules/gallery/models') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 39c87fbd..3548faa1 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -170,14 +170,8 @@ class graphics_Core { foreach (self::_get_rules($target) as $rule) { $args = array($working_file, $output_file, unserialize($rule->args), $item); - try { - call_user_func_array($rule->operation, $args); - $working_file = $output_file; - } catch (Exception $e) { - // Ignore this rule and move on. - Kohana_Log::add("error", "Caught exception processing image: {$item->title}\n" . - $e->getMessage() . "\n" . $e->getTraceAsString()); - } + call_user_func_array($rule->operation, $args); + $working_file = $output_file; } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index cccb7074..93e97af6 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -420,6 +420,13 @@ class Item_Model_Core extends ORM_MPTT { if (!empty($extension) && strcmp($this->name, $new_name)) { $this->name = $new_name; } + if ($this->is_photo()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + photo::get_file_metadata($this->data_file); + } else if ($this->is_movie()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + movie::get_file_metadata($this->data_file); + } } if (array_intersect($this->changed, array("parent_id", "name", "slug"))) { diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 968d7510..19ab8ec4 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -394,15 +394,34 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_equal(20337, filesize($photo->file_path())); } - public function replacement_data_file_must_be_same_mime_type_test() { + public function replace_data_file_type_test() { // Random photo is modules/gallery/tests/test.jpg $photo = test::random_photo(); + $this->assert_equal(1024, $photo->width); + $this->assert_equal(768, $photo->height); + $this->assert_equal(6232, filesize($photo->file_path())); + $this->assert_equal("image/jpeg", $photo->mime_type); + $orig_name = $photo->name; + + // Random photo is gallery/images/graphicsmagick.png is 104x76 and 1486 bytes $photo->set_data_file(MODPATH . "gallery/images/graphicsmagick.png"); + $photo->save(); + + $this->assert_equal(104, $photo->width); + $this->assert_equal(76, $photo->height); + $this->assert_equal(1486, filesize($photo->file_path())); + $this->assert_equal("image/png", $photo->mime_type); + $this->assert_equal("png", pathinfo($photo->name, PATHINFO_EXTENSION)); + $this->assert_equal(pathinfo($orig_name, PATHINFO_FILENAME), pathinfo($photo->name, PATHINFO_FILENAME)); + } + public function unsafe_data_file_replacement_test() { try { + $photo = test::random_photo(); + $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "cant_change_mime_type"), $e->validation->errors()); + $this->assert_same(array("mime_type" => "invalid"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); -- cgit v1.2.3